Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
6cc745f789
|
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
|
2011-03-11 20:04:15 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Bernardo Damele
|
3cb0ca4b63
|
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
|
2011-03-11 15:24:25 +00:00 |
|
Bernardo Damele
|
5af7410cb1
|
Another bug fix for --privileges on PgSQL with UNION query technique
|
2011-03-11 15:13:09 +00:00 |
|
Bernardo Damele
|
74ef1e53c7
|
Minor bug fixes to --privileges for PostgreSQL query (corner case)
|
2011-03-11 14:54:41 +00:00 |
|
Miroslav Stampar
|
eb1cda7065
|
minor refactoring (more consistent)
|
2011-03-09 12:06:32 +00:00 |
|
Miroslav Stampar
|
62e3510387
|
minor refactoring
|
2011-03-09 11:37:37 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
9b2962ff1c
|
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
|
2011-03-09 08:56:29 +00:00 |
|
Miroslav Stampar
|
30619c599b
|
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
|
2011-03-08 11:53:59 +00:00 |
|
Miroslav Stampar
|
cc0306044c
|
adding SVN revision number support for non SVN client platforms
|
2011-03-07 21:54:30 +00:00 |
|
Miroslav Stampar
|
16b286982d
|
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
|
2011-03-07 09:50:43 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
bc50387a17
|
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
|
2011-03-03 09:42:50 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|
Miroslav Stampar
|
ad2e4002ea
|
minor improvement
|
2011-03-01 10:38:27 +00:00 |
|
Miroslav Stampar
|
0f3cc153a3
|
fix for --technique
|
2011-03-01 09:54:06 +00:00 |
|
Miroslav Stampar
|
2bf212ffa9
|
minor minor update
|
2011-02-27 20:43:38 +00:00 |
|
Miroslav Stampar
|
7036190e8e
|
minor improvement of regular expression
|
2011-02-27 17:58:01 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Bernardo Damele
|
6e8ebd35f4
|
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
|
2011-02-27 12:17:41 +00:00 |
|
Miroslav Stampar
|
88faedc0fe
|
fix for a bug reported by -insane-
|
2011-02-26 17:48:19 +00:00 |
|
Miroslav Stampar
|
11996ce12e
|
bug fix for international encoded letters
|
2011-02-25 22:43:01 +00:00 |
|
Miroslav Stampar
|
2bbbc9a41e
|
few updates
|
2011-02-25 09:35:24 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
38dc82e13e
|
If no Accept header field is present, then it is assumed that the client accepts all media types.
|
2011-02-22 22:26:22 +00:00 |
|
Miroslav Stampar
|
d05bd75068
|
adding experimental for --group-concat
|
2011-02-22 14:35:38 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
70449eb01b
|
minor bug fix
|
2011-02-20 21:35:28 +00:00 |
|
Miroslav Stampar
|
345df5968d
|
minor update
|
2011-02-20 21:27:38 +00:00 |
|
Bernardo Damele
|
8e60acae5d
|
Added support for --scope also in WebScarab logs (-l)
|
2011-02-19 21:03:55 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
cec7694aac
|
some progress regarding SYBASE
|
2011-02-19 14:56:58 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
df58bcaf95
|
minor improvement
|
2011-02-18 14:27:02 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Bernardo Damele
|
2ea828e416
|
Proper fix for r3307 (file-write on MySQL via UNION query tech)
|
2011-02-13 22:48:01 +00:00 |
|
Miroslav Stampar
|
417b311475
|
minor update
|
2011-02-13 22:02:47 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Miroslav Stampar
|
9f7d666451
|
removing --method per request of buawig
|
2011-02-12 19:50:27 +00:00 |
|
Bernardo Damele
|
7253362114
|
Minor bug fix so that --file-write on MySQL via UNION query now works again
|
2011-02-11 23:35:45 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Miroslav Stampar
|
4295a78c5f
|
minor update
|
2011-02-10 19:51:34 +00:00 |
|
Bernardo Damele
|
c078de894f
|
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
|
2011-02-10 14:24:04 +00:00 |
|
Bernardo Damele
|
864eade744
|
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
|
2011-02-10 11:14:05 +00:00 |
|
Bernardo Damele
|
aa0fb276ba
|
More fixes for --common-columns to work against MSSQL too
|
2011-02-09 17:22:07 +00:00 |
|
Miroslav Stampar
|
7d9be18789
|
added one comment
|
2011-02-09 14:34:18 +00:00 |
|
Miroslav Stampar
|
bafc8a1b0f
|
another update
|
2011-02-09 13:29:52 +00:00 |
|
Miroslav Stampar
|
600f729139
|
fix for a bug reported by skysbsb@gmail.com (double ORDER BY)
|
2011-02-09 12:43:09 +00:00 |
|
Miroslav Stampar
|
5b57a69f3e
|
fix
|
2011-02-09 11:20:03 +00:00 |
|
Miroslav Stampar
|
37f7001143
|
first commit with mysql/error/substringing
|
2011-02-08 16:23:33 +00:00 |
|
Bernardo Damele
|
c3eb82e60b
|
Proper fix
|
2011-02-08 10:08:48 +00:00 |
|
Miroslav Stampar
|
dba2f74588
|
revert of r3274
|
2011-02-08 09:44:34 +00:00 |
|
Bernardo Damele
|
cfe2da0195
|
Minor fix
|
2011-02-08 00:13:39 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
771020abd6
|
one more related commit
|
2011-02-07 16:32:08 +00:00 |
|
Miroslav Stampar
|
265e7ca272
|
fix for that MSSQL limit/top problem
|
2011-02-07 16:24:23 +00:00 |
|
Miroslav Stampar
|
99e9412f74
|
minor update
|
2011-02-07 12:34:23 +00:00 |
|
Miroslav Stampar
|
e023e0d233
|
proper fix
|
2011-02-07 12:32:08 +00:00 |
|
Bernardo Damele
|
39decebe85
|
Minor fixes to checking/re-enabling of xp_cmdshell procedure
|
2011-02-07 12:17:19 +00:00 |
|
Miroslav Stampar
|
096efea282
|
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
|
2011-02-07 10:22:43 +00:00 |
|
Bernardo Damele
|
ba3a8a69d4
|
More statements to exclude from unescap'ing
|
2011-02-07 00:33:54 +00:00 |
|
Bernardo Damele
|
3719f085ae
|
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
|
2011-02-07 00:21:17 +00:00 |
|
Bernardo Damele
|
2e00656235
|
Minor fix
|
2011-02-07 00:20:23 +00:00 |
|
Bernardo Damele
|
bf5ca4bd9a
|
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
|
2011-02-06 23:30:43 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
6a71629575
|
Converted from DOS format (\n\r to \n only)
|
2011-02-06 23:25:55 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Bernardo Damele
|
f3d6be7868
|
Code cleanup
|
2011-02-06 22:32:44 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
c4c2cf1d58
|
can't stay as it is right now. temporary disabling.
|
2011-02-06 21:17:41 +00:00 |
|
Bernardo Damele
|
6191a7f26f
|
Major fix for a silent bug
|
2011-02-06 15:53:43 +00:00 |
|
Miroslav Stampar
|
4df8a03c04
|
using OrderedDict to store parameters in order of appearance
|
2011-02-04 18:07:21 +00:00 |
|
Miroslav Stampar
|
acb986ae80
|
minor refactoring
|
2011-02-04 17:40:55 +00:00 |
|
Bernardo Damele
|
fec88f6a6d
|
Minor fix
|
2011-02-04 15:57:53 +00:00 |
|
Miroslav Stampar
|
09e88cfb19
|
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
|
2011-02-04 14:05:47 +00:00 |
|
Miroslav Stampar
|
f83f1a1e06
|
minor just in case update
|
2011-02-04 13:08:54 +00:00 |
|
Miroslav Stampar
|
c69b76776e
|
minor refactoring
|
2011-02-04 13:04:19 +00:00 |
|
Miroslav Stampar
|
accf4e6ce0
|
one important fix (URI injection parameter '*' now can go anywhere)
|
2011-02-04 12:43:18 +00:00 |
|
Miroslav Stampar
|
c19d481bb1
|
little clean up
|
2011-02-04 12:25:14 +00:00 |
|
Miroslav Stampar
|
c229efba05
|
revert
|
2011-02-04 11:33:21 +00:00 |
|
Miroslav Stampar
|
d211def899
|
minor adjustment (accepting strange new looking uri formats)
|
2011-02-04 10:55:03 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
9a1a28c804
|
adding comments to filtering function
|
2011-02-03 23:09:08 +00:00 |
|
Miroslav Stampar
|
e5f54644f0
|
minor "statistical" update
|
2011-02-03 16:59:49 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
1b9850b73a
|
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
|
2011-02-03 12:21:29 +00:00 |
|
Miroslav Stampar
|
5edba2ffbc
|
minor change (conf.updateAll to conf.update)
|
2011-02-03 11:13:39 +00:00 |
|
Miroslav Stampar
|
5f49e20cc8
|
adding --random-agent and removing -a
|
2011-02-02 14:51:12 +00:00 |
|
Miroslav Stampar
|
2dae57a56d
|
cosmetics
|
2011-02-02 14:35:21 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
e73a147fb5
|
minor update
|
2011-02-02 11:49:59 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
23c95107ed
|
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
|
2011-02-02 09:24:37 +00:00 |
|
Miroslav Stampar
|
af99105c27
|
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
|
2011-02-01 22:45:38 +00:00 |
|
Bernardo Damele
|
2619e4895f
|
Properly handle --technique at save/resume phase
|
2011-02-01 22:05:48 +00:00 |
|
Bernardo Damele
|
3d966bd569
|
You never know..
|
2011-02-01 22:05:12 +00:00 |
|
Miroslav Stampar
|
705d45f4db
|
minor cosmetics
|
2011-02-01 11:10:23 +00:00 |
|
Miroslav Stampar
|
196e2d35b2
|
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
|
2011-02-01 11:06:56 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
25c175a9a5
|
minor bug fix
|
2011-01-31 22:34:57 +00:00 |
|
Bernardo Damele
|
b04e1a0313
|
More detailed message for unhandled exception
|
2011-01-31 21:23:40 +00:00 |
|
Bernardo Damele
|
ec9ebb3479
|
Set threads to 4 when optimization switch is provided, -o
|
2011-01-31 21:21:13 +00:00 |
|
Bernardo Damele
|
8397c526d8
|
Minor adjustment
|
2011-01-31 21:20:23 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Miroslav Stampar
|
fb3513650d
|
adding ID properties
|
2011-01-31 11:41:28 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
7175efcae1
|
another minor cosmetic update
|
2011-01-31 10:59:51 +00:00 |
|
Miroslav Stampar
|
97328c3104
|
minor fix
|
2011-01-31 10:54:13 +00:00 |
|
Miroslav Stampar
|
5e768be509
|
minor bug fix
|
2011-01-31 09:34:54 +00:00 |
|
Miroslav Stampar
|
f7feebe0df
|
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
|
2011-01-31 09:28:16 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Bernardo Damele
|
21e7223779
|
perhaps this is better english
|
2011-01-30 16:34:13 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
bb6e36fb02
|
minor updates
|
2011-01-27 12:38:39 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
4441e11f68
|
fix for case -r with no params and cookie available
|
2011-01-24 11:26:51 +00:00 |
|
Miroslav Stampar
|
a3e3387113
|
fix for proper Firebird resume of version
|
2011-01-24 11:04:32 +00:00 |
|
Miroslav Stampar
|
c1145c244e
|
fix for user-agent injections
|
2011-01-23 23:23:30 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Miroslav Stampar
|
f5ff78d40c
|
revert
|
2011-01-23 11:21:27 +00:00 |
|
Miroslav Stampar
|
3a5f0760f6
|
minor optimization (only way to prematurely stop SAX parser)
|
2011-01-23 10:12:01 +00:00 |
|
Miroslav Stampar
|
30cd877c4a
|
fix for URI based injections
|
2011-01-22 16:23:33 +00:00 |
|
Bernardo Damele
|
f1b402b103
|
Proper handling of CASE in Oracle, finally
|
2011-01-20 21:58:50 +00:00 |
|
Bernardo Damele
|
4128b2c87f
|
Enforce that when --prefix is provided, --suffix is too and viceversa.
|
2011-01-20 21:57:54 +00:00 |
|
Bernardo Damele
|
7d1c704575
|
Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
|
2011-01-20 21:56:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|