375 Commits

Author	SHA1	Message	Date
Bernardo Damele	05d12790f1	closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)	2011-04-06 14:41:44 +00:00
Miroslav Stampar	bbd4c128b0	minor update related to the last commit	2011-04-01 22:19:42 +00:00
Miroslav Stampar	0916117447	improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names	2011-03-30 18:32:10 +00:00
Miroslav Stampar	dd01d66f13	proper update regarding last commit	2011-03-29 22:10:08 +00:00
Miroslav Stampar	4d78eac938	revert of that thingy as requested by Bernardo	2011-03-29 10:06:35 +00:00
Miroslav Stampar	e8debbe724	minor cosmetics and one minor fix (|= is a nono with None)	2011-03-29 06:38:19 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	1e22ff45de	minor update regarding testing of GET parameters if --data and/or --forms is used	2011-03-28 16:14:08 +00:00
Miroslav Stampar	bd75fd26e9	implementing a --page-rank switch as requested by l0rda@l0rda.biz	2011-03-23 11:57:57 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	970cde5a8a	minor update regarding last commit	2011-03-17 09:23:46 +00:00
Miroslav Stampar	e64f225e65	minor refactoring	2011-03-11 20:16:34 +00:00
Miroslav Stampar	8edc3b3302	further update regarding last commit	2011-03-03 10:39:04 +00:00
Miroslav Stampar	90582ed7dc	minor change	2011-02-21 11:35:21 +00:00
Miroslav Stampar	6cdf08b81c	minor fix	2011-02-17 21:51:40 +00:00
Miroslav Stampar	22cd49a217	--technique can now be something like 123 which includes both techniques 1, 2 and 3	2011-02-17 21:39:16 +00:00
Miroslav Stampar	7ebc1ab90a	minor cosmetics	2011-02-17 08:59:14 +00:00
Miroslav Stampar	50d25c3b4d	update regarding explicit testing of ua and referer when using -p	2011-02-13 21:58:48 +00:00
Miroslav Stampar	5fb11fd173	update regarding multiple DBMS payloads	2011-02-13 21:20:21 +00:00
Bernardo Damele	45a005737d	Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2	2011-02-13 21:08:42 +00:00
Miroslav Stampar	521635c84d	quick fix for UA and Referer	2011-02-11 23:36:23 +00:00
Miroslav Stampar	535eb9f3eb	implementation of referer feature	2011-02-11 23:07:03 +00:00
Miroslav Stampar	a6ab24e0b5	just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed	2011-02-10 22:47:43 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	2c4f6d2e99	fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too	2011-02-07 21:53:05 +00:00
Miroslav Stampar	a577d0e9a5	restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)	2011-02-07 21:18:01 +00:00
Bernardo Damele	061f56daf9	More adjustments related to unescape() and cleanupPayload(). ... Minor code cleanup related to error-based payload.	2011-02-06 23:27:56 +00:00
Bernardo Damele	0800d9e49b	Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()	2011-02-06 22:58:12 +00:00
Miroslav Stampar	078a2207cc	few reverts	2011-02-06 22:10:28 +00:00
Miroslav Stampar	b9b2fe0e7c	little cleanup	2011-02-06 21:52:39 +00:00
Miroslav Stampar	d2b96a66a2	one more update regarding last few "unescape" related commits	2011-02-06 20:23:23 +00:00
Bernardo Damele	c44978862e	Minor reordering of what gets saved into the injection object	2011-02-06 15:20:44 +00:00
Miroslav Stampar	b56a77e573	removing obsolete switches (--threshold, --excl-reg, --excl-str)	2011-02-03 15:55:19 +00:00
Miroslav Stampar	8134c2154a	adding WHERE enum for payloads	2011-02-02 13:34:09 +00:00
Bernardo Damele	d875d848ce	Better sort	2011-02-01 22:04:48 +00:00
Bernardo Damele	6761933f75	Just.. cosmetics ;)	2011-01-31 22:51:14 +00:00
Miroslav Stampar	fa58a9c86b	update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)	2011-01-31 20:36:01 +00:00
Miroslav Stampar	8ef47307db	added checking of header values for GREP (error); still UNION to do	2011-01-31 12:21:17 +00:00
Bernardo Damele	8278d821ac	Another layout adjustment	2011-01-30 16:23:19 +00:00
Miroslav Stampar	367d0639f0	refactoring (class names should always be Capital cased)	2011-01-28 16:36:09 +00:00
Miroslav Stampar	8e74c571bc	centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels	2011-01-27 19:44:24 +00:00
Miroslav Stampar	10b723f196	minor fix for a bug reported by yonnym@googlemail.com	2011-01-25 22:26:28 +00:00
Bernardo Damele	e1db2700f0	Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads	2011-01-24 12:25:45 +00:00
Miroslav Stampar	7c4c79477d	world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)	2011-01-21 18:32:10 +00:00
Bernardo Damele	9770db597e	Centralization of unescape()	2011-01-20 21:55:13 +00:00
Miroslav Stampar	496a84c356	minor update	2011-01-20 18:32:04 +00:00
Bernardo Damele	bade0e3124	Major code refactoring - centralized all kb.dbms* info for both retrieval and set.	2011-01-19 23:06:15 +00:00
Bernardo Damele	eda0b41859	Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. ... Adapted UNION tests' titles when --union-char is provided. Lots of comment adjustments. Code cleanup	2011-01-18 23:03:50 +00:00
Bernardo Damele	c2a358561f	Proper support for --union-cols	2011-01-17 22:57:33 +00:00