sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	78bbf5d63c	Fixes #1451	2015-10-06 14:17:35 +02:00
Miroslav Stampar	53de0e8949	Implements #1442	2015-10-01 11:57:33 +02:00
Miroslav Stampar	81caf14b6d	Adding switch --skip-waf	2015-09-21 14:57:44 +02:00
Miroslav Stampar	e81e474646	Minor adjustment	2015-09-21 14:46:34 +02:00
Miroslav Stampar	56f0b811a6	Minor patch	2015-09-21 13:23:56 +02:00
Miroslav Stampar	c05c0ff435	Minor patch with imports	2015-09-10 15:55:49 +02:00
Miroslav Stampar	f494004f44	Switching to the getSafeExString (where it can be used)	2015-09-10 15:51:33 +02:00
Miroslav Stampar	c1f829d131	Removing last remnants of bad handling the exceptions as strings	2015-09-08 11:15:31 +02:00
Miroslav Stampar	e623ee66ad	Better approach for #1320	2015-07-30 23:29:31 +02:00
Miroslav Stampar	58002c5057	Minor cosmetics	2015-07-23 09:55:59 +02:00
Miroslav Stampar	21e8182ac6	Fixes #1305	2015-07-18 17:01:34 +02:00
Miroslav Stampar	00f190fc92	Fixes #1303	2015-07-17 10:14:35 +02:00
Miroslav Stampar	16f8e4c8ba	Removing unused imports	2015-07-12 12:25:02 +02:00
Miroslav Stampar	10f8c6a0b6	Introducing --offline switch (to perform session only lookups)	2015-07-10 16:10:24 +02:00
Miroslav Stampar	9bdbdc136f	Minor cosmetics update	2015-07-10 11:33:12 +02:00
Miroslav Stampar	0ba264bfa0	Minor patch	2015-07-10 09:51:11 +02:00
Miroslav Stampar	4baaa4a5ad	Minor improvement	2015-07-10 09:24:14 +02:00
Miroslav Stampar	9ff115ce71	Minor patch	2015-07-10 01:33:53 +02:00
Miroslav Stampar	02470ea683	Further decreasing number of testing payloads	2015-07-10 01:19:46 +02:00
Miroslav Stampar	48b627f3ff	Prevent double tests (e.g. in same final tests where suffix is cut by the comment)	2015-07-10 00:54:02 +02:00
Miroslav Stampar	ca2f63c672	Test speed up in case of boolean based blind	2015-07-10 00:37:59 +02:00
Miroslav Stampar	96327b6701	Fixes #1290	2015-07-05 01:47:01 +02:00
Miroslav Stampar	1f71d809d4	Fixes #1288	2015-07-03 08:55:33 +02:00
Miroslav Stampar	08caca387b	Minor patch of automatic WAF heuristic check	2015-05-29 16:01:41 +02:00
Miroslav Stampar	17bfda1b9c	Adding new switch ('--skip-static')	2015-05-18 20:57:15 +02:00
Miroslav Stampar	7587528ebd	Fixes #1202	2015-03-26 11:40:19 +01:00
Miroslav Stampar	adc8ac267d	Fixes #1190	2015-03-10 09:23:26 +01:00
Bernardo Damele	8281fe48e5	bug fix: test for boundaries with high levels if the test was extended	2015-03-01 11:02:05 +00:00
Bernardo Damele	2f08c8b666	bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup	2015-02-27 13:57:28 +00:00
Bernardo Damele	475cc8b24b	trivial code cleanup	2015-02-21 13:12:30 +00:00
Bernardo Damele	d235ee375b	code cleanup	2015-02-21 12:59:44 +00:00
Bernardo Damele	52dd92748a	rework some of the logic of the detection phase based on identified DBMS along the way	2015-02-21 02:23:42 +00:00
Bernardo Damele	4f939b5719	avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables	2015-02-20 18:36:34 +00:00
Bernardo Damele	214b9360e9	Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup	2015-02-20 18:30:42 +00:00
Bernardo Damele	79d4d970a5	trivial code cleanup	2015-02-20 15:42:28 +00:00
Bernardo Damele	201b605f9b	Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already	2015-02-20 10:21:44 +00:00
Bernardo Damele	e17d212c23	bug fix introduced with `863d5a6281`	2015-02-15 20:07:52 +00:00
Bernardo Damele	863d5a6281	--test-filter now ignores values of --risk and --level	2015-02-15 16:28:37 +00:00
Miroslav Stampar	2e5c11e427	Closes #1163	2015-02-13 10:59:03 +01:00
Miroslav Stampar	2e9bf47703	Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145 )	2015-01-30 22:12:35 +01:00
Miroslav Stampar	b7cfaa6ca5	Minor style update	2015-01-22 08:55:37 +01:00
Miroslav Stampar	a603002acd	Adding a choice to automatically turn on --identify-waf if protection has been detected	2015-01-20 09:38:18 +01:00
Miroslav Stampar	0c4d63fb00	Bug fix (reported by user over ML)	2015-01-08 09:00:21 +01:00
Miroslav Stampar	45bdefd29b	Update of copyright	2015-01-06 15:02:16 +01:00
Miroslav Stampar	6fc41ca940	Heuristically checking for WAF/IDS/IPS by default	2015-01-06 14:01:47 +01:00
Miroslav Stampar	beffe85d6c	Patch for an Issue #1085	2015-01-03 22:30:21 +01:00
Miroslav Stampar	e6de92ce88	Minor patch (unicode related)	2014-12-15 13:36:08 +01:00
Miroslav Stampar	1e06e7c386	Adding a debug message during name resolution	2014-12-11 13:29:26 +01:00
Miroslav Stampar	a7b21a2f62	Rerun advice update	2014-12-09 09:02:06 +01:00
Miroslav Stampar	034fae0f47	Patch for an Issue #992	2014-12-05 11:24:43 +01:00
Miroslav Stampar	9b32e69f26	Adding new WAF script (UrlScan)	2014-12-04 10:06:15 +01:00
Miroslav Stampar	5c182a0ec4	Update for an Issue #431	2014-11-21 11:33:57 +01:00
Miroslav Stampar	f0802c6fb9	Update for an Issue #431	2014-11-21 11:20:54 +01:00
Miroslav Stampar	cf2d5fd453	Update for an Issue #431	2014-11-21 09:41:49 +01:00
Miroslav Stampar	05d5342f20	Update and patch for an Issue #2	2014-11-17 11:50:05 +01:00
Miroslav Stampar	fc1b05bec9	Implementation for an Issue #2	2014-10-23 11:23:53 +02:00
Miroslav Stampar	34aed7cde0	Bug fix (now it's possible to use multiple parsed requests without mixing associated headers)	2014-10-22 13:49:29 +02:00
Miroslav Stampar	c6a8feea8a	Fix for an Issue #831	2014-10-07 12:00:11 +02:00
Miroslav Stampar	f67a38dba9	Minor adjustment	2014-10-01 13:42:10 +02:00
Miroslav Stampar	a9454fbb43	Minor commit related to the last one (bypassing DBMS error trimming problem)	2014-10-01 13:35:20 +02:00
Miroslav Stampar	8c9014c39f	Adding a dummy (auxiliary) XSS check	2014-10-01 13:31:48 +02:00
Miroslav Stampar	bfc8ab0e35	Language update	2014-09-08 14:48:31 +02:00
Miroslav Stampar	53d0d5bf8b	Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)	2014-09-08 14:33:13 +02:00
Miroslav Stampar	20ff402103	Minor patch	2014-08-30 22:04:55 +02:00
Miroslav Stampar	dc2ee8bfa0	Minor update	2014-08-30 21:53:09 +02:00
Miroslav Stampar	1a9a331422	Bug fix (proper extending of tests when dbms is known)	2014-08-30 21:34:23 +02:00
Miroslav Stampar	834f8e18c8	Minor patch for an Issue #802	2014-08-28 00:45:57 +02:00
Miroslav Stampar	b77d8d617b	Minor patch for an Issue #800	2014-08-28 00:31:49 +02:00
Miroslav Stampar	7828f61642	Minor style update	2014-08-20 13:35:41 +02:00
Miroslav Stampar	6795b51c7e	Another minor update	2014-08-20 01:59:30 +02:00
Miroslav Stampar	d08c1b7c04	Minor update	2014-08-20 01:45:42 +02:00
Miroslav Stampar	ebc964267f	Better reporting on filtered-chars cases	2014-08-20 01:11:26 +02:00
Miroslav Stampar	b31e141012	Fix for an Issue #772	2014-07-29 14:37:48 +02:00
Miroslav Stampar	0eb5fb1e5a	Update for an Issue #757	2014-07-19 23:02:14 +02:00
Miroslav Stampar	2a88436417	Patch for an Issue #724	2014-06-16 09:51:24 +02:00
Miroslav Stampar	cb0044b2c4	Minor beauty patch	2014-04-07 20:28:17 +02:00
Miroslav Stampar	9456dc68e7	Minor patch	2014-04-06 17:24:27 +02:00
Miroslav Stampar	cf250a0381	Minor patch (it would go boom if special character was inside the --param-del)	2014-04-06 17:02:32 +02:00
Miroslav Stampar	0ae8ac707e	Renaming conf.pDel to conf.paramDel	2014-04-06 16:48:46 +02:00
Miroslav Stampar	106102bd3c	Fix for an Issue #648	2014-03-21 20:28:29 +01:00
Miroslav Stampar	3b47418a1d	Fix for an Issue #640	2014-03-14 22:20:20 +01:00
Miroslav Stampar	2ffdee5733	Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed)	2014-02-26 11:41:48 +01:00
Miroslav Stampar	edc8ef9d5b	Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used)	2014-02-25 13:48:34 +01:00
Miroslav Stampar	2a423d61ef	Raising number of requests for false positive testing in case of higher levels	2014-02-23 19:40:01 +01:00
Miroslav Stampar	fe0ff6e679	Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases	2014-02-09 17:50:16 +01:00
Miroslav Stampar	f97fcb7bb3	Adding a switch --invalid-string	2014-01-23 21:56:06 +01:00
Miroslav Stampar	f88f6dcd7e	Changing --invalid-bignum from float producing to int producing	2014-01-23 09:07:25 +01:00
Bernardo Damele	43a4e85749	updated copyright	2014-01-13 17:24:49 +00:00
Miroslav Stampar	6c80f2903b	Patch for an Issue #564	2013-12-27 11:02:59 +01:00
Miroslav Stampar	bf3fbb0ae0	Ignore Google analytics cookies	2013-12-04 09:56:37 +01:00
Miroslav Stampar	7ed05f01b3	Minor update	2013-10-27 00:24:57 +02:00
Miroslav Stampar	334c698d53	Adding change verbosity level in testing phase when Ctrl+C pressed	2013-10-17 16:54:53 +02:00
Moshe Kaplan	8cd641a2a6	minor typos corrected "choosen" -> "chosen"	2013-10-15 13:26:24 -04:00
Miroslav Stampar	2dc570d7a8	Minor patch (for ORDER BY 'col' cases)	2013-10-10 23:08:20 +02:00
Miroslav Stampar	369006ca73	Bug fix	2013-10-07 12:54:25 +02:00
Miroslav Stampar	0cf2bdeb1c	Minor language update	2013-08-22 11:11:30 +02:00
Miroslav Stampar	38ee95e2c9	Minor language update	2013-08-13 18:58:24 +02:00
Miroslav Stampar	52a71546d0	Implementation for an Issue #507	2013-08-13 18:55:23 +02:00
Miroslav Stampar	941b2387c0	Minor fix	2013-07-31 09:22:45 +02:00
Miroslav Stampar	b921ff0729	Fix for an Issue #495	2013-07-27 11:20:43 +02:00
stamparm	e6f71c2130	Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE)	2013-07-15 16:24:49 +02:00
stamparm	c9d3974205	Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE)	2013-07-15 13:54:02 +02:00
stamparm	ac2d40e259	Revert of last commit (there is a chance that that big integer value is really valid :)	2013-07-15 13:34:38 +02:00
stamparm	a097ee1505	Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)	2013-07-15 13:31:56 +02:00
stamparm	d7c0805e7c	Removing leftover	2013-07-08 12:45:02 +02:00
stamparm	a548eb5c70	Minor text update	2013-07-08 12:44:14 +02:00
stamparm	d0e79a4d15	Minor text update	2013-07-08 12:38:36 +02:00
stamparm	a530817727	Minor typo fix	2013-07-08 11:52:46 +02:00
stamparm	8d3435ab0b	Removing reflective warning for parsing heuristic test	2013-07-08 11:48:33 +02:00
stamparm	04046f38eb	Minor update (Issue #475 )	2013-07-01 12:26:57 +02:00
stamparm	f7d15cb465	Official naming is HSQLDB (and/or HyperSQL)	2013-07-01 11:57:47 +02:00
Miroslav Stampar	aeb83ba651	Merge pull request #475 from Meatballs1/hsql_clean HSQL Payloads and Query Support	2013-07-01 02:38:04 -07:00
stamparm	fd5b665f7d	Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)	2013-06-26 10:55:34 +02:00
Meatballs	62000c6406	Remaining files	2013-06-24 14:42:58 +01:00
stamparm	690645f6c7	Cosmetic fix	2013-06-19 10:50:00 +02:00
stamparm	f4ca4cd6c5	Minor update	2013-05-29 15:49:09 +02:00
Miroslav Stampar	d3ad408a21	Minor cosmetics	2013-05-19 22:17:53 +02:00
Miroslav Stampar	980a0e3adb	Trivial update	2013-05-18 21:00:53 +02:00
Miroslav Stampar	1ff98c2ff9	Another minor text update	2013-05-18 21:00:11 +02:00
Miroslav Stampar	967513e1bb	Minor message update	2013-05-18 20:59:23 +02:00
Miroslav Stampar	caa4ee96cd	Minor cosmetic update	2013-05-18 18:28:44 +02:00
Miroslav Stampar	6608410320	Adding a question after WAF has been identified	2013-05-18 18:26:40 +02:00
stamparm	03732d2592	Minor fix	2013-05-17 16:04:05 +02:00
stamparm	76b4e1ccb9	Implementation for an Issue #450	2013-05-17 15:04:25 +02:00
stamparm	f1f34a65a2	Minor update	2013-05-15 13:38:26 +02:00
Miroslav Stampar	034e123b0c	Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)	2013-05-12 16:24:13 +02:00
Miroslav Stampar	840ee26a14	If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available	2013-04-15 18:42:26 +02:00
stamparm	1c2197e8de	Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)	2013-04-15 16:18:40 +02:00
stamparm	a3d36fcb73	Minor update	2013-04-15 16:07:27 +02:00
stamparm	aed738d6e6	Update for an Issue #361	2013-04-15 14:20:21 +02:00
stamparm	3e65037a05	Introducing lib/utils/sqlalchemy.py (Issue #361 )	2013-04-15 10:33:25 +02:00
stamparm	661b44135d	Minor bug fix	2013-04-10 11:59:07 +02:00
stamparm	8c9da95343	Style and consistency update (url -> URL)	2013-04-09 11:48:42 +02:00
Miroslav Stampar	153aa10b77	Minor cosmetic update	2013-04-03 19:00:54 +02:00
stamparm	5dd2529b02	Minor language update	2013-03-26 14:18:37 +01:00
stamparm	4d2b77dde3	Minor language update	2013-03-26 14:15:40 +01:00
stamparm	3f8dafedae	Minor text update	2013-03-26 14:08:35 +01:00
stamparm	7447773237	Update for consistency (all other enums are using _ in between words)	2013-03-20 11:10:24 +01:00
Miroslav Stampar	8acf033715	Code refactoring	2013-03-19 19:24:14 +01:00
Miroslav Stampar	a3d9a7b1ff	Minor fix	2013-03-19 19:06:51 +01:00
Martin Bjerregaard Jepsen	d7a77c79ad	Fixed incorrect call to checkBooleanExpression when testing for false positives	2013-03-01 22:51:34 +01:00
stamparm	3a3f9c5ea1	Trivial commit related to the last one	2013-03-01 12:09:03 +01:00
stamparm	440b484bf6	Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)	2013-03-01 10:59:04 +01:00
Miroslav Stampar	e42350ddce	Minor style update	2013-02-28 20:28:34 +01:00
Miroslav Stampar	0e89cc62a2	Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections	2013-02-28 20:20:08 +01:00
stamparm	af4762ace2	Minor style update	2013-02-26 11:16:09 +01:00
stamparm	f6b43b4b13	Minor update for an Issue #290	2013-02-26 11:08:06 +01:00
stamparm	68ce51bfd4	Changing from warn to info for no WAF found	2013-02-22 12:15:38 +01:00
stamparm	0bbbfc2eac	Adding a small warning message (related to the Issue #407 )	2013-02-22 11:12:41 +01:00
Miroslav Stampar	229e4e167b	Minor cosmetics	2013-02-21 21:06:31 +01:00
stamparm	3a8c0cd3a2	Minor style update	2013-02-21 14:52:56 +01:00
stamparm	29ba43ee6c	Unhidding switch '--identify-waf' (Issue #290 )	2013-02-21 14:48:19 +01:00
stamparm	08f0670aca	Minor refactoring for an Issue #290	2013-02-21 14:39:22 +01:00
stamparm	8e49872d7c	Finalizing implementation for an Issue #290	2013-02-21 14:33:12 +01:00
stamparm	6b2981ef4e	Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)	2013-02-21 11:14:57 +01:00
Miroslav Stampar	5c099efccc	Fix for an Issue #401	2013-02-18 11:38:18 +01:00
Bernardo Damele	4b9d8ed673	reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter	2013-02-14 11:32:17 +00:00
Bernardo Damele	a67ef4117f	make sure to use Python 2 interpreter when default system Python is version 3	2013-02-14 11:25:04 +00:00
Miroslav Stampar	1618086027	Minor fix	2013-02-05 10:58:02 +01:00
Miroslav Stampar	44579120b5	Cosmetics	2013-02-05 10:02:11 +01:00
Miroslav Stampar	e7b93b5b66	Implementation for an Issue #363	2013-02-01 17:24:04 +01:00
Miroslav Stampar	993372aae4	Bug fix (causing search problems)	2013-02-01 11:24:17 +01:00
Bernardo Damele	103045d284	variable renamed	2013-01-30 15:30:34 +00:00
Miroslav Stampar	f41460f8d8	Better naming	2013-01-29 20:53:11 +01:00
Bernardo Damele	a56f4ec15c	techniques has to go too to the API (issue #297 )	2013-01-29 15:34:53 +00:00
Bernardo Damele	bfce7210e6	improvements to the dump library to output to the API data fetched properly formatted (issue #297 )	2013-01-29 15:34:20 +00:00
Miroslav Stampar	8c84a16cb7	Minor style update for an Issue #377	2013-01-25 12:52:31 +01:00
Miroslav Stampar	194a9e7b88	Implementation for an Issue #377	2013-01-25 12:34:57 +01:00
Miroslav Stampar	b4a55a809e	Refactoring DBMS string escaping functions	2013-01-20 13:45:58 +01:00
Miroslav Stampar	ac7709204a	Better fix for that page/headers/comparison --string candidate problem	2013-01-18 17:00:11 +01:00
Miroslav Stampar	8141d17985	Revert of previous commit (more care has to be done regarding headers dynamicity)	2013-01-18 16:49:35 +01:00
Miroslav Stampar	33094a118c	Fix for an Issue where '--string' is being automatically picked not looking properly in headers too	2013-01-18 16:35:09 +01:00
Bernardo Damele	a43202f3c0	updated copyright	2013-01-18 14:07:51 +00:00
Bernardo Damele	542f6de72e	typo fix	2013-01-16 01:31:03 +00:00
Bernardo Damele	8125fe90a7	code refactoring	2013-01-14 10:22:38 +00:00
Miroslav Stampar	03dd958d96	Implementation for an Issue #48	2013-01-13 16:22:43 +01:00
Miroslav Stampar	934d41dac2	Minor style update (PEP8)	2013-01-10 15:02:28 +01:00
Miroslav Stampar	ca3d35a878	Some PEP8 related style cleaning	2013-01-10 13:18:44 +01:00
Miroslav Stampar	25f01a419f	Minor style update (for the sake of consistency over the code and our PEP8 adaptation)	2013-01-09 15:38:41 +01:00
Miroslav Stampar	87e923613f	Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST)	2013-01-05 21:16:47 +01:00
Miroslav Stampar	5b77b20e2e	Removing trailing whitespaces (PEP8)	2013-01-03 23:57:07 +01:00
Miroslav Stampar	e4a3c015e5	Replacing old and deprecated raise Exception style (PEP8)	2013-01-03 23:20:55 +01:00
Bernardo Damele	3a11d36c66	minor bug fix	2013-01-02 21:49:15 +00:00
Miroslav Stampar	3d01890147	Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)	2012-12-27 21:15:44 +01:00
Miroslav Stampar	0d5d84edc7	Minor cleanup	2012-12-20 21:03:41 +01:00
Bernardo Damele	3be90c97aa	forgot these	2012-12-19 14:12:45 +00:00
Bernardo Damele	ac44cf3ec0	minor fix: add also back-end DBMS and web app fingerprint output to log file	2012-12-17 13:02:09 +00:00
Bernardo Damele	2442a58884	minor leftover of deprecated XMLRPC service	2012-12-17 11:26:31 +00:00
Miroslav Stampar	df0f08bc6a	Cleaning some (web upload based) garbage	2012-12-13 13:19:47 +01:00
Miroslav Stampar	c3f20a136f	Minor update for an Issue #287	2012-12-12 14:03:03 +01:00
Miroslav Stampar	760519dbe9	Removing redundant piece of code	2012-12-11 15:21:27 +01:00
Miroslav Stampar	a54c261496	Minor update for Issues #292 & #293 (only single alert per target)	2012-12-11 14:44:43 +01:00
Miroslav Stampar	5c2451d83c	Implementation for an Issue #293	2012-12-11 12:48:58 +01:00
Miroslav Stampar	562044577b	Implementation for an Issue #292	2012-12-11 12:02:06 +01:00
Miroslav Stampar	5677db02b7	Minor update	2012-12-10 12:40:28 +01:00
Miroslav Stampar	42f4c2bac9	Minor fix when --dbms is enforced	2012-12-10 11:42:10 +01:00
Miroslav Stampar	974407396e	Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)	2012-12-06 14:14:19 +01:00
Miroslav Stampar	ab67344448	Removed unused imports and variables (pyflake-ing)	2012-12-06 11:15:05 +01:00
Miroslav Stampar	775e0df04b	Update for an Issue #278	2012-12-05 10:45:17 +01:00
Miroslav Stampar	949fcb77cf	Minor style update	2012-12-05 10:22:16 +01:00
Miroslav Stampar	a52dbc575b	Patch for an Issue #246	2012-11-13 10:21:11 +01:00
Miroslav Stampar	2de52927f3	Code refactoring (epecially Google search code)	2012-10-30 18:38:10 +01:00
Miroslav Stampar	ca427af8b3	Minor refactoring/improvement	2012-10-28 01:42:08 +02:00
Miroslav Stampar	bcdba7b7bb	Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details	2012-10-28 01:11:50 +02:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	235cc656b9	Fix for an Issue #224	2012-10-25 15:25:31 +02:00
Miroslav Stampar	bcf708f4b1	Minor update	2012-10-25 13:37:33 +02:00
Miroslav Stampar	fdcdd11cb9	Minor update for an Issue #222	2012-10-25 13:35:44 +02:00
Miroslav Stampar	8a5844a364	Implementation for an Issue #222	2012-10-25 13:21:32 +02:00
Miroslav Stampar	d65d9e25cd	Implementation for an Issue #2	2012-10-19 11:02:14 +02:00
Miroslav Stampar	9ad58cb531	Implementation for an Issue #204	2012-10-16 10:24:05 +02:00
Miroslav Stampar	cc3f387551	Patch for an Issue #127	2012-10-05 10:49:31 +02:00
Miroslav Stampar	f71b937add	Minor language cleanup	2012-10-04 18:28:36 +02:00
Miroslav Stampar	2fbd05c98f	Minor language update	2012-10-04 18:04:55 +02:00
Miroslav Stampar	dee6d2f9ff	Minor language update	2012-10-04 11:34:14 +02:00
Miroslav Stampar	6eae7013b6	Minor cosmetics	2012-09-26 15:03:12 +02:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	9ca7b3e20e	Implementation for an Issue #194	2012-09-25 09:25:35 +02:00
Miroslav Stampar	c3d191e626	Minor update for an Issue #2	2012-09-06 14:13:54 +02:00
Miroslav Stampar	c1c65a7167	Fix for an Issue #166	2012-08-29 20:21:45 +02:00
Miroslav Stampar	e9ae44c6fc	Implementation for an #162	2012-08-22 16:50:01 +02:00
Miroslav Stampar	0ad3846451	Minor language update	2012-08-22 16:10:56 +02:00
Miroslav Stampar	a62a874d59	Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)	2012-08-22 16:06:09 +02:00
Miroslav Stampar	4ab4fd1cb4	Minor update	2012-08-22 15:53:40 +02:00
Miroslav Stampar	52351e5d81	Update for an Issue #161 (now detecting format error messages too)	2012-08-22 15:51:47 +02:00
Miroslav Stampar	7b93108e7d	Favoring non-string specific boundaries in case of digit-like parameter values	2012-08-22 13:58:52 +02:00
Miroslav Stampar	25ee333e66	Minor language update	2012-08-22 12:00:17 +02:00
Miroslav Stampar	8a5042b6a4	Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)	2012-08-22 11:56:30 +02:00
Miroslav Stampar	7d0662da23	Update for an #161	2012-08-22 11:42:06 +02:00
Miroslav Stampar	61151447fe	Implementation of an Issue #161	2012-08-22 11:27:58 +02:00
Miroslav Stampar	6210ddfbd6	Minor refactoring	2012-08-22 11:00:39 +02:00
Miroslav Stampar	a927d94d39	Update for an Issue #155	2012-08-22 10:57:31 +02:00
Miroslav Stampar	6f450ac8bf	Implementation for an Issue #155	2012-08-20 12:14:01 +02:00
Miroslav Stampar	823dde73ab	Minor cleanup	2012-08-20 11:40:49 +02:00
Miroslav Stampar	2b6123c4f8	Minor style update	2012-08-20 11:29:23 +02:00
Miroslav Stampar	e0d9fa8666	Minor style update	2012-08-20 11:28:41 +02:00
Miroslav Stampar	76338add17	Fix for an Issue #152	2012-08-20 10:41:43 +02:00
Miroslav Stampar	f358ab2e73	Implementation of an Issue #147	2012-08-15 16:37:18 +02:00
Miroslav Stampar	6f529542e3	Making those --string tips (containing escaped characters) decodable by sqlmap	2012-07-31 11:32:53 +02:00
Miroslav Stampar	142fc887f1	Fix for an Issue #129	2012-07-31 11:03:44 +02:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	30f8d09651	Implementation for an Issue #70	2012-07-26 12:06:02 +02:00
Miroslav Stampar	2b60e61d54	Minor update for #119	2012-07-25 10:57:19 +02:00
Miroslav Stampar	922ea9d1f4	Update for Issue #118	2012-07-24 15:43:29 +02:00
Miroslav Stampar	3279ce53a8	Minor style update	2012-07-23 13:57:38 +02:00
Bernardo Damele	318a01b867	minor typo fixes	2012-07-17 00:25:02 +01:00
Miroslav Stampar	87ecf205cb	More work for Issue #66	2012-07-14 17:01:04 +02:00
Miroslav Stampar	805120ac52	Minor refactoring	2012-07-14 11:01:30 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Bernardo Damele	53c0336b48	added --hostname switch to retrieve DBMS server hostname - closes issue #69	2012-07-12 00:01:57 +01:00
Bernardo Damele	c4af7b9aa0	initial work for issue #33	2012-07-10 00:27:08 +01:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Miroslav Stampar	7ad6697446	Fix for Issue #57	2012-07-04 20:21:44 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	302d782a0f	minor style update	2012-06-19 08:33:51 +00:00
Miroslav Stampar	3da8f86e97	minor fix	2012-06-15 21:01:27 +00:00
Miroslav Stampar	76584ff0fa	unhidding --test-filter	2012-06-14 14:36:53 +00:00
Miroslav Stampar	d2bbfa4aad	minor style update	2012-05-28 14:04:17 +00:00
Miroslav Stampar	dc20bff1d0	minor update	2012-05-25 08:30:24 +00:00
Miroslav Stampar	7657bbeaf9	minor update	2012-05-24 22:32:06 +00:00
Miroslav Stampar	86fdad2bfa	minor update	2012-05-24 22:07:50 +00:00
Miroslav Stampar	1e18168cc8	fix for one silent bug and small language update	2012-05-23 16:35:40 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	7fb1f3fc70	minor renaming	2012-05-09 18:26:02 +00:00
Miroslav Stampar	11d9859199	making nice code	2012-05-09 18:25:04 +00:00
Miroslav Stampar	b0a8238774	minor fixes	2012-05-09 14:58:16 +00:00
Miroslav Stampar	6177317a17	minor update	2012-05-09 10:06:23 +00:00
Miroslav Stampar	deec97dfe3	adding Frontbase to error message regexes	2012-05-08 17:02:58 +00:00
Miroslav Stampar	80ee687b41	minor beauty patch	2012-05-07 13:51:31 +00:00
Miroslav Stampar	6f67dc85ee	adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical	2012-04-25 20:29:07 +00:00
Miroslav Stampar	3532d23933	automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)	2012-04-23 13:41:36 +00:00
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	54576ab3a6	making a random choice from candidates	2012-04-13 10:54:30 +00:00
Miroslav Stampar	bbbcc95fe5	use it only if page is stable	2012-04-13 10:19:26 +00:00
Miroslav Stampar	052d9455fe	warning user in cases of "User xyz already has more than 'max_user_connections' active connections"	2012-04-12 09:44:54 +00:00
Miroslav Stampar	b45ae10da4	minor fixes	2012-04-11 21:36:37 +00:00
Miroslav Stampar	e33ea7c33a	minor fix	2012-04-10 22:29:39 +00:00
Miroslav Stampar	a82206cec4	minor cosmetics	2012-04-10 21:57:00 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	ce4c697bbd	disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code	2012-03-29 13:39:12 +00:00
Miroslav Stampar	c9cac957bb	adding one more case for false positive check (Generic tests without any DBMS knowledge)	2012-03-29 09:56:09 +00:00
Miroslav Stampar	3abcd6910a	strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test	2012-03-22 00:06:50 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Miroslav Stampar	577caac4de	putting kb.negativeLogic setting to the safe place	2012-03-16 09:17:11 +00:00
Miroslav Stampar	7d313ac911	few more fixes for proper redirecting mechanism	2012-03-15 19:47:59 +00:00
Bernardo Damele	4520744b4d	second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now	2012-03-15 16:25:26 +00:00
Miroslav Stampar	a7fbc55748	grammar fix	2012-03-13 22:03:23 +00:00
Miroslav Stampar	c878dd3e5a	doing a dummy test for --os-shell in case of xp_cmdshell	2012-03-09 14:21:41 +00:00
Miroslav Stampar	a0b46963cb	minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)	2012-03-09 10:28:19 +00:00
Miroslav Stampar	0ead1fd87e	minor update	2012-03-05 09:42:52 +00:00
Miroslav Stampar	1ec56f93ec	minor update	2012-03-01 10:10:19 +00:00
Miroslav Stampar	f142c0f782	minor update	2012-02-28 14:04:13 +00:00
Miroslav Stampar	22b3fa0749	minor update	2012-02-27 15:28:36 +00:00
Miroslav Stampar	a9bf0297f6	moving injection data to HashDB	2012-02-27 13:44:07 +00:00
Miroslav Stampar	f94b91ad87	added helper function for HashDB data storing/retrieval	2012-02-24 13:07:20 +00:00
Miroslav Stampar	6e54cb171f	minor code restyling	2012-02-22 15:53:36 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Miroslav Stampar	386e98a0e3	using UNION SELECT for where=..NEGATIVE	2012-02-22 09:41:58 +00:00
Miroslav Stampar	844fc8addb	minor cleanup	2012-02-16 10:19:36 +00:00
Miroslav Stampar	23cc8b6974	minor fix for special cases when parameter value contains html encoded characters	2012-02-14 14:08:10 +00:00
Miroslav Stampar	2604e73d88	minor change in workflow	2012-02-13 11:18:47 +00:00
Miroslav Stampar	96f589fc89	minor fix	2012-02-12 19:22:33 +00:00
Miroslav Stampar	249cb48b0b	minor fix	2012-02-10 15:59:11 +00:00
Miroslav Stampar	6be95194a7	matter of concision	2012-02-10 15:37:43 +00:00
Miroslav Stampar	eab7a54e03	cosmetics	2012-02-10 15:34:04 +00:00
Miroslav Stampar	92590d0d59	minor fix	2012-02-10 15:26:55 +00:00
Miroslav Stampar	e36e9de57e	minor update by request	2012-02-10 15:12:23 +00:00
Miroslav Stampar	11af0b1bbc	minor fix	2012-02-07 11:16:03 +00:00
Miroslav Stampar	8405ef59ac	some estetic updates	2012-02-01 14:49:42 +00:00
Miroslav Stampar	23117e72ca	minor improvement	2012-01-13 20:56:06 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	1d0b43b1a2	implemented mechanism for merging cookies by request	2012-01-11 14:28:08 +00:00
Miroslav Stampar	1f085a0241	now [SLEEPTIME] is changeable properly in vivo	2012-01-05 14:45:05 +00:00
Miroslav Stampar	94d43a4135	minor bug fix	2011-12-30 14:20:06 +00:00
Miroslav Stampar	22c3fe49bb	some refactoring	2011-12-28 13:50:03 +00:00
Miroslav Stampar	f622995a29	compatibility with partial union and error technique resumed data	2011-12-22 12:20:21 +00:00
Miroslav Stampar	6f8d8a15aa	minor update	2011-12-22 11:55:02 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	c57941c102	minor beautification	2011-12-15 23:33:44 +00:00
Miroslav Stampar	27d244b326	minor update	2011-12-15 23:29:11 +00:00
Miroslav Stampar	563c0c1066	adding switch --tor-type	2011-12-15 23:19:55 +00:00
Miroslav Stampar	0f5d48ff20	minor update	2011-12-05 09:25:56 +00:00
Miroslav Stampar	872a73f631	minor refactoring	2011-11-29 19:17:07 +00:00
Miroslav Stampar	2842c13d75	minor update	2011-11-29 16:59:06 +00:00
Miroslav Stampar	2ed3efba12	speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)	2011-11-22 08:39:13 +00:00
Miroslav Stampar	eee03871d7	minor refactoring	2011-11-21 21:31:08 +00:00
Miroslav Stampar	49fddaf668	minor update (for cases with 404 original page - e.g. time based injections in some cases)	2011-11-20 23:11:18 +00:00
Miroslav Stampar	8c32b3653b	minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)	2011-11-20 20:27:30 +00:00
Miroslav Stampar	7314de3490	language update	2011-11-15 11:17:39 +00:00
Miroslav Stampar	20ae1c2187	added switch --logic-negative	2011-10-24 00:40:06 +00:00
Miroslav Stampar	eb240243ea	minor update	2011-10-21 22:21:41 +00:00
Miroslav Stampar	05b9951a8b	minor beautification	2011-10-21 09:19:31 +00:00
Miroslav Stampar	4989e8e6d3	minor update	2011-10-10 17:29:54 +00:00
Miroslav Stampar	a31a0aa8d4	minor update	2011-10-06 22:29:49 +00:00
Miroslav Stampar	b888a84764	minor update	2011-09-27 14:31:58 +00:00
Miroslav Stampar	88f1110c44	adding a new (for now) hidden switch --test-filter for filtering tests by their name	2011-09-27 14:09:25 +00:00
Miroslav Stampar	7e80274fac	refactoring	2011-09-25 21:10:45 +00:00
Miroslav Stampar	d95ff4350d	bug fix	2011-09-20 13:08:35 +00:00
Miroslav Stampar	08e0eb9b61	minor lower/upper case fix	2011-08-29 13:47:32 +00:00
Miroslav Stampar	9be89422da	implemented parameter --skip	2011-08-29 13:29:42 +00:00
Miroslav Stampar	ac00014c4a	implemented --randomize switch by request	2011-08-29 12:50:52 +00:00
Miroslav Stampar	f46baac70b	bug fix (when comment is None this was errornous)	2011-08-17 10:58:29 +00:00
Bernardo Damele	702ed73a65	Added --code switch to match in boolean-based tests against the HTTP response code	2011-08-12 16:48:11 +00:00
Bernardo Damele	fff4c34e33	Search for --string and --regexp matches also in HTTP response headers	2011-08-12 15:33:37 +00:00
Miroslav Stampar	2ad267132a	minor update for empty normal responses (like AJAX requests)	2011-08-05 10:55:21 +00:00
Miroslav Stampar	f7562da754	from now on proper union column count should be displayed in injection info output	2011-08-03 10:34:50 +00:00
Miroslav Stampar	07afcd5440	fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)	2011-08-02 18:20:21 +00:00
Miroslav Stampar	07c3d4fb18	minor adjustment	2011-08-02 17:35:43 +00:00

... 5 6 7 8 9 ...

1099 Commits