Commit Graph

756 Commits

Author SHA1 Message Date
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
8a2bd3897d minor output fix 2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5 minor fix 2012-02-12 18:46:25 +00:00
Miroslav Stampar
b140ef4a14 minor update (preparing for switching to HashDB from old sessionFile) 2012-02-10 10:24:48 +00:00
Miroslav Stampar
e50d64546f minor fix 2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3 just a makeup 2012-02-07 12:05:23 +00:00
Miroslav Stampar
8c45ff0d57 bug fix 2012-02-03 10:38:04 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
df43157284 minor patch 2012-02-01 12:28:06 +00:00
Miroslav Stampar
2ee198a381 minor "patch" 2012-02-01 11:00:01 +00:00
Miroslav Stampar
4d9dcbf5db minor fix 2012-02-01 10:14:23 +00:00
Miroslav Stampar
46f42f2fe4 minor fix 2012-01-30 13:10:35 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd more concise language 2012-01-07 17:45:45 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
9d50c806e1 bug fix 2012-01-05 10:55:58 +00:00
Miroslav Stampar
29f502fe29 some refactoring 2011-12-28 16:27:17 +00:00
Miroslav Stampar
22c3fe49bb some refactoring 2011-12-28 13:50:03 +00:00
Miroslav Stampar
abb401879c minor update 2011-12-22 20:42:57 +00:00
Miroslav Stampar
8585107e3d minor update 2011-12-22 12:21:30 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
9f68e54fff minor cleanup 2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7 speedup of UNION dumping 2011-12-22 10:44:14 +00:00
Miroslav Stampar
b77e2042f2 some optimization 2011-12-21 23:23:00 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
316e27a809 minor update 2011-12-15 10:19:31 +00:00
Miroslav Stampar
d6f936b98d minor update 2011-11-23 15:51:48 +00:00
Miroslav Stampar
40f21c3917 minor update 2011-11-23 15:38:31 +00:00
Miroslav Stampar
f39170a2c4 minor update 2011-11-22 15:06:51 +00:00
Miroslav Stampar
e94efff187 some more optimization 2011-11-22 09:00:00 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
1b45c5b56a bug fix 2011-10-28 15:24:35 +00:00
Miroslav Stampar
e290f2b80b minor update 2011-10-28 11:11:55 +00:00
Miroslav Stampar
23bf52e496 minor refactoring 2011-10-24 09:55:50 +00:00
Miroslav Stampar
6d64f87190 minor update 2011-10-24 00:46:54 +00:00
Miroslav Stampar
8bd3cfdc8e minor update 2011-10-24 00:17:38 +00:00
Miroslav Stampar
7c626f1dbe minor fix 2011-10-23 23:18:39 +00:00
Miroslav Stampar
d77a5f5928 update (generalizing ORDER BY approach) 2011-10-23 23:02:01 +00:00
Miroslav Stampar
1c3f4e9e54 minor update 2011-10-23 08:44:21 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
7a3096ce25 some refactoring 2011-10-21 21:12:48 +00:00
Miroslav Stampar
9356f8005c important bug fix 2011-10-21 21:07:06 +00:00
Miroslav Stampar
0a8e45955c minor update 2011-10-21 20:44:18 +00:00
Miroslav Stampar
e3a719e7d2 minor update 2011-10-11 22:40:00 +00:00
Miroslav Stampar
7956390631 minor update 2011-10-11 22:27:49 +00:00
Miroslav Stampar
a7a29f33ad minor update 2011-10-11 21:58:57 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
744636a8c1 switching to SQLite resume support (on error and union techniques this moment) 2011-09-25 20:36:32 +00:00
Miroslav Stampar
8fe069b495 minor fix 2011-08-23 21:48:39 +00:00
Miroslav Stampar
cfc1f2b70b minor update 2011-08-22 22:43:14 +00:00
Miroslav Stampar
f4127a80d7 improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used) 2011-08-22 21:43:46 +00:00
Miroslav Stampar
cb32d46f2a minor minor update 2011-08-18 06:09:12 +00:00
Miroslav Stampar
9d31322f3d update regarding special case when conf.uChar appears only in testable pages 2011-08-17 21:40:42 +00:00
Miroslav Stampar
e1dbb4443b minor update related to the last commit 2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) 2011-08-16 06:50:20 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Miroslav Stampar
e849b71027 minor typo 2011-08-03 14:31:42 +00:00
Miroslav Stampar
538b49bcc5 removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports 2011-08-03 13:26:38 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Miroslav Stampar
edab7d01a5 minor fix 2011-08-02 17:31:13 +00:00
Miroslav Stampar
cb0981d858 proper way of handling 0 length results (as in __goInferenceProxy) 2011-08-02 08:39:32 +00:00
Miroslav Stampar
018d7ed646 improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery) 2011-07-31 23:40:09 +00:00
Miroslav Stampar
e522263640 fix for a neverending data retrieval in large full inband cases 2011-07-29 10:45:09 +00:00
Bernardo Damele
938716e361 Proper fix for --start and --stop consistency amongst different techniques 2011-07-26 10:06:28 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Miroslav Stampar
5770c08784 minor optimization and refactoring 2011-07-25 20:17:44 +00:00
Miroslav Stampar
2033a28ae7 minor update regarding last commit (cleaner code) 2011-07-24 20:44:17 +00:00
Miroslav Stampar
3a3561fdaa doing proper big table support for partial union too 2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
9e1a6beb7a Major bug fix in UNION detection, it was a leftover 2011-07-07 00:06:20 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
9eb683531d Minor improvement at blind SQL inj technique for DB2 2011-06-27 22:28:12 +00:00
Miroslav Stampar
9e232256f4 reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic) 2011-06-21 18:29:23 +00:00
Miroslav Stampar
3536320fc9 --stop is inclusive ("Last query output entry to retrieve") 2011-06-21 18:08:33 +00:00
Miroslav Stampar
83af83da9e minor beautification (WordsSet is considered as a bad english) 2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997 Use getPageTextWordsSet() also in --common-columns 2011-06-18 12:30:26 +00:00
Bernardo Damele
cd07139919 Layout adjustments 2011-06-18 11:58:14 +00:00
Miroslav Stampar
905fef0eae now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) 2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece better 2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0 "Please consider to provide" is a bad English 2011-06-18 09:46:22 +00:00
Miroslav Stampar
9498a3f259 little stabilization of multi threading 2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e some fixes 2011-06-16 14:27:44 +00:00
Bernardo Damele
6aade8e6fc grammar fix, again 2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784 Grammar fix 2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36 Rephrase 2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Miroslav Stampar
e7e23d1b79 fix for a Ctrl+C bug reported by nightman@email.de 2011-06-07 17:16:01 +00:00
Miroslav Stampar
50dde39e68 minor update 2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23 more refactoring 2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c refactoring and stabilization of multithreading 2011-06-07 09:50:00 +00:00
Miroslav Stampar
64a862ed58 minor usability update 2011-06-03 14:04:02 +00:00
Miroslav Stampar
fc96764f80 minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None) 2011-06-01 22:06:06 +00:00
Miroslav Stampar
091c174bc4 better language 2011-06-01 08:30:06 +00:00
Miroslav Stampar
42100e0e5b big bug fix 2011-05-30 23:15:29 +00:00
Miroslav Stampar
9600556dae better language 2011-05-30 23:04:49 +00:00
Miroslav Stampar
b79dae6e95 minor update 2011-05-30 14:49:03 +00:00
Miroslav Stampar
d5ede6afb4 fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range) 2011-05-30 06:38:44 +00:00
Miroslav Stampar
6fd8602f01 minor update 2011-05-29 23:33:34 +00:00
Miroslav Stampar
86455ceb9c implementation of multithreading for UNION and ERROR techniques 2011-05-29 23:17:50 +00:00
Miroslav Stampar
ecbeecdccf minor refactoring 2011-05-28 18:11:56 +00:00
Miroslav Stampar
95dea1fbf9 sharp tuning UNION tests even more 2011-05-28 08:06:19 +00:00
Miroslav Stampar
8227298057 user friendliness uber 9000 2011-05-27 08:30:52 +00:00
Miroslav Stampar
5369657cd5 fix for cases with retrieved binary files (preventing difflib nagging around comparison) 2011-05-25 20:54:30 +00:00
Miroslav Stampar
31b48ec11c removing space left 2011-05-23 14:18:33 +00:00
Miroslav Stampar
fb23beef6f most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) 2011-05-22 19:14:36 +00:00
Miroslav Stampar
4fdb6ac9b9 adding useful info 2011-05-22 15:30:19 +00:00
Miroslav Stampar
48c20a62ac minor nag fix 2011-05-22 15:08:55 +00:00
Miroslav Stampar
9e5856caf8 improvement for recognition of scalar vs multiple-row commands 2011-05-19 16:45:05 +00:00
Miroslav Stampar
6ba9dea640 just in case for trimmed output 2011-05-16 06:17:37 +00:00
Miroslav Stampar
d2221e4604 fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...) 2011-05-16 00:23:50 +00:00
Miroslav Stampar
c64eb38a8b same thing as for the last commit, but for error technique this time 2011-05-12 11:52:18 +00:00
Miroslav Stampar
84a7e5ffb9 "unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance 2011-05-12 11:36:02 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Miroslav Stampar
22a1870c2c adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 2011-05-10 12:32:07 +00:00
Miroslav Stampar
83fac3f6d9 fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase) 2011-05-03 21:12:51 +00:00
Miroslav Stampar
e6f010734e minor fix for cases when the retrieved output is safe encoded (like for --os-shell) 2011-05-03 16:14:03 +00:00
Miroslav Stampar
742b0ef76e major improvement of ERROR data retrieval on MSSQL 2011-05-03 13:25:20 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Bernardo Damele
fbe5ba5394 cosmetics 2011-04-21 10:54:12 +00:00
Bernardo Damele
8d8fc2bbd8 cosmetics 2011-04-21 10:17:41 +00:00
Miroslav Stampar
e4d3190f41 reverting back to NVARCHAR because of error technique 2011-04-20 12:59:23 +00:00
Miroslav Stampar
3607f03a9e fix of a minor typo 2011-04-20 12:42:35 +00:00
Miroslav Stampar
1286cc0913 now showing trimmed output in for of warning message (UNION and ERROR techniques affected) 2011-04-20 12:41:58 +00:00
Miroslav Stampar
4fadcf0615 improvement for UNION/ERROR case 2011-04-20 10:17:42 +00:00
Miroslav Stampar
29ee760021 improving time based data retrieval mechanism 2011-04-17 07:24:18 +00:00
Miroslav Stampar
88c76147e1 removed few trailing whitespace lines 2011-04-15 20:52:08 +00:00
Miroslav Stampar
3b6f9945ae minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...) 2011-04-15 14:15:29 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc minor cosmetics for partial inband retrieval 2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be just in case update to prevent gibberish "retrieved: " outputs 2011-04-12 23:07:50 +00:00
Miroslav Stampar
6012ab1c46 better one for previous commit 2011-04-10 21:52:08 +00:00
Miroslav Stampar
e6c50df4f9 preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case) 2011-04-10 21:38:08 +00:00
Miroslav Stampar
277f16d6b3 removing commented out debug print 2011-04-08 22:44:05 +00:00
Miroslav Stampar
6fa2fd139c implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field) 2011-04-08 15:17:57 +00:00
Miroslav Stampar
228cc68747 fix for those ugly DEBUG messages in brute mode 2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656 cosmeticados ;) 2011-04-08 10:39:07 +00:00
Miroslav Stampar
e33a48d40f minor refactoring 2011-04-07 12:54:30 +00:00
Bernardo Damele
c6b9d89d31 Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly 2011-04-07 11:10:35 +00:00
Bernardo Damele
8b14a9eaa7 Minor code adjustments 2011-04-06 14:40:45 +00:00
Miroslav Stampar
b327bbcd9b minor fix (it was quite ... to have this check at the later stage) 2011-04-06 08:39:24 +00:00
Miroslav Stampar
557ed7d665 minor fix for a invalid charset reported by Kirill 2011-03-31 14:39:01 +00:00
Bernardo Damele
fed57282fc Added one more warning message to show what's going on with ctrl+c 2011-03-31 14:26:14 +00:00
Bernardo Damele
3948cd9e77 Minor layout adjustments 2011-03-31 14:13:53 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff quick fix 2011-03-31 08:43:17 +00:00
Miroslav Stampar
0916117447 improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names 2011-03-30 18:32:10 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
1823c116bb minor update for special cases of union testing results 2011-03-28 21:45:38 +00:00
Miroslav Stampar
1119a85f39 it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage) 2011-03-25 21:31:26 +00:00
Miroslav Stampar
6c6133e8aa revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is) 2011-03-25 20:46:37 +00:00
Miroslav Stampar
737b4abf13 this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user) 2011-03-25 20:30:15 +00:00
Miroslav Stampar
422967fbcd just an minor update related to the last commit 2011-03-25 12:21:53 +00:00
Miroslav Stampar
ea52d7acad minor revisit of inference 2011-03-24 20:10:40 +00:00
Miroslav Stampar
0f7bce5c66 fixing a huge mess going on because of counting on error and union techniques 2011-03-23 11:36:40 +00:00
Miroslav Stampar
7613134515 it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic) 2011-03-22 12:37:05 +00:00
Miroslav Stampar
9479a68eb5 minor fix regarding last commit 2011-03-22 12:21:56 +00:00
Miroslav Stampar
c24ed6e622 minor fix related to a bug reported by warninggp@gmail.com 2011-03-22 09:22:48 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
9b1f2d82d0 minor update (that .strip() was a leftover) 2011-03-20 23:20:47 +00:00
Miroslav Stampar
db992a0a86 mssql likes to htmlescape error reports 2011-03-20 23:16:34 +00:00
Bernardo Damele
03fac62592 Minor code restyle 2011-03-17 12:34:29 +00:00
Miroslav Stampar
beba69faa9 implementation of request from Santiago (look for error based responses in redirects) 2011-03-17 09:12:28 +00:00
Miroslav Stampar
847ce863e3 refactoring 2011-03-17 08:54:20 +00:00
Bernardo Damele
d8a76ebe34 Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs 2011-03-11 16:03:19 +00:00
Bernardo Damele
3cb0ca4b63 Minor bug fix for --privileges on PgSQL with error-based SQL inj technique 2011-03-11 15:24:25 +00:00
Bernardo Damele
60605b6e7c Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only) 2011-02-27 12:14:13 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
83d7803ce7 other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2) 2011-02-12 20:03:28 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba More fixes for --common-columns to work against MSSQL too 2011-02-09 17:22:07 +00:00
Miroslav Stampar
917b2b0d6b one more commit related to the previous one 2011-02-09 17:07:02 +00:00
Miroslav Stampar
6c582343fe .. fix 2011-02-09 17:05:06 +00:00
Miroslav Stampar
3de6117253 revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) 2011-02-09 09:53:59 +00:00
Miroslav Stampar
98ca1702ae los cosmeticado 2011-02-08 16:30:32 +00:00
Miroslav Stampar
87e36796c6 just to not cause confusion 2011-02-08 16:29:42 +00:00
Miroslav Stampar
dcb9c93328 minor cleanup 2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
66adf23532 Unbiased approach for searching appropriate usable column 2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) 2011-02-07 16:55:02 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
9eac2339ca 2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8 more appropriate 2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd new UNION column detection is going into wild 2011-02-03 16:16:38 +00:00
Bernardo Damele
253a8d0679 Minor bug fix 2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314 minor fix 2011-02-03 13:28:10 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Miroslav Stampar
777a19cfa9 LOL. removing that debug 'True' 2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631 one more thing ;) 2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667 cosmetics 2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Bernardo Damele
2a0b03e5c6 Unused import 2011-01-30 17:07:27 +00:00
Bernardo Damele
71d82e6f57 Minor layout adjustment 2011-01-30 16:19:58 +00:00
Bernardo Damele
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique 2011-01-30 14:19:50 +00:00
Miroslav Stampar
bc8f1142c9 minor revert 2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
a184a4c772 major of majors bug fix 2011-01-28 14:31:25 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
49aeb41be8 quick bug fix for FALSE positives with UNION based technique 2011-01-27 18:49:44 +00:00
Miroslav Stampar
d3ddaba7be minor refactoring 2011-01-25 13:04:13 +00:00
Miroslav Stampar
5692506131 this was bad thing to have 2011-01-25 01:08:38 +00:00
Miroslav Stampar
8d0c2efbe2 unescaping of char marked payloads 2011-01-24 12:00:16 +00:00
Miroslav Stampar
ff7707579f minor improvement 2011-01-23 11:35:24 +00:00
Miroslav Stampar
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message 2011-01-23 10:51:57 +00:00
Bernardo Damele
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors 2011-01-20 22:02:20 +00:00
Bernardo Damele
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) 2011-01-20 22:01:21 +00:00
Miroslav Stampar
a4a0f10950 minor minor minor 2011-01-20 09:25:34 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
4bdc19d879 minor cosmetics 2011-01-19 22:48:06 +00:00
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781 minor fix (for numeric columns with all 0) 2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f revert 2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19 minor fix 2011-01-13 15:19:37 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92 Proper fix to avoid UNION test false positives 2011-01-11 23:59:02 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f Major bug fix 2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns.
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
c17714c423 suppress session in case of brute methods 2011-01-07 16:47:46 +00:00
Bernardo Damele
16a06117f7 Mere cosmetics 2011-01-07 16:36:32 +00:00
Miroslav Stampar
c968b438f2 Ctrl+C added to union dump 2011-01-06 09:48:04 +00:00
Miroslav Stampar
0616edcc44 adding progress to --union-test 2011-01-06 09:26:01 +00:00
Miroslav Stampar
8b9a624546 added progress into union based entry retrieval 2011-01-06 09:10:20 +00:00
Miroslav Stampar
7ae5192070 adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data) 2011-01-05 10:25:07 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
c7a160bf72 minor update (users want this to see) 2010-12-27 12:00:54 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
a555d1ad68 minor improvement 2010-12-26 11:15:02 +00:00
Miroslav Stampar
320a6f9efb minor minor update 2010-12-26 09:55:33 +00:00
Miroslav Stampar
17d74fc83c cosmeticado 2010-12-26 09:53:40 +00:00
Miroslav Stampar
eaf4b93856 minor update 2010-12-26 09:40:40 +00:00
Miroslav Stampar
6c72e41972 minor fix/update 2010-12-26 02:19:10 +00:00
Miroslav Stampar
c5c4aae3d5 minor update (to prevent adding too much items) 2010-12-25 10:42:36 +00:00
Miroslav Stampar
ea7ba19f6b minor update 2010-12-25 09:43:14 +00:00
Miroslav Stampar
272476773f getPageTextWordsSet on tableExists is pretty powerful stuff 2010-12-25 09:37:33 +00:00
Miroslav Stampar
6845d402fa well, here and there, merry Christmas to all :) 2010-12-24 20:17:53 +00:00
Miroslav Stampar
edcf1a0872 few bug fixes 2010-12-24 18:40:48 +00:00
Miroslav Stampar
7f7fb93155 cosmetics 2010-12-23 18:44:18 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00