Bernardo Damele
|
c23126547e
|
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
|
2010-11-19 15:48:24 +00:00 |
|
Bernardo Damele
|
ad17e9ed2a
|
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
|
2010-11-19 14:56:20 +00:00 |
|
Miroslav Stampar
|
ff310475c8
|
some reporting update for --forms
|
2010-11-15 14:17:51 +00:00 |
|
Miroslav Stampar
|
20d6b9a5c1
|
minor fix
|
2010-11-15 12:24:32 +00:00 |
|
Miroslav Stampar
|
819085155e
|
minor update/fix
|
2010-11-15 12:07:13 +00:00 |
|
Miroslav Stampar
|
c25c017c08
|
cosmetics regarding --forms
|
2010-11-15 11:50:33 +00:00 |
|
Miroslav Stampar
|
36c544f440
|
update (--forms acts now more like -g switch)
|
2010-11-15 11:34:57 +00:00 |
|
Bernardo Damele
|
0a83a830d9
|
Properly handle both HTTPS and HTTP requests through proxy
|
2010-11-12 14:21:46 +00:00 |
|
Bernardo Damele
|
e1ef27f592
|
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
|
2010-11-12 12:25:02 +00:00 |
|
Bernardo Damele
|
45ec8c169a
|
Consistency between --*-test switches/output
|
2010-11-08 16:46:25 +00:00 |
|
Miroslav Stampar
|
fda8752dca
|
revert of some HTTP headers handling
|
2010-11-08 13:26:45 +00:00 |
|
Bernardo Damele
|
78d7b17483
|
More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
|
2010-11-08 12:36:48 +00:00 |
|
Miroslav Stampar
|
eb999de0f1
|
added Range handler (dealing with 206 HTTP messages)
|
2010-11-08 12:26:13 +00:00 |
|
Miroslav Stampar
|
a3de10e3a2
|
new option -t
|
2010-11-08 11:22:47 +00:00 |
|
Miroslav Stampar
|
d551423379
|
further enum refactoring
|
2010-11-08 09:44:32 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Bernardo Damele
|
73e85bfc75
|
Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now
|
2010-11-07 16:24:44 +00:00 |
|
Miroslav Stampar
|
afba26a53f
|
tiny winy update
|
2010-11-07 09:00:45 +00:00 |
|
Miroslav Stampar
|
2b8c942b4a
|
more update
|
2010-11-07 08:58:24 +00:00 |
|
Miroslav Stampar
|
16f52ab7ba
|
cosmetic fix
|
2010-11-07 08:13:20 +00:00 |
|
Miroslav Stampar
|
8d93bdfa4b
|
minor update (optimization) regarding -a switch
|
2010-11-07 08:11:56 +00:00 |
|
Miroslav Stampar
|
e1cec8c02b
|
fix for all that stable, dynamic mambo jambo :)
|
2010-11-04 16:44:34 +00:00 |
|
Miroslav Stampar
|
18aea251b3
|
added concept of tamper script priority
|
2010-11-04 10:29:40 +00:00 |
|
Miroslav Stampar
|
6adee3792a
|
removed all trailing spaces from blank lines
|
2010-11-03 10:08:27 +00:00 |
|
Miroslav Stampar
|
5269cb8c08
|
some code refactoring and beautification
|
2010-11-02 09:06:38 +00:00 |
|
Miroslav Stampar
|
13e93f564a
|
one bug fix in dynamic content engine and some code refactoring
|
2010-11-02 07:32:08 +00:00 |
|
Miroslav Stampar
|
73b33ed765
|
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
|
2010-11-01 20:56:13 +00:00 |
|
Bernardo Damele
|
f3cc41601c
|
Added check on --first and --last values
|
2010-10-31 14:42:13 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Bernardo Damele
|
43de8247ac
|
Code refactoring
|
2010-10-27 20:39:50 +00:00 |
|
Miroslav Stampar
|
24c5d7b313
|
code refactoring
|
2010-10-25 14:06:56 +00:00 |
|
Miroslav Stampar
|
9c94a233a1
|
conf.md5hash thrown out
|
2010-10-25 13:52:21 +00:00 |
|
Miroslav Stampar
|
9a3879feba
|
keeping things neat and tidy
|
2010-10-25 12:33:49 +00:00 |
|
Miroslav Stampar
|
71543092b7
|
update regarding comparison engine
|
2010-10-25 12:00:59 +00:00 |
|
Miroslav Stampar
|
8df7c88174
|
implementation of a new dynamic content removal engine
|
2010-10-25 10:41:37 +00:00 |
|
Miroslav Stampar
|
2194d47782
|
setting conf.threads when -o switch is used
|
2010-10-22 19:10:45 +00:00 |
|
Bernardo Damele
|
1288def3b7
|
Cosmetics
|
2010-10-22 14:23:14 +00:00 |
|
Miroslav Stampar
|
bc79eec702
|
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
|
2010-10-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
4009ef385e
|
more update regarding error based injection support
|
2010-10-19 18:17:34 +00:00 |
|
Miroslav Stampar
|
6b70dadfb2
|
minor cosmetics
|
2010-10-18 09:09:22 +00:00 |
|
Miroslav Stampar
|
149837ebf5
|
added the same for proxy authorization header
|
2010-10-18 09:02:56 +00:00 |
|
Miroslav Stampar
|
aaebb4336e
|
fix for Bug #202
|
2010-10-18 08:54:08 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
7b71262de6
|
Cosmetic fix
|
2010-10-16 22:07:29 +00:00 |
|
Bernardo Damele
|
a2997a6dce
|
Minor bug fix to --tamper
|
2010-10-16 21:55:34 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Bernardo Damele
|
2dae934a2b
|
Minor bug fixes, code refactoring and enhanced --tamper functionality
|
2010-10-16 21:33:15 +00:00 |
|
Miroslav Stampar
|
d50684a057
|
added one more check
|
2010-10-15 11:05:50 +00:00 |
|
Miroslav Stampar
|
2b476e078c
|
minor cosmetics
|
2010-10-15 10:36:29 +00:00 |
|