sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 16:10:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,192 Commits 4 Branches 122 Tags 98 MiB
bf5ca4bd9a
Commit Graph

879 Commits

Author SHA1 Message Date
Bernardo Damele
bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') 2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload(). 
Minor code cleanup related to error-based payload.
 2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58 can't stay as it is right now. temporary disabling. 2011-02-06 21:17:41 +00:00
Bernardo Damele
6191a7f26f Major fix for a silent bug 2011-02-06 15:53:43 +00:00
Miroslav Stampar
4df8a03c04 using OrderedDict to store parameters in order of appearance 2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d Minor fix 2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) 2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06 minor just in case update 2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e minor refactoring 2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) 2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05 revert 2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899 minor adjustment (accepting strange new looking uri formats) 2011-02-04 10:55:03 +00:00
Miroslav Stampar
e4933f0c92 refactoring 2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804 adding comments to filtering function 2011-02-03 23:09:08 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) 2011-02-03 15:55:19 +00:00
Miroslav Stampar
1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) 2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc minor change (conf.updateAll to conf.update) 2011-02-03 11:13:39 +00:00
Miroslav Stampar
5f49e20cc8 adding --random-agent and removing -a 2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d cosmetics 2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63 added maskSensitiveData function 2011-02-02 14:25:16 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
e73a147fb5 minor update 2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) 2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
2619e4895f Properly handle --technique at save/resume phase 2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569 You never know.. 2011-02-01 22:05:12 +00:00
Miroslav Stampar
705d45f4db minor cosmetics 2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably 2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
25c175a9a5 minor bug fix 2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313 More detailed message for unhandled exception 2011-01-31 21:23:40 +00:00
Bernardo Damele
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o 2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00