399 Commits

Author	SHA1	Message	Date
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: ... $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Bernardo Damele	2d8408c885	More fix for --technique resume	2011-05-05 16:38:46 +00:00
Bernardo Damele	6cff3e97f4	cosmetics	2011-05-02 21:48:08 +00:00
Miroslav Stampar	06498796b9	minor cosmetics	2011-05-02 20:51:53 +00:00
Bernardo Damele	955dbc85e7	Minor variable rename	2011-04-30 15:29:59 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Bernardo Damele	a5968fff3e	Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided	2011-04-30 00:22:22 +00:00
Bernardo Damele	a23ca952e4	Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason	2011-04-29 21:09:07 +00:00
Bernardo Damele	edac0b2558	Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema	2011-04-28 23:59:00 +00:00
Bernardo Damele	441c288dd9	cosmeticados	2011-04-25 00:36:09 +00:00
Miroslav Stampar	7b3b9e6a87	it seems that this was indeed not meant to be here	2011-04-22 15:07:09 +00:00
Miroslav Stampar	304500a2e8	implemented checkFalsePositives method (simple Turing like tests)	2011-04-22 12:24:16 +00:00
Bernardo Damele	eabb5a2ba7	More adjustments to the error message when no sql injections are detected	2011-04-21 22:04:20 +00:00
Bernardo Damele	6d07dddf60	updated doc and minor layout adjustments	2011-04-21 21:53:35 +00:00
Bernardo Damele	770b1523ff	More verbose output when no SQL injections are detected	2011-04-21 21:31:16 +00:00
Bernardo Damele	edc2d75702	Cosmetics and major bug fix	2011-04-21 21:15:23 +00:00
Miroslav Stampar	df0331fe9b	some more refactoring	2011-04-19 23:04:10 +00:00
Miroslav Stampar	9b0db33cc5	initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model	2011-04-19 08:55:38 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Miroslav Stampar	21114d1748	added IGNORE_PARAMETERS to skip testing of state/session web server parameters	2011-04-13 19:01:02 +00:00
Miroslav Stampar	2db2e9b6a2	now GET forms are also prone to "do you want to fill with random values"	2011-04-11 11:38:41 +00:00
Bernardo Damele	5b21352656	cosmeticados ;)	2011-04-08 10:39:07 +00:00
Bernardo Damele	c6b9d89d31	Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly	2011-04-07 11:10:35 +00:00
Bernardo Damele	05d12790f1	closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)	2011-04-06 14:41:44 +00:00
Miroslav Stampar	bbd4c128b0	minor update related to the last commit	2011-04-01 22:19:42 +00:00
Miroslav Stampar	0916117447	improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names	2011-03-30 18:32:10 +00:00
Miroslav Stampar	dd01d66f13	proper update regarding last commit	2011-03-29 22:10:08 +00:00
Miroslav Stampar	4d78eac938	revert of that thingy as requested by Bernardo	2011-03-29 10:06:35 +00:00
Miroslav Stampar	e8debbe724	minor cosmetics and one minor fix (|= is a nono with None)	2011-03-29 06:38:19 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	1e22ff45de	minor update regarding testing of GET parameters if --data and/or --forms is used	2011-03-28 16:14:08 +00:00
Miroslav Stampar	bd75fd26e9	implementing a --page-rank switch as requested by l0rda@l0rda.biz	2011-03-23 11:57:57 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	970cde5a8a	minor update regarding last commit	2011-03-17 09:23:46 +00:00
Miroslav Stampar	e64f225e65	minor refactoring	2011-03-11 20:16:34 +00:00
Miroslav Stampar	8edc3b3302	further update regarding last commit	2011-03-03 10:39:04 +00:00
Miroslav Stampar	90582ed7dc	minor change	2011-02-21 11:35:21 +00:00
Miroslav Stampar	6cdf08b81c	minor fix	2011-02-17 21:51:40 +00:00
Miroslav Stampar	22cd49a217	--technique can now be something like 123 which includes both techniques 1, 2 and 3	2011-02-17 21:39:16 +00:00
Miroslav Stampar	7ebc1ab90a	minor cosmetics	2011-02-17 08:59:14 +00:00
Miroslav Stampar	50d25c3b4d	update regarding explicit testing of ua and referer when using -p	2011-02-13 21:58:48 +00:00
Miroslav Stampar	5fb11fd173	update regarding multiple DBMS payloads	2011-02-13 21:20:21 +00:00
Bernardo Damele	45a005737d	Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2	2011-02-13 21:08:42 +00:00
Miroslav Stampar	521635c84d	quick fix for UA and Referer	2011-02-11 23:36:23 +00:00
Miroslav Stampar	535eb9f3eb	implementation of referer feature	2011-02-11 23:07:03 +00:00
Miroslav Stampar	a6ab24e0b5	just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed	2011-02-10 22:47:43 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	2c4f6d2e99	fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too	2011-02-07 21:53:05 +00:00