Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
5c7c3c76c3
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
...
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
cc9ca802bf
minor update
2011-01-06 08:54:50 +00:00
Miroslav Stampar
572f403069
update of one thing that was missing
2011-01-03 21:28:22 +00:00
Miroslav Stampar
6aa616bd0d
minor minor fix
2011-01-03 14:28:20 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
3629c2737b
automatically turn on --text-only in case of heavily-dynamicity instead of critical exit
2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6
some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one
2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f
minor update
2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4
minor update
2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
5c6c870db4
removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode
2011-01-02 08:43:38 +00:00
Miroslav Stampar
da138c46c1
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
2011-01-02 07:37:47 +00:00
Miroslav Stampar
ec4440108b
minor cosmetics
2011-01-02 07:09:04 +00:00
Miroslav Stampar
428e817a32
some refactoring
2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d
user can now choose if he wants to skip non-heuristic based DBMS tests
2011-01-01 23:38:11 +00:00
Miroslav Stampar
8a93cfd975
minor update
2011-01-01 22:43:15 +00:00
Miroslav Stampar
52e44df86c
minor update
2011-01-01 21:11:29 +00:00
Miroslav Stampar
942cbafba6
minor update
2011-01-01 20:19:55 +00:00
Miroslav Stampar
e4fd8b3f0c
(e) finally works as it should
2011-01-01 19:22:44 +00:00
Miroslav Stampar
15e6911fd8
fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')
2011-01-01 12:23:02 +00:00
Miroslav Stampar
91f665aaaa
bug fix for Ctrl+C
2010-12-31 15:00:19 +00:00
Miroslav Stampar
5db8ebbfa9
update of mysql comment versions
2010-12-31 12:42:12 +00:00
Miroslav Stampar
613242e298
bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)
2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff
code refactoring
2010-12-29 19:39:32 +00:00
Miroslav Stampar
6700cabc36
minor optimization
2010-12-29 19:01:29 +00:00
Miroslav Stampar
569e060aab
important improvement
2010-12-26 13:20:52 +00:00
Miroslav Stampar
2d115e0350
one more fix
2010-12-24 18:44:13 +00:00
Miroslav Stampar
edcf1a0872
few bug fixes
2010-12-24 18:40:48 +00:00
Miroslav Stampar
96a06351a1
minor fix (in testing phase raise404 should be set to False)
2010-12-24 12:36:00 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901
prioritization of tests based on DBMS error messages and some comments in common.py
2010-12-24 10:55:41 +00:00
Miroslav Stampar
017ea9e686
update
2010-12-23 14:06:22 +00:00
Miroslav Stampar
73f33c1999
bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)
2010-12-23 11:28:13 +00:00
Miroslav Stampar
8fc60215ed
lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.
2010-12-22 19:12:46 +00:00
Bernardo Damele
5228f336da
Minor fix for ctrl+c during detection phase
2010-12-22 13:15:44 +00:00
Miroslav Stampar
08c88495d0
removed that ugly hack
2010-12-22 13:09:04 +00:00
Miroslav Stampar
d974a966b8
minor fix for end phase (Ctrl+C)
2010-12-21 23:55:55 +00:00
Miroslav Stampar
0e68248f60
minor update of heuristic check
2010-12-21 12:56:18 +00:00
Miroslav Stampar
16f1f4e13e
when doing dynamic checks there are cases when 404 can be raised (perfectly normal)
2010-12-21 11:04:49 +00:00
Bernardo Damele
ad6b528b33
Bit more verbose comment
2010-12-21 10:47:39 +00:00
Miroslav Stampar
416755c0b7
minor adjustments
2010-12-21 00:25:03 +00:00
Miroslav Stampar
e10670d9ac
added end detection phase choice into Ctrl+C list
2010-12-20 23:34:00 +00:00
Miroslav Stampar
b34fe5c334
no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)
2010-12-20 22:49:48 +00:00
Miroslav Stampar
eaf8929085
more minor updates
2010-12-20 10:48:53 +00:00
Miroslav Stampar
fd00ff7a82
minor bug fix
2010-12-20 10:37:03 +00:00
Miroslav Stampar
e9f1ecb9e7
minor update
2010-12-20 10:32:58 +00:00
Miroslav Stampar
10a7a2dfb2
kids, don't use this at home
2010-12-20 10:13:14 +00:00
Miroslav Stampar
4cb83654dc
minor update
2010-12-18 16:28:21 +00:00
Miroslav Stampar
05c6d661e8
cosmetics
2010-12-18 10:49:49 +00:00
Miroslav Stampar
03220d34ba
added Ctrl+C check in detection phase
2010-12-18 10:42:09 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
323af45ce4
added one more time request payload to confirm test results
2010-12-17 07:53:58 +00:00
Miroslav Stampar
e3fa3b0e8e
fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')
2010-12-17 07:48:32 +00:00
Miroslav Stampar
f8a01ddaf8
minor update
2010-12-15 11:21:47 +00:00
Miroslav Stampar
63f5c35c23
bug fix
2010-12-15 10:02:58 +00:00
Miroslav Stampar
d5fb921154
removed debug print
2010-12-09 20:08:59 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Bernardo Damele
df5f6bc1b7
Little precaution
2010-12-09 14:06:43 +00:00
Bernardo Damele
5fb04515d3
Added hidden (for the moment) switch --technique
2010-12-09 13:47:17 +00:00
Bernardo Damele
0c01be0eeb
Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).
2010-12-09 00:34:02 +00:00
Bernardo Damele
9c61adb21d
Cosmetics
2010-12-09 00:26:06 +00:00
Bernardo Damele
10ef2b5de8
Minor bug fix
2010-12-08 23:09:42 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
ed09c53ee4
minor minor update
2010-12-08 14:27:37 +00:00
Miroslav Stampar
1ae2fa7f1a
update regarding time based payloads
2010-12-08 11:26:54 +00:00
Miroslav Stampar
a4a63f5b1e
minor update
2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
575e50673b
minor update
2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a
little explanation
2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231
Removed debug print
2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29
Minor fix
2010-12-07 17:17:38 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6
it's a must to double check time based payloads
2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8
Added counter of total HTTP(s) requests done during detection phase
2010-12-07 12:33:47 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d
introducing PostgreSQL time based blind
2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3
minor cosmetic update ("heuristics shows" is not grammatically correct)
2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23
minor update
2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf
minor refactoring
2010-12-06 15:50:19 +00:00
Miroslav Stampar
5189f138d7
increasing socket timeout in case of time based checks
2010-12-05 23:18:16 +00:00
Miroslav Stampar
7a5cd3b35f
minor comment update
2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211
Cosmetics
2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3
some fine tuning of dynamicity removing engine
2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00