| 
							
							
								 Bernardo Damele | 99a23e23cf | Extra check on --union-cols value | 2010-11-19 16:39:26 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c23126547e | Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20. | 2010-11-19 15:48:24 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ad17e9ed2a | Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) | 2010-11-19 14:56:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d97e97d884 | minor update :) | 2010-11-19 09:02:44 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 4a9bd3a240 | Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well! | 2010-11-18 17:55:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 544327379f | Little precaution | 2010-11-18 14:32:52 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f6a17cb1a8 | Revert wrong fix | 2010-11-18 10:41:06 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 17486e472a | Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! | 2010-11-17 22:00:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ca5125bbe0 | minor update related to r2401 | 2010-11-17 20:50:31 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 360aff7a4d | sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle | 2010-11-17 17:20:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a0df36beda | when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared) | 2010-11-17 15:33:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d757e4ae1c | bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs) | 2010-11-17 09:46:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2a8e270bef | proper handling of carriage return character from Windows target machines | 2010-11-16 15:11:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ab33651f96 | minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior) | 2010-11-16 15:02:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3487429eac | minor cosmetics | 2010-11-16 14:41:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cccb565859 | cosmetics | 2010-11-16 14:11:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b9d9f18939 | added General cmdline group | 2010-11-16 14:09:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e7a66371f8 | update regarding os shell-ing regarding JSP and ASPX | 2010-11-16 13:46:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6ef3846400 | update regarding error parsing (and reporting) | 2010-11-16 10:42:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ff310475c8 | some reporting update for --forms | 2010-11-15 14:17:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 20d6b9a5c1 | minor fix | 2010-11-15 12:24:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 819085155e | minor update/fix | 2010-11-15 12:07:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c25c017c08 | cosmetics regarding --forms | 2010-11-15 11:50:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 36c544f440 | update (--forms acts now more like -g switch) | 2010-11-15 11:34:57 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5f46a549ba | Cosmetics for --forms | 2010-11-14 21:59:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8d07272c82 | Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file. | 2010-11-13 23:24:41 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a777d59870 | Minor bug fix | 2010-11-12 15:17:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0a83a830d9 | Properly handle both HTTPS and HTTP requests through proxy | 2010-11-12 14:21:46 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | e1ef27f592 | work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https | 2010-11-12 12:25:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9f53048ff4 | Put a space always between the user's provided prefix and sqlmap payload | 2010-11-12 11:48:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 697b32554c | fix for a bug "ordinal not in range(128)" reported by bugtrace | 2010-11-12 11:48:25 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a34c1b287c | Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) | 2010-11-12 11:33:11 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8cec75656c | Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp) | 2010-11-12 10:31:42 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 66c82d72e4 | Typo fix | 2010-11-12 10:02:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8aefd0bbf7 | improvement of --common-tables and --common-columns | 2010-11-11 20:37:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 24238ccd0b | re-renaming of brute force switches. this way is better. | 2010-11-11 07:57:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 96d88877ba | bug fix (reported by ToR) | 2010-11-10 19:44:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 88c00e61d3 | another update | 2010-11-09 23:35:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5ebd5d935c | another name change | 2010-11-09 22:49:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 06f00cf8c1 | name change | 2010-11-09 22:48:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fef60d5cb7 | some fixes :) | 2010-11-09 22:32:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 726825ca70 | minor update | 2010-11-09 16:59:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b43334165d | update regarding brute forcing | 2010-11-09 16:53:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a7fa8d4975 | update regarding brute force retrieval of table names and table column names | 2010-11-09 16:15:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7752b5efe9 | minor update | 2010-11-09 09:51:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 221f976fbd | minor update | 2010-11-09 01:23:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 45ec8c169a | Consistency between --*-test switches/output | 2010-11-08 16:46:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fda8752dca | revert of some HTTP headers handling | 2010-11-08 13:26:45 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 78d7b17483 | More replacements for refactoring. Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters. | 2010-11-08 12:36:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eb999de0f1 | added Range handler (dealing with 206 HTTP messages) | 2010-11-08 12:26:13 +00:00 |  |