Commit Graph

750 Commits

Author SHA1 Message Date
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Bernardo Damele
f704a46341 silly blank line added 2012-07-12 01:38:29 +01:00
Bernardo Damele
a5924739f6 minor code refactoring in preparation of ticket #75 2012-07-12 01:12:30 +01:00
Miroslav Stampar
295a7a8e5e Another update for Issue #80 2012-07-11 16:14:20 +02:00
Miroslav Stampar
9a4f8d5f45 Fix for Issue #80 2012-07-11 16:01:25 +02:00
Bernardo Damele
d3da3f5c52 refactoring for issue #51 2012-07-10 00:19:32 +01:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Miroslav Stampar
1a8ebbfd43 Minor refactoring 2012-07-06 17:05:47 +02:00
Bernardo Damele
373fea03a3 fixed display of TABs 2012-07-06 15:13:23 +01:00
Miroslav Stampar
438a636973 Fix for issue Issue #60 2012-07-06 15:36:32 +02:00
Miroslav Stampar
76f7f907c6 Minor update for Issue #61 2012-07-06 14:33:40 +02:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
21d9ae0a2c some more refactoring 2012-07-01 01:19:54 +02:00
Miroslav Stampar
32f52cdd04 Another language update for Issue #45 2012-06-29 10:33:54 +02:00
Miroslav Stampar
f0e39c3fae Language update for Issue #45 2012-06-29 10:33:00 +02:00
Miroslav Stampar
c0f16f0c1a Fix for Issue #45 2012-06-29 10:31:03 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
6c4bd84d18 minor fix (turning back the functionality of kb.suppressResumeInfo) 2012-06-25 16:19:51 +00:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
302d782a0f minor style update 2012-06-19 08:33:51 +00:00
Miroslav Stampar
e2a60b302f minor fix 2012-06-17 21:21:45 +00:00
Miroslav Stampar
fe49abd45f minor fix 2012-06-15 20:49:28 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
76c873a222 minor fix 2012-06-15 06:22:44 +00:00
Miroslav Stampar
facce2c0df some more cleanup 2012-06-14 13:50:36 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
b85a1fc271 minor fix 2012-06-05 22:55:42 +00:00
Miroslav Stampar
76a4aa19ac some more fine tunning 2012-05-28 19:50:12 +00:00
Miroslav Stampar
73dba249e8 one more just in case update 2012-05-28 19:34:47 +00:00
Miroslav Stampar
190ae4ca13 no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...) 2012-05-28 15:10:17 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
4e6fcce9ca minor update 2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9 minor language update 2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34 turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars 2012-05-26 07:00:26 +00:00
Miroslav Stampar
b0a8238774 minor fixes 2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262 minor fix 2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6 minor update for empty tables (skipping other techniques) 2012-05-09 10:34:21 +00:00
Miroslav Stampar
e419177871 minor update 2012-05-08 17:28:19 +00:00
Miroslav Stampar
eccd4da00f minor fix 2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e doing all the work for the users so they wouldn't strain their little hands 2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2 that query variable hasn't been used anywhere (obsolete for some time) 2012-05-08 14:34:40 +00:00
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
71b0acc16f minor fix (checking for full inband should be done with ORIGINAL - more concise) 2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46 minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....) 2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895 another cosmetics 2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3 minor cosmetics 2012-04-13 15:10:40 +00:00
Miroslav Stampar
831f79b851 minor generalization 2012-04-12 09:30:19 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
a5b69eaea4 removing unused imports 2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da revert 2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd works against MySQL/Windows 2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b Add a space after a comment 2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22 leftover 2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode 2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1 minor fix 2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
78f51fd2e5 minor fix 2012-04-03 10:18:03 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
5f94987b0f fix for DNS method for MSSQL 2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8 minor update 2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b minor fixes 2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
7fd64df167 minor code cleaning 2012-03-28 13:31:07 +00:00
Miroslav Stampar
1b072f6415 laying foundation for DNS based data retrieval 2012-03-27 18:59:12 +00:00
Miroslav Stampar
8e7d360ea2 cleaner refactoring regarding last commit 2012-03-19 12:03:25 +00:00
Miroslav Stampar
401763b6f8 minor fix (it has to be level 1 array like it was with the previous re.findall mechanism) 2012-03-19 12:00:22 +00:00
Miroslav Stampar
d66056fe39 one more related commit 2012-03-16 13:16:53 +00:00
Miroslav Stampar
ac02a2d92c minor fix 2012-03-16 13:14:14 +00:00
Miroslav Stampar
b130a9e14e minor fix (writing to HashDB on any interrupt) 2012-03-16 10:15:43 +00:00
Miroslav Stampar
e38b59a2ae minor update 2012-03-14 13:16:49 +00:00
Miroslav Stampar
cee9ff7885 proper parsing of content in partial union technique 2012-03-14 11:23:30 +00:00
Miroslav Stampar
5a83f1c5f7 minor update 2012-03-08 15:43:22 +00:00
Miroslav Stampar
9ca8bc4d51 minor bug fix 2012-03-08 09:52:33 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
f4e410db16 minor fix 2012-03-01 10:17:39 +00:00
Miroslav Stampar
37db27b720 turning back on automatic adjusting of delays in time based queries 2012-02-29 15:51:23 +00:00
Miroslav Stampar
1bdc07c279 minor update 2012-02-29 15:02:24 +00:00
Miroslav Stampar
c36cbbb3ae minor fix 2012-02-24 14:54:10 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f minor update 2012-02-24 11:25:56 +00:00
Miroslav Stampar
5afbd52b61 more update related to last commits 2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f fixing problems with chars deletition by logging messages in inference mode 2012-02-24 10:48:19 +00:00
Miroslav Stampar
086c3a3662 minor fix 2012-02-23 13:31:50 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3 using UNION SELECT for where=..NEGATIVE 2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b minor update 2012-02-21 13:49:30 +00:00
Miroslav Stampar
bcf3255fe1 implementation of switch --hex for 4 major DBMSes 2012-02-21 11:44:48 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
8a2bd3897d minor output fix 2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5 minor fix 2012-02-12 18:46:25 +00:00
Miroslav Stampar
b140ef4a14 minor update (preparing for switching to HashDB from old sessionFile) 2012-02-10 10:24:48 +00:00
Miroslav Stampar
e50d64546f minor fix 2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3 just a makeup 2012-02-07 12:05:23 +00:00
Miroslav Stampar
8c45ff0d57 bug fix 2012-02-03 10:38:04 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
df43157284 minor patch 2012-02-01 12:28:06 +00:00
Miroslav Stampar
2ee198a381 minor "patch" 2012-02-01 11:00:01 +00:00
Miroslav Stampar
4d9dcbf5db minor fix 2012-02-01 10:14:23 +00:00
Miroslav Stampar
46f42f2fe4 minor fix 2012-01-30 13:10:35 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd more concise language 2012-01-07 17:45:45 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
9d50c806e1 bug fix 2012-01-05 10:55:58 +00:00
Miroslav Stampar
29f502fe29 some refactoring 2011-12-28 16:27:17 +00:00
Miroslav Stampar
22c3fe49bb some refactoring 2011-12-28 13:50:03 +00:00
Miroslav Stampar
abb401879c minor update 2011-12-22 20:42:57 +00:00
Miroslav Stampar
8585107e3d minor update 2011-12-22 12:21:30 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
9f68e54fff minor cleanup 2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7 speedup of UNION dumping 2011-12-22 10:44:14 +00:00
Miroslav Stampar
b77e2042f2 some optimization 2011-12-21 23:23:00 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
316e27a809 minor update 2011-12-15 10:19:31 +00:00
Miroslav Stampar
d6f936b98d minor update 2011-11-23 15:51:48 +00:00
Miroslav Stampar
40f21c3917 minor update 2011-11-23 15:38:31 +00:00
Miroslav Stampar
f39170a2c4 minor update 2011-11-22 15:06:51 +00:00
Miroslav Stampar
e94efff187 some more optimization 2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
1b45c5b56a bug fix 2011-10-28 15:24:35 +00:00
Miroslav Stampar
e290f2b80b minor update 2011-10-28 11:11:55 +00:00
Miroslav Stampar
23bf52e496 minor refactoring 2011-10-24 09:55:50 +00:00
Miroslav Stampar
6d64f87190 minor update 2011-10-24 00:46:54 +00:00
Miroslav Stampar
8bd3cfdc8e minor update 2011-10-24 00:17:38 +00:00
Miroslav Stampar
7c626f1dbe minor fix 2011-10-23 23:18:39 +00:00
Miroslav Stampar
d77a5f5928 update (generalizing ORDER BY approach) 2011-10-23 23:02:01 +00:00
Miroslav Stampar
1c3f4e9e54 minor update 2011-10-23 08:44:21 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
7a3096ce25 some refactoring 2011-10-21 21:12:48 +00:00
Miroslav Stampar
9356f8005c important bug fix 2011-10-21 21:07:06 +00:00
Miroslav Stampar
0a8e45955c minor update 2011-10-21 20:44:18 +00:00
Miroslav Stampar
e3a719e7d2 minor update 2011-10-11 22:40:00 +00:00
Miroslav Stampar
7956390631 minor update 2011-10-11 22:27:49 +00:00
Miroslav Stampar
a7a29f33ad minor update 2011-10-11 21:58:57 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Miroslav Stampar
8fe069b495 minor fix 2011-08-23 21:48:39 +00:00
Miroslav Stampar
cfc1f2b70b minor update 2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7 improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used) 2011-08-22 21:43:46 +00:00
Miroslav Stampar
cb32d46f2a minor minor update 2011-08-18 06:09:12 +00:00
Miroslav Stampar
9d31322f3d update regarding special case when conf.uChar appears only in testable pages 2011-08-17 21:40:42 +00:00
Miroslav Stampar
e1dbb4443b minor update related to the last commit 2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) 2011-08-16 06:50:20 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Miroslav Stampar
e849b71027 minor typo 2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5 removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports 2011-08-03 13:26:38 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Miroslav Stampar
edab7d01a5 minor fix 2011-08-02 17:31:13 +00:00
Miroslav Stampar
cb0981d858 proper way of handling 0 length results (as in __goInferenceProxy) 2011-08-02 08:39:32 +00:00
Miroslav Stampar
018d7ed646 improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery) 2011-07-31 23:40:09 +00:00
Miroslav Stampar
e522263640 fix for a neverending data retrieval in large full inband cases 2011-07-29 10:45:09 +00:00
Bernardo Damele
938716e361 Proper fix for --start and --stop consistency amongst different techniques 2011-07-26 10:06:28 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784 minor optimization and refactoring 2011-07-25 20:17:44 +00:00
Miroslav Stampar
2033a28ae7 minor update regarding last commit (cleaner code) 2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa doing proper big table support for partial union too 2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a Major bug fix in UNION detection, it was a leftover 2011-07-07 00:06:20 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
9eb683531d Minor improvement at blind SQL inj technique for DB2 2011-06-27 22:28:12 +00:00
Miroslav Stampar
9e232256f4 reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic) 2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9 --stop is inclusive ("Last query output entry to retrieve") 2011-06-21 18:08:33 +00:00
Miroslav Stampar
83af83da9e minor beautification (WordsSet is considered as a bad english) 2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997 Use getPageTextWordsSet() also in --common-columns 2011-06-18 12:30:26 +00:00
Bernardo Damele
cd07139919 Layout adjustments 2011-06-18 11:58:14 +00:00
Miroslav Stampar
905fef0eae now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) 2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece better 2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0 "Please consider to provide" is a bad English 2011-06-18 09:46:22 +00:00
Miroslav Stampar
9498a3f259 little stabilization of multi threading 2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e some fixes 2011-06-16 14:27:44 +00:00
Bernardo Damele
6aade8e6fc grammar fix, again 2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784 Grammar fix 2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36 Rephrase 2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Miroslav Stampar
e7e23d1b79 fix for a Ctrl+C bug reported by nightman@email.de 2011-06-07 17:16:01 +00:00
Miroslav Stampar
50dde39e68 minor update 2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23 more refactoring 2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c refactoring and stabilization of multithreading 2011-06-07 09:50:00 +00:00
Miroslav Stampar
64a862ed58 minor usability update 2011-06-03 14:04:02 +00:00
Miroslav Stampar
fc96764f80 minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None) 2011-06-01 22:06:06 +00:00
Miroslav Stampar
091c174bc4 better language 2011-06-01 08:30:06 +00:00
Miroslav Stampar
42100e0e5b big bug fix 2011-05-30 23:15:29 +00:00
Miroslav Stampar
9600556dae better language 2011-05-30 23:04:49 +00:00
Miroslav Stampar
b79dae6e95 minor update 2011-05-30 14:49:03 +00:00
Miroslav Stampar
d5ede6afb4 fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range) 2011-05-30 06:38:44 +00:00