Commit Graph

4368 Commits

Author SHA1 Message Date
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Bernardo Damele
832567ecf6 import order 2012-12-21 23:34:37 +00:00
Miroslav Stampar
77625e5af7 Minor revert 2012-12-21 19:31:05 +01:00
Miroslav Stampar
00e55828e4 Minor style update 2012-12-21 15:06:03 +01:00
Miroslav Stampar
8b3e17ed4d Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table) 2012-12-21 14:52:47 +01:00
Miroslav Stampar
6c1ec9b54f Fix for an Issue #318 2012-12-21 11:10:05 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Miroslav Stampar
352e516400 Bottle is a 3rd party tool (not going to extra folder) 2012-12-21 10:18:30 +01:00
Miroslav Stampar
b94a5d42d4 Removing a leftover 2012-12-21 09:49:09 +01:00
Miroslav Stampar
0a122ccce4 Related to an Issue #319 2012-12-21 09:47:58 +01:00
Miroslav Stampar
0d5d84edc7 Minor cleanup 2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db Fix for an Issue #316 2012-12-20 20:55:59 +01:00
Miroslav Stampar
1073ebc697 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 20:51:41 +01:00
Bernardo Damele
89d8c58fd1 poor attempt at forking a child process for sqlmap engine execution, output is not handled yet 2012-12-20 17:56:53 +00:00
Bernardo Damele
912323c12d minor bug fix (#297) 2012-12-20 17:05:44 +00:00
Bernardo Damele
7adaffa71b fixed options initiation 2012-12-20 16:53:43 +00:00
Miroslav Stampar
1c4d438aff Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 16:37:03 +01:00
Bernardo Damele
b0635bddcc adjustments 2012-12-20 15:29:23 +00:00
Miroslav Stampar
8efe056671 Minor refactoring 2012-12-20 15:51:03 +01:00
Bernardo Damele
e9ab33e9dd standalone REST API, code cleanup (#297) 2012-12-20 14:35:02 +00:00
Bernardo Damele
5632279bf7 removed deprecated feature (#287) 2012-12-20 13:21:07 +00:00
Miroslav Stampar
63d9b7a1f8 No character shall be left forgotten (no more ? in case that character was not properly being decoded by used charset) 2012-12-20 12:23:37 +01:00
Miroslav Stampar
c2c4601d6e Minor restyling 2012-12-20 11:06:52 +01:00
Bernardo Damele
076b4063e6 these edits got overwritten from last commits 2012-12-20 09:42:44 +00:00
Miroslav Stampar
3cbe60b586 Proper fix 2012-12-20 10:37:20 +01:00
Miroslav Stampar
0d1ea7f05a Merge branch 'master' of github.com:sqlmapproject/sqlmap
Conflicts:
	lib/core/testing.py
2012-12-20 10:37:11 +01:00
Miroslav Stampar
da93e77eb2 Proper fix 2012-12-20 10:34:51 +01:00
Bernardo Damele
ac77724970 attempt to handle standard input from --live-test 2012-12-20 09:30:48 +00:00
Bernardo Damele
2b6ee06de0 minor bug fix to correctly parse unicode chars 2012-12-20 09:30:13 +00:00
Miroslav Stampar
69310e47ce Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 09:54:39 +01:00
Miroslav Stampar
06d8213ffd minor fix (reading of unicode xml files) 2012-12-20 09:53:08 +01:00
Bernardo Damele
86872956d5 minor bug fix (for PostgreSQL) 2012-12-19 22:55:31 +00:00
Bernardo Damele
77843f44fb minor bug fix (issue #314) 2012-12-19 22:49:02 +00:00
Bernardo Damele
357da43cea slight improvement of live test engine and added misc test cases to xml 2012-12-19 17:28:41 +00:00
Bernardo Damele
85fcd27e2d added support for random global variables 2012-12-19 15:58:06 +00:00
Bernardo Damele
12d34587cc minor restyling 2012-12-19 14:34:34 +00:00
Bernardo Damele
326ff404fc Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 14:25:35 +00:00
Bernardo Damele
12eed58485 pointless restyling 2012-12-19 14:25:29 +00:00
Miroslav Stampar
37346fe8a3 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 15:23:57 +01:00
Miroslav Stampar
7ee98c7bff Just for one girl out there waiting for this patch ;) 2012-12-19 15:23:38 +01:00
Bernardo Damele
3be90c97aa forgot these 2012-12-19 14:12:45 +00:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
27a12ae85b restyling 2012-12-19 13:47:17 +00:00
Bernardo Damele
4b3b4eb374 commented out partial work 2012-12-19 13:47:04 +00:00
Bernardo Damele
3655d1f12a revert change of name for now 2012-12-19 13:45:52 +00:00
Bernardo Damele
874e2176c6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 13:43:00 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Miroslav Stampar
23153e8088 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 14:29:08 +01:00
Miroslav Stampar
244901eda0 During --flush-session log file should be cleaned too (especially because of --live-tests) 2012-12-19 14:28:54 +01:00
Bernardo Damele
282aeb734f ORDER BY does not play well with UNION query SQLi (related to issue #313) 2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f catch ImportError exception if libmagic is not installed 2012-12-19 13:10:54 +00:00
Bernardo Damele
128597ee7e --run-case is now case insensitive 2012-12-19 12:45:46 +00:00
Bernardo Damele
b91c829103 minor bug fix (issue #310) 2012-12-19 12:42:31 +00:00
Bernardo Damele
2bc2c0431c fixed test cases 2012-12-19 12:33:37 +00:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5 preparation for issue #310 2012-12-19 11:40:00 +00:00
Bernardo Damele
f5450e9f0e layout adjustment 2012-12-19 11:39:38 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
155c1eddae Debug message with declared page charset 2012-12-19 11:16:42 +01:00
Miroslav Stampar
d29dddf5b2 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 10:51:25 +01:00
Miroslav Stampar
92e338251a Finally working inference against MySQL/international letters (even chinese) 2012-12-19 10:44:02 +01:00
Bernardo Damele
65ed2304fd comment update 2012-12-19 09:38:03 +00:00
Bernardo Damele
0037d52098 typo fix 2012-12-19 01:11:18 +00:00
Miroslav Stampar
c9b8b51c9c Update lib/core/common.py
Revert of last commit and try 2
2012-12-19 01:48:53 +01:00
Bernardo Damele
8e95470415 minor refactoring 2012-12-19 00:46:23 +00:00
Bernardo Damele
318fcee49c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-19 00:30:26 +00:00
Bernardo Damele
3c7007097a minor refactoring 2012-12-19 00:30:22 +00:00
Miroslav Stampar
50b846b5af Update lib/core/common.py
Fixing wrong assumption in case of MySQL inference international character retrieval
2012-12-19 01:26:12 +01:00
Miroslav Stampar
9e2f0131b9 Update lib/core/agent.py 2012-12-18 20:25:00 +01:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
58656bbeb5 minor bug fix, union query has to be limited 0, 0 2012-12-18 16:36:30 +00:00
Bernardo Damele
61a838bb35 added more test cases 2012-12-18 15:59:48 +00:00
Miroslav Stampar
88d8494b5a Implementation for an Issue #307 2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876 Minor patch 2012-12-18 11:10:06 +01:00
Miroslav Stampar
2b64c10710 Patch for an Issue #304 2012-12-18 09:36:26 +01:00
Miroslav Stampar
4ea0c9e922 Another implementation for an Issue #302 2012-12-17 15:08:54 +01:00
Bernardo Damele
3c1b696bd6 removed more print statements 2012-12-17 13:35:32 +00:00
Bernardo Damele
1fdd804e94 replaced instances of dataToStdout with logger 2012-12-17 13:30:21 +00:00
Bernardo Damele
9f47eb0a59 cleaner 2012-12-17 13:29:37 +00:00
Bernardo Damele
0500712a03 removed unuseful prints 2012-12-17 13:29:19 +00:00
Bernardo Damele
ac44cf3ec0 minor fix: add also back-end DBMS and web app fingerprint output to log file 2012-12-17 13:02:09 +00:00
Bernardo Damele
bbd2adb5fb improvements to --live-test and added --stop-fail switch 2012-12-17 11:41:43 +00:00
Bernardo Damele
064d443d60 replaced unnecessary dataToStdout() call with appropriate logger.info() call 2012-12-17 11:30:08 +00:00
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Bernardo Damele
f40c52cc17 comment adjustment 2012-12-17 11:28:03 +00:00
Bernardo Damele
2442a58884 minor leftover of deprecated XMLRPC service 2012-12-17 11:26:31 +00:00
Miroslav Stampar
60baf5071e Patch for an Issue #302 2012-12-17 00:40:01 +01:00
Bernardo Damele
d4a061d0c3 code cleanup - #297 2012-12-15 00:29:35 +00:00
Bernardo Damele
0c3da5c7eb code refactoring and first time logger is handled by a separate file descriptor (issue #297) 2012-12-15 00:12:22 +00:00
Bernardo Damele
2f6a31605c code refactoring (#279) 2012-12-14 22:00:42 +00:00
Bernardo Damele
8dee8355c2 on our way to make it thread safe.. it is a long way actually (issue #297) 2012-12-14 18:13:21 +00:00
Bernardo Damele
21ecffb750 added more comments, improved cleanup method 2012-12-14 17:21:19 +00:00
Bernardo Damele
1421e6a9d4 implemented cleanup and status admin methods 2012-12-14 16:18:45 +00:00
Bernardo Damele
4fa2f400ec minor fix 2012-12-14 15:55:30 +00:00
Bernardo Damele
4c4cb856ff minor bug fix to the /scan/<taskid>output method, forced each taskid to have its own temporary folder for output - issue #297 2012-12-14 15:52:35 +00:00
Bernardo Damele
27906f388f added first methods to interact with sqlmap core, it is now possible to launch a scan from the API, hurray! (issue #297) 2012-12-14 14:51:01 +00:00
Bernardo Damele
f52d81c834 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-14 13:40:36 +00:00
Bernardo Damele
0b71c85d95 refactoring, code cleanup, more security-related headers and first /scan method implementation (issue #297) 2012-12-14 13:40:25 +00:00
Bernardo Damele
a2a71bb37b cleanup from XML-RPC related stuff 2012-12-14 13:37:36 +00:00
Miroslav Stampar
a3acf72e52 Fix for argparse issue 2012-12-14 14:35:11 +01:00
Miroslav Stampar
235631808f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-14 14:25:02 +01:00
Bernardo Damele
3d9779ffd4 further improvements to RESTful API: enforce security headers across all HTTP responses properly and make consistent responses across methods (#297) 2012-12-14 12:15:04 +00:00
Bernardo Damele
7b43837238 cleaner solution for imports as standalone client/server (issue #297) 2012-12-14 12:04:44 +00:00
Bernardo Damele
90d5696b25 enhanced RESTful API to support JSON requests and improved standalone client/server skeleton (issue #297) 2012-12-14 12:01:13 +00:00
Bernardo Damele
156a291e2d typo fix 2012-12-14 11:55:54 +00:00
Miroslav Stampar
c41618416c Removing trailing blanks 2012-12-14 12:00:45 +01:00
Bernardo Damele
2e97405ffa bundle bottle library in sqlmap (it is MIT license) - issue #297 2012-12-14 03:00:30 +00:00
Bernardo Damele
0ec420cc70 leftovers 2012-12-14 02:54:16 +00:00
Bernardo Damele
a1b83cd56f added first implementation of REST-JSON API library - issue #297 2012-12-14 02:52:31 +00:00
Bernardo Damele
6e31e87de1 added initial support (hidden from -hh and not yet usable) for REST-JSON API 2012-12-14 02:49:25 +00:00
Miroslav Stampar
c040323821 Minor update 2012-12-13 14:55:20 +01:00
Miroslav Stampar
df0f08bc6a Cleaning some (web upload based) garbage 2012-12-13 13:19:47 +01:00
Miroslav Stampar
5150172178 Minor update 2012-12-13 10:03:21 +01:00
Miroslav Stampar
b78b56d782 Update for an Issue #287 regarding read_output returning values 2012-12-12 17:17:36 +01:00
Miroslav Stampar
fc4be0a77c Minor fix 2012-12-12 16:45:29 +01:00
Miroslav Stampar
e381158058 Hmmm... Let me guess. Update for an Issue #287 2012-12-12 16:31:20 +01:00
Miroslav Stampar
921000bd87 Another update for an Issue #287 2012-12-12 14:22:24 +01:00
Miroslav Stampar
c3f20a136f Minor update for an Issue #287 2012-12-12 14:03:03 +01:00
Miroslav Stampar
32b39c72e4 Minor update 2012-12-12 12:07:56 +01:00
Miroslav Stampar
af52e8e8c2 Minor update for an Issue #287 2012-12-12 12:01:18 +01:00
Miroslav Stampar
a6448e8768 Update for an Issue #287 2012-12-12 11:54:59 +01:00
Miroslav Stampar
ef33729381 Writing only unique hashes to an output file (for eventual cracking with 3rd party tools) 2012-12-12 09:59:24 +01:00
Miroslav Stampar
b9f6fc5f4e First commit (and working one) for an Issue #287 (XML-RPC server) 2012-12-11 16:02:06 +01:00
Miroslav Stampar
b5884c7eda Minor language update 2012-12-11 15:24:02 +01:00
Miroslav Stampar
760519dbe9 Removing redundant piece of code 2012-12-11 15:21:27 +01:00
Miroslav Stampar
a54c261496 Minor update for Issues #292 & #293 (only single alert per target) 2012-12-11 14:44:43 +01:00
Miroslav Stampar
5c2451d83c Implementation for an Issue #293 2012-12-11 12:48:58 +01:00
Miroslav Stampar
562044577b Implementation for an Issue #292 2012-12-11 12:02:06 +01:00
Miroslav Stampar
6433be8b3d Style update 2012-12-10 17:20:04 +01:00
Miroslav Stampar
996e882e78 Minor update 2012-12-10 17:13:00 +01:00
Miroslav Stampar
013dc8bc98 Another minor update for an Issue #267 2012-12-10 13:07:36 +01:00
Miroslav Stampar
8bd0080bf4 Minor update for an Issue #267 2012-12-10 13:05:41 +01:00
Miroslav Stampar
96df0ba061 Implemented support for plain , chars too (Issue #267) 2012-12-10 12:58:17 +01:00
Miroslav Stampar
d0ea4c65c5 Minor styl eupdate for an Issue #267 2012-12-10 12:54:01 +01:00
Miroslav Stampar
5677db02b7 Minor update 2012-12-10 12:40:28 +01:00
Miroslav Stampar
5606a860ce Oracle supports inline comments too (Issue #267) 2012-12-10 12:00:15 +01:00
Miroslav Stampar
a024884ca7 Support for a HTTP parameter pollution (Issue #267) 2012-12-10 11:55:31 +01:00
Miroslav Stampar
42f4c2bac9 Minor fix when --dbms is enforced 2012-12-10 11:42:10 +01:00
Miroslav Stampar
1f7644a691 Minor fix when user doesn't want custom injection char marker to be processed 2012-12-08 21:23:30 +01:00
Miroslav Stampar
0cbdaaecfa Revert of 99e9412f74 (because of an Issue #289) 2012-12-08 08:53:25 +01:00
Miroslav Stampar
73968a448c Minor update 2012-12-07 15:29:54 +01:00
Miroslav Stampar
e129a30e6b Removing redundant code in redirect handler (related to an Issue #288) 2012-12-07 12:40:19 +01:00
Miroslav Stampar
fccad15cfa Minor update for an Issue #288 2012-12-07 12:14:33 +01:00
Miroslav Stampar
75e6d77fbc Minor refactoring 2012-12-07 11:54:34 +01:00
Miroslav Stampar
fbaeecdaf9 Patch for an Issue #288 2012-12-07 11:52:21 +01:00
Miroslav Stampar
c0fc12beb2 Minor update for an Issue #288 2012-12-07 11:23:18 +01:00
Miroslav Stampar
1028afce37 Removal of leftovers 2012-12-06 14:15:44 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962 Minor style update (capitalization of leftover class names) 2012-12-06 13:46:24 +01:00
Miroslav Stampar
baccbd6f48 Implementation for an Issue #283 2012-12-06 11:57:57 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
b6650add46 Introducing 'new style classes' (idea from Pull request #284) 2012-12-06 10:42:53 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
6b39e661a7 Fix for an issue #279 2012-12-05 12:15:14 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
949fcb77cf Minor style update 2012-12-05 10:22:16 +01:00
Miroslav Stampar
d4b5133df7 Update for an Issue #272 2012-12-04 17:04:32 +01:00
Miroslav Stampar
a14697e8cf Implementation for an Issue #272 2012-12-04 16:47:34 +01:00
Miroslav Stampar
6b007ab188 Minor patch for an Issue #274 (just in case to avoid this kind of problems) 2012-12-04 16:14:14 +01:00
Miroslav Stampar
e2aa695655 Minor update 2012-12-03 17:20:18 +01:00
Miroslav Stampar
42a8234c6f Update for an Issue #12 2012-12-03 14:27:01 +01:00
Miroslav Stampar
79fca8e9d5 Fix for an Issue #268 2012-12-03 12:13:59 +01:00
Miroslav Stampar
8410fc5a9d Minor update 2012-12-02 08:00:55 +01:00
redshark1802
1675386093 fixed typo that created an invalid configuration file with the option '--save' 2012-11-30 23:00:03 +01:00
Miroslav Stampar
0664e72bea Minor fix for an Issue #230 2012-11-30 12:13:34 +01:00
Miroslav Stampar
5b61e9ce12 Minor update for an Issue #254 2012-11-30 11:43:50 +01:00
Miroslav Stampar
7e2db762d6 Minor update 2012-11-29 15:45:04 +01:00
Miroslav Stampar
8f10023523 Fix for an Issue #266 2012-11-29 15:44:14 +01:00
Miroslav Stampar
3b961c2550 Update for an Issue #254 2012-11-29 15:36:38 +01:00
Miroslav Stampar
605d73cc3d Minor refactoring 2012-11-29 12:21:12 +01:00
Miroslav Stampar
7304971544 Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator' 2012-11-29 11:43:49 +01:00
Miroslav Stampar
7c16bfe025 Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN ) 2012-11-29 10:51:59 +01:00
Miroslav Stampar
a7e1e856d4 Fix for an Issue #260 2012-11-28 17:00:26 +01:00
Miroslav Stampar
35d1146fd1 Minor update for an (Issue #254) 2012-11-28 12:53:11 +01:00
Miroslav Stampar
753d0f18bf First CSS style added for a HTML table dump format (Issue #254) 2012-11-28 12:46:43 +01:00
Miroslav Stampar
b6ea337937 First style-less prototype for an HTML dump output (Issue #254) 2012-11-28 12:28:42 +01:00
Miroslav Stampar
e2d8b53e97 Minor update for an Issue #264 2012-11-28 11:45:33 +01:00
Miroslav Stampar
cff0c59630 Implementation for an Issue #264 2012-11-28 11:41:39 +01:00
Miroslav Stampar
5bf5b95588 More refactoring for an Issue #254 2012-11-28 11:16:00 +01:00
Miroslav Stampar
87a92ab330 Deprecating --replicate (Issue #254) 2012-11-28 11:10:57 +01:00
Miroslav Stampar
f08eb0fd9f Minor style update 2012-11-28 10:59:15 +01:00
Miroslav Stampar
d95dd2d16e Preparation for an Issue #254 2012-11-28 10:58:18 +01:00
Miroslav Stampar
621ae587c7 Fix for an Issue #263 2012-11-28 00:03:17 +01:00
Miroslav Stampar
d490ffb163 Fix for an Issue #259 2012-11-27 11:45:22 +01:00
Miroslav Stampar
bd33128085 Fix for an Issue #262 2012-11-27 10:08:22 +01:00
Miroslav Stampar
38c96a366b Patch for an Issue #260 2012-11-26 11:16:59 +01:00
Miroslav Stampar
ef2038f1c8 Implementation for an Issue #253 2012-11-21 10:16:13 +01:00
Miroslav Stampar
c40dded28c Fix for an Issue #250 2012-11-20 12:10:29 +01:00
Miroslav Stampar
93e071fc33 Fix for an Issue #251 2012-11-20 11:19:23 +01:00
Miroslav Stampar
302348b0cd Minor update 2012-11-19 11:59:28 +01:00
Miroslav Stampar
a40d7a5bca Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed) 2012-11-15 15:06:54 +01:00
Miroslav Stampar
d37be5f97b Fix for an Issue #248 2012-11-14 15:54:24 +01:00
Miroslav Stampar
9a54a911a8 Patch for an Issue #231 2012-11-14 11:30:29 +01:00
Miroslav Stampar
5b3fe25211 Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages) 2012-11-13 15:22:59 +01:00
Miroslav Stampar
6f7f9dd8eb Patch for an Issue #242 2012-11-13 10:41:13 +01:00
Miroslav Stampar
a52dbc575b Patch for an Issue #246 2012-11-13 10:21:11 +01:00
Miroslav Stampar
f305dde413 Patch for an Issue #235 2012-11-10 11:01:29 +01:00
Miroslav Stampar
181c3534f0 Patch for an Issue #237 2012-11-08 19:16:37 +01:00
Miroslav Stampar
e7e83defaa Minor update 2012-11-08 11:09:34 +01:00
Miroslav Stampar
1ee0d9ce5e Fix for an Issue #229 2012-11-05 15:58:54 +01:00
Miroslav Stampar
3cf5fc2f5a Fix for an Issue #230 2012-11-05 15:10:49 +01:00
Miroslav Stampar
2de52927f3 Code refactoring (epecially Google search code) 2012-10-30 18:38:10 +01:00
Miroslav Stampar
76b793b199 Fix for an Issue #228 2012-10-30 18:08:25 +01:00
Miroslav Stampar
6e2041bc13 Better language than in last commit 2012-10-30 11:54:21 +01:00
Miroslav Stampar
1bbeb92eb6 Better language (used formation 'not required' in case of help for --dependencies while 'required'->'needs' in a check itself) 2012-10-30 11:19:39 +01:00
Miroslav Stampar
5cfc066ac4 Minor update 2012-10-30 10:30:22 +01:00
Miroslav Stampar
7c7aff12c6 Update for an Issue #225 2012-10-30 01:26:19 +01:00
Miroslav Stampar
b0f5b4f9bc Update for an Issue #225 2012-10-30 00:59:31 +01:00
Miroslav Stampar
726de868e2 Fix for an Issue #225 2012-10-30 00:37:43 +01:00
Miroslav Stampar
a9094a35fe Fix for an Issue #227 2012-10-30 00:20:49 +01:00
Miroslav Stampar
1d07b93730 Bug fix for --os-shell on MySQL (it was not working for a long time because of this) 2012-10-29 15:45:30 +01:00
Miroslav Stampar
5358d85d37 Important refactoring for web-based functionality 2012-10-29 15:09:05 +01:00
Miroslav Stampar
81ccf28785 Minor refactoring 2012-10-29 14:08:48 +01:00
Miroslav Stampar
d6e16e8641 Minor update 2012-10-29 11:08:02 +01:00
Miroslav Stampar
359e734954 Minor refactoring 2012-10-29 10:48:49 +01:00
Miroslav Stampar
919f75db9b Improvement and fix for pivotDumpTable mechanism 2012-10-28 23:09:35 +01:00
Miroslav Stampar
d7973c3e32 Improvement of pivotDumpTable mechanism (no more fail on first entry) 2012-10-28 22:18:22 +01:00
Miroslav Stampar
c1eb803ef5 Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly) 2012-10-28 21:16:51 +01:00
Miroslav Stampar
b75c52f93c Minor display fix (in --hex mode) 2012-10-28 12:30:21 +01:00
Miroslav Stampar
25a5073281 Bug fix for --hex/--technique=B (especially MsSQL) 2012-10-28 12:22:33 +01:00
Miroslav Stampar
8617fe0d65 Bug fix for international letters decoded with --hex on MsSQL 2012-10-28 11:50:16 +01:00
Miroslav Stampar
ca427af8b3 Minor refactoring/improvement 2012-10-28 01:42:08 +02:00
Miroslav Stampar
43ddf39bea Minor refactoring 2012-10-28 01:16:02 +02:00
Miroslav Stampar
bcdba7b7bb Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details 2012-10-28 01:11:50 +02:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
7207cf29dd Minor update 2012-10-26 11:05:44 +02:00
Miroslav Stampar
965d7eee17 Minor bug fix for a reflection removal mechanism 2012-10-26 00:06:15 +02:00
Miroslav Stampar
235cc656b9 Fix for an Issue #224 2012-10-25 15:25:31 +02:00
Miroslav Stampar
bcf708f4b1 Minor update 2012-10-25 13:37:33 +02:00
Miroslav Stampar
fdcdd11cb9 Minor update for an Issue #222 2012-10-25 13:35:44 +02:00
Miroslav Stampar
8a5844a364 Implementation for an Issue #222 2012-10-25 13:21:32 +02:00
Miroslav Stampar
afd82b92dd Patch for an Issue #221 2012-10-25 10:21:36 +02:00
Miroslav Stampar
12fc9442b9 Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00
Miroslav Stampar
54fbb22ab8 Minor refactoring 2012-10-25 09:56:36 +02:00
Miroslav Stampar
65ec715828 Fix for an Issue #218 2012-10-25 00:03:00 +02:00
Miroslav Stampar
5477c9f7ba Fix for an Issue #216 2012-10-24 22:59:46 +02:00
Miroslav Stampar
056be32ac1 Fix for Issue #213 2012-10-23 17:06:31 +02:00
Miroslav Stampar
99ceea5eae Fix for an Issue #214 2012-10-23 17:05:45 +02:00
Miroslav Stampar
f3aa09c794 Minor language fix 2012-10-23 15:52:43 +02:00
Miroslav Stampar
eb6f17b561 Fix for --dump and -d=mssql 2012-10-23 15:02:43 +02:00
Miroslav Stampar
4365c48e83 Minor style update 2012-10-23 14:38:24 +02:00
Miroslav Stampar
06f226c494 Fix for an Issue #211 2012-10-23 14:37:45 +02:00
Miroslav Stampar
b82eb3a1ae Fix for an Issue #210 2012-10-23 13:58:25 +02:00
Miroslav Stampar
f2bbf1ead9 Fix for raw_input raising EOFError and KeyboardInterrupt on Ctrl-C (Windows platform) 2012-10-23 11:05:00 +02:00
Miroslav Stampar
5ff2e33c43 Minor fix 2012-10-23 10:54:26 +02:00
Miroslav Stampar
68d5faa287 Minor update 2012-10-23 10:46:17 +02:00
Miroslav Stampar
54d086f409 Minor fix 2012-10-23 10:02:10 +02:00
Miroslav Stampar
f11a640e99 Undo of a previous commit (pdb left inside) 2012-10-22 14:39:35 +02:00
Miroslav Stampar
b913e2123d Displaying hex-decoded resulting output in --hex mode 2012-10-22 14:39:11 +02:00
Miroslav Stampar
029143880a Displaying hex-decoded resulting output in --hex mode 2012-10-22 14:36:01 +02:00
Miroslav Stampar
39f565533a In case on --no-cast DUMP_REPLACEMENTS should not be used 2012-10-22 14:13:30 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
21481df239 Minor update for Issue #209 2012-10-21 19:00:37 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
261b286021 Fix for an Issue #209 2012-10-20 13:17:45 +02:00
Miroslav Stampar
6a271fe800 Update for an Issue #2 2012-10-19 11:29:03 +02:00
Miroslav Stampar
998eb70288 Minor update 2012-10-19 11:05:10 +02:00
Miroslav Stampar
987f167e12 Minor update 2012-10-19 11:03:54 +02:00
Miroslav Stampar
d65d9e25cd Implementation for an Issue #2 2012-10-19 11:02:14 +02:00
Miroslav Stampar
688a2db27a Fix for an Issue #208 2012-10-19 10:04:09 +02:00
Miroslav Stampar
64b4586883 Minor update 2012-10-18 11:36:12 +02:00
Miroslav Stampar
ea49fa2db2 Fix for an Issue #206 2012-10-18 11:11:20 +02:00
Miroslav Stampar
1cb2ca4195 Minor update 2012-10-18 10:55:27 +02:00
Miroslav Stampar
b5060c0010 Fix for an Issue #205 2012-10-16 14:28:46 +02:00
Miroslav Stampar
2cb1b054bb Implementation for an Issue #79 2012-10-16 12:32:58 +02:00
Miroslav Stampar
3e64ab214e Minor update 2012-10-16 10:28:59 +02:00
Miroslav Stampar
9ad58cb531 Implementation for an Issue #204 2012-10-16 10:24:05 +02:00
Miroslav Stampar
8b57e1fce6 Minor update for an Issue #203 2012-10-15 23:15:52 +02:00
Miroslav Stampar
42b2c85517 Minor cosmetics 2012-10-15 18:45:13 +02:00
Miroslav Stampar
c7cf8b2e80 Minor refactoring of direct() 2012-10-15 18:41:41 +02:00
Miroslav Stampar
048e720f69 Minor refactoring for an Issue #203 2012-10-15 17:55:57 +02:00
Miroslav Stampar
9aba690a60 Patch for an Issue #203 2012-10-15 16:23:41 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
56832fe9c4 Better adjustTimeDelay() candidate algorithm 2012-10-11 14:23:53 +02:00
Miroslav Stampar
e61c4c22c9 Implementation for an Issue #200 2012-10-09 15:19:47 +02:00
Miroslav Stampar
cd9a47835b Minor consistency update 2012-10-09 14:48:26 +02:00
Miroslav Stampar
8c5fb1b064 Minor update 2012-10-09 14:46:45 +02:00
Miroslav Stampar
ea12ccec77 Minor refactoring 2012-10-09 11:33:19 +02:00
Miroslav Stampar
10b0fd21dc Fix for an Issue #198 2012-10-09 11:27:19 +02:00
Miroslav Stampar
5a91b6e622 Minor cleanup 2012-10-09 10:21:52 +02:00
Miroslav Stampar
8e7449ccd5 Minor update 2012-10-07 20:28:24 +02:00
Miroslav Stampar
ff205f088b Minor update 2012-10-07 20:12:55 +02:00
Miroslav Stampar
cc3f387551 Patch for an Issue #127 2012-10-05 10:49:31 +02:00
Miroslav Stampar
ebc7088f94 Implementation for an Issue #128 2012-10-05 10:24:09 +02:00
Miroslav Stampar
098e446ca4 Adding support for generic XML POST data 2012-10-04 18:44:12 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
8865fe69d7 Minor cleanup 2012-10-04 18:26:07 +02:00
Miroslav Stampar
2fbd05c98f Minor language update 2012-10-04 18:04:55 +02:00
Miroslav Stampar
d464678e10 Minor update for an Issue #49 2012-10-04 18:01:42 +02:00
Miroslav Stampar
84b05e2d18 Better treating of numeric values (Issue #49) 2012-10-04 16:08:37 +02:00
Miroslav Stampar
31aa9be1c7 Minor update 2012-10-04 15:40:11 +02:00
Miroslav Stampar
9129dac77b Minor fix for an Issue #134 2012-10-04 15:33:26 +02:00
Miroslav Stampar
5d2b534908 Minor update (Issue #49) 2012-10-04 15:23:01 +02:00
Miroslav Stampar
5b59b6feb4 Removing junk part 2012-10-04 12:09:09 +02:00
Miroslav Stampar
d570e25b1b Minor workflow update 2012-10-04 12:05:59 +02:00
Miroslav Stampar
eddc634ceb Minor improvement (custom injection marks are now processed in order of appearance) 2012-10-04 11:52:40 +02:00
Miroslav Stampar
3764d230be Minor fix for Issue #197 and Issue #49 2012-10-04 11:43:37 +02:00
Miroslav Stampar
dee6d2f9ff Minor language update 2012-10-04 11:34:14 +02:00
Miroslav Stampar
461e5ebc5f Work for Issue #197 and Issue #49 2012-10-04 11:25:44 +02:00
Miroslav Stampar
bcbf0571a5 Implementation for an Issue #49 2012-10-02 14:23:58 +02:00
Miroslav Stampar
763dc98311 Minor refactoring 2012-10-02 13:36:15 +02:00
Miroslav Stampar
a8aecaa036 Minor style update 2012-10-02 13:33:10 +02:00
Miroslav Stampar
19407b9aca Minor update 2012-09-26 15:25:01 +02:00
Miroslav Stampar
6eae7013b6 Minor cosmetics 2012-09-26 15:03:12 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
6bc5f44b20 Minor just in case update for an Issue #195 (safer behavior on forced charsets) 2012-09-25 15:09:07 +02:00
Miroslav Stampar
efe4c13ed1 Update regarding suffixQuery (user supplied --suffix should nullify any eventual payload comments) 2012-09-25 14:36:15 +02:00
Miroslav Stampar
ec43ceec40 Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;) 2012-09-25 14:29:22 +02:00
Miroslav Stampar
560e0fcb25 Minor cleanup 2012-09-25 14:21:57 +02:00
Miroslav Stampar
fccdb824bb Patch for an Issue #193 2012-09-25 11:21:39 +02:00
Miroslav Stampar
c9e7e71ea2 Implementation for an Issue #195 2012-09-25 10:17:25 +02:00
Miroslav Stampar
9ca7b3e20e Implementation for an Issue #194 2012-09-25 09:25:35 +02:00
Miroslav Stampar
d175decdfc Fix for an Issue #190 2012-09-22 20:59:40 +02:00
Miroslav Stampar
a6eeebfca8 Fix for an Issue #188 2012-09-20 11:30:07 +02:00
Miroslav Stampar
9a1fbb8941 Fix for an Issue #185 2012-09-13 14:22:26 +02:00
Miroslav Stampar
e570858db9 Implementation for an Issue #183 2012-09-12 11:50:38 +02:00
Miroslav Stampar
a64438fb5c Minor language update 2012-09-11 19:45:40 +02:00
Miroslav Stampar
05dced5418 Minor language update 2012-09-11 19:43:03 +02:00
Miroslav Stampar
511c3b8dcc Update and fix for an Issue #182 2012-09-11 14:58:52 +02:00
Miroslav Stampar
10b671d625 Update for an Issue #182 2012-09-11 12:08:34 +02:00
Miroslav Stampar
12d33c7a38 Fix for Issue #180 and #181 (missing module from an Issue #179) 2012-09-10 22:39:56 +02:00
Miroslav Stampar
5d23d72ff5 Fix for an Issue #176 2012-09-08 17:58:03 +02:00
Miroslav Stampar
f26ea04e38 Fix for an Issue #175 2012-09-07 17:06:38 +02:00
Miroslav Stampar
e4bc471f81 Fix for an Issue #173 2012-09-07 10:09:19 +02:00
Miroslav Stampar
a3baf94e9b Minor style update 2012-09-07 10:09:00 +02:00
Miroslav Stampar
cea5127ffd Update for an Issue #6 2012-09-06 15:51:38 +02:00
Miroslav Stampar
c3d191e626 Minor update for an Issue #2 2012-09-06 14:13:54 +02:00
Miroslav Stampar
1e238b5a5a Minor update 2012-09-06 13:36:34 +02:00
Miroslav Stampar
dbce417cdd Potential fix for an Issue #171 2012-09-02 22:48:41 +02:00
Miroslav Stampar
f6716cf7c0 Fix for an Issue #170 2012-09-01 23:52:00 +02:00
Miroslav Stampar
2170e64ca5 Minor bug fix 2012-08-31 19:48:45 +02:00
Miroslav Stampar
33980adaef Another update for an Issue #79 2012-08-31 12:46:38 +02:00
Miroslav Stampar
b916db34a4 Another update for an Issue #79 2012-08-31 12:38:02 +02:00
Miroslav Stampar
47d162f391 Minor update (same but cleaner) 2012-08-31 12:27:40 +02:00
Miroslav Stampar
7286d89cb6 Few fixes for an Issue #79 (problem with case sensitivity of request get_header) 2012-08-31 12:15:09 +02:00
Miroslav Stampar
2806185989 Minor refactoring 2012-08-31 10:43:06 +02:00
Miroslav Stampar
74a5d41272 Minor update for an Issue #79 2012-08-31 10:24:47 +02:00
Miroslav Stampar
cdd3ed6abc Minor bug fix 2012-08-30 14:22:18 +02:00
Miroslav Stampar
a89d61415a 'Patch' for an Issue #167 2012-08-29 21:29:27 +02:00
Miroslav Stampar
c1c65a7167 Fix for an Issue #166 2012-08-29 20:21:45 +02:00
Miroslav Stampar
9674b174ee One more minor update related to last commit 2012-08-23 15:37:17 +02:00
Miroslav Stampar
b79247c197 Minor update 2012-08-23 15:22:14 +02:00
Miroslav Stampar
e9ae44c6fc Implementation for an #162 2012-08-22 16:50:01 +02:00
Miroslav Stampar
0ad3846451 Minor language update 2012-08-22 16:10:56 +02:00
Miroslav Stampar
f1f6364690 Changing default readInput value on dictionary-based attack depending on conf.multipleTargets 2012-08-22 16:10:38 +02:00
Miroslav Stampar
a62a874d59 Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets) 2012-08-22 16:06:09 +02:00
Miroslav Stampar
4ab4fd1cb4 Minor update 2012-08-22 15:53:40 +02:00
Miroslav Stampar
52351e5d81 Update for an Issue #161 (now detecting format error messages too) 2012-08-22 15:51:47 +02:00
Miroslav Stampar
a6d743ec4c Minor console output fix (redundant newline has been displayed in case of rawInput) 2012-08-22 14:43:57 +02:00
Miroslav Stampar
7b93108e7d Favoring non-string specific boundaries in case of digit-like parameter values 2012-08-22 13:58:52 +02:00
Miroslav Stampar
25ee333e66 Minor language update 2012-08-22 12:00:17 +02:00
Miroslav Stampar
8a5042b6a4 Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case) 2012-08-22 11:56:30 +02:00
Miroslav Stampar
7d0662da23 Update for an #161 2012-08-22 11:42:06 +02:00
Miroslav Stampar
61151447fe Implementation of an Issue #161 2012-08-22 11:27:58 +02:00
Miroslav Stampar
6210ddfbd6 Minor refactoring 2012-08-22 11:00:39 +02:00
Miroslav Stampar
a927d94d39 Update for an Issue #155 2012-08-22 10:57:31 +02:00
Miroslav Stampar
32a36f1ff3 El Cosmeticado 2012-08-22 09:58:39 +02:00
Miroslav Stampar
2c66ca39f1 Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0) 2012-08-22 09:53:53 +02:00
Miroslav Stampar
ebab05cf7c Fix for an Issue #158 2012-08-21 20:20:38 +02:00
Miroslav Stampar
ad59abe018 Cleaning leftover 2012-08-21 14:37:09 +02:00
Miroslav Stampar
1b86fffc6d Fix for an Issue #157 2012-08-21 14:36:04 +02:00
Miroslav Stampar
d421f9a618 Fix for an Issue #157 2012-08-21 14:34:19 +02:00
Miroslav Stampar
1bcf5a6b88 Some more dict refactorings 2012-08-21 11:30:01 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
b9c63eb908 Fix for an Issue #156 2012-08-21 10:46:29 +02:00
Miroslav Stampar
b7415d36df Minor refactoring 2012-08-21 10:28:25 +02:00
Miroslav Stampar
7a8ace78f9 Removing redundant newline char as logger already adds it's own 2012-08-21 09:58:40 +02:00
Miroslav Stampar
233b9a3815 Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those) 2012-08-20 22:17:39 +02:00
Miroslav Stampar
8ee9feafb9 Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries) 2012-08-20 21:57:25 +02:00
Miroslav Stampar
6f450ac8bf Implementation for an Issue #155 2012-08-20 12:14:01 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
2b6123c4f8 Minor style update 2012-08-20 11:29:23 +02:00
Miroslav Stampar
e0d9fa8666 Minor style update 2012-08-20 11:28:41 +02:00
Miroslav Stampar
76338add17 Fix for an Issue #152 2012-08-20 10:41:43 +02:00
Miroslav Stampar
59078bb1b8 Fix for an Issue #154 2012-08-20 10:05:13 +02:00
Miroslav Stampar
4649450603 Fix for an Issue #137 2012-08-16 22:20:24 +02:00
Miroslav Stampar
0d8fca30c9 Fix for an Issue #59 2012-08-16 11:31:43 +02:00
Miroslav Stampar
1af81c0de4 Implementation of an Issue #149 2012-08-15 22:31:25 +02:00
Miroslav Stampar
f358ab2e73 Implementation of an Issue #147 2012-08-15 16:37:18 +02:00
Miroslav Stampar
36b55cf209 Proper fix for an Issue #145 2012-08-14 22:28:42 +02:00
Miroslav Stampar
ab35ab4e2a Fix for an Issue #145 2012-08-14 18:52:45 +02:00
Miroslav Stampar
432b567584 Fix for an Issue #141 2012-08-08 00:03:58 +02:00
Miroslav Stampar
31ceb0cb6c Fix for an Issue #140 2012-08-07 10:57:29 +02:00
Miroslav Stampar
fec8a5cc9d Fix for an Issue #139 2012-08-07 00:50:58 +02:00
Miroslav Stampar
f797a6d813 Fix for an Issue #125 2012-07-31 13:06:45 +02:00
Miroslav Stampar
6f529542e3 Making those --string tips (containing escaped characters) decodable by sqlmap 2012-07-31 11:32:53 +02:00
Miroslav Stampar
142fc887f1 Fix for an Issue #129 2012-07-31 11:03:44 +02:00
Miroslav Stampar
bdbe8ff9d9 Fix for an Issue #132 2012-07-30 22:39:45 +02:00
Miroslav Stampar
47073f4afd Implementation of an Issue #131 2012-07-30 21:50:46 +02:00
Miroslav Stampar
93d35fe522 Minor update regarding Issue #129 2012-07-30 21:43:32 +02:00
Miroslav Stampar
b9ac50faef Minor bug fix 2012-07-30 12:09:20 +02:00
Miroslav Stampar
a86f9798b2 Minor refactoring together with a wider support for html entities 2012-07-30 11:21:32 +02:00
Miroslav Stampar
20a66567a3 Minor refactoring 2012-07-30 10:06:14 +02:00
Miroslav Stampar
cc2a916716 Fix for an Issue #126 2012-07-29 17:33:08 +02:00
Miroslav Stampar
1669c6bdb4 Another update for an Issue #28 2012-07-27 17:05:21 +02:00
Miroslav Stampar
6ffc5665d0 Update for Issue #28 2012-07-27 16:29:33 +02:00
Miroslav Stampar
07738004cc Fix for an Issue #123 2012-07-27 10:02:47 +02:00
Miroslav Stampar
a5062c1e4f Adding a warn message when --dns-domain is ignored (because of faster techniques) 2012-07-27 09:48:48 +02:00
Bernardo Damele
92c2b3bd4c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-26 23:11:11 +01:00
Bernardo Damele
d492291744 working on issue #12 2012-07-26 23:11:07 +01:00
Miroslav Stampar
cba387a0a0 Minor speed up 2012-07-26 15:42:04 +02:00
Miroslav Stampar
efa99c4519 Implementation for an Issue #4 2012-07-26 14:07:05 +02:00
Miroslav Stampar
b3552494c4 Minor preparation for an Issue #48 2012-07-26 12:26:57 +02:00
Miroslav Stampar
3e9f1fe410 Minor style update 2012-07-26 12:13:16 +02:00
Miroslav Stampar
30f8d09651 Implementation for an Issue #70 2012-07-26 12:06:02 +02:00
Miroslav Stampar
231f0f76b5 Fix for an Issue #119 2012-07-26 00:49:51 +02:00
Miroslav Stampar
cba77410a9 Minor style update 2012-07-26 00:08:49 +02:00
Miroslav Stampar
18b1d1efd6 Fix for an Issue #121 2012-07-26 00:02:38 +02:00
Miroslav Stampar
2b60e61d54 Minor update for #119 2012-07-25 10:57:19 +02:00
Miroslav Stampar
922ea9d1f4 Update for Issue #118 2012-07-24 15:43:29 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Miroslav Stampar
42f518b2d6 Minor update for letting unhandledExceptionMessage() do it's job if kb has not yet been initialized 2012-07-24 14:44:44 +02:00
Miroslav Stampar
b820975217 Improvement of decodeIntToUnicode() 2012-07-23 19:31:06 +02:00
Miroslav Stampar
1153b4563c Minor update for an Issue #111 2012-07-23 18:44:50 +02:00
Miroslav Stampar
fccd69721e Update for an Issue #111 2012-07-23 18:38:46 +02:00
Miroslav Stampar
ab9cb80602 Implementing Issue #111 2012-07-23 15:14:52 +02:00
Miroslav Stampar
6809449e31 Minor style update 2012-07-23 15:06:49 +02:00
Miroslav Stampar
63bf99ce77 Minor just in case update for an Issue #117 2012-07-23 14:46:43 +02:00
Miroslav Stampar
c6b724489b Minor style update 2012-07-23 14:26:42 +02:00
Miroslav Stampar
a7d1a0c250 Implementation for an Issue #117 2012-07-23 14:14:22 +02:00
Miroslav Stampar
3279ce53a8 Minor style update 2012-07-23 13:57:38 +02:00
Miroslav Stampar
534eccc9aa Fix for an Issue #115 2012-07-23 10:16:47 +02:00
Miroslav Stampar
1b6cb9442f Fix for an Issue #114 2012-07-21 23:31:36 +02:00
Bernardo Damele
0a4b6431a8 minor bug fix - issue #112 2012-07-21 16:51:01 +01:00
Miroslav Stampar
95e0d46e3e Fix for an Issue #110 2012-07-21 09:15:54 +02:00
Bernardo Damele
dba0a96c2e fall-back to UNION technique if web file stager was not uploaded with LIMIT 2012-07-20 17:11:22 +01:00
Bernardo Damele
cbe8f41746 minor code refactoring preparing for #96 2012-07-20 16:20:17 +01:00
Miroslav Stampar
f336afa913 Implementation for Issue #108 2012-07-20 09:48:09 +02:00
Miroslav Stampar
dcf8a27f12 Implementation for an Issue #67 2012-07-18 14:24:10 +02:00
Miroslav Stampar
4fc462c4d9 Minor update for an Issue #105 2012-07-18 14:09:04 +02:00
Miroslav Stampar
655dd55a6f Implementation of an Issue #105 2012-07-18 13:32:34 +02:00
Miroslav Stampar
08244c7ebf Fix for an Issue #104 2012-07-17 15:05:50 +02:00
Miroslav Stampar
e30646a54f Fix for an Issue #103 2012-07-17 10:36:22 +02:00
Miroslav Stampar
41d16e55cb Typo fix (#102) 2012-07-17 09:13:19 +02:00
Bernardo Damele
7198e3185b Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-17 00:25:08 +01:00
Bernardo Damele
318a01b867 minor typo fixes 2012-07-17 00:25:02 +01:00
Miroslav Stampar
d6ceb7af5e Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-17 00:19:52 +02:00
Miroslav Stampar
81d15e5051 Fix for an Issue #101 2012-07-17 00:19:33 +02:00
Bernardo Damele
5f876bdbbe minor adjustments 2012-07-16 22:50:29 +01:00
Miroslav Stampar
c96e44b30c Fix for an Issue #100 2012-07-16 23:28:01 +02:00
Miroslav Stampar
ffbbb10abb Support for dotted identificator names 2012-07-16 23:13:21 +02:00
Miroslav Stampar
0e21cb54de Minor fix related to Issue #94 2012-07-16 16:06:39 +02:00
Miroslav Stampar
0f64e1e6c1 Minor update for Issue #94 (not fixing it) 2012-07-16 15:43:02 +02:00
Miroslav Stampar
0eff977c63 Refactoring for Issue #91 2012-07-16 12:24:54 +02:00
Miroslav Stampar
4d759984b2 Implementation for Issue #91 2012-07-16 12:12:52 +02:00
Miroslav Stampar
c1a14257a4 Removing --disable... switches and making changes in default choice(s) for respectable sections 2012-07-16 11:31:51 +02:00
Miroslav Stampar
07a85874fe Implementation for Issue #92 2012-07-16 11:07:47 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
38d82771be Minor style update 2012-07-14 11:23:22 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Miroslav Stampar
9a7fc24ec2 Minor style update 2012-07-13 15:22:08 +02:00
Miroslav Stampar
ddb9caeef1 Revert of the previous commit 2012-07-13 15:05:19 +02:00
Miroslav Stampar
d165d5d5fe To not be confused with heuristic method in SQLi 2012-07-13 15:03:43 +02:00
Miroslav Stampar
32b700f130 Minor style update 2012-07-13 15:02:11 +02:00
Miroslav Stampar
fbb5db00ba Minor style update 2012-07-13 15:00:39 +02:00
Miroslav Stampar
786686da60 Minor language update 2012-07-13 14:53:42 +02:00
Miroslav Stampar
9ff9c951bc Language update 2012-07-13 14:33:16 +02:00
Miroslav Stampar
6677da63cd Fix for an Issue #88 2012-07-13 14:25:39 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Miroslav Stampar
6ade007aec Minor update of language 2012-07-13 12:13:04 +02:00
Miroslav Stampar
c5ecc8b8db Closing work on Issue #83 2012-07-13 11:23:21 +02:00
Miroslav Stampar
48f68bd076 First commit for Issue #83 2012-07-13 10:35:22 +02:00
Miroslav Stampar
d834e8debf Minor update 2012-07-13 10:28:03 +02:00
Miroslav Stampar
b11fd8b9f7 Fix for an Issue #87 2012-07-13 10:11:16 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
a49d685eb8 Hidding --beep (Issue #84) 2012-07-12 17:03:24 +02:00
Bernardo Damele
ea9c66108e cleanup for issue #68 2012-07-12 15:38:43 +01:00
Miroslav Stampar
569c9214bf Adding support for boldifying important logging messages 2012-07-12 16:30:35 +02:00
Miroslav Stampar
b2fe1c30f8 Minority report 2012-07-12 16:04:01 +02:00
Miroslav Stampar
8e18514e56 Minor refactoring for all that stickyness 2012-07-12 15:58:45 +02:00
Miroslav Stampar
fe61bdce75 Minor update 2012-07-12 15:25:26 +02:00
Miroslav Stampar
dbbca16c69 Minor renaming 2012-07-12 15:24:40 +02:00
Miroslav Stampar
9bc24cea6b Dealing with kb.currentMessage issue 2012-07-12 15:23:35 +02:00
Miroslav Stampar
b320dc118d Minor fix (recognizing if it's colorizing handler or not) 2012-07-12 14:55:54 +02:00
Miroslav Stampar
cba2a26b68 Finishing Issue #75 (inference dumping) 2012-07-12 14:46:57 +02:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Miroslav Stampar
3fd5119f3f Redesigning for Issue #75 2012-07-12 13:42:22 +02:00
Bernardo Damele
3d66e2dfb1 minor bug fix 2012-07-12 10:47:51 +01:00
Bernardo Damele
33cbbed4a8 I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided 2012-07-12 01:39:15 +01:00
Bernardo Damele
f704a46341 silly blank line added 2012-07-12 01:38:29 +01:00
Bernardo Damele
ee3aeb8dcf actual implementation of issue #75, still some work to do 2012-07-12 01:16:00 +01:00
Bernardo Damele
3a94953ae2 leftover from previous commit 2012-07-12 01:15:34 +01:00
Bernardo Damele
a5924739f6 minor code refactoring in preparation of ticket #75 2012-07-12 01:12:30 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Bernardo Damele
4e64c1126d restored bold on questions to users (calls from readInput()) - issue #77 2012-07-11 22:56:11 +01:00
Bernardo Damele
247f95e051 restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done") 2012-07-11 22:48:27 +01:00
Bernardo Damele
2b3ea3e3b7 fixed colouring for PAYLOAD (-v 3) - issue #77 2012-07-11 22:40:52 +01:00
Miroslav Stampar
15ee5310d9 Adding traffic in and out to color_map 2012-07-11 20:42:18 +02:00
Miroslav Stampar
43cac2212b Fix for a case when ColorizingStreamHandler is not used 2012-07-11 20:36:32 +02:00
Miroslav Stampar
72378d4f61 Some more refactoring 2012-07-11 20:29:48 +02:00
Miroslav Stampar
c6464b44be Some more refactoring 2012-07-11 20:13:23 +02:00
Miroslav Stampar
d7926b8aac Minor refactoring 2012-07-11 19:54:21 +02:00
Bernardo Damele
53ccd09ca4 now also readInput() uses colouring 2012-07-11 17:53:32 +01:00
Bernardo Damele
02ec25b4b8 code refactoring 2012-07-11 17:44:23 +01:00
Bernardo Damele
77b275f1a6 conf->kb 2012-07-11 17:32:12 +01:00
Bernardo Damele
1d2c87e24e leftover 2012-07-11 17:22:01 +01:00
Bernardo Damele
105ac8ea77 deleted unnecessary hg file 2012-07-11 17:06:56 +01:00
Bernardo Damele
fa2f6f9a39 colourize manually crafter "logging" messages 2012-07-11 16:48:30 +01:00
Miroslav Stampar
295a7a8e5e Another update for Issue #80 2012-07-11 16:14:20 +02:00
Miroslav Stampar
9a4f8d5f45 Fix for Issue #80 2012-07-11 16:01:25 +02:00
Bernardo Damele
0702dd70b5 verify also that the web backdoor has been successfully uploaded 2012-07-11 14:08:51 +01:00
Bernardo Damele
31571e6e2d minor refactoring 2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Bernardo Damele
f219b39980 minor fix in case ctypes is not installed on Windows 2012-07-10 13:08:37 +01:00
Miroslav Stampar
8caffac4bc conf.unescape->kb.unescape 2012-07-10 10:55:04 +02:00
Miroslav Stampar
e7f78bf04f Fix for an issue where False value was displayed for --is.. switches 2012-07-10 10:31:14 +02:00
Bernardo Damele
ea77e7d9d1 added missing file - issue #77 2012-07-10 03:00:21 +01:00
Bernardo Damele
eb7ffb8f91 setup for implementing logging colouring - issue #77 2012-07-10 02:54:37 +01:00
Bernardo Damele
0a3899858d missed in previous commit 2012-07-10 01:37:53 +01:00
Bernardo Damele
a27f50ed1d added conf.unescape global variable to control whether or not the injected statements should be unescaped 2012-07-10 01:37:16 +01:00
Bernardo Damele
f645ac6040 dealing with variables in SQL procs - issue #33 2012-07-10 01:05:03 +01:00
Bernardo Damele
2527554f8e more work on #33 2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0 initial work for issue #33 2012-07-10 00:27:08 +01:00
Bernardo Damele
d3da3f5c52 refactoring for issue #51 2012-07-10 00:19:32 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Bernardo Damele
99c5ea54f7 cleanup for #34 2012-07-09 12:39:43 +01:00
Bernardo Damele
d08a54e375 properly display the command stdout 2012-07-09 10:52:48 +01:00
Miroslav Stampar
3ff28e58b4 Update regarding Issue #52 2012-07-08 19:24:25 +02:00
Miroslav Stampar
0d539a876d Minor fix (subversion->github) 2012-07-07 23:49:34 +02:00
Miroslav Stampar
a525dd4336 Fix for Issue #72 2012-07-07 19:02:46 +02:00
Miroslav Stampar
54e0a2d8ee --os-shell now works perfect for inference-like techniques too 2012-07-07 17:57:06 +02:00
Miroslav Stampar
823b3d8be8 Minor language fixes 2012-07-07 11:41:52 +02:00
Miroslav Stampar
2669528b24 Language typo 2012-07-07 11:16:33 +02:00
Miroslav Stampar
58f6687194 Some refactoring (reusing xpCmdshellForgeCmd) 2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77 Proper fix 2012-07-07 10:38:07 +02:00
Miroslav Stampar
f00a776d8d Minor fix for BigArray (now accepting negative indexes) 2012-07-07 10:35:29 +02:00
Miroslav Stampar
1c69eb5d30 Revert "major fix"
This reverts commit 3a11fc2d9e.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e major fix 2012-07-06 22:55:34 +01:00
Miroslav Stampar
8c871476ee Some more refactoring 2012-07-06 17:34:40 +02:00
Miroslav Stampar
6bc0b34031 Some more refactoring 2012-07-06 17:28:01 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Miroslav Stampar
1a8ebbfd43 Minor refactoring 2012-07-06 17:05:47 +02:00
Bernardo Damele
373fea03a3 fixed display of TABs 2012-07-06 15:13:23 +01:00
Miroslav Stampar
438a636973 Fix for issue Issue #60 2012-07-06 15:36:32 +02:00
Miroslav Stampar
76f7f907c6 Minor update for Issue #61 2012-07-06 14:33:40 +02:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
1ebff35b19 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-06 12:25:21 +02:00
Miroslav Stampar
982fcde1c0 Fix for Issue #62 2012-07-06 12:24:55 +02:00
Bernardo Damele
4fa6d51d93 improved issues link 2012-07-05 16:26:50 +01:00
Miroslav Stampar
bc5025b06c Fix for Issue #59 2012-07-05 12:34:27 +02:00
Miroslav Stampar
c3c1b9e957 Minor restyling 2012-07-04 20:28:18 +02:00
Miroslav Stampar
7ad6697446 Fix for Issue #57 2012-07-04 20:21:44 +02:00
Miroslav Stampar
23fb753759 Finishing work on Issue #52 2012-07-03 22:13:01 +02:00
Miroslav Stampar
40fc6488bf Fix for Issue #56 (Google has changed few things for retrieving PR) 2012-07-03 21:00:18 +02:00
Miroslav Stampar
bbf41f6658 Removing debugging leftover 2012-07-03 16:50:05 +02:00
Miroslav Stampar
ada627a022 Another update for Issue #52 2012-07-03 16:49:34 +02:00
Miroslav Stampar
70f754f6c5 Making work on Issue #52 2012-07-03 16:34:11 +02:00
Bernardo Damele
793fa464e3 website url fix 2012-07-03 13:14:39 +01:00
Miroslav Stampar
51f35674ca Removing obsolete switch --version as version is now displayed with every run (Issue #54) 2012-07-03 13:11:09 +02:00
Miroslav Stampar
481b46a004 Restyling output for Issue #52 2012-07-03 13:06:52 +02:00
Miroslav Stampar
6b419067b7 Another minor update for Issue #54 2012-07-03 12:49:35 +02:00
Miroslav Stampar
8b8677b938 Another minor update for Issue #54 2012-07-03 12:29:42 +02:00
Miroslav Stampar
47b6e696d8 Minor update for Issue #54 2012-07-03 12:21:40 +02:00
Miroslav Stampar
3af1532700 Implementation for Issue #54 2012-07-03 12:09:18 +02:00
Miroslav Stampar
5af6ca58a0 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-03 00:50:45 +02:00
Miroslav Stampar
168aeadf76 Adding switch --output-dir (Issue #53) 2012-07-03 00:50:23 +02:00
Bernardo Damele
fd4cfb0cc0 working on #51 2012-07-02 15:28:19 +01:00
Bernardo Damele
7335072ab8 leftover 2012-07-02 15:11:21 +01:00
Bernardo Damele
04d803c7fd more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005) 2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55 minor refactoring, issue #51 2012-07-02 12:50:26 +01:00
Miroslav Stampar
8eefe4b71f Getting back revision number - displayed like in GitHub commits (Issue #52) 2012-07-02 13:01:20 +02:00
Bernardo Damele
add8352804 make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too 2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098 initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap 2012-07-02 02:04:19 +01:00
Bernardo Damele
7b4ecd9df0 added skeleton code for issue #34, still not usable 2012-07-02 00:22:34 +01:00
Bernardo Damele
4736d46677 just in case.. 2012-07-02 00:00:46 +01:00
Bernardo Damele
03d2c9c818 placeholder message when --update is provided, remove when the function is updated to pull changes from git 2012-07-01 23:59:44 +01:00
Bernardo Damele
18be319d13 hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run 2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c minor code refactoring 2012-07-01 23:31:45 +01:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
Miroslav Stampar
d7cd55fb28 Fix for Issue #47 2012-07-01 11:05:04 +02:00
Miroslav Stampar
21d9ae0a2c some more refactoring 2012-07-01 01:19:54 +02:00
Miroslav Stampar
f6509db31a minor refactoring 2012-07-01 00:33:19 +02:00
Miroslav Stampar
32f52cdd04 Another language update for Issue #45 2012-06-29 10:33:54 +02:00
Miroslav Stampar
f0e39c3fae Language update for Issue #45 2012-06-29 10:33:00 +02:00
Miroslav Stampar
c0f16f0c1a Fix for Issue #45 2012-06-29 10:31:03 +02:00
Miroslav Stampar
e51d3a02f1 Update for Issue #43 (renamed --disable-cracking to --disable-hash) 2012-06-28 18:53:47 +02:00
Miroslav Stampar
18b596ea75 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-06-28 18:48:18 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
Miroslav Stampar
2a72fcce2b Fix for Issue #42 2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
01be9381d5 minor update 2012-06-25 16:24:33 +00:00
Miroslav Stampar
6c4bd84d18 minor fix (turning back the functionality of kb.suppressResumeInfo) 2012-06-25 16:19:51 +00:00
Miroslav Stampar
ea5d483c86 session file no more 2012-06-21 11:19:30 +00:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
1e67b4f0b9 minor fix 2012-06-20 14:16:26 +00:00
Miroslav Stampar
302d782a0f minor style update 2012-06-19 08:33:51 +00:00
Miroslav Stampar
452ef202ae minor fixes 2012-06-17 22:48:23 +00:00
Miroslav Stampar
b9f6943a42 minor update 2012-06-17 21:23:12 +00:00
Miroslav Stampar
e2a60b302f minor fix 2012-06-17 21:21:45 +00:00
Miroslav Stampar
3da8f86e97 minor fix 2012-06-15 21:01:27 +00:00
Miroslav Stampar
fe49abd45f minor fix 2012-06-15 20:49:28 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
76c873a222 minor fix 2012-06-15 06:22:44 +00:00
Miroslav Stampar
76584ff0fa unhidding --test-filter 2012-06-14 14:36:53 +00:00
Miroslav Stampar
d2dd47fb23 some more refactoring 2012-06-14 13:52:56 +00:00
Miroslav Stampar
facce2c0df some more cleanup 2012-06-14 13:50:36 +00:00
Miroslav Stampar
d5e80089ff minor summer cleanup 2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
1204eb00b2 minor fix 2012-06-14 12:46:32 +00:00
Miroslav Stampar
19c0efec59 just a minor refactoring 2012-06-14 09:10:28 +00:00
Miroslav Stampar
a51d8c4c79 replacing identifier safe char " with [] enclosing for MsSQL 2012-06-13 15:27:42 +00:00
Miroslav Stampar
367de838c1 minor update 2012-06-13 14:08:32 +00:00
Miroslav Stampar
4ac3794e80 minor update 2012-06-12 14:22:14 +00:00
Miroslav Stampar
d7f698fa14 minor update 2012-06-11 22:01:13 +00:00
Miroslav Stampar
96177393e1 minor update regarding --exact switch 2012-06-10 13:38:12 +00:00
Miroslav Stampar
b85a1fc271 minor fix 2012-06-05 22:55:42 +00:00
Miroslav Stampar
058a9c59a2 fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results) 2012-06-05 22:40:55 +00:00
Miroslav Stampar
f94ebe3107 minor fix (credentials were only set for the first target) 2012-06-04 22:30:12 +00:00
Miroslav Stampar
738073105e minor updates 2012-06-04 19:52:51 +00:00
Miroslav Stampar
7b282b1d6c adding support for newer SSL protocols 2012-06-04 19:46:28 +00:00
Miroslav Stampar
10b0639a96 making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE) 2012-06-04 09:24:46 +00:00
Miroslav Stampar
76a4aa19ac some more fine tunning 2012-05-28 19:50:12 +00:00
Miroslav Stampar
73dba249e8 one more just in case update 2012-05-28 19:34:47 +00:00
Miroslav Stampar
efb406fbfc minor revert 2012-05-28 19:13:50 +00:00
Miroslav Stampar
f7cba8d2cb minor update 2012-05-28 18:05:15 +00:00
Miroslav Stampar
a72cb29c1f taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server 2012-05-28 16:57:10 +00:00
Miroslav Stampar
190ae4ca13 no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...) 2012-05-28 15:10:17 +00:00
Miroslav Stampar
89e90c3d84 revert of last commit 2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b minor update 2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
d2bbfa4aad minor style update 2012-05-28 14:04:17 +00:00
Miroslav Stampar
226547b7dc minor fix for --skip-urlencode and custom post 2012-05-28 09:04:25 +00:00
Miroslav Stampar
75dd1d6a2b minor fix 2012-05-27 21:54:56 +00:00
Miroslav Stampar
e967bbd70f minor patch 2012-05-27 21:44:42 +00:00
Miroslav Stampar
76eeba10e2 unhiding --dns-domain switch 2012-05-27 18:41:06 +00:00
Miroslav Stampar
fed0212631 now working with recursive queries too 2012-05-27 10:03:02 +00:00
Miroslav Stampar
71ff081fde minor update 2012-05-27 09:11:19 +00:00
Miroslav Stampar
09f2144485 full page read is not needed in DNS exfiltration mode 2012-05-26 21:28:43 +00:00
Miroslav Stampar
4e6fcce9ca minor update 2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9 minor language update 2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34 turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars 2012-05-26 07:00:26 +00:00
Miroslav Stampar
00d22f013f some consistency in variable naming at the file level 2012-05-25 10:08:55 +00:00
Miroslav Stampar
db526bdbc0 minor update (tainted values are not checked any more in multipleTargets mode) 2012-05-25 09:52:17 +00:00
Miroslav Stampar
dc20bff1d0 minor update 2012-05-25 08:30:24 +00:00
Miroslav Stampar
c394610740 adding switch --skip-urlencode to skip URL encoding of POST data 2012-05-24 23:30:33 +00:00
Miroslav Stampar
7657bbeaf9 minor update 2012-05-24 22:32:06 +00:00
Miroslav Stampar
86fdad2bfa minor update 2012-05-24 22:07:50 +00:00
Miroslav Stampar
eed8d7eb5d finalizing support for IPv6 2012-05-24 21:55:57 +00:00
Miroslav Stampar
b6d37d766a minor update regarding IPv6 support 2012-05-24 21:49:20 +00:00
Miroslav Stampar
92286104e3 minor just in case update 2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177 minor fix 2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293 minor fix 2012-05-24 20:53:01 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d minor style update 2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d minor update 2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5 minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces 2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c minor language update 2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b minor language upgrade 2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284 adding a warning about --tor switch 2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b turning off null connection on -o when --tor used (not compatible) 2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc minor just in case patch 2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98 minor code refactoring 2012-05-10 14:15:17 +00:00
Miroslav Stampar
12d32f58f2 fix for that SOAP reported bug 2012-05-10 13:39:54 +00:00
Miroslav Stampar
1418ae9767 little refactoring of parseUnionPage together with a patch for some special case 2012-05-09 18:47:40 +00:00
Miroslav Stampar
7fb1f3fc70 minor renaming 2012-05-09 18:26:02 +00:00
Miroslav Stampar
11d9859199 making nice code 2012-05-09 18:25:04 +00:00
Miroslav Stampar
b0a8238774 minor fixes 2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262 minor fix 2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6 minor update for empty tables (skipping other techniques) 2012-05-09 10:34:21 +00:00
Miroslav Stampar
6177317a17 minor update 2012-05-09 10:06:23 +00:00
Miroslav Stampar
37f2709197 making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) 2012-05-09 09:08:23 +00:00
Miroslav Stampar
fdf61015ad minor patch 2012-05-09 08:41:05 +00:00
Miroslav Stampar
e419177871 minor update 2012-05-08 17:28:19 +00:00
Miroslav Stampar
deec97dfe3 adding Frontbase to error message regexes 2012-05-08 17:02:58 +00:00
Miroslav Stampar
eccd4da00f minor fix 2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e doing all the work for the users so they wouldn't strain their little hands 2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2 that query variable hasn't been used anywhere (obsolete for some time) 2012-05-08 14:34:40 +00:00
Miroslav Stampar
6af110d631 avoiding --no-cast/--hex warning message before a DBMS is fingerprinted 2012-05-08 14:06:41 +00:00
Miroslav Stampar
64c241fe92 limiting original UNION query results to only 1 result (potentially speeding things up in some cases) 2012-05-08 13:45:53 +00:00
Miroslav Stampar
e00f4a8934 minor cosmetics 2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395 automatically writing uncracked hashes to a file for eventual further processing 2012-05-08 10:46:05 +00:00
Miroslav Stampar
80ee687b41 minor beauty patch 2012-05-07 13:51:31 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b minor update 2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f causing too much confusion among dummy users 2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set) 2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical 2012-04-25 20:29:07 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
cec432f94d minor update 2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a adding --purge-output to be one of mandatory switches 2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c minor update 2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce adding new file related to the last commit 2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1 adding option '--purge' 2012-04-23 14:24:23 +00:00
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
be2da77bf8 minor update 2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198 minor fix 2012-04-23 10:11:00 +00:00
Miroslav Stampar
775134639d minor update 2012-04-20 20:33:15 +00:00
Miroslav Stampar
2b1b4c0742 minor fix 2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade minor renaming 2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68 reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types) 2012-04-15 16:59:03 +00:00
Miroslav Stampar
71b0acc16f minor fix (checking for full inband should be done with ORIGINAL - more concise) 2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46 minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....) 2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895 another cosmetics 2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3 minor cosmetics 2012-04-13 15:10:40 +00:00
Miroslav Stampar
54576ab3a6 making a random choice from candidates 2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5 use it only if page is stable 2012-04-13 10:19:26 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
831f79b851 minor generalization 2012-04-12 09:30:19 +00:00
Miroslav Stampar
c7422546e1 tiny update 2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981 minor update 2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093 correcting comment on reflective removal function 2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4 minor fixes 2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f some more updates in reflective removal mechanism 2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497 minor improvement for reflective values (when missing first part of payload like in error reports) 2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2 some more updates for reflective mechanism 2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e improvement of reflective mechanism 2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf minor adjustment 2012-04-11 08:35:09 +00:00
Miroslav Stampar
e33ea7c33a minor fix 2012-04-10 22:29:39 +00:00
Miroslav Stampar
8541222080 minor update 2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47 minor fix 2012-04-10 22:20:53 +00:00
Miroslav Stampar
a82206cec4 minor cosmetics 2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) 2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5 minor refactoring 2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345 minor update 2012-04-04 23:47:06 +00:00
Miroslav Stampar
e0994947e2 minor update 2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a minor cosmetics 2012-04-04 23:34:08 +00:00
Miroslav Stampar
83387d92bb minor bug fix 2012-04-04 23:32:20 +00:00
Miroslav Stampar
c89a4162e2 bug fix for --dns-domain with --technique=TS 2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd added few comments 2012-04-04 13:24:58 +00:00
Miroslav Stampar
a5b69eaea4 removing unused imports 2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da revert 2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd works against MySQL/Windows 2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b Add a space after a comment 2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22 leftover 2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895 more cosmetics 2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255 proper fix 2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00 removing default values for referer and host from higher level/risk options 2012-04-04 10:34:27 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
5851badff1 minor refactoring 2012-04-03 14:46:09 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode 2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1 minor fix 2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
503988887c minor update 2012-04-03 10:43:46 +00:00
Miroslav Stampar
78f51fd2e5 minor fix 2012-04-03 10:18:03 +00:00
Miroslav Stampar
2504f4edb8 minor fixes 2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
5f94987b0f fix for DNS method for MSSQL 2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8 minor update 2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b minor fixes 2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562 few just in case "patches" 2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd minor fix 2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929 minor update regarding DNS data retrieval task 2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4 bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value) 2012-03-31 10:22:50 +00:00
Miroslav Stampar
429b8396e9 minor update for DNSServer support 2012-03-30 13:20:29 +00:00
Miroslav Stampar
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection 2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa minor update 2012-03-30 10:37:46 +00:00
Miroslav Stampar
6acf6b193a minor update regarding boolean logic comparison mechanism 2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540 minor comment update 2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code 2012-03-29 13:39:12 +00:00
Miroslav Stampar
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values 2012-03-29 12:44:20 +00:00
Miroslav Stampar
c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) 2012-03-29 09:56:09 +00:00
Miroslav Stampar
60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) 2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed) 2012-03-28 19:27:12 +00:00
Miroslav Stampar
7d131d1fb1 minor update 2012-03-28 13:46:31 +00:00
Miroslav Stampar
7fd64df167 minor code cleaning 2012-03-28 13:31:07 +00:00
Miroslav Stampar
769b0d0ae7 more minor updates regarding data retrieval through DNS channel 2012-03-27 19:29:24 +00:00
Miroslav Stampar
1b072f6415 laying foundation for DNS based data retrieval 2012-03-27 18:59:12 +00:00
Miroslav Stampar
3abcd6910a strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test 2012-03-22 00:06:50 +00:00
Miroslav Stampar
e88687b1f0 revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection) 2012-03-21 23:15:59 +00:00
Miroslav Stampar
524c1d38ad making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message) 2012-03-21 23:03:57 +00:00
Miroslav Stampar
11132ba993 fix for a bug in reflection removal mechanism 2012-03-19 14:28:18 +00:00
Miroslav Stampar
8e7d360ea2 cleaner refactoring regarding last commit 2012-03-19 12:03:25 +00:00
Miroslav Stampar
401763b6f8 minor fix (it has to be level 1 array like it was with the previous re.findall mechanism) 2012-03-19 12:00:22 +00:00
Miroslav Stampar
037db9b3b8 minor removal of older stuff 2012-03-19 09:38:27 +00:00
Miroslav Stampar
da7f4eeffd removing left over 2012-03-18 17:33:14 +00:00
Miroslav Stampar
0fc4288a7c modifying redirection code for only two choices 2012-03-18 17:27:08 +00:00
Bernardo Damele
c03d0e24fb it must stay as is 2012-03-16 17:42:00 +00:00
Bernardo Damele
3505503a08 no need to return here 2012-03-16 17:30:16 +00:00
Bernardo Damele
942d9e4fa8 code cleanup 2012-03-16 17:27:24 +00:00
Bernardo Damele
a1c943fc79 Major bug fix to comparison algorithm with OR based boolean-based injections 2012-03-16 17:22:55 +00:00
Miroslav Stampar
d66056fe39 one more related commit 2012-03-16 13:16:53 +00:00
Miroslav Stampar
ac02a2d92c minor fix 2012-03-16 13:14:14 +00:00
Miroslav Stampar
cbdcbdd786 minor minor update 2012-03-16 11:18:18 +00:00
Miroslav Stampar
b130a9e14e minor fix (writing to HashDB on any interrupt) 2012-03-16 10:15:43 +00:00
Miroslav Stampar
577caac4de putting kb.negativeLogic setting to the safe place 2012-03-16 09:17:11 +00:00
Miroslav Stampar
209e795369 minor just in case update 2012-03-16 09:02:17 +00:00
Miroslav Stampar
adb5fff6b2 one more update related to the redirection mechanism 2012-03-15 20:17:40 +00:00
Miroslav Stampar
7d313ac911 few more fixes for proper redirecting mechanism 2012-03-15 19:47:59 +00:00
Bernardo Damele
86c4650058 Minor bug fix - revert 2012-03-15 17:12:24 +00:00
Bernardo Damele
cc15373769 More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later) 2012-03-15 16:29:28 +00:00
Bernardo Damele
4520744b4d second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now 2012-03-15 16:25:26 +00:00
Miroslav Stampar
ddd92476a8 minor fix 2012-03-15 15:58:25 +00:00
Miroslav Stampar
19beb912fa first step toward negative logic support 2012-03-15 15:52:12 +00:00
Miroslav Stampar
8dd570057b minor fix (double traffic log for -t in case of HTTP error) 2012-03-15 14:51:16 +00:00
Miroslav Stampar
f7df755f37 minor update 2012-03-15 12:55:22 +00:00
Miroslav Stampar
3d39c6cb3b some fixes here and there 2012-03-15 12:14:50 +00:00
Miroslav Stampar
3d9b1599d1 minor update 2012-03-15 11:45:32 +00:00
Miroslav Stampar
91f1d6141f minor fix 2012-03-15 11:24:55 +00:00
Miroslav Stampar
a8c9a47092 redirect logic rewritten from scratch 2012-03-15 11:10:58 +00:00
Bernardo Damele
890bf708bc Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported) 2012-03-15 00:19:57 +00:00
Bernardo Damele
1e71b24dca More info messages to prove xp_cmdshell (and temporary directory choosen) worked 2012-03-14 22:41:53 +00:00
Miroslav Stampar
52a8b25ff4 minor fix 2012-03-14 14:31:41 +00:00
Miroslav Stampar
ca0d068575 distinguishing NULL from BLANK 2012-03-14 13:52:23 +00:00
Miroslav Stampar
e38b59a2ae minor update 2012-03-14 13:16:49 +00:00
Miroslav Stampar
cee9ff7885 proper parsing of content in partial union technique 2012-03-14 11:23:30 +00:00
Miroslav Stampar
61ad3b999a fix for a crash with partial union and --hex 2012-03-14 10:31:24 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
edfcddd3c3 minor fix for logging only cookies used by request (e.g. --load-cookies case) 2012-03-13 10:58:15 +00:00
Miroslav Stampar
34b0935cb3 refactoring "echo 1" quick test for xp_cmdshell console output 2012-03-13 10:36:49 +00:00
Miroslav Stampar
e827f41cdb using pickle HIGHEST_PROTOCOL just in case 2012-03-13 09:35:37 +00:00
Miroslav Stampar
e6c610abab minor fix 2012-03-13 09:14:56 +00:00
Miroslav Stampar
cda8815634 introducing safe deprecation mechanism for HashDB versioning 2012-03-12 22:55:57 +00:00
Miroslav Stampar
48bcde478e more general update 2012-03-12 15:29:55 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00
Miroslav Stampar
6ed1b04bbe minor update 2012-03-12 13:27:07 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Miroslav Stampar
a0b46963cb minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup) 2012-03-09 10:28:19 +00:00
Miroslav Stampar
5a83f1c5f7 minor update 2012-03-08 15:43:22 +00:00
Bernardo Damele
c79807f5fb Minor layout adjustments 2012-03-08 15:11:24 +00:00
Miroslav Stampar
775e424bf2 bug fix for using --no-cast and --hex switches together 2012-03-08 15:04:52 +00:00
Miroslav Stampar
11c7cc5224 minor temporary fix 2012-03-08 11:08:43 +00:00
Miroslav Stampar
98a3e43f53 bug fix for writing raw pickled data into SQLite HashDB 2012-03-08 10:57:47 +00:00
Miroslav Stampar
cd28eb6544 minor update regarding --load-cookies 2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9 minor update 2012-03-08 10:03:59 +00:00
Miroslav Stampar
9ca8bc4d51 minor bug fix 2012-03-08 09:52:33 +00:00
Miroslav Stampar
b4cf8b05b3 added switch --load-cookies 2012-03-07 14:48:45 +00:00
Miroslav Stampar
4cfea96471 minor update 2012-03-05 09:56:48 +00:00
Miroslav Stampar
0ead1fd87e minor update 2012-03-05 09:42:52 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
f4e410db16 minor fix 2012-03-01 10:17:39 +00:00
Miroslav Stampar
1ec56f93ec minor update 2012-03-01 10:10:19 +00:00
Miroslav Stampar
2d3c12d2d0 shorter single line info 2012-03-01 09:10:24 +00:00
Miroslav Stampar
37db27b720 turning back on automatic adjusting of delays in time based queries 2012-02-29 15:51:23 +00:00
Miroslav Stampar
0205d96d7b minor fix 2012-02-29 15:38:01 +00:00
Miroslav Stampar
1bdc07c279 minor update 2012-02-29 15:02:24 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
f6f98f1b41 minor improvement 2012-02-29 14:19:59 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
f142c0f782 minor update 2012-02-28 14:04:13 +00:00
Miroslav Stampar
22b3fa0749 minor update 2012-02-27 15:28:36 +00:00
Miroslav Stampar
a9bf0297f6 moving injection data to HashDB 2012-02-27 13:44:07 +00:00
Miroslav Stampar
68e08d2749 minor fix for not displaying 'None' but None in enumeration when data unavailable 2012-02-27 13:15:10 +00:00
Miroslav Stampar
a424de3102 minor fix 2012-02-27 12:55:28 +00:00
Miroslav Stampar
1e82405bb9 HashDB is now supported in -d too 2012-02-27 12:14:01 +00:00
Miroslav Stampar
3909658fc2 few minor just in case updates 2012-02-27 11:15:53 +00:00
Miroslav Stampar
85125018a1 minor bug fix 2012-02-25 22:54:32 +00:00
Miroslav Stampar
5d307cf886 minor update 2012-02-25 10:54:39 +00:00
Miroslav Stampar
06ab3fa134 minor update 2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
5b67af3b20 minor update 2012-02-24 15:03:39 +00:00
Miroslav Stampar
8a203ef79d making session data strictly dependent on url through HashDB helper functions 2012-02-24 14:58:24 +00:00
Miroslav Stampar
c36cbbb3ae minor fix 2012-02-24 14:54:10 +00:00
Miroslav Stampar
9d6fd2e507 bug fix for --schema --technique=BST 2012-02-24 14:12:19 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f minor update 2012-02-24 11:25:56 +00:00
Miroslav Stampar
1f6ce265b9 minor fix 2012-02-24 11:05:04 +00:00
Miroslav Stampar
5afbd52b61 more update related to last commits 2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f fixing problems with chars deletition by logging messages in inference mode 2012-02-24 10:48:19 +00:00
Miroslav Stampar
71028a81f5 fix for proper retrieval of columns in SQLite 2012-02-24 09:55:13 +00:00
Miroslav Stampar
7941504c3a minor update 2012-02-23 15:32:36 +00:00
Miroslav Stampar
0478e4166a minor justin case fix 2012-02-23 15:19:20 +00:00
Miroslav Stampar
086c3a3662 minor fix 2012-02-23 13:31:50 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3 using UNION SELECT for where=..NEGATIVE 2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b minor update 2012-02-21 13:49:30 +00:00
Miroslav Stampar
686eacda9a minor update regarding --hex 2012-02-21 13:38:18 +00:00
Miroslav Stampar
bcf3255fe1 implementation of switch --hex for 4 major DBMSes 2012-02-21 11:44:48 +00:00
Miroslav Stampar
3e4db6d140 minor fix for Python v2.6 2012-02-20 19:35:57 +00:00
Miroslav Stampar
bc4dd7c0dd fix for -g 2012-02-20 10:02:19 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
6632aa7308 some more refactoring 2012-02-16 13:46:01 +00:00
Miroslav Stampar
844fc8addb minor cleanup 2012-02-16 10:19:36 +00:00
Miroslav Stampar
0e23521adc some more refactoring 2012-02-16 09:54:29 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
bcf9fc6c6f minor refactoring 2012-02-16 09:32:47 +00:00
Miroslav Stampar
8d7912ad34 minor update and refactoring 2012-02-15 14:05:50 +00:00
Miroslav Stampar
bf923a97df minor update 2012-02-15 13:45:10 +00:00
Miroslav Stampar
122db6e164 minor update 2012-02-15 13:24:02 +00:00
Miroslav Stampar
9059d30312 adding first code example for SPL snippets 2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113 bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt) 2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e minor update (it was working before too, but this is cleaner) 2012-02-15 10:14:29 +00:00
Bernardo Damele
1c44d6d3c7 Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d 2012-02-14 17:29:00 +00:00
Miroslav Stampar
23cc8b6974 minor fix for special cases when parameter value contains html encoded characters 2012-02-14 14:08:10 +00:00
Miroslav Stampar
c1ab02494c minor grammar and cosmetics 2012-02-14 13:18:37 +00:00
Miroslav Stampar
bb5113980b minor update 2012-02-14 10:27:56 +00:00
Miroslav Stampar
3f15c52188 minor change in workflow for "tainted" parameter values 2012-02-14 09:26:52 +00:00
Miroslav Stampar
2604e73d88 minor change in workflow 2012-02-13 11:18:47 +00:00
Miroslav Stampar
96f589fc89 minor fix 2012-02-12 19:22:33 +00:00
Miroslav Stampar
8a2bd3897d minor output fix 2012-02-12 19:11:54 +00:00
Miroslav Stampar
c1368053e5 minor fix 2012-02-12 18:46:25 +00:00
Miroslav Stampar
249cb48b0b minor fix 2012-02-10 15:59:11 +00:00
Miroslav Stampar
6be95194a7 matter of concision 2012-02-10 15:37:43 +00:00
Miroslav Stampar
eab7a54e03 cosmetics 2012-02-10 15:34:04 +00:00
Miroslav Stampar
92590d0d59 minor fix 2012-02-10 15:26:55 +00:00
Miroslav Stampar
e36e9de57e minor update by request 2012-02-10 15:12:23 +00:00
Miroslav Stampar
b140ef4a14 minor update (preparing for switching to HashDB from old sessionFile) 2012-02-10 10:24:48 +00:00
Miroslav Stampar
980367b7b2 minor update 2012-02-09 09:48:47 +00:00
Miroslav Stampar
7e9e582eca minor update 2012-02-08 14:23:57 +00:00
Miroslav Stampar
2662fe84f7 minor update 2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593 minor update 2012-02-08 12:00:03 +00:00
Miroslav Stampar
93d7d6c355 minor patch 2012-02-08 10:38:58 +00:00
Miroslav Stampar
6bedb80ffa adding --force-ssl switch (most useful in combination with -r) 2012-02-08 09:11:57 +00:00
Miroslav Stampar
e50d64546f minor fix 2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3 just a makeup 2012-02-07 12:05:23 +00:00
Miroslav Stampar
b4f4a982e4 minor update 2012-02-07 11:37:54 +00:00
Miroslav Stampar
11af0b1bbc minor fix 2012-02-07 11:16:03 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
af71e3c563 minor update 2012-02-06 09:48:44 +00:00
Miroslav Stampar
8c45ff0d57 bug fix 2012-02-03 10:38:04 +00:00
Bernardo Damele
c0f4b4632d Minor fix 2012-02-02 12:55:39 +00:00
Miroslav Stampar
a7970d094a minor update 2012-02-01 15:10:06 +00:00
Miroslav Stampar
e56309f3b1 minor makeup update 2012-02-01 15:04:56 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
f4e7bf1d51 minor update regarding support for Unicode characters in Oracle 2012-02-01 14:17:27 +00:00
Miroslav Stampar
df43157284 minor patch 2012-02-01 12:28:06 +00:00
Miroslav Stampar
2ee198a381 minor "patch" 2012-02-01 11:00:01 +00:00
Miroslav Stampar
2589521ecf fix of a wrong assumption (e.g. decodeIntToUnicode(12345) has been returning a "09" instead of a single unicode character) 2012-02-01 10:38:43 +00:00
Miroslav Stampar
4d9dcbf5db minor fix 2012-02-01 10:14:23 +00:00
Miroslav Stampar
46f42f2fe4 minor fix 2012-01-30 13:10:35 +00:00
Miroslav Stampar
f2857e38ba minor update 2012-01-30 10:19:03 +00:00
Miroslav Stampar
594579bef4 fix for a bug regarding --cookie and --crawl 2012-01-30 09:17:22 +00:00
Miroslav Stampar
2094c715db minor update 2012-01-23 09:44:17 +00:00
Miroslav Stampar
9e5cf70a5a minor fix 2012-01-20 11:13:25 +00:00
Miroslav Stampar
9eee6c252d minor update for --scope 2012-01-16 10:28:21 +00:00
Miroslav Stampar
527ce070a3 minor fix 2012-01-16 10:04:18 +00:00
Miroslav Stampar
b2dad63000 some more refactoring 2012-01-13 22:00:34 +00:00
Miroslav Stampar
e5fe029a78 minor beautification 2012-01-13 21:03:50 +00:00
Miroslav Stampar
6634c4ac20 minor update 2012-01-13 21:01:58 +00:00
Miroslav Stampar
23117e72ca minor improvement 2012-01-13 20:56:06 +00:00
Bernardo Damele
0043336620 Minor fix and removed leftover debug message 2012-01-13 17:04:59 +00:00
Bernardo Damele
e59ace5409 minor bug fix 2012-01-13 16:57:45 +00:00
Bernardo Damele
b03f91437b Minor code refactoring 2012-01-13 16:49:52 +00:00
Miroslav Stampar
337973df77 reverting last 2 commits (better solution was the original one) 2012-01-13 15:58:47 +00:00
Miroslav Stampar
1f53ff0633 minor update regarding last commit 2012-01-13 15:56:50 +00:00
Miroslav Stampar
ff96c537a9 minor update for multithreaded mode 2012-01-13 15:50:38 +00:00
Bernardo Damele
7e560eec1f Minor fix 2012-01-13 12:54:45 +00:00
Miroslav Stampar
dd295bbd4a minor update regarding -d and time based injections 2012-01-13 12:45:02 +00:00
Miroslav Stampar
04686b83e3 minor update 2012-01-13 11:16:26 +00:00
Miroslav Stampar
305371b7a9 minor update 2012-01-12 14:58:23 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00