Miroslav Stampar
|
d97e97d884
|
minor update :)
|
2010-11-19 09:02:44 +00:00 |
|
Bernardo Damele
|
4a9bd3a240
|
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
|
2010-11-18 17:55:43 +00:00 |
|
Bernardo Damele
|
544327379f
|
Little precaution
|
2010-11-18 14:32:52 +00:00 |
|
Bernardo Damele
|
f6a17cb1a8
|
Revert wrong fix
|
2010-11-18 10:41:06 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
ca5125bbe0
|
minor update related to r2401
|
2010-11-17 20:50:31 +00:00 |
|
Bernardo Damele
|
360aff7a4d
|
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
|
2010-11-17 17:20:32 +00:00 |
|
Miroslav Stampar
|
a0df36beda
|
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
|
2010-11-17 15:33:07 +00:00 |
|
Miroslav Stampar
|
17f0609263
|
minor bug fix
|
2010-11-17 13:29:57 +00:00 |
|
Miroslav Stampar
|
3d25071d06
|
another minor improvement regarding logging of http traffic
|
2010-11-17 12:16:48 +00:00 |
|
Miroslav Stampar
|
3e569a1693
|
minor update
|
2010-11-17 12:04:33 +00:00 |
|
Miroslav Stampar
|
2802923dbe
|
some improvements regarding --os-shell web server application choice
|
2010-11-17 11:45:52 +00:00 |
|
Miroslav Stampar
|
5abbea4a9f
|
fix for a bug reported by nightman (unknown charset 'null')
|
2010-11-17 09:57:32 +00:00 |
|
Miroslav Stampar
|
d757e4ae1c
|
bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)
|
2010-11-17 09:46:04 +00:00 |
|
Miroslav Stampar
|
bec152609a
|
minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)
|
2010-11-17 09:33:05 +00:00 |
|
Miroslav Stampar
|
af92c05930
|
removing 'MD5' referings
|
2010-11-17 09:15:40 +00:00 |
|
Miroslav Stampar
|
76c3f5768b
|
cosmetics
|
2010-11-17 09:12:48 +00:00 |
|
Miroslav Stampar
|
2a8e270bef
|
proper handling of carriage return character from Windows target machines
|
2010-11-16 15:11:03 +00:00 |
|
Miroslav Stampar
|
ab33651f96
|
minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)
|
2010-11-16 15:02:22 +00:00 |
|
Miroslav Stampar
|
3487429eac
|
minor cosmetics
|
2010-11-16 14:41:46 +00:00 |
|
Miroslav Stampar
|
3640dbf745
|
fix for --parse-errors (on IIS HTTP error is raised which need to be processed)
|
2010-11-16 14:33:30 +00:00 |
|
Miroslav Stampar
|
cccb565859
|
cosmetics
|
2010-11-16 14:11:32 +00:00 |
|
Miroslav Stampar
|
b9d9f18939
|
added General cmdline group
|
2010-11-16 14:09:09 +00:00 |
|
Miroslav Stampar
|
e7a66371f8
|
update regarding os shell-ing regarding JSP and ASPX
|
2010-11-16 13:46:46 +00:00 |
|
Miroslav Stampar
|
6232397129
|
minor update
|
2010-11-16 10:52:49 +00:00 |
|
Miroslav Stampar
|
6ef3846400
|
update regarding error parsing (and reporting)
|
2010-11-16 10:42:42 +00:00 |
|
Bernardo Damele
|
71cb982039
|
Another bug fix to --union-test
|
2010-11-15 21:42:56 +00:00 |
|
Miroslav Stampar
|
b3ad63b71e
|
major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)
|
2010-11-15 14:59:37 +00:00 |
|
Miroslav Stampar
|
ff310475c8
|
some reporting update for --forms
|
2010-11-15 14:17:51 +00:00 |
|
Miroslav Stampar
|
20d6b9a5c1
|
minor fix
|
2010-11-15 12:24:32 +00:00 |
|
Miroslav Stampar
|
39c6c9f386
|
minor update
|
2010-11-15 12:19:22 +00:00 |
|
Miroslav Stampar
|
819085155e
|
minor update/fix
|
2010-11-15 12:07:13 +00:00 |
|
Miroslav Stampar
|
c25c017c08
|
cosmetics regarding --forms
|
2010-11-15 11:50:33 +00:00 |
|
Miroslav Stampar
|
36c544f440
|
update (--forms acts now more like -g switch)
|
2010-11-15 11:34:57 +00:00 |
|
Miroslav Stampar
|
42d09d604e
|
minor fix
|
2010-11-15 09:48:58 +00:00 |
|
Bernardo Damele
|
a9152c6723
|
Updated doc
|
2010-11-14 22:36:54 +00:00 |
|
Bernardo Damele
|
5f46a549ba
|
Cosmetics for --forms
|
2010-11-14 21:59:35 +00:00 |
|
Bernardo Damele
|
0bfc1b411a
|
Another bug fix for --union-test
|
2010-11-14 15:39:57 +00:00 |
|
Miroslav Stampar
|
a0fb96816f
|
fix for a bug reported by ToR (value += actVer)
|
2010-11-14 08:31:29 +00:00 |
|
Bernardo Damele
|
5e41cd07a3
|
Updated doc
|
2010-11-13 23:31:18 +00:00 |
|
Bernardo Damele
|
7da079fa32
|
More verbose comment for direct connection
|
2010-11-13 23:30:38 +00:00 |
|
Bernardo Damele
|
8d07272c82
|
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
Now stores/resumes also the exact UNION payload to session file.
|
2010-11-13 23:24:41 +00:00 |
|
Bernardo Damele
|
df5dc10111
|
Major enhancement to --union-test check
|
2010-11-13 22:47:37 +00:00 |
|
Miroslav Stampar
|
84849316b3
|
improvement of heuristic check (now original value is included too)
|
2010-11-12 23:06:01 +00:00 |
|
Miroslav Stampar
|
06a872fc99
|
update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))
|
2010-11-12 22:57:33 +00:00 |
|
Miroslav Stampar
|
27735b14df
|
update (--string and --regex should be done regardless of wasLastRequestError)
|
2010-11-12 22:44:15 +00:00 |
|
Miroslav Stampar
|
0d66f101da
|
fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)
|
2010-11-12 22:29:33 +00:00 |
|
Bernardo Damele
|
a777d59870
|
Minor bug fix
|
2010-11-12 15:17:12 +00:00 |
|
Bernardo Damele
|
0a83a830d9
|
Properly handle both HTTPS and HTTP requests through proxy
|
2010-11-12 14:21:46 +00:00 |
|
Bernardo Damele
|
e1ef27f592
|
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
|
2010-11-12 12:25:02 +00:00 |
|