Miroslav Stampar
|
37f7001143
|
first commit with mysql/error/substringing
|
2011-02-08 16:23:33 +00:00 |
|
Bernardo Damele
|
c3eb82e60b
|
Proper fix
|
2011-02-08 10:08:48 +00:00 |
|
Miroslav Stampar
|
dba2f74588
|
revert of r3274
|
2011-02-08 09:44:34 +00:00 |
|
Bernardo Damele
|
cfe2da0195
|
Minor fix
|
2011-02-08 00:13:39 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
771020abd6
|
one more related commit
|
2011-02-07 16:32:08 +00:00 |
|
Miroslav Stampar
|
265e7ca272
|
fix for that MSSQL limit/top problem
|
2011-02-07 16:24:23 +00:00 |
|
Miroslav Stampar
|
99e9412f74
|
minor update
|
2011-02-07 12:34:23 +00:00 |
|
Miroslav Stampar
|
e023e0d233
|
proper fix
|
2011-02-07 12:32:08 +00:00 |
|
Bernardo Damele
|
39decebe85
|
Minor fixes to checking/re-enabling of xp_cmdshell procedure
|
2011-02-07 12:17:19 +00:00 |
|
Miroslav Stampar
|
096efea282
|
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
|
2011-02-07 10:22:43 +00:00 |
|
Bernardo Damele
|
ba3a8a69d4
|
More statements to exclude from unescap'ing
|
2011-02-07 00:33:54 +00:00 |
|
Bernardo Damele
|
3719f085ae
|
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
|
2011-02-07 00:21:17 +00:00 |
|
Bernardo Damele
|
2e00656235
|
Minor fix
|
2011-02-07 00:20:23 +00:00 |
|
Bernardo Damele
|
bf5ca4bd9a
|
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
|
2011-02-06 23:30:43 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
6a71629575
|
Converted from DOS format (\n\r to \n only)
|
2011-02-06 23:25:55 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Bernardo Damele
|
f3d6be7868
|
Code cleanup
|
2011-02-06 22:32:44 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
c4c2cf1d58
|
can't stay as it is right now. temporary disabling.
|
2011-02-06 21:17:41 +00:00 |
|
Bernardo Damele
|
6191a7f26f
|
Major fix for a silent bug
|
2011-02-06 15:53:43 +00:00 |
|
Miroslav Stampar
|
4df8a03c04
|
using OrderedDict to store parameters in order of appearance
|
2011-02-04 18:07:21 +00:00 |
|
Miroslav Stampar
|
acb986ae80
|
minor refactoring
|
2011-02-04 17:40:55 +00:00 |
|
Bernardo Damele
|
fec88f6a6d
|
Minor fix
|
2011-02-04 15:57:53 +00:00 |
|
Miroslav Stampar
|
09e88cfb19
|
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
|
2011-02-04 14:05:47 +00:00 |
|
Miroslav Stampar
|
f83f1a1e06
|
minor just in case update
|
2011-02-04 13:08:54 +00:00 |
|
Miroslav Stampar
|
c69b76776e
|
minor refactoring
|
2011-02-04 13:04:19 +00:00 |
|
Miroslav Stampar
|
accf4e6ce0
|
one important fix (URI injection parameter '*' now can go anywhere)
|
2011-02-04 12:43:18 +00:00 |
|
Miroslav Stampar
|
c19d481bb1
|
little clean up
|
2011-02-04 12:25:14 +00:00 |
|
Miroslav Stampar
|
c229efba05
|
revert
|
2011-02-04 11:33:21 +00:00 |
|
Miroslav Stampar
|
d211def899
|
minor adjustment (accepting strange new looking uri formats)
|
2011-02-04 10:55:03 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
9a1a28c804
|
adding comments to filtering function
|
2011-02-03 23:09:08 +00:00 |
|
Miroslav Stampar
|
e5f54644f0
|
minor "statistical" update
|
2011-02-03 16:59:49 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
1b9850b73a
|
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
|
2011-02-03 12:21:29 +00:00 |
|
Miroslav Stampar
|
5edba2ffbc
|
minor change (conf.updateAll to conf.update)
|
2011-02-03 11:13:39 +00:00 |
|
Miroslav Stampar
|
5f49e20cc8
|
adding --random-agent and removing -a
|
2011-02-02 14:51:12 +00:00 |
|
Miroslav Stampar
|
2dae57a56d
|
cosmetics
|
2011-02-02 14:35:21 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
e73a147fb5
|
minor update
|
2011-02-02 11:49:59 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
23c95107ed
|
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
|
2011-02-02 09:24:37 +00:00 |
|
Miroslav Stampar
|
af99105c27
|
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
|
2011-02-01 22:45:38 +00:00 |
|
Bernardo Damele
|
2619e4895f
|
Properly handle --technique at save/resume phase
|
2011-02-01 22:05:48 +00:00 |
|