346 Commits

Author	SHA1	Message	Date
Miroslav Stampar	b6af80bab3	refactoring, cleanup and improvement	2011-03-29 21:54:15 +00:00
Miroslav Stampar	12f3024c8a	removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)	2011-03-29 20:45:21 +00:00
Miroslav Stampar	d0861a00e2	minor improvement	2011-03-29 15:37:57 +00:00
Miroslav Stampar	1823c116bb	minor update for special cases of union testing results	2011-03-28 21:45:38 +00:00
Miroslav Stampar	1119a85f39	it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)	2011-03-25 21:31:26 +00:00
Miroslav Stampar	6c6133e8aa	revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)	2011-03-25 20:46:37 +00:00
Miroslav Stampar	737b4abf13	this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)	2011-03-25 20:30:15 +00:00
Miroslav Stampar	422967fbcd	just an minor update related to the last commit	2011-03-25 12:21:53 +00:00
Miroslav Stampar	ea52d7acad	minor revisit of inference	2011-03-24 20:10:40 +00:00
Miroslav Stampar	0f7bce5c66	fixing a huge mess going on because of counting on error and union techniques	2011-03-23 11:36:40 +00:00
Miroslav Stampar	7613134515	it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)	2011-03-22 12:37:05 +00:00
Miroslav Stampar	9479a68eb5	minor fix regarding last commit	2011-03-22 12:21:56 +00:00
Miroslav Stampar	c24ed6e622	minor fix related to a bug reported by warninggp@gmail.com	2011-03-22 09:22:48 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	9b1f2d82d0	minor update (that .strip() was a leftover)	2011-03-20 23:20:47 +00:00
Miroslav Stampar	db992a0a86	mssql likes to htmlescape error reports	2011-03-20 23:16:34 +00:00
Bernardo Damele	03fac62592	Minor code restyle	2011-03-17 12:34:29 +00:00
Miroslav Stampar	beba69faa9	implementation of request from Santiago (look for error based responses in redirects)	2011-03-17 09:12:28 +00:00
Miroslav Stampar	847ce863e3	refactoring	2011-03-17 08:54:20 +00:00
Bernardo Damele	d8a76ebe34	Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs	2011-03-11 16:03:19 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Bernardo Damele	60605b6e7c	Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)	2011-02-27 12:14:13 +00:00
Miroslav Stampar	aa88361ab1	incorporation of method for neutralization of reflective values	2011-02-25 09:22:44 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	83d7803ce7	other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)	2011-02-12 20:03:28 +00:00
Bernardo Damele	864eade744	Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase	2011-02-10 11:14:05 +00:00
Bernardo Damele	aa0fb276ba	More fixes for --common-columns to work against MSSQL too	2011-02-09 17:22:07 +00:00
Miroslav Stampar	917b2b0d6b	one more commit related to the previous one	2011-02-09 17:07:02 +00:00
Miroslav Stampar	6c582343fe	.. fix	2011-02-09 17:05:06 +00:00
Miroslav Stampar	3de6117253	revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)	2011-02-09 09:53:59 +00:00
Miroslav Stampar	98ca1702ae	los cosmeticado	2011-02-08 16:30:32 +00:00
Miroslav Stampar	87e36796c6	just to not cause confusion	2011-02-08 16:29:42 +00:00
Miroslav Stampar	dcb9c93328	minor cleanup	2011-02-08 16:27:58 +00:00
Miroslav Stampar	37f7001143	first commit with mysql/error/substringing	2011-02-08 16:23:33 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	66adf23532	Unbiased approach for searching appropriate usable column	2011-02-07 21:00:59 +00:00
Miroslav Stampar	f958b21613	there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)	2011-02-07 16:55:02 +00:00
Miroslav Stampar	265e7ca272	fix for that MSSQL limit/top problem	2011-02-07 16:24:23 +00:00
Bernardo Damele	061f56daf9	More adjustments related to unescape() and cleanupPayload(). ... Minor code cleanup related to error-based payload.	2011-02-06 23:27:56 +00:00
Bernardo Damele	9eac2339ca		2011-02-06 22:55:26 +00:00
Bernardo Damele	f3d6be7868	Code cleanup	2011-02-06 22:32:44 +00:00
Miroslav Stampar	078a2207cc	few reverts	2011-02-06 22:10:28 +00:00
Miroslav Stampar	b9b2fe0e7c	little cleanup	2011-02-06 21:52:39 +00:00
Miroslav Stampar	412a97b7fe	fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')	2011-02-05 14:17:28 +00:00
Miroslav Stampar	acb986ae80	minor refactoring	2011-02-04 17:40:55 +00:00
Miroslav Stampar	e5f54644f0	minor "statistical" update	2011-02-03 16:59:49 +00:00
Miroslav Stampar	3bd6e538f8	more appropriate	2011-02-03 16:48:27 +00:00
Miroslav Stampar	3a13fd87fd	new UNION column detection is going into wild	2011-02-03 16:16:38 +00:00
Bernardo Damele	253a8d0679	Minor bug fix	2011-02-03 15:24:36 +00:00
Miroslav Stampar	0edb4ee314	minor fix	2011-02-03 13:28:10 +00:00