sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	ece2eb31ca	minor update	2011-01-13 11:08:29 +00:00
Bernardo Damele	be6e2d6a31	Important bug fix. Minor code restyling.	2011-01-13 09:41:55 +00:00
Bernardo Damele	af9725214a	Properly deal with partial (single entry) UNION injections. Got rid of kb.union*, now it's all stored/used from kb.injection. Minor bug fix with where=2 detection phase.	2011-01-12 12:01:32 +00:00
Bernardo Damele	8bdb7ec58c	Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.	2011-01-12 00:47:39 +00:00
Bernardo Damele	5c7c3c76c3	Fixed previous bug in getErrorParsedDBMSes() call in detection phase. Added minor support to escape quotes in UNION payloads during detection phase.	2011-01-11 23:47:32 +00:00
Bernardo Damele	2f5995a7eb	Added generic and mysql UNION tests from 1 to 25 columns. Adapted config file and command line removing now outdated --union-test switch. Minor bug fix. Minor code refactoring. Got rid of some debug messages, standardized logging of UNION tests.	2011-01-11 22:56:21 +00:00
Bernardo Damele	300128042c	First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.	2011-01-11 22:18:47 +00:00
Bernardo Damele	1c86ec374e	Code refactoring and cosmetics	2011-01-07 15:41:09 +00:00
Miroslav Stampar	cc9ca802bf	minor update	2011-01-06 08:54:50 +00:00
Miroslav Stampar	572f403069	update of one thing that was missing	2011-01-03 21:28:22 +00:00
Miroslav Stampar	6aa616bd0d	minor minor fix	2011-01-03 14:28:20 +00:00
Miroslav Stampar	92e4cdb241	raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic	2011-01-03 14:21:41 +00:00
Miroslav Stampar	3629c2737b	automatically turn on --text-only in case of heavily-dynamicity instead of critical exit	2011-01-03 11:06:49 +00:00
Miroslav Stampar	adc41181e6	some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one	2011-01-03 10:37:20 +00:00
Miroslav Stampar	5860b8942f	minor update	2011-01-03 09:16:42 +00:00
Miroslav Stampar	d19a8d53e4	minor update	2011-01-03 08:46:20 +00:00
Miroslav Stampar	8625494ff2	added one new quick check for multiple target(s) mode	2011-01-03 08:32:06 +00:00
Miroslav Stampar	5f9b6b2254	code refactoring	2011-01-02 16:51:21 +00:00
Miroslav Stampar	5c6c870db4	removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode	2011-01-02 08:43:38 +00:00
Miroslav Stampar	da138c46c1	added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)	2011-01-02 07:37:47 +00:00
Miroslav Stampar	ec4440108b	minor cosmetics	2011-01-02 07:09:04 +00:00
Miroslav Stampar	428e817a32	some refactoring	2011-01-01 23:57:27 +00:00
Miroslav Stampar	212035e64d	user can now choose if he wants to skip non-heuristic based DBMS tests	2011-01-01 23:38:11 +00:00
Miroslav Stampar	8a93cfd975	minor update	2011-01-01 22:43:15 +00:00
Miroslav Stampar	52e44df86c	minor update	2011-01-01 21:11:29 +00:00
Miroslav Stampar	942cbafba6	minor update	2011-01-01 20:19:55 +00:00
Miroslav Stampar	e4fd8b3f0c	(e) finally works as it should	2011-01-01 19:22:44 +00:00
Miroslav Stampar	15e6911fd8	fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')	2011-01-01 12:23:02 +00:00
Miroslav Stampar	91f665aaaa	bug fix for Ctrl+C	2010-12-31 15:00:19 +00:00
Miroslav Stampar	5db8ebbfa9	update of mysql comment versions	2010-12-31 12:42:12 +00:00
Miroslav Stampar	613242e298	bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)	2010-12-29 19:48:19 +00:00
Miroslav Stampar	8f32c740ff	code refactoring	2010-12-29 19:39:32 +00:00
Miroslav Stampar	6700cabc36	minor optimization	2010-12-29 19:01:29 +00:00
Miroslav Stampar	569e060aab	important improvement	2010-12-26 13:20:52 +00:00
Miroslav Stampar	2d115e0350	one more fix	2010-12-24 18:44:13 +00:00
Miroslav Stampar	edcf1a0872	few bug fixes	2010-12-24 18:40:48 +00:00
Miroslav Stampar	96a06351a1	minor fix (in testing phase raise404 should be set to False)	2010-12-24 12:36:00 +00:00
Miroslav Stampar	2c23a59ba5	fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)	2010-12-24 12:13:48 +00:00
Miroslav Stampar	aab14fa2d3	minor refactoring/cosmetics	2010-12-24 11:06:57 +00:00
Miroslav Stampar	23dc408901	prioritization of tests based on DBMS error messages and some comments in common.py	2010-12-24 10:55:41 +00:00
Miroslav Stampar	017ea9e686	update	2010-12-23 14:06:22 +00:00
Miroslav Stampar	73f33c1999	bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)	2010-12-23 11:28:13 +00:00
Miroslav Stampar	8fc60215ed	lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.	2010-12-22 19:12:46 +00:00
Bernardo Damele	5228f336da	Minor fix for ctrl+c during detection phase	2010-12-22 13:15:44 +00:00
Miroslav Stampar	08c88495d0	removed that ugly hack	2010-12-22 13:09:04 +00:00
Miroslav Stampar	d974a966b8	minor fix for end phase (Ctrl+C)	2010-12-21 23:55:55 +00:00
Miroslav Stampar	0e68248f60	minor update of heuristic check	2010-12-21 12:56:18 +00:00
Miroslav Stampar	16f1f4e13e	when doing dynamic checks there are cases when 404 can be raised (perfectly normal)	2010-12-21 11:04:49 +00:00
Bernardo Damele	ad6b528b33	Bit more verbose comment	2010-12-21 10:47:39 +00:00
Miroslav Stampar	416755c0b7	minor adjustments	2010-12-21 00:25:03 +00:00

1 2 3 4 5 ...

303 Commits