sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,080 Commits 4 Branches 117 Tags 97 MiB
bc8f1142c9
Commit Graph

1443 Commits

Author SHA1 Message Date
Miroslav Stampar
e8c037de1a minor update 2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae minor update 2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892 added support for WebScarab logs 2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1 important fix regarding encoding stuff 2011-01-20 13:54:18 +00:00
Miroslav Stampar
f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection 2011-01-20 11:01:01 +00:00
Miroslav Stampar
a4a0f10950 minor minor minor 2011-01-20 09:25:34 +00:00
Bernardo Damele
701947490b Two major bug fixes related to UNION technique query forging 2011-01-19 23:46:39 +00:00
Miroslav Stampar
7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) 2011-01-19 23:16:22 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
4bdc19d879 minor cosmetics 2011-01-19 22:48:06 +00:00
Miroslav Stampar
c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) 2011-01-19 22:08:56 +00:00
Miroslav Stampar
7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) 2011-01-19 21:46:43 +00:00
Miroslav Stampar
aea43a1e43 minor refactoring 2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709 back to roots 2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1 Code cleanup 2011-01-18 23:05:32 +00:00
Bernardo Damele
eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. 
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
 2011-01-18 23:03:50 +00:00
Bernardo Damele
cffa17f5a6 Major bug fix - before it raised a traceback, now works. 2011-01-18 23:02:47 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. 
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
 2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781 minor fix (for numeric columns with all 0) 2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2 you can't believe how much man can learn when having good testing points 2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa was wrong about this one (just now tested on a real site) 2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) 2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3 minor update regarding default page encoding 2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
99a3a3b89c minor fix (break if all found) 2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd information update regarding common password suffixes 2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695 minor cosmetics 2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81 minor cosmetics 2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f minor improvement 2011-01-16 20:55:07 +00:00
Miroslav Stampar
f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency 2011-01-16 19:29:06 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e russian sites are great for testing :) 2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Miroslav Stampar
718eef8753 minor fix 2011-01-16 18:11:35 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" 2011-01-16 12:12:01 +00:00
Miroslav Stampar
2001bad7e1 automatic adjustment of timeSec for delayed queries 2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix. 
Minor code refactoring.
 2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Miroslav Stampar
29ea0950b6 now False is also affected (along with None and "") 2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4 Minor improvement 2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8 Minor refactoring 2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e bug fix and proper warning message 2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c code review of modules in lib/core directory 2011-01-15 12:13:45 +00:00
Miroslav Stampar
05b2a338fe cosmetics 2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348 minor update 2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d Code cleanup 2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7 Minor bug fix 2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020 Minor bug fix 2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. 
Minor bug fixes thanks to previous refactoring too.
 2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f revert 2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19 minor fix 2011-01-13 15:19:37 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521 Verbose docstring 2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555 update 2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62 Cosmetics 2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca minor update 2011-01-13 11:08:29 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix. 
Minor code restyling.
 2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections. 
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
 2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f Minor update 2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92 Proper fix to avoid UNION test false positives 2011-01-11 23:59:02 +00:00
Bernardo Damele
c2e994e806 Minor adjustment 2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase. 
Added minor support to escape quotes in UNION payloads during detection phase.
 2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f Major bug fix 2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns. 
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
 2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
 2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
e3146464da minor fix for a bug reported by nightman 2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268 minor fix 2011-01-11 12:16:20 +00:00
Miroslav Stampar
394b6bc029 reverting some changes 2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a minor update 2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1 didn't know this to be honest 2011-01-11 10:17:22 +00:00