Bernardo Damele
|
f704a46341
|
silly blank line added
|
2012-07-12 01:38:29 +01:00 |
|
Bernardo Damele
|
a5924739f6
|
minor code refactoring in preparation of ticket #75
|
2012-07-12 01:12:30 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
Miroslav Stampar
|
1a8ebbfd43
|
Minor refactoring
|
2012-07-06 17:05:47 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
ec44e88db8
|
lots of refactoring regarding removal of already obsolete session file mechanism
|
2012-06-21 10:09:10 +00:00 |
|
Miroslav Stampar
|
76c873a222
|
minor fix
|
2012-06-15 06:22:44 +00:00 |
|
Miroslav Stampar
|
facce2c0df
|
some more cleanup
|
2012-06-14 13:50:36 +00:00 |
|
Miroslav Stampar
|
4e6fcce9ca
|
minor update
|
2012-05-26 07:04:32 +00:00 |
|
Miroslav Stampar
|
ce077137c9
|
minor language update
|
2012-05-26 07:01:37 +00:00 |
|
Miroslav Stampar
|
d335ec0c34
|
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
|
2012-05-26 07:00:26 +00:00 |
|
Miroslav Stampar
|
556b349be3
|
minor fix for retrieving non-printable chars in inference and non-multi threading mode
|
2012-04-03 14:04:07 +00:00 |
|
Miroslav Stampar
|
7fd64df167
|
minor code cleaning
|
2012-03-28 13:31:07 +00:00 |
|
Miroslav Stampar
|
d66056fe39
|
one more related commit
|
2012-03-16 13:16:53 +00:00 |
|
Miroslav Stampar
|
ac02a2d92c
|
minor fix
|
2012-03-16 13:14:14 +00:00 |
|
Miroslav Stampar
|
b130a9e14e
|
minor fix (writing to HashDB on any interrupt)
|
2012-03-16 10:15:43 +00:00 |
|
Miroslav Stampar
|
f4e410db16
|
minor fix
|
2012-03-01 10:17:39 +00:00 |
|
Miroslav Stampar
|
37db27b720
|
turning back on automatic adjusting of delays in time based queries
|
2012-02-29 15:51:23 +00:00 |
|
Miroslav Stampar
|
c36cbbb3ae
|
minor fix
|
2012-02-24 14:54:10 +00:00 |
|
Miroslav Stampar
|
f94b91ad87
|
added helper function for HashDB data storing/retrieval
|
2012-02-24 13:07:20 +00:00 |
|
Miroslav Stampar
|
b481c0352f
|
minor update
|
2012-02-24 11:25:56 +00:00 |
|
Miroslav Stampar
|
5afbd52b61
|
more update related to last commits
|
2012-02-24 10:57:23 +00:00 |
|
Miroslav Stampar
|
570d3a19c2
|
more general fix
|
2012-02-24 10:53:28 +00:00 |
|
Miroslav Stampar
|
e8352e504f
|
fixing problems with chars deletition by logging messages in inference mode
|
2012-02-24 10:48:19 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
bcf3255fe1
|
implementation of switch --hex for 4 major DBMSes
|
2012-02-21 11:44:48 +00:00 |
|
Miroslav Stampar
|
aee269cc14
|
gazillion changes, nothing will work, muhahaha
|
2012-02-17 14:22:48 +00:00 |
|
Miroslav Stampar
|
c1368053e5
|
minor fix
|
2012-02-12 18:46:25 +00:00 |
|
Miroslav Stampar
|
b140ef4a14
|
minor update (preparing for switching to HashDB from old sessionFile)
|
2012-02-10 10:24:48 +00:00 |
|
Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
46f42f2fe4
|
minor fix
|
2012-01-30 13:10:35 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
9d50c806e1
|
bug fix
|
2012-01-05 10:55:58 +00:00 |
|
Miroslav Stampar
|
29f502fe29
|
some refactoring
|
2011-12-28 16:27:17 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
f39170a2c4
|
minor update
|
2011-11-22 15:06:51 +00:00 |
|
Miroslav Stampar
|
e290f2b80b
|
minor update
|
2011-10-28 11:11:55 +00:00 |
|
Miroslav Stampar
|
8bd3cfdc8e
|
minor update
|
2011-10-24 00:17:38 +00:00 |
|
Miroslav Stampar
|
e1dbb4443b
|
minor update related to the last commit
|
2011-08-16 07:01:14 +00:00 |
|
Miroslav Stampar
|
7cc5743c5d
|
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
|
2011-08-16 06:50:20 +00:00 |
|
Miroslav Stampar
|
6bbb8139a0
|
update (smaller memory footprint in postprocessing phase because of safecharencode part)
|
2011-07-25 20:40:31 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
34d9a91af1
|
bulk of fixes
|
2011-07-02 22:48:56 +00:00 |
|
Bernardo Damele
|
9eb683531d
|
Minor improvement at blind SQL inj technique for DB2
|
2011-06-27 22:28:12 +00:00 |
|
Miroslav Stampar
|
905fef0eae
|
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
|
2011-06-18 10:51:14 +00:00 |
|
Miroslav Stampar
|
fde3e4cece
|
better
|
2011-06-18 09:52:07 +00:00 |
|
Miroslav Stampar
|
2f129b01c0
|
"Please consider to provide" is a bad English
|
2011-06-18 09:46:22 +00:00 |
|
Miroslav Stampar
|
9498a3f259
|
little stabilization of multi threading
|
2011-06-17 12:50:28 +00:00 |
|
Bernardo Damele
|
0d8d6a4ace
|
Cosmetics
|
2011-06-08 16:08:20 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Miroslav Stampar
|
6b81eef65a
|
refactoring
|
2011-06-08 14:30:12 +00:00 |
|
Miroslav Stampar
|
50dde39e68
|
minor update
|
2011-06-07 10:32:18 +00:00 |
|
Miroslav Stampar
|
8227298057
|
user friendliness uber 9000
|
2011-05-27 08:30:52 +00:00 |
|
Miroslav Stampar
|
5369657cd5
|
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
|
2011-05-25 20:54:30 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Miroslav Stampar
|
29ee760021
|
improving time based data retrieval mechanism
|
2011-04-17 07:24:18 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
277f16d6b3
|
removing commented out debug print
|
2011-04-08 22:44:05 +00:00 |
|
Miroslav Stampar
|
ea52d7acad
|
minor revisit of inference
|
2011-03-24 20:10:40 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
0edb4ee314
|
minor fix
|
2011-02-03 13:28:10 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
777a19cfa9
|
LOL. removing that debug 'True'
|
2011-01-31 16:22:55 +00:00 |
|
Miroslav Stampar
|
a80fe28631
|
one more thing ;)
|
2011-01-31 16:21:28 +00:00 |
|
Miroslav Stampar
|
933d701667
|
cosmetics
|
2011-01-31 16:14:44 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Bernardo Damele
|
2a0b03e5c6
|
Unused import
|
2011-01-30 17:07:27 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
8d0c2efbe2
|
unescaping of char marked payloads
|
2011-01-24 12:00:16 +00:00 |
|
Miroslav Stampar
|
a4a0f10950
|
minor minor minor
|
2011-01-20 09:25:34 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
eadaf680de
|
fuck yea
|
2011-01-19 15:25:48 +00:00 |
|
Bernardo Damele
|
3822b494ea
|
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
|
2011-01-17 23:43:37 +00:00 |
|
Miroslav Stampar
|
5c857779c1
|
important fix for unicode based character inference
|
2011-01-17 10:15:19 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Bernardo Damele
|
6e4b65a822
|
Minor refactoring
|
2011-01-15 23:28:31 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Bernardo Damele
|
06230e4d92
|
Minor code refactoring and cosmetics
|
2011-01-11 21:46:21 +00:00 |
|
Miroslav Stampar
|
7ae5192070
|
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
|
2011-01-05 10:25:07 +00:00 |
|
Miroslav Stampar
|
edcf1a0872
|
few bug fixes
|
2010-12-24 18:40:48 +00:00 |
|
Miroslav Stampar
|
385e208f38
|
code refactoring regarding standard output suppression and some threading issues
|
2010-12-21 14:21:24 +00:00 |
|
Miroslav Stampar
|
5852bad963
|
some refactoring
|
2010-12-20 18:56:06 +00:00 |
|
Miroslav Stampar
|
36862e2efa
|
update
|
2010-12-18 15:57:47 +00:00 |
|
Miroslav Stampar
|
6a24048aa6
|
urllib2 doesn't play well with '\n' when non unescaped chars used
|
2010-12-11 21:17:54 +00:00 |
|
Miroslav Stampar
|
f021548bd0
|
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
|
2010-12-11 10:52:04 +00:00 |
|
Miroslav Stampar
|
c17f444aab
|
minor fix
|
2010-12-11 10:22:18 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|
Miroslav Stampar
|
cdff29ada7
|
update
|
2010-12-09 11:23:44 +00:00 |
|
Bernardo Damele
|
f5ce739bdf
|
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
|
2010-12-08 23:52:31 +00:00 |
|
Miroslav Stampar
|
6223f25dd9
|
code beautification
|
2010-12-08 13:04:48 +00:00 |
|
Miroslav Stampar
|
b5e45939e3
|
sqlmap premiere of blind time based query/bisection
|
2010-12-08 12:28:54 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|