Commit Graph

4368 Commits

Author SHA1 Message Date
stamparm
7111cdabe3 Minor cosmetics 2013-03-18 11:41:15 +01:00
Miroslav Stampar
5df1f5528e More general update for an Issue #421 2013-03-15 22:49:09 +01:00
Miroslav Stampar
f0a419bdec Patch for an Issue #421 2013-03-15 22:08:15 +01:00
Miroslav Stampar
596cf95040 Minor fix 2013-03-15 17:22:33 +01:00
Miroslav Stampar
ff4e62ff90 Minor cosmetics 2013-03-15 17:00:01 +01:00
Miroslav Stampar
4010df307e Trivial cosmetics 2013-03-15 16:37:52 +01:00
Miroslav Stampar
4cb378ce3e Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
Miroslav Stampar
b35122a42c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-03-13 19:52:17 +01:00
Miroslav Stampar
eb08c8d752 Another update for an Issue #352 2013-03-13 19:42:22 +01:00
Bernardo Damele
dea62189b2 fixes #420 2013-03-12 22:16:42 +00:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
65306f1ac1 Update for an Issue #352 2013-03-12 20:10:32 +01:00
Miroslav Stampar
db0a1e58b9 Update for an Issue #352 2013-03-11 14:58:05 +01:00
Miroslav Stampar
d6fc10092f Minor refactoring 2013-03-11 13:31:50 +01:00
Miroslav Stampar
84a5bdb9cf Trivial cosmetics 2013-03-09 19:41:24 +01:00
Miroslav Stampar
79d6a0e9c9 Using binary data in dummy mode 2013-03-09 19:40:24 +01:00
Miroslav Stampar
1e731f87a4 Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request) 2013-03-09 19:33:04 +01:00
Miroslav Stampar
8e6692d793 Minor fix (for JSON values with :) 2013-03-05 20:12:24 +01:00
Miroslav Stampar
e9b86350f1 Patch for an Issue #403 2013-03-05 18:32:31 +01:00
Miroslav Stampar
62980d7d5a Automatically decoding url encoded data in response 2013-03-05 17:32:10 +01:00
Miroslav Stampar
9e49d8c68f Adding support for SHA2 hash functions 2013-03-05 11:04:46 +01:00
Miroslav Stampar
2ada9e9b84 Patch for an Issue Issue #416 2013-03-04 18:05:40 +01:00
Miroslav Stampar
084cfc797a Fix for an Issue #415 2013-03-02 09:55:12 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad Fixed incorrect call to checkBooleanExpression when testing for false positives 2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1 Trivial commit related to the last one 2013-03-01 12:09:03 +01:00
stamparm
55f33da85a Fix for invalid logical test cases 2013-03-01 12:04:49 +01:00
stamparm
440b484bf6 Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries) 2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce Minor style update 2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
be50192d8d Refactoring WAF scripts 2013-02-26 15:54:50 +01:00
stamparm
e5835dc74f Update for WAF scripts 2013-02-26 15:30:11 +01:00
stamparm
17fa0f568c Minor patch for an Issue #404 2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6 Minor update 2013-02-26 12:55:09 +01:00
stamparm
af4762ace2 Minor style update 2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13 Minor update for an Issue #290 2013-02-26 11:08:06 +01:00
stamparm
e5e39bc682 Fix for an Issue #410 2013-02-25 11:07:30 +01:00
stamparm
6fbd902265 Minor refactoring (Issue #411) 2013-02-25 10:44:04 +01:00
stamparm
7127869ede Minor bug fix (live test specific verbosity should be valid only inside of it) 2013-02-22 17:26:48 +01:00
stamparm
68ce51bfd4 Changing from warn to info for no WAF found 2013-02-22 12:15:38 +01:00
stamparm
ad471368f5 Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a 2013-02-22 11:42:09 +01:00
stamparm
0bbbfc2eac Adding a small warning message (related to the Issue #407) 2013-02-22 11:12:41 +01:00
stamparm
42cbd94fa4 Better update regarding 6acb2480b8 2013-02-22 10:49:45 +01:00
stamparm
44a46d2b10 Fix for an Issue #409 2013-02-22 10:18:22 +01:00
Miroslav Stampar
6acb2480b8 Adding WAF script for SecureIIS 2013-02-21 21:34:26 +01:00
Miroslav Stampar
229e4e167b Minor cosmetics 2013-02-21 21:06:31 +01:00
stamparm
3a8c0cd3a2 Minor style update 2013-02-21 14:52:56 +01:00
stamparm
29ba43ee6c Unhidding switch '--identify-waf' (Issue #290) 2013-02-21 14:48:19 +01:00
stamparm
08f0670aca Minor refactoring for an Issue #290 2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c Finalizing implementation for an Issue #290 2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
stamparm
69063947b6 Debug message should go with logging.DEBUG 2013-02-19 09:46:51 +01:00
Bernardo Damele
d7247a51ee do not prompt constantly if the page is not found 2013-02-18 18:08:20 +00:00
Miroslav Stampar
7f293afe74 Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b) 2013-02-18 15:18:53 +01:00
Miroslav Stampar
5c099efccc Fix for an Issue #401 2013-02-18 11:38:18 +01:00
Miroslav Stampar
9b5f33560b Oracle is too specific (only column names can be enclosed) - removing it 2013-02-15 17:36:58 +01:00
Miroslav Stampar
bf82506c1b Oracle can't enclose table names with double quotations 2013-02-15 17:36:58 +01:00
Miroslav Stampar
1b3d749488 Proper fix related to the last commit/revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
5a793cbc7c Minor revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
799bd51c2e Minor fix when two readInput/dataToStdout are called one at a time 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Bernardo Damele
0e7f771be6 minor adjustment 2013-02-15 16:28:09 +00:00
Bernardo Damele
35aa785870 bug fix to make --predict-output work also with time-based technique 2013-02-15 16:25:33 +00:00
Miroslav Stampar
014e4e0055 Minor represenation fix 2013-02-15 14:48:24 +01:00
Bernardo Damele
63ddeb9008 unnecessary variable 2013-02-15 13:26:28 +00:00
Miroslav Stampar
345d10a9e0 Consistency fix (everywhere else we show unsafe format of identificator names) 2013-02-15 14:05:14 +01:00
Bernardo Damele
b472d9809a another consistency fix to readInput() 2013-02-15 09:35:09 +00:00
Bernardo Damele
32c8c67888 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-15 09:29:41 +00:00
Bernardo Damele
20c5f9a030 consistency fix 2013-02-15 09:29:36 +00:00
Miroslav Stampar
11bcf28d86 Fix for an Issue #399 2013-02-15 10:04:13 +01:00
Bernardo Damele
87db5d0dab minor bug fix to avoid duplicates - #297 2013-02-15 00:53:05 +00:00
Bernardo Damele
c3f1e196e1 added missing parameter 2013-02-15 00:43:46 +00:00
Bernardo Damele
4727589135 code consistency 2013-02-15 00:17:13 +00:00
Miroslav Stampar
515be4ee0b Minor just in case commit related to the last one 2013-02-14 19:58:10 +01:00
Miroslav Stampar
fef60b73f4 Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases 2013-02-14 19:53:26 +01:00
Bernardo Damele
0c79d7b1e2 unnecessary import 2013-02-14 18:33:47 +00:00
Bernardo Damele
614ff6029d working on #396 - handle the case when we dont have a web backdoor/file stager for the language API, added a few more log messages to give further information about what is going on, minor bug fix to docRoot 2013-02-14 18:31:14 +00:00
Bernardo Damele
3b38b20176 working on #396 - adaptation for the verification phase 2013-02-14 18:29:55 +00:00
Bernardo Damele
261db6ed4f working on #396 - verify shellcodeexec executable has been properly uploaded 2013-02-14 18:29:35 +00:00
Bernardo Damele
4d5ecc3b03 working on #396 - verify icmpsh executable has been properly uploaded 2013-02-14 18:28:48 +00:00
Bernardo Damele
66cee83ca4 if needed, allow to reinitialize the environment for takeover - issue #396 2013-02-14 17:39:19 +00:00
Bernardo Damele
d91530f885 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 17:16:55 +00:00
Bernardo Damele
52264f544e minor fix for Windows file paths, do not strip the windows drive letter 2013-02-14 17:16:49 +00:00
Miroslav Stampar
fdf00e4842 Fix for an Issue #397 2013-02-14 17:14:36 +01:00
Miroslav Stampar
368a2fd297 Fix for an Issue #393 2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018 Trivial restyling 2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e Minor style update 2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916 Implementation for an Issue #394 2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2 This was supposed to be a separate commit (going to commit it in next one) 2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f Putting that ugly parameter xyz is not inside the Cookie into the debug messages 2013-02-14 15:38:44 +01:00
Bernardo Damele
d42d28392a avoid tracebacks because the parameter does not exist 2013-02-14 13:18:33 +00:00
Bernardo Damele
646df37884 minor bug fix for --reg-read 2013-02-14 13:17:30 +00:00
Miroslav Stampar
c72353321d Minor update for an Issue #392 2013-02-14 13:36:33 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
cb6d549e57 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 11:25:12 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
efe1bf0ded Minor fix (for those multiline cases like in MsSQL) 2013-02-14 12:20:40 +01:00
Miroslav Stampar
6629233de5 Minor update 2013-02-14 10:18:40 +01:00
Miroslav Stampar
a0b44da5d8 Minor fix for --threads>1 --binary-fields 2013-02-13 20:47:27 +01:00
Miroslav Stampar
0a4605644e Minor fix for previous commit 2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b Minor fix 2013-02-13 16:24:21 +01:00
Miroslav Stampar
9b231f87d6 Minor bug fix (regarding Issue #379) - in case that two processes enter the same proc_count decrementing line sqlmap would halt 2013-02-13 15:31:50 +01:00
Miroslav Stampar
8138d1318e Minor fix 2013-02-13 15:10:49 +01:00
Miroslav Stampar
c6d29e093e Fixing issue with newlines after the data in -r mode 2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33 Trivial update 2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70 Renaming --binary to --binary-fields 2013-02-13 11:27:03 +01:00
Miroslav Stampar
dd6f50a00e Removing unused imports 2013-02-13 11:15:24 +01:00
Miroslav Stampar
7c802ed8cc Minor fix 2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format) 2013-02-13 09:56:44 +01:00
Miroslav Stampar
1d42aba01e Minor update regarding 093a93938c (for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix) 2013-02-12 17:35:14 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Miroslav Stampar
6a98d375b1 More general except 2013-02-12 14:39:21 +01:00
Miroslav Stampar
212e92ea01 Minor update regarding --load-cookies (warning about expired ones) 2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d Update for a last update 2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d Update for --load-cookies 2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc Support for multiple injection marks inside the same header value (Issue #48) 2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69 Minor bug fix (getting ? in < 0xf char cases) 2013-02-11 21:16:35 +01:00
Miroslav Stampar
7c06a937e5 Minor refactoring 2013-02-09 20:21:17 +01:00
Bernardo Damele
f970b4f240 minor adjustment fixing the regression test stall 2013-02-09 12:19:21 +00:00
Bernardo Damele
e48181e28d another attempt to fix the stall during regression test 2013-02-09 12:16:56 +00:00
Bernardo Damele
138a846cf1 possible fix for regression test stall 2013-02-09 10:50:06 +00:00
Bernardo Damele
1596b9ed59 revert 2013-02-08 16:43:49 +00:00
Bernardo Damele
98864e425f minor "fix" 2013-02-08 16:30:34 +00:00
Bernardo Damele
8b510c55fb minor code cleanup 2013-02-08 16:29:16 +00:00
Miroslav Stampar
5aaf7f1aa6 BUG fix 2013-02-08 16:44:30 +01:00
Miroslav Stampar
c0e59d94a9 Better naming 2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b Update for an Issue #207 (and a potential patch for regression tests) 2013-02-08 16:20:48 +01:00
Miroslav Stampar
ee1017a5a7 Minor fix 2013-02-08 13:46:39 +01:00
Bernardo Damele
d015bf98fc renamed variable to avoid confusion 2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb unnecessary condition here 2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Bernardo Damele
dd6c73ea24 fixed --passwords output for API - #297 2013-02-06 21:45:51 +00:00
Bernardo Damele
21afba9571 got the partial output finally properly replaced by complete output in IPC database - #297 2013-02-06 21:32:26 +00:00
Bernardo Damele
5c8335876f minor bug fix to make --disable-coloring work on log messages too 2013-02-06 21:04:54 +00:00
Bernardo Damele
2fa2f30d21 slighlty better, still not optimal 2013-02-06 17:45:52 +00:00
Bernardo Damele
477c66ac4b minor refactoring and trivial bug fix 2013-02-06 17:45:25 +00:00
Bernardo Damele
e439c3d3f5 minor refactoring - #297 2013-02-06 17:09:43 +00:00
Bernardo Damele
b272b0574d minor fix to reset partRun value - #297 2013-02-06 17:09:28 +00:00
Miroslav Stampar
060eac110a Cleaner version checking 2013-02-06 10:28:17 +01:00
Miroslav Stampar
b1f31103f9 Removing that ugly disk I/O error in live testing mode 2013-02-05 17:04:42 +01:00
Miroslav Stampar
934808f53b Fix for an Issue #379 2013-02-05 16:13:45 +01:00
Bernardo Damele
e03010f48b got rid of unnecessary output for API - #297 2013-02-05 15:00:06 +00:00
Bernardo Damele
4428ad5345 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 14:43:14 +00:00
Bernardo Damele
f7d826fee1 first case where partial output is retrievable via RESTful API - issue #297 2013-02-05 14:43:03 +00:00
Miroslav Stampar
01219219fc Minor bug fix (for --first/--last through problematic DBMSes) 2013-02-05 15:03:55 +01:00
Miroslav Stampar
31daefc7c9 Minor fix (skipping one uneccesary request in single-threaded --first/--last mode) 2013-02-05 13:51:35 +01:00
Miroslav Stampar
62772125e3 Bug fix for HTTPSCertAuthHandler 2013-02-05 12:16:06 +01:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Miroslav Stampar
1618086027 Minor fix 2013-02-05 10:58:02 +01:00
Miroslav Stampar
9296bdd959 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 10:27:43 +01:00
Miroslav Stampar
4faa5f0f49 Fix for stalling in retrieving international letters (--technique=B) 2013-02-05 10:27:31 +01:00
Bernardo Damele
9d04ae5db5 minor improvement to temporary folder name 2013-02-05 09:11:38 +00:00
Miroslav Stampar
44579120b5 Cosmetics 2013-02-05 10:02:11 +01:00
Miroslav Stampar
74e82b2b53 Removing redundant check 2013-02-04 20:42:28 +01:00
Miroslav Stampar
cf8e5d535d Minor cleanup 2013-02-04 20:15:44 +01:00
Miroslav Stampar
c5ae967fe0 Potential fix for an Issue #379 2013-02-04 17:43:58 +01:00
Miroslav Stampar
6cab3d4759 Minor update 2013-02-04 16:46:08 +01:00
Miroslav Stampar
4f2981f163 Minor fix 2013-02-04 16:37:54 +01:00
Miroslav Stampar
f4b8a3c1d8 Bug fix for boolean (multithreaded Ctrl+C) resumed values 2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986 Bug fix (introduced with f1ab887c55) 2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39 Removal of unused imports 2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67 step by step getting there to partial output presentation to restful API (issue #297), not quite yet though.. 2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5 minor bug fix 2013-02-03 21:39:26 +00:00
Bernardo Damele
dc2bbbeaa7 minor revert 2013-02-03 20:55:58 +00:00
Bernardo Damele
df3cc38cd9 minor improvements 2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c improvement to restful API to store to IPC database partial entries, not yet functional (issue #297) 2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66 Implementation for an Issue #363 2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4 Bug fix (causing search problems) 2013-02-01 11:24:17 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a Minor bug fix 2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31 Patch to prevent problems like Issue #381 2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb Another update for an Issue #380 (--common-... switches) 2013-01-31 13:49:19 +01:00
Miroslav Stampar
f5844eabae Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60 2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626 Update for an Issue #342 and #372 2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272 Minor fix 2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284 variable renamed 2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083 Minor refactoring 2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545 Update for an Issue #352 2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117 Minor fine tuning 2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
95b922309c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 20:50:40 +01:00
Bernardo Damele
e8bd3c9c9f cosmetics 2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3 minor fix 2013-01-29 16:23:30 +00:00
Bernardo Damele
edd6699ed1 code refactoring and added /status method for scan (issue #297) 2013-01-29 16:11:25 +00:00
Bernardo Damele
c47b44e93f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:38:16 +00:00
Bernardo Damele
1152cf8958 increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297) 2013-01-29 15:38:09 +00:00
Bernardo Damele
9677e0f910 more data content types for API (issue #297) 2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297) 2013-01-29 15:35:51 +00:00
Bernardo Damele
a56f4ec15c techniques has to go too to the API (issue #297) 2013-01-29 15:34:53 +00:00
Bernardo Damele
bfce7210e6 improvements to the dump library to output to the API data fetched properly formatted (issue #297) 2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c split init() into two separate functions for API purposes (issue #297) 2013-01-29 15:33:16 +00:00
Miroslav Stampar
a59ac8e27f Trivial cosmetics 2013-01-29 16:30:38 +01:00
Miroslav Stampar
f4b7b3fd35 Minor cosmetics 2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2 Minor fix 2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f minor adjustment 2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55 major enhancement, code refactoring for issue #297 2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3 apply a little bit of secure coding practices to the API 2013-01-27 12:26:40 +00:00
Bernardo Damele
cd4075f6a3 no raise, just pass at ctrl-c 2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297) 2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8 Fix for an Issue #378 2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7 Minor style update for an Issue #377 2013-01-25 12:52:31 +01:00
Miroslav Stampar
479f791112 Minor fix 2013-01-25 12:41:51 +01:00
Miroslav Stampar
194a9e7b88 Implementation for an Issue #377 2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991 first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite 2013-01-24 12:57:24 +00:00
Chris Frohoff
218a6a9695 fixed response header logging for header names with special chars 2013-01-23 11:10:25 -08:00
Bernardo Damele
f848f259a6 upper() -D value for certain DBMSes 2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite 2013-01-23 15:52:03 +00:00
Miroslav Stampar
232f8d3585 Fix for an Issue #368 2013-01-23 13:36:17 +01:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
dea15b5892 notify user if --udf-inject is provided but no stacked queries SQLi is detected 2013-01-22 18:28:48 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
719c7f622b Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions) 2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb Fix for an Issue #367 2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44 Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...' 2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba missing import 2013-01-22 11:25:01 +00:00
Miroslav Stampar
59b02539ca More general approach regarding that last commit 2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07 Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query) 2013-01-22 11:29:51 +01:00
Bernardo Damele
e558040810 minor fix to previous commit 2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582 better detection if vulnerable of not for regression test 2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef Fix for an Issue #364 2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff Rewriting some query crafting parts (especially those .find(' FROM ')) 2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
75bf8528d1 Minor just in case update 2013-01-21 14:50:43 +01:00
Miroslav Stampar
c55a002f95 Language fix 2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0 Trivial style update 2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342 Adding new common function for further refactoring 2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b Fix for a regression test #30 test case fail (Firebird inline) 2013-01-21 10:12:54 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
3373e30808 minor fix for a bug introduced with commit 1ad9e26a21 2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db This last commit was in haste :) 2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225 Minor update (just for consistency with the rest of code) 2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87 Minor update (just for consistency with the rest of code) 2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405 Minor refactoring 2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8 In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value) 2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f layout adjustment 2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d all we need to debug failed test cases while regression test run.. 2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage 2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e just in case, add also the test case name inside the temp folder for debug purposes 2013-01-19 16:06:46 +00:00
Bernardo Damele
c95119559e minor bug fix 2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6 more fixes 2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce fixed test cases for Firebird - #312 2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371 avoid blank line if password hashes have not been fetched 2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21 bug fix for ORDER BY users provided statements (issue #354) 2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c improvements to --live-test 2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d minor output adjustment 2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c Removing some unused stuff (mainly imports) 2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5 Removing obsolete proxy handling code (Python < 2.6) 2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131 Removing some obsolete functions 2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09 Minor update 2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5 Minor removal of unused function 2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d Minor removal of redundant code 2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1 more fixes to test cases 2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20 Minor just in place update for an Issue #348 2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41 fixed url 2013-01-17 21:29:00 +00:00
Bernardo Damele
38eb4eb33e Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-17 21:03:11 +00:00
Bernardo Damele
b6e44ae64e fix for #349 (compatible with all others DBMSes too) 2013-01-17 21:03:03 +00:00
Miroslav Stampar
a8e3fd58c5 Implementation for an Issue #348 2013-01-17 21:49:58 +01:00
Miroslav Stampar
8480ceddcb Minor style update 2013-01-17 19:55:56 +01:00
Miroslav Stampar
507f185b69 Revert of patch for an Issue #347 2013-01-17 18:38:37 +01:00
Miroslav Stampar
9dd69042de Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-17 15:31:55 +01:00
Miroslav Stampar
f7eda07d92 Patch for an Issue #347 2013-01-17 15:30:14 +01:00
Bernardo Damele
5e059ab6db added check for DB2 lib 2013-01-17 14:20:34 +00:00
Miroslav Stampar
a38b3e397c Patch for an Issue #286 2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3 Implementing a check for an Issue #25 2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e Fix for an Issue #346 2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d Fix for an Issue #345 2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2 Minor update for an Issue #8 2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4 Minor language update 2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7 Finishing first usable prototype for an Issue #8 2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd Minor update for an Issue #8 2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2 bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected 2013-01-16 01:53:33 +00:00
Bernardo Damele
542f6de72e typo fix 2013-01-16 01:31:03 +00:00
Bernardo Damele
e16ad38d3e more work on #342 2013-01-15 18:15:07 +00:00
Bernardo Damele
329047fc12 restored fix for #210 to keep --hex work with --technique B 2013-01-15 17:51:40 +00:00
Bernardo Damele
2a751e075d more work on #342 2013-01-15 17:14:44 +00:00
Bernardo Damele
ec076f5f8a write console output to temporary folder in any case the test case fails, even if no traceback is raised 2013-01-15 15:51:03 +00:00
Bernardo Damele
4eaa0d17aa Fix in forging query to calculate query output length - closes issue #342 2013-01-15 15:50:20 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
3f84cefc77 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-15 14:59:22 +00:00
Bernardo Damele
c51358953a add more Oracle system dbs 2013-01-15 14:51:29 +00:00
Miroslav Stampar
04aa39f0c6 Minor update 2013-01-15 13:51:19 +01:00
Miroslav Stampar
5ee653dd89 Merging commit 57bcbb458eade2850a6d7623ecddbe49c69cf334 from @morisson 2013-01-15 10:14:02 +01:00
Miroslav Stampar
2cac7e860e Minor refactoring 2013-01-14 16:27:50 +01:00
Miroslav Stampar
31302eb707 Minor update 2013-01-14 16:26:07 +01:00
Miroslav Stampar
2a86c1cadc Another cosmetics 2013-01-14 16:24:55 +01:00
Miroslav Stampar
1e1f560d0c Minor cosmetics 2013-01-14 16:24:28 +01:00
Miroslav Stampar
0c2474cc22 Minor update 2013-01-14 16:21:40 +01:00
Miroslav Stampar
a5a309212a Fix for an Issue #339 2013-01-14 16:18:03 +01:00
Bernardo Damele
3e2c3851f3 Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312) 2013-01-14 13:42:50 +00:00
Bernardo Damele
515c1c6205 removed leftover 2013-01-14 10:26:22 +00:00
Bernardo Damele
83000de9e1 improved handling and storing of exceptions with --live-test (#312) 2013-01-14 10:23:40 +00:00
Bernardo Damele
8125fe90a7 code refactoring 2013-01-14 10:22:38 +00:00
Bernardo Damele
036b612bcb bug fix to be able to write unicode chars to debug file 2013-01-14 01:11:42 +00:00
Miroslav Stampar
fc560f2b75 Minor revert and proper fix 2013-01-14 00:47:29 +01:00
Bernardo Damele
b74cfbf336 minor enhancements for debug purposes (issue #312) 2013-01-13 23:15:56 +00:00
Bernardo Damele
fdd6075859 temporary patch to fix UNION query enumeration 2013-01-13 23:08:23 +00:00
Miroslav Stampar
92ea8841f8 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-13 16:23:09 +01:00
Miroslav Stampar
03dd958d96 Implementation for an Issue #48 2013-01-13 16:22:43 +01:00
Miroslav Stampar
81848c723d Minor cleanup (we officially support Python >= 2.6) 2013-01-11 16:01:48 +01:00
Bernardo Damele
675e4a026b Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-11 13:31:49 +00:00
Bernardo Damele
41834e7a5b working on #8 - still not usable though 2013-01-11 13:31:44 +00:00
Miroslav Stampar
bc4d8d3e02 Implementation for an Issue #332 2013-01-11 11:17:41 +01:00
Miroslav Stampar
5571d09354 Minor revert 2013-01-11 11:13:55 +01:00
Miroslav Stampar
4b79269608 Minor bug fix 2013-01-11 11:10:18 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
1363f26367 Minor refactoring 2013-01-10 15:59:02 +01:00
Miroslav Stampar
834be1eddc Restyling redundant 'except Exception' form 2013-01-10 15:54:28 +01:00
Miroslav Stampar
acfeeb4f51 Restyling old form of urlparse 2013-01-10 15:41:07 +01:00
Miroslav Stampar
8686c20fa5 Removing one obsolete instantiation line 2013-01-10 15:27:35 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3 Removing unused imports 2013-01-10 12:15:12 +01:00
Miroslav Stampar
05705857a9 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-10 12:09:48 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Bernardo Damele
ca337159f5 added reminder TODO 2013-01-10 01:11:22 +00:00
Bernardo Damele
8093f3950d properly distinguish stdout from stderr with a separate pipe (tracebacks go to stderr) - issue #297 2013-01-10 00:52:44 +00:00
Bernardo Damele
10f1099944 remove logging handler that shows logging messages to stdout - issue #297 2013-01-10 00:51:56 +00:00
Bernardo Damele
ccc3c3d1a3 minor fix to distinguish stdout from stderr 2013-01-10 00:51:05 +00:00
Bernardo Damele
ef40779ad3 upgraded to use custom subprocessng for non-blocking send and read functions for spawned processes. Added new method to display range of log messages, just in case and improved parsing/unpickling of read log messages 2013-01-10 00:01:28 +00:00
Bernardo Damele
2126a5ba12 minor index fix 2013-01-10 00:00:00 +00:00
Bernardo Damele
9766f6025e logging is now handled in a separate file descriptor :) - issue #297 2013-01-09 22:09:50 +00:00
Bernardo Damele
794700eb37 preparing to handle logging calls by a separate file descriptor when sqlmap is executed by the REST API - issue #297 2013-01-09 22:08:50 +00:00
Bernardo Damele
d120dc18d1 cleanup 2013-01-09 22:06:27 +00:00
Bernardo Damele
58a60562ac avoid exiting with a traceback for missing dependency, handle properly at some point 2013-01-09 16:05:55 +00:00
Bernardo Damele
7f4ce4afbb Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-09 16:04:29 +00:00
Bernardo Damele
510ceb6e19 first attempt to have --os-pwn and other takeover switches work across Windows and Linux - issue #28 2013-01-09 16:04:23 +00:00
Miroslav Stampar
bf5544903b Minor style update 2013-01-09 16:10:26 +01:00
Miroslav Stampar
9bdcb1176d Update for an Issue #169 2013-01-09 15:58:13 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
bdd2592848 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-09 15:22:30 +01:00
Miroslav Stampar
3d4f381ab5 Patch for an Issue #169 2013-01-09 15:22:21 +01:00
Bernardo Damele
c44a829b9b pass a pickled options object to sqlmap engine when called from API 2013-01-09 12:34:45 +00:00
Bernardo Damele
8457cff278 added variable to store the live test traceback if any 2013-01-09 12:33:18 +00:00
Bernardo Damele
f11747732e added missing command line options 2013-01-09 12:30:13 +00:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964 Minor refactoring for an Issue #295 2013-01-08 10:23:02 +01:00
Bernardo Damele
c155c6df84 minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi 2013-01-07 23:31:11 +00:00
Miroslav Stampar
3abe87ac89 Minor fix with status update (Issue #305) 2013-01-07 18:53:08 +01:00
Miroslav Stampar
a8f02916a9 Minor fix (Issue #305) 2013-01-07 18:39:35 +01:00
Miroslav Stampar
e219fad8bf Added a short comment 2013-01-07 18:19:48 +01:00
Bernardo Damele
1e35b3c8c9 proper link 2013-01-07 16:59:59 +00:00
Miroslav Stampar
96e5d5d178 Some more updates for an Issue #295 2013-01-07 16:55:41 +01:00
Miroslav Stampar
74552bea87 Cleaning some garbage (hard coded paths with linux native slashes) 2013-01-07 16:51:00 +01:00
Miroslav Stampar
425df067eb Fix for an --os-pwn with ICMPsh (it was crashing because methods interleaved with Metasploit ones) 2013-01-07 16:44:22 +01:00
Miroslav Stampar
ac407ae4a1 Implementation for an Issue #295 2013-01-07 15:55:40 +01:00
Miroslav Stampar
76839ff9d6 Fix for an Issue #305 2013-01-07 12:52:55 +01:00
Bernardo Damele
1e1892c962 prep for subprocess.. 2013-01-07 11:10:33 +00:00
Bernardo Damele
7fa75792dd Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-07 11:10:08 +00:00
Bernardo Damele
a30d7014b9 removed unused var 2013-01-07 11:05:33 +00:00
Miroslav Stampar
87e923613f Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST) 2013-01-05 21:16:47 +01:00
Miroslav Stampar
dc21f3ce67 Minor just in case filtering of union results 2013-01-04 17:09:07 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
82b468211d Minor update 2013-01-03 23:38:29 +01:00
Miroslav Stampar
f340ce8b4b Minor style update 2013-01-03 23:35:29 +01:00
Miroslav Stampar
1712603dce Replacing deprecated has_key() with operator in (PEP8) 2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Bernardo Damele
3a11d36c66 minor bug fix 2013-01-02 21:49:15 +00:00
Miroslav Stampar
cb15fcc8af Fix for an Issue #329 2013-01-02 22:17:06 +01:00
Miroslav Stampar
304e52cb4d Minor language update 2013-01-02 22:11:59 +01:00
Miroslav Stampar
09f1cdd8e1 Minor style update 2013-01-02 21:52:50 +01:00
Miroslav Stampar
0795760255 Minor fix 2012-12-30 11:22:23 +01:00
Miroslav Stampar
75edb84a71 Minor update 2012-12-30 11:10:32 +01:00
Miroslav Stampar
58ad2f1c5d Revert of last commit and proper fix 2012-12-29 10:35:05 +01:00
Miroslav Stampar
0e18fa9c5f Minor fix 2012-12-28 23:43:47 +01:00
Miroslav Stampar
648d91d790 Distinguishing invalid unicode from safe encoded characters (for proper potential decoding) 2012-12-27 22:43:39 +01:00
Miroslav Stampar
3d01890147 Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode) 2012-12-27 21:15:44 +01:00
Miroslav Stampar
cb91729913 Fix for an Issue #324 (crawling when HTML is not well-formed) 2012-12-27 20:55:37 +01:00
Miroslav Stampar
127b880577 Minor update 2012-12-27 15:14:40 +01:00
Miroslav Stampar
6ae4590edc Removing problematic per-MySQL LIMIT prefix 2012-12-26 19:48:01 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Bernardo Damele
832567ecf6 import order 2012-12-21 23:34:37 +00:00
Miroslav Stampar
77625e5af7 Minor revert 2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4 Minor style update 2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table) 2012-12-21 14:52:47 +01:00
Miroslav Stampar
6c1ec9b54f Fix for an Issue #318 2012-12-21 11:10:05 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Miroslav Stampar
352e516400 Bottle is a 3rd party tool (not going to extra folder) 2012-12-21 10:18:30 +01:00
Miroslav Stampar
b94a5d42d4 Removing a leftover 2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4 Related to an Issue #319 2012-12-21 09:47:58 +01:00
Miroslav Stampar
0d5d84edc7 Minor cleanup 2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db Fix for an Issue #316 2012-12-20 20:55:59 +01:00
Miroslav Stampar
1073ebc697 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 20:51:41 +01:00
Bernardo Damele
89d8c58fd1 poor attempt at forking a child process for sqlmap engine execution, output is not handled yet 2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d minor bug fix (#297) 2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b fixed options initiation 2012-12-20 16:53:43 +00:00
Miroslav Stampar
1c4d438aff Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 16:37:03 +01:00
Bernardo Damele
b0635bddcc adjustments 2012-12-20 15:29:23 +00:00
Miroslav Stampar
8efe056671 Minor refactoring 2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd standalone REST API, code cleanup (#297) 2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7 removed deprecated feature (#287) 2012-12-20 13:21:07 +00:00
Miroslav Stampar
63d9b7a1f8 No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset) 2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e Minor restyling 2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6 these edits got overwritten from last commits 2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586 Proper fix 2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a Merge branch 'master' of github.com:sqlmapproject/sqlmap
Conflicts:
	lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2 Proper fix 2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970 attempt to handle standard input from --live-test 2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0 minor bug fix to correctly parse unicode chars 2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd minor fix (reading of unicode xml files) 2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5 minor bug fix (for PostgreSQL) 2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb minor bug fix (issue #314) 2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea slight improvement of live test engine and added misc test cases to xml 2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d added support for random global variables 2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc minor restyling 2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485 pointless restyling 2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff Just for one girl out there waiting for this patch ;) 2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa forgot these 2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b restyling 2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374 commented out partial work 2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a revert change of name for now 2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0 During --flush-session log file should be cleaned too (especially because of --live-tests) 2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f ORDER BY does not play well with UNION query SQLi (related to issue #313) 2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f catch ImportError exception if libmagic is not installed 2012-12-19 13:10:54 +00:00
Bernardo Damele
128597ee7e --run-case is now case insensitive 2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103 minor bug fix (issue #310) 2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c fixed test cases 2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5 preparation for issue #310 2012-12-19 11:40:00 +00:00
Bernardo Damele
f5450e9f0e layout adjustment 2012-12-19 11:39:38 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae Debug message with declared page charset 2012-12-19 11:16:42 +01:00
Miroslav Stampar
d29dddf5b2 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 10:51:25 +01:00
Miroslav Stampar
92e338251a Finally working inference against MySQL/international letters (even chinese) 2012-12-19 10:44:02 +01:00
Bernardo Damele
65ed2304fd comment update 2012-12-19 09:38:03 +00:00
Bernardo Damele
0037d52098 typo fix 2012-12-19 01:11:18 +00:00
Miroslav Stampar
c9b8b51c9c Update lib/core/common.py
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
8e95470415 minor refactoring 2012-12-19 00:46:23 +00:00
Bernardo Damele
318fcee49c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a minor refactoring 2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af Update lib/core/common.py
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9 Update lib/core/agent.py 2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5 minor bug fix, union query has to be limited 0, 0 2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35 added more test cases 2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a Implementation for an Issue #307 2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876 Minor patch 2012-12-18 11:10:06 +01:00
Miroslav Stampar
2b64c10710 Patch for an Issue #304 2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922 Another implementation for an Issue #302 2012-12-17 15:08:54 +01:00
Bernardo Damele
3c1b696bd6 removed more print statements 2012-12-17 13:35:32 +00:00
Bernardo Damele
1fdd804e94 replaced instances of dataToStdout with logger 2012-12-17 13:30:21 +00:00
Bernardo Damele
9f47eb0a59 cleaner 2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03 removed unuseful prints 2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0 minor fix: add also back-end DBMS and web app fingerprint output to log file 2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb improvements to --live-test and added --stop-fail switch 2012-12-17 11:41:43 +00:00
Bernardo Damele
064d443d60 replaced unnecessary dataToStdout() call with appropriate logger.info() call 2012-12-17 11:30:08 +00:00
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Bernardo Damele
f40c52cc17 comment adjustment 2012-12-17 11:28:03 +00:00
Bernardo Damele
2442a58884 minor leftover of deprecated XMLRPC service 2012-12-17 11:26:31 +00:00
Miroslav Stampar
60baf5071e Patch for an Issue #302 2012-12-17 00:40:01 +01:00
Bernardo Damele
d4a061d0c3 code cleanup - #297 2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb code refactoring and first time logger is handled by a separate file descriptor (issue #297) 2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c code refactoring (#279) 2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2 on our way to make it thread safe.. it is a long way actually (issue #297) 2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750 added more comments, improved cleanup method 2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4 implemented cleanup and status admin methods 2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec minor fix 2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297 2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297) 2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95 refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297) 2012-12-14 13:40:25 +00:00
Bernardo Damele
a2a71bb37b cleanup from XML-RPC related stuff 2012-12-14 13:37:36 +00:00
Miroslav Stampar
a3acf72e52 Fix for argparse issue 2012-12-14 14:35:11 +01:00
Miroslav Stampar
235631808f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-14 14:25:02 +01:00
Bernardo Damele
3d9779ffd4 further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods (#297) 2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238 cleaner solution for imports as standalone client/server (issue #297) 2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25 enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297) 2012-12-14 12:01:13 +00:00
Bernardo Damele
156a291e2d typo fix 2012-12-14 11:55:54 +00:00
Miroslav Stampar
c41618416c Removing trailing blanks 2012-12-14 12:00:45 +01:00
Bernardo Damele
2e97405ffa bundle bottle library in sqlmap (it is MIT license) - issue #297 2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70 leftovers 2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f added first implementation of REST-JSON API library - issue #297 2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1 added initial support (hidden from -hh and not yet usable) for REST-JSON API 2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821 Minor update 2012-12-13 14:55:20 +01:00
Miroslav Stampar
df0f08bc6a Cleaning some (web upload based) garbage 2012-12-13 13:19:47 +01:00
Miroslav Stampar
5150172178 Minor update 2012-12-13 10:03:21 +01:00
Miroslav Stampar
b78b56d782 Update for an Issue #287 regarding read_output returning values 2012-12-12 17:17:36 +01:00
Miroslav Stampar
fc4be0a77c Minor fix 2012-12-12 16:45:29 +01:00
Miroslav Stampar
e381158058 Hmmm... Let me guess. Update for an Issue #287 2012-12-12 16:31:20 +01:00
Miroslav Stampar
921000bd87 Another update for an Issue #287 2012-12-12 14:22:24 +01:00
Miroslav Stampar
c3f20a136f Minor update for an Issue #287 2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4 Minor update 2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2 Minor update for an Issue #287 2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768 Update for an Issue #287 2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381 Writing only unique hashes to an output file (for eventual cracking with 3rd party tools) 2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e First commit (and working one) for an Issue #287 (XML-RPC server) 2012-12-11 16:02:06 +01:00
Miroslav Stampar
b5884c7eda Minor language update 2012-12-11 15:24:02 +01:00
Miroslav Stampar
760519dbe9 Removing redundant piece of code 2012-12-11 15:21:27 +01:00
Miroslav Stampar
a54c261496 Minor update for Issues #292 & #293 (only single alert per target) 2012-12-11 14:44:43 +01:00
Miroslav Stampar
5c2451d83c Implementation for an Issue #293 2012-12-11 12:48:58 +01:00
Miroslav Stampar
562044577b Implementation for an Issue #292 2012-12-11 12:02:06 +01:00
Miroslav Stampar
6433be8b3d Style update 2012-12-10 17:20:04 +01:00
Miroslav Stampar
996e882e78 Minor update 2012-12-10 17:13:00 +01:00
Miroslav Stampar
013dc8bc98 Another minor update for an Issue #267 2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4 Minor update for an Issue #267 2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061 Implemented support for plain , chars too (Issue #267) 2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5 Minor styl eupdate for an Issue #267 2012-12-10 12:54:01 +01:00
Miroslav Stampar
5677db02b7 Minor update 2012-12-10 12:40:28 +01:00
Miroslav Stampar
5606a860ce Oracle supports inline comments too (Issue #267) 2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7 Support for a HTTP parameter pollution (Issue #267) 2012-12-10 11:55:31 +01:00
Miroslav Stampar
42f4c2bac9 Minor fix when --dbms is enforced 2012-12-10 11:42:10 +01:00
Miroslav Stampar
1f7644a691 Minor fix when user doesn't want custom injection char marker to be processed 2012-12-08 21:23:30 +01:00
Miroslav Stampar
0cbdaaecfa Revert of 99e9412f74 (because of an Issue #289) 2012-12-08 08:53:25 +01:00
Miroslav Stampar
73968a448c Minor update 2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa Minor update for an Issue #288 2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc Minor refactoring 2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9 Patch for an Issue #288 2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2 Minor update for an Issue #288 2012-12-07 11:23:18 +01:00
Miroslav Stampar
1028afce37 Removal of leftovers 2012-12-06 14:15:44 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962 Minor style update (capitalization of leftover class names) 2012-12-06 13:46:24 +01:00
Miroslav Stampar
baccbd6f48 Implementation for an Issue #283 2012-12-06 11:57:57 +01:00