Bernardo Damele
|
942d9e4fa8
|
code cleanup
|
2012-03-16 17:27:24 +00:00 |
|
Bernardo Damele
|
a1c943fc79
|
Major bug fix to comparison algorithm with OR based boolean-based injections
|
2012-03-16 17:22:55 +00:00 |
|
Miroslav Stampar
|
d66056fe39
|
one more related commit
|
2012-03-16 13:16:53 +00:00 |
|
Miroslav Stampar
|
ac02a2d92c
|
minor fix
|
2012-03-16 13:14:14 +00:00 |
|
Miroslav Stampar
|
cbdcbdd786
|
minor minor update
|
2012-03-16 11:18:18 +00:00 |
|
Miroslav Stampar
|
b130a9e14e
|
minor fix (writing to HashDB on any interrupt)
|
2012-03-16 10:15:43 +00:00 |
|
Miroslav Stampar
|
577caac4de
|
putting kb.negativeLogic setting to the safe place
|
2012-03-16 09:17:11 +00:00 |
|
Miroslav Stampar
|
209e795369
|
minor just in case update
|
2012-03-16 09:02:17 +00:00 |
|
Miroslav Stampar
|
adb5fff6b2
|
one more update related to the redirection mechanism
|
2012-03-15 20:17:40 +00:00 |
|
Miroslav Stampar
|
7d313ac911
|
few more fixes for proper redirecting mechanism
|
2012-03-15 19:47:59 +00:00 |
|
Bernardo Damele
|
48e8c978fb
|
Minor fix, way more to do for --search -C for MSSQL
|
2012-03-15 17:55:49 +00:00 |
|
Bernardo Damele
|
86c4650058
|
Minor bug fix - revert
|
2012-03-15 17:12:24 +00:00 |
|
Bernardo Damele
|
cc15373769
|
More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)
|
2012-03-15 16:29:28 +00:00 |
|
Bernardo Damele
|
4520744b4d
|
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
|
2012-03-15 16:25:26 +00:00 |
|
Bernardo Damele
|
0013b0970f
|
Minor layout adjustments - foundDb is misleading at that stage
|
2012-03-15 16:07:16 +00:00 |
|
Miroslav Stampar
|
ddd92476a8
|
minor fix
|
2012-03-15 15:58:25 +00:00 |
|
Miroslav Stampar
|
19beb912fa
|
first step toward negative logic support
|
2012-03-15 15:52:12 +00:00 |
|
Miroslav Stampar
|
8dd570057b
|
minor fix (double traffic log for -t in case of HTTP error)
|
2012-03-15 14:51:16 +00:00 |
|
Miroslav Stampar
|
f7df755f37
|
minor update
|
2012-03-15 12:55:22 +00:00 |
|
Miroslav Stampar
|
3d39c6cb3b
|
some fixes here and there
|
2012-03-15 12:14:50 +00:00 |
|
Miroslav Stampar
|
3d9b1599d1
|
minor update
|
2012-03-15 11:45:32 +00:00 |
|
Miroslav Stampar
|
91f1d6141f
|
minor fix
|
2012-03-15 11:24:55 +00:00 |
|
Miroslav Stampar
|
a8c9a47092
|
redirect logic rewritten from scratch
|
2012-03-15 11:10:58 +00:00 |
|
Miroslav Stampar
|
84479eebe9
|
minor fix
|
2012-03-15 08:55:42 +00:00 |
|
Bernardo Damele
|
890bf708bc
|
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
|
2012-03-15 00:19:57 +00:00 |
|
Miroslav Stampar
|
8cf5d260fd
|
Application Data is not a temporary directory writable by everybody
|
2012-03-14 23:44:29 +00:00 |
|
Bernardo Damele
|
1e71b24dca
|
More info messages to prove xp_cmdshell (and temporary directory choosen) worked
|
2012-03-14 22:41:53 +00:00 |
|
Bernardo Damele
|
c735d846ee
|
The default temporary directory as to stay as is, do not touch this code snippet anymore please
|
2012-03-14 22:39:46 +00:00 |
|
Miroslav Stampar
|
52a8b25ff4
|
minor fix
|
2012-03-14 14:31:41 +00:00 |
|
Miroslav Stampar
|
ca0d068575
|
distinguishing NULL from BLANK
|
2012-03-14 13:52:23 +00:00 |
|
Miroslav Stampar
|
e38b59a2ae
|
minor update
|
2012-03-14 13:16:49 +00:00 |
|
Miroslav Stampar
|
cee9ff7885
|
proper parsing of content in partial union technique
|
2012-03-14 11:23:30 +00:00 |
|
Miroslav Stampar
|
61ad3b999a
|
fix for a crash with partial union and --hex
|
2012-03-14 10:31:24 +00:00 |
|
Miroslav Stampar
|
a7fbc55748
|
grammar fix
|
2012-03-13 22:03:23 +00:00 |
|
Miroslav Stampar
|
edfcddd3c3
|
minor fix for logging only cookies used by request (e.g. --load-cookies case)
|
2012-03-13 10:58:15 +00:00 |
|
Miroslav Stampar
|
34b0935cb3
|
refactoring "echo 1" quick test for xp_cmdshell console output
|
2012-03-13 10:36:49 +00:00 |
|
Miroslav Stampar
|
e827f41cdb
|
using pickle HIGHEST_PROTOCOL just in case
|
2012-03-13 09:35:37 +00:00 |
|
Miroslav Stampar
|
e6c610abab
|
minor fix
|
2012-03-13 09:14:56 +00:00 |
|
Miroslav Stampar
|
cda8815634
|
introducing safe deprecation mechanism for HashDB versioning
|
2012-03-12 22:55:57 +00:00 |
|
Miroslav Stampar
|
48bcde478e
|
more general update
|
2012-03-12 15:29:55 +00:00 |
|
Miroslav Stampar
|
1d0c8a7f44
|
minor update
|
2012-03-12 15:19:02 +00:00 |
|
Miroslav Stampar
|
6ed1b04bbe
|
minor update
|
2012-03-12 13:27:07 +00:00 |
|
Bernardo Damele
|
48592f2515
|
minor adjustments
|
2012-03-09 18:34:18 +00:00 |
|
Bernardo Damele
|
be9b103b51
|
minor bug fix
|
2012-03-09 18:02:50 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Bernardo Damele
|
4ac2611a56
|
Added another tamper script
|
2012-03-09 12:09:19 +00:00 |
|
Bernardo Damele
|
d9e499af9f
|
Set Id property
|
2012-03-09 12:05:21 +00:00 |
|
Miroslav Stampar
|
a0b46963cb
|
minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)
|
2012-03-09 10:28:19 +00:00 |
|
Bernardo Damele
|
7330dff255
|
Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries
|
2012-03-08 16:57:53 +00:00 |
|