Miroslav Stampar
5e4e863986
Bug fix (introduced with f1ab887c55
)
2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39
Removal of unused imports
2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e
Same refactoring as the last commit
2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67
step by step getting there to partial output presentation to restful API (issue #297 ), not quite yet though..
2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5
minor bug fix
2013-02-03 21:39:26 +00:00
Bernardo Damele
dc2bbbeaa7
minor revert
2013-02-03 20:55:58 +00:00
Bernardo Damele
df3cc38cd9
minor improvements
2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297 )
2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66
Implementation for an Issue #363
2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4
Bug fix (causing search problems)
2013-02-01 11:24:17 +01:00
Miroslav Stampar
6d942f92b5
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a
Minor bug fix
2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31
Patch to prevent problems like Issue #381
2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb
Another update for an Issue #380 (--common-... switches)
2013-01-31 13:49:19 +01:00
Miroslav Stampar
f5844eabae
Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60
2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626
Update for an Issue #342 and #372
2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272
Minor fix
2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6
Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372 )
2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284
variable renamed
2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25
minor fixes to --live-test
2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083
Minor refactoring
2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545
Update for an Issue #352
2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117
Minor fine tuning
2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8
Better naming
2013-01-29 20:53:11 +01:00
Miroslav Stampar
95b922309c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 20:50:40 +01:00
Bernardo Damele
e8bd3c9c9f
cosmetics
2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3
minor fix
2013-01-29 16:23:30 +00:00
Bernardo Damele
edd6699ed1
code refactoring and added /status method for scan (issue #297 )
2013-01-29 16:11:25 +00:00
Bernardo Damele
c47b44e93f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:38:16 +00:00
Bernardo Damele
1152cf8958
increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297 )
2013-01-29 15:38:09 +00:00
Bernardo Damele
9677e0f910
more data content types for API (issue #297 )
2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df
ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297 )
2013-01-29 15:35:51 +00:00
Bernardo Damele
a56f4ec15c
techniques has to go too to the API (issue #297 )
2013-01-29 15:34:53 +00:00
Bernardo Damele
bfce7210e6
improvements to the dump library to output to the API data fetched properly formatted (issue #297 )
2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c
split init() into two separate functions for API purposes (issue #297 )
2013-01-29 15:33:16 +00:00
Miroslav Stampar
a59ac8e27f
Trivial cosmetics
2013-01-29 16:30:38 +01:00
Miroslav Stampar
f4b7b3fd35
Minor cosmetics
2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2
Minor fix
2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece
Minor cosmetics
2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f
minor adjustment
2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55
major enhancement, code refactoring for issue #297
2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3
apply a little bit of secure coding practices to the API
2013-01-27 12:26:40 +00:00
Bernardo Damele
cd4075f6a3
no raise, just pass at ctrl-c
2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e
first test of stdout/stderr redirect to a database when sqlmap is executed from restful API ( #297 )
2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8
Fix for an Issue #378
2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7
Minor style update for an Issue #377
2013-01-25 12:52:31 +01:00
Miroslav Stampar
479f791112
Minor fix
2013-01-25 12:41:51 +01:00
Miroslav Stampar
194a9e7b88
Implementation for an Issue #377
2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991
first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite
2013-01-24 12:57:24 +00:00
Chris Frohoff
218a6a9695
fixed response header logging for header names with special chars
2013-01-23 11:10:25 -08:00
Bernardo Damele
f848f259a6
upper() -D value for certain DBMSes
2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c
minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite
2013-01-23 15:52:03 +00:00
Miroslav Stampar
232f8d3585
Fix for an Issue #368
2013-01-23 13:36:17 +01:00
Bernardo Damele
f4028bd7d2
minor adjustment
2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb
fixes #187
2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173
proper SQLite 2 library
2013-01-22 18:56:25 +00:00
Bernardo Damele
dea15b5892
notify user if --udf-inject is provided but no stacked queries SQLi is detected
2013-01-22 18:28:48 +00:00
Miroslav Stampar
d6a361f859
Proper implementation for --technique=Q --dbms=Firebird
2013-01-22 16:31:26 +01:00
Miroslav Stampar
719c7f622b
Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)
2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb
Fix for an Issue #367
2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba
missing import
2013-01-22 11:25:01 +00:00
Miroslav Stampar
59b02539ca
More general approach regarding that last commit
2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07
Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query)
2013-01-22 11:29:51 +01:00
Bernardo Damele
e558040810
minor fix to previous commit
2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582
better detection if vulnerable of not for regression test
2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef
Fix for an Issue #364
2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff
Rewriting some query crafting parts (especially those .find(' FROM '))
2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c
IFNULL-like mechanism now works on SQLite 2 too
2013-01-21 15:04:27 +01:00
Miroslav Stampar
75bf8528d1
Minor just in case update
2013-01-21 14:50:43 +01:00
Miroslav Stampar
c55a002f95
Language fix
2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0
Trivial style update
2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342
Adding new common function for further refactoring
2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b
Fix for a regression test #30 test case fail (Firebird inline)
2013-01-21 10:12:54 +01:00
Miroslav Stampar
069c6acabd
Another update for an Issue #362
2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e
Refactoring DBMS string escaping functions
2013-01-20 13:45:58 +01:00
Bernardo Damele
3373e30808
minor fix for a bug introduced with commit 1ad9e26a21
2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5
minor fixes
2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db
This last commit was in haste :)
2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225
Minor update (just for consistency with the rest of code)
2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87
Minor update (just for consistency with the rest of code)
2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405
Minor refactoring
2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8
In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value)
2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f
layout adjustment
2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93
Patch for an Issue #360
2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d
all we need to debug failed test cases while regression test run..
2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef
write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage
2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e
just in case, add also the test case name inside the temp folder for debug purposes
2013-01-19 16:06:46 +00:00
Bernardo Damele
c95119559e
minor bug fix
2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56
correctly format SQLi payload for inline query technique
2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6
more fixes
2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce
fixed test cases for Firebird - #312
2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371
avoid blank line if password hashes have not been fetched
2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21
bug fix for ORDER BY users provided statements (issue #354 )
2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a
Better fix for that page/headers/comparison --string candidate problem
2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985
Revert of previous commit (more care has to be done regarding headers dynamicity)
2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a
Unescaping is renamed to escaping
2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0
updated copyright
2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c
improvements to --live-test
2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d
minor output adjustment
2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c
Removing some unused stuff (mainly imports)
2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5
Removing obsolete proxy handling code (Python < 2.6)
2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131
Removing some obsolete functions
2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09
Minor update
2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5
Minor removal of unused function
2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d
Minor removal of redundant code
2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1
more fixes to test cases
2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20
Minor just in place update for an Issue #348
2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41
fixed url
2013-01-17 21:29:00 +00:00
Bernardo Damele
38eb4eb33e
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e
fix for #349 (compatible with all others DBMSes too)
2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5
Implementation for an Issue #348
2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb
Minor style update
2013-01-17 19:55:56 +01:00
Miroslav Stampar
507f185b69
Revert of patch for an Issue #347
2013-01-17 18:38:37 +01:00
Miroslav Stampar
9dd69042de
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-17 15:31:55 +01:00
Miroslav Stampar
f7eda07d92
Patch for an Issue #347
2013-01-17 15:30:14 +01:00
Bernardo Damele
5e059ab6db
added check for DB2 lib
2013-01-17 14:20:34 +00:00
Miroslav Stampar
a38b3e397c
Patch for an Issue #286
2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3
Implementing a check for an Issue #25
2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e
Fix for an Issue #346
2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d
Fix for an Issue #345
2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2
Minor update for an Issue #8
2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9
Minor refactoring
2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4
Minor language update
2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7
Finishing first usable prototype for an Issue #8
2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd
Minor update for an Issue #8
2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2
bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected
2013-01-16 01:53:33 +00:00
Bernardo Damele
542f6de72e
typo fix
2013-01-16 01:31:03 +00:00
Bernardo Damele
e16ad38d3e
more work on #342
2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12
restored fix for #210 to keep --hex work with --technique B
2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d
more work on #342
2013-01-15 17:14:44 +00:00
Bernardo Damele
ec076f5f8a
write console output to temporary folder in any case the test case fails, even if no traceback is raised
2013-01-15 15:51:03 +00:00
Bernardo Damele
4eaa0d17aa
Fix in forging query to calculate query output length - closes issue #342
2013-01-15 15:50:20 +00:00
Miroslav Stampar
7a1d484115
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
Bernardo Damele
3f84cefc77
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-15 14:59:22 +00:00
Bernardo Damele
c51358953a
add more Oracle system dbs
2013-01-15 14:51:29 +00:00
Miroslav Stampar
04aa39f0c6
Minor update
2013-01-15 13:51:19 +01:00
Miroslav Stampar
5ee653dd89
Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson
2013-01-15 10:14:02 +01:00
Miroslav Stampar
2cac7e860e
Minor refactoring
2013-01-14 16:27:50 +01:00
Miroslav Stampar
31302eb707
Minor update
2013-01-14 16:26:07 +01:00
Miroslav Stampar
2a86c1cadc
Another cosmetics
2013-01-14 16:24:55 +01:00
Miroslav Stampar
1e1f560d0c
Minor cosmetics
2013-01-14 16:24:28 +01:00
Miroslav Stampar
0c2474cc22
Minor update
2013-01-14 16:21:40 +01:00
Miroslav Stampar
a5a309212a
Fix for an Issue #339
2013-01-14 16:18:03 +01:00
Bernardo Damele
3e2c3851f3
Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312 )
2013-01-14 13:42:50 +00:00
Bernardo Damele
515c1c6205
removed leftover
2013-01-14 10:26:22 +00:00
Bernardo Damele
83000de9e1
improved handling and storing of exceptions with --live-test ( #312 )
2013-01-14 10:23:40 +00:00
Bernardo Damele
8125fe90a7
code refactoring
2013-01-14 10:22:38 +00:00
Bernardo Damele
036b612bcb
bug fix to be able to write unicode chars to debug file
2013-01-14 01:11:42 +00:00
Miroslav Stampar
fc560f2b75
Minor revert and proper fix
2013-01-14 00:47:29 +01:00
Bernardo Damele
b74cfbf336
minor enhancements for debug purposes (issue #312 )
2013-01-13 23:15:56 +00:00
Bernardo Damele
fdd6075859
temporary patch to fix UNION query enumeration
2013-01-13 23:08:23 +00:00
Miroslav Stampar
92ea8841f8
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-13 16:23:09 +01:00
Miroslav Stampar
03dd958d96
Implementation for an Issue #48
2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d
Minor cleanup (we officially support Python >= 2.6)
2013-01-11 16:01:48 +01:00
Bernardo Damele
675e4a026b
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-11 13:31:49 +00:00
Bernardo Damele
41834e7a5b
working on #8 - still not usable though
2013-01-11 13:31:44 +00:00
Miroslav Stampar
bc4d8d3e02
Implementation for an Issue #332
2013-01-11 11:17:41 +01:00
Miroslav Stampar
5571d09354
Minor revert
2013-01-11 11:13:55 +01:00
Miroslav Stampar
4b79269608
Minor bug fix
2013-01-11 11:10:18 +01:00
Miroslav Stampar
ec4e49d771
Minor refactoring
2013-01-10 16:09:28 +01:00
Miroslav Stampar
1363f26367
Minor refactoring
2013-01-10 15:59:02 +01:00
Miroslav Stampar
834be1eddc
Restyling redundant 'except Exception' form
2013-01-10 15:54:28 +01:00
Miroslav Stampar
acfeeb4f51
Restyling old form of urlparse
2013-01-10 15:41:07 +01:00
Miroslav Stampar
8686c20fa5
Removing one obsolete instantiation line
2013-01-10 15:27:35 +01:00
Miroslav Stampar
934d41dac2
Minor style update (PEP8)
2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878
Some PEP8 related style cleaning
2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3
Removing unused imports
2013-01-10 12:15:12 +01:00
Miroslav Stampar
05705857a9
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-10 12:09:48 +01:00
Miroslav Stampar
ca1c0c2a1d
Minor style update
2013-01-10 11:54:07 +01:00
Bernardo Damele
ca337159f5
added reminder TODO
2013-01-10 01:11:22 +00:00
Bernardo Damele
8093f3950d
properly distinguish stdout from stderr with a separate pipe (tracebacks go to stderr) - issue #297
2013-01-10 00:52:44 +00:00
Bernardo Damele
10f1099944
remove logging handler that shows logging messages to stdout - issue #297
2013-01-10 00:51:56 +00:00
Bernardo Damele
ccc3c3d1a3
minor fix to distinguish stdout from stderr
2013-01-10 00:51:05 +00:00
Bernardo Damele
ef40779ad3
upgraded to use custom subprocessng for non-blocking send and read functions for spawned processes. Added new method to display range of log messages, just in case and improved parsing/unpickling of read log messages
2013-01-10 00:01:28 +00:00
Bernardo Damele
2126a5ba12
minor index fix
2013-01-10 00:00:00 +00:00
Bernardo Damele
9766f6025e
logging is now handled in a separate file descriptor :) - issue #297
2013-01-09 22:09:50 +00:00
Bernardo Damele
794700eb37
preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297
2013-01-09 22:08:50 +00:00
Bernardo Damele
d120dc18d1
cleanup
2013-01-09 22:06:27 +00:00
Bernardo Damele
58a60562ac
avoid exiting with a traceback for missing dependency, handle properly at some point
2013-01-09 16:05:55 +00:00
Bernardo Damele
7f4ce4afbb
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 16:04:29 +00:00
Bernardo Damele
510ceb6e19
first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28
2013-01-09 16:04:23 +00:00
Miroslav Stampar
bf5544903b
Minor style update
2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d
Update for an Issue #169
2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5
Patch for an Issue #169
2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b
pass a pickled options object to sqlmap engine when called from API
2013-01-09 12:34:45 +00:00
Bernardo Damele
8457cff278
added variable to store the live test traceback if any
2013-01-09 12:33:18 +00:00
Bernardo Damele
f11747732e
added missing command line options
2013-01-09 12:30:13 +00:00
Miroslav Stampar
55a552ddc4
Update for an Issue #24
2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964
Minor refactoring for an Issue #295
2013-01-08 10:23:02 +01:00
Bernardo Damele
c155c6df84
minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi
2013-01-07 23:31:11 +00:00
Miroslav Stampar
3abe87ac89
Minor fix with status update (Issue #305 )
2013-01-07 18:53:08 +01:00
Miroslav Stampar
a8f02916a9
Minor fix (Issue #305 )
2013-01-07 18:39:35 +01:00
Miroslav Stampar
e219fad8bf
Added a short comment
2013-01-07 18:19:48 +01:00
Bernardo Damele
1e35b3c8c9
proper link
2013-01-07 16:59:59 +00:00
Miroslav Stampar
96e5d5d178
Some more updates for an Issue #295
2013-01-07 16:55:41 +01:00
Miroslav Stampar
74552bea87
Cleaning some garbage (hard coded paths with linux native slashes)
2013-01-07 16:51:00 +01:00
Miroslav Stampar
425df067eb
Fix for an --os-pwn with ICMPsh (it was crashing because methods interleaved with Metasploit ones)
2013-01-07 16:44:22 +01:00
Miroslav Stampar
ac407ae4a1
Implementation for an Issue #295
2013-01-07 15:55:40 +01:00
Miroslav Stampar
76839ff9d6
Fix for an Issue #305
2013-01-07 12:52:55 +01:00
Bernardo Damele
1e1892c962
prep for subprocess..
2013-01-07 11:10:33 +00:00
Bernardo Damele
7fa75792dd
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9
removed unused var
2013-01-07 11:05:33 +00:00
Miroslav Stampar
87e923613f
Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST)
2013-01-05 21:16:47 +01:00
Miroslav Stampar
dc21f3ce67
Minor just in case filtering of union results
2013-01-04 17:09:07 +01:00
Miroslav Stampar
5b77b20e2e
Removing trailing whitespaces (PEP8)
2013-01-03 23:57:07 +01:00
Miroslav Stampar
82b468211d
Minor update
2013-01-03 23:38:29 +01:00
Miroslav Stampar
f340ce8b4b
Minor style update
2013-01-03 23:35:29 +01:00
Miroslav Stampar
1712603dce
Replacing deprecated has_key() with operator in (PEP8)
2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5
Replacing old and deprecated raise Exception style (PEP8)
2013-01-03 23:20:55 +01:00
Bernardo Damele
3a11d36c66
minor bug fix
2013-01-02 21:49:15 +00:00
Miroslav Stampar
cb15fcc8af
Fix for an Issue #329
2013-01-02 22:17:06 +01:00
Miroslav Stampar
304e52cb4d
Minor language update
2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1
Minor style update
2013-01-02 21:52:50 +01:00
Miroslav Stampar
0795760255
Minor fix
2012-12-30 11:22:23 +01:00
Miroslav Stampar
75edb84a71
Minor update
2012-12-30 11:10:32 +01:00
Miroslav Stampar
58ad2f1c5d
Revert of last commit and proper fix
2012-12-29 10:35:05 +01:00
Miroslav Stampar
0e18fa9c5f
Minor fix
2012-12-28 23:43:47 +01:00
Miroslav Stampar
648d91d790
Distinguishing invalid unicode from safe encoded characters (for proper potential decoding)
2012-12-27 22:43:39 +01:00
Miroslav Stampar
3d01890147
Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)
2012-12-27 21:15:44 +01:00
Miroslav Stampar
cb91729913
Fix for an Issue #324 (crawling when HTML is not well-formed)
2012-12-27 20:55:37 +01:00
Miroslav Stampar
127b880577
Minor update
2012-12-27 15:14:40 +01:00
Miroslav Stampar
6ae4590edc
Removing problematic per-MySQL LIMIT prefix
2012-12-26 19:48:01 +01:00
Miroslav Stampar
a77b7f00d9
Fix for an Issue #323
2012-12-23 19:34:35 +01:00
Bernardo Damele
832567ecf6
import order
2012-12-21 23:34:37 +00:00
Miroslav Stampar
77625e5af7
Minor revert
2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4
Minor style update
2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
2012-12-21 14:52:47 +01:00
Miroslav Stampar
6c1ec9b54f
Fix for an Issue #318
2012-12-21 11:10:05 +01:00
Miroslav Stampar
35728fa443
Fix (and some hidden bug fixes/improvements) regarding an Issue #317
2012-12-21 10:51:35 +01:00
Miroslav Stampar
352e516400
Bottle is a 3rd party tool (not going to extra folder)
2012-12-21 10:18:30 +01:00
Miroslav Stampar
b94a5d42d4
Removing a leftover
2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4
Related to an Issue #319
2012-12-21 09:47:58 +01:00
Miroslav Stampar
0d5d84edc7
Minor cleanup
2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db
Fix for an Issue #316
2012-12-20 20:55:59 +01:00
Miroslav Stampar
1073ebc697
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 20:51:41 +01:00
Bernardo Damele
89d8c58fd1
poor attempt at forking a child process for sqlmap engine execution, output is not handled yet
2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d
minor bug fix ( #297 )
2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b
fixed options initiation
2012-12-20 16:53:43 +00:00
Miroslav Stampar
1c4d438aff
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 16:37:03 +01:00
Bernardo Damele
b0635bddcc
adjustments
2012-12-20 15:29:23 +00:00
Miroslav Stampar
8efe056671
Minor refactoring
2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd
standalone REST API, code cleanup ( #297 )
2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7
removed deprecated feature ( #287 )
2012-12-20 13:21:07 +00:00
Miroslav Stampar
63d9b7a1f8
No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset)
2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e
Minor restyling
2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6
these edits got overwritten from last commits
2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586
Proper fix
2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a
Merge branch 'master' of github.com:sqlmapproject/sqlmap
...
Conflicts:
lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2
Proper fix
2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970
attempt to handle standard input from --live-test
2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0
minor bug fix to correctly parse unicode chars
2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd
minor fix (reading of unicode xml files)
2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5
minor bug fix (for PostgreSQL)
2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb
minor bug fix (issue #314 )
2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea
slight improvement of live test engine and added misc test cases to xml
2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d
added support for random global variables
2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc
minor restyling
2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485
pointless restyling
2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff
Just for one girl out there waiting for this patch ;)
2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa
forgot these
2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835
fixed bug related to issue #223
2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b
restyling
2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374
commented out partial work
2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a
revert change of name for now
2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982
be more specific in standard output message as to whether or not the read file is same as remote file
2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0
During --flush-session log file should be cleaned too (especially because of --live-tests)
2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f
ORDER BY does not play well with UNION query SQLi (related to issue #313 )
2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f
catch ImportError exception if libmagic is not installed
2012-12-19 13:10:54 +00:00
Bernardo Damele
128597ee7e
--run-case is now case insensitive
2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103
minor bug fix (issue #310 )
2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c
fixed test cases
2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8
removed duplicate code - fixes issue #310
2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5
preparation for issue #310
2012-12-19 11:40:00 +00:00
Bernardo Damele
f5450e9f0e
layout adjustment
2012-12-19 11:39:38 +00:00
Bernardo Damele
dee56b17c3
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae
Debug message with declared page charset
2012-12-19 11:16:42 +01:00
Miroslav Stampar
d29dddf5b2
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 10:51:25 +01:00
Miroslav Stampar
92e338251a
Finally working inference against MySQL/international letters (even chinese)
2012-12-19 10:44:02 +01:00
Bernardo Damele
65ed2304fd
comment update
2012-12-19 09:38:03 +00:00
Bernardo Damele
0037d52098
typo fix
2012-12-19 01:11:18 +00:00
Miroslav Stampar
c9b8b51c9c
Update lib/core/common.py
...
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
8e95470415
minor refactoring
2012-12-19 00:46:23 +00:00
Bernardo Damele
318fcee49c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a
minor refactoring
2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af
Update lib/core/common.py
...
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9
Update lib/core/agent.py
2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31
added support for comma separated list of files for --file-read - fixes issue #223
2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5
minor bug fix, union query has to be limited 0, 0
2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35
added more test cases
2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a
Implementation for an Issue #307
2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876
Minor patch
2012-12-18 11:10:06 +01:00
Miroslav Stampar
2b64c10710
Patch for an Issue #304
2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922
Another implementation for an Issue #302
2012-12-17 15:08:54 +01:00
Bernardo Damele
3c1b696bd6
removed more print statements
2012-12-17 13:35:32 +00:00
Bernardo Damele
1fdd804e94
replaced instances of dataToStdout with logger
2012-12-17 13:30:21 +00:00
Bernardo Damele
9f47eb0a59
cleaner
2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03
removed unuseful prints
2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0
minor fix: add also back-end DBMS and web app fingerprint output to log file
2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb
improvements to --live-test and added --stop-fail switch
2012-12-17 11:41:43 +00:00
Bernardo Damele
064d443d60
replaced unnecessary dataToStdout() call with appropriate logger.info() call
2012-12-17 11:30:08 +00:00
Bernardo Damele
2926c815bf
improved test switch --live-test and minor refactoring
2012-12-17 11:29:33 +00:00
Bernardo Damele
f40c52cc17
comment adjustment
2012-12-17 11:28:03 +00:00
Bernardo Damele
2442a58884
minor leftover of deprecated XMLRPC service
2012-12-17 11:26:31 +00:00
Miroslav Stampar
60baf5071e
Patch for an Issue #302
2012-12-17 00:40:01 +01:00
Bernardo Damele
d4a061d0c3
code cleanup - #297
2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb
code refactoring and first time logger is handled by a separate file descriptor (issue #297 )
2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c
code refactoring ( #279 )
2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2
on our way to make it thread safe.. it is a long way actually (issue #297 )
2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750
added more comments, improved cleanup method
2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4
implemented cleanup and status admin methods
2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec
minor fix
2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff
minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297
2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f
added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297 )
2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95
refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297 )
2012-12-14 13:40:25 +00:00
Bernardo Damele
a2a71bb37b
cleanup from XML-RPC related stuff
2012-12-14 13:37:36 +00:00
Miroslav Stampar
a3acf72e52
Fix for argparse issue
2012-12-14 14:35:11 +01:00
Miroslav Stampar
235631808f
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-12-14 14:25:02 +01:00
Bernardo Damele
3d9779ffd4
further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods ( #297 )
2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238
cleaner solution for imports as standalone client/server (issue #297 )
2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25
enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297 )
2012-12-14 12:01:13 +00:00
Bernardo Damele
156a291e2d
typo fix
2012-12-14 11:55:54 +00:00
Miroslav Stampar
c41618416c
Removing trailing blanks
2012-12-14 12:00:45 +01:00
Bernardo Damele
2e97405ffa
bundle bottle library in sqlmap (it is MIT license) - issue #297
2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70
leftovers
2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f
added first implementation of REST-JSON API library - issue #297
2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1
added initial support (hidden from -hh and not yet usable) for REST-JSON API
2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821
Minor update
2012-12-13 14:55:20 +01:00
Miroslav Stampar
df0f08bc6a
Cleaning some (web upload based) garbage
2012-12-13 13:19:47 +01:00
Miroslav Stampar
5150172178
Minor update
2012-12-13 10:03:21 +01:00
Miroslav Stampar
b78b56d782
Update for an Issue #287 regarding read_output returning values
2012-12-12 17:17:36 +01:00
Miroslav Stampar
fc4be0a77c
Minor fix
2012-12-12 16:45:29 +01:00
Miroslav Stampar
e381158058
Hmmm... Let me guess. Update for an Issue #287
2012-12-12 16:31:20 +01:00
Miroslav Stampar
921000bd87
Another update for an Issue #287
2012-12-12 14:22:24 +01:00
Miroslav Stampar
c3f20a136f
Minor update for an Issue #287
2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4
Minor update
2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2
Minor update for an Issue #287
2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768
Update for an Issue #287
2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381
Writing only unique hashes to an output file (for eventual cracking with 3rd party tools)
2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e
First commit (and working one) for an Issue #287 (XML-RPC server)
2012-12-11 16:02:06 +01:00
Miroslav Stampar
b5884c7eda
Minor language update
2012-12-11 15:24:02 +01:00
Miroslav Stampar
760519dbe9
Removing redundant piece of code
2012-12-11 15:21:27 +01:00
Miroslav Stampar
a54c261496
Minor update for Issues #292 & #293 (only single alert per target)
2012-12-11 14:44:43 +01:00
Miroslav Stampar
5c2451d83c
Implementation for an Issue #293
2012-12-11 12:48:58 +01:00
Miroslav Stampar
562044577b
Implementation for an Issue #292
2012-12-11 12:02:06 +01:00
Miroslav Stampar
6433be8b3d
Style update
2012-12-10 17:20:04 +01:00
Miroslav Stampar
996e882e78
Minor update
2012-12-10 17:13:00 +01:00
Miroslav Stampar
013dc8bc98
Another minor update for an Issue #267
2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4
Minor update for an Issue #267
2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061
Implemented support for plain , chars too (Issue #267 )
2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5
Minor styl eupdate for an Issue #267
2012-12-10 12:54:01 +01:00
Miroslav Stampar
5677db02b7
Minor update
2012-12-10 12:40:28 +01:00
Miroslav Stampar
5606a860ce
Oracle supports inline comments too (Issue #267 )
2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7
Support for a HTTP parameter pollution (Issue #267 )
2012-12-10 11:55:31 +01:00
Miroslav Stampar
42f4c2bac9
Minor fix when --dbms is enforced
2012-12-10 11:42:10 +01:00
Miroslav Stampar
1f7644a691
Minor fix when user doesn't want custom injection char marker to be processed
2012-12-08 21:23:30 +01:00
Miroslav Stampar
0cbdaaecfa
Revert of 99e9412f74
(because of an Issue #289 )
2012-12-08 08:53:25 +01:00
Miroslav Stampar
73968a448c
Minor update
2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b
Removing redundant code in redirect handler (related to an Issue #288 )
2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa
Minor update for an Issue #288
2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc
Minor refactoring
2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9
Patch for an Issue #288
2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2
Minor update for an Issue #288
2012-12-07 11:23:18 +01:00
Miroslav Stampar
1028afce37
Removal of leftovers
2012-12-06 14:15:44 +01:00
Miroslav Stampar
974407396e
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962
Minor style update (capitalization of leftover class names)
2012-12-06 13:46:24 +01:00
Miroslav Stampar
baccbd6f48
Implementation for an Issue #283
2012-12-06 11:57:57 +01:00
Miroslav Stampar
ab67344448
Removed unused imports and variables (pyflake-ing)
2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46
Introducing 'new style classes' (idea from Pull request #284 )
2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c
Taking some goodies from Pull request #284
2012-12-06 10:21:53 +01:00
Miroslav Stampar
6b39e661a7
Fix for an issue #279
2012-12-05 12:15:14 +01:00
Miroslav Stampar
775e0df04b
Update for an Issue #278
2012-12-05 10:45:17 +01:00
Miroslav Stampar
949fcb77cf
Minor style update
2012-12-05 10:22:16 +01:00
Miroslav Stampar
d4b5133df7
Update for an Issue #272
2012-12-04 17:04:32 +01:00
Miroslav Stampar
a14697e8cf
Implementation for an Issue #272
2012-12-04 16:47:34 +01:00
Miroslav Stampar
6b007ab188
Minor patch for an Issue #274 (just in case to avoid this kind of problems)
2012-12-04 16:14:14 +01:00
Miroslav Stampar
e2aa695655
Minor update
2012-12-03 17:20:18 +01:00
Miroslav Stampar
42a8234c6f
Update for an Issue #12
2012-12-03 14:27:01 +01:00
Miroslav Stampar
79fca8e9d5
Fix for an Issue #268
2012-12-03 12:13:59 +01:00
Miroslav Stampar
8410fc5a9d
Minor update
2012-12-02 08:00:55 +01:00
redshark1802
1675386093
fixed typo that created an invalid configuration file with the option '--save'
2012-11-30 23:00:03 +01:00
Miroslav Stampar
0664e72bea
Minor fix for an Issue #230
2012-11-30 12:13:34 +01:00
Miroslav Stampar
5b61e9ce12
Minor update for an Issue #254
2012-11-30 11:43:50 +01:00
Miroslav Stampar
7e2db762d6
Minor update
2012-11-29 15:45:04 +01:00
Miroslav Stampar
8f10023523
Fix for an Issue #266
2012-11-29 15:44:14 +01:00
Miroslav Stampar
3b961c2550
Update for an Issue #254
2012-11-29 15:36:38 +01:00
Miroslav Stampar
605d73cc3d
Minor refactoring
2012-11-29 12:21:12 +01:00
Miroslav Stampar
7304971544
Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator'
2012-11-29 11:43:49 +01:00
Miroslav Stampar
7c16bfe025
Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN )
2012-11-29 10:51:59 +01:00
Miroslav Stampar
a7e1e856d4
Fix for an Issue #260
2012-11-28 17:00:26 +01:00
Miroslav Stampar
35d1146fd1
Minor update for an (Issue #254 )
2012-11-28 12:53:11 +01:00
Miroslav Stampar
753d0f18bf
First CSS style added for a HTML table dump format (Issue #254 )
2012-11-28 12:46:43 +01:00
Miroslav Stampar
b6ea337937
First style-less prototype for an HTML dump output (Issue #254 )
2012-11-28 12:28:42 +01:00
Miroslav Stampar
e2d8b53e97
Minor update for an Issue #264
2012-11-28 11:45:33 +01:00
Miroslav Stampar
cff0c59630
Implementation for an Issue #264
2012-11-28 11:41:39 +01:00
Miroslav Stampar
5bf5b95588
More refactoring for an Issue #254
2012-11-28 11:16:00 +01:00
Miroslav Stampar
87a92ab330
Deprecating --replicate (Issue #254 )
2012-11-28 11:10:57 +01:00
Miroslav Stampar
f08eb0fd9f
Minor style update
2012-11-28 10:59:15 +01:00
Miroslav Stampar
d95dd2d16e
Preparation for an Issue #254
2012-11-28 10:58:18 +01:00
Miroslav Stampar
621ae587c7
Fix for an Issue #263
2012-11-28 00:03:17 +01:00
Miroslav Stampar
d490ffb163
Fix for an Issue #259
2012-11-27 11:45:22 +01:00
Miroslav Stampar
bd33128085
Fix for an Issue #262
2012-11-27 10:08:22 +01:00
Miroslav Stampar
38c96a366b
Patch for an Issue #260
2012-11-26 11:16:59 +01:00
Miroslav Stampar
ef2038f1c8
Implementation for an Issue #253
2012-11-21 10:16:13 +01:00
Miroslav Stampar
c40dded28c
Fix for an Issue #250
2012-11-20 12:10:29 +01:00
Miroslav Stampar
93e071fc33
Fix for an Issue #251
2012-11-20 11:19:23 +01:00
Miroslav Stampar
302348b0cd
Minor update
2012-11-19 11:59:28 +01:00
Miroslav Stampar
a40d7a5bca
Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed)
2012-11-15 15:06:54 +01:00
Miroslav Stampar
d37be5f97b
Fix for an Issue #248
2012-11-14 15:54:24 +01:00
Miroslav Stampar
9a54a911a8
Patch for an Issue #231
2012-11-14 11:30:29 +01:00
Miroslav Stampar
5b3fe25211
Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages)
2012-11-13 15:22:59 +01:00
Miroslav Stampar
6f7f9dd8eb
Patch for an Issue #242
2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b
Patch for an Issue #246
2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413
Patch for an Issue #235
2012-11-10 11:01:29 +01:00
Miroslav Stampar
181c3534f0
Patch for an Issue #237
2012-11-08 19:16:37 +01:00
Miroslav Stampar
e7e83defaa
Minor update
2012-11-08 11:09:34 +01:00
Miroslav Stampar
1ee0d9ce5e
Fix for an Issue #229
2012-11-05 15:58:54 +01:00
Miroslav Stampar
3cf5fc2f5a
Fix for an Issue #230
2012-11-05 15:10:49 +01:00
Miroslav Stampar
2de52927f3
Code refactoring (epecially Google search code)
2012-10-30 18:38:10 +01:00
Miroslav Stampar
76b793b199
Fix for an Issue #228
2012-10-30 18:08:25 +01:00
Miroslav Stampar
6e2041bc13
Better language than in last commit
2012-10-30 11:54:21 +01:00
Miroslav Stampar
1bbeb92eb6
Better language (used formation 'not required' in case of help for --dependencies while 'required'->'needs' in a check itself)
2012-10-30 11:19:39 +01:00
Miroslav Stampar
5cfc066ac4
Minor update
2012-10-30 10:30:22 +01:00
Miroslav Stampar
7c7aff12c6
Update for an Issue #225
2012-10-30 01:26:19 +01:00
Miroslav Stampar
b0f5b4f9bc
Update for an Issue #225
2012-10-30 00:59:31 +01:00
Miroslav Stampar
726de868e2
Fix for an Issue #225
2012-10-30 00:37:43 +01:00
Miroslav Stampar
a9094a35fe
Fix for an Issue #227
2012-10-30 00:20:49 +01:00
Miroslav Stampar
1d07b93730
Bug fix for --os-shell on MySQL (it was not working for a long time because of this)
2012-10-29 15:45:30 +01:00
Miroslav Stampar
5358d85d37
Important refactoring for web-based functionality
2012-10-29 15:09:05 +01:00
Miroslav Stampar
81ccf28785
Minor refactoring
2012-10-29 14:08:48 +01:00
Miroslav Stampar
d6e16e8641
Minor update
2012-10-29 11:08:02 +01:00
Miroslav Stampar
359e734954
Minor refactoring
2012-10-29 10:48:49 +01:00
Miroslav Stampar
919f75db9b
Improvement and fix for pivotDumpTable mechanism
2012-10-28 23:09:35 +01:00
Miroslav Stampar
d7973c3e32
Improvement of pivotDumpTable mechanism (no more fail on first entry)
2012-10-28 22:18:22 +01:00
Miroslav Stampar
c1eb803ef5
Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly)
2012-10-28 21:16:51 +01:00
Miroslav Stampar
b75c52f93c
Minor display fix (in --hex mode)
2012-10-28 12:30:21 +01:00
Miroslav Stampar
25a5073281
Bug fix for --hex/--technique=B (especially MsSQL)
2012-10-28 12:22:33 +01:00
Miroslav Stampar
8617fe0d65
Bug fix for international letters decoded with --hex on MsSQL
2012-10-28 11:50:16 +01:00
Miroslav Stampar
ca427af8b3
Minor refactoring/improvement
2012-10-28 01:42:08 +02:00
Miroslav Stampar
43ddf39bea
Minor refactoring
2012-10-28 01:16:02 +02:00
Miroslav Stampar
bcdba7b7bb
Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details
2012-10-28 01:11:50 +02:00
Miroslav Stampar
c1b8226329
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863
Minor fix
2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b
Bug fix (in --dump mode if error/inband failed with None other techniques were ignored)
2012-10-27 23:42:52 +02:00
Miroslav Stampar
06805b27f2
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
2012-10-27 23:16:25 +02:00
Miroslav Stampar
7207cf29dd
Minor update
2012-10-26 11:05:44 +02:00
Miroslav Stampar
965d7eee17
Minor bug fix for a reflection removal mechanism
2012-10-26 00:06:15 +02:00
Miroslav Stampar
235cc656b9
Fix for an Issue #224
2012-10-25 15:25:31 +02:00
Miroslav Stampar
bcf708f4b1
Minor update
2012-10-25 13:37:33 +02:00
Miroslav Stampar
fdcdd11cb9
Minor update for an Issue #222
2012-10-25 13:35:44 +02:00
Miroslav Stampar
8a5844a364
Implementation for an Issue #222
2012-10-25 13:21:32 +02:00
Miroslav Stampar
afd82b92dd
Patch for an Issue #221
2012-10-25 10:21:36 +02:00
Miroslav Stampar
12fc9442b9
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
2012-10-25 10:10:23 +02:00
Miroslav Stampar
54fbb22ab8
Minor refactoring
2012-10-25 09:56:36 +02:00
Miroslav Stampar
65ec715828
Fix for an Issue #218
2012-10-25 00:03:00 +02:00
Miroslav Stampar
5477c9f7ba
Fix for an Issue #216
2012-10-24 22:59:46 +02:00
Miroslav Stampar
056be32ac1
Fix for Issue #213
2012-10-23 17:06:31 +02:00
Miroslav Stampar
99ceea5eae
Fix for an Issue #214
2012-10-23 17:05:45 +02:00
Miroslav Stampar
f3aa09c794
Minor language fix
2012-10-23 15:52:43 +02:00
Miroslav Stampar
eb6f17b561
Fix for --dump and -d=mssql
2012-10-23 15:02:43 +02:00
Miroslav Stampar
4365c48e83
Minor style update
2012-10-23 14:38:24 +02:00
Miroslav Stampar
06f226c494
Fix for an Issue #211
2012-10-23 14:37:45 +02:00
Miroslav Stampar
b82eb3a1ae
Fix for an Issue #210
2012-10-23 13:58:25 +02:00
Miroslav Stampar
f2bbf1ead9
Fix for raw_input raising EOFError and KeyboardInterrupt on Ctrl-C (Windows platform)
2012-10-23 11:05:00 +02:00
Miroslav Stampar
5ff2e33c43
Minor fix
2012-10-23 10:54:26 +02:00
Miroslav Stampar
68d5faa287
Minor update
2012-10-23 10:46:17 +02:00
Miroslav Stampar
54d086f409
Minor fix
2012-10-23 10:02:10 +02:00
Miroslav Stampar
f11a640e99
Undo of a previous commit (pdb left inside)
2012-10-22 14:39:35 +02:00
Miroslav Stampar
b913e2123d
Displaying hex-decoded resulting output in --hex mode
2012-10-22 14:39:11 +02:00
Miroslav Stampar
029143880a
Displaying hex-decoded resulting output in --hex mode
2012-10-22 14:36:01 +02:00
Miroslav Stampar
39f565533a
In case on --no-cast DUMP_REPLACEMENTS should not be used
2012-10-22 14:13:30 +02:00
Miroslav Stampar
3f596cda85
Minor fix for --dump --technique=B when empty strings are returned
2012-10-22 11:49:23 +02:00
Miroslav Stampar
21481df239
Minor update for Issue #209
2012-10-21 19:00:37 +02:00
Miroslav Stampar
fb1497aa89
Minor update for Issue #209
2012-10-21 18:53:31 +02:00
Miroslav Stampar
261b286021
Fix for an Issue #209
2012-10-20 13:17:45 +02:00
Miroslav Stampar
6a271fe800
Update for an Issue #2
2012-10-19 11:29:03 +02:00
Miroslav Stampar
998eb70288
Minor update
2012-10-19 11:05:10 +02:00
Miroslav Stampar
987f167e12
Minor update
2012-10-19 11:03:54 +02:00
Miroslav Stampar
d65d9e25cd
Implementation for an Issue #2
2012-10-19 11:02:14 +02:00
Miroslav Stampar
688a2db27a
Fix for an Issue #208
2012-10-19 10:04:09 +02:00
Miroslav Stampar
64b4586883
Minor update
2012-10-18 11:36:12 +02:00
Miroslav Stampar
ea49fa2db2
Fix for an Issue #206
2012-10-18 11:11:20 +02:00
Miroslav Stampar
1cb2ca4195
Minor update
2012-10-18 10:55:27 +02:00
Miroslav Stampar
b5060c0010
Fix for an Issue #205
2012-10-16 14:28:46 +02:00
Miroslav Stampar
2cb1b054bb
Implementation for an Issue #79
2012-10-16 12:32:58 +02:00
Miroslav Stampar
3e64ab214e
Minor update
2012-10-16 10:28:59 +02:00
Miroslav Stampar
9ad58cb531
Implementation for an Issue #204
2012-10-16 10:24:05 +02:00
Miroslav Stampar
8b57e1fce6
Minor update for an Issue #203
2012-10-15 23:15:52 +02:00
Miroslav Stampar
42b2c85517
Minor cosmetics
2012-10-15 18:45:13 +02:00
Miroslav Stampar
c7cf8b2e80
Minor refactoring of direct()
2012-10-15 18:41:41 +02:00
Miroslav Stampar
048e720f69
Minor refactoring for an Issue #203
2012-10-15 17:55:57 +02:00
Miroslav Stampar
9aba690a60
Patch for an Issue #203
2012-10-15 16:23:41 +02:00
Miroslav Stampar
e440b096c5
Fix for an Issue #202
2012-10-15 12:24:30 +02:00
Miroslav Stampar
56832fe9c4
Better adjustTimeDelay() candidate algorithm
2012-10-11 14:23:53 +02:00
Miroslav Stampar
e61c4c22c9
Implementation for an Issue #200
2012-10-09 15:19:47 +02:00
Miroslav Stampar
cd9a47835b
Minor consistency update
2012-10-09 14:48:26 +02:00
Miroslav Stampar
8c5fb1b064
Minor update
2012-10-09 14:46:45 +02:00
Miroslav Stampar
ea12ccec77
Minor refactoring
2012-10-09 11:33:19 +02:00
Miroslav Stampar
10b0fd21dc
Fix for an Issue #198
2012-10-09 11:27:19 +02:00
Miroslav Stampar
5a91b6e622
Minor cleanup
2012-10-09 10:21:52 +02:00
Miroslav Stampar
8e7449ccd5
Minor update
2012-10-07 20:28:24 +02:00
Miroslav Stampar
ff205f088b
Minor update
2012-10-07 20:12:55 +02:00
Miroslav Stampar
cc3f387551
Patch for an Issue #127
2012-10-05 10:49:31 +02:00
Miroslav Stampar
ebc7088f94
Implementation for an Issue #128
2012-10-05 10:24:09 +02:00
Miroslav Stampar
098e446ca4
Adding support for generic XML POST data
2012-10-04 18:44:12 +02:00
Miroslav Stampar
f71b937add
Minor language cleanup
2012-10-04 18:28:36 +02:00
Miroslav Stampar
8865fe69d7
Minor cleanup
2012-10-04 18:26:07 +02:00
Miroslav Stampar
2fbd05c98f
Minor language update
2012-10-04 18:04:55 +02:00
Miroslav Stampar
d464678e10
Minor update for an Issue #49
2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18
Better treating of numeric values (Issue #49 )
2012-10-04 16:08:37 +02:00
Miroslav Stampar
31aa9be1c7
Minor update
2012-10-04 15:40:11 +02:00
Miroslav Stampar
9129dac77b
Minor fix for an Issue #134
2012-10-04 15:33:26 +02:00
Miroslav Stampar
5d2b534908
Minor update (Issue #49 )
2012-10-04 15:23:01 +02:00
Miroslav Stampar
5b59b6feb4
Removing junk part
2012-10-04 12:09:09 +02:00
Miroslav Stampar
d570e25b1b
Minor workflow update
2012-10-04 12:05:59 +02:00
Miroslav Stampar
eddc634ceb
Minor improvement (custom injection marks are now processed in order of appearance)
2012-10-04 11:52:40 +02:00
Miroslav Stampar
3764d230be
Minor fix for Issue #197 and Issue #49
2012-10-04 11:43:37 +02:00
Miroslav Stampar
dee6d2f9ff
Minor language update
2012-10-04 11:34:14 +02:00
Miroslav Stampar
461e5ebc5f
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5
Implementation for an Issue #49
2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311
Minor refactoring
2012-10-02 13:36:15 +02:00
Miroslav Stampar
a8aecaa036
Minor style update
2012-10-02 13:33:10 +02:00
Miroslav Stampar
19407b9aca
Minor update
2012-09-26 15:25:01 +02:00
Miroslav Stampar
6eae7013b6
Minor cosmetics
2012-09-26 15:03:12 +02:00
Miroslav Stampar
687f3991de
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
2012-09-26 11:27:43 +02:00
Miroslav Stampar
6bc5f44b20
Minor just in case update for an Issue #195 (safer behavior on forced charsets)
2012-09-25 15:09:07 +02:00
Miroslav Stampar
efe4c13ed1
Update regarding suffixQuery (user supplied --suffix should nullify any eventual payload comments)
2012-09-25 14:36:15 +02:00
Miroslav Stampar
ec43ceec40
Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;)
2012-09-25 14:29:22 +02:00
Miroslav Stampar
560e0fcb25
Minor cleanup
2012-09-25 14:21:57 +02:00
Miroslav Stampar
fccdb824bb
Patch for an Issue #193
2012-09-25 11:21:39 +02:00
Miroslav Stampar
c9e7e71ea2
Implementation for an Issue #195
2012-09-25 10:17:25 +02:00
Miroslav Stampar
9ca7b3e20e
Implementation for an Issue #194
2012-09-25 09:25:35 +02:00
Miroslav Stampar
d175decdfc
Fix for an Issue #190
2012-09-22 20:59:40 +02:00
Miroslav Stampar
a6eeebfca8
Fix for an Issue #188
2012-09-20 11:30:07 +02:00
Miroslav Stampar
9a1fbb8941
Fix for an Issue #185
2012-09-13 14:22:26 +02:00
Miroslav Stampar
e570858db9
Implementation for an Issue #183
2012-09-12 11:50:38 +02:00
Miroslav Stampar
a64438fb5c
Minor language update
2012-09-11 19:45:40 +02:00
Miroslav Stampar
05dced5418
Minor language update
2012-09-11 19:43:03 +02:00
Miroslav Stampar
511c3b8dcc
Update and fix for an Issue #182
2012-09-11 14:58:52 +02:00
Miroslav Stampar
10b671d625
Update for an Issue #182
2012-09-11 12:08:34 +02:00
Miroslav Stampar
12d33c7a38
Fix for Issue #180 and #181 (missing module from an Issue #179 )
2012-09-10 22:39:56 +02:00
Miroslav Stampar
5d23d72ff5
Fix for an Issue #176
2012-09-08 17:58:03 +02:00
Miroslav Stampar
f26ea04e38
Fix for an Issue #175
2012-09-07 17:06:38 +02:00
Miroslav Stampar
e4bc471f81
Fix for an Issue #173
2012-09-07 10:09:19 +02:00
Miroslav Stampar
a3baf94e9b
Minor style update
2012-09-07 10:09:00 +02:00
Miroslav Stampar
cea5127ffd
Update for an Issue #6
2012-09-06 15:51:38 +02:00
Miroslav Stampar
c3d191e626
Minor update for an Issue #2
2012-09-06 14:13:54 +02:00
Miroslav Stampar
1e238b5a5a
Minor update
2012-09-06 13:36:34 +02:00
Miroslav Stampar
dbce417cdd
Potential fix for an Issue #171
2012-09-02 22:48:41 +02:00
Miroslav Stampar
f6716cf7c0
Fix for an Issue #170
2012-09-01 23:52:00 +02:00
Miroslav Stampar
2170e64ca5
Minor bug fix
2012-08-31 19:48:45 +02:00
Miroslav Stampar
33980adaef
Another update for an Issue #79
2012-08-31 12:46:38 +02:00
Miroslav Stampar
b916db34a4
Another update for an Issue #79
2012-08-31 12:38:02 +02:00
Miroslav Stampar
47d162f391
Minor update (same but cleaner)
2012-08-31 12:27:40 +02:00
Miroslav Stampar
7286d89cb6
Few fixes for an Issue #79 (problem with case sensitivity of request get_header)
2012-08-31 12:15:09 +02:00
Miroslav Stampar
2806185989
Minor refactoring
2012-08-31 10:43:06 +02:00
Miroslav Stampar
74a5d41272
Minor update for an Issue #79
2012-08-31 10:24:47 +02:00
Miroslav Stampar
cdd3ed6abc
Minor bug fix
2012-08-30 14:22:18 +02:00
Miroslav Stampar
a89d61415a
'Patch' for an Issue #167
2012-08-29 21:29:27 +02:00
Miroslav Stampar
c1c65a7167
Fix for an Issue #166
2012-08-29 20:21:45 +02:00
Miroslav Stampar
9674b174ee
One more minor update related to last commit
2012-08-23 15:37:17 +02:00
Miroslav Stampar
b79247c197
Minor update
2012-08-23 15:22:14 +02:00
Miroslav Stampar
e9ae44c6fc
Implementation for an #162
2012-08-22 16:50:01 +02:00
Miroslav Stampar
0ad3846451
Minor language update
2012-08-22 16:10:56 +02:00
Miroslav Stampar
f1f6364690
Changing default readInput value on dictionary-based attack depending on conf.multipleTargets
2012-08-22 16:10:38 +02:00
Miroslav Stampar
a62a874d59
Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)
2012-08-22 16:06:09 +02:00
Miroslav Stampar
4ab4fd1cb4
Minor update
2012-08-22 15:53:40 +02:00
Miroslav Stampar
52351e5d81
Update for an Issue #161 (now detecting format error messages too)
2012-08-22 15:51:47 +02:00
Miroslav Stampar
a6d743ec4c
Minor console output fix (redundant newline has been displayed in case of rawInput)
2012-08-22 14:43:57 +02:00
Miroslav Stampar
7b93108e7d
Favoring non-string specific boundaries in case of digit-like parameter values
2012-08-22 13:58:52 +02:00
Miroslav Stampar
25ee333e66
Minor language update
2012-08-22 12:00:17 +02:00
Miroslav Stampar
8a5042b6a4
Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)
2012-08-22 11:56:30 +02:00
Miroslav Stampar
7d0662da23
Update for an #161
2012-08-22 11:42:06 +02:00
Miroslav Stampar
61151447fe
Implementation of an Issue #161
2012-08-22 11:27:58 +02:00
Miroslav Stampar
6210ddfbd6
Minor refactoring
2012-08-22 11:00:39 +02:00
Miroslav Stampar
a927d94d39
Update for an Issue #155
2012-08-22 10:57:31 +02:00
Miroslav Stampar
32a36f1ff3
El Cosmeticado
2012-08-22 09:58:39 +02:00
Miroslav Stampar
2c66ca39f1
Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0)
2012-08-22 09:53:53 +02:00
Miroslav Stampar
ebab05cf7c
Fix for an Issue #158
2012-08-21 20:20:38 +02:00
Miroslav Stampar
ad59abe018
Cleaning leftover
2012-08-21 14:37:09 +02:00
Miroslav Stampar
1b86fffc6d
Fix for an Issue #157
2012-08-21 14:36:04 +02:00
Miroslav Stampar
d421f9a618
Fix for an Issue #157
2012-08-21 14:34:19 +02:00
Miroslav Stampar
1bcf5a6b88
Some more dict refactorings
2012-08-21 11:30:01 +02:00
Miroslav Stampar
01f481c332
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Miroslav Stampar
b9c63eb908
Fix for an Issue #156
2012-08-21 10:46:29 +02:00
Miroslav Stampar
b7415d36df
Minor refactoring
2012-08-21 10:28:25 +02:00
Miroslav Stampar
7a8ace78f9
Removing redundant newline char as logger already adds it's own
2012-08-21 09:58:40 +02:00
Miroslav Stampar
233b9a3815
Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those)
2012-08-20 22:17:39 +02:00
Miroslav Stampar
8ee9feafb9
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
2012-08-20 21:57:25 +02:00
Miroslav Stampar
6f450ac8bf
Implementation for an Issue #155
2012-08-20 12:14:01 +02:00
Miroslav Stampar
823dde73ab
Minor cleanup
2012-08-20 11:40:49 +02:00
Miroslav Stampar
2b6123c4f8
Minor style update
2012-08-20 11:29:23 +02:00
Miroslav Stampar
e0d9fa8666
Minor style update
2012-08-20 11:28:41 +02:00
Miroslav Stampar
76338add17
Fix for an Issue #152
2012-08-20 10:41:43 +02:00
Miroslav Stampar
59078bb1b8
Fix for an Issue #154
2012-08-20 10:05:13 +02:00
Miroslav Stampar
4649450603
Fix for an Issue #137
2012-08-16 22:20:24 +02:00
Miroslav Stampar
0d8fca30c9
Fix for an Issue #59
2012-08-16 11:31:43 +02:00
Miroslav Stampar
1af81c0de4
Implementation of an Issue #149
2012-08-15 22:31:25 +02:00
Miroslav Stampar
f358ab2e73
Implementation of an Issue #147
2012-08-15 16:37:18 +02:00
Miroslav Stampar
36b55cf209
Proper fix for an Issue #145
2012-08-14 22:28:42 +02:00
Miroslav Stampar
ab35ab4e2a
Fix for an Issue #145
2012-08-14 18:52:45 +02:00
Miroslav Stampar
432b567584
Fix for an Issue #141
2012-08-08 00:03:58 +02:00
Miroslav Stampar
31ceb0cb6c
Fix for an Issue #140
2012-08-07 10:57:29 +02:00
Miroslav Stampar
fec8a5cc9d
Fix for an Issue #139
2012-08-07 00:50:58 +02:00
Miroslav Stampar
f797a6d813
Fix for an Issue #125
2012-07-31 13:06:45 +02:00
Miroslav Stampar
6f529542e3
Making those --string tips (containing escaped characters) decodable by sqlmap
2012-07-31 11:32:53 +02:00
Miroslav Stampar
142fc887f1
Fix for an Issue #129
2012-07-31 11:03:44 +02:00
Miroslav Stampar
bdbe8ff9d9
Fix for an Issue #132
2012-07-30 22:39:45 +02:00
Miroslav Stampar
47073f4afd
Implementation of an Issue #131
2012-07-30 21:50:46 +02:00
Miroslav Stampar
93d35fe522
Minor update regarding Issue #129
2012-07-30 21:43:32 +02:00
Miroslav Stampar
b9ac50faef
Minor bug fix
2012-07-30 12:09:20 +02:00
Miroslav Stampar
a86f9798b2
Minor refactoring together with a wider support for html entities
2012-07-30 11:21:32 +02:00
Miroslav Stampar
20a66567a3
Minor refactoring
2012-07-30 10:06:14 +02:00
Miroslav Stampar
cc2a916716
Fix for an Issue #126
2012-07-29 17:33:08 +02:00
Miroslav Stampar
1669c6bdb4
Another update for an Issue #28
2012-07-27 17:05:21 +02:00
Miroslav Stampar
6ffc5665d0
Update for Issue #28
2012-07-27 16:29:33 +02:00
Miroslav Stampar
07738004cc
Fix for an Issue #123
2012-07-27 10:02:47 +02:00
Miroslav Stampar
a5062c1e4f
Adding a warn message when --dns-domain is ignored (because of faster techniques)
2012-07-27 09:48:48 +02:00
Bernardo Damele
92c2b3bd4c
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744
working on issue #12
2012-07-26 23:11:07 +01:00
Miroslav Stampar
cba387a0a0
Minor speed up
2012-07-26 15:42:04 +02:00
Miroslav Stampar
efa99c4519
Implementation for an Issue #4
2012-07-26 14:07:05 +02:00
Miroslav Stampar
b3552494c4
Minor preparation for an Issue #48
2012-07-26 12:26:57 +02:00
Miroslav Stampar
3e9f1fe410
Minor style update
2012-07-26 12:13:16 +02:00
Miroslav Stampar
30f8d09651
Implementation for an Issue #70
2012-07-26 12:06:02 +02:00
Miroslav Stampar
231f0f76b5
Fix for an Issue #119
2012-07-26 00:49:51 +02:00
Miroslav Stampar
cba77410a9
Minor style update
2012-07-26 00:08:49 +02:00
Miroslav Stampar
18b1d1efd6
Fix for an Issue #121
2012-07-26 00:02:38 +02:00
Miroslav Stampar
2b60e61d54
Minor update for #119
2012-07-25 10:57:19 +02:00
Miroslav Stampar
922ea9d1f4
Update for Issue #118
2012-07-24 15:43:29 +02:00
Miroslav Stampar
f8c9868cb6
Implementation for an Issue #118
2012-07-24 15:34:50 +02:00
Miroslav Stampar
42f518b2d6
Minor update for letting unhandledExceptionMessage() do it's job if kb has not yet been initialized
2012-07-24 14:44:44 +02:00
Miroslav Stampar
b820975217
Improvement of decodeIntToUnicode()
2012-07-23 19:31:06 +02:00
Miroslav Stampar
1153b4563c
Minor update for an Issue #111
2012-07-23 18:44:50 +02:00
Miroslav Stampar
fccd69721e
Update for an Issue #111
2012-07-23 18:38:46 +02:00
Miroslav Stampar
ab9cb80602
Implementing Issue #111
2012-07-23 15:14:52 +02:00
Miroslav Stampar
6809449e31
Minor style update
2012-07-23 15:06:49 +02:00
Miroslav Stampar
63bf99ce77
Minor just in case update for an Issue #117
2012-07-23 14:46:43 +02:00
Miroslav Stampar
c6b724489b
Minor style update
2012-07-23 14:26:42 +02:00
Miroslav Stampar
a7d1a0c250
Implementation for an Issue #117
2012-07-23 14:14:22 +02:00
Miroslav Stampar
3279ce53a8
Minor style update
2012-07-23 13:57:38 +02:00
Miroslav Stampar
534eccc9aa
Fix for an Issue #115
2012-07-23 10:16:47 +02:00
Miroslav Stampar
1b6cb9442f
Fix for an Issue #114
2012-07-21 23:31:36 +02:00
Bernardo Damele
0a4b6431a8
minor bug fix - issue #112
2012-07-21 16:51:01 +01:00
Miroslav Stampar
95e0d46e3e
Fix for an Issue #110
2012-07-21 09:15:54 +02:00
Bernardo Damele
dba0a96c2e
fall-back to UNION technique if web file stager was not uploaded with LIMIT
2012-07-20 17:11:22 +01:00
Bernardo Damele
cbe8f41746
minor code refactoring preparing for #96
2012-07-20 16:20:17 +01:00
Miroslav Stampar
f336afa913
Implementation for Issue #108
2012-07-20 09:48:09 +02:00
Miroslav Stampar
dcf8a27f12
Implementation for an Issue #67
2012-07-18 14:24:10 +02:00
Miroslav Stampar
4fc462c4d9
Minor update for an Issue #105
2012-07-18 14:09:04 +02:00
Miroslav Stampar
655dd55a6f
Implementation of an Issue #105
2012-07-18 13:32:34 +02:00
Miroslav Stampar
08244c7ebf
Fix for an Issue #104
2012-07-17 15:05:50 +02:00
Miroslav Stampar
e30646a54f
Fix for an Issue #103
2012-07-17 10:36:22 +02:00
Miroslav Stampar
41d16e55cb
Typo fix ( #102 )
2012-07-17 09:13:19 +02:00
Bernardo Damele
7198e3185b
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-17 00:25:08 +01:00
Bernardo Damele
318a01b867
minor typo fixes
2012-07-17 00:25:02 +01:00
Miroslav Stampar
d6ceb7af5e
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-17 00:19:52 +02:00
Miroslav Stampar
81d15e5051
Fix for an Issue #101
2012-07-17 00:19:33 +02:00
Bernardo Damele
5f876bdbbe
minor adjustments
2012-07-16 22:50:29 +01:00
Miroslav Stampar
c96e44b30c
Fix for an Issue #100
2012-07-16 23:28:01 +02:00
Miroslav Stampar
ffbbb10abb
Support for dotted identificator names
2012-07-16 23:13:21 +02:00
Miroslav Stampar
0e21cb54de
Minor fix related to Issue #94
2012-07-16 16:06:39 +02:00
Miroslav Stampar
0f64e1e6c1
Minor update for Issue #94 (not fixing it)
2012-07-16 15:43:02 +02:00
Miroslav Stampar
0eff977c63
Refactoring for Issue #91
2012-07-16 12:24:54 +02:00
Miroslav Stampar
4d759984b2
Implementation for Issue #91
2012-07-16 12:12:52 +02:00
Miroslav Stampar
c1a14257a4
Removing --disable... switches and making changes in default choice(s) for respectable sections
2012-07-16 11:31:51 +02:00
Miroslav Stampar
07a85874fe
Implementation for Issue #92
2012-07-16 11:07:47 +02:00
Miroslav Stampar
87ecf205cb
More work for Issue #66
2012-07-14 17:01:04 +02:00
Miroslav Stampar
38d82771be
Minor style update
2012-07-14 11:23:22 +02:00
Miroslav Stampar
805120ac52
Minor refactoring
2012-07-14 11:01:30 +02:00
Miroslav Stampar
9a7fc24ec2
Minor style update
2012-07-13 15:22:08 +02:00
Miroslav Stampar
ddb9caeef1
Revert of the previous commit
2012-07-13 15:05:19 +02:00
Miroslav Stampar
d165d5d5fe
To not be confused with heuristic method in SQLi
2012-07-13 15:03:43 +02:00
Miroslav Stampar
32b700f130
Minor style update
2012-07-13 15:02:11 +02:00
Miroslav Stampar
fbb5db00ba
Minor style update
2012-07-13 15:00:39 +02:00
Miroslav Stampar
786686da60
Minor language update
2012-07-13 14:53:42 +02:00
Miroslav Stampar
9ff9c951bc
Language update
2012-07-13 14:33:16 +02:00
Miroslav Stampar
6677da63cd
Fix for an Issue #88
2012-07-13 14:25:39 +02:00
Miroslav Stampar
3c81f74823
Minor style update
2012-07-13 12:22:37 +02:00
Miroslav Stampar
6ade007aec
Minor update of language
2012-07-13 12:13:04 +02:00
Miroslav Stampar
c5ecc8b8db
Closing work on Issue #83
2012-07-13 11:23:21 +02:00
Miroslav Stampar
48f68bd076
First commit for Issue #83
2012-07-13 10:35:22 +02:00
Miroslav Stampar
d834e8debf
Minor update
2012-07-13 10:28:03 +02:00
Miroslav Stampar
b11fd8b9f7
Fix for an Issue #87
2012-07-13 10:11:16 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
a49d685eb8
Hidding --beep (Issue #84 )
2012-07-12 17:03:24 +02:00
Bernardo Damele
ea9c66108e
cleanup for issue #68
2012-07-12 15:38:43 +01:00
Miroslav Stampar
569c9214bf
Adding support for boldifying important logging messages
2012-07-12 16:30:35 +02:00
Miroslav Stampar
b2fe1c30f8
Minority report
2012-07-12 16:04:01 +02:00
Miroslav Stampar
8e18514e56
Minor refactoring for all that stickyness
2012-07-12 15:58:45 +02:00
Miroslav Stampar
fe61bdce75
Minor update
2012-07-12 15:25:26 +02:00
Miroslav Stampar
dbbca16c69
Minor renaming
2012-07-12 15:24:40 +02:00
Miroslav Stampar
9bc24cea6b
Dealing with kb.currentMessage issue
2012-07-12 15:23:35 +02:00
Miroslav Stampar
b320dc118d
Minor fix (recognizing if it's colorizing handler or not)
2012-07-12 14:55:54 +02:00
Miroslav Stampar
cba2a26b68
Finishing Issue #75 (inference dumping)
2012-07-12 14:46:57 +02:00
Miroslav Stampar
65639cdda6
First update for Issue #75 (error-based dumping)
2012-07-12 14:31:28 +02:00
Miroslav Stampar
3fd5119f3f
Redesigning for Issue #75
2012-07-12 13:42:22 +02:00
Bernardo Damele
3d66e2dfb1
minor bug fix
2012-07-12 10:47:51 +01:00
Bernardo Damele
33cbbed4a8
I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided
2012-07-12 01:39:15 +01:00
Bernardo Damele
f704a46341
silly blank line added
2012-07-12 01:38:29 +01:00
Bernardo Damele
ee3aeb8dcf
actual implementation of issue #75 , still some work to do
2012-07-12 01:16:00 +01:00
Bernardo Damele
3a94953ae2
leftover from previous commit
2012-07-12 01:15:34 +01:00
Bernardo Damele
a5924739f6
minor code refactoring in preparation of ticket #75
2012-07-12 01:12:30 +01:00
Bernardo Damele
53c0336b48
added --hostname switch to retrieve DBMS server hostname - closes issue #69
2012-07-12 00:01:57 +01:00
Bernardo Damele
4e64c1126d
restored bold on questions to users (calls from readInput()) - issue #77
2012-07-11 22:56:11 +01:00
Bernardo Damele
247f95e051
restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done")
2012-07-11 22:48:27 +01:00
Bernardo Damele
2b3ea3e3b7
fixed colouring for PAYLOAD (-v 3) - issue #77
2012-07-11 22:40:52 +01:00
Miroslav Stampar
15ee5310d9
Adding traffic in and out to color_map
2012-07-11 20:42:18 +02:00
Miroslav Stampar
43cac2212b
Fix for a case when ColorizingStreamHandler is not used
2012-07-11 20:36:32 +02:00
Miroslav Stampar
72378d4f61
Some more refactoring
2012-07-11 20:29:48 +02:00
Miroslav Stampar
c6464b44be
Some more refactoring
2012-07-11 20:13:23 +02:00
Miroslav Stampar
d7926b8aac
Minor refactoring
2012-07-11 19:54:21 +02:00
Bernardo Damele
53ccd09ca4
now also readInput() uses colouring
2012-07-11 17:53:32 +01:00
Bernardo Damele
02ec25b4b8
code refactoring
2012-07-11 17:44:23 +01:00
Bernardo Damele
77b275f1a6
conf->kb
2012-07-11 17:32:12 +01:00
Bernardo Damele
1d2c87e24e
leftover
2012-07-11 17:22:01 +01:00
Bernardo Damele
105ac8ea77
deleted unnecessary hg file
2012-07-11 17:06:56 +01:00
Bernardo Damele
fa2f6f9a39
colourize manually crafter "logging" messages
2012-07-11 16:48:30 +01:00
Miroslav Stampar
295a7a8e5e
Another update for Issue #80
2012-07-11 16:14:20 +02:00
Miroslav Stampar
9a4f8d5f45
Fix for Issue #80
2012-07-11 16:01:25 +02:00
Bernardo Damele
0702dd70b5
verify also that the web backdoor has been successfully uploaded
2012-07-11 14:08:51 +01:00
Bernardo Damele
31571e6e2d
minor refactoring
2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725
Some work on Issue #68
2012-07-11 11:58:47 +02:00
Bernardo Damele
f219b39980
minor fix in case ctypes is not installed on Windows
2012-07-10 13:08:37 +01:00
Miroslav Stampar
8caffac4bc
conf.unescape->kb.unescape
2012-07-10 10:55:04 +02:00
Miroslav Stampar
e7f78bf04f
Fix for an issue where False value was displayed for --is.. switches
2012-07-10 10:31:14 +02:00
Bernardo Damele
ea77e7d9d1
added missing file - issue #77
2012-07-10 03:00:21 +01:00
Bernardo Damele
eb7ffb8f91
setup for implementing logging colouring - issue #77
2012-07-10 02:54:37 +01:00
Bernardo Damele
0a3899858d
missed in previous commit
2012-07-10 01:37:53 +01:00
Bernardo Damele
a27f50ed1d
added conf.unescape global variable to control whether or not the injected statements should be unescaped
2012-07-10 01:37:16 +01:00
Bernardo Damele
f645ac6040
dealing with variables in SQL procs - issue #33
2012-07-10 01:05:03 +01:00
Bernardo Damele
2527554f8e
more work on #33
2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0
initial work for issue #33
2012-07-10 00:27:08 +01:00
Bernardo Damele
d3da3f5c52
refactoring for issue #51
2012-07-10 00:19:32 +01:00
Bernardo Damele
25eca9d671
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
2012-07-09 14:26:23 +01:00
Bernardo Damele
99c5ea54f7
cleanup for #34
2012-07-09 12:39:43 +01:00
Bernardo Damele
d08a54e375
properly display the command stdout
2012-07-09 10:52:48 +01:00
Miroslav Stampar
3ff28e58b4
Update regarding Issue #52
2012-07-08 19:24:25 +02:00
Miroslav Stampar
0d539a876d
Minor fix (subversion->github)
2012-07-07 23:49:34 +02:00
Miroslav Stampar
a525dd4336
Fix for Issue #72
2012-07-07 19:02:46 +02:00
Miroslav Stampar
54e0a2d8ee
--os-shell now works perfect for inference-like techniques too
2012-07-07 17:57:06 +02:00
Miroslav Stampar
823b3d8be8
Minor language fixes
2012-07-07 11:41:52 +02:00
Miroslav Stampar
2669528b24
Language typo
2012-07-07 11:16:33 +02:00
Miroslav Stampar
58f6687194
Some refactoring (reusing xpCmdshellForgeCmd)
2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77
Proper fix
2012-07-07 10:38:07 +02:00
Miroslav Stampar
f00a776d8d
Minor fix for BigArray (now accepting negative indexes)
2012-07-07 10:35:29 +02:00
Miroslav Stampar
1c69eb5d30
Revert "major fix"
...
This reverts commit 3a11fc2d9e
.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e
major fix
2012-07-06 22:55:34 +01:00
Miroslav Stampar
8c871476ee
Some more refactoring
2012-07-06 17:34:40 +02:00
Miroslav Stampar
6bc0b34031
Some more refactoring
2012-07-06 17:28:01 +02:00
Miroslav Stampar
e948e4d45b
Some more refactoring
2012-07-06 17:18:22 +02:00
Miroslav Stampar
1a8ebbfd43
Minor refactoring
2012-07-06 17:05:47 +02:00
Bernardo Damele
373fea03a3
fixed display of TABs
2012-07-06 15:13:23 +01:00
Miroslav Stampar
438a636973
Fix for issue Issue #60
2012-07-06 15:36:32 +02:00
Miroslav Stampar
76f7f907c6
Minor update for Issue #61
2012-07-06 14:33:40 +02:00
Miroslav Stampar
6a05e3fd79
Fix for Issue #61
2012-07-06 14:24:44 +02:00
Miroslav Stampar
1ebff35b19
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-06 12:25:21 +02:00
Miroslav Stampar
982fcde1c0
Fix for Issue #62
2012-07-06 12:24:55 +02:00
Bernardo Damele
4fa6d51d93
improved issues link
2012-07-05 16:26:50 +01:00
Miroslav Stampar
bc5025b06c
Fix for Issue #59
2012-07-05 12:34:27 +02:00
Miroslav Stampar
c3c1b9e957
Minor restyling
2012-07-04 20:28:18 +02:00
Miroslav Stampar
7ad6697446
Fix for Issue #57
2012-07-04 20:21:44 +02:00
Miroslav Stampar
23fb753759
Finishing work on Issue #52
2012-07-03 22:13:01 +02:00
Miroslav Stampar
40fc6488bf
Fix for Issue #56 (Google has changed few things for retrieving PR)
2012-07-03 21:00:18 +02:00
Miroslav Stampar
bbf41f6658
Removing debugging leftover
2012-07-03 16:50:05 +02:00
Miroslav Stampar
ada627a022
Another update for Issue #52
2012-07-03 16:49:34 +02:00
Miroslav Stampar
70f754f6c5
Making work on Issue #52
2012-07-03 16:34:11 +02:00
Bernardo Damele
793fa464e3
website url fix
2012-07-03 13:14:39 +01:00
Miroslav Stampar
51f35674ca
Removing obsolete switch --version as version is now displayed with every run (Issue #54 )
2012-07-03 13:11:09 +02:00
Miroslav Stampar
481b46a004
Restyling output for Issue #52
2012-07-03 13:06:52 +02:00
Miroslav Stampar
6b419067b7
Another minor update for Issue #54
2012-07-03 12:49:35 +02:00
Miroslav Stampar
8b8677b938
Another minor update for Issue #54
2012-07-03 12:29:42 +02:00
Miroslav Stampar
47b6e696d8
Minor update for Issue #54
2012-07-03 12:21:40 +02:00
Miroslav Stampar
3af1532700
Implementation for Issue #54
2012-07-03 12:09:18 +02:00
Miroslav Stampar
5af6ca58a0
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-07-03 00:50:45 +02:00
Miroslav Stampar
168aeadf76
Adding switch --output-dir (Issue #53 )
2012-07-03 00:50:23 +02:00
Bernardo Damele
fd4cfb0cc0
working on #51
2012-07-02 15:28:19 +01:00
Bernardo Damele
7335072ab8
leftover
2012-07-02 15:11:21 +01:00
Bernardo Damele
04d803c7fd
more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55
minor refactoring, issue #51
2012-07-02 12:50:26 +01:00
Miroslav Stampar
8eefe4b71f
Getting back revision number - displayed like in GitHub commits (Issue #52 )
2012-07-02 13:01:20 +02:00
Bernardo Damele
add8352804
make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too
2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
2012-07-02 02:04:19 +01:00
Bernardo Damele
7b4ecd9df0
added skeleton code for issue #34 , still not usable
2012-07-02 00:22:34 +01:00
Bernardo Damele
4736d46677
just in case..
2012-07-02 00:00:46 +01:00
Bernardo Damele
03d2c9c818
placeholder message when --update is provided, remove when the function is updated to pull changes from git
2012-07-01 23:59:44 +01:00
Bernardo Damele
18be319d13
hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run
2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c
minor code refactoring
2012-07-01 23:31:45 +01:00
Bernardo Damele
ab412da27f
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
2012-07-01 23:25:05 +01:00
Miroslav Stampar
d7cd55fb28
Fix for Issue #47
2012-07-01 11:05:04 +02:00
Miroslav Stampar
21d9ae0a2c
some more refactoring
2012-07-01 01:19:54 +02:00
Miroslav Stampar
f6509db31a
minor refactoring
2012-07-01 00:33:19 +02:00
Miroslav Stampar
32f52cdd04
Another language update for Issue #45
2012-06-29 10:33:54 +02:00
Miroslav Stampar
f0e39c3fae
Language update for Issue #45
2012-06-29 10:33:00 +02:00
Miroslav Stampar
c0f16f0c1a
Fix for Issue #45
2012-06-29 10:31:03 +02:00
Miroslav Stampar
e51d3a02f1
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
2012-06-28 18:53:47 +02:00
Miroslav Stampar
18b596ea75
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2012-06-28 18:48:18 +02:00
Miroslav Stampar
c8bac658f3
Fix for Issue #43
2012-06-28 18:47:55 +02:00
Miroslav Stampar
2a72fcce2b
Fix for Issue #42
2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
01be9381d5
minor update
2012-06-25 16:24:33 +00:00
Miroslav Stampar
6c4bd84d18
minor fix (turning back the functionality of kb.suppressResumeInfo)
2012-06-25 16:19:51 +00:00
Miroslav Stampar
ea5d483c86
session file no more
2012-06-21 11:19:30 +00:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
1e67b4f0b9
minor fix
2012-06-20 14:16:26 +00:00
Miroslav Stampar
302d782a0f
minor style update
2012-06-19 08:33:51 +00:00
Miroslav Stampar
452ef202ae
minor fixes
2012-06-17 22:48:23 +00:00
Miroslav Stampar
b9f6943a42
minor update
2012-06-17 21:23:12 +00:00
Miroslav Stampar
e2a60b302f
minor fix
2012-06-17 21:21:45 +00:00
Miroslav Stampar
3da8f86e97
minor fix
2012-06-15 21:01:27 +00:00
Miroslav Stampar
fe49abd45f
minor fix
2012-06-15 20:49:28 +00:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
76c873a222
minor fix
2012-06-15 06:22:44 +00:00
Miroslav Stampar
76584ff0fa
unhidding --test-filter
2012-06-14 14:36:53 +00:00
Miroslav Stampar
d2dd47fb23
some more refactoring
2012-06-14 13:52:56 +00:00
Miroslav Stampar
facce2c0df
some more cleanup
2012-06-14 13:50:36 +00:00
Miroslav Stampar
d5e80089ff
minor summer cleanup
2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb
minor refactoring
2012-06-14 13:38:53 +00:00
Miroslav Stampar
1204eb00b2
minor fix
2012-06-14 12:46:32 +00:00
Miroslav Stampar
19c0efec59
just a minor refactoring
2012-06-14 09:10:28 +00:00
Miroslav Stampar
a51d8c4c79
replacing identifier safe char " with [] enclosing for MsSQL
2012-06-13 15:27:42 +00:00
Miroslav Stampar
367de838c1
minor update
2012-06-13 14:08:32 +00:00
Miroslav Stampar
4ac3794e80
minor update
2012-06-12 14:22:14 +00:00
Miroslav Stampar
d7f698fa14
minor update
2012-06-11 22:01:13 +00:00
Miroslav Stampar
96177393e1
minor update regarding --exact switch
2012-06-10 13:38:12 +00:00
Miroslav Stampar
b85a1fc271
minor fix
2012-06-05 22:55:42 +00:00
Miroslav Stampar
058a9c59a2
fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)
2012-06-05 22:40:55 +00:00
Miroslav Stampar
f94ebe3107
minor fix (credentials were only set for the first target)
2012-06-04 22:30:12 +00:00
Miroslav Stampar
738073105e
minor updates
2012-06-04 19:52:51 +00:00
Miroslav Stampar
7b282b1d6c
adding support for newer SSL protocols
2012-06-04 19:46:28 +00:00
Miroslav Stampar
10b0639a96
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
2012-06-04 09:24:46 +00:00
Miroslav Stampar
76a4aa19ac
some more fine tunning
2012-05-28 19:50:12 +00:00
Miroslav Stampar
73dba249e8
one more just in case update
2012-05-28 19:34:47 +00:00
Miroslav Stampar
efb406fbfc
minor revert
2012-05-28 19:13:50 +00:00
Miroslav Stampar
f7cba8d2cb
minor update
2012-05-28 18:05:15 +00:00
Miroslav Stampar
a72cb29c1f
taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server
2012-05-28 16:57:10 +00:00
Miroslav Stampar
190ae4ca13
no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)
2012-05-28 15:10:17 +00:00
Miroslav Stampar
89e90c3d84
revert of last commit
2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b
minor update
2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
2012-05-28 14:15:04 +00:00
Miroslav Stampar
d2bbfa4aad
minor style update
2012-05-28 14:04:17 +00:00
Miroslav Stampar
226547b7dc
minor fix for --skip-urlencode and custom post
2012-05-28 09:04:25 +00:00
Miroslav Stampar
75dd1d6a2b
minor fix
2012-05-27 21:54:56 +00:00
Miroslav Stampar
e967bbd70f
minor patch
2012-05-27 21:44:42 +00:00
Miroslav Stampar
76eeba10e2
unhiding --dns-domain switch
2012-05-27 18:41:06 +00:00
Miroslav Stampar
fed0212631
now working with recursive queries too
2012-05-27 10:03:02 +00:00
Miroslav Stampar
71ff081fde
minor update
2012-05-27 09:11:19 +00:00
Miroslav Stampar
09f2144485
full page read is not needed in DNS exfiltration mode
2012-05-26 21:28:43 +00:00
Miroslav Stampar
4e6fcce9ca
minor update
2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9
minor language update
2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
2012-05-26 07:00:26 +00:00
Miroslav Stampar
00d22f013f
some consistency in variable naming at the file level
2012-05-25 10:08:55 +00:00
Miroslav Stampar
db526bdbc0
minor update (tainted values are not checked any more in multipleTargets mode)
2012-05-25 09:52:17 +00:00
Miroslav Stampar
dc20bff1d0
minor update
2012-05-25 08:30:24 +00:00
Miroslav Stampar
c394610740
adding switch --skip-urlencode to skip URL encoding of POST data
2012-05-24 23:30:33 +00:00
Miroslav Stampar
7657bbeaf9
minor update
2012-05-24 22:32:06 +00:00
Miroslav Stampar
86fdad2bfa
minor update
2012-05-24 22:07:50 +00:00
Miroslav Stampar
eed8d7eb5d
finalizing support for IPv6
2012-05-24 21:55:57 +00:00
Miroslav Stampar
b6d37d766a
minor update regarding IPv6 support
2012-05-24 21:49:20 +00:00
Miroslav Stampar
92286104e3
minor just in case update
2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177
minor fix
2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293
minor fix
2012-05-24 20:53:01 +00:00
Miroslav Stampar
1e18168cc8
fix for one silent bug and small language update
2012-05-23 16:35:40 +00:00
Miroslav Stampar
2538e2d5b4
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d
minor style update
2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d
minor update
2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5
minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces
2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c
minor language update
2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b
minor language upgrade
2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284
adding a warning about --tor switch
2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b
turning off null connection on -o when --tor used (not compatible)
2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc
minor just in case patch
2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98
minor code refactoring
2012-05-10 14:15:17 +00:00
Miroslav Stampar
12d32f58f2
fix for that SOAP reported bug
2012-05-10 13:39:54 +00:00
Miroslav Stampar
1418ae9767
little refactoring of parseUnionPage together with a patch for some special case
2012-05-09 18:47:40 +00:00
Miroslav Stampar
7fb1f3fc70
minor renaming
2012-05-09 18:26:02 +00:00
Miroslav Stampar
11d9859199
making nice code
2012-05-09 18:25:04 +00:00
Miroslav Stampar
b0a8238774
minor fixes
2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262
minor fix
2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6
minor update for empty tables (skipping other techniques)
2012-05-09 10:34:21 +00:00
Miroslav Stampar
6177317a17
minor update
2012-05-09 10:06:23 +00:00
Miroslav Stampar
37f2709197
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
2012-05-09 09:08:23 +00:00
Miroslav Stampar
fdf61015ad
minor patch
2012-05-09 08:41:05 +00:00
Miroslav Stampar
e419177871
minor update
2012-05-08 17:28:19 +00:00
Miroslav Stampar
deec97dfe3
adding Frontbase to error message regexes
2012-05-08 17:02:58 +00:00
Miroslav Stampar
eccd4da00f
minor fix
2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e
doing all the work for the users so they wouldn't strain their little hands
2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2
that query variable hasn't been used anywhere (obsolete for some time)
2012-05-08 14:34:40 +00:00
Miroslav Stampar
6af110d631
avoiding --no-cast/--hex warning message before a DBMS is fingerprinted
2012-05-08 14:06:41 +00:00
Miroslav Stampar
64c241fe92
limiting original UNION query results to only 1 result (potentially speeding things up in some cases)
2012-05-08 13:45:53 +00:00
Miroslav Stampar
e00f4a8934
minor cosmetics
2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395
automatically writing uncracked hashes to a file for eventual further processing
2012-05-08 10:46:05 +00:00
Miroslav Stampar
80ee687b41
minor beauty patch
2012-05-07 13:51:31 +00:00
Miroslav Stampar
96299d3d5d
minor refactoring
2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b
minor update
2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f
causing too much confusion among dummy users
2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f
skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)
2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
2012-04-25 20:29:07 +00:00
Bernardo Damele
4da03d898e
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
2012-04-25 07:40:42 +00:00
Miroslav Stampar
cec432f94d
minor update
2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a
adding --purge-output to be one of mandatory switches
2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c
minor update
2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce
adding new file related to the last commit
2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1
adding option '--purge'
2012-04-23 14:24:23 +00:00
Miroslav Stampar
3532d23933
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
2012-04-23 13:41:36 +00:00
Miroslav Stampar
be2da77bf8
minor update
2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198
minor fix
2012-04-23 10:11:00 +00:00
Miroslav Stampar
775134639d
minor update
2012-04-20 20:33:15 +00:00
Miroslav Stampar
2b1b4c0742
minor fix
2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade
minor renaming
2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68
reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)
2012-04-15 16:59:03 +00:00
Miroslav Stampar
71b0acc16f
minor fix (checking for full inband should be done with ORIGINAL - more concise)
2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46
minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def 🔤 ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)
2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895
another cosmetics
2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3
minor cosmetics
2012-04-13 15:10:40 +00:00
Miroslav Stampar
54576ab3a6
making a random choice from candidates
2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5
use it only if page is stable
2012-04-13 10:19:26 +00:00
Miroslav Stampar
052d9455fe
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
2012-04-12 09:44:54 +00:00
Miroslav Stampar
831f79b851
minor generalization
2012-04-12 09:30:19 +00:00
Miroslav Stampar
c7422546e1
tiny update
2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981
minor update
2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093
correcting comment on reflective removal function
2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4
minor fixes
2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f
some more updates in reflective removal mechanism
2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497
minor improvement for reflective values (when missing first part of payload like in error reports)
2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2
some more updates for reflective mechanism
2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e
improvement of reflective mechanism
2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf
minor adjustment
2012-04-11 08:35:09 +00:00
Miroslav Stampar
e33ea7c33a
minor fix
2012-04-10 22:29:39 +00:00
Miroslav Stampar
8541222080
minor update
2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47
minor fix
2012-04-10 22:20:53 +00:00
Miroslav Stampar
a82206cec4
minor cosmetics
2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598
improving "boolean detection" by automatic recognition of convenient --string candidate
2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9
adding support for PgSQL DNS data exfiltration
2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5
minor refactoring
2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345
minor update
2012-04-04 23:47:06 +00:00
Miroslav Stampar
e0994947e2
minor update
2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a
minor cosmetics
2012-04-04 23:34:08 +00:00
Miroslav Stampar
83387d92bb
minor bug fix
2012-04-04 23:32:20 +00:00
Miroslav Stampar
c89a4162e2
bug fix for --dns-domain with --technique=TS
2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd
added few comments
2012-04-04 13:24:58 +00:00
Miroslav Stampar
a5b69eaea4
removing unused imports
2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da
revert
2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd
works against MySQL/Windows
2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b
Add a space after a comment
2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22
leftover
2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9
Minor refactoring
2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895
more cosmetics
2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184
layout adjustments
2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255
proper fix
2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00
removing default values for referer and host from higher level/risk options
2012-04-04 10:34:27 +00:00
Miroslav Stampar
5e358b51f9
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
2012-04-04 09:25:05 +00:00
Miroslav Stampar
5851badff1
minor refactoring
2012-04-03 14:46:09 +00:00
Miroslav Stampar
b0787f193c
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
2012-04-03 14:34:15 +00:00
Miroslav Stampar
556b349be3
minor fix for retrieving non-printable chars in inference and non-multi threading mode
2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19
much cleaner approach in that "flat" representation of retrieved items in union technique
2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1
minor fix
2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc
minor update
2012-04-03 12:19:37 +00:00
Miroslav Stampar
503988887c
minor update
2012-04-03 10:43:46 +00:00
Miroslav Stampar
78f51fd2e5
minor fix
2012-04-03 10:18:03 +00:00
Miroslav Stampar
2504f4edb8
minor fixes
2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Miroslav Stampar
5f94987b0f
fix for DNS method for MSSQL
2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8
minor update
2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b
minor fixes
2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af
further update of DNS data retrieval mechanism through SQLi
2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562
few just in case "patches"
2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd
minor fix
2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929
minor update regarding DNS data retrieval task
2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120
enablind DNS server for DNS data exfiltration
2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4
bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)
2012-03-31 10:22:50 +00:00
Miroslav Stampar
429b8396e9
minor update for DNSServer support
2012-03-30 13:20:29 +00:00
Miroslav Stampar
56638f9e95
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa
minor update
2012-03-30 10:37:46 +00:00
Miroslav Stampar
6acf6b193a
minor update regarding boolean logic comparison mechanism
2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540
minor comment update
2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
2012-03-29 13:39:12 +00:00
Miroslav Stampar
772ead8d03
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
2012-03-29 12:44:20 +00:00
Miroslav Stampar
c9cac957bb
adding one more case for false positive check (Generic tests without any DBMS knowledge)
2012-03-29 09:56:09 +00:00
Miroslav Stampar
60146481af
bug fix(es) (flags were used in place of count parameter in re.sub() calls)
2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d
memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)
2012-03-28 19:27:12 +00:00
Miroslav Stampar
7d131d1fb1
minor update
2012-03-28 13:46:31 +00:00
Miroslav Stampar
7fd64df167
minor code cleaning
2012-03-28 13:31:07 +00:00
Miroslav Stampar
769b0d0ae7
more minor updates regarding data retrieval through DNS channel
2012-03-27 19:29:24 +00:00
Miroslav Stampar
1b072f6415
laying foundation for DNS based data retrieval
2012-03-27 18:59:12 +00:00
Miroslav Stampar
3abcd6910a
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
2012-03-22 00:06:50 +00:00
Miroslav Stampar
e88687b1f0
revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)
2012-03-21 23:15:59 +00:00
Miroslav Stampar
524c1d38ad
making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)
2012-03-21 23:03:57 +00:00
Miroslav Stampar
11132ba993
fix for a bug in reflection removal mechanism
2012-03-19 14:28:18 +00:00
Miroslav Stampar
8e7d360ea2
cleaner refactoring regarding last commit
2012-03-19 12:03:25 +00:00
Miroslav Stampar
401763b6f8
minor fix (it has to be level 1 array like it was with the previous re.findall mechanism)
2012-03-19 12:00:22 +00:00
Miroslav Stampar
037db9b3b8
minor removal of older stuff
2012-03-19 09:38:27 +00:00
Miroslav Stampar
da7f4eeffd
removing left over
2012-03-18 17:33:14 +00:00
Miroslav Stampar
0fc4288a7c
modifying redirection code for only two choices
2012-03-18 17:27:08 +00:00
Bernardo Damele
c03d0e24fb
it must stay as is
2012-03-16 17:42:00 +00:00
Bernardo Damele
3505503a08
no need to return here
2012-03-16 17:30:16 +00:00
Bernardo Damele
942d9e4fa8
code cleanup
2012-03-16 17:27:24 +00:00
Bernardo Damele
a1c943fc79
Major bug fix to comparison algorithm with OR based boolean-based injections
2012-03-16 17:22:55 +00:00
Miroslav Stampar
d66056fe39
one more related commit
2012-03-16 13:16:53 +00:00
Miroslav Stampar
ac02a2d92c
minor fix
2012-03-16 13:14:14 +00:00
Miroslav Stampar
cbdcbdd786
minor minor update
2012-03-16 11:18:18 +00:00
Miroslav Stampar
b130a9e14e
minor fix (writing to HashDB on any interrupt)
2012-03-16 10:15:43 +00:00
Miroslav Stampar
577caac4de
putting kb.negativeLogic setting to the safe place
2012-03-16 09:17:11 +00:00
Miroslav Stampar
209e795369
minor just in case update
2012-03-16 09:02:17 +00:00
Miroslav Stampar
adb5fff6b2
one more update related to the redirection mechanism
2012-03-15 20:17:40 +00:00
Miroslav Stampar
7d313ac911
few more fixes for proper redirecting mechanism
2012-03-15 19:47:59 +00:00
Bernardo Damele
86c4650058
Minor bug fix - revert
2012-03-15 17:12:24 +00:00
Bernardo Damele
cc15373769
More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)
2012-03-15 16:29:28 +00:00
Bernardo Damele
4520744b4d
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
2012-03-15 16:25:26 +00:00
Miroslav Stampar
ddd92476a8
minor fix
2012-03-15 15:58:25 +00:00
Miroslav Stampar
19beb912fa
first step toward negative logic support
2012-03-15 15:52:12 +00:00
Miroslav Stampar
8dd570057b
minor fix (double traffic log for -t in case of HTTP error)
2012-03-15 14:51:16 +00:00
Miroslav Stampar
f7df755f37
minor update
2012-03-15 12:55:22 +00:00
Miroslav Stampar
3d39c6cb3b
some fixes here and there
2012-03-15 12:14:50 +00:00
Miroslav Stampar
3d9b1599d1
minor update
2012-03-15 11:45:32 +00:00
Miroslav Stampar
91f1d6141f
minor fix
2012-03-15 11:24:55 +00:00
Miroslav Stampar
a8c9a47092
redirect logic rewritten from scratch
2012-03-15 11:10:58 +00:00
Bernardo Damele
890bf708bc
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
2012-03-15 00:19:57 +00:00
Bernardo Damele
1e71b24dca
More info messages to prove xp_cmdshell (and temporary directory choosen) worked
2012-03-14 22:41:53 +00:00
Miroslav Stampar
52a8b25ff4
minor fix
2012-03-14 14:31:41 +00:00
Miroslav Stampar
ca0d068575
distinguishing NULL from BLANK
2012-03-14 13:52:23 +00:00
Miroslav Stampar
e38b59a2ae
minor update
2012-03-14 13:16:49 +00:00
Miroslav Stampar
cee9ff7885
proper parsing of content in partial union technique
2012-03-14 11:23:30 +00:00
Miroslav Stampar
61ad3b999a
fix for a crash with partial union and --hex
2012-03-14 10:31:24 +00:00
Miroslav Stampar
a7fbc55748
grammar fix
2012-03-13 22:03:23 +00:00
Miroslav Stampar
edfcddd3c3
minor fix for logging only cookies used by request (e.g. --load-cookies case)
2012-03-13 10:58:15 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
e827f41cdb
using pickle HIGHEST_PROTOCOL just in case
2012-03-13 09:35:37 +00:00
Miroslav Stampar
e6c610abab
minor fix
2012-03-13 09:14:56 +00:00
Miroslav Stampar
cda8815634
introducing safe deprecation mechanism for HashDB versioning
2012-03-12 22:55:57 +00:00
Miroslav Stampar
48bcde478e
more general update
2012-03-12 15:29:55 +00:00
Miroslav Stampar
1d0c8a7f44
minor update
2012-03-12 15:19:02 +00:00
Miroslav Stampar
6ed1b04bbe
minor update
2012-03-12 13:27:07 +00:00
Miroslav Stampar
c878dd3e5a
doing a dummy test for --os-shell in case of xp_cmdshell
2012-03-09 14:21:41 +00:00
Miroslav Stampar
a0b46963cb
minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)
2012-03-09 10:28:19 +00:00
Miroslav Stampar
5a83f1c5f7
minor update
2012-03-08 15:43:22 +00:00
Bernardo Damele
c79807f5fb
Minor layout adjustments
2012-03-08 15:11:24 +00:00
Miroslav Stampar
775e424bf2
bug fix for using --no-cast and --hex switches together
2012-03-08 15:04:52 +00:00
Miroslav Stampar
11c7cc5224
minor temporary fix
2012-03-08 11:08:43 +00:00
Miroslav Stampar
98a3e43f53
bug fix for writing raw pickled data into SQLite HashDB
2012-03-08 10:57:47 +00:00
Miroslav Stampar
cd28eb6544
minor update regarding --load-cookies
2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9
minor update
2012-03-08 10:03:59 +00:00
Miroslav Stampar
9ca8bc4d51
minor bug fix
2012-03-08 09:52:33 +00:00
Miroslav Stampar
b4cf8b05b3
added switch --load-cookies
2012-03-07 14:48:45 +00:00
Miroslav Stampar
4cfea96471
minor update
2012-03-05 09:56:48 +00:00
Miroslav Stampar
0ead1fd87e
minor update
2012-03-05 09:42:52 +00:00
Miroslav Stampar
ac5a752b12
Oracle's XMLType doesn't like '#' char too
2012-03-01 11:59:37 +00:00
Miroslav Stampar
f4e410db16
minor fix
2012-03-01 10:17:39 +00:00
Miroslav Stampar
1ec56f93ec
minor update
2012-03-01 10:10:19 +00:00
Miroslav Stampar
2d3c12d2d0
shorter single line info
2012-03-01 09:10:24 +00:00
Miroslav Stampar
37db27b720
turning back on automatic adjusting of delays in time based queries
2012-02-29 15:51:23 +00:00
Miroslav Stampar
0205d96d7b
minor fix
2012-02-29 15:38:01 +00:00
Miroslav Stampar
1bdc07c279
minor update
2012-02-29 15:02:24 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
f6f98f1b41
minor improvement
2012-02-29 14:19:59 +00:00
Miroslav Stampar
d06182347f
fixing few potential problems
2012-02-29 13:56:40 +00:00
Miroslav Stampar
f142c0f782
minor update
2012-02-28 14:04:13 +00:00
Miroslav Stampar
22b3fa0749
minor update
2012-02-27 15:28:36 +00:00
Miroslav Stampar
a9bf0297f6
moving injection data to HashDB
2012-02-27 13:44:07 +00:00
Miroslav Stampar
68e08d2749
minor fix for not displaying 'None' but None in enumeration when data unavailable
2012-02-27 13:15:10 +00:00
Miroslav Stampar
a424de3102
minor fix
2012-02-27 12:55:28 +00:00
Miroslav Stampar
1e82405bb9
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
Miroslav Stampar
3909658fc2
few minor just in case updates
2012-02-27 11:15:53 +00:00
Miroslav Stampar
85125018a1
minor bug fix
2012-02-25 22:54:32 +00:00
Miroslav Stampar
5d307cf886
minor update
2012-02-25 10:54:39 +00:00
Miroslav Stampar
06ab3fa134
minor update
2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386
minor update
2012-02-25 10:43:10 +00:00
Miroslav Stampar
5b67af3b20
minor update
2012-02-24 15:03:39 +00:00
Miroslav Stampar
8a203ef79d
making session data strictly dependent on url through HashDB helper functions
2012-02-24 14:58:24 +00:00
Miroslav Stampar
c36cbbb3ae
minor fix
2012-02-24 14:54:10 +00:00
Miroslav Stampar
9d6fd2e507
bug fix for --schema --technique=BST
2012-02-24 14:12:19 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f
minor update
2012-02-24 11:25:56 +00:00
Miroslav Stampar
1f6ce265b9
minor fix
2012-02-24 11:05:04 +00:00
Miroslav Stampar
5afbd52b61
more update related to last commits
2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2
more general fix
2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f
fixing problems with chars deletition by logging messages in inference mode
2012-02-24 10:48:19 +00:00
Miroslav Stampar
71028a81f5
fix for proper retrieval of columns in SQLite
2012-02-24 09:55:13 +00:00
Miroslav Stampar
7941504c3a
minor update
2012-02-23 15:32:36 +00:00
Miroslav Stampar
0478e4166a
minor justin case fix
2012-02-23 15:19:20 +00:00
Miroslav Stampar
086c3a3662
minor fix
2012-02-23 13:31:50 +00:00
Miroslav Stampar
6e54cb171f
minor code restyling
2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9
minor update
2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3
using UNION SELECT for where=..NEGATIVE
2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b
minor update
2012-02-21 13:49:30 +00:00
Miroslav Stampar
686eacda9a
minor update regarding --hex
2012-02-21 13:38:18 +00:00
Miroslav Stampar
bcf3255fe1
implementation of switch --hex for 4 major DBMSes
2012-02-21 11:44:48 +00:00
Miroslav Stampar
3e4db6d140
minor fix for Python v2.6
2012-02-20 19:35:57 +00:00
Miroslav Stampar
bc4dd7c0dd
fix for -g
2012-02-20 10:02:19 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
6632aa7308
some more refactoring
2012-02-16 13:46:01 +00:00
Miroslav Stampar
844fc8addb
minor cleanup
2012-02-16 10:19:36 +00:00
Miroslav Stampar
0e23521adc
some more refactoring
2012-02-16 09:54:29 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Miroslav Stampar
bcf9fc6c6f
minor refactoring
2012-02-16 09:32:47 +00:00
Miroslav Stampar
8d7912ad34
minor update and refactoring
2012-02-15 14:05:50 +00:00
Miroslav Stampar
bf923a97df
minor update
2012-02-15 13:45:10 +00:00
Miroslav Stampar
122db6e164
minor update
2012-02-15 13:24:02 +00:00
Miroslav Stampar
9059d30312
adding first code example for SPL snippets
2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113
bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt)
2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e
minor update (it was working before too, but this is cleaner)
2012-02-15 10:14:29 +00:00
Bernardo Damele
1c44d6d3c7
Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d
2012-02-14 17:29:00 +00:00
Miroslav Stampar
23cc8b6974
minor fix for special cases when parameter value contains html encoded characters
2012-02-14 14:08:10 +00:00
Miroslav Stampar
c1ab02494c
minor grammar and cosmetics
2012-02-14 13:18:37 +00:00
Miroslav Stampar
bb5113980b
minor update
2012-02-14 10:27:56 +00:00
Miroslav Stampar
3f15c52188
minor change in workflow for "tainted" parameter values
2012-02-14 09:26:52 +00:00
Miroslav Stampar
2604e73d88
minor change in workflow
2012-02-13 11:18:47 +00:00
Miroslav Stampar
96f589fc89
minor fix
2012-02-12 19:22:33 +00:00
Miroslav Stampar
8a2bd3897d
minor output fix
2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5
minor fix
2012-02-12 18:46:25 +00:00
Miroslav Stampar
249cb48b0b
minor fix
2012-02-10 15:59:11 +00:00
Miroslav Stampar
6be95194a7
matter of concision
2012-02-10 15:37:43 +00:00
Miroslav Stampar
eab7a54e03
cosmetics
2012-02-10 15:34:04 +00:00
Miroslav Stampar
92590d0d59
minor fix
2012-02-10 15:26:55 +00:00
Miroslav Stampar
e36e9de57e
minor update by request
2012-02-10 15:12:23 +00:00
Miroslav Stampar
b140ef4a14
minor update (preparing for switching to HashDB from old sessionFile)
2012-02-10 10:24:48 +00:00
Miroslav Stampar
980367b7b2
minor update
2012-02-09 09:48:47 +00:00
Miroslav Stampar
7e9e582eca
minor update
2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7
minor update
2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593
minor update
2012-02-08 12:00:03 +00:00
Miroslav Stampar
93d7d6c355
minor patch
2012-02-08 10:38:58 +00:00
Miroslav Stampar
6bedb80ffa
adding --force-ssl switch (most useful in combination with -r)
2012-02-08 09:11:57 +00:00