sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	07a85874fe	Implementation for Issue #92	2012-07-16 11:07:47 +02:00
Miroslav Stampar	87ecf205cb	More work for Issue #66	2012-07-14 17:01:04 +02:00
Miroslav Stampar	38d82771be	Minor style update	2012-07-14 11:23:22 +02:00
Miroslav Stampar	805120ac52	Minor refactoring	2012-07-14 11:01:30 +02:00
Miroslav Stampar	9a7fc24ec2	Minor style update	2012-07-13 15:22:08 +02:00
Miroslav Stampar	ddb9caeef1	Revert of the previous commit	2012-07-13 15:05:19 +02:00
Miroslav Stampar	d165d5d5fe	To not be confused with heuristic method in SQLi	2012-07-13 15:03:43 +02:00
Miroslav Stampar	32b700f130	Minor style update	2012-07-13 15:02:11 +02:00
Miroslav Stampar	fbb5db00ba	Minor style update	2012-07-13 15:00:39 +02:00
Miroslav Stampar	786686da60	Minor language update	2012-07-13 14:53:42 +02:00
Miroslav Stampar	9ff9c951bc	Language update	2012-07-13 14:33:16 +02:00
Miroslav Stampar	6677da63cd	Fix for an Issue #88	2012-07-13 14:25:39 +02:00
Miroslav Stampar	3c81f74823	Minor style update	2012-07-13 12:22:37 +02:00
Miroslav Stampar	6ade007aec	Minor update of language	2012-07-13 12:13:04 +02:00
Miroslav Stampar	c5ecc8b8db	Closing work on Issue #83	2012-07-13 11:23:21 +02:00
Miroslav Stampar	48f68bd076	First commit for Issue #83	2012-07-13 10:35:22 +02:00
Miroslav Stampar	d834e8debf	Minor update	2012-07-13 10:28:03 +02:00
Miroslav Stampar	b11fd8b9f7	Fix for an Issue #87	2012-07-13 10:11:16 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Miroslav Stampar	a49d685eb8	Hidding --beep (Issue #84 )	2012-07-12 17:03:24 +02:00
Bernardo Damele	ea9c66108e	cleanup for issue #68	2012-07-12 15:38:43 +01:00
Miroslav Stampar	569c9214bf	Adding support for boldifying important logging messages	2012-07-12 16:30:35 +02:00
Miroslav Stampar	b2fe1c30f8	Minority report	2012-07-12 16:04:01 +02:00
Miroslav Stampar	8e18514e56	Minor refactoring for all that stickyness	2012-07-12 15:58:45 +02:00
Miroslav Stampar	fe61bdce75	Minor update	2012-07-12 15:25:26 +02:00
Miroslav Stampar	dbbca16c69	Minor renaming	2012-07-12 15:24:40 +02:00
Miroslav Stampar	9bc24cea6b	Dealing with kb.currentMessage issue	2012-07-12 15:23:35 +02:00
Miroslav Stampar	b320dc118d	Minor fix (recognizing if it's colorizing handler or not)	2012-07-12 14:55:54 +02:00
Miroslav Stampar	cba2a26b68	Finishing Issue #75 (inference dumping)	2012-07-12 14:46:57 +02:00
Miroslav Stampar	65639cdda6	First update for Issue #75 (error-based dumping)	2012-07-12 14:31:28 +02:00
Miroslav Stampar	3fd5119f3f	Redesigning for Issue #75	2012-07-12 13:42:22 +02:00
Bernardo Damele	3d66e2dfb1	minor bug fix	2012-07-12 10:47:51 +01:00
Bernardo Damele	33cbbed4a8	I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided	2012-07-12 01:39:15 +01:00
Bernardo Damele	f704a46341	silly blank line added	2012-07-12 01:38:29 +01:00
Bernardo Damele	ee3aeb8dcf	actual implementation of issue #75 , still some work to do	2012-07-12 01:16:00 +01:00
Bernardo Damele	3a94953ae2	leftover from previous commit	2012-07-12 01:15:34 +01:00
Bernardo Damele	a5924739f6	minor code refactoring in preparation of ticket #75	2012-07-12 01:12:30 +01:00
Bernardo Damele	53c0336b48	added --hostname switch to retrieve DBMS server hostname - closes issue #69	2012-07-12 00:01:57 +01:00
Bernardo Damele	4e64c1126d	restored bold on questions to users (calls from readInput()) - issue #77	2012-07-11 22:56:11 +01:00
Bernardo Damele	247f95e051	restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done")	2012-07-11 22:48:27 +01:00
Bernardo Damele	2b3ea3e3b7	fixed colouring for PAYLOAD (-v 3) - issue #77	2012-07-11 22:40:52 +01:00
Miroslav Stampar	15ee5310d9	Adding traffic in and out to color_map	2012-07-11 20:42:18 +02:00
Miroslav Stampar	43cac2212b	Fix for a case when ColorizingStreamHandler is not used	2012-07-11 20:36:32 +02:00
Miroslav Stampar	72378d4f61	Some more refactoring	2012-07-11 20:29:48 +02:00
Miroslav Stampar	c6464b44be	Some more refactoring	2012-07-11 20:13:23 +02:00
Miroslav Stampar	d7926b8aac	Minor refactoring	2012-07-11 19:54:21 +02:00
Bernardo Damele	53ccd09ca4	now also readInput() uses colouring	2012-07-11 17:53:32 +01:00
Bernardo Damele	02ec25b4b8	code refactoring	2012-07-11 17:44:23 +01:00
Bernardo Damele	77b275f1a6	conf->kb	2012-07-11 17:32:12 +01:00
Bernardo Damele	1d2c87e24e	leftover	2012-07-11 17:22:01 +01:00
Bernardo Damele	105ac8ea77	deleted unnecessary hg file	2012-07-11 17:06:56 +01:00
Bernardo Damele	fa2f6f9a39	colourize manually crafter "logging" messages	2012-07-11 16:48:30 +01:00
Miroslav Stampar	295a7a8e5e	Another update for Issue #80	2012-07-11 16:14:20 +02:00
Miroslav Stampar	9a4f8d5f45	Fix for Issue #80	2012-07-11 16:01:25 +02:00
Bernardo Damele	0702dd70b5	verify also that the web backdoor has been successfully uploaded	2012-07-11 14:08:51 +01:00
Bernardo Damele	31571e6e2d	minor refactoring	2012-07-11 11:55:05 +01:00
Miroslav Stampar	9c4a62f725	Some work on Issue #68	2012-07-11 11:58:47 +02:00
Bernardo Damele	f219b39980	minor fix in case ctypes is not installed on Windows	2012-07-10 13:08:37 +01:00
Miroslav Stampar	8caffac4bc	conf.unescape->kb.unescape	2012-07-10 10:55:04 +02:00
Miroslav Stampar	e7f78bf04f	Fix for an issue where False value was displayed for --is.. switches	2012-07-10 10:31:14 +02:00
Bernardo Damele	ea77e7d9d1	added missing file - issue #77	2012-07-10 03:00:21 +01:00
Bernardo Damele	eb7ffb8f91	setup for implementing logging colouring - issue #77	2012-07-10 02:54:37 +01:00
Bernardo Damele	0a3899858d	missed in previous commit	2012-07-10 01:37:53 +01:00
Bernardo Damele	a27f50ed1d	added conf.unescape global variable to control whether or not the injected statements should be unescaped	2012-07-10 01:37:16 +01:00
Bernardo Damele	f645ac6040	dealing with variables in SQL procs - issue #33	2012-07-10 01:05:03 +01:00
Bernardo Damele	2527554f8e	more work on #33	2012-07-10 00:53:07 +01:00
Bernardo Damele	c4af7b9aa0	initial work for issue #33	2012-07-10 00:27:08 +01:00
Bernardo Damele	d3da3f5c52	refactoring for issue #51	2012-07-10 00:19:32 +01:00
Bernardo Damele	25eca9d671	finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34	2012-07-09 14:26:23 +01:00
Bernardo Damele	99c5ea54f7	cleanup for #34	2012-07-09 12:39:43 +01:00
Bernardo Damele	d08a54e375	properly display the command stdout	2012-07-09 10:52:48 +01:00
Miroslav Stampar	3ff28e58b4	Update regarding Issue #52	2012-07-08 19:24:25 +02:00
Miroslav Stampar	0d539a876d	Minor fix (subversion->github)	2012-07-07 23:49:34 +02:00
Miroslav Stampar	a525dd4336	Fix for Issue #72	2012-07-07 19:02:46 +02:00
Miroslav Stampar	54e0a2d8ee	--os-shell now works perfect for inference-like techniques too	2012-07-07 17:57:06 +02:00
Miroslav Stampar	823b3d8be8	Minor language fixes	2012-07-07 11:41:52 +02:00
Miroslav Stampar	2669528b24	Language typo	2012-07-07 11:16:33 +02:00
Miroslav Stampar	58f6687194	Some refactoring (reusing xpCmdshellForgeCmd)	2012-07-07 10:51:29 +02:00
Miroslav Stampar	8620767b77	Proper fix	2012-07-07 10:38:07 +02:00
Miroslav Stampar	f00a776d8d	Minor fix for BigArray (now accepting negative indexes)	2012-07-07 10:35:29 +02:00
Miroslav Stampar	1c69eb5d30	Revert "major fix" This reverts commit `3a11fc2d9e`.	2012-07-07 10:26:13 +02:00
Bernardo Damele	3a11fc2d9e	major fix	2012-07-06 22:55:34 +01:00
Miroslav Stampar	8c871476ee	Some more refactoring	2012-07-06 17:34:40 +02:00
Miroslav Stampar	6bc0b34031	Some more refactoring	2012-07-06 17:28:01 +02:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Miroslav Stampar	1a8ebbfd43	Minor refactoring	2012-07-06 17:05:47 +02:00
Bernardo Damele	373fea03a3	fixed display of TABs	2012-07-06 15:13:23 +01:00
Miroslav Stampar	438a636973	Fix for issue Issue #60	2012-07-06 15:36:32 +02:00
Miroslav Stampar	76f7f907c6	Minor update for Issue #61	2012-07-06 14:33:40 +02:00
Miroslav Stampar	6a05e3fd79	Fix for Issue #61	2012-07-06 14:24:44 +02:00
Miroslav Stampar	1ebff35b19	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-06 12:25:21 +02:00
Miroslav Stampar	982fcde1c0	Fix for Issue #62	2012-07-06 12:24:55 +02:00
Bernardo Damele	4fa6d51d93	improved issues link	2012-07-05 16:26:50 +01:00
Miroslav Stampar	bc5025b06c	Fix for Issue #59	2012-07-05 12:34:27 +02:00
Miroslav Stampar	c3c1b9e957	Minor restyling	2012-07-04 20:28:18 +02:00
Miroslav Stampar	7ad6697446	Fix for Issue #57	2012-07-04 20:21:44 +02:00
Miroslav Stampar	23fb753759	Finishing work on Issue #52	2012-07-03 22:13:01 +02:00
Miroslav Stampar	40fc6488bf	Fix for Issue #56 (Google has changed few things for retrieving PR)	2012-07-03 21:00:18 +02:00
Miroslav Stampar	bbf41f6658	Removing debugging leftover	2012-07-03 16:50:05 +02:00
Miroslav Stampar	ada627a022	Another update for Issue #52	2012-07-03 16:49:34 +02:00
Miroslav Stampar	70f754f6c5	Making work on Issue #52	2012-07-03 16:34:11 +02:00
Bernardo Damele	793fa464e3	website url fix	2012-07-03 13:14:39 +01:00
Miroslav Stampar	51f35674ca	Removing obsolete switch --version as version is now displayed with every run (Issue #54 )	2012-07-03 13:11:09 +02:00
Miroslav Stampar	481b46a004	Restyling output for Issue #52	2012-07-03 13:06:52 +02:00
Miroslav Stampar	6b419067b7	Another minor update for Issue #54	2012-07-03 12:49:35 +02:00
Miroslav Stampar	8b8677b938	Another minor update for Issue #54	2012-07-03 12:29:42 +02:00
Miroslav Stampar	47b6e696d8	Minor update for Issue #54	2012-07-03 12:21:40 +02:00
Miroslav Stampar	3af1532700	Implementation for Issue #54	2012-07-03 12:09:18 +02:00
Miroslav Stampar	5af6ca58a0	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-03 00:50:45 +02:00
Miroslav Stampar	168aeadf76	Adding switch --output-dir (Issue #53 )	2012-07-03 00:50:23 +02:00
Bernardo Damele	fd4cfb0cc0	working on #51	2012-07-02 15:28:19 +01:00
Bernardo Damele	7335072ab8	leftover	2012-07-02 15:11:21 +01:00
Bernardo Damele	04d803c7fd	more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)	2012-07-02 15:02:00 +01:00
Bernardo Damele	b7d2680e55	minor refactoring, issue #51	2012-07-02 12:50:26 +01:00
Miroslav Stampar	8eefe4b71f	Getting back revision number - displayed like in GitHub commits (Issue #52 )	2012-07-02 13:01:20 +02:00
Bernardo Damele	add8352804	make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too	2012-07-02 02:14:03 +01:00
Bernardo Damele	6697927098	initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap	2012-07-02 02:04:19 +01:00
Bernardo Damele	7b4ecd9df0	added skeleton code for issue #34 , still not usable	2012-07-02 00:22:34 +01:00
Bernardo Damele	4736d46677	just in case..	2012-07-02 00:00:46 +01:00
Bernardo Damele	03d2c9c818	placeholder message when --update is provided, remove when the function is updated to pull changes from git	2012-07-01 23:59:44 +01:00
Bernardo Damele	18be319d13	hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run	2012-07-01 23:41:10 +01:00
Bernardo Damele	ff9e97a42c	minor code refactoring	2012-07-01 23:31:45 +01:00
Bernardo Damele	ab412da27f	I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes	2012-07-01 23:25:05 +01:00
Miroslav Stampar	d7cd55fb28	Fix for Issue #47	2012-07-01 11:05:04 +02:00
Miroslav Stampar	21d9ae0a2c	some more refactoring	2012-07-01 01:19:54 +02:00
Miroslav Stampar	f6509db31a	minor refactoring	2012-07-01 00:33:19 +02:00
Miroslav Stampar	32f52cdd04	Another language update for Issue #45	2012-06-29 10:33:54 +02:00
Miroslav Stampar	f0e39c3fae	Language update for Issue #45	2012-06-29 10:33:00 +02:00
Miroslav Stampar	c0f16f0c1a	Fix for Issue #45	2012-06-29 10:31:03 +02:00
Miroslav Stampar	e51d3a02f1	Update for Issue #43 (renamed --disable-cracking to --disable-hash)	2012-06-28 18:53:47 +02:00
Miroslav Stampar	18b596ea75	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-06-28 18:48:18 +02:00
Miroslav Stampar	c8bac658f3	Fix for Issue #43	2012-06-28 18:47:55 +02:00
Miroslav Stampar	2a72fcce2b	Fix for Issue #42	2012-06-28 13:55:30 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	01be9381d5	minor update	2012-06-25 16:24:33 +00:00
Miroslav Stampar	6c4bd84d18	minor fix (turning back the functionality of kb.suppressResumeInfo)	2012-06-25 16:19:51 +00:00
Miroslav Stampar	ea5d483c86	session file no more	2012-06-21 11:19:30 +00:00
Miroslav Stampar	ec44e88db8	lots of refactoring regarding removal of already obsolete session file mechanism	2012-06-21 10:09:10 +00:00
Miroslav Stampar	1e67b4f0b9	minor fix	2012-06-20 14:16:26 +00:00
Miroslav Stampar	302d782a0f	minor style update	2012-06-19 08:33:51 +00:00
Miroslav Stampar	452ef202ae	minor fixes	2012-06-17 22:48:23 +00:00
Miroslav Stampar	b9f6943a42	minor update	2012-06-17 21:23:12 +00:00
Miroslav Stampar	e2a60b302f	minor fix	2012-06-17 21:21:45 +00:00
Miroslav Stampar	3da8f86e97	minor fix	2012-06-15 21:01:27 +00:00
Miroslav Stampar	fe49abd45f	minor fix	2012-06-15 20:49:28 +00:00
Miroslav Stampar	06be7bbb18	few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)	2012-06-15 20:41:53 +00:00
Miroslav Stampar	76c873a222	minor fix	2012-06-15 06:22:44 +00:00
Miroslav Stampar	76584ff0fa	unhidding --test-filter	2012-06-14 14:36:53 +00:00
Miroslav Stampar	d2dd47fb23	some more refactoring	2012-06-14 13:52:56 +00:00
Miroslav Stampar	facce2c0df	some more cleanup	2012-06-14 13:50:36 +00:00
Miroslav Stampar	d5e80089ff	minor summer cleanup	2012-06-14 13:44:16 +00:00
Miroslav Stampar	3a90105fbb	minor refactoring	2012-06-14 13:38:53 +00:00
Miroslav Stampar	1204eb00b2	minor fix	2012-06-14 12:46:32 +00:00
Miroslav Stampar	19c0efec59	just a minor refactoring	2012-06-14 09:10:28 +00:00
Miroslav Stampar	a51d8c4c79	replacing identifier safe char " with [] enclosing for MsSQL	2012-06-13 15:27:42 +00:00
Miroslav Stampar	367de838c1	minor update	2012-06-13 14:08:32 +00:00
Miroslav Stampar	4ac3794e80	minor update	2012-06-12 14:22:14 +00:00
Miroslav Stampar	d7f698fa14	minor update	2012-06-11 22:01:13 +00:00
Miroslav Stampar	96177393e1	minor update regarding --exact switch	2012-06-10 13:38:12 +00:00
Miroslav Stampar	b85a1fc271	minor fix	2012-06-05 22:55:42 +00:00
Miroslav Stampar	058a9c59a2	fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)	2012-06-05 22:40:55 +00:00
Miroslav Stampar	f94ebe3107	minor fix (credentials were only set for the first target)	2012-06-04 22:30:12 +00:00
Miroslav Stampar	738073105e	minor updates	2012-06-04 19:52:51 +00:00
Miroslav Stampar	7b282b1d6c	adding support for newer SSL protocols	2012-06-04 19:46:28 +00:00
Miroslav Stampar	10b0639a96	making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)	2012-06-04 09:24:46 +00:00
Miroslav Stampar	76a4aa19ac	some more fine tunning	2012-05-28 19:50:12 +00:00
Miroslav Stampar	73dba249e8	one more just in case update	2012-05-28 19:34:47 +00:00
Miroslav Stampar	efb406fbfc	minor revert	2012-05-28 19:13:50 +00:00
Miroslav Stampar	f7cba8d2cb	minor update	2012-05-28 18:05:15 +00:00
Miroslav Stampar	a72cb29c1f	taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server	2012-05-28 16:57:10 +00:00
Miroslav Stampar	190ae4ca13	no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)	2012-05-28 15:10:17 +00:00
Miroslav Stampar	89e90c3d84	revert of last commit	2012-05-28 15:01:56 +00:00
Miroslav Stampar	96c84e6e5b	minor update	2012-05-28 15:00:06 +00:00
Miroslav Stampar	a70a647aeb	few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)	2012-05-28 14:51:23 +00:00
Miroslav Stampar	b1d82422a0	changing conf.dnsDomain to conf.dName just because of long text problems in help listing	2012-05-28 14:15:04 +00:00
Miroslav Stampar	d2bbfa4aad	minor style update	2012-05-28 14:04:17 +00:00
Miroslav Stampar	226547b7dc	minor fix for --skip-urlencode and custom post	2012-05-28 09:04:25 +00:00
Miroslav Stampar	75dd1d6a2b	minor fix	2012-05-27 21:54:56 +00:00
Miroslav Stampar	e967bbd70f	minor patch	2012-05-27 21:44:42 +00:00
Miroslav Stampar	76eeba10e2	unhiding --dns-domain switch	2012-05-27 18:41:06 +00:00
Miroslav Stampar	fed0212631	now working with recursive queries too	2012-05-27 10:03:02 +00:00
Miroslav Stampar	71ff081fde	minor update	2012-05-27 09:11:19 +00:00
Miroslav Stampar	09f2144485	full page read is not needed in DNS exfiltration mode	2012-05-26 21:28:43 +00:00
Miroslav Stampar	4e6fcce9ca	minor update	2012-05-26 07:04:32 +00:00
Miroslav Stampar	ce077137c9	minor language update	2012-05-26 07:01:37 +00:00
Miroslav Stampar	d335ec0c34	turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars	2012-05-26 07:00:26 +00:00
Miroslav Stampar	00d22f013f	some consistency in variable naming at the file level	2012-05-25 10:08:55 +00:00
Miroslav Stampar	db526bdbc0	minor update (tainted values are not checked any more in multipleTargets mode)	2012-05-25 09:52:17 +00:00
Miroslav Stampar	dc20bff1d0	minor update	2012-05-25 08:30:24 +00:00
Miroslav Stampar	c394610740	adding switch --skip-urlencode to skip URL encoding of POST data	2012-05-24 23:30:33 +00:00
Miroslav Stampar	7657bbeaf9	minor update	2012-05-24 22:32:06 +00:00
Miroslav Stampar	86fdad2bfa	minor update	2012-05-24 22:07:50 +00:00
Miroslav Stampar	eed8d7eb5d	finalizing support for IPv6	2012-05-24 21:55:57 +00:00
Miroslav Stampar	b6d37d766a	minor update regarding IPv6 support	2012-05-24 21:49:20 +00:00
Miroslav Stampar	92286104e3	minor just in case update	2012-05-24 21:39:10 +00:00
Miroslav Stampar	3e9c57d177	minor fix	2012-05-24 21:36:35 +00:00
Miroslav Stampar	be76928293	minor fix	2012-05-24 20:53:01 +00:00
Miroslav Stampar	1e18168cc8	fix for one silent bug and small language update	2012-05-23 16:35:40 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	2c057d5b3d	minor style update	2012-05-21 22:40:52 +00:00
Miroslav Stampar	bbfa4b6d5d	minor update	2012-05-14 14:38:16 +00:00
Miroslav Stampar	333f8057a5	minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces	2012-05-14 14:06:43 +00:00
Miroslav Stampar	595f69fa2c	minor language update	2012-05-10 18:30:25 +00:00
Miroslav Stampar	35f400b45b	minor language upgrade	2012-05-10 18:25:12 +00:00
Miroslav Stampar	80aedbe284	adding a warning about --tor switch	2012-05-10 18:17:32 +00:00
Miroslav Stampar	b81fe42d4b	turning off null connection on -o when --tor used (not compatible)	2012-05-10 17:50:54 +00:00
Miroslav Stampar	efdd86ddcc	minor just in case patch	2012-05-10 14:22:34 +00:00
Miroslav Stampar	6367f59b98	minor code refactoring	2012-05-10 14:15:17 +00:00
Miroslav Stampar	12d32f58f2	fix for that SOAP reported bug	2012-05-10 13:39:54 +00:00
Miroslav Stampar	1418ae9767	little refactoring of parseUnionPage together with a patch for some special case	2012-05-09 18:47:40 +00:00
Miroslav Stampar	7fb1f3fc70	minor renaming	2012-05-09 18:26:02 +00:00
Miroslav Stampar	11d9859199	making nice code	2012-05-09 18:25:04 +00:00
Miroslav Stampar	b0a8238774	minor fixes	2012-05-09 14:58:16 +00:00
Miroslav Stampar	9fa3619262	minor fix	2012-05-09 14:00:07 +00:00
Miroslav Stampar	56a3431be6	minor update for empty tables (skipping other techniques)	2012-05-09 10:34:21 +00:00
Miroslav Stampar	6177317a17	minor update	2012-05-09 10:06:23 +00:00
Miroslav Stampar	37f2709197	making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)	2012-05-09 09:08:23 +00:00
Miroslav Stampar	fdf61015ad	minor patch	2012-05-09 08:41:05 +00:00
Miroslav Stampar	e419177871	minor update	2012-05-08 17:28:19 +00:00
Miroslav Stampar	deec97dfe3	adding Frontbase to error message regexes	2012-05-08 17:02:58 +00:00
Miroslav Stampar	eccd4da00f	minor fix	2012-05-08 15:03:33 +00:00
Miroslav Stampar	938d9ff23e	doing all the work for the users so they wouldn't strain their little hands	2012-05-08 15:00:23 +00:00
Miroslav Stampar	524dd75ff2	that query variable hasn't been used anywhere (obsolete for some time)	2012-05-08 14:34:40 +00:00
Miroslav Stampar	6af110d631	avoiding --no-cast/--hex warning message before a DBMS is fingerprinted	2012-05-08 14:06:41 +00:00
Miroslav Stampar	64c241fe92	limiting original UNION query results to only 1 result (potentially speeding things up in some cases)	2012-05-08 13:45:53 +00:00
Miroslav Stampar	e00f4a8934	minor cosmetics	2012-05-08 10:50:04 +00:00
Miroslav Stampar	a121339395	automatically writing uncracked hashes to a file for eventual further processing	2012-05-08 10:46:05 +00:00
Miroslav Stampar	80ee687b41	minor beauty patch	2012-05-07 13:51:31 +00:00
Miroslav Stampar	96299d3d5d	minor refactoring	2012-05-03 22:34:18 +00:00
Miroslav Stampar	cc28f6db6b	minor update	2012-05-01 20:43:16 +00:00
Miroslav Stampar	17efeaae7f	causing too much confusion among dummy users	2012-05-01 09:04:11 +00:00
Miroslav Stampar	694b14111f	skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)	2012-04-27 13:16:51 +00:00
Miroslav Stampar	6f67dc85ee	adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical	2012-04-25 20:29:07 +00:00
Bernardo Damele	4da03d898e	Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236	2012-04-25 07:40:42 +00:00
Miroslav Stampar	cec432f94d	minor update	2012-04-23 14:43:59 +00:00
Miroslav Stampar	697768c01a	adding --purge-output to be one of mandatory switches	2012-04-23 14:42:24 +00:00
Miroslav Stampar	d57d5e4b2c	minor update	2012-04-23 14:33:36 +00:00
Miroslav Stampar	1eecfb3dce	adding new file related to the last commit	2012-04-23 14:25:16 +00:00
Miroslav Stampar	095b25e1d1	adding option '--purge'	2012-04-23 14:24:23 +00:00
Miroslav Stampar	3532d23933	automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)	2012-04-23 13:41:36 +00:00
Miroslav Stampar	be2da77bf8	minor update	2012-04-23 10:15:04 +00:00
Miroslav Stampar	21c6b52198	minor fix	2012-04-23 10:11:00 +00:00
Miroslav Stampar	775134639d	minor update	2012-04-20 20:33:15 +00:00
Miroslav Stampar	2b1b4c0742	minor fix	2012-04-18 10:01:04 +00:00
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	efd27d7ade	minor renaming	2012-04-17 08:41:19 +00:00
Miroslav Stampar	601d118c68	reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)	2012-04-15 16:59:03 +00:00
Miroslav Stampar	71b0acc16f	minor fix (checking for full inband should be done with ORIGINAL - more concise)	2012-04-15 16:43:18 +00:00
Miroslav Stampar	5772c52f46	minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)	2012-04-15 16:33:47 +00:00
Miroslav Stampar	ae8c70e895	another cosmetics	2012-04-13 15:11:44 +00:00
Miroslav Stampar	d765cdc3a3	minor cosmetics	2012-04-13 15:10:40 +00:00
Miroslav Stampar	54576ab3a6	making a random choice from candidates	2012-04-13 10:54:30 +00:00
Miroslav Stampar	bbbcc95fe5	use it only if page is stable	2012-04-13 10:19:26 +00:00
Miroslav Stampar	052d9455fe	warning user in cases of "User xyz already has more than 'max_user_connections' active connections"	2012-04-12 09:44:54 +00:00
Miroslav Stampar	831f79b851	minor generalization	2012-04-12 09:30:19 +00:00
Miroslav Stampar	c7422546e1	tiny update	2012-04-11 23:01:38 +00:00
Miroslav Stampar	2bad73a981	minor update	2012-04-11 21:48:44 +00:00
Miroslav Stampar	e195de2093	correcting comment on reflective removal function	2012-04-11 21:41:48 +00:00
Miroslav Stampar	b45ae10da4	minor fixes	2012-04-11 21:36:37 +00:00
Miroslav Stampar	627bfc589f	some more updates in reflective removal mechanism	2012-04-11 21:26:00 +00:00
Miroslav Stampar	8b130f6497	minor improvement for reflective values (when missing first part of payload like in error reports)	2012-04-11 15:01:28 +00:00
Miroslav Stampar	01bd5d0ab2	some more updates for reflective mechanism	2012-04-11 10:41:33 +00:00
Miroslav Stampar	2e92d8636e	improvement of reflective mechanism	2012-04-11 08:58:03 +00:00
Miroslav Stampar	60ca44e0cf	minor adjustment	2012-04-11 08:35:09 +00:00
Miroslav Stampar	e33ea7c33a	minor fix	2012-04-10 22:29:39 +00:00
Miroslav Stampar	8541222080	minor update	2012-04-10 22:26:42 +00:00
Miroslav Stampar	9c2f244d47	minor fix	2012-04-10 22:20:53 +00:00
Miroslav Stampar	a82206cec4	minor cosmetics	2012-04-10 21:57:00 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	8c6eb4faa9	adding support for PgSQL DNS data exfiltration	2012-04-07 14:06:11 +00:00
Miroslav Stampar	b2afa87e48	reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)	2012-04-06 08:42:36 +00:00
Miroslav Stampar	2223c884e5	minor refactoring	2012-04-05 12:55:26 +00:00
Miroslav Stampar	02924eb345	minor update	2012-04-04 23:47:06 +00:00
Miroslav Stampar	e0994947e2	minor update	2012-04-04 23:37:50 +00:00
Miroslav Stampar	b1dd03731a	minor cosmetics	2012-04-04 23:34:08 +00:00
Miroslav Stampar	83387d92bb	minor bug fix	2012-04-04 23:32:20 +00:00
Miroslav Stampar	c89a4162e2	bug fix for --dns-domain with --technique=TS	2012-04-04 18:01:39 +00:00
Miroslav Stampar	098c7c06dd	added few comments	2012-04-04 13:24:58 +00:00
Miroslav Stampar	a5b69eaea4	removing unused imports	2012-04-04 13:18:14 +00:00
Bernardo Damele	52796bb4da	revert	2012-04-04 13:02:50 +00:00
Miroslav Stampar	a4b95ab7dd	works against MySQL/Windows	2012-04-04 12:49:45 +00:00
Bernardo Damele	a1d97e9d7b	Add a space after a comment	2012-04-04 12:48:21 +00:00
Bernardo Damele	025c531d22	leftover	2012-04-04 12:44:25 +00:00
Bernardo Damele	c0946ce2c9	Minor refactoring	2012-04-04 12:42:58 +00:00
Bernardo Damele	75d1dab895	more cosmetics	2012-04-04 12:33:16 +00:00
Bernardo Damele	d106fb5184	layout adjustments	2012-04-04 12:27:24 +00:00
Miroslav Stampar	1b2cd44255	proper fix	2012-04-04 10:35:52 +00:00
Miroslav Stampar	7031ef8e00	removing default values for referer and host from higher level/risk options	2012-04-04 10:34:27 +00:00
Miroslav Stampar	5e358b51f9	few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')	2012-04-04 09:25:05 +00:00
Miroslav Stampar	5851badff1	minor refactoring	2012-04-03 14:46:09 +00:00
Miroslav Stampar	b0787f193c	getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)	2012-04-03 14:34:15 +00:00
Miroslav Stampar	556b349be3	minor fix for retrieving non-printable chars in inference and non-multi threading mode	2012-04-03 14:04:07 +00:00
Miroslav Stampar	33bb9c5f19	much cleaner approach in that "flat" representation of retrieved items in union technique	2012-04-03 13:56:11 +00:00
Miroslav Stampar	7fb190f3b1	minor fix	2012-04-03 12:35:19 +00:00
Miroslav Stampar	886aa22efc	minor update	2012-04-03 12:19:37 +00:00
Miroslav Stampar	503988887c	minor update	2012-04-03 10:43:46 +00:00
Miroslav Stampar	78f51fd2e5	minor fix	2012-04-03 10:18:03 +00:00
Miroslav Stampar	2504f4edb8	minor fixes	2012-04-03 10:10:33 +00:00
Miroslav Stampar	e05109812f	minor improvements regarding data retrieval through DNS channel	2012-04-03 09:18:30 +00:00
Miroslav Stampar	5f94987b0f	fix for DNS method for MSSQL	2012-04-02 17:28:18 +00:00
Miroslav Stampar	2c28423cb8	minor update	2012-04-02 14:57:15 +00:00
Miroslav Stampar	8a9d09f79b	minor fixes	2012-04-02 14:11:23 +00:00
Miroslav Stampar	1cd3c3f7af	further update of DNS data retrieval mechanism through SQLi	2012-04-02 14:05:30 +00:00
Miroslav Stampar	1e01203562	few just in case "patches"	2012-04-02 12:58:10 +00:00
Miroslav Stampar	d908d078dd	minor fix	2012-04-02 12:27:30 +00:00
Miroslav Stampar	abffc39929	minor update regarding DNS data retrieval task	2012-04-02 12:22:40 +00:00
Miroslav Stampar	f7a664b120	enablind DNS server for DNS data exfiltration	2012-03-31 12:08:27 +00:00
Miroslav Stampar	8be9cd4ac4	bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)	2012-03-31 10:22:50 +00:00
Miroslav Stampar	429b8396e9	minor update for DNSServer support	2012-03-30 13:20:29 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	79c3d6f2aa	minor update	2012-03-30 10:37:46 +00:00
Miroslav Stampar	6acf6b193a	minor update regarding boolean logic comparison mechanism	2012-03-30 09:42:58 +00:00
Miroslav Stampar	5469186540	minor comment update	2012-03-29 14:35:47 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	ce4c697bbd	disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code	2012-03-29 13:39:12 +00:00
Miroslav Stampar	772ead8d03	fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values	2012-03-29 12:44:20 +00:00
Miroslav Stampar	c9cac957bb	adding one more case for false positive check (Generic tests without any DBMS knowledge)	2012-03-29 09:56:09 +00:00
Miroslav Stampar	60146481af	bug fix(es) (flags were used in place of count parameter in re.sub() calls)	2012-03-28 19:33:00 +00:00
Miroslav Stampar	9433bbe26d	memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)	2012-03-28 19:27:12 +00:00
Miroslav Stampar	7d131d1fb1	minor update	2012-03-28 13:46:31 +00:00
Miroslav Stampar	7fd64df167	minor code cleaning	2012-03-28 13:31:07 +00:00
Miroslav Stampar	769b0d0ae7	more minor updates regarding data retrieval through DNS channel	2012-03-27 19:29:24 +00:00
Miroslav Stampar	1b072f6415	laying foundation for DNS based data retrieval	2012-03-27 18:59:12 +00:00
Miroslav Stampar	3abcd6910a	strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test	2012-03-22 00:06:50 +00:00
Miroslav Stampar	e88687b1f0	revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)	2012-03-21 23:15:59 +00:00
Miroslav Stampar	524c1d38ad	making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)	2012-03-21 23:03:57 +00:00
Miroslav Stampar	11132ba993	fix for a bug in reflection removal mechanism	2012-03-19 14:28:18 +00:00
Miroslav Stampar	8e7d360ea2	cleaner refactoring regarding last commit	2012-03-19 12:03:25 +00:00
Miroslav Stampar	401763b6f8	minor fix (it has to be level 1 array like it was with the previous re.findall mechanism)	2012-03-19 12:00:22 +00:00
Miroslav Stampar	037db9b3b8	minor removal of older stuff	2012-03-19 09:38:27 +00:00
Miroslav Stampar	da7f4eeffd	removing left over	2012-03-18 17:33:14 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Bernardo Damele	c03d0e24fb	it must stay as is	2012-03-16 17:42:00 +00:00
Bernardo Damele	3505503a08	no need to return here	2012-03-16 17:30:16 +00:00
Bernardo Damele	942d9e4fa8	code cleanup	2012-03-16 17:27:24 +00:00
Bernardo Damele	a1c943fc79	Major bug fix to comparison algorithm with OR based boolean-based injections	2012-03-16 17:22:55 +00:00
Miroslav Stampar	d66056fe39	one more related commit	2012-03-16 13:16:53 +00:00
Miroslav Stampar	ac02a2d92c	minor fix	2012-03-16 13:14:14 +00:00
Miroslav Stampar	cbdcbdd786	minor minor update	2012-03-16 11:18:18 +00:00
Miroslav Stampar	b130a9e14e	minor fix (writing to HashDB on any interrupt)	2012-03-16 10:15:43 +00:00
Miroslav Stampar	577caac4de	putting kb.negativeLogic setting to the safe place	2012-03-16 09:17:11 +00:00
Miroslav Stampar	209e795369	minor just in case update	2012-03-16 09:02:17 +00:00
Miroslav Stampar	adb5fff6b2	one more update related to the redirection mechanism	2012-03-15 20:17:40 +00:00
Miroslav Stampar	7d313ac911	few more fixes for proper redirecting mechanism	2012-03-15 19:47:59 +00:00
Bernardo Damele	86c4650058	Minor bug fix - revert	2012-03-15 17:12:24 +00:00
Bernardo Damele	cc15373769	More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)	2012-03-15 16:29:28 +00:00
Bernardo Damele	4520744b4d	second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now	2012-03-15 16:25:26 +00:00
Miroslav Stampar	ddd92476a8	minor fix	2012-03-15 15:58:25 +00:00
Miroslav Stampar	19beb912fa	first step toward negative logic support	2012-03-15 15:52:12 +00:00
Miroslav Stampar	8dd570057b	minor fix (double traffic log for -t in case of HTTP error)	2012-03-15 14:51:16 +00:00

... 5 6 7 8 9 ...

3319 Commits