Miroslav Stampar
|
f8c9868cb6
|
Implementation for an Issue #118
|
2012-07-24 15:34:50 +02:00 |
|
Miroslav Stampar
|
0f64e1e6c1
|
Minor update for Issue #94 (not fixing it)
|
2012-07-16 15:43:02 +02:00 |
|
Miroslav Stampar
|
805120ac52
|
Minor refactoring
|
2012-07-14 11:01:30 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Bernardo Damele
|
ea9c66108e
|
cleanup for issue #68
|
2012-07-12 15:38:43 +01:00 |
|
Miroslav Stampar
|
8e18514e56
|
Minor refactoring for all that stickyness
|
2012-07-12 15:58:45 +02:00 |
|
Miroslav Stampar
|
cba2a26b68
|
Finishing Issue #75 (inference dumping)
|
2012-07-12 14:46:57 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Bernardo Damele
|
f704a46341
|
silly blank line added
|
2012-07-12 01:38:29 +01:00 |
|
Bernardo Damele
|
a5924739f6
|
minor code refactoring in preparation of ticket #75
|
2012-07-12 01:12:30 +01:00 |
|
Miroslav Stampar
|
295a7a8e5e
|
Another update for Issue #80
|
2012-07-11 16:14:20 +02:00 |
|
Miroslav Stampar
|
9a4f8d5f45
|
Fix for Issue #80
|
2012-07-11 16:01:25 +02:00 |
|
Bernardo Damele
|
d3da3f5c52
|
refactoring for issue #51
|
2012-07-10 00:19:32 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
Miroslav Stampar
|
1a8ebbfd43
|
Minor refactoring
|
2012-07-06 17:05:47 +02:00 |
|
Bernardo Damele
|
373fea03a3
|
fixed display of TABs
|
2012-07-06 15:13:23 +01:00 |
|
Miroslav Stampar
|
438a636973
|
Fix for issue Issue #60
|
2012-07-06 15:36:32 +02:00 |
|
Miroslav Stampar
|
76f7f907c6
|
Minor update for Issue #61
|
2012-07-06 14:33:40 +02:00 |
|
Miroslav Stampar
|
6a05e3fd79
|
Fix for Issue #61
|
2012-07-06 14:24:44 +02:00 |
|
Miroslav Stampar
|
21d9ae0a2c
|
some more refactoring
|
2012-07-01 01:19:54 +02:00 |
|
Miroslav Stampar
|
32f52cdd04
|
Another language update for Issue #45
|
2012-06-29 10:33:54 +02:00 |
|
Miroslav Stampar
|
f0e39c3fae
|
Language update for Issue #45
|
2012-06-29 10:33:00 +02:00 |
|
Miroslav Stampar
|
c0f16f0c1a
|
Fix for Issue #45
|
2012-06-29 10:31:03 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
6c4bd84d18
|
minor fix (turning back the functionality of kb.suppressResumeInfo)
|
2012-06-25 16:19:51 +00:00 |
|
Miroslav Stampar
|
ec44e88db8
|
lots of refactoring regarding removal of already obsolete session file mechanism
|
2012-06-21 10:09:10 +00:00 |
|
Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
e2a60b302f
|
minor fix
|
2012-06-17 21:21:45 +00:00 |
|
Miroslav Stampar
|
fe49abd45f
|
minor fix
|
2012-06-15 20:49:28 +00:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
76c873a222
|
minor fix
|
2012-06-15 06:22:44 +00:00 |
|
Miroslav Stampar
|
facce2c0df
|
some more cleanup
|
2012-06-14 13:50:36 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
b85a1fc271
|
minor fix
|
2012-06-05 22:55:42 +00:00 |
|
Miroslav Stampar
|
76a4aa19ac
|
some more fine tunning
|
2012-05-28 19:50:12 +00:00 |
|
Miroslav Stampar
|
73dba249e8
|
one more just in case update
|
2012-05-28 19:34:47 +00:00 |
|
Miroslav Stampar
|
190ae4ca13
|
no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)
|
2012-05-28 15:10:17 +00:00 |
|
Miroslav Stampar
|
a70a647aeb
|
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
|
2012-05-28 14:51:23 +00:00 |
|
Miroslav Stampar
|
b1d82422a0
|
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
|
2012-05-28 14:15:04 +00:00 |
|
Miroslav Stampar
|
4e6fcce9ca
|
minor update
|
2012-05-26 07:04:32 +00:00 |
|
Miroslav Stampar
|
ce077137c9
|
minor language update
|
2012-05-26 07:01:37 +00:00 |
|
Miroslav Stampar
|
d335ec0c34
|
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
|
2012-05-26 07:00:26 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
9fa3619262
|
minor fix
|
2012-05-09 14:00:07 +00:00 |
|
Miroslav Stampar
|
56a3431be6
|
minor update for empty tables (skipping other techniques)
|
2012-05-09 10:34:21 +00:00 |
|
Miroslav Stampar
|
e419177871
|
minor update
|
2012-05-08 17:28:19 +00:00 |
|
Miroslav Stampar
|
eccd4da00f
|
minor fix
|
2012-05-08 15:03:33 +00:00 |
|
Miroslav Stampar
|
938d9ff23e
|
doing all the work for the users so they wouldn't strain their little hands
|
2012-05-08 15:00:23 +00:00 |
|
Miroslav Stampar
|
524dd75ff2
|
that query variable hasn't been used anywhere (obsolete for some time)
|
2012-05-08 14:34:40 +00:00 |
|
Miroslav Stampar
|
3532d23933
|
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
|
2012-04-23 13:41:36 +00:00 |
|
Miroslav Stampar
|
71b0acc16f
|
minor fix (checking for full inband should be done with ORIGINAL - more concise)
|
2012-04-15 16:43:18 +00:00 |
|
Miroslav Stampar
|
5772c52f46
|
minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)
|
2012-04-15 16:33:47 +00:00 |
|
Miroslav Stampar
|
ae8c70e895
|
another cosmetics
|
2012-04-13 15:11:44 +00:00 |
|
Miroslav Stampar
|
d765cdc3a3
|
minor cosmetics
|
2012-04-13 15:10:40 +00:00 |
|
Miroslav Stampar
|
831f79b851
|
minor generalization
|
2012-04-12 09:30:19 +00:00 |
|
Miroslav Stampar
|
8c6eb4faa9
|
adding support for PgSQL DNS data exfiltration
|
2012-04-07 14:06:11 +00:00 |
|
Miroslav Stampar
|
a5b69eaea4
|
removing unused imports
|
2012-04-04 13:18:14 +00:00 |
|
Bernardo Damele
|
52796bb4da
|
revert
|
2012-04-04 13:02:50 +00:00 |
|
Miroslav Stampar
|
a4b95ab7dd
|
works against MySQL/Windows
|
2012-04-04 12:49:45 +00:00 |
|
Bernardo Damele
|
a1d97e9d7b
|
Add a space after a comment
|
2012-04-04 12:48:21 +00:00 |
|
Bernardo Damele
|
025c531d22
|
leftover
|
2012-04-04 12:44:25 +00:00 |
|
Bernardo Damele
|
c0946ce2c9
|
Minor refactoring
|
2012-04-04 12:42:58 +00:00 |
|
Bernardo Damele
|
d106fb5184
|
layout adjustments
|
2012-04-04 12:27:24 +00:00 |
|
Miroslav Stampar
|
556b349be3
|
minor fix for retrieving non-printable chars in inference and non-multi threading mode
|
2012-04-03 14:04:07 +00:00 |
|
Miroslav Stampar
|
33bb9c5f19
|
much cleaner approach in that "flat" representation of retrieved items in union technique
|
2012-04-03 13:56:11 +00:00 |
|
Miroslav Stampar
|
7fb190f3b1
|
minor fix
|
2012-04-03 12:35:19 +00:00 |
|
Miroslav Stampar
|
886aa22efc
|
minor update
|
2012-04-03 12:19:37 +00:00 |
|
Miroslav Stampar
|
78f51fd2e5
|
minor fix
|
2012-04-03 10:18:03 +00:00 |
|
Miroslav Stampar
|
e05109812f
|
minor improvements regarding data retrieval through DNS channel
|
2012-04-03 09:18:30 +00:00 |
|
Miroslav Stampar
|
5f94987b0f
|
fix for DNS method for MSSQL
|
2012-04-02 17:28:18 +00:00 |
|
Miroslav Stampar
|
2c28423cb8
|
minor update
|
2012-04-02 14:57:15 +00:00 |
|
Miroslav Stampar
|
8a9d09f79b
|
minor fixes
|
2012-04-02 14:11:23 +00:00 |
|
Miroslav Stampar
|
1cd3c3f7af
|
further update of DNS data retrieval mechanism through SQLi
|
2012-04-02 14:05:30 +00:00 |
|
Miroslav Stampar
|
7fd64df167
|
minor code cleaning
|
2012-03-28 13:31:07 +00:00 |
|
Miroslav Stampar
|
1b072f6415
|
laying foundation for DNS based data retrieval
|
2012-03-27 18:59:12 +00:00 |
|
Miroslav Stampar
|
8e7d360ea2
|
cleaner refactoring regarding last commit
|
2012-03-19 12:03:25 +00:00 |
|
Miroslav Stampar
|
401763b6f8
|
minor fix (it has to be level 1 array like it was with the previous re.findall mechanism)
|
2012-03-19 12:00:22 +00:00 |
|
Miroslav Stampar
|
d66056fe39
|
one more related commit
|
2012-03-16 13:16:53 +00:00 |
|
Miroslav Stampar
|
ac02a2d92c
|
minor fix
|
2012-03-16 13:14:14 +00:00 |
|
Miroslav Stampar
|
b130a9e14e
|
minor fix (writing to HashDB on any interrupt)
|
2012-03-16 10:15:43 +00:00 |
|
Miroslav Stampar
|
e38b59a2ae
|
minor update
|
2012-03-14 13:16:49 +00:00 |
|
Miroslav Stampar
|
cee9ff7885
|
proper parsing of content in partial union technique
|
2012-03-14 11:23:30 +00:00 |
|
Miroslav Stampar
|
5a83f1c5f7
|
minor update
|
2012-03-08 15:43:22 +00:00 |
|
Miroslav Stampar
|
9ca8bc4d51
|
minor bug fix
|
2012-03-08 09:52:33 +00:00 |
|
Miroslav Stampar
|
ac5a752b12
|
Oracle's XMLType doesn't like '#' char too
|
2012-03-01 11:59:37 +00:00 |
|
Miroslav Stampar
|
f4e410db16
|
minor fix
|
2012-03-01 10:17:39 +00:00 |
|
Miroslav Stampar
|
37db27b720
|
turning back on automatic adjusting of delays in time based queries
|
2012-02-29 15:51:23 +00:00 |
|
Miroslav Stampar
|
1bdc07c279
|
minor update
|
2012-02-29 15:02:24 +00:00 |
|
Miroslav Stampar
|
c36cbbb3ae
|
minor fix
|
2012-02-24 14:54:10 +00:00 |
|
Miroslav Stampar
|
f94b91ad87
|
added helper function for HashDB data storing/retrieval
|
2012-02-24 13:07:20 +00:00 |
|
Miroslav Stampar
|
b481c0352f
|
minor update
|
2012-02-24 11:25:56 +00:00 |
|
Miroslav Stampar
|
5afbd52b61
|
more update related to last commits
|
2012-02-24 10:57:23 +00:00 |
|
Miroslav Stampar
|
570d3a19c2
|
more general fix
|
2012-02-24 10:53:28 +00:00 |
|
Miroslav Stampar
|
e8352e504f
|
fixing problems with chars deletition by logging messages in inference mode
|
2012-02-24 10:48:19 +00:00 |
|
Miroslav Stampar
|
086c3a3662
|
minor fix
|
2012-02-23 13:31:50 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
386e98a0e3
|
using UNION SELECT for where=..NEGATIVE
|
2012-02-22 09:41:58 +00:00 |
|
Miroslav Stampar
|
c9d570c83b
|
minor update
|
2012-02-21 13:49:30 +00:00 |
|
Miroslav Stampar
|
bcf3255fe1
|
implementation of switch --hex for 4 major DBMSes
|
2012-02-21 11:44:48 +00:00 |
|
Miroslav Stampar
|
aee269cc14
|
gazillion changes, nothing will work, muhahaha
|
2012-02-17 14:22:48 +00:00 |
|
Miroslav Stampar
|
e1f86c97c4
|
minor refactoring
|
2012-02-16 09:46:41 +00:00 |
|
Miroslav Stampar
|
8a2bd3897d
|
minor output fix
|
2012-02-12 19:11:54 +00:00 |
|
Miroslav Stampar
|
c1368053e5
|
minor fix
|
2012-02-12 18:46:25 +00:00 |
|
Miroslav Stampar
|
b140ef4a14
|
minor update (preparing for switching to HashDB from old sessionFile)
|
2012-02-10 10:24:48 +00:00 |
|
Miroslav Stampar
|
e50d64546f
|
minor fix
|
2012-02-07 14:57:48 +00:00 |
|
Miroslav Stampar
|
2b05ded9c3
|
just a makeup
|
2012-02-07 12:05:23 +00:00 |
|
Miroslav Stampar
|
8c45ff0d57
|
bug fix
|
2012-02-03 10:38:04 +00:00 |
|
Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
df43157284
|
minor patch
|
2012-02-01 12:28:06 +00:00 |
|
Miroslav Stampar
|
2ee198a381
|
minor "patch"
|
2012-02-01 11:00:01 +00:00 |
|
Miroslav Stampar
|
4d9dcbf5db
|
minor fix
|
2012-02-01 10:14:23 +00:00 |
|
Miroslav Stampar
|
46f42f2fe4
|
minor fix
|
2012-01-30 13:10:35 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
18930539cd
|
more concise language
|
2012-01-07 17:45:45 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
9d50c806e1
|
bug fix
|
2012-01-05 10:55:58 +00:00 |
|
Miroslav Stampar
|
29f502fe29
|
some refactoring
|
2011-12-28 16:27:17 +00:00 |
|
Miroslav Stampar
|
22c3fe49bb
|
some refactoring
|
2011-12-28 13:50:03 +00:00 |
|
Miroslav Stampar
|
abb401879c
|
minor update
|
2011-12-22 20:42:57 +00:00 |
|
Miroslav Stampar
|
8585107e3d
|
minor update
|
2011-12-22 12:21:30 +00:00 |
|
Miroslav Stampar
|
f622995a29
|
compatibility with partial union and error technique resumed data
|
2011-12-22 12:20:21 +00:00 |
|
Miroslav Stampar
|
9f68e54fff
|
minor cleanup
|
2011-12-22 10:59:28 +00:00 |
|
Miroslav Stampar
|
4a1a0773b7
|
speedup of UNION dumping
|
2011-12-22 10:44:14 +00:00 |
|
Miroslav Stampar
|
b77e2042f2
|
some optimization
|
2011-12-21 23:23:00 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
81bd9a201b
|
minor refactoring
|
2011-12-21 11:50:49 +00:00 |
|
Miroslav Stampar
|
316e27a809
|
minor update
|
2011-12-15 10:19:31 +00:00 |
|
Miroslav Stampar
|
d6f936b98d
|
minor update
|
2011-11-23 15:51:48 +00:00 |
|
Miroslav Stampar
|
40f21c3917
|
minor update
|
2011-11-23 15:38:31 +00:00 |
|
Miroslav Stampar
|
f39170a2c4
|
minor update
|
2011-11-22 15:06:51 +00:00 |
|
Miroslav Stampar
|
e94efff187
|
some more optimization
|
2011-11-22 09:00:00 +00:00 |
|
Miroslav Stampar
|
2ed3efba12
|
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
|
2011-11-22 08:39:13 +00:00 |
|
Miroslav Stampar
|
1b45c5b56a
|
bug fix
|
2011-10-28 15:24:35 +00:00 |
|
Miroslav Stampar
|
e290f2b80b
|
minor update
|
2011-10-28 11:11:55 +00:00 |
|
Miroslav Stampar
|
23bf52e496
|
minor refactoring
|
2011-10-24 09:55:50 +00:00 |
|
Miroslav Stampar
|
6d64f87190
|
minor update
|
2011-10-24 00:46:54 +00:00 |
|
Miroslav Stampar
|
8bd3cfdc8e
|
minor update
|
2011-10-24 00:17:38 +00:00 |
|
Miroslav Stampar
|
7c626f1dbe
|
minor fix
|
2011-10-23 23:18:39 +00:00 |
|
Miroslav Stampar
|
d77a5f5928
|
update (generalizing ORDER BY approach)
|
2011-10-23 23:02:01 +00:00 |
|
Miroslav Stampar
|
1c3f4e9e54
|
minor update
|
2011-10-23 08:44:21 +00:00 |
|
Miroslav Stampar
|
25f0ec3597
|
some minor range to xrange conversion (where safe to do)
|
2011-10-21 22:34:27 +00:00 |
|
Miroslav Stampar
|
7a3096ce25
|
some refactoring
|
2011-10-21 21:12:48 +00:00 |
|
Miroslav Stampar
|
9356f8005c
|
important bug fix
|
2011-10-21 21:07:06 +00:00 |
|
Miroslav Stampar
|
0a8e45955c
|
minor update
|
2011-10-21 20:44:18 +00:00 |
|
Miroslav Stampar
|
e3a719e7d2
|
minor update
|
2011-10-11 22:40:00 +00:00 |
|
Miroslav Stampar
|
7956390631
|
minor update
|
2011-10-11 22:27:49 +00:00 |
|
Miroslav Stampar
|
a7a29f33ad
|
minor update
|
2011-10-11 21:58:57 +00:00 |
|
Miroslav Stampar
|
7e80274fac
|
refactoring
|
2011-09-25 21:10:45 +00:00 |
|
Miroslav Stampar
|
744636a8c1
|
switching to SQLite resume support (on error and union techniques this moment)
|
2011-09-25 20:36:32 +00:00 |
|
Miroslav Stampar
|
8fe069b495
|
minor fix
|
2011-08-23 21:48:39 +00:00 |
|
Miroslav Stampar
|
cfc1f2b70b
|
minor update
|
2011-08-22 22:43:14 +00:00 |
|
Miroslav Stampar
|
f4127a80d7
|
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
|
2011-08-22 21:43:46 +00:00 |
|
Miroslav Stampar
|
cb32d46f2a
|
minor minor update
|
2011-08-18 06:09:12 +00:00 |
|
Miroslav Stampar
|
9d31322f3d
|
update regarding special case when conf.uChar appears only in testable pages
|
2011-08-17 21:40:42 +00:00 |
|
Miroslav Stampar
|
e1dbb4443b
|
minor update related to the last commit
|
2011-08-16 07:01:14 +00:00 |
|
Miroslav Stampar
|
7cc5743c5d
|
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
|
2011-08-16 06:50:20 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Miroslav Stampar
|
e849b71027
|
minor typo
|
2011-08-03 14:31:42 +00:00 |
|
Miroslav Stampar
|
538b49bcc5
|
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
|
2011-08-03 13:26:38 +00:00 |
|
Miroslav Stampar
|
9423d15fb3
|
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
|
2011-08-03 09:08:16 +00:00 |
|
Miroslav Stampar
|
edab7d01a5
|
minor fix
|
2011-08-02 17:31:13 +00:00 |
|
Miroslav Stampar
|
cb0981d858
|
proper way of handling 0 length results (as in __goInferenceProxy)
|
2011-08-02 08:39:32 +00:00 |
|
Miroslav Stampar
|
018d7ed646
|
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
|
2011-07-31 23:40:09 +00:00 |
|
Miroslav Stampar
|
e522263640
|
fix for a neverending data retrieval in large full inband cases
|
2011-07-29 10:45:09 +00:00 |
|
Bernardo Damele
|
938716e361
|
Proper fix for --start and --stop consistency amongst different techniques
|
2011-07-26 10:06:28 +00:00 |
|
Miroslav Stampar
|
6bbb8139a0
|
update (smaller memory footprint in postprocessing phase because of safecharencode part)
|
2011-07-25 20:40:31 +00:00 |
|
Miroslav Stampar
|
5770c08784
|
minor optimization and refactoring
|
2011-07-25 20:17:44 +00:00 |
|
Miroslav Stampar
|
2033a28ae7
|
minor update regarding last commit (cleaner code)
|
2011-07-24 20:44:17 +00:00 |
|
Miroslav Stampar
|
3a3561fdaa
|
doing proper big table support for partial union too
|
2011-07-24 20:36:44 +00:00 |
|
Miroslav Stampar
|
ec1bc0219c
|
hello big tables, this is sqlmap, sqlmap this is big tables
|
2011-07-24 09:19:33 +00:00 |
|
Miroslav Stampar
|
a89140e1ce
|
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
|
2011-07-23 06:07:00 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
9e1a6beb7a
|
Major bug fix in UNION detection, it was a leftover
|
2011-07-07 00:06:20 +00:00 |
|
Miroslav Stampar
|
b8ffcf9495
|
few fixes here and there and multi-core processing for dictionary based hash attack
|
2011-07-04 19:58:41 +00:00 |
|
Miroslav Stampar
|
34d9a91af1
|
bulk of fixes
|
2011-07-02 22:48:56 +00:00 |
|
Bernardo Damele
|
9eb683531d
|
Minor improvement at blind SQL inj technique for DB2
|
2011-06-27 22:28:12 +00:00 |
|
Miroslav Stampar
|
9e232256f4
|
reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic)
|
2011-06-21 18:29:23 +00:00 |
|
Miroslav Stampar
|
3536320fc9
|
--stop is inclusive ("Last query output entry to retrieve")
|
2011-06-21 18:08:33 +00:00 |
|
Miroslav Stampar
|
83af83da9e
|
minor beautification (WordsSet is considered as a bad english)
|
2011-06-18 15:47:19 +00:00 |
|
Bernardo Damele
|
f8c32cf6b9
|
Moved folder
|
2011-06-18 12:34:41 +00:00 |
|
Bernardo Damele
|
28ef61b997
|
Use getPageTextWordsSet() also in --common-columns
|
2011-06-18 12:30:26 +00:00 |
|
Bernardo Damele
|
cd07139919
|
Layout adjustments
|
2011-06-18 11:58:14 +00:00 |
|
Miroslav Stampar
|
905fef0eae
|
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
|
2011-06-18 10:51:14 +00:00 |
|
Miroslav Stampar
|
fde3e4cece
|
better
|
2011-06-18 09:52:07 +00:00 |
|
Miroslav Stampar
|
2f129b01c0
|
"Please consider to provide" is a bad English
|
2011-06-18 09:46:22 +00:00 |
|
Miroslav Stampar
|
9498a3f259
|
little stabilization of multi threading
|
2011-06-17 12:50:28 +00:00 |
|
Miroslav Stampar
|
d27afaed7e
|
some fixes
|
2011-06-16 14:27:44 +00:00 |
|
Bernardo Damele
|
6aade8e6fc
|
grammar fix, again
|
2011-06-08 16:40:22 +00:00 |
|
Bernardo Damele
|
d160888784
|
Grammar fix
|
2011-06-08 16:25:18 +00:00 |
|
Bernardo Damele
|
1c6ee1dc36
|
Rephrase
|
2011-06-08 16:22:16 +00:00 |
|
Bernardo Damele
|
0d8d6a4ace
|
Cosmetics
|
2011-06-08 16:08:20 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Miroslav Stampar
|
6b81eef65a
|
refactoring
|
2011-06-08 14:30:12 +00:00 |
|
Miroslav Stampar
|
e7e23d1b79
|
fix for a Ctrl+C bug reported by nightman@email.de
|
2011-06-07 17:16:01 +00:00 |
|
Miroslav Stampar
|
50dde39e68
|
minor update
|
2011-06-07 10:32:18 +00:00 |
|
Miroslav Stampar
|
e9bf768f23
|
more refactoring
|
2011-06-07 10:08:12 +00:00 |
|
Miroslav Stampar
|
7a3cc38e3c
|
refactoring and stabilization of multithreading
|
2011-06-07 09:50:00 +00:00 |
|
Miroslav Stampar
|
64a862ed58
|
minor usability update
|
2011-06-03 14:04:02 +00:00 |
|
Miroslav Stampar
|
fc96764f80
|
minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None)
|
2011-06-01 22:06:06 +00:00 |
|
Miroslav Stampar
|
091c174bc4
|
better language
|
2011-06-01 08:30:06 +00:00 |
|
Miroslav Stampar
|
42100e0e5b
|
big bug fix
|
2011-05-30 23:15:29 +00:00 |
|
Miroslav Stampar
|
9600556dae
|
better language
|
2011-05-30 23:04:49 +00:00 |
|
Miroslav Stampar
|
b79dae6e95
|
minor update
|
2011-05-30 14:49:03 +00:00 |
|
Miroslav Stampar
|
d5ede6afb4
|
fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range)
|
2011-05-30 06:38:44 +00:00 |
|
Miroslav Stampar
|
6fd8602f01
|
minor update
|
2011-05-29 23:33:34 +00:00 |
|
Miroslav Stampar
|
86455ceb9c
|
implementation of multithreading for UNION and ERROR techniques
|
2011-05-29 23:17:50 +00:00 |
|
Miroslav Stampar
|
ecbeecdccf
|
minor refactoring
|
2011-05-28 18:11:56 +00:00 |
|
Miroslav Stampar
|
95dea1fbf9
|
sharp tuning UNION tests even more
|
2011-05-28 08:06:19 +00:00 |
|
Miroslav Stampar
|
8227298057
|
user friendliness uber 9000
|
2011-05-27 08:30:52 +00:00 |
|
Miroslav Stampar
|
5369657cd5
|
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
|
2011-05-25 20:54:30 +00:00 |
|
Miroslav Stampar
|
31b48ec11c
|
removing space left
|
2011-05-23 14:18:33 +00:00 |
|
Miroslav Stampar
|
fb23beef6f
|
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
|
2011-05-22 19:14:36 +00:00 |
|
Miroslav Stampar
|
4fdb6ac9b9
|
adding useful info
|
2011-05-22 15:30:19 +00:00 |
|
Miroslav Stampar
|
48c20a62ac
|
minor nag fix
|
2011-05-22 15:08:55 +00:00 |
|
Miroslav Stampar
|
9e5856caf8
|
improvement for recognition of scalar vs multiple-row commands
|
2011-05-19 16:45:05 +00:00 |
|
Miroslav Stampar
|
6ba9dea640
|
just in case for trimmed output
|
2011-05-16 06:17:37 +00:00 |
|
Miroslav Stampar
|
d2221e4604
|
fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...)
|
2011-05-16 00:23:50 +00:00 |
|
Miroslav Stampar
|
c64eb38a8b
|
same thing as for the last commit, but for error technique this time
|
2011-05-12 11:52:18 +00:00 |
|
Miroslav Stampar
|
84a7e5ffb9
|
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
|
2011-05-12 11:36:02 +00:00 |
|
Bernardo Damele
|
3a8309c4b0
|
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
|
2011-05-10 15:34:54 +00:00 |
|
Miroslav Stampar
|
22a1870c2c
|
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
|
2011-05-10 12:32:07 +00:00 |
|
Miroslav Stampar
|
83fac3f6d9
|
fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase)
|
2011-05-03 21:12:51 +00:00 |
|
Miroslav Stampar
|
e6f010734e
|
minor fix for cases when the retrieved output is safe encoded (like for --os-shell)
|
2011-05-03 16:14:03 +00:00 |
|
Miroslav Stampar
|
742b0ef76e
|
major improvement of ERROR data retrieval on MSSQL
|
2011-05-03 13:25:20 +00:00 |
|
Bernardo Damele
|
9a4ae7d9e2
|
More code refactoring of Backend class methods used
|
2011-04-30 14:54:29 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Miroslav Stampar
|
f88aa4b165
|
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
|
2011-04-22 19:58:10 +00:00 |
|
Bernardo Damele
|
fbe5ba5394
|
cosmetics
|
2011-04-21 10:54:12 +00:00 |
|
Bernardo Damele
|
8d8fc2bbd8
|
cosmetics
|
2011-04-21 10:17:41 +00:00 |
|
Miroslav Stampar
|
e4d3190f41
|
reverting back to NVARCHAR because of error technique
|
2011-04-20 12:59:23 +00:00 |
|
Miroslav Stampar
|
3607f03a9e
|
fix of a minor typo
|
2011-04-20 12:42:35 +00:00 |
|
Miroslav Stampar
|
1286cc0913
|
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
|
2011-04-20 12:41:58 +00:00 |
|
Miroslav Stampar
|
4fadcf0615
|
improvement for UNION/ERROR case
|
2011-04-20 10:17:42 +00:00 |
|
Miroslav Stampar
|
29ee760021
|
improving time based data retrieval mechanism
|
2011-04-17 07:24:18 +00:00 |
|
Miroslav Stampar
|
88c76147e1
|
removed few trailing whitespace lines
|
2011-04-15 20:52:08 +00:00 |
|
Miroslav Stampar
|
3b6f9945ae
|
minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)
|
2011-04-15 14:15:29 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
04986be4b9
|
update regarding safe character output together with a small fix for newlines
|
2011-04-14 09:31:45 +00:00 |
|
Miroslav Stampar
|
d06ae9cd47
|
implemented retrieved items info for partial union too
|
2011-04-13 14:33:15 +00:00 |
|
Miroslav Stampar
|
f5f2201bbc
|
minor cosmetics for partial inband retrieval
|
2011-04-13 11:25:42 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
6012ab1c46
|
better one for previous commit
|
2011-04-10 21:52:08 +00:00 |
|
Miroslav Stampar
|
e6c50df4f9
|
preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)
|
2011-04-10 21:38:08 +00:00 |
|
Miroslav Stampar
|
277f16d6b3
|
removing commented out debug print
|
2011-04-08 22:44:05 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Miroslav Stampar
|
228cc68747
|
fix for those ugly DEBUG messages in brute mode
|
2011-04-08 11:02:21 +00:00 |
|