sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-30 05:23:50 +03:00
Code Issues Packages Projects Releases Wiki Activity
5,996 Commits 4 Branches 117 Tags 97 MiB
cc62a8adc9
Commit Graph

4216 Commits

Author SHA1 Message Date
Miroslav Stampar
ed5599f489 In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority 2013-04-12 19:20:33 +02:00
stamparm
7edd7ee2aa Trivial code change 2013-04-12 16:25:24 +02:00
Miroslav Stampar
73917fc9c8 Minor update (same, but safer) 2013-04-11 21:25:44 +02:00
Miroslav Stampar
0b449bb1d9 Fix for an Issue #433 2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4 Update for an Issue #431 2013-04-10 16:43:57 +02:00
stamparm
661b44135d Minor bug fix 2013-04-10 11:59:07 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
stamparm
3948b527dd Update for an Issue #429 2013-04-09 11:36:33 +02:00
stamparm
91054099aa Minor style update 2013-04-09 10:42:58 +02:00
stamparm
cce541cc33 Patch for an Issue #429 2013-04-09 10:39:20 +02:00
stamparm
33e9b3c451 Minor style update 2013-04-09 10:39:20 +02:00
Miroslav Stampar
7614c815ed Minor update/patch 2013-04-07 21:32:03 +02:00
Miroslav Stampar
240e9f3f7e Minor patch 2013-04-07 11:02:43 +02:00
Miroslav Stampar
50ac3aab7a Minor patch 2013-04-06 01:56:24 +02:00
stamparm
a75d3ed0b8 Minor style update 2013-04-06 01:56:23 +02:00
Miroslav Stampar
df4fd82515 Minor update 2013-04-03 23:27:27 +02:00
Miroslav Stampar
c75a2d0c40 Minor patch 2013-04-03 21:31:37 +02:00
Miroslav Stampar
153aa10b77 Minor cosmetic update 2013-04-03 19:00:54 +02:00
Miroslav Stampar
f387333415 Minor cosmetics 2013-04-02 17:34:56 +02:00
Miroslav Stampar
4b5335a323 Moving --force-ssl from [Request] to [General] options 2013-04-02 17:18:21 +02:00
Miroslav Stampar
76a0d20799 Minor patch 2013-04-01 22:18:41 +02:00
Miroslav Stampar
b67f342975 Minor patch 2013-04-01 17:32:16 +02:00
stamparm
a371f182ac Minor patch (previous combination is not working well with oriental characters - 0 length normalized unicode string is being returned) 2013-03-28 15:37:14 +01:00
stamparm
e1ffdde532 Little cleaning a mess with url encoding and post hint types 2013-03-27 13:39:27 +01:00
Miroslav Stampar
c19a283434 Minor patch 2013-03-26 20:06:50 +01:00
stamparm
7accba4cf9 Minor update 2013-03-26 16:10:41 +01:00
stamparm
0882fe0ce3 Minor update related to the last two 2013-03-26 16:04:56 +01:00
stamparm
eb1bfc20cb Update related to the last commit 2013-03-26 15:36:44 +01:00
stamparm
2fe6aea0eb Minor fix 2013-03-26 15:07:14 +01:00
stamparm
825aa4b8dd Minor language update 2013-03-26 14:27:51 +01:00
stamparm
5dd2529b02 Minor language update 2013-03-26 14:18:37 +01:00
stamparm
4d2b77dde3 Minor language update 2013-03-26 14:15:40 +01:00
stamparm
473a39b820 Minor language fix 2013-03-26 14:11:17 +01:00
stamparm
3f8dafedae Minor text update 2013-03-26 14:08:35 +01:00
stamparm
ad039c335d Implementation for an Issue #423 2013-03-21 11:28:44 +01:00
stamparm
3740a97cc9 Adding a --version switch like all command line programs have 2013-03-20 11:44:09 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
stamparm
ae6ce7db30 Removal of unused imports 2013-03-20 10:44:15 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
Miroslav Stampar
a3d9a7b1ff Minor fix 2013-03-19 19:06:51 +01:00
stamparm
d1ae62b22b Patch for an Issue #422 2013-03-19 12:27:49 +01:00
stamparm
6969874c02 Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values) 2013-03-19 10:52:37 +01:00
stamparm
10e6c70c22 Trivial style update (undoing last dummy commit) 2013-03-19 10:43:29 +01:00
stamparm
70265fd3b5 Trivial style update 2013-03-19 10:43:03 +01:00
stamparm
5adac57ca9 Trivial style update 2013-03-19 10:42:50 +01:00
stamparm
558ef0aaff Minor fix 2013-03-19 10:42:20 +01:00
stamparm
e226006766 Trivial fix 2013-03-18 13:29:55 +01:00
stamparm
5e02bcbd58 Minor adjustment 2013-03-18 12:16:16 +01:00
stamparm
7111cdabe3 Minor cosmetics 2013-03-18 11:41:15 +01:00
Miroslav Stampar
5df1f5528e More general update for an Issue #421 2013-03-15 22:49:09 +01:00
Miroslav Stampar
f0a419bdec Patch for an Issue #421 2013-03-15 22:08:15 +01:00
Miroslav Stampar
596cf95040 Minor fix 2013-03-15 17:22:33 +01:00
Miroslav Stampar
ff4e62ff90 Minor cosmetics 2013-03-15 17:00:01 +01:00
Miroslav Stampar
4010df307e Trivial cosmetics 2013-03-15 16:37:52 +01:00
Miroslav Stampar
4cb378ce3e Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
Miroslav Stampar
b35122a42c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-03-13 19:52:17 +01:00
Miroslav Stampar
eb08c8d752 Another update for an Issue #352 2013-03-13 19:42:22 +01:00
Bernardo Damele
dea62189b2 fixes #420 2013-03-12 22:16:42 +00:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
65306f1ac1 Update for an Issue #352 2013-03-12 20:10:32 +01:00
Miroslav Stampar
db0a1e58b9 Update for an Issue #352 2013-03-11 14:58:05 +01:00
Miroslav Stampar
d6fc10092f Minor refactoring 2013-03-11 13:31:50 +01:00
Miroslav Stampar
84a5bdb9cf Trivial cosmetics 2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9 Using binary data in dummy mode 2013-03-09 19:40:24 +01:00
Miroslav Stampar
1e731f87a4 Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request) 2013-03-09 19:33:04 +01:00
Miroslav Stampar
8e6692d793 Minor fix (for JSON values with :) 2013-03-05 20:12:24 +01:00
Miroslav Stampar
e9b86350f1 Patch for an Issue #403 2013-03-05 18:32:31 +01:00
Miroslav Stampar
62980d7d5a Automatically decoding url encoded data in response 2013-03-05 17:32:10 +01:00
Miroslav Stampar
9e49d8c68f Adding support for SHA2 hash functions 2013-03-05 11:04:46 +01:00
Miroslav Stampar
2ada9e9b84 Patch for an Issue Issue #416 2013-03-04 18:05:40 +01:00
Miroslav Stampar
084cfc797a Fix for an Issue #415 2013-03-02 09:55:12 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad Fixed incorrect call to checkBooleanExpression when testing for false positives 2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1 Trivial commit related to the last one 2013-03-01 12:09:03 +01:00
stamparm
55f33da85a Fix for invalid logical test cases 2013-03-01 12:04:49 +01:00
stamparm
440b484bf6 Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries) 2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce Minor style update 2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
be50192d8d Refactoring WAF scripts 2013-02-26 15:54:50 +01:00
stamparm
e5835dc74f Update for WAF scripts 2013-02-26 15:30:11 +01:00
stamparm
17fa0f568c Minor patch for an Issue #404 2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6 Minor update 2013-02-26 12:55:09 +01:00
stamparm
af4762ace2 Minor style update 2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13 Minor update for an Issue #290 2013-02-26 11:08:06 +01:00
stamparm
e5e39bc682 Fix for an Issue #410 2013-02-25 11:07:30 +01:00
stamparm
6fbd902265 Minor refactoring (Issue #411) 2013-02-25 10:44:04 +01:00
stamparm
7127869ede Minor bug fix (live test specific verbosity should be valid only inside of it) 2013-02-22 17:26:48 +01:00
stamparm
68ce51bfd4 Changing from warn to info for no WAF found 2013-02-22 12:15:38 +01:00
stamparm
ad471368f5 Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a 2013-02-22 11:42:09 +01:00
stamparm
0bbbfc2eac Adding a small warning message (related to the Issue #407) 2013-02-22 11:12:41 +01:00
stamparm
42cbd94fa4 Better update regarding 6acb2480b8 2013-02-22 10:49:45 +01:00
stamparm
44a46d2b10 Fix for an Issue #409 2013-02-22 10:18:22 +01:00
Miroslav Stampar
6acb2480b8 Adding WAF script for SecureIIS 2013-02-21 21:34:26 +01:00
Miroslav Stampar
229e4e167b Minor cosmetics 2013-02-21 21:06:31 +01:00
stamparm
3a8c0cd3a2 Minor style update 2013-02-21 14:52:56 +01:00
stamparm
29ba43ee6c Unhidding switch '--identify-waf' (Issue #290) 2013-02-21 14:48:19 +01:00
stamparm
08f0670aca Minor refactoring for an Issue #290 2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c Finalizing implementation for an Issue #290 2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
stamparm
69063947b6 Debug message should go with logging.DEBUG 2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee do not prompt constantly if the page is not found 2013-02-18 18:08:20 +00:00
Miroslav Stampar
7f293afe74 Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b) 2013-02-18 15:18:53 +01:00
Miroslav Stampar
5c099efccc Fix for an Issue #401 2013-02-18 11:38:18 +01:00
Miroslav Stampar
9b5f33560b Oracle is too specific (only column names can be enclosed) - removing it 2013-02-15 17:36:58 +01:00
Miroslav Stampar
bf82506c1b Oracle can't enclose table names with double quotations 2013-02-15 17:36:58 +01:00
Miroslav Stampar
1b3d749488 Proper fix related to the last commit/revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
5a793cbc7c Minor revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
799bd51c2e Minor fix when two readInput/dataToStdout are called one at a time 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Bernardo Damele
0e7f771be6 minor adjustment 2013-02-15 16:28:09 +00:00
Bernardo Damele
35aa785870 bug fix to make --predict-output work also with time-based technique 2013-02-15 16:25:33 +00:00
Miroslav Stampar
014e4e0055 Minor represenation fix 2013-02-15 14:48:24 +01:00
Bernardo Damele
63ddeb9008 unnecessary variable 2013-02-15 13:26:28 +00:00
Miroslav Stampar
345d10a9e0 Consistency fix (everywhere else we show unsafe format of identificator names) 2013-02-15 14:05:14 +01:00
Bernardo Damele
b472d9809a another consistency fix to readInput() 2013-02-15 09:35:09 +00:00
Bernardo Damele
32c8c67888 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-15 09:29:41 +00:00
Bernardo Damele
20c5f9a030 consistency fix 2013-02-15 09:29:36 +00:00
Miroslav Stampar
11bcf28d86 Fix for an Issue #399 2013-02-15 10:04:13 +01:00
Bernardo Damele
87db5d0dab minor bug fix to avoid duplicates - #297 2013-02-15 00:53:05 +00:00
Bernardo Damele
c3f1e196e1 added missing parameter 2013-02-15 00:43:46 +00:00
Bernardo Damele
4727589135 code consistency 2013-02-15 00:17:13 +00:00
Miroslav Stampar
515be4ee0b Minor just in case commit related to the last one 2013-02-14 19:58:10 +01:00
Miroslav Stampar
fef60b73f4 Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases 2013-02-14 19:53:26 +01:00
Bernardo Damele
0c79d7b1e2 unnecessary import 2013-02-14 18:33:47 +00:00
Bernardo Damele
614ff6029d working on #396 - handle the case when we dont have a web backdoor/file stager for the language API, added a few more log messages to give further information about what is going on, minor bug fix to docRoot 2013-02-14 18:31:14 +00:00
Bernardo Damele
3b38b20176 working on #396 - adaptation for the verification phase 2013-02-14 18:29:55 +00:00
Bernardo Damele
261db6ed4f working on #396 - verify shellcodeexec executable has been properly uploaded 2013-02-14 18:29:35 +00:00
Bernardo Damele
4d5ecc3b03 working on #396 - verify icmpsh executable has been properly uploaded 2013-02-14 18:28:48 +00:00
Bernardo Damele
66cee83ca4 if needed, allow to reinitialize the environment for takeover - issue #396 2013-02-14 17:39:19 +00:00
Bernardo Damele
d91530f885 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 17:16:55 +00:00
Bernardo Damele
52264f544e minor fix for Windows file paths, do not strip the windows drive letter 2013-02-14 17:16:49 +00:00
Miroslav Stampar
fdf00e4842 Fix for an Issue #397 2013-02-14 17:14:36 +01:00
Miroslav Stampar
368a2fd297 Fix for an Issue #393 2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018 Trivial restyling 2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e Minor style update 2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916 Implementation for an Issue #394 2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2 This was supposed to be a separate commit (going to commit it in next one) 2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f Putting that ugly parameter xyz is not inside the Cookie into the debug messages 2013-02-14 15:38:44 +01:00
Bernardo Damele
d42d28392a avoid tracebacks because the parameter does not exist 2013-02-14 13:18:33 +00:00
Bernardo Damele
646df37884 minor bug fix for --reg-read 2013-02-14 13:17:30 +00:00
Miroslav Stampar
c72353321d Minor update for an Issue #392 2013-02-14 13:36:33 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
cb6d549e57 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 11:25:12 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
efe1bf0ded Minor fix (for those multiline cases like in MsSQL) 2013-02-14 12:20:40 +01:00
Miroslav Stampar
6629233de5 Minor update 2013-02-14 10:18:40 +01:00
Miroslav Stampar
a0b44da5d8 Minor fix for --threads>1 --binary-fields 2013-02-13 20:47:27 +01:00
Miroslav Stampar
0a4605644e Minor fix for previous commit 2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b Minor fix 2013-02-13 16:24:21 +01:00
Miroslav Stampar
9b231f87d6 Minor bug fix (regarding Issue #379) - in case that two processes enter the same proc_count decrementing line sqlmap would halt 2013-02-13 15:31:50 +01:00
Miroslav Stampar
8138d1318e Minor fix 2013-02-13 15:10:49 +01:00
Miroslav Stampar
c6d29e093e Fixing issue with newlines after the data in -r mode 2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33 Trivial update 2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70 Renaming --binary to --binary-fields 2013-02-13 11:27:03 +01:00
Miroslav Stampar
dd6f50a00e Removing unused imports 2013-02-13 11:15:24 +01:00
Miroslav Stampar
7c802ed8cc Minor fix 2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format) 2013-02-13 09:56:44 +01:00
Miroslav Stampar
1d42aba01e Minor update regarding 093a93938c (for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix) 2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Miroslav Stampar
6a98d375b1 More general except 2013-02-12 14:39:21 +01:00
Miroslav Stampar
212e92ea01 Minor update regarding --load-cookies (warning about expired ones) 2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d Update for a last update 2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d Update for --load-cookies 2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc Support for multiple injection marks inside the same header value (Issue #48) 2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69 Minor bug fix (getting ? in < 0xf char cases) 2013-02-11 21:16:35 +01:00
Miroslav Stampar
7c06a937e5 Minor refactoring 2013-02-09 20:21:17 +01:00
Bernardo Damele
f970b4f240 minor adjustment fixing the regression test stall 2013-02-09 12:19:21 +00:00
Bernardo Damele
e48181e28d another attempt to fix the stall during regression test 2013-02-09 12:16:56 +00:00
Bernardo Damele
138a846cf1 possible fix for regression test stall 2013-02-09 10:50:06 +00:00
Bernardo Damele
1596b9ed59 revert 2013-02-08 16:43:49 +00:00
Bernardo Damele
98864e425f minor "fix" 2013-02-08 16:30:34 +00:00
Bernardo Damele
8b510c55fb minor code cleanup 2013-02-08 16:29:16 +00:00
Miroslav Stampar
5aaf7f1aa6 BUG fix 2013-02-08 16:44:30 +01:00
Miroslav Stampar
c0e59d94a9 Better naming 2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b Update for an Issue #207 (and a potential patch for regression tests) 2013-02-08 16:20:48 +01:00
Miroslav Stampar
ee1017a5a7 Minor fix 2013-02-08 13:46:39 +01:00
Bernardo Damele
d015bf98fc renamed variable to avoid confusion 2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb unnecessary condition here 2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Bernardo Damele
dd6c73ea24 fixed --passwords output for API - #297 2013-02-06 21:45:51 +00:00
Bernardo Damele
21afba9571 got the partial output finally properly replaced by complete output in IPC database - #297 2013-02-06 21:32:26 +00:00
Bernardo Damele
5c8335876f minor bug fix to make --disable-coloring work on log messages too 2013-02-06 21:04:54 +00:00
Bernardo Damele
2fa2f30d21 slighlty better, still not optimal 2013-02-06 17:45:52 +00:00
Bernardo Damele
477c66ac4b minor refactoring and trivial bug fix 2013-02-06 17:45:25 +00:00
Bernardo Damele
e439c3d3f5 minor refactoring - #297 2013-02-06 17:09:43 +00:00
Bernardo Damele
b272b0574d minor fix to reset partRun value - #297 2013-02-06 17:09:28 +00:00
Miroslav Stampar
060eac110a Cleaner version checking 2013-02-06 10:28:17 +01:00
Miroslav Stampar
b1f31103f9 Removing that ugly disk I/O error in live testing mode 2013-02-05 17:04:42 +01:00
Miroslav Stampar
934808f53b Fix for an Issue #379 2013-02-05 16:13:45 +01:00
Bernardo Damele
e03010f48b got rid of unnecessary output for API - #297 2013-02-05 15:00:06 +00:00
Bernardo Damele
4428ad5345 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 14:43:14 +00:00
Bernardo Damele
f7d826fee1 first case where partial output is retrievable via RESTful API - issue #297 2013-02-05 14:43:03 +00:00
Miroslav Stampar
01219219fc Minor bug fix (for --first/--last through problematic DBMSes) 2013-02-05 15:03:55 +01:00
Miroslav Stampar
31daefc7c9 Minor fix (skipping one uneccesary request in single-threaded --first/--last mode) 2013-02-05 13:51:35 +01:00
Miroslav Stampar
62772125e3 Bug fix for HTTPSCertAuthHandler 2013-02-05 12:16:06 +01:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Miroslav Stampar
1618086027 Minor fix 2013-02-05 10:58:02 +01:00
Miroslav Stampar
9296bdd959 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 10:27:43 +01:00
Miroslav Stampar
4faa5f0f49 Fix for stalling in retrieving international letters (--technique=B) 2013-02-05 10:27:31 +01:00
Bernardo Damele
9d04ae5db5 minor improvement to temporary folder name 2013-02-05 09:11:38 +00:00
Miroslav Stampar
44579120b5 Cosmetics 2013-02-05 10:02:11 +01:00
Miroslav Stampar
74e82b2b53 Removing redundant check 2013-02-04 20:42:28 +01:00
Miroslav Stampar
cf8e5d535d Minor cleanup 2013-02-04 20:15:44 +01:00
Miroslav Stampar
c5ae967fe0 Potential fix for an Issue #379 2013-02-04 17:43:58 +01:00
Miroslav Stampar
6cab3d4759 Minor update 2013-02-04 16:46:08 +01:00
Miroslav Stampar
4f2981f163 Minor fix 2013-02-04 16:37:54 +01:00
Miroslav Stampar
f4b8a3c1d8 Bug fix for boolean (multithreaded Ctrl+C) resumed values 2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986 Bug fix (introduced with f1ab887c55) 2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39 Removal of unused imports 2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67 step by step getting there to partial output presentation to restful API (issue #297), not quite yet though.. 2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5 minor bug fix 2013-02-03 21:39:26 +00:00
Bernardo Damele
dc2bbbeaa7 minor revert 2013-02-03 20:55:58 +00:00
Bernardo Damele
df3cc38cd9 minor improvements 2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c improvement to restful API to store to IPC database partial entries, not yet functional (issue #297) 2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66 Implementation for an Issue #363 2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4 Bug fix (causing search problems) 2013-02-01 11:24:17 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a Minor bug fix 2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31 Patch to prevent problems like Issue #381 2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb Another update for an Issue #380 (--common-... switches) 2013-01-31 13:49:19 +01:00
Miroslav Stampar
f5844eabae Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60 2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626 Update for an Issue #342 and #372 2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272 Minor fix 2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284 variable renamed 2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083 Minor refactoring 2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545 Update for an Issue #352 2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117 Minor fine tuning 2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
95b922309c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 20:50:40 +01:00
Bernardo Damele
e8bd3c9c9f cosmetics 2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3 minor fix 2013-01-29 16:23:30 +00:00
Bernardo Damele
edd6699ed1 code refactoring and added /status method for scan (issue #297) 2013-01-29 16:11:25 +00:00
Bernardo Damele
c47b44e93f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:38:16 +00:00
Bernardo Damele
1152cf8958 increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297) 2013-01-29 15:38:09 +00:00
Bernardo Damele
9677e0f910 more data content types for API (issue #297) 2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297) 2013-01-29 15:35:51 +00:00
Bernardo Damele
a56f4ec15c techniques has to go too to the API (issue #297) 2013-01-29 15:34:53 +00:00
Bernardo Damele
bfce7210e6 improvements to the dump library to output to the API data fetched properly formatted (issue #297) 2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c split init() into two separate functions for API purposes (issue #297) 2013-01-29 15:33:16 +00:00
Miroslav Stampar
a59ac8e27f Trivial cosmetics 2013-01-29 16:30:38 +01:00
Miroslav Stampar
f4b7b3fd35 Minor cosmetics 2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2 Minor fix 2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f minor adjustment 2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55 major enhancement, code refactoring for issue #297 2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3 apply a little bit of secure coding practices to the API 2013-01-27 12:26:40 +00:00
Bernardo Damele
cd4075f6a3 no raise, just pass at ctrl-c 2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297) 2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8 Fix for an Issue #378 2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7 Minor style update for an Issue #377 2013-01-25 12:52:31 +01:00
Miroslav Stampar
479f791112 Minor fix 2013-01-25 12:41:51 +01:00
Miroslav Stampar
194a9e7b88 Implementation for an Issue #377 2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991 first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite 2013-01-24 12:57:24 +00:00
Chris Frohoff
218a6a9695 fixed response header logging for header names with special chars 2013-01-23 11:10:25 -08:00
Bernardo Damele
f848f259a6 upper() -D value for certain DBMSes 2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite 2013-01-23 15:52:03 +00:00
Miroslav Stampar
232f8d3585 Fix for an Issue #368 2013-01-23 13:36:17 +01:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
dea15b5892 notify user if --udf-inject is provided but no stacked queries SQLi is detected 2013-01-22 18:28:48 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
719c7f622b Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions) 2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb Fix for an Issue #367 2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44 Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...' 2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba missing import 2013-01-22 11:25:01 +00:00
Miroslav Stampar
59b02539ca More general approach regarding that last commit 2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07 Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query) 2013-01-22 11:29:51 +01:00
Bernardo Damele
e558040810 minor fix to previous commit 2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582 better detection if vulnerable of not for regression test 2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef Fix for an Issue #364 2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff Rewriting some query crafting parts (especially those .find(' FROM ')) 2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
75bf8528d1 Minor just in case update 2013-01-21 14:50:43 +01:00
Miroslav Stampar
c55a002f95 Language fix 2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0 Trivial style update 2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342 Adding new common function for further refactoring 2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b Fix for a regression test #30 test case fail (Firebird inline) 2013-01-21 10:12:54 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
3373e30808 minor fix for a bug introduced with commit 1ad9e26a21 2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db This last commit was in haste :) 2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225 Minor update (just for consistency with the rest of code) 2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87 Minor update (just for consistency with the rest of code) 2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405 Minor refactoring 2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8 In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value) 2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f layout adjustment 2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d all we need to debug failed test cases while regression test run.. 2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage 2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e just in case, add also the test case name inside the temp folder for debug purposes 2013-01-19 16:06:46 +00:00
Bernardo Damele
c95119559e minor bug fix 2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6 more fixes 2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce fixed test cases for Firebird - #312 2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371 avoid blank line if password hashes have not been fetched 2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21 bug fix for ORDER BY users provided statements (issue #354) 2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c improvements to --live-test 2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d minor output adjustment 2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c Removing some unused stuff (mainly imports) 2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5 Removing obsolete proxy handling code (Python < 2.6) 2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131 Removing some obsolete functions 2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09 Minor update 2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5 Minor removal of unused function 2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d Minor removal of redundant code 2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1 more fixes to test cases 2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20 Minor just in place update for an Issue #348 2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41 fixed url 2013-01-17 21:29:00 +00:00
Bernardo Damele
38eb4eb33e Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e fix for #349 (compatible with all others DBMSes too) 2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5 Implementation for an Issue #348 2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb Minor style update 2013-01-17 19:55:56 +01:00
Miroslav Stampar
507f185b69 Revert of patch for an Issue #347 2013-01-17 18:38:37 +01:00
Miroslav Stampar
9dd69042de Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-17 15:31:55 +01:00
Miroslav Stampar
f7eda07d92 Patch for an Issue #347 2013-01-17 15:30:14 +01:00
Bernardo Damele
5e059ab6db added check for DB2 lib 2013-01-17 14:20:34 +00:00
Miroslav Stampar
a38b3e397c Patch for an Issue #286 2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3 Implementing a check for an Issue #25 2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e Fix for an Issue #346 2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d Fix for an Issue #345 2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2 Minor update for an Issue #8 2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4 Minor language update 2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7 Finishing first usable prototype for an Issue #8 2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd Minor update for an Issue #8 2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2 bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected 2013-01-16 01:53:33 +00:00