Miroslav Stampar
fd9acfd7d2
fix
2011-09-26 13:36:08 +00:00
Miroslav Stampar
b3b4459c72
minor fix
2011-09-26 13:01:43 +00:00
Miroslav Stampar
34738129c9
minor update
2011-09-25 21:27:58 +00:00
Miroslav Stampar
7e80274fac
refactoring
2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1
switching to SQLite resume support (on error and union techniques this moment)
2011-09-25 20:36:32 +00:00
Miroslav Stampar
ba5eff1de6
minor bug fix
2011-09-23 18:29:45 +00:00
Miroslav Stampar
d95ff4350d
bug fix
2011-09-20 13:08:35 +00:00
Miroslav Stampar
4a3580d10b
minor fix
2011-09-19 19:08:08 +00:00
Bernardo Damele
f890b29f81
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
2011-09-12 17:26:22 +00:00
Miroslav Stampar
4fb6dab1a2
minor bug fix
2011-09-12 14:15:57 +00:00
Miroslav Stampar
1bdde51d0e
minor just in case update
2011-09-11 16:41:07 +00:00
Miroslav Stampar
02f993583b
minor bug fix
2011-09-09 11:36:09 +00:00
Miroslav Stampar
2f4e34f5a0
minor improvement for URI injections
2011-09-08 11:13:12 +00:00
Miroslav Stampar
d434047482
minor bug fix
2011-09-05 09:28:40 +00:00
Miroslav Stampar
08e0eb9b61
minor lower/upper case fix
2011-08-29 13:47:32 +00:00
Miroslav Stampar
9be89422da
implemented parameter --skip
2011-08-29 13:29:42 +00:00
Miroslav Stampar
e0f521cf9d
minor update regarding --randomize
2011-08-29 13:08:25 +00:00
Miroslav Stampar
ac00014c4a
implemented --randomize switch by request
2011-08-29 12:50:52 +00:00
Miroslav Stampar
8fe069b495
minor fix
2011-08-23 21:48:39 +00:00
Miroslav Stampar
01014eca17
by request
2011-08-23 21:45:01 +00:00
Miroslav Stampar
cfc1f2b70b
minor update
2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
2011-08-22 21:43:46 +00:00
Miroslav Stampar
8a174248dc
fix for a bug reported by blueBoy
2011-08-20 20:08:11 +00:00
Miroslav Stampar
cb32d46f2a
minor minor update
2011-08-18 06:09:12 +00:00
Miroslav Stampar
54bcc35ba7
important bug fix (connection exception was causing losing of already retrieved data)
2011-08-17 22:31:33 +00:00
Miroslav Stampar
9d31322f3d
update regarding special case when conf.uChar appears only in testable pages
2011-08-17 21:40:42 +00:00
Miroslav Stampar
75ec146224
minor beautification
2011-08-17 21:17:02 +00:00
Miroslav Stampar
f46baac70b
bug fix (when comment is None this was errornous)
2011-08-17 10:58:29 +00:00
Bernardo Damele
9361e633f4
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
2011-08-16 09:21:01 +00:00
Miroslav Stampar
e1dbb4443b
minor update related to the last commit
2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
2011-08-16 06:50:20 +00:00
Miroslav Stampar
600ef3eace
minor patch
2011-08-16 06:22:04 +00:00
Miroslav Stampar
262996fc5b
bug fix
2011-08-16 06:14:40 +00:00
Miroslav Stampar
df4abf1af1
lowering constant value from 10 to 7 for da peace in da houz
2011-08-12 17:19:19 +00:00
Bernardo Damele
702ed73a65
Added --code switch to match in boolean-based tests against the HTTP response code
2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33
Search for --string and --regexp matches also in HTTP response headers
2011-08-12 15:33:37 +00:00
Bernardo Damele
5e5133b8e7
Should be fixed now
2011-08-12 15:00:11 +00:00
Bernardo Damele
1505cb2a80
typo
2011-08-12 14:51:39 +00:00
Bernardo Damele
702ca22d54
Minor bug fix for URI injections
2011-08-12 14:48:44 +00:00
Bernardo Damele
28bba9f5e6
More verbose warning message
2011-08-12 13:47:38 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Bernardo Damele
36280b33fa
Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site
2011-08-12 13:06:40 +00:00
Miroslav Stampar
41ae9bc7ff
minor bug fix
2011-08-09 14:20:25 +00:00
Miroslav Stampar
2ad267132a
minor update for empty normal responses (like AJAX requests)
2011-08-05 10:55:21 +00:00
Miroslav Stampar
e849b71027
minor typo
2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
2011-08-03 13:26:38 +00:00
Miroslav Stampar
f7562da754
from now on proper union column count should be displayed in injection info output
2011-08-03 10:34:50 +00:00
Miroslav Stampar
9423d15fb3
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
2011-08-03 09:08:16 +00:00
Miroslav Stampar
07afcd5440
fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)
2011-08-02 18:20:21 +00:00
Miroslav Stampar
07c3d4fb18
minor adjustment
2011-08-02 17:35:43 +00:00
Miroslav Stampar
edab7d01a5
minor fix
2011-08-02 17:31:13 +00:00
Bernardo Damele
c15439ab7f
Minor improvement to --passwords output
2011-08-02 09:04:34 +00:00
Miroslav Stampar
cb0981d858
proper way of handling 0 length results (as in __goInferenceProxy)
2011-08-02 08:39:32 +00:00
Miroslav Stampar
0643ced651
minor update
2011-08-02 08:12:43 +00:00
Miroslav Stampar
457f501bbd
proper fix
2011-08-01 23:48:38 +00:00
Bernardo Damele
cbd0ea0866
Possible fix for a minor bug
2011-08-01 23:24:39 +00:00
Miroslav Stampar
018d7ed646
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
2011-07-31 23:40:09 +00:00
Miroslav Stampar
0627bb02cb
minor beautification
2011-07-31 10:21:47 +00:00
Miroslav Stampar
93ae1dfa2b
minor bug fix
2011-07-31 08:52:48 +00:00
Miroslav Stampar
68ae8ea5b2
minor refactoring
2011-07-29 10:54:25 +00:00
Miroslav Stampar
e522263640
fix for a neverending data retrieval in large full inband cases
2011-07-29 10:45:09 +00:00
Miroslav Stampar
3fc603843e
minor fix
2011-07-27 23:26:36 +00:00
Miroslav Stampar
107089c00b
bug fix
2011-07-27 08:25:51 +00:00
Miroslav Stampar
f7eaffcec5
i believe that this could be ok
2011-07-26 21:28:48 +00:00
Bernardo Damele
a2483b3bc4
Aligned OS takeover functionalities to recent Metasploit improvements
2011-07-26 10:29:14 +00:00
Bernardo Damele
938716e361
Proper fix for --start and --stop consistency amongst different techniques
2011-07-26 10:06:28 +00:00
Bernardo Damele
e71f96afe7
Reverted dumb "fix"
2011-07-26 09:42:09 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784
minor optimization and refactoring
2011-07-25 20:17:44 +00:00
Bernardo Damele
0a7a648694
Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind)
2011-07-25 11:15:18 +00:00
Bernardo Damele
6cbb927012
Partial fix for -o not resumed at following runs if missing from command line
2011-07-25 11:05:49 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa
doing proper big table support for partial union too
2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554
minor speedup
2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d
minor update (prior to some changes regarding large content retrieval)
2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af
refactoring. nothing special changed
2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2
minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)
2011-07-21 10:06:52 +00:00
Miroslav Stampar
7881ded60d
quick fix (this other library was doing problems)
2011-07-20 22:20:16 +00:00
Bernardo Damele
d6b52242c7
Meterpreter's sniffer extension freezes 64-bit systems
...
Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so.
There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.
2011-07-20 13:50:02 +00:00
Miroslav Stampar
9d996c07fb
another quick fix
2011-07-20 13:00:34 +00:00
Miroslav Stampar
fad77dd078
fix for a ImportError bug reported by g@brindi.si
2011-07-20 12:18:36 +00:00
Miroslav Stampar
9cf33ec997
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7
bug fix
2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8
more optimization
2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718
optimization of reflective removal mechanism
2011-07-12 22:28:19 +00:00
Bernardo Damele
cda25cda2f
Cosmetics
2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b
quick fixes, more work to do
2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e
minor revert (it's illegal to use append for updating one array with another array)
2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33
Minor bug fix
2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81
Minor bug fix
2011-07-12 15:30:40 +00:00
Miroslav Stampar
a46b5230f5
minor "patch"
2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6
disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator
2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53
possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com
2011-07-11 11:40:27 +00:00
Miroslav Stampar
f5e45bf113
quick fix for a bug reported by jovon.itwaru@gmail.com
2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808
minor minor update
2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db
adding new switch '--smart' by request
2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72
quick fix
2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229
More verbose critical message
2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20
more general approach
2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430
cosmetics (in debug mode [0] is used)
2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9
minor update
2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc
quick fix
2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44
few fixes and minor cosmetics
2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a
Major bug fix in UNION detection, it was a leftover
2011-07-07 00:06:20 +00:00
Bernardo Damele
fcd4e94c04
Higher chances to detect UNION query SQL injection against Microsoft Access
2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
2011-07-06 21:04:45 +00:00
Bernardo Damele
0d28c1e9e7
cosmetics
2011-07-06 20:41:13 +00:00
Bernardo Damele
6f6038b534
Quick fix (revert..)
2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1
bulk of fixes
2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14
cosmetics
2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e
massive (like really massive) dictionary support
2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7
update with a feature request (file with list of wordlist files)
2011-06-30 08:42:43 +00:00
Miroslav Stampar
9e453e8709
fix for a bug reported by nightman@email.de
2011-06-29 17:49:59 +00:00
Miroslav Stampar
be9b8bca78
bug fix
2011-06-29 17:39:58 +00:00
Bernardo Damele
9eb683531d
Minor improvement at blind SQL inj technique for DB2
2011-06-27 22:28:12 +00:00
Miroslav Stampar
75524c283d
minor update
2011-06-27 21:59:31 +00:00
Miroslav Stampar
4be55c811f
minor update
2011-06-27 21:48:26 +00:00
Miroslav Stampar
831f083223
minor update
2011-06-27 21:38:12 +00:00
Miroslav Stampar
5b4eaf48d9
minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")
2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b
minor update (that default quit in --batch was bothering me - my original idea and it was bad :)
2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91
minor update (all misc options are alphabetically ordered)
2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Miroslav Stampar
e00cf81f7e
minor update
2011-06-24 19:50:13 +00:00
Miroslav Stampar
e9286ddd5b
fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position
...
47: ordinal not in range(128))
2011-06-24 19:24:11 +00:00
Miroslav Stampar
c4cb367e65
looks nicer (though --tor is implicitly converted into --proxy)
2011-06-24 19:00:53 +00:00
Miroslav Stampar
aa83fe5c66
minor update
2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c
minor beautification
2011-06-24 17:46:54 +00:00
Miroslav Stampar
2de88bd90b
minor update
2011-06-24 17:19:24 +00:00
Miroslav Stampar
96190cf594
minor update
2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09
Got rid of useless TAB completion in --sql-shell
2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf
Got rid of useless imports
2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3
Minor adjustment to avoid function and variables with same name
2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f
changing to: --crawl=CRAWLDEPTH
2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f
cleanest fix this moment (conf.dbms will for sure deal problems later in any form)
2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2
minor fix
2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71
probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)
2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e
minor update
2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da
thread safe logging+stdout (no more overlapping of log messages and raw output)
2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37
update
2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513
replacing xmlobject logic with our own
2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Miroslav Stampar
e76cb19e35
minor patch
2011-06-22 09:11:12 +00:00
Miroslav Stampar
b16b92fe46
minor update
2011-06-21 20:59:34 +00:00
Miroslav Stampar
2220afbdf5
fix by request
2011-06-21 20:50:16 +00:00
Miroslav Stampar
9e232256f4
reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic)
2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9
--stop is inclusive ("Last query output entry to retrieve")
2011-06-21 18:08:33 +00:00
Miroslav Stampar
dfc02d8c3c
sorry Bernardo, i hope your mobile is turned off :)))
2011-06-20 22:47:24 +00:00
Miroslav Stampar
2a4a284a29
crawler fix (skip binary files)
2011-06-20 22:41:38 +00:00
Miroslav Stampar
20bb1a685b
really minor update
2011-06-20 21:57:53 +00:00
Miroslav Stampar
812cd2f19b
minor update
2011-06-20 21:47:03 +00:00
Miroslav Stampar
e8ac7414f2
bug fix
2011-06-20 21:36:15 +00:00
Miroslav Stampar
d6062e8fc9
minor fix for crawler and far less message overlaps in future
2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0
minor update
2011-06-20 14:27:24 +00:00
Miroslav Stampar
17fac6f67f
minor update
2011-06-20 13:53:39 +00:00
Miroslav Stampar
29314f425e
minor fix
2011-06-20 13:42:31 +00:00
Miroslav Stampar
f09340fc89
minor update
2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b
added support for --scope in --crawl mode
2011-06-20 12:37:51 +00:00
Miroslav Stampar
42746cc706
bug fix
2011-06-20 12:18:46 +00:00
Miroslav Stampar
67fab9f2e2
putting this to info messages (user needs to know at this place why is it waiting)
2011-06-20 12:17:19 +00:00
Miroslav Stampar
b1426b5131
bug fix
2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350
minor update
2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943
adding Beautifulsoup (BSD) into extras; adding --crawl to options
2011-06-20 11:32:30 +00:00
Miroslav Stampar
8c04aa871a
english typo
2011-06-20 11:00:23 +00:00
Miroslav Stampar
bdb530da1f
minor update
2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636
made changes by buawig request (504 is treated as a classical timeout)
2011-06-19 09:57:41 +00:00
Miroslav Stampar
83af83da9e
minor beautification (WordsSet is considered as a bad english)
2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997
Use getPageTextWordsSet() also in --common-columns
2011-06-18 12:30:26 +00:00
Bernardo Damele
6b2f44de14
Minor layout adjustment
2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919
Layout adjustments
2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4
added by request
2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602
minor fix for --smoke-test
2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2
layout
2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece
better
2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0
"Please consider to provide" is a bad English
2011-06-18 09:46:22 +00:00
Miroslav Stampar
1440c9f2d4
minor update
2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371
better language
2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef
minor update/better language
2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb
update
2011-06-17 22:04:25 +00:00
Miroslav Stampar
0c9fa5c550
fix
2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1
minor update
2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3
minor fix by request
2011-06-17 16:58:50 +00:00
Miroslav Stampar
a0129dcbcb
this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)
2011-06-17 16:52:39 +00:00
Miroslav Stampar
f3ee2c09fb
cleaner fix
2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f
fix for DNS leakage
2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259
little stabilization of multi threading
2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e
some fixes
2011-06-16 14:27:44 +00:00
Miroslav Stampar
6b1d5a0ab8
minor fix
2011-06-16 14:11:30 +00:00
Miroslav Stampar
530c296519
minor fix
2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5
some fixes
2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a
minor update regarding mnemonics (again)
2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564
minor update regarding mnemonics
2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3
minor fixes and minor updates
2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4
new file containing default settings
2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad
cleaning up a bit for a configuration mess
2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0
Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes
2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6
fix for a bug reported by rdsears@mtu.edu (ignored config file items)
2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f
minor update
2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb
introducing mnemonics
2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908
minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)
2011-06-14 19:38:35 +00:00
Miroslav Stampar
a4328e914b
minor update
2011-06-14 19:29:42 +00:00
Miroslav Stampar
1e17c0d4a1
switching to debug mode for missing dependencies
2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03
typo fix
2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b
Added --dependences to show which sqlmap dependences are not available
2011-06-13 18:44:02 +00:00
Miroslav Stampar
0990f16f7f
minor update for invalid cases like 'iso-8859-1 (western europe)'
2011-06-12 08:36:21 +00:00
Miroslav Stampar
2da56ea507
fix of a language bug
2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f
minor update
2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00
Miroslav Stampar
15d72ec566
minor improvement for special cases with --string/--regexp
2011-06-10 23:05:47 +00:00
Miroslav Stampar
8fac4605a9
minor fix for None results
2011-06-10 22:28:15 +00:00
Miroslav Stampar
71093b1cad
adding one more user friendly message
2011-06-09 09:58:42 +00:00
Miroslav Stampar
fae089646b
minor fix
2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b
minor fix
2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd
revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content)
2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d
revert of the last commit. have to think about it
2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2
minor update
2011-06-09 06:14:35 +00:00
Bernardo Damele
d217cf71b2
Minor bug fix
2011-06-08 23:32:44 +00:00
Bernardo Damele
6aade8e6fc
grammar fix, again
2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784
Grammar fix
2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36
Rephrase
2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace
Cosmetics
2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909
Cosmetics
2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3
This was missing
2011-06-08 15:30:59 +00:00
Miroslav Stampar
d8155dfae9
change by request
2011-06-08 14:44:11 +00:00
Miroslav Stampar
6387d98ab0
quick fix
2011-06-08 14:42:48 +00:00
Bernardo Damele
0d3e8a76d8
Cosmetics and a missing param
2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
cd6ceb733e
Adjustment and refactoring for takeover via web backdoor
2011-06-08 14:16:53 +00:00
Bernardo Damele
cce3208b35
Cleanup
2011-06-08 14:15:34 +00:00
Bernardo Damele
7da3d8dbd1
minor layout adjustment
2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3
added switch --cookie-del by request
2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e
asking and skipping to the next google result page if no usable links found
2011-06-07 23:24:17 +00:00
Miroslav Stampar
1c633b7351
i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified
2011-06-07 22:14:18 +00:00
Miroslav Stampar
75c12c5edb
fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)
2011-06-07 21:46:49 +00:00
Miroslav Stampar
e7e23d1b79
fix for a Ctrl+C bug reported by nightman@email.de
2011-06-07 17:16:01 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68
minor update
2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23
more refactoring
2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c
refactoring and stabilization of multithreading
2011-06-07 09:50:00 +00:00
Miroslav Stampar
5f7858455d
fix for a bug reported by l0rda@l0rda.biz
2011-06-07 05:57:21 +00:00
Miroslav Stampar
03c3f83893
minor fix
2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3
fix for a bug reported by aboynes@gmail.com
2011-06-06 08:50:48 +00:00
Miroslav Stampar
97d8c60c3f
better language
2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322
more info to the user
2011-06-03 15:43:50 +00:00
Miroslav Stampar
8c80413c52
well, important fix for blind based cases (especially OR ones)
2011-06-03 15:29:22 +00:00
Miroslav Stampar
f27181c628
minor improvement for blind based injections with reflected values
2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94
minor update
2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58
minor usability update
2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869
fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com
2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23
minor fix
2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0
proper fix related to the last commit
2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779
bug fix (until this moment we had UNION unfunctional for MSSQL)
2011-06-01 22:47:54 +00:00
Miroslav Stampar
fc96764f80
minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None)
2011-06-01 22:06:06 +00:00
Miroslav Stampar
091c174bc4
better language
2011-06-01 08:30:06 +00:00
Miroslav Stampar
63145236b9
minor fix
2011-05-31 21:53:29 +00:00
Miroslav Stampar
42100e0e5b
big bug fix
2011-05-30 23:15:29 +00:00
Miroslav Stampar
9600556dae
better language
2011-05-30 23:04:49 +00:00
Miroslav Stampar
b7088440c2
better sentence
2011-05-30 22:47:17 +00:00
Miroslav Stampar
3c12799ff0
minor improvement
2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
2011-05-30 20:18:30 +00:00
Miroslav Stampar
b79dae6e95
minor update
2011-05-30 14:49:03 +00:00
Miroslav Stampar
20988e58ed
warp 5 mr spock :)
2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9
speed up of 2 times for partial union technique
2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5
minor update
2011-05-30 08:33:01 +00:00
Miroslav Stampar
d5ede6afb4
fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range)
2011-05-30 06:38:44 +00:00
Miroslav Stampar
23d7820de7
minor update
2011-05-29 23:56:41 +00:00
Miroslav Stampar
6fd8602f01
minor update
2011-05-29 23:33:34 +00:00
Miroslav Stampar
86455ceb9c
implementation of multithreading for UNION and ERROR techniques
2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d
typo update
2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e
adding legal disclaimer as latest situation (these days news headlines) seems out of control
2011-05-28 18:54:14 +00:00
Miroslav Stampar
a5a70f0895
minor update
2011-05-28 18:21:03 +00:00
Miroslav Stampar
ecbeecdccf
minor refactoring
2011-05-28 18:11:56 +00:00
Miroslav Stampar
eb9b84d1da
type correction
2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a
update regarding mysql function resolution and versionedkeywords
2011-05-28 17:34:43 +00:00
Miroslav Stampar
95dea1fbf9
sharp tuning UNION tests even more
2011-05-28 08:06:19 +00:00
Miroslav Stampar
c11ea35d53
adding some user input for "refreshing" cases (like redirect ones)
2011-05-27 22:42:23 +00:00
Miroslav Stampar
cf69809c3c
minor update
2011-05-27 16:26:00 +00:00
Miroslav Stampar
8227298057
user friendliness uber 9000
2011-05-27 08:30:52 +00:00
Miroslav Stampar
a8b58afdb2
minor update
2011-05-27 08:21:02 +00:00
Miroslav Stampar
48f52d7697
minor beautification
2011-05-27 08:16:14 +00:00
Miroslav Stampar
61b960f65f
minor update related to the last one
2011-05-26 22:05:10 +00:00
Miroslav Stampar
45caadbd4a
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
2011-05-26 21:54:19 +00:00
Miroslav Stampar
97bd5355dd
minor update
2011-05-26 21:18:55 +00:00
Miroslav Stampar
5d56e89cf5
minor update
2011-05-26 21:08:46 +00:00
Miroslav Stampar
06108b6da6
minor update related to the last commit
2011-05-26 20:58:24 +00:00
Miroslav Stampar
4f46a5ab63
minor usability enhancement regarding warning for --text-only switch
2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24
minor cleanup of the leftover
2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82
minor update
2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
2011-05-26 14:30:05 +00:00
Miroslav Stampar
4f2c999146
fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)
2011-05-26 13:47:20 +00:00
Miroslav Stampar
f3ed61af5f
bug fix when using inference and kb.pageEncoding is None (like in binary cases)
2011-05-25 21:12:12 +00:00
Miroslav Stampar
5369657cd5
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
2011-05-25 20:54:30 +00:00
Miroslav Stampar
a1fd2898a0
added friendly tip message for url encoding GET and POST payloads
2011-05-25 11:10:52 +00:00
Miroslav Stampar
0e480a9921
adding SYS to the ORACLE_SYSTEM_DBS
2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75
minor beautification
2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b
making it easier for totally dummy users
2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671
helping dummy users
2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c
serving everything for the users
2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca
minor just in case patch
2011-05-24 15:07:37 +00:00
Miroslav Stampar
0072c3af8e
fix for a bug reported by aboynes@gmail.com (for elt in self.a)
2011-05-24 15:03:21 +00:00
Miroslav Stampar
f774d8fea0
proper Tor settings (reverted r3915 and implemented it the right way)
2011-05-24 11:06:58 +00:00
Miroslav Stampar
915c206e3d
minor fix for socks proxy issues
2011-05-24 09:47:10 +00:00
Miroslav Stampar
ad25bcc2be
better way for dealing with relative paths
2011-05-24 05:26:51 +00:00
Miroslav Stampar
a536bf210f
improved redirection mechanism
2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121
this was causing that --suffix trouble
2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c
minor fix for retrieving stuff like "SELECT * FROM testdb..users"
2011-05-23 19:45:40 +00:00
Miroslav Stampar
2b12b18357
incorporating metasploit patch from oliver.kuckertz@mologie.de
2011-05-23 15:27:10 +00:00
Miroslav Stampar
4542d4535f
minor beautification
2011-05-23 14:28:05 +00:00
Miroslav Stampar
31b48ec11c
removing space left
2011-05-23 14:18:33 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
868fbe370b
minor beautification
2011-05-23 10:39:58 +00:00
Miroslav Stampar
fb23beef6f
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
2011-05-22 19:14:36 +00:00
Miroslav Stampar
4fdb6ac9b9
adding useful info
2011-05-22 15:30:19 +00:00
Miroslav Stampar
48c20a62ac
minor nag fix
2011-05-22 15:08:55 +00:00
Miroslav Stampar
40971aca94
fixing nasty bug caused by retrying counter
2011-05-22 10:59:56 +00:00
Miroslav Stampar
712e238f33
another minor fix
2011-05-22 10:29:25 +00:00
Miroslav Stampar
2795aeff34
minor fix
2011-05-22 10:27:45 +00:00
Miroslav Stampar
806e898694
no more CRITICAL drop outs in test mode - lots of reports were related to this
2011-05-22 10:21:49 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
27f0e73cc9
refactoring of 'target' flag in connect.py
2011-05-22 07:46:09 +00:00
Miroslav Stampar
a58aaf2e1a
better format for results file (easier for sorting when lots of files)
2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Miroslav Stampar
db72428765
minor update
2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7
added --cookie for maskSensitiveData too
2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4
minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)
2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710
minor refactoring
2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97
added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com
2011-05-17 22:55:22 +00:00
Miroslav Stampar
dfe81cc66f
minor yielding
2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9
minor refactoring
2011-05-16 20:09:12 +00:00
Miroslav Stampar
ba1df457ab
fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com
2011-05-16 19:26:58 +00:00
Miroslav Stampar
6ba9dea640
just in case for trimmed output
2011-05-16 06:17:37 +00:00
Miroslav Stampar
d2221e4604
fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...)
2011-05-16 00:23:50 +00:00
Miroslav Stampar
faa74cd2bc
introducing results file for multiple target mode
2011-05-15 22:21:38 +00:00
Miroslav Stampar
90e84c9a6d
removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end
2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1
minor improvement
2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b
fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)
2011-05-14 19:57:28 +00:00
Miroslav Stampar
053c245114
few minor fixes
2011-05-13 09:56:12 +00:00
Miroslav Stampar
a7d7be5ce0
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
2011-05-13 01:01:53 +00:00
Miroslav Stampar
f11d5c91e3
minor update so that only one DNS request per scan is being done (before this commit there were two)
2011-05-12 14:32:39 +00:00
Miroslav Stampar
70688fb8b5
minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)
2011-05-12 12:00:17 +00:00
Miroslav Stampar
c64eb38a8b
same thing as for the last commit, but for error technique this time
2011-05-12 11:52:18 +00:00
Miroslav Stampar
84a7e5ffb9
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
2011-05-12 11:36:02 +00:00
Miroslav Stampar
0b2da2f9f5
minor beautification for --tor switch
2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554
i was probably very tired or very stupid to do this
2011-05-11 13:13:46 +00:00
Miroslav Stampar
2ab9e30f7a
bug fix
2011-05-11 12:54:33 +00:00
Miroslav Stampar
53065ee1fb
adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)
2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9
added -m switch for bulk loading multiple targets
2011-05-11 08:46:40 +00:00
Miroslav Stampar
120b0d756e
unfix
2011-05-10 21:33:06 +00:00
Miroslav Stampar
6b66fce72c
minor fix
2011-05-10 20:52:43 +00:00
Miroslav Stampar
192c685bc8
changing conf attribute to a more proper name
2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7
minor refactoring
2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb
layout
2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a
fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)
2011-05-10 13:28:07 +00:00
Miroslav Stampar
1dea609019
fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)
2011-05-10 12:51:37 +00:00
Miroslav Stampar
a64407d9db
minor bug fix for multithreading and lots of connection retries
2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
2011-05-10 12:32:07 +00:00
Miroslav Stampar
ec4d9178f8
minor update related to the previous commit
2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c
minor update
2011-05-08 06:17:43 +00:00
Bernardo Damele
9955483052
Major improvement for --dump.
...
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
8179fd63c0
Minor fix
2011-05-07 23:48:03 +00:00
Bernardo Damele
6653907700
forgot in last commit
2011-05-07 21:13:56 +00:00
Bernardo Damele
1151af52bb
More fix for save/resume of --technique
2011-05-07 21:08:14 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968
removing blank lines and adding newline at the end of files
2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Bernardo Damele
2d8408c885
More fix for --technique resume
2011-05-05 16:38:46 +00:00
Bernardo Damele
e96a533a04
Bug fix to resume of --technique
2011-05-05 15:18:33 +00:00
Miroslav Stampar
b324b99f6e
minor update of warning message
2011-05-04 10:41:08 +00:00
Miroslav Stampar
83fac3f6d9
fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase)
2011-05-03 21:12:51 +00:00
Miroslav Stampar
e6f010734e
minor fix for cases when the retrieved output is safe encoded (like for --os-shell)
2011-05-03 16:14:03 +00:00
Miroslav Stampar
4d4e3802e4
decoding of chars for --os-shell
2011-05-03 15:31:12 +00:00
Bernardo Damele
c58dc4a6d8
isDbmsWithin() must stay like this, no getIdentifiedDbms() in there
2011-05-03 14:13:45 +00:00
Miroslav Stampar
742b0ef76e
major improvement of ERROR data retrieval on MSSQL
2011-05-03 13:25:20 +00:00
Miroslav Stampar
2a7838928e
minor fancier --replicate update
2011-05-03 11:48:04 +00:00
Miroslav Stampar
b202d73b46
bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)
2011-05-03 11:09:30 +00:00
Miroslav Stampar
1840b0e43b
fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)
2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Bernardo Damele
6cff3e97f4
cosmetics
2011-05-02 21:48:08 +00:00
Miroslav Stampar
06498796b9
minor cosmetics
2011-05-02 20:51:53 +00:00
Miroslav Stampar
5e9620198c
fix for a privately reported bug ("AttributeError: item is disabled")
2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895
better fix for the previous commit
2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f
minor update to not confuse users when using -o
2011-05-02 13:24:35 +00:00
Miroslav Stampar
f8c3086d15
minor minor update
2011-05-02 12:37:54 +00:00
Miroslav Stampar
098f53d57a
patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1')
2011-05-02 12:34:35 +00:00
Bernardo Damele
ac2550535c
Proper fix for --technique=U bug
2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93
fix for a major bug reported by k1971@live.co.uk (1..9 99..)
2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334
proper way to deal with generic cases
2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7
fix for a --technique=U
2011-05-01 07:37:22 +00:00
Miroslav Stampar
41fc9f9d54
fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2')
2011-04-30 22:41:54 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf
proper fix
2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5
Minor adjustment to --mobile.
...
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Bernardo Damele
a23ca952e4
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
2011-04-29 21:09:07 +00:00
Miroslav Stampar
46f96f3c4c
removing Kindle from list as it's not really a smartphone
2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9
implemented --mobile switch
2011-04-29 19:27:23 +00:00
Miroslav Stampar
b299912de4
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8
fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)
2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
441c288dd9
cosmeticados
2011-04-25 00:36:09 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d
huge speed up (4x times faster)
2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e
speed up of resume values (compiled regexes used)
2011-04-22 19:27:41 +00:00
Miroslav Stampar
7b3b9e6a87
it seems that this was indeed not meant to be here
2011-04-22 15:07:09 +00:00
Miroslav Stampar
304500a2e8
implemented checkFalsePositives method (simple Turing like tests)
2011-04-22 12:24:16 +00:00
Bernardo Damele
f3088079c0
error message adjustment
2011-04-21 22:31:02 +00:00
Bernardo Damele
eabb5a2ba7
More adjustments to the error message when no sql injections are detected
2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60
updated doc and minor layout adjustments
2011-04-21 21:53:35 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Bernardo Damele
770b1523ff
More verbose output when no SQL injections are detected
2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00
Bernardo Damele
d2f102f5a1
cosmetics
2011-04-21 20:21:37 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
930872cf3b
fix
2011-04-21 14:20:09 +00:00
Bernardo Damele
a313df4d37
Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file
2011-04-21 14:05:37 +00:00
Bernardo Damele
fbe5ba5394
cosmetics
2011-04-21 10:54:12 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Bernardo Damele
8d8fc2bbd8
cosmetics
2011-04-21 10:17:41 +00:00
Bernardo Damele
11ecd16099
cosmetics
2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05
removing funny remark
2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440
layout
2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad
added a comment
2011-04-21 10:01:58 +00:00
Miroslav Stampar
c84c4d835f
minor update
2011-04-21 09:31:35 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
3607f03a9e
fix of a minor typo
2011-04-20 12:42:35 +00:00
Miroslav Stampar
1286cc0913
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
2011-04-20 12:41:58 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
4fadcf0615
improvement for UNION/ERROR case
2011-04-20 10:17:42 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c
one more minor update regarding last commit
2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
52c98afe93
minor fix
2011-04-20 08:38:46 +00:00
Miroslav Stampar
24435a2c20
implemented "break a tie" request by Andres Riancho
2011-04-20 08:35:47 +00:00
Miroslav Stampar
df0331fe9b
some more refactoring
2011-04-19 23:04:10 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864
dealing with http://bugs.python.org/issue1602
2011-04-19 22:33:03 +00:00
Miroslav Stampar
9a9838f1e6
cleaning a mess with UPX and virus scanners
2011-04-19 21:57:04 +00:00
Miroslav Stampar
44bbef42f8
minor cosmetics
2011-04-19 20:23:08 +00:00
Miroslav Stampar
b7efa255d6
minor update of usage string
2011-04-19 20:14:56 +00:00
Miroslav Stampar
fc90974940
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029
removing a leftover
2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a
automatic increasing of time delay on lagging connections
2011-04-19 14:28:51 +00:00
Miroslav Stampar
13f8c001a7
minor update
2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
9b0db33cc5
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
2011-04-19 08:55:38 +00:00
Miroslav Stampar
a7c26366b4
doing that auto default value for --time-sec only for --tor
2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3
cleaner solution for the problem solved with last commit
2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6
little hack for --time-sec
2011-04-18 14:46:18 +00:00
Miroslav Stampar
6463cad8c5
minor update for SOAP payloads
2011-04-18 14:29:52 +00:00
Miroslav Stampar
da9ec67869
removing leftover
2011-04-18 13:43:22 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Miroslav Stampar
b5aef9bcf9
fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')
2011-04-18 10:16:38 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a
minor cosmetics
2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553
minor update for matching SOAP messages
2011-04-17 22:21:32 +00:00
Miroslav Stampar
4fa00121e4
that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one
2011-04-17 21:58:34 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb
minor update
2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac
well, this could be important :)
2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
5e70eac98c
fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes
2011-04-16 06:44:29 +00:00
Miroslav Stampar
88c76147e1
removed few trailing whitespace lines
2011-04-15 20:52:08 +00:00
Miroslav Stampar
3b6f9945ae
minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)
2011-04-15 14:15:29 +00:00
Miroslav Stampar
c461fdca54
some refactoring
2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3
removed debug message that could cause confusion
2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959
improved htmlunescape (great for localized html escape codes)
2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb
minor fixes and refactoring regarding safecharencoding
2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7
speed of --replicate is now vastly improved
2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638
minor fix
2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7
More cookies to ignore
2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e
minor refactoring
2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573
minor update related to the last commit
2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8
minor fix
2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe
one more commit related to the issue with displaying of garbled characters
2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9
update regarding safe character output together with a small fix for newlines
2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a
minor update
2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f
better beep for MacOSX
2011-04-13 18:32:47 +00:00
Miroslav Stampar
bf55b0b77a
more restrictions on crypt(3) hash recognition to prevent false positives
2011-04-13 14:40:23 +00:00
Miroslav Stampar
d06ae9cd47
implemented retrieved items info for partial union too
2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc
minor cosmetics for partial inband retrieval
2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be
just in case update to prevent gibberish "retrieved: " outputs
2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56
fix for a "accept certificate first time for svn"
2011-04-12 14:25:17 +00:00
Miroslav Stampar
a883ce26b5
fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')
2011-04-12 13:25:28 +00:00
Miroslav Stampar
0ae74f27e4
avoiding annoying "payload 'None' possibly..." in case where payload is not specified
2011-04-11 15:24:52 +00:00
Miroslav Stampar
941daa1645
just in case to prevent "object of type 'NoneType' has no len()" error reports
2011-04-11 11:59:02 +00:00
Miroslav Stampar
2db2e9b6a2
now GET forms are also prone to "do you want to fill with random values"
2011-04-11 11:38:41 +00:00
Miroslav Stampar
08d14886fd
added new dev version string
2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e
cutting for 0.9 stable
2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e
lowering the value
2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac
Minor bug fix
2011-04-10 22:44:08 +00:00
Miroslav Stampar
6012ab1c46
better one for previous commit
2011-04-10 21:52:08 +00:00
Miroslav Stampar
e6c50df4f9
preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)
2011-04-10 21:38:08 +00:00
Miroslav Stampar
940c225d7c
few fixes
2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844
Removed unused code
2011-04-10 20:39:15 +00:00
Miroslav Stampar
decab6642d
fix for that @chunk bug
2011-04-10 16:46:33 +00:00
Miroslav Stampar
723a7447b2
minor refactoring
2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
2011-04-09 22:39:03 +00:00
Miroslav Stampar
277f16d6b3
removing commented out debug print
2011-04-08 22:44:05 +00:00
Miroslav Stampar
c4c40308c6
no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)
2011-04-08 22:42:07 +00:00
Miroslav Stampar
83feb097ef
greater flexibility for --batch when default is None
2011-04-08 22:29:50 +00:00
Miroslav Stampar
6fa2fd139c
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
2011-04-08 15:17:57 +00:00
Bernardo Damele
beb98140b3
Minor improvement to --check-payload
2011-04-08 14:34:00 +00:00
Miroslav Stampar
228cc68747
fix for those ugly DEBUG messages in brute mode
2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656
cosmeticados ;)
2011-04-08 10:39:07 +00:00
Miroslav Stampar
be11e2535e
one more minor update
2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9
minor update regarding the last commit
2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d
higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])
2011-04-07 23:32:07 +00:00
Miroslav Stampar
b288e5ef57
implemented DNS caching mechanism
2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa
minor code restyling
2011-04-07 13:27:29 +00:00
Miroslav Stampar
e33a48d40f
minor refactoring
2011-04-07 12:54:30 +00:00
Bernardo Damele
c6b9d89d31
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
2011-04-07 11:10:35 +00:00
Bernardo Damele
9e8c933333
cosmetics
2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5
removed integers from --technique
2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be
minor update
2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f
minor refactoring
2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367
Minor layout adjustments
2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c
Refactoring to --technique
2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
2011-04-06 14:41:44 +00:00
Bernardo Damele
8b14a9eaa7
Minor code adjustments
2011-04-06 14:40:45 +00:00
Miroslav Stampar
a379463213
cosmeticado
2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b
minor fix (it was quite ... to have this check at the later stage)
2011-04-06 08:39:24 +00:00
Miroslav Stampar
fdef6726cf
minor update
2011-04-06 08:30:50 +00:00
Bernardo Damele
d436ba2da5
Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value
2011-04-06 08:19:56 +00:00
Bernardo Damele
81034140c0
Reduced number of threads to 3 when -o is provided
2011-04-06 08:15:20 +00:00
Miroslav Stampar
265fa52600
minor code cosmetics
2011-04-04 18:24:16 +00:00
Miroslav Stampar
018b6b9430
fix for a charset encoding reported by Kirill
2011-04-04 18:20:09 +00:00
Miroslav Stampar
2c01fc56e6
minor update regarding misusage of --proxy and --ignore-proxy switches
2011-04-04 09:19:43 +00:00
Miroslav Stampar
e957c4400c
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
2011-04-04 08:04:47 +00:00
Miroslav Stampar
305115a68b
important improvement of data handling (POST data and header values)
2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0
minor update related to the last commit
2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be
minor update regarding --current-db on Oracle
2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a
Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)
2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346
minor update related to the problem with request files reported by jorge_a_santos@hotmail.com
2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878
another minor update related to previous commit
2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f
speed optimization
2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8
minor update (ip addresses will not be confused any more for crypt_generic hashes)
2011-03-31 16:56:26 +00:00
Miroslav Stampar
557ed7d665
minor fix for a invalid charset reported by Kirill
2011-03-31 14:39:01 +00:00
Bernardo Damele
fed57282fc
Added one more warning message to show what's going on with ctrl+c
2011-03-31 14:26:14 +00:00
Bernardo Damele
3948cd9e77
Minor layout adjustments
2011-03-31 14:13:53 +00:00
Miroslav Stampar
c5de903eab
minor improvement ("quick defense against substr fields")
2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff
quick fix
2011-03-31 08:43:17 +00:00
Miroslav Stampar
0916117447
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
2011-03-30 18:32:10 +00:00
Miroslav Stampar
dd01d66f13
proper update regarding last commit
2011-03-29 22:10:08 +00:00
Miroslav Stampar
850328df6c
minor cosmetics
2011-03-29 22:03:48 +00:00
Miroslav Stampar
b6af80bab3
refactoring, cleanup and improvement
2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1
minor refactoring
2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
2011-03-29 20:45:21 +00:00
Miroslav Stampar
9f707febf5
minor update
2011-03-29 15:43:17 +00:00
Miroslav Stampar
d0861a00e2
minor improvement
2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc
minor refactoring and comment update
2011-03-29 12:08:07 +00:00
Miroslav Stampar
1821a008af
Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once
2011-03-29 12:00:29 +00:00
Miroslav Stampar
5560196648
minor fix
2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809
Bernardo will kill me (added --wizard for total beginners)
2011-03-29 11:42:55 +00:00
Miroslav Stampar
4d78eac938
revert of that thingy as requested by Bernardo
2011-03-29 10:06:35 +00:00
Miroslav Stampar
a9f5d828c6
minor fix avoiding problems with hashing strange characters in usernames
2011-03-29 07:50:07 +00:00
Miroslav Stampar
e8debbe724
minor cosmetics and one minor fix (|= is a nono with None)
2011-03-29 06:38:19 +00:00
Miroslav Stampar
86f93713d3
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
2011-03-29 06:25:17 +00:00
Miroslav Stampar
a2d5358b08
minor fix
2011-03-28 23:40:46 +00:00
Miroslav Stampar
9e900ccbac
minor comment update
2011-03-28 23:12:04 +00:00
Miroslav Stampar
a61e287d23
making updates for dummy Windows users
2011-03-28 23:09:19 +00:00
Miroslav Stampar
bf0e3c4662
improvement for --forms with empty fields
2011-03-28 22:48:00 +00:00
Miroslav Stampar
1823c116bb
minor update for special cases of union testing results
2011-03-28 21:45:38 +00:00
Miroslav Stampar
ae53ad4c30
making an update for special case of timed out response
2011-03-28 21:05:04 +00:00
Miroslav Stampar
1e22ff45de
minor update regarding testing of GET parameters if --data and/or --forms is used
2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263
little info message
2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e
fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')
2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d
minor update
2011-03-27 07:58:15 +00:00
Miroslav Stampar
dba32306b0
minor update
2011-03-26 22:03:46 +00:00
Miroslav Stampar
d8f7c4bc4c
minor update regarding support for crypt(3)
2011-03-26 21:41:37 +00:00
Miroslav Stampar
4f00b9fa4b
minor fix
2011-03-26 21:10:31 +00:00
Miroslav Stampar
afe2be6a9f
implementation of Standard DES hashing (crypt)
2011-03-26 20:46:25 +00:00
Miroslav Stampar
1119a85f39
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
2011-03-25 21:31:26 +00:00
Miroslav Stampar
6c6133e8aa
revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)
2011-03-25 20:46:37 +00:00
Miroslav Stampar
737b4abf13
this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)
2011-03-25 20:30:15 +00:00
Miroslav Stampar
422967fbcd
just an minor update related to the last commit
2011-03-25 12:21:53 +00:00
Miroslav Stampar
c5b6d377fb
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495
fix for partial inband queries on MSSQL
2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8
minor update regarding --live-test
2011-03-25 09:03:08 +00:00
Miroslav Stampar
ea52d7acad
minor revisit of inference
2011-03-24 20:10:40 +00:00
Miroslav Stampar
1f1c4c0e61
better update related to the last commit
2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad
minor update
2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf
another fix related to the bug reported by Alone Shell
2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138
adding possibility to run only one live test (e.g. --run-case=8)
2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2
basic live tests against 3 major DBMSes
2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e
introduction of --fresh-queries
2011-03-24 10:08:47 +00:00
Miroslav Stampar
762397854e
fix for a bug reported by Kirill (unknown charset '8859-1')
2011-03-24 09:27:19 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9
implementing a --page-rank switch as requested by l0rda@l0rda.biz
2011-03-23 11:57:57 +00:00
Miroslav Stampar
0f7bce5c66
fixing a huge mess going on because of counting on error and union techniques
2011-03-23 11:36:40 +00:00
Miroslav Stampar
5a1aaecf16
minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')
2011-03-22 13:07:37 +00:00
Miroslav Stampar
7613134515
it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)
2011-03-22 12:37:05 +00:00
Miroslav Stampar
9479a68eb5
minor fix regarding last commit
2011-03-22 12:21:56 +00:00
Miroslav Stampar
c24ed6e622
minor fix related to a bug reported by warninggp@gmail.com
2011-03-22 09:22:48 +00:00
Miroslav Stampar
cbfb10cbd1
fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)
2011-03-21 16:43:46 +00:00
Miroslav Stampar
b5c9ccb755
Oracle XML based error payload has problems with char $ as with space
2011-03-21 13:13:12 +00:00
Miroslav Stampar
1abcd507b8
hidding --group-concat switch
2011-03-21 12:13:21 +00:00
Bernardo Damele
19e2ed9803
Layout fix
2011-03-21 00:40:25 +00:00
Miroslav Stampar
3ca5cddca7
massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)
2011-03-20 23:54:56 +00:00
Miroslav Stampar
9b1f2d82d0
minor update (that .strip() was a leftover)
2011-03-20 23:20:47 +00:00
Miroslav Stampar
db992a0a86
mssql likes to htmlescape error reports
2011-03-20 23:16:34 +00:00
Miroslav Stampar
088c815567
minor update (exposing --tor switch)
2011-03-19 18:28:51 +00:00
Miroslav Stampar
2cc91b8470
minor fix
2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb
minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)
2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9
little stabilization regarding POST url(de/en)coding
2011-03-19 16:53:14 +00:00
Miroslav Stampar
0fcd999e51
fix for a bug reported by malice
2011-03-18 16:52:46 +00:00
Miroslav Stampar
58e9a074d3
masking some more command line arguments
2011-03-18 16:47:18 +00:00
Miroslav Stampar
36233fac42
update regarding a feature request from andyroyalbattle@yahoo.it
2011-03-18 16:35:30 +00:00
Miroslav Stampar
00b9d85ffc
fix regarding bug report from andyroyalbattle@yahoo.it
2011-03-18 16:26:39 +00:00
Miroslav Stampar
4e300baaf2
minor cosmetics
2011-03-18 14:09:18 +00:00
Miroslav Stampar
3628887110
los cosmeticados
2011-03-18 14:08:36 +00:00
Miroslav Stampar
75c0e09f43
little refactoring
2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599
minor fix and some refactoring
2011-03-18 00:24:02 +00:00
Bernardo Damele
9526f0c4c2
Minor layout adjustments
2011-03-17 12:35:40 +00:00
Bernardo Damele
03fac62592
Minor code restyle
2011-03-17 12:34:29 +00:00
Miroslav Stampar
cbdd9e921e
minor cosmetics
2011-03-17 12:23:56 +00:00
Miroslav Stampar
6607a240cf
added logging to redirecthandler
2011-03-17 12:21:27 +00:00
Miroslav Stampar
9a513198dd
minor fix regarding last couple of commits
2011-03-17 11:25:37 +00:00
Miroslav Stampar
970cde5a8a
minor update regarding last commit
2011-03-17 09:23:46 +00:00
Miroslav Stampar
beba69faa9
implementation of request from Santiago (look for error based responses in redirects)
2011-03-17 09:12:28 +00:00
Miroslav Stampar
847ce863e3
refactoring
2011-03-17 08:54:20 +00:00
Miroslav Stampar
fbd0cfda29
minor update toward the implementation of request from Santiago
2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303
-v 0 shows both error, critical and raw_input messages
2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257
Minor bug fix (revert)
2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65
minor refactoring
2011-03-11 20:16:34 +00:00
Miroslav Stampar
2fd3f0d7b2
minor update (added comment)
2011-03-11 20:07:52 +00:00
Miroslav Stampar
6cc745f789
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
2011-03-11 19:57:44 +00:00
Bernardo Damele
d8a76ebe34
Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs
2011-03-11 16:03:19 +00:00
Bernardo Damele
3cb0ca4b63
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1
Another bug fix for --privileges on PgSQL with UNION query technique
2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7
Minor bug fixes to --privileges for PostgreSQL query (corner case)
2011-03-11 14:54:41 +00:00
Miroslav Stampar
1879a49506
fix for a bug reported by andreoaz@gmail.com
2011-03-10 20:40:12 +00:00
Miroslav Stampar
eb1cda7065
minor refactoring (more consistent)
2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387
minor refactoring
2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
2011-03-08 11:53:59 +00:00
Miroslav Stampar
99adbbeaa3
los cosmeticados
2011-03-07 22:04:17 +00:00
Miroslav Stampar
cc0306044c
adding SVN revision number support for non SVN client platforms
2011-03-07 21:54:30 +00:00
Miroslav Stampar
154d947c62
minor update
2011-03-07 10:15:41 +00:00
Miroslav Stampar
16b286982d
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302
further update regarding last commit
2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
2011-03-03 09:42:50 +00:00
Miroslav Stampar
3a1f5744be
minor update to make counting variable totally independent of the urllib2's self.retried
2011-03-02 10:42:17 +00:00
Miroslav Stampar
a010386a23
finally a proper fix for that annoying recursive bug
2011-03-02 10:29:38 +00:00
Miroslav Stampar
f27f05308a
minor update for masking sensitive data in error report (added aCred too)
2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea
minor improvement
2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3
fix for --technique
2011-03-01 09:54:06 +00:00
Miroslav Stampar
9856cb71de
redo of the last commit with comments added
2011-02-28 18:58:05 +00:00
Miroslav Stampar
ade31b2cb0
removal of obsolete item
2011-02-28 18:49:25 +00:00
Miroslav Stampar
2bf212ffa9
minor minor update
2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e
minor improvement of regular expression
2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
2011-02-27 12:17:41 +00:00
Bernardo Damele
60605b6e7c
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
2011-02-27 12:14:13 +00:00
Miroslav Stampar
88faedc0fe
fix for a bug reported by -insane-
2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e
bug fix for international encoded letters
2011-02-25 22:43:01 +00:00
Miroslav Stampar
63b8156c00
some update (if header key is non-unicode comformant)
2011-02-25 09:43:04 +00:00
Miroslav Stampar
2bbbc9a41e
few updates
2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1
incorporation of method for neutralization of reflective values
2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608
added protection mechanism against reflected values
2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e
If no Accept header field is present, then it is assumed that the client accepts all media types.
2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068
adding experimental for --group-concat
2011-02-22 14:35:38 +00:00
Miroslav Stampar
12ede1e5de
minor JIC (just-in-case) update
2011-02-22 13:18:47 +00:00
Miroslav Stampar
3f8eadf4fe
minor refactoring
2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe
minor refactoring
2011-02-22 12:54:22 +00:00
Miroslav Stampar
17c39fe231
fix for that non-HTML stuff
2011-02-22 11:32:55 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Miroslav Stampar
90582ed7dc
minor change
2011-02-21 11:35:21 +00:00
Miroslav Stampar
aac817935a
further improvement of MaxDB support
2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b
minor bug fix
2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d
minor update
2011-02-20 21:27:38 +00:00
Miroslav Stampar
0c57f2af0f
minor fix
2011-02-20 12:20:44 +00:00
Bernardo Damele
023a80c31c
Section explanation change to reflect recent enhancements
2011-02-19 21:06:24 +00:00
Bernardo Damele
60b05ff49f
Reflect new switch name
2011-02-19 21:05:15 +00:00
Bernardo Damele
8e60acae5d
Added support for --scope also in WebScarab logs (-l)
2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd
some more Sybase updates
2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac
some progress regarding SYBASE
2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95
minor improvement
2011-02-18 14:27:02 +00:00
Miroslav Stampar
3badf92ceb
not doing "basic" filtering in default cases because of a bug reported by Kazim
2011-02-18 07:38:13 +00:00
Miroslav Stampar
6cdf08b81c
minor fix
2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217
--technique can now be something like 123 which includes both techniques 1, 2 and 3
2011-02-17 21:39:16 +00:00
Miroslav Stampar
7ebc1ab90a
minor cosmetics
2011-02-17 08:59:14 +00:00
Miroslav Stampar
199f14df46
implementation of MySQL GROUP_CONCAT technique
2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416
Proper fix for r3307 (file-write on MySQL via UNION query tech)
2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475
minor update
2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d
update regarding explicit testing of ua and referer when using -p
2011-02-13 21:58:48 +00:00
Bernardo Damele
429ab631fe
Minor refactoring
2011-02-13 21:25:01 +00:00
Miroslav Stampar
5fb11fd173
update regarding multiple DBMS payloads
2011-02-13 21:20:21 +00:00
Bernardo Damele
45a005737d
Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2
2011-02-13 21:08:42 +00:00
Miroslav Stampar
83d7803ce7
other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)
2011-02-12 20:03:28 +00:00
Miroslav Stampar
9f7d666451
removing --method per request of buawig
2011-02-12 19:50:27 +00:00
Miroslav Stampar
1cd483f42f
one more update
2011-02-12 10:24:09 +00:00
Miroslav Stampar
25a3a64327
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
2011-02-12 10:15:42 +00:00
Miroslav Stampar
521635c84d
quick fix for UA and Referer
2011-02-11 23:36:23 +00:00
Bernardo Damele
7253362114
Minor bug fix so that --file-write on MySQL via UNION query now works again
2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb
implementation of referer feature
2011-02-11 23:07:03 +00:00
Miroslav Stampar
a6ab24e0b5
just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed
2011-02-10 22:47:43 +00:00
Miroslav Stampar
5f2fcd1eea
minor adjustment regarding "file" switches
2011-02-10 19:55:47 +00:00
Miroslav Stampar
4295a78c5f
minor update
2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba
More fixes for --common-columns to work against MSSQL too
2011-02-09 17:22:07 +00:00
Miroslav Stampar
917b2b0d6b
one more commit related to the previous one
2011-02-09 17:07:02 +00:00
Miroslav Stampar
6c582343fe
.. fix
2011-02-09 17:05:06 +00:00
Miroslav Stampar
d9af01d73d
imporant fix for boolean expression which return [None]
2011-02-09 16:53:22 +00:00
Miroslav Stampar
7d9be18789
added one comment
2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f
another update
2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139
fix for a bug reported by skysbsb@gmail.com (double ORDER BY)
2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e
fix
2011-02-09 11:20:03 +00:00
Miroslav Stampar
3de6117253
revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)
2011-02-09 09:53:59 +00:00
Miroslav Stampar
98ca1702ae
los cosmeticado
2011-02-08 16:30:32 +00:00
Miroslav Stampar
87e36796c6
just to not cause confusion
2011-02-08 16:29:42 +00:00
Miroslav Stampar
dcb9c93328
minor cleanup
2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143
first commit with mysql/error/substringing
2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b
Proper fix
2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588
revert of r3274
2011-02-08 09:44:34 +00:00
Bernardo Damele
156d8cd99b
Directory restyling
2011-02-08 00:15:02 +00:00
Bernardo Damele
cfe2da0195
Minor fix
2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Miroslav Stampar
2c4f6d2e99
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
2011-02-07 21:53:05 +00:00
Miroslav Stampar
a577d0e9a5
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
2011-02-07 21:18:01 +00:00
Miroslav Stampar
66adf23532
Unbiased approach for searching appropriate usable column
2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613
there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)
2011-02-07 16:55:02 +00:00
Miroslav Stampar
771020abd6
one more related commit
2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272
fix for that MSSQL limit/top problem
2011-02-07 16:24:23 +00:00
Miroslav Stampar
71d1b72e0e
minor adjustment
2011-02-07 12:51:38 +00:00
Bernardo Damele
b33ac19d39
Minor fix
2011-02-07 12:36:00 +00:00
Miroslav Stampar
99e9412f74
minor update
2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
c0233dcd4f
preventing crashes for output=[]
2011-02-07 10:24:15 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4
More statements to exclude from unescap'ing
2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235
Minor fix
2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9
More adjustments related to unescape() and cleanupPayload().
...
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Bernardo Damele
9eac2339ca
2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868
Code cleanup
2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc
few reverts
2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c
little cleanup
2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58
can't stay as it is right now. temporary disabling.
2011-02-06 21:17:41 +00:00
Miroslav Stampar
d2b96a66a2
one more update regarding last few "unescape" related commits
2011-02-06 20:23:23 +00:00
Bernardo Damele
6191a7f26f
Major fix for a silent bug
2011-02-06 15:53:43 +00:00
Bernardo Damele
c44978862e
Minor reordering of what gets saved into the injection object
2011-02-06 15:20:44 +00:00
Miroslav Stampar
412a97b7fe
fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')
2011-02-05 14:17:28 +00:00
Miroslav Stampar
4df8a03c04
using OrderedDict to store parameters in order of appearance
2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80
minor refactoring
2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d
Minor fix
2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06
minor just in case update
2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e
minor refactoring
2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05
revert
2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899
minor adjustment (accepting strange new looking uri formats)
2011-02-04 10:55:03 +00:00
Miroslav Stampar
1af418d444
huge bug fix
2011-02-04 10:18:26 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804
adding comments to filtering function
2011-02-03 23:09:08 +00:00
Miroslav Stampar
1aecbe6b08
minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)
2011-02-03 22:59:26 +00:00
Miroslav Stampar
e5f54644f0
minor "statistical" update
2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8
more appropriate
2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd
new UNION column detection is going into wild
2011-02-03 16:16:38 +00:00
Miroslav Stampar
b56a77e573
removing obsolete switches (--threshold, --excl-reg, --excl-str)
2011-02-03 15:55:19 +00:00
Bernardo Damele
253a8d0679
Minor bug fix
2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314
minor fix
2011-02-03 13:28:10 +00:00
Miroslav Stampar
1b9850b73a
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc
minor change (conf.updateAll to conf.update)
2011-02-03 11:13:39 +00:00
Miroslav Stampar
402c1b622e
removing urlencode from UA
2011-02-02 15:18:06 +00:00
Miroslav Stampar
5f49e20cc8
adding --random-agent and removing -a
2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d
cosmetics
2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Bernardo Damele
5f0114a2a8
Minor bug fix
2011-02-02 14:06:40 +00:00
Miroslav Stampar
8134c2154a
adding WHERE enum for payloads
2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78
minor update
2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a
minor update
2011-02-02 12:42:55 +00:00
Miroslav Stampar
e73a147fb5
minor update
2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833
adding __findUnionCharCount function
2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f
minor refactoring
2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
2011-02-01 22:45:38 +00:00
Bernardo Damele
a37f5e05b9
Refactoring
2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
...
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
2619e4895f
Properly handle --technique at save/resume phase
2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569
You never know..
2011-02-01 22:05:12 +00:00
Bernardo Damele
d875d848ce
Better sort
2011-02-01 22:04:48 +00:00
Miroslav Stampar
705d45f4db
minor cosmetics
2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75
Just.. cosmetics ;)
2011-01-31 22:51:14 +00:00
Miroslav Stampar
35b6d7278a
minor update
2011-01-31 22:50:54 +00:00
Miroslav Stampar
25c175a9a5
minor bug fix
2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313
More detailed message for unhandled exception
2011-01-31 21:23:40 +00:00
Bernardo Damele
2fd9621499
Minor adjustments
...
Cosmetics
2011-01-31 21:22:39 +00:00
Bernardo Damele
ec9ebb3479
Set threads to 4 when optimization switch is provided, -o
2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8
Minor adjustment
2011-01-31 21:20:23 +00:00
Bernardo Damele
e3a3ae11cc
Proper return from error-based technique enumeration
2011-01-31 21:13:29 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
777a19cfa9
LOL. removing that debug 'True'
2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631
one more thing ;)
2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667
cosmetics
2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68
implemented validation for time-based inference
2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c
fix for a bug (--predict-output) noticed by Bernardo
2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b
now union technique parses headers too
2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db
added checking of header values for GREP (error); still UNION to do
2011-01-31 12:21:17 +00:00
Miroslav Stampar
a6f2cd56ff
removed junky import
2011-01-31 11:59:58 +00:00
Miroslav Stampar
fb3513650d
adding ID properties
2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8
refactoring of MSSQL XML banner parsing
2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1
another minor cosmetic update
2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104
minor fix
2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509
minor bug fix
2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
2011-01-31 09:28:16 +00:00
Bernardo Damele
2a0b03e5c6
Unused import
2011-01-30 17:07:27 +00:00
Miroslav Stampar
fc9c626f9e
minor refactoring (removed URL_ENCODE_PAYLOAD)
2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779
perhaps this is better english
2011-01-30 16:34:13 +00:00
Bernardo Damele
8278d821ac
Another layout adjustment
2011-01-30 16:23:19 +00:00
Bernardo Damele
71d82e6f57
Minor layout adjustment
2011-01-30 16:19:58 +00:00
Bernardo Damele
02e5c4b1e6
Minor bug fix for --sql-query/-shell with error-based technique
2011-01-30 14:19:50 +00:00
Miroslav Stampar
bc8f1142c9
minor revert
2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
3060c369a5
minor fix for previous commit
2011-01-30 07:44:47 +00:00
Miroslav Stampar
1abf354630
minor update
2011-01-30 07:41:09 +00:00
Miroslav Stampar
d63339ca26
minor bug fix
2011-01-30 07:34:07 +00:00
Miroslav Stampar
e8883de2c6
minor update regarding unicode decoding of supplied arguments
2011-01-29 23:01:39 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d
added some more info to unhandled exception message(s)
2011-01-28 16:15:45 +00:00
Miroslav Stampar
a184a4c772
major of majors bug fix
2011-01-28 14:31:25 +00:00
Miroslav Stampar
0f4fb156d3
major bug fix
2011-01-28 14:09:28 +00:00
Miroslav Stampar
b98cbeee04
page for handling binary files
2011-01-27 22:00:34 +00:00
Miroslav Stampar
8e74c571bc
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
2011-01-27 19:44:24 +00:00
Miroslav Stampar
49aeb41be8
quick bug fix for FALSE positives with UNION based technique
2011-01-27 18:49:44 +00:00
Miroslav Stampar
81722b6881
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
2011-01-27 16:55:58 +00:00
Miroslav Stampar
539168dcca
sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)
2011-01-27 13:40:42 +00:00
Miroslav Stampar
bb6e36fb02
minor updates
2011-01-27 12:38:39 +00:00
Miroslav Stampar
10b723f196
minor fix for a bug reported by yonnym@googlemail.com
2011-01-25 22:26:28 +00:00
Miroslav Stampar
430fd5cd63
minor fixes
2011-01-25 16:05:06 +00:00
Miroslav Stampar
d3ddaba7be
minor refactoring
2011-01-25 13:04:13 +00:00
Miroslav Stampar
cab86871fe
fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)
2011-01-25 11:02:41 +00:00
Miroslav Stampar
5692506131
this was bad thing to have
2011-01-25 01:08:38 +00:00
Miroslav Stampar
6cc69f5e16
now --technique is appliable also after the injections have been identified
2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7
minor update of parseTargetUrl method
2011-01-24 14:52:50 +00:00
Miroslav Stampar
4093599f38
added parseTargetUrl to redirect choice
2011-01-24 14:45:35 +00:00
Bernardo Damele
e1db2700f0
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
2011-01-24 12:25:45 +00:00
Miroslav Stampar
8d0c2efbe2
unescaping of char marked payloads
2011-01-24 12:00:16 +00:00
Miroslav Stampar
4441e11f68
fix for case -r with no params and cookie available
2011-01-24 11:26:51 +00:00
Bernardo Damele
47fa600c04
Minor fix and cosmetics
2011-01-24 11:12:33 +00:00
Miroslav Stampar
a3e3387113
fix for proper Firebird resume of version
2011-01-24 11:04:32 +00:00
Miroslav Stampar
c1145c244e
fix for user-agent injections
2011-01-23 23:23:30 +00:00
Miroslav Stampar
818c9787b2
minor update
2011-01-23 21:20:16 +00:00
Miroslav Stampar
b18397fbc7
major revisit of --os-shell methods
2011-01-23 20:47:06 +00:00
Miroslav Stampar
ff7707579f
minor improvement
2011-01-23 11:35:24 +00:00
Miroslav Stampar
f5ff78d40c
revert
2011-01-23 11:21:27 +00:00
Miroslav Stampar
97f66a87c5
minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message
2011-01-23 10:51:57 +00:00
Miroslav Stampar
3a5f0760f6
minor optimization (only way to prematurely stop SAX parser)
2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a
fix for URI based injections
2011-01-22 16:23:33 +00:00
Miroslav Stampar
7c4c79477d
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
2011-01-21 18:32:10 +00:00
Bernardo Damele
03a880c6f1
Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors
2011-01-20 22:02:20 +00:00
Bernardo Damele
0f2634c4b0
Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)
2011-01-20 22:01:21 +00:00
Bernardo Damele
97573693be
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
2011-01-20 21:59:47 +00:00
Bernardo Damele
f1b402b103
Proper handling of CASE in Oracle, finally
2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f
Enforce that when --prefix is provided, --suffix is too and viceversa.
2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575
Moved little precaution from checks.py to common.py.
...
Initial refactoring of kb.os* get/set.
2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e
Centralization of unescape()
2011-01-20 21:55:13 +00:00
Bernardo Damele
e734efcda7
Removed deprecated code
2011-01-20 21:50:58 +00:00
Miroslav Stampar
496a84c356
minor update
2011-01-20 18:32:04 +00:00
Miroslav Stampar
dd7262d9e6
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151
LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)
2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a
minor update
2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae
minor update
2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892
added support for WebScarab logs
2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1
important fix regarding encoding stuff
2011-01-20 13:54:18 +00:00
Miroslav Stampar
f6f4b5e9dd
bug fix for charset used in inference for pages retrieved with --null-connection
2011-01-20 11:01:01 +00:00
Miroslav Stampar
a4a0f10950
minor minor minor
2011-01-20 09:25:34 +00:00
Bernardo Damele
701947490b
Two major bug fixes related to UNION technique query forging
2011-01-19 23:46:39 +00:00
Miroslav Stampar
7a060e756d
dummy fix for SQLite schema retrieval (lots of spaces inside)
2011-01-19 23:16:22 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Miroslav Stampar
4bdc19d879
minor cosmetics
2011-01-19 22:48:06 +00:00
Miroslav Stampar
c106dc829a
more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)
2011-01-19 22:08:56 +00:00
Miroslav Stampar
7ad41f9b19
bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)
2011-01-19 21:46:43 +00:00
Miroslav Stampar
aea43a1e43
minor refactoring
2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de
fuck yea
2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709
back to roots
2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1
Code cleanup
2011-01-18 23:05:32 +00:00
Bernardo Damele
eda0b41859
Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
...
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
2011-01-18 23:03:50 +00:00
Bernardo Damele
cffa17f5a6
Major bug fix - before it raised a traceback, now works.
2011-01-18 23:02:47 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781
minor fix (for numeric columns with all 0)
2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f
Proper support for --union-cols
2011-01-17 22:57:33 +00:00
Bernardo Damele
35fb50a6ee
Major bug fix
2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459
Minor code refactoring
2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2
you can't believe how much man can learn when having good testing points
2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa
was wrong about this one (just now tested on a real site)
2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc
proper way to handle this (console output has totally different encoding than the page one)
2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3
minor update regarding default page encoding
2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1
important fix for unicode based character inference
2011-01-17 10:15:19 +00:00
Miroslav Stampar
99a3a3b89c
minor fix (break if all found)
2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd
information update regarding common password suffixes
2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac
fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')
2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695
minor cosmetics
2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81
minor cosmetics
2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f
minor improvement
2011-01-16 20:55:07 +00:00
Miroslav Stampar
f5e36876e7
removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency
2011-01-16 19:29:06 +00:00
Miroslav Stampar
a6516798c0
proper fix for that previous "stacked" fix (that one screwed other injection types)
2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e
russian sites are great for testing :)
2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf
fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)
2011-01-16 18:25:18 +00:00
Miroslav Stampar
718eef8753
minor fix
2011-01-16 18:11:35 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
ec1ab3cd2a
removing timeSec from injection configuration attributes as it highly depends on current connection "variables"
2011-01-16 12:12:01 +00:00
Miroslav Stampar
2001bad7e1
automatic adjustment of timeSec for delayed queries
2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb
slightly faster and thread safer inference
2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b
Major bug fix.
...
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99
More refactoring and cleanup
2011-01-16 00:15:30 +00:00
Miroslav Stampar
29ea0950b6
now False is also affected (along with None and "")
2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822
Minor refactoring
2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4
Minor improvement
2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1
More code cleanup
2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8
Minor refactoring
2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e
bug fix and proper warning message
2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32
bug fix (some sites raise 404 during union tests)
2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca
update
2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c
code review of modules in lib/core directory
2011-01-15 12:13:45 +00:00
Miroslav Stampar
05b2a338fe
cosmetics
2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348
minor update
2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab
update
2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d
Code cleanup
2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51
minor code refactoring
2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc
Minor bug fix
2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7
Minor bug fix
2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4
minor update
2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a
minor code refactoring
2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020
Minor bug fix
2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f
revert
2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19
minor fix
2011-01-13 15:19:37 +00:00
Miroslav Stampar
b0fdbdb13b
minor update
2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521
Verbose docstring
2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555
update
2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62
Cosmetics
2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca
minor update
2011-01-13 11:08:29 +00:00
Bernardo Damele
ee4727850c
Minor bug fix
2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc
Minor fix to avoid query splitting/unpacking when the statement is EXISTS()
2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31
Important bug fix.
...
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f
Minor code refactoring and added internal debug prints
2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f
Code cleanup
2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f
Minor update
2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92
Proper fix to avoid UNION test false positives
2011-01-11 23:59:02 +00:00
Bernardo Damele
c2e994e806
Minor adjustment
2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
...
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f
Major bug fix
2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
e3146464da
minor fix for a bug reported by nightman
2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268
minor fix
2011-01-11 12:16:20 +00:00
Miroslav Stampar
394b6bc029
reverting some changes
2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a
minor update
2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1
didn't know this to be honest
2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57
adding openFile method with an exception block around file opening part
2011-01-08 09:30:10 +00:00
Miroslav Stampar
e3899f7467
fix of a fix
2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf
minor fix
2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f
minor fix
2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42
cosmetics
2011-01-07 17:25:22 +00:00
Bernardo Damele
97ae7e330f
cosmetics
2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2
Cosmetics
2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423
suppress session in case of brute methods
2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7
Mere cosmetics
2011-01-07 16:36:32 +00:00
Miroslav Stampar
1a079c62cb
minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)
2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54
fixes for bugs reported by pragmatk@gmail.com
2011-01-06 16:59:58 +00:00
Miroslav Stampar
c968b438f2
Ctrl+C added to union dump
2011-01-06 09:48:04 +00:00
Miroslav Stampar
0616edcc44
adding progress to --union-test
2011-01-06 09:26:01 +00:00
Miroslav Stampar
8b9a624546
added progress into union based entry retrieval
2011-01-06 09:10:20 +00:00
Miroslav Stampar
cc9ca802bf
minor update
2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da
fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)
2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1
minor fix/update
2011-01-05 13:32:40 +00:00
Miroslav Stampar
7411052456
minor update regarding last commit
2011-01-05 12:09:57 +00:00
Miroslav Stampar
042e3f76ba
bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)
2011-01-05 11:36:40 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
eb11f5b2e0
minor update
2011-01-04 13:07:12 +00:00
Miroslav Stampar
c1dc73d0a1
minor, just in case update related to the previous commit
2011-01-04 12:56:55 +00:00
Miroslav Stampar
709a7d156b
fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)
2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3
minor update
2011-01-04 08:40:41 +00:00
Miroslav Stampar
fdc463d08b
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
2011-01-03 22:02:58 +00:00
Miroslav Stampar
572f403069
update of one thing that was missing
2011-01-03 21:28:22 +00:00
Miroslav Stampar
ce48ea75d0
noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links
2011-01-03 14:39:23 +00:00
Miroslav Stampar
6aa616bd0d
minor minor fix
2011-01-03 14:28:20 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
07129371bf
bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)
2011-01-03 13:04:20 +00:00
Miroslav Stampar
3629c2737b
automatically turn on --text-only in case of heavily-dynamicity instead of critical exit
2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6
some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one
2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f
minor update
2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4
minor update
2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
f762f32de8
bug fix for proper --parse-errors on .aspx pages
2011-01-02 13:00:04 +00:00
Miroslav Stampar
dce9a762f1
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
2011-01-02 10:37:32 +00:00
Miroslav Stampar
96341f8f78
minor fix
2011-01-02 09:16:17 +00:00
Miroslav Stampar
5c6c870db4
removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode
2011-01-02 08:43:38 +00:00
Miroslav Stampar
6651ba05eb
another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)
2011-01-02 08:08:38 +00:00
Miroslav Stampar
da138c46c1
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
2011-01-02 07:37:47 +00:00
Miroslav Stampar
ec4440108b
minor cosmetics
2011-01-02 07:09:04 +00:00
Miroslav Stampar
428e817a32
some refactoring
2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d
user can now choose if he wants to skip non-heuristic based DBMS tests
2011-01-01 23:38:11 +00:00
Miroslav Stampar
8a93cfd975
minor update
2011-01-01 22:43:15 +00:00
Miroslav Stampar
52e44df86c
minor update
2011-01-01 21:11:29 +00:00
Miroslav Stampar
942cbafba6
minor update
2011-01-01 20:19:55 +00:00
Miroslav Stampar
e4fd8b3f0c
(e) finally works as it should
2011-01-01 19:22:44 +00:00
Miroslav Stampar
0e815177c8
minor update
2011-01-01 19:07:40 +00:00
Miroslav Stampar
ef27fd5ea1
there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) ( http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html , http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html )
2011-01-01 15:20:29 +00:00
Miroslav Stampar
15e6911fd8
fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')
2011-01-01 12:23:02 +00:00
Miroslav Stampar
91f665aaaa
bug fix for Ctrl+C
2010-12-31 15:00:19 +00:00
Miroslav Stampar
5db8ebbfa9
update of mysql comment versions
2010-12-31 12:42:12 +00:00
Miroslav Stampar
281d124fa6
minor bug fix
2010-12-31 12:04:39 +00:00
Miroslav Stampar
613242e298
bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)
2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff
code refactoring
2010-12-29 19:39:32 +00:00
Miroslav Stampar
6700cabc36
minor optimization
2010-12-29 19:01:29 +00:00
Miroslav Stampar
d1f5c1d7b7
now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering
2010-12-29 15:10:42 +00:00
Miroslav Stampar
79e97824ef
adding user names to the attack dictionary
2010-12-29 00:37:53 +00:00
Miroslav Stampar
93838fb155
"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)
2010-12-28 14:40:34 +00:00
Miroslav Stampar
c0423761e8
minor update
2010-12-27 18:27:42 +00:00
Miroslav Stampar
c8f8dbf0a7
minor update
2010-12-27 15:39:27 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
c7a160bf72
minor update (users want this to see)
2010-12-27 12:00:54 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
269d6bde24
this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)
2010-12-27 00:14:29 +00:00
Miroslav Stampar
89c2640d23
basic --search now works with MS Access
2010-12-26 23:50:16 +00:00
Miroslav Stampar
f2373121d0
noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)
2010-12-26 14:36:51 +00:00
Miroslav Stampar
ceeb6374e8
bug fix (TypeError: object of type 'NoneType' has no len())
2010-12-26 13:27:24 +00:00
Miroslav Stampar
569e060aab
important improvement
2010-12-26 13:20:52 +00:00
Miroslav Stampar
a555d1ad68
minor improvement
2010-12-26 11:15:02 +00:00
Miroslav Stampar
320a6f9efb
minor minor update
2010-12-26 09:55:33 +00:00
Miroslav Stampar
17d74fc83c
cosmeticado
2010-12-26 09:53:40 +00:00
Miroslav Stampar
cd337d9f39
minor fix
2010-12-26 09:46:09 +00:00
Miroslav Stampar
eaf4b93856
minor update
2010-12-26 09:40:40 +00:00
Miroslav Stampar
562a6440d1
fix for a bug reported by nightman (same as http://bugs.python.org/issue8797 )
2010-12-26 09:33:04 +00:00
Miroslav Stampar
6c72e41972
minor fix/update
2010-12-26 02:19:10 +00:00
Miroslav Stampar
c5c4aae3d5
minor update (to prevent adding too much items)
2010-12-25 10:42:36 +00:00
Miroslav Stampar
b472b96f92
bug fix, refactoring and improved extractErrorMessage capabilities
2010-12-25 10:16:20 +00:00
Miroslav Stampar
ea7ba19f6b
minor update
2010-12-25 09:43:14 +00:00
Miroslav Stampar
272476773f
getPageTextWordsSet on tableExists is pretty powerful stuff
2010-12-25 09:37:33 +00:00
Miroslav Stampar
6845d402fa
well, here and there, merry Christmas to all :)
2010-12-24 20:17:53 +00:00
Miroslav Stampar
2d115e0350
one more fix
2010-12-24 18:44:13 +00:00
Miroslav Stampar
edcf1a0872
few bug fixes
2010-12-24 18:40:48 +00:00
Miroslav Stampar
96a06351a1
minor fix (in testing phase raise404 should be set to False)
2010-12-24 12:36:00 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901
prioritization of tests based on DBMS error messages and some comments in common.py
2010-12-24 10:55:41 +00:00
Miroslav Stampar
a09716a701
minor update
2010-12-24 10:07:56 +00:00
Miroslav Stampar
d9f08e4aa3
randomization of user agents
2010-12-24 10:04:27 +00:00
Miroslav Stampar
d5eebb1cbf
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
2010-12-24 09:49:19 +00:00
Miroslav Stampar
cb17e61f35
bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)
2010-12-24 02:54:26 +00:00
Miroslav Stampar
8470de7b76
bug fix for boolean proxy when using time based payloads
2010-12-23 23:46:08 +00:00
Miroslav Stampar
7f7fb93155
cosmetics
2010-12-23 18:44:18 +00:00
Miroslav Stampar
017ea9e686
update
2010-12-23 14:06:22 +00:00
Miroslav Stampar
73f33c1999
bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)
2010-12-23 11:28:13 +00:00
Miroslav Stampar
8fc60215ed
lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.
2010-12-22 19:12:46 +00:00
Miroslav Stampar
7c06dbffc3
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
2010-12-22 18:55:50 +00:00
Bernardo Damele
c1f2534e9a
More bug fixes to properly distinguish between full inband and single-entry inband sql injections
2010-12-22 15:47:52 +00:00
Bernardo Damele
250608660d
Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)
2010-12-22 13:41:36 +00:00
Bernardo Damele
5228f336da
Minor fix for ctrl+c during detection phase
2010-12-22 13:15:44 +00:00
Miroslav Stampar
08c88495d0
removed that ugly hack
2010-12-22 13:09:04 +00:00
Miroslav Stampar
8212b7b745
bug fix
2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44
update regarding Sybase syntax
2010-12-22 10:39:56 +00:00
Miroslav Stampar
d974a966b8
minor fix for end phase (Ctrl+C)
2010-12-21 23:55:55 +00:00
Miroslav Stampar
fb75d0636b
minor update
2010-12-21 23:42:59 +00:00
Miroslav Stampar
39a13077c4
minor bug fix
2010-12-21 23:09:41 +00:00
Miroslav Stampar
09479c85dc
minor bug fix
2010-12-21 22:35:44 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
6c1133c4d4
some code refactoring
2010-12-21 15:13:13 +00:00
Miroslav Stampar
466d61ee85
minor fix
2010-12-21 14:29:47 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
0e68248f60
minor update of heuristic check
2010-12-21 12:56:18 +00:00
Miroslav Stampar
16f1f4e13e
when doing dynamic checks there are cases when 404 can be raised (perfectly normal)
2010-12-21 11:04:49 +00:00
Bernardo Damele
aca074b769
Removed unused outdated code
2010-12-21 10:49:52 +00:00
Bernardo Damele
ad6b528b33
Bit more verbose comment
2010-12-21 10:47:39 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe
Cosmetics
2010-12-21 09:23:00 +00:00
Miroslav Stampar
d554460aec
minor fix
2010-12-21 01:09:39 +00:00
Miroslav Stampar
116c141dfa
another fix
2010-12-21 00:47:07 +00:00
Miroslav Stampar
416755c0b7
minor adjustments
2010-12-21 00:25:03 +00:00
Miroslav Stampar
8067365b93
fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident')
2010-12-20 23:47:53 +00:00
Miroslav Stampar
e10670d9ac
added end detection phase choice into Ctrl+C list
2010-12-20 23:34:00 +00:00
Miroslav Stampar
29001a4fce
minor update
2010-12-20 23:21:01 +00:00
Miroslav Stampar
b34fe5c334
no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)
2010-12-20 22:49:48 +00:00
Miroslav Stampar
8fd3e7ba1f
thread based data added
2010-12-20 22:45:01 +00:00
Miroslav Stampar
c9e8aae8a2
we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads)
2010-12-20 19:34:41 +00:00
Miroslav Stampar
e09bc2406c
minor refactoring
2010-12-20 19:24:20 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a
this is strictly for educational purposes
2010-12-20 17:30:47 +00:00
Miroslav Stampar
c948bced61
should solve the problem with timeout problems in time-based payloads
2010-12-20 16:45:41 +00:00
Miroslav Stampar
eaf8929085
more minor updates
2010-12-20 10:48:53 +00:00
Miroslav Stampar
fd00ff7a82
minor bug fix
2010-12-20 10:37:03 +00:00
Miroslav Stampar
e9f1ecb9e7
minor update
2010-12-20 10:32:58 +00:00
Miroslav Stampar
10a7a2dfb2
kids, don't use this at home
2010-12-20 10:13:14 +00:00
Miroslav Stampar
13d5b2c0ff
code refactoring
2010-12-20 09:44:21 +00:00
Miroslav Stampar
4cb83654dc
minor update
2010-12-18 16:28:21 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
21d083272e
minor minor fix
2010-12-18 14:31:41 +00:00
Miroslav Stampar
4f73feec2f
now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)
2010-12-18 14:11:49 +00:00
Miroslav Stampar
05c6d661e8
cosmetics
2010-12-18 10:49:49 +00:00
Miroslav Stampar
03220d34ba
added Ctrl+C check in detection phase
2010-12-18 10:42:09 +00:00
Miroslav Stampar
e355f92f22
bug fix
2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
108a96c6b4
some fixes
2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
07609bfb53
minor fix
2010-12-17 19:33:20 +00:00
Miroslav Stampar
323af45ce4
added one more time request payload to confirm test results
2010-12-17 07:53:58 +00:00
Miroslav Stampar
e3fa3b0e8e
fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')
2010-12-17 07:48:32 +00:00
Miroslav Stampar
95b2c0803b
minor fix
2010-12-15 20:51:29 +00:00
Miroslav Stampar
de54219571
code refactoring
2010-12-15 12:50:56 +00:00
Miroslav Stampar
cda00c7501
code refactoring
2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24
minor cosmetics
2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c
minor cosmetics
2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea
quick fix of a fix
2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b
minor update
2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056
quick fix for a bug reported by Andreas Constantinides (KeyError: 5)
2010-12-15 11:30:29 +00:00
Miroslav Stampar
f8a01ddaf8
minor update
2010-12-15 11:21:47 +00:00
Miroslav Stampar
63f5c35c23
bug fix
2010-12-15 10:02:58 +00:00
Miroslav Stampar
c3d0295d21
minor update (checking for --time-sec value)
2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348
minor cache based optimization
2010-12-14 12:22:17 +00:00
Miroslav Stampar
270ae0f080
just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False
2010-12-14 09:05:00 +00:00
Bernardo Damele
04caef6de0
Tuning
2010-12-13 23:04:26 +00:00
Bernardo Damele
cfcee6439e
Cosmetics
2010-12-13 21:55:30 +00:00
Bernardo Damele
86690682c7
Minor bug fix to respect -v value in --common-tables and --common-columns
2010-12-13 21:37:12 +00:00
Bernardo Damele
4b79227b5a
Minor bug fix to properly merge options from .conf file (-c) with command line switches
2010-12-13 21:36:23 +00:00
Bernardo Damele
db844c1785
No point in showing the error-based inject payload, it's same as the one showed in -v3
2010-12-13 21:35:20 +00:00
Bernardo Damele
698f30e65e
Cosmetics
2010-12-13 21:34:35 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
d56f47d530
fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20')
2010-12-12 23:59:55 +00:00
Miroslav Stampar
6a3c4485e6
minor update (removing extra ())
2010-12-12 14:44:39 +00:00
Miroslav Stampar
e98d9c08e1
dumping table is now possible on Firebird too
2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5
update regarding dumping of tables with blind on Sqlite
2010-12-11 22:00:16 +00:00
Miroslav Stampar
f7344a5fc3
update
2010-12-11 21:28:11 +00:00
Miroslav Stampar
6a24048aa6
urllib2 doesn't play well with '\n' when non unescaped chars used
2010-12-11 21:17:54 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43
further update regarding bugtrace's report
2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2
quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)
2010-12-11 17:20:39 +00:00
Miroslav Stampar
03447acc1d
avoiding some trashy match ratios
2010-12-11 17:12:19 +00:00
Miroslav Stampar
d2a3e8f44f
first time firebird error-based query success
2010-12-11 11:17:24 +00:00
Miroslav Stampar
f021548bd0
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
2010-12-11 10:52:04 +00:00
Miroslav Stampar
c17f444aab
minor fix
2010-12-11 10:22:18 +00:00
Miroslav Stampar
3dc0a51d34
major bug fix with boolean expressions
2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b
update
2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d
fix
2010-12-10 16:03:32 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Miroslav Stampar
977988c0ab
cosmetics
2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80
another update
2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60
fix
2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55
proper fix
2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040
you won't believe commit
2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8
minor refactoring
2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb
fix for booleans
2010-12-10 12:26:01 +00:00
Miroslav Stampar
fe2039f5ba
coollyy little commits
2010-12-10 11:32:46 +00:00
Miroslav Stampar
d5e7a8d305
update
2010-12-10 10:54:17 +00:00
Bernardo Damele
b6dcbcef5b
Minor fix
2010-12-10 10:52:55 +00:00
Miroslav Stampar
471d9ccd65
another fix of my lala
2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2
quick fix
2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9
update regarding boolean based expressions
2010-12-09 21:15:18 +00:00
Miroslav Stampar
d5fb921154
removed debug print
2010-12-09 20:08:59 +00:00
Miroslav Stampar
1492823de0
it wasn't pretty, now it's pretty
2010-12-09 20:06:20 +00:00
Miroslav Stampar
bbffea2cbc
bug fix
2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Bernardo Damele
df5f6bc1b7
Little precaution
2010-12-09 14:06:43 +00:00
Bernardo Damele
9230877d98
cosmetics
2010-12-09 13:57:38 +00:00
Bernardo Damele
5fb04515d3
Added hidden (for the moment) switch --technique
2010-12-09 13:47:17 +00:00
Miroslav Stampar
cdff29ada7
update
2010-12-09 11:23:44 +00:00
Miroslav Stampar
196131bbca
minor cosmetics
2010-12-09 10:42:00 +00:00
Miroslav Stampar
ec5c08ca7a
cosmetics
2010-12-09 09:24:20 +00:00
Miroslav Stampar
3fd1c37d53
update
2010-12-09 07:49:18 +00:00
Miroslav Stampar
db39dc32fc
minor update
2010-12-09 00:59:39 +00:00
Bernardo Damele
0c01be0eeb
Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).
2010-12-09 00:34:02 +00:00
Bernardo Damele
9c61adb21d
Cosmetics
2010-12-09 00:26:06 +00:00
Bernardo Damele
b5c6527c72
Minor fix
2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
2010-12-08 23:52:31 +00:00
Bernardo Damele
10ef2b5de8
Minor bug fix
2010-12-08 23:09:42 +00:00
Miroslav Stampar
54f6673609
update
2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0
update
2010-12-08 22:14:42 +00:00
Miroslav Stampar
258e9fb50e
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-08 21:16:18 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
40fadf2f35
minor update
2010-12-08 14:33:10 +00:00
Miroslav Stampar
95b48746a6
cosmetics
2010-12-08 14:29:09 +00:00
Miroslav Stampar
ed09c53ee4
minor minor update
2010-12-08 14:27:37 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Miroslav Stampar
af22679605
minor update
2010-12-08 13:09:27 +00:00
Miroslav Stampar
6223f25dd9
code beautification
2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165
removing junk
2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3
sqlmap premiere of blind time based query/bisection
2010-12-08 12:28:54 +00:00
Miroslav Stampar
47bb31fb47
code refactoring
2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a
update regarding time based payloads
2010-12-08 11:26:54 +00:00
Miroslav Stampar
bdff4aba6a
switching to quick_ratio
2010-12-07 23:57:43 +00:00
Miroslav Stampar
c1b82cf09c
ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results
2010-12-07 23:53:44 +00:00
Miroslav Stampar
a4a63f5b1e
minor update
2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
b21eb88905
minor update
2010-12-07 22:45:38 +00:00
Miroslav Stampar
575e50673b
minor update
2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a
little explanation
2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231
Removed debug print
2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29
Minor fix
2010-12-07 17:17:38 +00:00
Bernardo Damele
81e7465ed2
Cosmetics
2010-12-07 17:16:21 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6
it's a must to double check time based payloads
2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8
Added counter of total HTTP(s) requests done during detection phase
2010-12-07 12:33:47 +00:00
Bernardo Damele
effd2ca0e3
Cosmetics
2010-12-07 12:32:58 +00:00
Miroslav Stampar
2af8835a94
fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter)
2010-12-07 10:57:32 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d
introducing PostgreSQL time based blind
2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3
minor cosmetic update ("heuristics shows" is not grammatically correct)
2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23
minor update
2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf
minor refactoring
2010-12-06 15:50:19 +00:00
Miroslav Stampar
e8be14e00a
minor refactoring
2010-12-06 07:48:14 +00:00
Miroslav Stampar
a43d252ae9
minor update
2010-12-06 00:14:08 +00:00
Miroslav Stampar
5189f138d7
increasing socket timeout in case of time based checks
2010-12-05 23:18:16 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Bernardo Damele
da3fd17fc3
Adjustment to make it work also in OR based injection
2010-12-05 12:24:23 +00:00
Bernardo Damele
41e1b95c6c
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
2010-12-05 11:25:44 +00:00
Miroslav Stampar
7a5cd3b35f
minor comment update
2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211
Cosmetics
2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
3f9450b9dc
minor fix
2010-12-04 14:43:35 +00:00
Miroslav Stampar
1f795622b3
some fine tuning of dynamicity removing engine
2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Miroslav Stampar
b3a094b9d6
fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql')
2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104
Ugly code to set the cookies when got them from a 302 redirect too
2010-12-03 17:41:10 +00:00
Bernardo Damele
9d55c4da87
Done with support for injection in ORDER BY and GROUP BY (hopefully)
2010-12-03 16:12:47 +00:00
Bernardo Damele
91c3cf8fd0
Minor improvement
2010-12-03 16:11:57 +00:00
Bernardo Damele
0e6359ab6e
Minor layout adjustment
2010-12-03 16:11:35 +00:00
Bernardo Damele
6e73adec47
Get rid of one useless attribute
2010-12-03 16:11:13 +00:00
Bernardo Damele
126a1479d8
Bug fix for --union-test
2010-12-03 14:57:30 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
b824826a89
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
2010-12-03 14:39:51 +00:00
Bernardo Damele
bb40ab9fb0
Major bug fix for default boolean-based vector still work and minor adjustments
2010-12-03 14:31:11 +00:00
Miroslav Stampar
612ee08a0b
added response time kb attribute
2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22
Major bug fix for test on ORDER BY and GROUP BY clauses.
...
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
827a0aea05
Minor bug fix
2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce
Added a comment needed to understand this hack when looking at the code in a month or so ;)
2010-12-03 11:00:41 +00:00
Bernardo Damele
a9d4b37987
Code cleanup and minor refactoring
2010-12-03 10:51:27 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
7d6f51f758
Avoid blank space between prefix and test's payload if it's a stacked queries test
2010-12-03 10:42:46 +00:00
Bernardo Damele
b0928e02c6
Proper comment
2010-12-03 10:39:36 +00:00
Miroslav Stampar
2cc167a42e
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
2010-12-02 18:57:43 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
09b265a1ea
Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check
2010-12-01 23:32:02 +00:00
Bernardo Damele
47f2d22181
Minor bug fix
2010-12-01 17:18:31 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
c00ea7f5e5
Store and resume also UNION char to session file (--union-char)
2010-12-01 10:59:58 +00:00
Bernardo Damele
025361c970
Higher precedence to union query sql inj than error-based
2010-12-01 10:57:17 +00:00
Bernardo Damele
56d2b2f322
Avoid storing to session file also payload delimiters
2010-12-01 10:55:59 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Bernardo Damele
8d84dcc5dc
More sense
2010-12-01 09:17:17 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Miroslav Stampar
fcdebbd55f
cosmeticados
2010-11-30 14:48:13 +00:00
Miroslav Stampar
47a7708950
minor improvement of dynamic content detection/removal part
2010-11-30 12:45:42 +00:00
Bernardo Damele
8b9706656e
Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
...
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Bernardo Damele
e9291932e5
Apply --level also to User-Agent (level >= 4) and Cookie (level >= 3).
...
GET and POST parameters are always tested.
2010-11-29 16:33:20 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Bernardo Damele
c76d740a25
just a precaution
2010-11-29 15:21:56 +00:00
Miroslav Stampar
70e87d959e
update of dynamicity engine
2010-11-29 15:14:49 +00:00
Bernardo Damele
ee4e04ebca
Minor adjustment
2010-11-29 15:09:40 +00:00
Bernardo Damele
2efb3b78ea
Consider also --dbms value during the detection phase
2010-11-29 14:48:07 +00:00
Miroslav Stampar
be6df7abd9
improvement of dynamicity engine
2010-11-29 14:30:57 +00:00
Bernardo Damele
76ce9cc888
Minor bug fix for --forms
2010-11-29 12:46:18 +00:00
Bernardo Damele
6525e08d6b
Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values
2010-11-29 12:13:42 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Bernardo Damele
e8c6c01e27
precaution
2010-11-29 09:54:30 +00:00
Bernardo Damele
9d7087e2ff
Proper saving and resuming when more than a parameter are injectable.
...
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
75f7df75b6
Minor fix
2010-11-28 23:33:51 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
6712f4da55
some refactoring and one less request for aspx maintanance during --os-shell
2010-11-24 14:20:43 +00:00
Bernardo Damele
253eafb643
paranoid cosmetics
2010-11-24 12:03:01 +00:00
Miroslav Stampar
b2b521fc8a
gready regex bastard :)
2010-11-24 12:01:36 +00:00
Miroslav Stampar
9579a97039
now ASPX works too for --os-shell
2010-11-24 11:38:27 +00:00
Miroslav Stampar
c54c9ee5d1
minor update
2010-11-23 22:33:00 +00:00
Miroslav Stampar
57ad59206b
cosmetics as it's best
2010-11-23 22:09:10 +00:00
Miroslav Stampar
7a147041c4
cosmetics
2010-11-23 21:44:58 +00:00
Miroslav Stampar
f4f0bc9db3
minor fix
2010-11-23 21:17:01 +00:00
Miroslav Stampar
f9f076ba97
code refactoring
2010-11-23 21:00:42 +00:00
Miroslav Stampar
7877a931d5
more cosmetics regarding dictionary attack
2010-11-23 20:54:40 +00:00
Miroslav Stampar
e3b3e05748
minor update
2010-11-23 19:21:30 +00:00
Miroslav Stampar
0d24a15182
more cosmetics
2010-11-23 19:10:34 +00:00
Miroslav Stampar
836a1c214a
los cosmeticados (of hash dictionary attack)
2010-11-23 18:57:00 +00:00
Miroslav Stampar
c4414df594
minor update
2010-11-23 15:33:13 +00:00
Miroslav Stampar
78024eafe0
little precaution
2010-11-23 15:31:23 +00:00
Miroslav Stampar
4af000e699
minor language update (in testing phase "used" is more preferable than "provided")
2010-11-23 15:11:15 +00:00
Miroslav Stampar
b41ee8d0d0
minor refactoring
2010-11-23 14:57:36 +00:00
Miroslav Stampar
aa5d038f18
more code refactoring
2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c
code refactoring regarding dictionary attack
2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603
first working version of dictionary attack
2010-11-23 13:24:02 +00:00
Miroslav Stampar
c471b815cc
fix for a bug reported by BugTrace (IndexError: list index out of range)
2010-11-22 10:58:08 +00:00
Miroslav Stampar
bfc9378542
sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s))
2010-11-20 13:22:59 +00:00
Miroslav Stampar
db59faedb9
more proper naming
2010-11-20 13:20:28 +00:00
Miroslav Stampar
1f8a9fe033
foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch)
2010-11-20 13:14:13 +00:00
Miroslav Stampar
71107e4e9e
quick fix for google searches
2010-11-19 21:38:20 +00:00
Bernardo Damele
99a23e23cf
Extra check on --union-cols value
2010-11-19 16:39:26 +00:00
Bernardo Damele
c23126547e
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
2010-11-19 14:56:20 +00:00
Miroslav Stampar
df88280681
minor update of google regex (that * was a junky one)
2010-11-19 10:04:29 +00:00
Miroslav Stampar
e8bef28337
updating google parsing regex (for the better, of course)
2010-11-19 10:00:29 +00:00
Miroslav Stampar
d97e97d884
minor update :)
2010-11-19 09:02:44 +00:00
Bernardo Damele
4a9bd3a240
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 17:55:43 +00:00
Bernardo Damele
544327379f
Little precaution
2010-11-18 14:32:52 +00:00
Bernardo Damele
f6a17cb1a8
Revert wrong fix
2010-11-18 10:41:06 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
ca5125bbe0
minor update related to r2401
2010-11-17 20:50:31 +00:00
Bernardo Damele
360aff7a4d
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
2010-11-17 17:20:32 +00:00
Miroslav Stampar
a0df36beda
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
2010-11-17 15:33:07 +00:00
Miroslav Stampar
17f0609263
minor bug fix
2010-11-17 13:29:57 +00:00
Miroslav Stampar
3d25071d06
another minor improvement regarding logging of http traffic
2010-11-17 12:16:48 +00:00
Miroslav Stampar
3e569a1693
minor update
2010-11-17 12:04:33 +00:00
Miroslav Stampar
2802923dbe
some improvements regarding --os-shell web server application choice
2010-11-17 11:45:52 +00:00
Miroslav Stampar
5abbea4a9f
fix for a bug reported by nightman (unknown charset 'null')
2010-11-17 09:57:32 +00:00
Miroslav Stampar
d757e4ae1c
bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)
2010-11-17 09:46:04 +00:00
Miroslav Stampar
bec152609a
minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)
2010-11-17 09:33:05 +00:00
Miroslav Stampar
76c3f5768b
cosmetics
2010-11-17 09:12:48 +00:00
Miroslav Stampar
2a8e270bef
proper handling of carriage return character from Windows target machines
2010-11-16 15:11:03 +00:00
Miroslav Stampar
ab33651f96
minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)
2010-11-16 15:02:22 +00:00
Miroslav Stampar
3487429eac
minor cosmetics
2010-11-16 14:41:46 +00:00
Miroslav Stampar
3640dbf745
fix for --parse-errors (on IIS HTTP error is raised which need to be processed)
2010-11-16 14:33:30 +00:00
Miroslav Stampar
cccb565859
cosmetics
2010-11-16 14:11:32 +00:00
Miroslav Stampar
b9d9f18939
added General cmdline group
2010-11-16 14:09:09 +00:00
Miroslav Stampar
e7a66371f8
update regarding os shell-ing regarding JSP and ASPX
2010-11-16 13:46:46 +00:00
Miroslav Stampar
6232397129
minor update
2010-11-16 10:52:49 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Bernardo Damele
71cb982039
Another bug fix to --union-test
2010-11-15 21:42:56 +00:00
Miroslav Stampar
b3ad63b71e
major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)
2010-11-15 14:59:37 +00:00
Miroslav Stampar
ff310475c8
some reporting update for --forms
2010-11-15 14:17:51 +00:00
Miroslav Stampar
20d6b9a5c1
minor fix
2010-11-15 12:24:32 +00:00
Miroslav Stampar
39c6c9f386
minor update
2010-11-15 12:19:22 +00:00
Miroslav Stampar
819085155e
minor update/fix
2010-11-15 12:07:13 +00:00
Miroslav Stampar
c25c017c08
cosmetics regarding --forms
2010-11-15 11:50:33 +00:00
Miroslav Stampar
36c544f440
update (--forms acts now more like -g switch)
2010-11-15 11:34:57 +00:00
Bernardo Damele
5f46a549ba
Cosmetics for --forms
2010-11-14 21:59:35 +00:00
Bernardo Damele
0bfc1b411a
Another bug fix for --union-test
2010-11-14 15:39:57 +00:00
Miroslav Stampar
a0fb96816f
fix for a bug reported by ToR (value += actVer)
2010-11-14 08:31:29 +00:00
Bernardo Damele
8d07272c82
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
...
Now stores/resumes also the exact UNION payload to session file.
2010-11-13 23:24:41 +00:00
Bernardo Damele
df5dc10111
Major enhancement to --union-test check
2010-11-13 22:47:37 +00:00
Miroslav Stampar
84849316b3
improvement of heuristic check (now original value is included too)
2010-11-12 23:06:01 +00:00
Miroslav Stampar
06a872fc99
update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))
2010-11-12 22:57:33 +00:00
Miroslav Stampar
27735b14df
update (--string and --regex should be done regardless of wasLastRequestError)
2010-11-12 22:44:15 +00:00
Miroslav Stampar
0d66f101da
fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)
2010-11-12 22:29:33 +00:00
Bernardo Damele
a777d59870
Minor bug fix
2010-11-12 15:17:12 +00:00
Bernardo Damele
0a83a830d9
Properly handle both HTTPS and HTTP requests through proxy
2010-11-12 14:21:46 +00:00
Bernardo Damele
e1ef27f592
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
2010-11-12 12:25:02 +00:00
Bernardo Damele
9f53048ff4
Put a space always between the user's provided prefix and sqlmap payload
2010-11-12 11:48:26 +00:00
Miroslav Stampar
697b32554c
fix for a bug "ordinal not in range(128)" reported by bugtrace
2010-11-12 11:48:25 +00:00
Bernardo Damele
f83dd2251b
Properly save error-based enumerated data in session file, able to be resumed like with other techniques
2010-11-12 11:40:37 +00:00
Bernardo Damele
a34c1b287c
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
2010-11-12 11:33:11 +00:00
Bernardo Damele
8cec75656c
Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)
2010-11-12 10:31:42 +00:00
Bernardo Damele
a14e4d9668
Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.
2010-11-12 10:16:39 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c
minor update
2010-11-11 22:26:36 +00:00
Miroslav Stampar
8aefd0bbf7
improvement of --common-tables and --common-columns
2010-11-11 20:37:25 +00:00
Miroslav Stampar
2d872f850a
quick fix
2010-11-11 19:54:54 +00:00
Miroslav Stampar
24238ccd0b
re-renaming of brute force switches. this way is better.
2010-11-11 07:57:44 +00:00
Miroslav Stampar
96d88877ba
bug fix (reported by ToR)
2010-11-10 19:44:51 +00:00
Miroslav Stampar
19c1bfa368
just a precaution (now i really need to go for a sleep)
2010-11-09 23:38:29 +00:00
Miroslav Stampar
88c00e61d3
another update
2010-11-09 23:35:37 +00:00
Miroslav Stampar
47720a43dd
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
2010-11-09 23:21:21 +00:00
Miroslav Stampar
5ebd5d935c
another name change
2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1
name change
2010-11-09 22:48:22 +00:00
Miroslav Stampar
6807fb04cc
minor update
2010-11-09 22:44:23 +00:00
Miroslav Stampar
fef60d5cb7
some fixes :)
2010-11-09 22:32:05 +00:00
Bernardo Damele
1cc99e2247
Possible quick fix for missing of True/False comparison of stable-but-not-really pages
2010-11-09 21:39:58 +00:00
Bernardo Damele
2205099a5e
Python stylish
2010-11-09 21:39:05 +00:00
Miroslav Stampar
cee888b613
tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)
2010-11-09 19:14:55 +00:00
Miroslav Stampar
726825ca70
minor update
2010-11-09 16:59:36 +00:00
Miroslav Stampar
b43334165d
update regarding brute forcing
2010-11-09 16:53:33 +00:00
Miroslav Stampar
a7fa8d4975
update regarding brute force retrieval of table names and table column names
2010-11-09 16:15:55 +00:00
Miroslav Stampar
7752b5efe9
minor update
2010-11-09 09:51:54 +00:00
Miroslav Stampar
4be0631161
refactoring of brute force techniques
2010-11-09 09:42:43 +00:00
Miroslav Stampar
221f976fbd
minor update
2010-11-09 01:23:54 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca
revert of some HTTP headers handling
2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1
added Range handler (dealing with 206 HTTP messages)
2010-11-08 12:26:13 +00:00
Miroslav Stampar
875781bf97
another minor fix
2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5
fix
2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2
new option -t
2010-11-08 11:22:47 +00:00
Miroslav Stampar
4e6d1b5118
added "Detection" part in help listing
2010-11-08 10:11:43 +00:00
Miroslav Stampar
0d0e2a2228
minor update
2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Miroslav Stampar
0482e02c37
minor optimization
2010-11-07 23:37:15 +00:00
Miroslav Stampar
4f346eab33
fix for resume from session
2010-11-07 23:25:53 +00:00
Bernardo Damele
ea1b0d31be
Avoid displaying single retrieved character when --verbose > 2
2010-11-07 22:42:56 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2
Refactoring
2010-11-07 21:55:24 +00:00
Miroslav Stampar
7a6c086a27
setting direct query info output to same level as payload info (logger.DEBUG)
2010-11-07 21:42:36 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
620fa1c8fb
trust me, i know what i am doing :)
2010-11-07 20:33:33 +00:00
Bernardo Damele
73e85bfc75
Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now
2010-11-07 16:24:44 +00:00
Bernardo Damele
4d81da6bc8
Cosmetics
2010-11-07 16:23:03 +00:00
Bernardo Damele
6716315a76
Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity
2010-11-07 15:45:26 +00:00
Bernardo Damele
9669dbdae1
Minor cosmetics and adjustments
2010-11-07 15:34:52 +00:00
Miroslav Stampar
afba26a53f
tiny winy update
2010-11-07 09:00:45 +00:00
Miroslav Stampar
2b8c942b4a
more update
2010-11-07 08:58:24 +00:00
Miroslav Stampar
00dfd55830
added powerful switch --longest-common for dealing with heavy dynamicity
2010-11-07 08:52:09 +00:00
Miroslav Stampar
16f52ab7ba
cosmetic fix
2010-11-07 08:13:20 +00:00
Miroslav Stampar
8d93bdfa4b
minor update (optimization) regarding -a switch
2010-11-07 08:11:56 +00:00
Miroslav Stampar
508b9cc763
dynamicity engine update
2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127
minor update
2010-11-06 08:31:11 +00:00
Miroslav Stampar
06760182f1
cosmetics
2010-11-05 16:08:42 +00:00
Miroslav Stampar
9bc9302e58
minor fix
2010-11-05 16:03:12 +00:00
Miroslav Stampar
44435adc4a
added some fancy Ctrl+C when having multiple targets
2010-11-05 15:59:25 +00:00
Miroslav Stampar
0e895fa512
update of dynamicity testing and few misc fixes
2010-11-05 13:14:12 +00:00
Miroslav Stampar
ef1809464d
bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )
2010-11-05 11:58:20 +00:00
Miroslav Stampar
6295a59a30
minor update/fix
2010-11-05 11:39:35 +00:00
Miroslav Stampar
f3e3420677
fix for a bug reported by Marcos Mateos Garcia (ValueError)
2010-11-05 11:34:09 +00:00
Miroslav Stampar
5f7f4bf15b
minor debug update (probably temporary)
2010-11-05 11:04:00 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
29b7c5366c
cosmetics
2010-11-04 17:22:33 +00:00
Miroslav Stampar
ad6b2e9c21
minor fix
2010-11-04 16:47:18 +00:00
Miroslav Stampar
e1cec8c02b
fix for all that stable, dynamic mambo jambo :)
2010-11-04 16:44:34 +00:00
Miroslav Stampar
f1f7e0bfe0
fix for "unknown charset 'en_us'" (reported by ToR)
2010-11-04 13:56:01 +00:00
Miroslav Stampar
3aba0b1bec
minor update
2010-11-04 12:51:04 +00:00
Miroslav Stampar
63af5444fd
fix (NameError: global name 'DBMS' is not defined)
2010-11-04 12:47:34 +00:00
Bernardo Damele
91a3a582e8
Minor bug fix to avoid crash when running sqlmap behind a proxy server
2010-11-04 12:22:04 +00:00
Bernardo Damele
0e9515c540
Cosmetics
2010-11-04 12:21:06 +00:00
Miroslav Stampar
18aea251b3
added concept of tamper script priority
2010-11-04 10:29:40 +00:00
Miroslav Stampar
303359e8b1
refix
2010-11-04 09:34:04 +00:00
Miroslav Stampar
efe75aa8a3
added some debug messages
2010-11-04 09:18:32 +00:00
Bernardo Damele
b152b1a04d
Cosmetics
2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Miroslav Stampar
44678fa320
fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')
2010-11-03 12:40:11 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Miroslav Stampar
861706fb31
fix for bug reported by ToR (unknown charset 'utf-8, text/html')
2010-11-02 18:01:10 +00:00
Bernardo Damele
c7c84c3089
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).
2010-11-02 15:31:51 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
2010-11-01 20:56:13 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Bernardo Damele
46be570463
Proper HTTP version display
2010-10-31 15:41:28 +00:00
Bernardo Damele
f3cc41601c
Added check on --first and --last values
2010-10-31 14:42:13 +00:00
Bernardo Damele
0ffffef088
Implemented --tamper for direct connection too (-d)
2010-10-31 14:22:32 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
c7b374534b
Minor cosmetics
2010-10-31 12:29:00 +00:00
Bernardo Damele
617edf7fc2
Minor bug fix
2010-10-31 12:24:19 +00:00
Bernardo Damele
fcada4df0f
Removed debug print
2010-10-31 12:21:22 +00:00
Bernardo Damele
2a2f949275
Minor bug fix
2010-10-31 12:20:38 +00:00
Bernardo Damele
264247d318
revert of a stupid commit
2010-10-31 12:09:55 +00:00
Bernardo Damele
2fb059a644
Bug fix
2010-10-31 12:02:20 +00:00
Bernardo Damele
9d08cb3a6f
Revert r2209 and minor code refactoring
2010-10-31 11:51:45 +00:00
Bernardo Damele
3eda4510e2
Properly encode the cookie
2010-10-31 11:26:33 +00:00
Bernardo Damele
3869ccebe8
Minor code refactoring
2010-10-31 11:17:51 +00:00
Bernardo Damele
6afc9bffaa
Minor bug fix: there will always be only one pair of delimiters as we add it for each place
2010-10-31 11:09:29 +00:00
Bernardo Damele
3a48bee9b0
Minor code refactoring
2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e
Cosmetics
2010-10-29 23:00:48 +00:00
Miroslav Stampar
0125198210
minor fix
2010-10-29 21:19:28 +00:00
Miroslav Stampar
cbf38436f2
minor update
2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Bernardo Damele
a0df231aa4
Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data
2010-10-29 13:09:53 +00:00
Miroslav Stampar
f7d42af046
some fixes regarding --check-payload
2010-10-29 11:00:23 +00:00
Bernardo Damele
b3b2c3864a
Minor code refactoring
2010-10-29 10:51:09 +00:00
Miroslav Stampar
d75578c81f
some update regarding common tables
2010-10-29 09:00:51 +00:00
Miroslav Stampar
895efd28a6
one more update regarding Bug #205
2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50
update regarding Bug #205
2010-10-28 22:59:51 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
a391be833b
Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.
2010-10-27 21:02:22 +00:00
Bernardo Damele
43de8247ac
Code refactoring
2010-10-27 20:39:50 +00:00
Bernardo Damele
d554ffc0ae
yes, I am quite paranoid with cosmetics
2010-10-27 10:37:54 +00:00
Miroslav Stampar
5cc1bd8a12
major fix for heuristic check
2010-10-27 08:27:31 +00:00
Miroslav Stampar
4d70f2c210
reverting back to 100
2010-10-26 15:42:54 +00:00
Miroslav Stampar
8211e6a2bd
possible
2010-10-26 11:29:09 +00:00
Bernardo Damele
9b127e58d2
Adjusted for MySQL weirdness
2010-10-26 09:33:18 +00:00
Miroslav Stampar
8803096343
some update regarding beep()
2010-10-26 08:32:58 +00:00
Miroslav Stampar
b9ff91b6e9
update of beep
2010-10-26 06:30:27 +00:00
Miroslav Stampar
9ec9d223e1
minor
2010-10-26 06:08:40 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Bernardo Damele
7effd0c301
Cosmetics
2010-10-25 22:54:56 +00:00
Miroslav Stampar
73eea81b3a
minor cosmetics
2010-10-25 19:45:53 +00:00
Miroslav Stampar
d7bf94d4d6
fix for --beep
2010-10-25 19:16:42 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Bernardo Damele
7c343c2d67
Forgot
2010-10-25 16:34:43 +00:00
Bernardo Damele
debaf2215f
Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch
2010-10-25 15:54:45 +00:00
Miroslav Stampar
378653a1ec
added IDS payload testing
2010-10-25 15:37:43 +00:00
Bernardo Damele
bdb9c37a7e
Cosmetics
2010-10-25 15:17:59 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
24c5d7b313
code refactoring
2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1
conf.md5hash thrown out
2010-10-25 13:52:21 +00:00
Miroslav Stampar
9a3879feba
keeping things neat and tidy
2010-10-25 12:33:49 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
71543092b7
update regarding comparison engine
2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Miroslav Stampar
db260c44d3
minor update
2010-10-24 22:25:05 +00:00
Miroslav Stampar
aa931efd4d
several MySQL fixes/enhancements pointed out by Anton Mogilin
2010-10-24 22:05:14 +00:00
Miroslav Stampar
52f910f752
added --beep (tested on Windows and Linux; for now turned off) switch
2010-10-23 09:38:46 +00:00
Miroslav Stampar
98f5586b87
minor update
2010-10-23 08:05:24 +00:00
Miroslav Stampar
f1e2c1867f
Cosmetics
2010-10-22 21:13:12 +00:00
Miroslav Stampar
2194d47782
setting conf.threads when -o switch is used
2010-10-22 19:10:45 +00:00
Miroslav Stampar
e6e48c5556
fix for Bug #204
2010-10-22 18:23:46 +00:00
Bernardo Damele
1288def3b7
Cosmetics
2010-10-22 14:23:14 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Miroslav Stampar
a9b50a1e82
minor fix
2010-10-21 23:09:57 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
2668c95ef4
added default HTTP version used by httplib and urllib2
2010-10-21 09:10:07 +00:00
Bernardo Damele
7f1aa3b94f
Removed unused imports
2010-10-20 22:48:51 +00:00
Bernardo Damele
c60edf7c17
Minor cosmetics
2010-10-20 22:43:02 +00:00
Bernardo Damele
d8bfa76dca
Minor possible bug fix
2010-10-20 22:12:53 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53
Minor cosmetic fixes
2010-10-20 21:58:33 +00:00
Bernardo Damele
3b5c5cc457
Minor possible bug fix
2010-10-20 21:49:05 +00:00
Bernardo Damele
f95098693f
Removed unused functions
2010-10-20 21:16:28 +00:00
Bernardo Damele
430bb7478f
Minor bug fix
2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee
fix for NULL values
2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402
fix/upgrade/chicken soup
2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d
code refactoring
2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74
added randInt to error injection vectors
2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23
fix for that 'Subquery returns more than 1 row'
2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce
update of error based injection and bug fix for --roles on MSSQL server
2010-10-20 06:40:33 +00:00
Bernardo Damele
0817d1b78d
Cosmetics
2010-10-19 23:09:30 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Bernardo Damele
813f44da16
Minor bug fix for MSSQL connector --tables option
2010-10-19 22:11:17 +00:00
Miroslav Stampar
7927e97007
update
2010-10-19 18:34:57 +00:00
Miroslav Stampar
415524bd5a
remove --error, now it's only --error-test (it needs to return True to be able to use it)
2010-10-19 18:34:14 +00:00
Miroslav Stampar
8d9201a3dc
minor update
2010-10-19 18:23:21 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Miroslav Stampar
b2e0b615f8
fix for that MySQL checking
2010-10-19 17:38:39 +00:00
Miroslav Stampar
34d7de1d46
cosmetics
2010-10-19 15:28:54 +00:00
Miroslav Stampar
d7622bb9cf
major fix for MySQL error based injections
2010-10-19 15:17:16 +00:00
Miroslav Stampar
80505de15b
now --users work on Oracle and Postgre (tested)
2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c
error based update
2010-10-19 14:47:13 +00:00
Miroslav Stampar
d0ebe428da
i've left error flag
2010-10-19 14:12:34 +00:00
Miroslav Stampar
bf850af2d8
fix for Oracle error based query "space" problem
2010-10-19 14:10:09 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Miroslav Stampar
ccda92536f
added header
2010-10-19 09:13:30 +00:00
Miroslav Stampar
264e0a6fda
added support for displaying revision number at unhandled exception message
2010-10-19 08:55:14 +00:00
Miroslav Stampar
9a7fd29d4f
using pushValue and popValue
2010-10-18 22:22:41 +00:00
Miroslav Stampar
a97319656c
optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing
2010-10-18 21:47:11 +00:00
Miroslav Stampar
729156e91c
proper fix
2010-10-18 21:39:46 +00:00
Miroslav Stampar
3d5494845c
minor bug fix
2010-10-18 21:32:50 +00:00
Miroslav Stampar
8b8fff41fe
cosmetics (adding html parsed DBMS) regarding heuristic check
2010-10-18 12:11:16 +00:00
Bernardo Damele
1d74036ee3
Minor cosmetic fixes
2010-10-18 11:34:53 +00:00
Bernardo Damele
36bc410333
Minor bug fix
2010-10-18 09:50:23 +00:00
Miroslav Stampar
6b70dadfb2
minor cosmetics
2010-10-18 09:09:22 +00:00
Miroslav Stampar
149837ebf5
added the same for proxy authorization header
2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e
fix for Bug #202
2010-10-18 08:54:08 +00:00
Bernardo Damele
683184cc8f
Minor refactoring
2010-10-17 21:06:52 +00:00
Bernardo Damele
cd0fe8dde0
Updated sample configuration file and cmdline help
2010-10-17 00:07:53 +00:00
Bernardo Damele
64b9f94fcf
Renamed --common-prediction switch to --predict-output
2010-10-16 23:50:13 +00:00
Bernardo Damele
f54c134d22
Minor adjustment
2010-10-16 22:43:05 +00:00
Bernardo Damele
6211915da5
Cosmetic fix
2010-10-16 22:31:16 +00:00
Bernardo Damele
7b71262de6
Cosmetic fix
2010-10-16 22:07:29 +00:00
Bernardo Damele
a2997a6dce
Minor bug fix to --tamper
2010-10-16 21:55:34 +00:00
Bernardo Damele
2129935e06
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
...
Minor enhancement
2010-10-16 21:52:16 +00:00
Bernardo Damele
2dae934a2b
Minor bug fixes, code refactoring and enhanced --tamper functionality
2010-10-16 21:33:15 +00:00
Bernardo Damele
84ed7f192a
Cosmetic fixes
2010-10-16 15:10:48 +00:00
Miroslav Stampar
1336b97c2c
removed --useBetween switch and added new tampering module ./tamper/between.py
2010-10-15 23:48:07 +00:00
Miroslav Stampar
1ae4d0fc2a
added optimization group
2010-10-15 23:26:48 +00:00
Bernardo Damele
e7c8be1d45
Minor layout adjustments
2010-10-15 15:37:15 +00:00
Miroslav Stampar
c9f0c75030
removed --space (usage of tampering modules is now a prefered way to do it)
2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec
removed that spaces from URI payloads
2010-10-15 12:49:03 +00:00
Bernardo Damele
bf56f8c63c
Cosmetic fix
2010-10-15 12:46:41 +00:00
Miroslav Stampar
dcb9c2103a
just in case update
2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418
Minor comment
2010-10-15 11:17:17 +00:00
Miroslav Stampar
2fa8836c01
bug fix
2010-10-15 11:14:59 +00:00
Miroslav Stampar
d50684a057
added one more check
2010-10-15 11:05:50 +00:00
Miroslav Stampar
2b476e078c
minor cosmetics
2010-10-15 10:36:29 +00:00
Bernardo Damele
a80f6110cd
don't call variables 'file', it's a reserved word :)
2010-10-15 10:29:24 +00:00
Bernardo Damele
c5e385f77a
More layout adjustments
2010-10-15 10:28:34 +00:00
Bernardo Damele
9fcab68700
Minor adjustments
2010-10-15 10:28:06 +00:00
Bernardo Damele
48cc8a308d
More verbose messages on successful --null-connection
2010-10-15 10:24:54 +00:00
Miroslav Stampar
0f48dd6f73
fix for skipping non-GET urls
2010-10-15 09:54:29 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
d0df8cdac9
fix for that duplicates
2010-10-15 00:34:16 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82
Minor cosmetic fixes
2010-10-14 15:28:54 +00:00
Miroslav Stampar
2bbe0c9ba6
bug fix for Ctrl+C
2010-10-14 15:23:42 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
f07608ef4d
show static words in a sorted manner
2010-10-14 12:38:06 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
7e1f784eaa
cosmetic update
2010-10-14 06:00:10 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575
bug fix
2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45
added Referer (part of Feature #37 )
2010-10-13 22:08:09 +00:00
Miroslav Stampar
43a3ac2c3a
some bug fixes
2010-10-13 20:54:18 +00:00
Miroslav Stampar
f700692c74
added missing files for Sybase
2010-10-13 18:55:17 +00:00
Miroslav Stampar
562df9c107
temporary fix (files left at home)
2010-10-13 07:39:48 +00:00
Miroslav Stampar
34580f56fc
added --tamper option
2010-10-12 22:45:25 +00:00
Miroslav Stampar
9a08f7feb8
minor update
2010-10-12 20:01:59 +00:00
Miroslav Stampar
d2ec132469
added --text-only switch
2010-10-12 19:41:29 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
9ffa928783
added some user interaction when page is dynamic
2010-10-12 15:49:04 +00:00
Miroslav Stampar
b748e6ea44
minor update
2010-10-12 12:52:06 +00:00
Miroslav Stampar
73b77255e3
minor cosmetic update
2010-10-12 12:32:02 +00:00
Miroslav Stampar
6dcd05c39c
minor update
2010-10-11 14:38:04 +00:00
Miroslav Stampar
e2bbfbe650
bug fix
2010-10-11 14:32:02 +00:00
Miroslav Stampar
1369529103
minor cosmetic update
2010-10-11 13:52:32 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
8b0a132fa9
minor update
2010-10-11 11:47:07 +00:00
Miroslav Stampar
2198a60684
bug fix (reported by james@ev6.net)
2010-10-10 20:51:11 +00:00
Miroslav Stampar
7a5bb2b0d6
update
2010-10-10 19:50:10 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
18d27cabc5
more changes
2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb
more refactoring
2010-10-07 14:05:34 +00:00
Miroslav Stampar
e80a66acc5
minor update
2010-10-07 12:21:59 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
1bf8939e2f
further updates
2010-10-06 22:43:04 +00:00
Miroslav Stampar
de6fa1247b
moved injections to xml format
2010-10-06 22:29:52 +00:00
Miroslav Stampar
adf2231edb
minor update
2010-10-06 13:38:03 +00:00
Miroslav Stampar
56dbf0038f
minor update (for future implementation of more advanced error page logic)
2010-10-06 12:10:00 +00:00
Miroslav Stampar
cbe7c902c1
just a development start of an error based injection support
2010-10-04 13:05:51 +00:00
Miroslav Stampar
0ad8090ad8
fix for a google bug reported by Brandon E.
2010-10-01 08:03:39 +00:00
Miroslav Stampar
49915f3c33
minor update
2010-09-30 19:49:14 +00:00
Miroslav Stampar
8abcdae1b5
some update
2010-09-30 19:45:23 +00:00
Miroslav Stampar
87abec16bd
probable fix for a bug reported by Prashant Jadhav
2010-09-30 18:52:33 +00:00
Miroslav Stampar
cf8e92699c
changes regarding EXISTS feature
2010-09-30 12:35:45 +00:00
Miroslav Stampar
c6bf0e43af
minor update
2010-09-27 13:41:18 +00:00
Miroslav Stampar
cf17debf79
changed connection message priority to critical (when verbose=0 it's displayed too)
2010-09-27 13:34:52 +00:00
Miroslav Stampar
3cd15960a0
more updates
2010-09-27 13:26:46 +00:00
Miroslav Stampar
1da672e3c5
added default="False" to "store_true" parameters as it's a prefered way by http://docs.python.org/library/optparse.html
2010-09-27 13:23:29 +00:00
Miroslav Stampar
3b9fe3e1c8
everything is ready for testing (smoke and live)
2010-09-27 11:20:48 +00:00
Miroslav Stampar
dc11ae0d65
update
2010-09-26 14:56:55 +00:00
Miroslav Stampar
35f35605df
changes regarding Feature #160
2010-09-26 14:02:13 +00:00
Miroslav Stampar
99d9f9e624
update for smoke testing
2010-09-26 10:47:04 +00:00
Miroslav Stampar
2e5f269650
update regarding --space option
2010-09-24 22:35:32 +00:00
Miroslav Stampar
9cd5d3bde7
added new option --space
2010-09-24 21:59:03 +00:00
Miroslav Stampar
327bfcbe97
update regarding Feature #61
2010-09-24 14:34:05 +00:00
Miroslav Stampar
b6ff03690f
update regarding Feature #61
2010-09-24 13:34:46 +00:00
Miroslav Stampar
abe1289016
minor update
2010-09-24 13:20:51 +00:00