Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Bernardo Damele
cda8da288c
Minor adjustment
2010-05-21 12:18:43 +00:00
Miroslav Stampar
f6bffb61d3
minor adjustment
2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872
fix for my imperfect calculations :)
2010-05-21 11:41:49 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Miroslav Stampar
b8a5a54395
minor update
2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49
some code refactoring and minor speed up (jump prediction rule)
2010-05-14 15:20:34 +00:00
Miroslav Stampar
ed20f1cf33
some more speed up (one time compilation of popular regexes)
2010-05-14 14:48:54 +00:00
Miroslav Stampar
3ead88c364
minor tweak
2010-05-14 14:36:54 +00:00
Miroslav Stampar
131789a6e4
some code refactoring
2010-05-14 14:21:13 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Bernardo Damele
8b74c405f5
Minor output bug fix
2010-05-11 14:15:03 +00:00
Bernardo Damele
457d32c73e
Proper displaying of debug messages (-v >= 2)
2010-05-11 13:58:53 +00:00
Bernardo Damele
44ea8f1861
Minor adjustment
2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d
Major bug fix (reported by Thierry Zoller)
2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3
one more thing
2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2
better way to handle that last commit problem
2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0
added exception handler around block reported by Thierry Zoller
2010-05-04 08:03:48 +00:00
Bernardo Damele
90d9900371
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
1aeaa5db47
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 12:44:47 +00:00
Bernardo Damele
5e86087cb1
Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now.
2010-04-15 10:06:38 +00:00
Bernardo Damele
eecee3b274
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00
Miroslav Stampar
63c70018ca
fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com
2010-04-09 10:16:15 +00:00
Miroslav Stampar
6e7be5edb0
another fix
2010-04-06 15:51:36 +00:00
Miroslav Stampar
c303feab17
fix
2010-04-06 15:14:32 +00:00
Miroslav Stampar
e2810003ae
more update
2010-04-06 15:12:52 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
bfc12e93c5
ms access returns -1 for True
2010-03-30 11:33:51 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
8e57767c48
Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET
2010-03-23 10:27:39 +00:00
Bernardo Damele
d13ad8b2d7
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 15:39:29 +00:00
Bernardo Damele
72f3674844
Minor bug fix
2010-03-18 17:36:58 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
466df89c4a
Fixes #178 and #179 - proper handling of custom redirects
2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2
Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g)
2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414
Fixes #59 - proper customizable redirect (302 and 301)
2010-03-15 14:24:43 +00:00
Miroslav Stampar
91dd609e26
fixed threading bug (difflib :)
2010-03-10 14:14:27 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
a0f5c3d885
minor update
2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20
minor code refactoring
2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04
one more fix regarding localhost/global proxy issue
2010-02-25 13:30:22 +00:00
Miroslav Stampar
542b01993e
minor fix regarding exception handling of multi-part post handler
2010-02-09 14:02:47 +00:00