Bernardo Damele
|
d2f102f5a1
|
cosmetics
|
2011-04-21 20:21:37 +00:00 |
|
Bernardo Damele
|
b667c50588
|
store/resume info on xp_cmd available in session file
|
2011-04-21 14:25:04 +00:00 |
|
Miroslav Stampar
|
930872cf3b
|
fix
|
2011-04-21 14:20:09 +00:00 |
|
Bernardo Damele
|
a313df4d37
|
Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file
|
2011-04-21 14:05:37 +00:00 |
|
Bernardo Damele
|
fbe5ba5394
|
cosmetics
|
2011-04-21 10:54:12 +00:00 |
|
Miroslav Stampar
|
e1a8d268d8
|
fix for UPX linux/macos
|
2011-04-21 10:52:34 +00:00 |
|
Bernardo Damele
|
8d8fc2bbd8
|
cosmetics
|
2011-04-21 10:17:41 +00:00 |
|
Bernardo Damele
|
11ecd16099
|
cosmetics
|
2011-04-21 10:08:38 +00:00 |
|
Miroslav Stampar
|
9ccf720c05
|
removing funny remark
|
2011-04-21 10:06:13 +00:00 |
|
Bernardo Damele
|
a91e6a8440
|
layout
|
2011-04-21 10:03:18 +00:00 |
|
Miroslav Stampar
|
cbfe743bad
|
added a comment
|
2011-04-21 10:01:58 +00:00 |
|
Miroslav Stampar
|
c84c4d835f
|
minor update
|
2011-04-21 09:31:35 +00:00 |
|
Miroslav Stampar
|
e4d3190f41
|
reverting back to NVARCHAR because of error technique
|
2011-04-20 12:59:23 +00:00 |
|
Miroslav Stampar
|
3607f03a9e
|
fix of a minor typo
|
2011-04-20 12:42:35 +00:00 |
|
Miroslav Stampar
|
1286cc0913
|
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
|
2011-04-20 12:41:58 +00:00 |
|
Miroslav Stampar
|
7993f3f12d
|
way better for storing bulk of data (like BLOB on mysql)
|
2011-04-20 11:44:52 +00:00 |
|
Miroslav Stampar
|
04653684cd
|
revert
|
2011-04-20 10:34:34 +00:00 |
|
Miroslav Stampar
|
4fadcf0615
|
improvement for UNION/ERROR case
|
2011-04-20 10:17:42 +00:00 |
|
Miroslav Stampar
|
1c1c20fb64
|
minor update
|
2011-04-20 09:34:00 +00:00 |
|
Miroslav Stampar
|
4b6c524d4c
|
one more minor update regarding last commit
|
2011-04-20 09:26:03 +00:00 |
|
Miroslav Stampar
|
44926757da
|
minor update
|
2011-04-20 09:23:08 +00:00 |
|
Miroslav Stampar
|
52c98afe93
|
minor fix
|
2011-04-20 08:38:46 +00:00 |
|
Miroslav Stampar
|
24435a2c20
|
implemented "break a tie" request by Andres Riancho
|
2011-04-20 08:35:47 +00:00 |
|
Miroslav Stampar
|
df0331fe9b
|
some more refactoring
|
2011-04-19 23:04:10 +00:00 |
|
Miroslav Stampar
|
3b133303bf
|
refactoring
|
2011-04-19 22:54:13 +00:00 |
|
Miroslav Stampar
|
de2479b864
|
dealing with http://bugs.python.org/issue1602
|
2011-04-19 22:33:03 +00:00 |
|
Miroslav Stampar
|
9a9838f1e6
|
cleaning a mess with UPX and virus scanners
|
2011-04-19 21:57:04 +00:00 |
|
Miroslav Stampar
|
44bbef42f8
|
minor cosmetics
|
2011-04-19 20:23:08 +00:00 |
|
Miroslav Stampar
|
b7efa255d6
|
minor update of usage string
|
2011-04-19 20:14:56 +00:00 |
|
Miroslav Stampar
|
fc90974940
|
revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)
|
2011-04-19 14:50:09 +00:00 |
|
Miroslav Stampar
|
7abbd0c029
|
removing a leftover
|
2011-04-19 14:29:51 +00:00 |
|
Miroslav Stampar
|
96b5fede5a
|
automatic increasing of time delay on lagging connections
|
2011-04-19 14:28:51 +00:00 |
|
Miroslav Stampar
|
13f8c001a7
|
minor update
|
2011-04-19 11:13:53 +00:00 |
|
Miroslav Stampar
|
7a06af9a92
|
added "lagging" critical message
|
2011-04-19 10:37:20 +00:00 |
|
Miroslav Stampar
|
9b0db33cc5
|
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
|
2011-04-19 08:55:38 +00:00 |
|
Miroslav Stampar
|
a7c26366b4
|
doing that auto default value for --time-sec only for --tor
|
2011-04-19 08:43:29 +00:00 |
|
Miroslav Stampar
|
4d48ac54dc
|
automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)
|
2011-04-19 08:34:21 +00:00 |
|
Miroslav Stampar
|
b79d4f70f3
|
cleaner solution for the problem solved with last commit
|
2011-04-18 14:51:48 +00:00 |
|
Miroslav Stampar
|
f5cff067c6
|
little hack for --time-sec
|
2011-04-18 14:46:18 +00:00 |
|
Miroslav Stampar
|
6463cad8c5
|
minor update for SOAP payloads
|
2011-04-18 14:29:52 +00:00 |
|
Miroslav Stampar
|
da9ec67869
|
removing leftover
|
2011-04-18 13:43:22 +00:00 |
|
Miroslav Stampar
|
354a2ce249
|
'chardet' heuristic engine added to the project
|
2011-04-18 13:38:46 +00:00 |
|
Miroslav Stampar
|
b5aef9bcf9
|
fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')
|
2011-04-18 10:16:38 +00:00 |
|
Miroslav Stampar
|
6fab44d635
|
minor refactoring and improving of used regex
|
2011-04-17 22:37:00 +00:00 |
|
Miroslav Stampar
|
76d1f09b0a
|
minor cosmetics
|
2011-04-17 22:25:25 +00:00 |
|
Miroslav Stampar
|
9aae447553
|
minor update for matching SOAP messages
|
2011-04-17 22:21:32 +00:00 |
|
Miroslav Stampar
|
4fa00121e4
|
that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one
|
2011-04-17 21:58:34 +00:00 |
|
Miroslav Stampar
|
a7366bf710
|
SOAP refactoring
|
2011-04-17 21:39:00 +00:00 |
|
Miroslav Stampar
|
c7ff5dcbeb
|
minor update
|
2011-04-17 08:48:13 +00:00 |
|
Miroslav Stampar
|
ee88ccf0ac
|
well, this could be important :)
|
2011-04-17 08:33:46 +00:00 |
|
Miroslav Stampar
|
29ee760021
|
improving time based data retrieval mechanism
|
2011-04-17 07:24:18 +00:00 |
|
Miroslav Stampar
|
5e70eac98c
|
fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes
|
2011-04-16 06:44:29 +00:00 |
|
Miroslav Stampar
|
88c76147e1
|
removed few trailing whitespace lines
|
2011-04-15 20:52:08 +00:00 |
|
Miroslav Stampar
|
3b6f9945ae
|
minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)
|
2011-04-15 14:15:29 +00:00 |
|
Miroslav Stampar
|
c461fdca54
|
some refactoring
|
2011-04-15 13:51:06 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
4d8a49a87c
|
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
|
2011-04-15 11:53:20 +00:00 |
|
Miroslav Stampar
|
467d1a50b3
|
removed debug message that could cause confusion
|
2011-04-15 11:28:01 +00:00 |
|
Miroslav Stampar
|
8c6f7c7d5f
|
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
|
2011-04-15 08:52:53 +00:00 |
|
Miroslav Stampar
|
3efd9e3959
|
improved htmlunescape (great for localized html escape codes)
|
2011-04-14 21:36:13 +00:00 |
|
Miroslav Stampar
|
ded28442fb
|
minor fixes and refactoring regarding safecharencoding
|
2011-04-14 15:54:00 +00:00 |
|
Miroslav Stampar
|
866cdb4cf7
|
speed of --replicate is now vastly improved
|
2011-04-14 14:34:12 +00:00 |
|
Miroslav Stampar
|
eafab03d99
|
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
|
2011-04-14 13:53:56 +00:00 |
|
Miroslav Stampar
|
30bfefd638
|
minor fix
|
2011-04-14 12:58:03 +00:00 |
|
Bernardo Damele
|
5cf38cd0d7
|
More cookies to ignore
|
2011-04-14 12:46:14 +00:00 |
|
Miroslav Stampar
|
8426d48e2e
|
minor refactoring
|
2011-04-14 10:14:46 +00:00 |
|
Miroslav Stampar
|
930262f573
|
minor update related to the last commit
|
2011-04-14 10:12:07 +00:00 |
|
Miroslav Stampar
|
1c5427baf8
|
minor fix
|
2011-04-14 09:54:29 +00:00 |
|
Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
04986be4b9
|
update regarding safe character output together with a small fix for newlines
|
2011-04-14 09:31:45 +00:00 |
|
Miroslav Stampar
|
5dfb55effc
|
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
|
2011-04-14 06:46:32 +00:00 |
|
Miroslav Stampar
|
786f305e1a
|
minor update
|
2011-04-14 06:43:08 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
58a93c5b1f
|
better beep for MacOSX
|
2011-04-13 18:32:47 +00:00 |
|
Miroslav Stampar
|
bf55b0b77a
|
more restrictions on crypt(3) hash recognition to prevent false positives
|
2011-04-13 14:40:23 +00:00 |
|
Miroslav Stampar
|
d06ae9cd47
|
implemented retrieved items info for partial union too
|
2011-04-13 14:33:15 +00:00 |
|
Miroslav Stampar
|
f5f2201bbc
|
minor cosmetics for partial inband retrieval
|
2011-04-13 11:25:42 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
5346ecbb56
|
fix for a "accept certificate first time for svn"
|
2011-04-12 14:25:17 +00:00 |
|
Miroslav Stampar
|
a883ce26b5
|
fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')
|
2011-04-12 13:25:28 +00:00 |
|
Miroslav Stampar
|
0ae74f27e4
|
avoiding annoying "payload 'None' possibly..." in case where payload is not specified
|
2011-04-11 15:24:52 +00:00 |
|
Miroslav Stampar
|
941daa1645
|
just in case to prevent "object of type 'NoneType' has no len()" error reports
|
2011-04-11 11:59:02 +00:00 |
|
Miroslav Stampar
|
2db2e9b6a2
|
now GET forms are also prone to "do you want to fill with random values"
|
2011-04-11 11:38:41 +00:00 |
|
Miroslav Stampar
|
08d14886fd
|
added new dev version string
|
2011-04-11 09:44:44 +00:00 |
|
Bernardo Damele
|
07d6b18c4e
|
cutting for 0.9 stable
|
2011-04-11 00:24:51 +00:00 |
|
Miroslav Stampar
|
8597409d9e
|
lowering the value
|
2011-04-10 22:57:17 +00:00 |
|
Bernardo Damele
|
14219a3dac
|
Minor bug fix
|
2011-04-10 22:44:08 +00:00 |
|
Miroslav Stampar
|
6012ab1c46
|
better one for previous commit
|
2011-04-10 21:52:08 +00:00 |
|
Miroslav Stampar
|
e6c50df4f9
|
preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)
|
2011-04-10 21:38:08 +00:00 |
|
Miroslav Stampar
|
940c225d7c
|
few fixes
|
2011-04-10 20:53:27 +00:00 |
|
Bernardo Damele
|
d324704844
|
Removed unused code
|
2011-04-10 20:39:15 +00:00 |
|
Miroslav Stampar
|
decab6642d
|
fix for that @chunk bug
|
2011-04-10 16:46:33 +00:00 |
|
Miroslav Stampar
|
723a7447b2
|
minor refactoring
|
2011-04-10 07:16:19 +00:00 |
|
Miroslav Stampar
|
c714ac6421
|
added support for handling binary data values (no more garbish chars)
|
2011-04-09 23:13:16 +00:00 |
|
Miroslav Stampar
|
4ad73f9263
|
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
|
2011-04-09 22:39:03 +00:00 |
|
Miroslav Stampar
|
277f16d6b3
|
removing commented out debug print
|
2011-04-08 22:44:05 +00:00 |
|
Miroslav Stampar
|
c4c40308c6
|
no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)
|
2011-04-08 22:42:07 +00:00 |
|
Miroslav Stampar
|
83feb097ef
|
greater flexibility for --batch when default is None
|
2011-04-08 22:29:50 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Bernardo Damele
|
beb98140b3
|
Minor improvement to --check-payload
|
2011-04-08 14:34:00 +00:00 |
|
Miroslav Stampar
|
228cc68747
|
fix for those ugly DEBUG messages in brute mode
|
2011-04-08 11:02:21 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Miroslav Stampar
|
be11e2535e
|
one more minor update
|
2011-04-08 00:05:44 +00:00 |
|
Miroslav Stampar
|
3435d549a9
|
minor update regarding the last commit
|
2011-04-07 23:35:51 +00:00 |
|
Miroslav Stampar
|
726155383d
|
higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])
|
2011-04-07 23:32:07 +00:00 |
|
Miroslav Stampar
|
b288e5ef57
|
implemented DNS caching mechanism
|
2011-04-07 21:39:18 +00:00 |
|
Miroslav Stampar
|
ae4ea0af45
|
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
|
2011-04-07 13:57:07 +00:00 |
|
Miroslav Stampar
|
6a8a5db9aa
|
minor code restyling
|
2011-04-07 13:27:29 +00:00 |
|
Miroslav Stampar
|
e33a48d40f
|
minor refactoring
|
2011-04-07 12:54:30 +00:00 |
|
Bernardo Damele
|
c6b9d89d31
|
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
|
2011-04-07 11:10:35 +00:00 |
|
Bernardo Damele
|
9e8c933333
|
cosmetics
|
2011-04-07 10:40:58 +00:00 |
|
Miroslav Stampar
|
68828d68a5
|
removed integers from --technique
|
2011-04-07 10:37:48 +00:00 |
|
Miroslav Stampar
|
fced81b6be
|
minor update
|
2011-04-07 10:32:39 +00:00 |
|
Miroslav Stampar
|
845533e92f
|
minor refactoring
|
2011-04-07 10:27:22 +00:00 |
|
Bernardo Damele
|
1880f18367
|
Minor layout adjustments
|
2011-04-07 10:07:52 +00:00 |
|
Bernardo Damele
|
17844eb87c
|
Refactoring to --technique
|
2011-04-07 10:00:47 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Bernardo Damele
|
8b14a9eaa7
|
Minor code adjustments
|
2011-04-06 14:40:45 +00:00 |
|
Miroslav Stampar
|
a379463213
|
cosmeticado
|
2011-04-06 08:40:06 +00:00 |
|
Miroslav Stampar
|
b327bbcd9b
|
minor fix (it was quite ... to have this check at the later stage)
|
2011-04-06 08:39:24 +00:00 |
|
Miroslav Stampar
|
fdef6726cf
|
minor update
|
2011-04-06 08:30:50 +00:00 |
|
Bernardo Damele
|
d436ba2da5
|
Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value
|
2011-04-06 08:19:56 +00:00 |
|
Bernardo Damele
|
81034140c0
|
Reduced number of threads to 3 when -o is provided
|
2011-04-06 08:15:20 +00:00 |
|
Miroslav Stampar
|
265fa52600
|
minor code cosmetics
|
2011-04-04 18:24:16 +00:00 |
|
Miroslav Stampar
|
018b6b9430
|
fix for a charset encoding reported by Kirill
|
2011-04-04 18:20:09 +00:00 |
|
Miroslav Stampar
|
2c01fc56e6
|
minor update regarding misusage of --proxy and --ignore-proxy switches
|
2011-04-04 09:19:43 +00:00 |
|
Miroslav Stampar
|
e957c4400c
|
minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)
|
2011-04-04 08:04:47 +00:00 |
|
Miroslav Stampar
|
305115a68b
|
important improvement of data handling (POST data and header values)
|
2011-04-03 15:02:52 +00:00 |
|
Miroslav Stampar
|
bbd4c128b0
|
minor update related to the last commit
|
2011-04-01 22:19:42 +00:00 |
|
Miroslav Stampar
|
cd7e4f5afc
|
improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)
|
2011-04-01 22:12:24 +00:00 |
|
Bernardo Damele
|
c3b54cc222
|
Cosmetics
|
2011-04-01 16:40:28 +00:00 |
|
Miroslav Stampar
|
e27afef6be
|
minor update regarding --current-db on Oracle
|
2011-04-01 15:56:11 +00:00 |
|
Bernardo Damele
|
eb99f68a7a
|
Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)
|
2011-04-01 14:55:39 +00:00 |
|
Miroslav Stampar
|
de4e0c7346
|
minor update related to the problem with request files reported by jorge_a_santos@hotmail.com
|
2011-04-01 12:09:11 +00:00 |
|
Miroslav Stampar
|
ee15988878
|
another minor update related to previous commit
|
2011-03-31 17:34:07 +00:00 |
|
Miroslav Stampar
|
156d24203f
|
speed optimization
|
2011-03-31 17:16:26 +00:00 |
|
Miroslav Stampar
|
220366b6e8
|
minor update (ip addresses will not be confused any more for crypt_generic hashes)
|
2011-03-31 16:56:26 +00:00 |
|
Miroslav Stampar
|
557ed7d665
|
minor fix for a invalid charset reported by Kirill
|
2011-03-31 14:39:01 +00:00 |
|
Bernardo Damele
|
fed57282fc
|
Added one more warning message to show what's going on with ctrl+c
|
2011-03-31 14:26:14 +00:00 |
|
Bernardo Damele
|
3948cd9e77
|
Minor layout adjustments
|
2011-03-31 14:13:53 +00:00 |
|
Miroslav Stampar
|
c5de903eab
|
minor improvement ("quick defense against substr fields")
|
2011-03-31 09:35:09 +00:00 |
|
Miroslav Stampar
|
ce51326bff
|
quick fix
|
2011-03-31 08:43:17 +00:00 |
|
Miroslav Stampar
|
0916117447
|
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
|
2011-03-30 18:32:10 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
850328df6c
|
minor cosmetics
|
2011-03-29 22:03:48 +00:00 |
|
Miroslav Stampar
|
b6af80bab3
|
refactoring, cleanup and improvement
|
2011-03-29 21:54:15 +00:00 |
|
Miroslav Stampar
|
adfbfef8c1
|
minor refactoring
|
2011-03-29 21:01:47 +00:00 |
|
Miroslav Stampar
|
12f3024c8a
|
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
|
2011-03-29 20:45:21 +00:00 |
|
Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d0861a00e2
|
minor improvement
|
2011-03-29 15:37:57 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
7cf4ba83dc
|
minor refactoring and comment update
|
2011-03-29 12:08:07 +00:00 |
|
Miroslav Stampar
|
1821a008af
|
Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once
|
2011-03-29 12:00:29 +00:00 |
|
Miroslav Stampar
|
5560196648
|
minor fix
|
2011-03-29 11:50:12 +00:00 |
|
Miroslav Stampar
|
e20d460809
|
Bernardo will kill me (added --wizard for total beginners)
|
2011-03-29 11:42:55 +00:00 |
|
Miroslav Stampar
|
4d78eac938
|
revert of that thingy as requested by Bernardo
|
2011-03-29 10:06:35 +00:00 |
|
Miroslav Stampar
|
a9f5d828c6
|
minor fix avoiding problems with hashing strange characters in usernames
|
2011-03-29 07:50:07 +00:00 |
|
Miroslav Stampar
|
e8debbe724
|
minor cosmetics and one minor fix (|= is a nono with None)
|
2011-03-29 06:38:19 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
a2d5358b08
|
minor fix
|
2011-03-28 23:40:46 +00:00 |
|
Miroslav Stampar
|
9e900ccbac
|
minor comment update
|
2011-03-28 23:12:04 +00:00 |
|
Miroslav Stampar
|
a61e287d23
|
making updates for dummy Windows users
|
2011-03-28 23:09:19 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
1823c116bb
|
minor update for special cases of union testing results
|
2011-03-28 21:45:38 +00:00 |
|
Miroslav Stampar
|
ae53ad4c30
|
making an update for special case of timed out response
|
2011-03-28 21:05:04 +00:00 |
|
Miroslav Stampar
|
1e22ff45de
|
minor update regarding testing of GET parameters if --data and/or --forms is used
|
2011-03-28 16:14:08 +00:00 |
|
Miroslav Stampar
|
625f124263
|
little info message
|
2011-03-28 12:13:17 +00:00 |
|
Miroslav Stampar
|
47924fb92e
|
fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')
|
2011-03-27 13:41:54 +00:00 |
|
Miroslav Stampar
|
76b7e3517d
|
minor update
|
2011-03-27 07:58:15 +00:00 |
|
Miroslav Stampar
|
dba32306b0
|
minor update
|
2011-03-26 22:03:46 +00:00 |
|
Miroslav Stampar
|
d8f7c4bc4c
|
minor update regarding support for crypt(3)
|
2011-03-26 21:41:37 +00:00 |
|
Miroslav Stampar
|
4f00b9fa4b
|
minor fix
|
2011-03-26 21:10:31 +00:00 |
|
Miroslav Stampar
|
afe2be6a9f
|
implementation of Standard DES hashing (crypt)
|
2011-03-26 20:46:25 +00:00 |
|
Miroslav Stampar
|
1119a85f39
|
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
|
2011-03-25 21:31:26 +00:00 |
|
Miroslav Stampar
|
6c6133e8aa
|
revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)
|
2011-03-25 20:46:37 +00:00 |
|
Miroslav Stampar
|
737b4abf13
|
this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)
|
2011-03-25 20:30:15 +00:00 |
|
Miroslav Stampar
|
422967fbcd
|
just an minor update related to the last commit
|
2011-03-25 12:21:53 +00:00 |
|
Miroslav Stampar
|
c5b6d377fb
|
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
|
2011-03-25 12:14:19 +00:00 |
|
Miroslav Stampar
|
af5342c495
|
fix for partial inband queries on MSSQL
|
2011-03-25 11:19:15 +00:00 |
|
Miroslav Stampar
|
e80c9e08d8
|
minor update regarding --live-test
|
2011-03-25 09:03:08 +00:00 |
|
Miroslav Stampar
|
ea52d7acad
|
minor revisit of inference
|
2011-03-24 20:10:40 +00:00 |
|
Miroslav Stampar
|
1f1c4c0e61
|
better update related to the last commit
|
2011-03-24 20:04:20 +00:00 |
|
Miroslav Stampar
|
c0cc5d1dad
|
minor update
|
2011-03-24 17:18:03 +00:00 |
|
Miroslav Stampar
|
f3858a5fcf
|
another fix related to the bug reported by Alone Shell
|
2011-03-24 17:08:14 +00:00 |
|
Miroslav Stampar
|
e42cdfd138
|
adding possibility to run only one live test (e.g. --run-case=8)
|
2011-03-24 12:07:47 +00:00 |
|
Miroslav Stampar
|
2b15ad57c2
|
basic live tests against 3 major DBMSes
|
2011-03-24 11:47:01 +00:00 |
|
Miroslav Stampar
|
ecbbfeba6e
|
introduction of --fresh-queries
|
2011-03-24 10:08:47 +00:00 |
|
Miroslav Stampar
|
762397854e
|
fix for a bug reported by Kirill (unknown charset '8859-1')
|
2011-03-24 09:27:19 +00:00 |
|
Miroslav Stampar
|
d79fae724c
|
minor refactoring
|
2011-03-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
0bb08d09d2
|
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
|
2011-03-24 08:43:40 +00:00 |
|
Miroslav Stampar
|
bd75fd26e9
|
implementing a --page-rank switch as requested by l0rda@l0rda.biz
|
2011-03-23 11:57:57 +00:00 |
|
Miroslav Stampar
|
0f7bce5c66
|
fixing a huge mess going on because of counting on error and union techniques
|
2011-03-23 11:36:40 +00:00 |
|
Miroslav Stampar
|
5a1aaecf16
|
minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')
|
2011-03-22 13:07:37 +00:00 |
|
Miroslav Stampar
|
7613134515
|
it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)
|
2011-03-22 12:37:05 +00:00 |
|
Miroslav Stampar
|
9479a68eb5
|
minor fix regarding last commit
|
2011-03-22 12:21:56 +00:00 |
|
Miroslav Stampar
|
c24ed6e622
|
minor fix related to a bug reported by warninggp@gmail.com
|
2011-03-22 09:22:48 +00:00 |
|
Miroslav Stampar
|
cbfb10cbd1
|
fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)
|
2011-03-21 16:43:46 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
1abcd507b8
|
hidding --group-concat switch
|
2011-03-21 12:13:21 +00:00 |
|
Bernardo Damele
|
19e2ed9803
|
Layout fix
|
2011-03-21 00:40:25 +00:00 |
|
Miroslav Stampar
|
3ca5cddca7
|
massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)
|
2011-03-20 23:54:56 +00:00 |
|
Miroslav Stampar
|
9b1f2d82d0
|
minor update (that .strip() was a leftover)
|
2011-03-20 23:20:47 +00:00 |
|
Miroslav Stampar
|
db992a0a86
|
mssql likes to htmlescape error reports
|
2011-03-20 23:16:34 +00:00 |
|
Miroslav Stampar
|
088c815567
|
minor update (exposing --tor switch)
|
2011-03-19 18:28:51 +00:00 |
|
Miroslav Stampar
|
2cc91b8470
|
minor fix
|
2011-03-19 17:44:34 +00:00 |
|
Miroslav Stampar
|
7c2b3afafb
|
minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)
|
2011-03-19 17:37:26 +00:00 |
|
Miroslav Stampar
|
139448eeb9
|
little stabilization regarding POST url(de/en)coding
|
2011-03-19 16:53:14 +00:00 |
|
Miroslav Stampar
|
0fcd999e51
|
fix for a bug reported by malice
|
2011-03-18 16:52:46 +00:00 |
|
Miroslav Stampar
|
58e9a074d3
|
masking some more command line arguments
|
2011-03-18 16:47:18 +00:00 |
|
Miroslav Stampar
|
36233fac42
|
update regarding a feature request from andyroyalbattle@yahoo.it
|
2011-03-18 16:35:30 +00:00 |
|
Miroslav Stampar
|
00b9d85ffc
|
fix regarding bug report from andyroyalbattle@yahoo.it
|
2011-03-18 16:26:39 +00:00 |
|
Miroslav Stampar
|
4e300baaf2
|
minor cosmetics
|
2011-03-18 14:09:18 +00:00 |
|
Miroslav Stampar
|
3628887110
|
los cosmeticados
|
2011-03-18 14:08:36 +00:00 |
|
Miroslav Stampar
|
75c0e09f43
|
little refactoring
|
2011-03-18 13:46:51 +00:00 |
|
Miroslav Stampar
|
c301b245a9
|
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
|
2011-03-18 13:39:51 +00:00 |
|
Miroslav Stampar
|
b53c9a2599
|
minor fix and some refactoring
|
2011-03-18 00:24:02 +00:00 |
|
Bernardo Damele
|
9526f0c4c2
|
Minor layout adjustments
|
2011-03-17 12:35:40 +00:00 |
|
Bernardo Damele
|
03fac62592
|
Minor code restyle
|
2011-03-17 12:34:29 +00:00 |
|
Miroslav Stampar
|
cbdd9e921e
|
minor cosmetics
|
2011-03-17 12:23:56 +00:00 |
|
Miroslav Stampar
|
6607a240cf
|
added logging to redirecthandler
|
2011-03-17 12:21:27 +00:00 |
|
Miroslav Stampar
|
9a513198dd
|
minor fix regarding last couple of commits
|
2011-03-17 11:25:37 +00:00 |
|
Miroslav Stampar
|
970cde5a8a
|
minor update regarding last commit
|
2011-03-17 09:23:46 +00:00 |
|
Miroslav Stampar
|
beba69faa9
|
implementation of request from Santiago (look for error based responses in redirects)
|
2011-03-17 09:12:28 +00:00 |
|
Miroslav Stampar
|
847ce863e3
|
refactoring
|
2011-03-17 08:54:20 +00:00 |
|
Miroslav Stampar
|
fbd0cfda29
|
minor update toward the implementation of request from Santiago
|
2011-03-17 06:39:05 +00:00 |
|
Bernardo Damele
|
f00aff5303
|
-v 0 shows both error, critical and raw_input messages
|
2011-03-11 22:02:38 +00:00 |
|
Bernardo Damele
|
d7d47b6257
|
Minor bug fix (revert)
|
2011-03-11 21:56:45 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
2fd3f0d7b2
|
minor update (added comment)
|
2011-03-11 20:07:52 +00:00 |
|
Miroslav Stampar
|
6cc745f789
|
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
|
2011-03-11 20:04:15 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Bernardo Damele
|
d8a76ebe34
|
Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs
|
2011-03-11 16:03:19 +00:00 |
|
Bernardo Damele
|
3cb0ca4b63
|
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
|
2011-03-11 15:24:25 +00:00 |
|
Bernardo Damele
|
5af7410cb1
|
Another bug fix for --privileges on PgSQL with UNION query technique
|
2011-03-11 15:13:09 +00:00 |
|
Bernardo Damele
|
74ef1e53c7
|
Minor bug fixes to --privileges for PostgreSQL query (corner case)
|
2011-03-11 14:54:41 +00:00 |
|
Miroslav Stampar
|
1879a49506
|
fix for a bug reported by andreoaz@gmail.com
|
2011-03-10 20:40:12 +00:00 |
|
Miroslav Stampar
|
eb1cda7065
|
minor refactoring (more consistent)
|
2011-03-09 12:06:32 +00:00 |
|
Miroslav Stampar
|
62e3510387
|
minor refactoring
|
2011-03-09 11:37:37 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
9b2962ff1c
|
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
|
2011-03-09 08:56:29 +00:00 |
|
Miroslav Stampar
|
30619c599b
|
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
|
2011-03-08 11:53:59 +00:00 |
|
Miroslav Stampar
|
99adbbeaa3
|
los cosmeticados
|
2011-03-07 22:04:17 +00:00 |
|
Miroslav Stampar
|
cc0306044c
|
adding SVN revision number support for non SVN client platforms
|
2011-03-07 21:54:30 +00:00 |
|
Miroslav Stampar
|
154d947c62
|
minor update
|
2011-03-07 10:15:41 +00:00 |
|
Miroslav Stampar
|
16b286982d
|
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
|
2011-03-07 09:50:43 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
bc50387a17
|
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
|
2011-03-03 09:42:50 +00:00 |
|
Miroslav Stampar
|
3a1f5744be
|
minor update to make counting variable totally independent of the urllib2's self.retried
|
2011-03-02 10:42:17 +00:00 |
|
Miroslav Stampar
|
a010386a23
|
finally a proper fix for that annoying recursive bug
|
2011-03-02 10:29:38 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|