sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 21:24:13 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,192 Commits 4 Branches 121 Tags 98 MiB
bf5ca4bd9a
Commit Graph

1527 Commits

Author SHA1 Message Date
Bernardo Damele
bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') 2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload(). 
Minor code cleanup related to error-based payload.
 2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Bernardo Damele
9eac2339ca 2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58 can't stay as it is right now. temporary disabling. 2011-02-06 21:17:41 +00:00
Miroslav Stampar
d2b96a66a2 one more update regarding last few "unescape" related commits 2011-02-06 20:23:23 +00:00
Bernardo Damele
6191a7f26f Major fix for a silent bug 2011-02-06 15:53:43 +00:00
Bernardo Damele
c44978862e Minor reordering of what gets saved into the injection object 2011-02-06 15:20:44 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
4df8a03c04 using OrderedDict to store parameters in order of appearance 2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d Minor fix 2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) 2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06 minor just in case update 2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e minor refactoring 2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) 2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05 revert 2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899 minor adjustment (accepting strange new looking uri formats) 2011-02-04 10:55:03 +00:00
Miroslav Stampar
1af418d444 huge bug fix 2011-02-04 10:18:26 +00:00
Miroslav Stampar
e4933f0c92 refactoring 2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804 adding comments to filtering function 2011-02-03 23:09:08 +00:00
Miroslav Stampar
1aecbe6b08 minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection) 2011-02-03 22:59:26 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8 more appropriate 2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd new UNION column detection is going into wild 2011-02-03 16:16:38 +00:00
Miroslav Stampar
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) 2011-02-03 15:55:19 +00:00
Bernardo Damele
253a8d0679 Minor bug fix 2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314 minor fix 2011-02-03 13:28:10 +00:00
Miroslav Stampar
1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) 2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc minor change (conf.updateAll to conf.update) 2011-02-03 11:13:39 +00:00
Miroslav Stampar
402c1b622e removing urlencode from UA 2011-02-02 15:18:06 +00:00
Miroslav Stampar
5f49e20cc8 adding --random-agent and removing -a 2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d cosmetics 2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63 added maskSensitiveData function 2011-02-02 14:25:16 +00:00
Bernardo Damele
5f0114a2a8 Minor bug fix 2011-02-02 14:06:40 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e73a147fb5 minor update 2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) 2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. 
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
 2011-02-01 22:07:42 +00:00