sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 11:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,121 Commits 4 Branches 117 Tags 97 MiB
af99105c27
Commit Graph

1480 Commits

Author SHA1 Message Date
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709 back to roots 2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1 Code cleanup 2011-01-18 23:05:32 +00:00
Bernardo Damele
eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. 
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
 2011-01-18 23:03:50 +00:00
Bernardo Damele
cffa17f5a6 Major bug fix - before it raised a traceback, now works. 2011-01-18 23:02:47 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. 
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
 2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781 minor fix (for numeric columns with all 0) 2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2 you can't believe how much man can learn when having good testing points 2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa was wrong about this one (just now tested on a real site) 2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) 2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3 minor update regarding default page encoding 2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
99a3a3b89c minor fix (break if all found) 2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd information update regarding common password suffixes 2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695 minor cosmetics 2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81 minor cosmetics 2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f minor improvement 2011-01-16 20:55:07 +00:00
Miroslav Stampar
f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency 2011-01-16 19:29:06 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e russian sites are great for testing :) 2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Miroslav Stampar
718eef8753 minor fix 2011-01-16 18:11:35 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" 2011-01-16 12:12:01 +00:00
Miroslav Stampar
2001bad7e1 automatic adjustment of timeSec for delayed queries 2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix. 
Minor code refactoring.
 2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Miroslav Stampar
29ea0950b6 now False is also affected (along with None and "") 2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4 Minor improvement 2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8 Minor refactoring 2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e bug fix and proper warning message 2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c code review of modules in lib/core directory 2011-01-15 12:13:45 +00:00
Miroslav Stampar
05b2a338fe cosmetics 2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348 minor update 2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d Code cleanup 2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7 Minor bug fix 2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020 Minor bug fix 2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. 
Minor bug fixes thanks to previous refactoring too.
 2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f revert 2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19 minor fix 2011-01-13 15:19:37 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521 Verbose docstring 2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555 update 2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62 Cosmetics 2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca minor update 2011-01-13 11:08:29 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix. 
Minor code restyling.
 2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections. 
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
 2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f Minor update 2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92 Proper fix to avoid UNION test false positives 2011-01-11 23:59:02 +00:00
Bernardo Damele
c2e994e806 Minor adjustment 2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase. 
Added minor support to escape quotes in UNION payloads during detection phase.
 2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f Major bug fix 2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns. 
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
 2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
 2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
e3146464da minor fix for a bug reported by nightman 2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268 minor fix 2011-01-11 12:16:20 +00:00
Miroslav Stampar
394b6bc029 reverting some changes 2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a minor update 2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1 didn't know this to be honest 2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063 revert of one thing for Bernardo and minor update 2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57 adding openFile method with an exception block around file opening part 2011-01-08 09:30:10 +00:00
Miroslav Stampar
e3899f7467 fix of a fix 2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf minor fix 2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f minor fix 2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42 cosmetics 2011-01-07 17:25:22 +00:00
Bernardo Damele
97ae7e330f cosmetics 2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2 Cosmetics 2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423 suppress session in case of brute methods 2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7 Mere cosmetics 2011-01-07 16:36:32 +00:00
Miroslav Stampar
1a079c62cb minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones) 2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
c968b438f2 Ctrl+C added to union dump 2011-01-06 09:48:04 +00:00
Miroslav Stampar
0616edcc44 adding progress to --union-test 2011-01-06 09:26:01 +00:00
Miroslav Stampar
8b9a624546 added progress into union based entry retrieval 2011-01-06 09:10:20 +00:00
Miroslav Stampar
cc9ca802bf minor update 2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) 2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1 minor fix/update 2011-01-05 13:32:40 +00:00
Miroslav Stampar
7411052456 minor update regarding last commit 2011-01-05 12:09:57 +00:00
Miroslav Stampar
042e3f76ba bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded) 2011-01-05 11:36:40 +00:00
Miroslav Stampar
7ae5192070 adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data) 2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5 foundation for filtering binary string values (for example, replacement of non readable chars with #) 2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033 implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) 2011-01-04 15:49:20 +00:00
Miroslav Stampar
eb11f5b2e0 minor update 2011-01-04 13:07:12 +00:00
Miroslav Stampar
c1dc73d0a1 minor, just in case update related to the previous commit 2011-01-04 12:56:55 +00:00
Miroslav Stampar
709a7d156b fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...) 2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3 minor update 2011-01-04 08:40:41 +00:00
Miroslav Stampar
fdc463d08b fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range) 2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
572f403069 update of one thing that was missing 2011-01-03 21:28:22 +00:00
Miroslav Stampar
ce48ea75d0 noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links 2011-01-03 14:39:23 +00:00
Miroslav Stampar
6aa616bd0d minor minor fix 2011-01-03 14:28:20 +00:00
Miroslav Stampar
92e4cdb241 raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic 2011-01-03 14:21:41 +00:00
Miroslav Stampar
07129371bf bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests) 2011-01-03 13:04:20 +00:00
Miroslav Stampar
3629c2737b automatically turn on --text-only in case of heavily-dynamicity instead of critical exit 2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6 some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one 2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f minor update 2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4 minor update 2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2 added one new quick check for multiple target(s) mode 2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
f762f32de8 bug fix for proper --parse-errors on .aspx pages 2011-01-02 13:00:04 +00:00
Miroslav Stampar
dce9a762f1 important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode 2011-01-02 10:37:32 +00:00
Miroslav Stampar
96341f8f78 minor fix 2011-01-02 09:16:17 +00:00
Miroslav Stampar
5c6c870db4 removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode 2011-01-02 08:43:38 +00:00
Miroslav Stampar
6651ba05eb another fix (OS was set to None at all previous sessions if there was no explicit OS testing done) 2011-01-02 08:08:38 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
ec4440108b minor cosmetics 2011-01-02 07:09:04 +00:00
Miroslav Stampar
428e817a32 some refactoring 2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d user can now choose if he wants to skip non-heuristic based DBMS tests 2011-01-01 23:38:11 +00:00
Miroslav Stampar
8a93cfd975 minor update 2011-01-01 22:43:15 +00:00
Miroslav Stampar
52e44df86c minor update 2011-01-01 21:11:29 +00:00
Miroslav Stampar
942cbafba6 minor update 2011-01-01 20:19:55 +00:00
Miroslav Stampar
e4fd8b3f0c (e) finally works as it should 2011-01-01 19:22:44 +00:00
Miroslav Stampar
0e815177c8 minor update 2011-01-01 19:07:40 +00:00
Miroslav Stampar
ef27fd5ea1 there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html) 2011-01-01 15:20:29 +00:00
Miroslav Stampar
15e6911fd8 fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write') 2011-01-01 12:23:02 +00:00
Miroslav Stampar
91f665aaaa bug fix for Ctrl+C 2010-12-31 15:00:19 +00:00
Miroslav Stampar
5db8ebbfa9 update of mysql comment versions 2010-12-31 12:42:12 +00:00
Miroslav Stampar
281d124fa6 minor bug fix 2010-12-31 12:04:39 +00:00
Miroslav Stampar
613242e298 bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved) 2010-12-29 19:48:19 +00:00