Miroslav Stampar
bdb530da1f
minor update
2011-06-19 10:11:27 +00:00
Miroslav Stampar
d5bc149636
made changes by buawig request (504 is treated as a classical timeout)
2011-06-19 09:57:41 +00:00
Miroslav Stampar
83af83da9e
minor beautification (WordsSet is considered as a bad english)
2011-06-18 15:47:19 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Bernardo Damele
28ef61b997
Use getPageTextWordsSet() also in --common-columns
2011-06-18 12:30:26 +00:00
Bernardo Damele
6b2f44de14
Minor layout adjustment
2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919
Layout adjustments
2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4
added by request
2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602
minor fix for --smoke-test
2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2
layout
2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece
better
2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0
"Please consider to provide" is a bad English
2011-06-18 09:46:22 +00:00
Miroslav Stampar
1440c9f2d4
minor update
2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371
better language
2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef
minor update/better language
2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb
update
2011-06-17 22:04:25 +00:00
Miroslav Stampar
0c9fa5c550
fix
2011-06-17 17:12:47 +00:00
Miroslav Stampar
043f2f92c1
minor update
2011-06-17 17:10:52 +00:00
Miroslav Stampar
c9a6aad5c3
minor fix by request
2011-06-17 16:58:50 +00:00
Miroslav Stampar
a0129dcbcb
this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)
2011-06-17 16:52:39 +00:00
Miroslav Stampar
f3ee2c09fb
cleaner fix
2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f
fix for DNS leakage
2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259
little stabilization of multi threading
2011-06-17 12:50:28 +00:00
Miroslav Stampar
d27afaed7e
some fixes
2011-06-16 14:27:44 +00:00
Miroslav Stampar
6b1d5a0ab8
minor fix
2011-06-16 14:11:30 +00:00
Miroslav Stampar
530c296519
minor fix
2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5
some fixes
2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a
minor update regarding mnemonics (again)
2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564
minor update regarding mnemonics
2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3
minor fixes and minor updates
2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4
new file containing default settings
2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad
cleaning up a bit for a configuration mess
2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0
Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes
2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6
fix for a bug reported by rdsears@mtu.edu (ignored config file items)
2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f
minor update
2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb
introducing mnemonics
2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908
minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)
2011-06-14 19:38:35 +00:00
Miroslav Stampar
a4328e914b
minor update
2011-06-14 19:29:42 +00:00
Miroslav Stampar
1e17c0d4a1
switching to debug mode for missing dependencies
2011-06-14 08:47:06 +00:00
Bernardo Damele
8978fded03
typo fix
2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b
Added --dependences to show which sqlmap dependences are not available
2011-06-13 18:44:02 +00:00
Miroslav Stampar
0990f16f7f
minor update for invalid cases like 'iso-8859-1 (western europe)'
2011-06-12 08:36:21 +00:00
Miroslav Stampar
2da56ea507
fix of a language bug
2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f
minor update
2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
2011-06-10 23:18:43 +00:00
Miroslav Stampar
15d72ec566
minor improvement for special cases with --string/--regexp
2011-06-10 23:05:47 +00:00
Miroslav Stampar
8fac4605a9
minor fix for None results
2011-06-10 22:28:15 +00:00
Miroslav Stampar
71093b1cad
adding one more user friendly message
2011-06-09 09:58:42 +00:00
Miroslav Stampar
fae089646b
minor fix
2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b
minor fix
2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd
revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content)
2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d
revert of the last commit. have to think about it
2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2
minor update
2011-06-09 06:14:35 +00:00
Bernardo Damele
d217cf71b2
Minor bug fix
2011-06-08 23:32:44 +00:00
Bernardo Damele
6aade8e6fc
grammar fix, again
2011-06-08 16:40:22 +00:00
Bernardo Damele
d160888784
Grammar fix
2011-06-08 16:25:18 +00:00
Bernardo Damele
1c6ee1dc36
Rephrase
2011-06-08 16:22:16 +00:00
Bernardo Damele
0d8d6a4ace
Cosmetics
2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909
Cosmetics
2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3
This was missing
2011-06-08 15:30:59 +00:00
Miroslav Stampar
d8155dfae9
change by request
2011-06-08 14:44:11 +00:00
Miroslav Stampar
6387d98ab0
quick fix
2011-06-08 14:42:48 +00:00
Bernardo Damele
0d3e8a76d8
Cosmetics and a missing param
2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
cd6ceb733e
Adjustment and refactoring for takeover via web backdoor
2011-06-08 14:16:53 +00:00
Bernardo Damele
cce3208b35
Cleanup
2011-06-08 14:15:34 +00:00
Bernardo Damele
7da3d8dbd1
minor layout adjustment
2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3
added switch --cookie-del by request
2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e
asking and skipping to the next google result page if no usable links found
2011-06-07 23:24:17 +00:00
Miroslav Stampar
1c633b7351
i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified
2011-06-07 22:14:18 +00:00
Miroslav Stampar
75c12c5edb
fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)
2011-06-07 21:46:49 +00:00
Miroslav Stampar
e7e23d1b79
fix for a Ctrl+C bug reported by nightman@email.de
2011-06-07 17:16:01 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68
minor update
2011-06-07 10:32:18 +00:00
Miroslav Stampar
e9bf768f23
more refactoring
2011-06-07 10:08:12 +00:00
Miroslav Stampar
7a3cc38e3c
refactoring and stabilization of multithreading
2011-06-07 09:50:00 +00:00
Miroslav Stampar
5f7858455d
fix for a bug reported by l0rda@l0rda.biz
2011-06-07 05:57:21 +00:00
Miroslav Stampar
03c3f83893
minor fix
2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3
fix for a bug reported by aboynes@gmail.com
2011-06-06 08:50:48 +00:00
Miroslav Stampar
97d8c60c3f
better language
2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322
more info to the user
2011-06-03 15:43:50 +00:00
Miroslav Stampar
8c80413c52
well, important fix for blind based cases (especially OR ones)
2011-06-03 15:29:22 +00:00
Miroslav Stampar
f27181c628
minor improvement for blind based injections with reflected values
2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94
minor update
2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58
minor usability update
2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869
fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com
2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23
minor fix
2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0
proper fix related to the last commit
2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779
bug fix (until this moment we had UNION unfunctional for MSSQL)
2011-06-01 22:47:54 +00:00
Miroslav Stampar
fc96764f80
minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None)
2011-06-01 22:06:06 +00:00
Miroslav Stampar
091c174bc4
better language
2011-06-01 08:30:06 +00:00
Miroslav Stampar
63145236b9
minor fix
2011-05-31 21:53:29 +00:00
Miroslav Stampar
42100e0e5b
big bug fix
2011-05-30 23:15:29 +00:00
Miroslav Stampar
9600556dae
better language
2011-05-30 23:04:49 +00:00
Miroslav Stampar
b7088440c2
better sentence
2011-05-30 22:47:17 +00:00
Miroslav Stampar
3c12799ff0
minor improvement
2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
2011-05-30 20:18:30 +00:00
Miroslav Stampar
b79dae6e95
minor update
2011-05-30 14:49:03 +00:00
Miroslav Stampar
20988e58ed
warp 5 mr spock :)
2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9
speed up of 2 times for partial union technique
2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5
minor update
2011-05-30 08:33:01 +00:00
Miroslav Stampar
d5ede6afb4
fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range)
2011-05-30 06:38:44 +00:00
Miroslav Stampar
23d7820de7
minor update
2011-05-29 23:56:41 +00:00
Miroslav Stampar
6fd8602f01
minor update
2011-05-29 23:33:34 +00:00
Miroslav Stampar
86455ceb9c
implementation of multithreading for UNION and ERROR techniques
2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d
typo update
2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e
adding legal disclaimer as latest situation (these days news headlines) seems out of control
2011-05-28 18:54:14 +00:00
Miroslav Stampar
a5a70f0895
minor update
2011-05-28 18:21:03 +00:00
Miroslav Stampar
ecbeecdccf
minor refactoring
2011-05-28 18:11:56 +00:00
Miroslav Stampar
eb9b84d1da
type correction
2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a
update regarding mysql function resolution and versionedkeywords
2011-05-28 17:34:43 +00:00
Miroslav Stampar
95dea1fbf9
sharp tuning UNION tests even more
2011-05-28 08:06:19 +00:00
Miroslav Stampar
c11ea35d53
adding some user input for "refreshing" cases (like redirect ones)
2011-05-27 22:42:23 +00:00
Miroslav Stampar
cf69809c3c
minor update
2011-05-27 16:26:00 +00:00
Miroslav Stampar
8227298057
user friendliness uber 9000
2011-05-27 08:30:52 +00:00
Miroslav Stampar
a8b58afdb2
minor update
2011-05-27 08:21:02 +00:00
Miroslav Stampar
48f52d7697
minor beautification
2011-05-27 08:16:14 +00:00
Miroslav Stampar
61b960f65f
minor update related to the last one
2011-05-26 22:05:10 +00:00
Miroslav Stampar
45caadbd4a
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
2011-05-26 21:54:19 +00:00
Miroslav Stampar
97bd5355dd
minor update
2011-05-26 21:18:55 +00:00
Miroslav Stampar
5d56e89cf5
minor update
2011-05-26 21:08:46 +00:00
Miroslav Stampar
06108b6da6
minor update related to the last commit
2011-05-26 20:58:24 +00:00
Miroslav Stampar
4f46a5ab63
minor usability enhancement regarding warning for --text-only switch
2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24
minor cleanup of the leftover
2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82
minor update
2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
2011-05-26 14:30:05 +00:00
Miroslav Stampar
4f2c999146
fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)
2011-05-26 13:47:20 +00:00
Miroslav Stampar
f3ed61af5f
bug fix when using inference and kb.pageEncoding is None (like in binary cases)
2011-05-25 21:12:12 +00:00
Miroslav Stampar
5369657cd5
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
2011-05-25 20:54:30 +00:00
Miroslav Stampar
a1fd2898a0
added friendly tip message for url encoding GET and POST payloads
2011-05-25 11:10:52 +00:00
Miroslav Stampar
0e480a9921
adding SYS to the ORACLE_SYSTEM_DBS
2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75
minor beautification
2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b
making it easier for totally dummy users
2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671
helping dummy users
2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c
serving everything for the users
2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca
minor just in case patch
2011-05-24 15:07:37 +00:00
Miroslav Stampar
0072c3af8e
fix for a bug reported by aboynes@gmail.com (for elt in self.a)
2011-05-24 15:03:21 +00:00
Miroslav Stampar
f774d8fea0
proper Tor settings (reverted r3915 and implemented it the right way)
2011-05-24 11:06:58 +00:00
Miroslav Stampar
915c206e3d
minor fix for socks proxy issues
2011-05-24 09:47:10 +00:00
Miroslav Stampar
ad25bcc2be
better way for dealing with relative paths
2011-05-24 05:26:51 +00:00
Miroslav Stampar
a536bf210f
improved redirection mechanism
2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121
this was causing that --suffix trouble
2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c
minor fix for retrieving stuff like "SELECT * FROM testdb..users"
2011-05-23 19:45:40 +00:00
Miroslav Stampar
2b12b18357
incorporating metasploit patch from oliver.kuckertz@mologie.de
2011-05-23 15:27:10 +00:00
Miroslav Stampar
4542d4535f
minor beautification
2011-05-23 14:28:05 +00:00
Miroslav Stampar
31b48ec11c
removing space left
2011-05-23 14:18:33 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
868fbe370b
minor beautification
2011-05-23 10:39:58 +00:00
Miroslav Stampar
fb23beef6f
most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)
2011-05-22 19:14:36 +00:00
Miroslav Stampar
4fdb6ac9b9
adding useful info
2011-05-22 15:30:19 +00:00
Miroslav Stampar
48c20a62ac
minor nag fix
2011-05-22 15:08:55 +00:00
Miroslav Stampar
40971aca94
fixing nasty bug caused by retrying counter
2011-05-22 10:59:56 +00:00
Miroslav Stampar
712e238f33
another minor fix
2011-05-22 10:29:25 +00:00
Miroslav Stampar
2795aeff34
minor fix
2011-05-22 10:27:45 +00:00
Miroslav Stampar
806e898694
no more CRITICAL drop outs in test mode - lots of reports were related to this
2011-05-22 10:21:49 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
27f0e73cc9
refactoring of 'target' flag in connect.py
2011-05-22 07:46:09 +00:00
Miroslav Stampar
a58aaf2e1a
better format for results file (easier for sorting when lots of files)
2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Miroslav Stampar
db72428765
minor update
2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7
added --cookie for maskSensitiveData too
2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4
minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)
2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710
minor refactoring
2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97
added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com
2011-05-17 22:55:22 +00:00
Miroslav Stampar
dfe81cc66f
minor yielding
2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9
minor refactoring
2011-05-16 20:09:12 +00:00
Miroslav Stampar
ba1df457ab
fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com
2011-05-16 19:26:58 +00:00
Miroslav Stampar
6ba9dea640
just in case for trimmed output
2011-05-16 06:17:37 +00:00
Miroslav Stampar
d2221e4604
fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...)
2011-05-16 00:23:50 +00:00
Miroslav Stampar
faa74cd2bc
introducing results file for multiple target mode
2011-05-15 22:21:38 +00:00
Miroslav Stampar
90e84c9a6d
removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end
2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1
minor improvement
2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b
fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)
2011-05-14 19:57:28 +00:00
Miroslav Stampar
053c245114
few minor fixes
2011-05-13 09:56:12 +00:00
Miroslav Stampar
a7d7be5ce0
bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)
2011-05-13 01:01:53 +00:00
Miroslav Stampar
f11d5c91e3
minor update so that only one DNS request per scan is being done (before this commit there were two)
2011-05-12 14:32:39 +00:00
Miroslav Stampar
70688fb8b5
minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)
2011-05-12 12:00:17 +00:00
Miroslav Stampar
c64eb38a8b
same thing as for the last commit, but for error technique this time
2011-05-12 11:52:18 +00:00
Miroslav Stampar
84a7e5ffb9
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
2011-05-12 11:36:02 +00:00
Miroslav Stampar
0b2da2f9f5
minor beautification for --tor switch
2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554
i was probably very tired or very stupid to do this
2011-05-11 13:13:46 +00:00
Miroslav Stampar
2ab9e30f7a
bug fix
2011-05-11 12:54:33 +00:00
Miroslav Stampar
53065ee1fb
adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)
2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9
added -m switch for bulk loading multiple targets
2011-05-11 08:46:40 +00:00
Miroslav Stampar
120b0d756e
unfix
2011-05-10 21:33:06 +00:00
Miroslav Stampar
6b66fce72c
minor fix
2011-05-10 20:52:43 +00:00
Miroslav Stampar
192c685bc8
changing conf attribute to a more proper name
2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7
minor refactoring
2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb
layout
2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a
fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)
2011-05-10 13:28:07 +00:00
Miroslav Stampar
1dea609019
fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)
2011-05-10 12:51:37 +00:00
Miroslav Stampar
a64407d9db
minor bug fix for multithreading and lots of connection retries
2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c
adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1
2011-05-10 12:32:07 +00:00
Miroslav Stampar
ec4d9178f8
minor update related to the previous commit
2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c
minor update
2011-05-08 06:17:43 +00:00
Bernardo Damele
9955483052
Major improvement for --dump.
...
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
8179fd63c0
Minor fix
2011-05-07 23:48:03 +00:00
Bernardo Damele
6653907700
forgot in last commit
2011-05-07 21:13:56 +00:00
Bernardo Damele
1151af52bb
More fix for save/resume of --technique
2011-05-07 21:08:14 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968
removing blank lines and adding newline at the end of files
2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Bernardo Damele
2d8408c885
More fix for --technique resume
2011-05-05 16:38:46 +00:00
Bernardo Damele
e96a533a04
Bug fix to resume of --technique
2011-05-05 15:18:33 +00:00
Miroslav Stampar
b324b99f6e
minor update of warning message
2011-05-04 10:41:08 +00:00
Miroslav Stampar
83fac3f6d9
fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase)
2011-05-03 21:12:51 +00:00
Miroslav Stampar
e6f010734e
minor fix for cases when the retrieved output is safe encoded (like for --os-shell)
2011-05-03 16:14:03 +00:00
Miroslav Stampar
4d4e3802e4
decoding of chars for --os-shell
2011-05-03 15:31:12 +00:00
Bernardo Damele
c58dc4a6d8
isDbmsWithin() must stay like this, no getIdentifiedDbms() in there
2011-05-03 14:13:45 +00:00
Miroslav Stampar
742b0ef76e
major improvement of ERROR data retrieval on MSSQL
2011-05-03 13:25:20 +00:00
Miroslav Stampar
2a7838928e
minor fancier --replicate update
2011-05-03 11:48:04 +00:00
Miroslav Stampar
b202d73b46
bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)
2011-05-03 11:09:30 +00:00
Miroslav Stampar
1840b0e43b
fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)
2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Bernardo Damele
6cff3e97f4
cosmetics
2011-05-02 21:48:08 +00:00
Miroslav Stampar
06498796b9
minor cosmetics
2011-05-02 20:51:53 +00:00
Miroslav Stampar
5e9620198c
fix for a privately reported bug ("AttributeError: item is disabled")
2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895
better fix for the previous commit
2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f
minor update to not confuse users when using -o
2011-05-02 13:24:35 +00:00
Miroslav Stampar
f8c3086d15
minor minor update
2011-05-02 12:37:54 +00:00
Miroslav Stampar
098f53d57a
patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1')
2011-05-02 12:34:35 +00:00
Bernardo Damele
ac2550535c
Proper fix for --technique=U bug
2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93
fix for a major bug reported by k1971@live.co.uk (1..9 99..)
2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334
proper way to deal with generic cases
2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7
fix for a --technique=U
2011-05-01 07:37:22 +00:00
Miroslav Stampar
41fc9f9d54
fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2')
2011-04-30 22:41:54 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf
proper fix
2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5
Minor adjustment to --mobile.
...
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Bernardo Damele
a23ca952e4
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
2011-04-29 21:09:07 +00:00
Miroslav Stampar
46f96f3c4c
removing Kindle from list as it's not really a smartphone
2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9
implemented --mobile switch
2011-04-29 19:27:23 +00:00
Miroslav Stampar
b299912de4
fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost
2011-04-29 16:56:02 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8
fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)
2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
441c288dd9
cosmeticados
2011-04-25 00:36:09 +00:00
Bernardo Damele
98f9f3e774
Minor bug fix in local shellcodeexec for Windows path
2011-04-25 00:03:12 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
75142b383d
huge speed up (4x times faster)
2011-04-22 21:00:42 +00:00
Miroslav Stampar
f88aa4b165
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 19:58:10 +00:00
Miroslav Stampar
493b9adf8e
speed up of resume values (compiled regexes used)
2011-04-22 19:27:41 +00:00
Miroslav Stampar
7b3b9e6a87
it seems that this was indeed not meant to be here
2011-04-22 15:07:09 +00:00
Miroslav Stampar
304500a2e8
implemented checkFalsePositives method (simple Turing like tests)
2011-04-22 12:24:16 +00:00
Bernardo Damele
f3088079c0
error message adjustment
2011-04-21 22:31:02 +00:00
Bernardo Damele
eabb5a2ba7
More adjustments to the error message when no sql injections are detected
2011-04-21 22:04:20 +00:00
Bernardo Damele
6d07dddf60
updated doc and minor layout adjustments
2011-04-21 21:53:35 +00:00
Bernardo Damele
06a00fe85e
For development version, print also the revision number in the banner
2011-04-21 21:34:57 +00:00
Bernardo Damele
770b1523ff
More verbose output when no SQL injections are detected
2011-04-21 21:31:16 +00:00
Bernardo Damele
edc2d75702
Cosmetics and major bug fix
2011-04-21 21:15:23 +00:00
Bernardo Damele
d2f102f5a1
cosmetics
2011-04-21 20:21:37 +00:00
Bernardo Damele
b667c50588
store/resume info on xp_cmd available in session file
2011-04-21 14:25:04 +00:00
Miroslav Stampar
930872cf3b
fix
2011-04-21 14:20:09 +00:00
Bernardo Damele
a313df4d37
Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file
2011-04-21 14:05:37 +00:00
Bernardo Damele
fbe5ba5394
cosmetics
2011-04-21 10:54:12 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Bernardo Damele
8d8fc2bbd8
cosmetics
2011-04-21 10:17:41 +00:00
Bernardo Damele
11ecd16099
cosmetics
2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05
removing funny remark
2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440
layout
2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad
added a comment
2011-04-21 10:01:58 +00:00
Miroslav Stampar
c84c4d835f
minor update
2011-04-21 09:31:35 +00:00
Miroslav Stampar
e4d3190f41
reverting back to NVARCHAR because of error technique
2011-04-20 12:59:23 +00:00
Miroslav Stampar
3607f03a9e
fix of a minor typo
2011-04-20 12:42:35 +00:00
Miroslav Stampar
1286cc0913
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
2011-04-20 12:41:58 +00:00
Miroslav Stampar
7993f3f12d
way better for storing bulk of data (like BLOB on mysql)
2011-04-20 11:44:52 +00:00
Miroslav Stampar
04653684cd
revert
2011-04-20 10:34:34 +00:00
Miroslav Stampar
4fadcf0615
improvement for UNION/ERROR case
2011-04-20 10:17:42 +00:00
Miroslav Stampar
1c1c20fb64
minor update
2011-04-20 09:34:00 +00:00
Miroslav Stampar
4b6c524d4c
one more minor update regarding last commit
2011-04-20 09:26:03 +00:00
Miroslav Stampar
44926757da
minor update
2011-04-20 09:23:08 +00:00
Miroslav Stampar
52c98afe93
minor fix
2011-04-20 08:38:46 +00:00
Miroslav Stampar
24435a2c20
implemented "break a tie" request by Andres Riancho
2011-04-20 08:35:47 +00:00
Miroslav Stampar
df0331fe9b
some more refactoring
2011-04-19 23:04:10 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864
dealing with http://bugs.python.org/issue1602
2011-04-19 22:33:03 +00:00
Miroslav Stampar
9a9838f1e6
cleaning a mess with UPX and virus scanners
2011-04-19 21:57:04 +00:00
Miroslav Stampar
44bbef42f8
minor cosmetics
2011-04-19 20:23:08 +00:00
Miroslav Stampar
b7efa255d6
minor update of usage string
2011-04-19 20:14:56 +00:00
Miroslav Stampar
fc90974940
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
2011-04-19 14:50:09 +00:00
Miroslav Stampar
7abbd0c029
removing a leftover
2011-04-19 14:29:51 +00:00
Miroslav Stampar
96b5fede5a
automatic increasing of time delay on lagging connections
2011-04-19 14:28:51 +00:00
Miroslav Stampar
13f8c001a7
minor update
2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92
added "lagging" critical message
2011-04-19 10:37:20 +00:00
Miroslav Stampar
9b0db33cc5
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
2011-04-19 08:55:38 +00:00
Miroslav Stampar
a7c26366b4
doing that auto default value for --time-sec only for --tor
2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3
cleaner solution for the problem solved with last commit
2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6
little hack for --time-sec
2011-04-18 14:46:18 +00:00
Miroslav Stampar
6463cad8c5
minor update for SOAP payloads
2011-04-18 14:29:52 +00:00
Miroslav Stampar
da9ec67869
removing leftover
2011-04-18 13:43:22 +00:00
Miroslav Stampar
354a2ce249
'chardet' heuristic engine added to the project
2011-04-18 13:38:46 +00:00
Miroslav Stampar
b5aef9bcf9
fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')
2011-04-18 10:16:38 +00:00
Miroslav Stampar
6fab44d635
minor refactoring and improving of used regex
2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a
minor cosmetics
2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553
minor update for matching SOAP messages
2011-04-17 22:21:32 +00:00
Miroslav Stampar
4fa00121e4
that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one
2011-04-17 21:58:34 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb
minor update
2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac
well, this could be important :)
2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
5e70eac98c
fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes
2011-04-16 06:44:29 +00:00
Miroslav Stampar
88c76147e1
removed few trailing whitespace lines
2011-04-15 20:52:08 +00:00
Miroslav Stampar
3b6f9945ae
minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)
2011-04-15 14:15:29 +00:00
Miroslav Stampar
c461fdca54
some refactoring
2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3
removed debug message that could cause confusion
2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959
improved htmlunescape (great for localized html escape codes)
2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb
minor fixes and refactoring regarding safecharencoding
2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7
speed of --replicate is now vastly improved
2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638
minor fix
2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7
More cookies to ignore
2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e
minor refactoring
2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573
minor update related to the last commit
2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8
minor fix
2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe
one more commit related to the issue with displaying of garbled characters
2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9
update regarding safe character output together with a small fix for newlines
2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a
minor update
2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f
better beep for MacOSX
2011-04-13 18:32:47 +00:00
Miroslav Stampar
bf55b0b77a
more restrictions on crypt(3) hash recognition to prevent false positives
2011-04-13 14:40:23 +00:00
Miroslav Stampar
d06ae9cd47
implemented retrieved items info for partial union too
2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc
minor cosmetics for partial inband retrieval
2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be
just in case update to prevent gibberish "retrieved: " outputs
2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56
fix for a "accept certificate first time for svn"
2011-04-12 14:25:17 +00:00
Miroslav Stampar
a883ce26b5
fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')
2011-04-12 13:25:28 +00:00
Miroslav Stampar
0ae74f27e4
avoiding annoying "payload 'None' possibly..." in case where payload is not specified
2011-04-11 15:24:52 +00:00
Miroslav Stampar
941daa1645
just in case to prevent "object of type 'NoneType' has no len()" error reports
2011-04-11 11:59:02 +00:00
Miroslav Stampar
2db2e9b6a2
now GET forms are also prone to "do you want to fill with random values"
2011-04-11 11:38:41 +00:00
Miroslav Stampar
08d14886fd
added new dev version string
2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e
cutting for 0.9 stable
2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e
lowering the value
2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac
Minor bug fix
2011-04-10 22:44:08 +00:00
Miroslav Stampar
6012ab1c46
better one for previous commit
2011-04-10 21:52:08 +00:00
Miroslav Stampar
e6c50df4f9
preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)
2011-04-10 21:38:08 +00:00
Miroslav Stampar
940c225d7c
few fixes
2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844
Removed unused code
2011-04-10 20:39:15 +00:00
Miroslav Stampar
decab6642d
fix for that @chunk bug
2011-04-10 16:46:33 +00:00
Miroslav Stampar
723a7447b2
minor refactoring
2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
2011-04-09 22:39:03 +00:00
Miroslav Stampar
277f16d6b3
removing commented out debug print
2011-04-08 22:44:05 +00:00
Miroslav Stampar
c4c40308c6
no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)
2011-04-08 22:42:07 +00:00
Miroslav Stampar
83feb097ef
greater flexibility for --batch when default is None
2011-04-08 22:29:50 +00:00
Miroslav Stampar
6fa2fd139c
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
2011-04-08 15:17:57 +00:00
Bernardo Damele
beb98140b3
Minor improvement to --check-payload
2011-04-08 14:34:00 +00:00
Miroslav Stampar
228cc68747
fix for those ugly DEBUG messages in brute mode
2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656
cosmeticados ;)
2011-04-08 10:39:07 +00:00
Miroslav Stampar
be11e2535e
one more minor update
2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9
minor update regarding the last commit
2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d
higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])
2011-04-07 23:32:07 +00:00
Miroslav Stampar
b288e5ef57
implemented DNS caching mechanism
2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa
minor code restyling
2011-04-07 13:27:29 +00:00
Miroslav Stampar
e33a48d40f
minor refactoring
2011-04-07 12:54:30 +00:00
Bernardo Damele
c6b9d89d31
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
2011-04-07 11:10:35 +00:00
Bernardo Damele
9e8c933333
cosmetics
2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5
removed integers from --technique
2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be
minor update
2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f
minor refactoring
2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367
Minor layout adjustments
2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c
Refactoring to --technique
2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
2011-04-06 14:41:44 +00:00
Bernardo Damele
8b14a9eaa7
Minor code adjustments
2011-04-06 14:40:45 +00:00
Miroslav Stampar
a379463213
cosmeticado
2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b
minor fix (it was quite ... to have this check at the later stage)
2011-04-06 08:39:24 +00:00
Miroslav Stampar
fdef6726cf
minor update
2011-04-06 08:30:50 +00:00
Bernardo Damele
d436ba2da5
Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value
2011-04-06 08:19:56 +00:00
Bernardo Damele
81034140c0
Reduced number of threads to 3 when -o is provided
2011-04-06 08:15:20 +00:00
Miroslav Stampar
265fa52600
minor code cosmetics
2011-04-04 18:24:16 +00:00
Miroslav Stampar
018b6b9430
fix for a charset encoding reported by Kirill
2011-04-04 18:20:09 +00:00
Miroslav Stampar
2c01fc56e6
minor update regarding misusage of --proxy and --ignore-proxy switches
2011-04-04 09:19:43 +00:00
Miroslav Stampar
e957c4400c
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
2011-04-04 08:04:47 +00:00
Miroslav Stampar
305115a68b
important improvement of data handling (POST data and header values)
2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0
minor update related to the last commit
2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be
minor update regarding --current-db on Oracle
2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a
Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)
2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346
minor update related to the problem with request files reported by jorge_a_santos@hotmail.com
2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878
another minor update related to previous commit
2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f
speed optimization
2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8
minor update (ip addresses will not be confused any more for crypt_generic hashes)
2011-03-31 16:56:26 +00:00
Miroslav Stampar
557ed7d665
minor fix for a invalid charset reported by Kirill
2011-03-31 14:39:01 +00:00
Bernardo Damele
fed57282fc
Added one more warning message to show what's going on with ctrl+c
2011-03-31 14:26:14 +00:00
Bernardo Damele
3948cd9e77
Minor layout adjustments
2011-03-31 14:13:53 +00:00
Miroslav Stampar
c5de903eab
minor improvement ("quick defense against substr fields")
2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff
quick fix
2011-03-31 08:43:17 +00:00
Miroslav Stampar
0916117447
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
2011-03-30 18:32:10 +00:00
Miroslav Stampar
dd01d66f13
proper update regarding last commit
2011-03-29 22:10:08 +00:00
Miroslav Stampar
850328df6c
minor cosmetics
2011-03-29 22:03:48 +00:00
Miroslav Stampar
b6af80bab3
refactoring, cleanup and improvement
2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1
minor refactoring
2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
2011-03-29 20:45:21 +00:00
Miroslav Stampar
9f707febf5
minor update
2011-03-29 15:43:17 +00:00
Miroslav Stampar
d0861a00e2
minor improvement
2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc
minor refactoring and comment update
2011-03-29 12:08:07 +00:00
Miroslav Stampar
1821a008af
Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once
2011-03-29 12:00:29 +00:00
Miroslav Stampar
5560196648
minor fix
2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809
Bernardo will kill me (added --wizard for total beginners)
2011-03-29 11:42:55 +00:00
Miroslav Stampar
4d78eac938
revert of that thingy as requested by Bernardo
2011-03-29 10:06:35 +00:00
Miroslav Stampar
a9f5d828c6
minor fix avoiding problems with hashing strange characters in usernames
2011-03-29 07:50:07 +00:00
Miroslav Stampar
e8debbe724
minor cosmetics and one minor fix (|= is a nono with None)
2011-03-29 06:38:19 +00:00
Miroslav Stampar
86f93713d3
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
2011-03-29 06:25:17 +00:00
Miroslav Stampar
a2d5358b08
minor fix
2011-03-28 23:40:46 +00:00
Miroslav Stampar
9e900ccbac
minor comment update
2011-03-28 23:12:04 +00:00
Miroslav Stampar
a61e287d23
making updates for dummy Windows users
2011-03-28 23:09:19 +00:00
Miroslav Stampar
bf0e3c4662
improvement for --forms with empty fields
2011-03-28 22:48:00 +00:00
Miroslav Stampar
1823c116bb
minor update for special cases of union testing results
2011-03-28 21:45:38 +00:00
Miroslav Stampar
ae53ad4c30
making an update for special case of timed out response
2011-03-28 21:05:04 +00:00
Miroslav Stampar
1e22ff45de
minor update regarding testing of GET parameters if --data and/or --forms is used
2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263
little info message
2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e
fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')
2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d
minor update
2011-03-27 07:58:15 +00:00
Miroslav Stampar
dba32306b0
minor update
2011-03-26 22:03:46 +00:00
Miroslav Stampar
d8f7c4bc4c
minor update regarding support for crypt(3)
2011-03-26 21:41:37 +00:00
Miroslav Stampar
4f00b9fa4b
minor fix
2011-03-26 21:10:31 +00:00
Miroslav Stampar
afe2be6a9f
implementation of Standard DES hashing (crypt)
2011-03-26 20:46:25 +00:00
Miroslav Stampar
1119a85f39
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
2011-03-25 21:31:26 +00:00
Miroslav Stampar
6c6133e8aa
revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)
2011-03-25 20:46:37 +00:00
Miroslav Stampar
737b4abf13
this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)
2011-03-25 20:30:15 +00:00
Miroslav Stampar
422967fbcd
just an minor update related to the last commit
2011-03-25 12:21:53 +00:00
Miroslav Stampar
c5b6d377fb
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495
fix for partial inband queries on MSSQL
2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8
minor update regarding --live-test
2011-03-25 09:03:08 +00:00
Miroslav Stampar
ea52d7acad
minor revisit of inference
2011-03-24 20:10:40 +00:00
Miroslav Stampar
1f1c4c0e61
better update related to the last commit
2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad
minor update
2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf
another fix related to the bug reported by Alone Shell
2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138
adding possibility to run only one live test (e.g. --run-case=8)
2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2
basic live tests against 3 major DBMSes
2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e
introduction of --fresh-queries
2011-03-24 10:08:47 +00:00
Miroslav Stampar
762397854e
fix for a bug reported by Kirill (unknown charset '8859-1')
2011-03-24 09:27:19 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9
implementing a --page-rank switch as requested by l0rda@l0rda.biz
2011-03-23 11:57:57 +00:00
Miroslav Stampar
0f7bce5c66
fixing a huge mess going on because of counting on error and union techniques
2011-03-23 11:36:40 +00:00
Miroslav Stampar
5a1aaecf16
minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')
2011-03-22 13:07:37 +00:00
Miroslav Stampar
7613134515
it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)
2011-03-22 12:37:05 +00:00
Miroslav Stampar
9479a68eb5
minor fix regarding last commit
2011-03-22 12:21:56 +00:00
Miroslav Stampar
c24ed6e622
minor fix related to a bug reported by warninggp@gmail.com
2011-03-22 09:22:48 +00:00
Miroslav Stampar
cbfb10cbd1
fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)
2011-03-21 16:43:46 +00:00
Miroslav Stampar
b5c9ccb755
Oracle XML based error payload has problems with char $ as with space
2011-03-21 13:13:12 +00:00
Miroslav Stampar
1abcd507b8
hidding --group-concat switch
2011-03-21 12:13:21 +00:00
Bernardo Damele
19e2ed9803
Layout fix
2011-03-21 00:40:25 +00:00
Miroslav Stampar
3ca5cddca7
massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)
2011-03-20 23:54:56 +00:00
Miroslav Stampar
9b1f2d82d0
minor update (that .strip() was a leftover)
2011-03-20 23:20:47 +00:00
Miroslav Stampar
db992a0a86
mssql likes to htmlescape error reports
2011-03-20 23:16:34 +00:00
Miroslav Stampar
088c815567
minor update (exposing --tor switch)
2011-03-19 18:28:51 +00:00
Miroslav Stampar
2cc91b8470
minor fix
2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb
minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)
2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9
little stabilization regarding POST url(de/en)coding
2011-03-19 16:53:14 +00:00
Miroslav Stampar
0fcd999e51
fix for a bug reported by malice
2011-03-18 16:52:46 +00:00
Miroslav Stampar
58e9a074d3
masking some more command line arguments
2011-03-18 16:47:18 +00:00
Miroslav Stampar
36233fac42
update regarding a feature request from andyroyalbattle@yahoo.it
2011-03-18 16:35:30 +00:00
Miroslav Stampar
00b9d85ffc
fix regarding bug report from andyroyalbattle@yahoo.it
2011-03-18 16:26:39 +00:00
Miroslav Stampar
4e300baaf2
minor cosmetics
2011-03-18 14:09:18 +00:00
Miroslav Stampar
3628887110
los cosmeticados
2011-03-18 14:08:36 +00:00
Miroslav Stampar
75c0e09f43
little refactoring
2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599
minor fix and some refactoring
2011-03-18 00:24:02 +00:00
Bernardo Damele
9526f0c4c2
Minor layout adjustments
2011-03-17 12:35:40 +00:00
Bernardo Damele
03fac62592
Minor code restyle
2011-03-17 12:34:29 +00:00
Miroslav Stampar
cbdd9e921e
minor cosmetics
2011-03-17 12:23:56 +00:00
Miroslav Stampar
6607a240cf
added logging to redirecthandler
2011-03-17 12:21:27 +00:00
Miroslav Stampar
9a513198dd
minor fix regarding last couple of commits
2011-03-17 11:25:37 +00:00
Miroslav Stampar
970cde5a8a
minor update regarding last commit
2011-03-17 09:23:46 +00:00
Miroslav Stampar
beba69faa9
implementation of request from Santiago (look for error based responses in redirects)
2011-03-17 09:12:28 +00:00
Miroslav Stampar
847ce863e3
refactoring
2011-03-17 08:54:20 +00:00
Miroslav Stampar
fbd0cfda29
minor update toward the implementation of request from Santiago
2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303
-v 0 shows both error, critical and raw_input messages
2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257
Minor bug fix (revert)
2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65
minor refactoring
2011-03-11 20:16:34 +00:00
Miroslav Stampar
2fd3f0d7b2
minor update (added comment)
2011-03-11 20:07:52 +00:00
Miroslav Stampar
6cc745f789
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
2011-03-11 19:57:44 +00:00
Bernardo Damele
d8a76ebe34
Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs
2011-03-11 16:03:19 +00:00
Bernardo Damele
3cb0ca4b63
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1
Another bug fix for --privileges on PgSQL with UNION query technique
2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7
Minor bug fixes to --privileges for PostgreSQL query (corner case)
2011-03-11 14:54:41 +00:00
Miroslav Stampar
1879a49506
fix for a bug reported by andreoaz@gmail.com
2011-03-10 20:40:12 +00:00
Miroslav Stampar
eb1cda7065
minor refactoring (more consistent)
2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387
minor refactoring
2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
2011-03-08 11:53:59 +00:00
Miroslav Stampar
99adbbeaa3
los cosmeticados
2011-03-07 22:04:17 +00:00
Miroslav Stampar
cc0306044c
adding SVN revision number support for non SVN client platforms
2011-03-07 21:54:30 +00:00
Miroslav Stampar
154d947c62
minor update
2011-03-07 10:15:41 +00:00
Miroslav Stampar
16b286982d
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302
further update regarding last commit
2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
2011-03-03 09:42:50 +00:00
Miroslav Stampar
3a1f5744be
minor update to make counting variable totally independent of the urllib2's self.retried
2011-03-02 10:42:17 +00:00
Miroslav Stampar
a010386a23
finally a proper fix for that annoying recursive bug
2011-03-02 10:29:38 +00:00
Miroslav Stampar
f27f05308a
minor update for masking sensitive data in error report (added aCred too)
2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea
minor improvement
2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3
fix for --technique
2011-03-01 09:54:06 +00:00
Miroslav Stampar
9856cb71de
redo of the last commit with comments added
2011-02-28 18:58:05 +00:00
Miroslav Stampar
ade31b2cb0
removal of obsolete item
2011-02-28 18:49:25 +00:00
Miroslav Stampar
2bf212ffa9
minor minor update
2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e
minor improvement of regular expression
2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
2011-02-27 12:17:41 +00:00
Bernardo Damele
60605b6e7c
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
2011-02-27 12:14:13 +00:00
Miroslav Stampar
88faedc0fe
fix for a bug reported by -insane-
2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e
bug fix for international encoded letters
2011-02-25 22:43:01 +00:00
Miroslav Stampar
63b8156c00
some update (if header key is non-unicode comformant)
2011-02-25 09:43:04 +00:00
Miroslav Stampar
2bbbc9a41e
few updates
2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1
incorporation of method for neutralization of reflective values
2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608
added protection mechanism against reflected values
2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e
If no Accept header field is present, then it is assumed that the client accepts all media types.
2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068
adding experimental for --group-concat
2011-02-22 14:35:38 +00:00
Miroslav Stampar
12ede1e5de
minor JIC (just-in-case) update
2011-02-22 13:18:47 +00:00
Miroslav Stampar
3f8eadf4fe
minor refactoring
2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe
minor refactoring
2011-02-22 12:54:22 +00:00
Miroslav Stampar
17c39fe231
fix for that non-HTML stuff
2011-02-22 11:32:55 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Miroslav Stampar
90582ed7dc
minor change
2011-02-21 11:35:21 +00:00
Miroslav Stampar
aac817935a
further improvement of MaxDB support
2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b
minor bug fix
2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d
minor update
2011-02-20 21:27:38 +00:00
Miroslav Stampar
0c57f2af0f
minor fix
2011-02-20 12:20:44 +00:00
Bernardo Damele
023a80c31c
Section explanation change to reflect recent enhancements
2011-02-19 21:06:24 +00:00
Bernardo Damele
60b05ff49f
Reflect new switch name
2011-02-19 21:05:15 +00:00
Bernardo Damele
8e60acae5d
Added support for --scope also in WebScarab logs (-l)
2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd
some more Sybase updates
2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac
some progress regarding SYBASE
2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95
minor improvement
2011-02-18 14:27:02 +00:00
Miroslav Stampar
3badf92ceb
not doing "basic" filtering in default cases because of a bug reported by Kazim
2011-02-18 07:38:13 +00:00
Miroslav Stampar
6cdf08b81c
minor fix
2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217
--technique can now be something like 123 which includes both techniques 1, 2 and 3
2011-02-17 21:39:16 +00:00
Miroslav Stampar
7ebc1ab90a
minor cosmetics
2011-02-17 08:59:14 +00:00
Miroslav Stampar
199f14df46
implementation of MySQL GROUP_CONCAT technique
2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416
Proper fix for r3307 (file-write on MySQL via UNION query tech)
2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475
minor update
2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d
update regarding explicit testing of ua and referer when using -p
2011-02-13 21:58:48 +00:00
Bernardo Damele
429ab631fe
Minor refactoring
2011-02-13 21:25:01 +00:00
Miroslav Stampar
5fb11fd173
update regarding multiple DBMS payloads
2011-02-13 21:20:21 +00:00
Bernardo Damele
45a005737d
Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2
2011-02-13 21:08:42 +00:00
Miroslav Stampar
83d7803ce7
other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)
2011-02-12 20:03:28 +00:00
Miroslav Stampar
9f7d666451
removing --method per request of buawig
2011-02-12 19:50:27 +00:00
Miroslav Stampar
1cd483f42f
one more update
2011-02-12 10:24:09 +00:00
Miroslav Stampar
25a3a64327
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
2011-02-12 10:15:42 +00:00
Miroslav Stampar
521635c84d
quick fix for UA and Referer
2011-02-11 23:36:23 +00:00
Bernardo Damele
7253362114
Minor bug fix so that --file-write on MySQL via UNION query now works again
2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb
implementation of referer feature
2011-02-11 23:07:03 +00:00
Miroslav Stampar
a6ab24e0b5
just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed
2011-02-10 22:47:43 +00:00
Miroslav Stampar
5f2fcd1eea
minor adjustment regarding "file" switches
2011-02-10 19:55:47 +00:00
Miroslav Stampar
4295a78c5f
minor update
2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba
More fixes for --common-columns to work against MSSQL too
2011-02-09 17:22:07 +00:00
Miroslav Stampar
917b2b0d6b
one more commit related to the previous one
2011-02-09 17:07:02 +00:00
Miroslav Stampar
6c582343fe
.. fix
2011-02-09 17:05:06 +00:00
Miroslav Stampar
d9af01d73d
imporant fix for boolean expression which return [None]
2011-02-09 16:53:22 +00:00
Miroslav Stampar
7d9be18789
added one comment
2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f
another update
2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139
fix for a bug reported by skysbsb@gmail.com (double ORDER BY)
2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e
fix
2011-02-09 11:20:03 +00:00
Miroslav Stampar
3de6117253
revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)
2011-02-09 09:53:59 +00:00
Miroslav Stampar
98ca1702ae
los cosmeticado
2011-02-08 16:30:32 +00:00
Miroslav Stampar
87e36796c6
just to not cause confusion
2011-02-08 16:29:42 +00:00
Miroslav Stampar
dcb9c93328
minor cleanup
2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143
first commit with mysql/error/substringing
2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b
Proper fix
2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588
revert of r3274
2011-02-08 09:44:34 +00:00
Bernardo Damele
156d8cd99b
Directory restyling
2011-02-08 00:15:02 +00:00
Bernardo Damele
cfe2da0195
Minor fix
2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Miroslav Stampar
2c4f6d2e99
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
2011-02-07 21:53:05 +00:00
Miroslav Stampar
a577d0e9a5
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
2011-02-07 21:18:01 +00:00
Miroslav Stampar
66adf23532
Unbiased approach for searching appropriate usable column
2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613
there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)
2011-02-07 16:55:02 +00:00
Miroslav Stampar
771020abd6
one more related commit
2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272
fix for that MSSQL limit/top problem
2011-02-07 16:24:23 +00:00
Miroslav Stampar
71d1b72e0e
minor adjustment
2011-02-07 12:51:38 +00:00
Bernardo Damele
b33ac19d39
Minor fix
2011-02-07 12:36:00 +00:00
Miroslav Stampar
99e9412f74
minor update
2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
c0233dcd4f
preventing crashes for output=[]
2011-02-07 10:24:15 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4
More statements to exclude from unescap'ing
2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235
Minor fix
2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9
More adjustments related to unescape() and cleanupPayload().
...
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Bernardo Damele
9eac2339ca
2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868
Code cleanup
2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc
few reverts
2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c
little cleanup
2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58
can't stay as it is right now. temporary disabling.
2011-02-06 21:17:41 +00:00
Miroslav Stampar
d2b96a66a2
one more update regarding last few "unescape" related commits
2011-02-06 20:23:23 +00:00
Bernardo Damele
6191a7f26f
Major fix for a silent bug
2011-02-06 15:53:43 +00:00
Bernardo Damele
c44978862e
Minor reordering of what gets saved into the injection object
2011-02-06 15:20:44 +00:00
Miroslav Stampar
412a97b7fe
fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')
2011-02-05 14:17:28 +00:00
Miroslav Stampar
4df8a03c04
using OrderedDict to store parameters in order of appearance
2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80
minor refactoring
2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d
Minor fix
2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06
minor just in case update
2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e
minor refactoring
2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05
revert
2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899
minor adjustment (accepting strange new looking uri formats)
2011-02-04 10:55:03 +00:00
Miroslav Stampar
1af418d444
huge bug fix
2011-02-04 10:18:26 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804
adding comments to filtering function
2011-02-03 23:09:08 +00:00
Miroslav Stampar
1aecbe6b08
minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)
2011-02-03 22:59:26 +00:00
Miroslav Stampar
e5f54644f0
minor "statistical" update
2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8
more appropriate
2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd
new UNION column detection is going into wild
2011-02-03 16:16:38 +00:00
Miroslav Stampar
b56a77e573
removing obsolete switches (--threshold, --excl-reg, --excl-str)
2011-02-03 15:55:19 +00:00
Bernardo Damele
253a8d0679
Minor bug fix
2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314
minor fix
2011-02-03 13:28:10 +00:00
Miroslav Stampar
1b9850b73a
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc
minor change (conf.updateAll to conf.update)
2011-02-03 11:13:39 +00:00
Miroslav Stampar
402c1b622e
removing urlencode from UA
2011-02-02 15:18:06 +00:00
Miroslav Stampar
5f49e20cc8
adding --random-agent and removing -a
2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d
cosmetics
2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Bernardo Damele
5f0114a2a8
Minor bug fix
2011-02-02 14:06:40 +00:00
Miroslav Stampar
8134c2154a
adding WHERE enum for payloads
2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78
minor update
2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a
minor update
2011-02-02 12:42:55 +00:00
Miroslav Stampar
e73a147fb5
minor update
2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833
adding __findUnionCharCount function
2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f
minor refactoring
2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
2011-02-02 09:24:37 +00:00