Bernardo Damele
|
f00aff5303
|
-v 0 shows both error, critical and raw_input messages
|
2011-03-11 22:02:38 +00:00 |
|
Bernardo Damele
|
d7d47b6257
|
Minor bug fix (revert)
|
2011-03-11 21:56:45 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
2fd3f0d7b2
|
minor update (added comment)
|
2011-03-11 20:07:52 +00:00 |
|
Miroslav Stampar
|
6cc745f789
|
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
|
2011-03-11 20:04:15 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Bernardo Damele
|
d8a76ebe34
|
Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs
|
2011-03-11 16:03:19 +00:00 |
|
Bernardo Damele
|
3cb0ca4b63
|
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
|
2011-03-11 15:24:25 +00:00 |
|
Bernardo Damele
|
5af7410cb1
|
Another bug fix for --privileges on PgSQL with UNION query technique
|
2011-03-11 15:13:09 +00:00 |
|
Bernardo Damele
|
74ef1e53c7
|
Minor bug fixes to --privileges for PostgreSQL query (corner case)
|
2011-03-11 14:54:41 +00:00 |
|
Miroslav Stampar
|
1879a49506
|
fix for a bug reported by andreoaz@gmail.com
|
2011-03-10 20:40:12 +00:00 |
|
Miroslav Stampar
|
eb1cda7065
|
minor refactoring (more consistent)
|
2011-03-09 12:06:32 +00:00 |
|
Miroslav Stampar
|
62e3510387
|
minor refactoring
|
2011-03-09 11:37:37 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
9b2962ff1c
|
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
|
2011-03-09 08:56:29 +00:00 |
|
Miroslav Stampar
|
30619c599b
|
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
|
2011-03-08 11:53:59 +00:00 |
|
Miroslav Stampar
|
99adbbeaa3
|
los cosmeticados
|
2011-03-07 22:04:17 +00:00 |
|
Miroslav Stampar
|
cc0306044c
|
adding SVN revision number support for non SVN client platforms
|
2011-03-07 21:54:30 +00:00 |
|
Miroslav Stampar
|
154d947c62
|
minor update
|
2011-03-07 10:15:41 +00:00 |
|
Miroslav Stampar
|
16b286982d
|
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
|
2011-03-07 09:50:43 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
bc50387a17
|
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
|
2011-03-03 09:42:50 +00:00 |
|
Miroslav Stampar
|
3a1f5744be
|
minor update to make counting variable totally independent of the urllib2's self.retried
|
2011-03-02 10:42:17 +00:00 |
|
Miroslav Stampar
|
a010386a23
|
finally a proper fix for that annoying recursive bug
|
2011-03-02 10:29:38 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|
Miroslav Stampar
|
ad2e4002ea
|
minor improvement
|
2011-03-01 10:38:27 +00:00 |
|
Miroslav Stampar
|
0f3cc153a3
|
fix for --technique
|
2011-03-01 09:54:06 +00:00 |
|
Miroslav Stampar
|
9856cb71de
|
redo of the last commit with comments added
|
2011-02-28 18:58:05 +00:00 |
|
Miroslav Stampar
|
ade31b2cb0
|
removal of obsolete item
|
2011-02-28 18:49:25 +00:00 |
|
Miroslav Stampar
|
2bf212ffa9
|
minor minor update
|
2011-02-27 20:43:38 +00:00 |
|
Miroslav Stampar
|
7036190e8e
|
minor improvement of regular expression
|
2011-02-27 17:58:01 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Bernardo Damele
|
6e8ebd35f4
|
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
|
2011-02-27 12:17:41 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
88faedc0fe
|
fix for a bug reported by -insane-
|
2011-02-26 17:48:19 +00:00 |
|
Miroslav Stampar
|
11996ce12e
|
bug fix for international encoded letters
|
2011-02-25 22:43:01 +00:00 |
|
Miroslav Stampar
|
63b8156c00
|
some update (if header key is non-unicode comformant)
|
2011-02-25 09:43:04 +00:00 |
|
Miroslav Stampar
|
2bbbc9a41e
|
few updates
|
2011-02-25 09:35:24 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
38dc82e13e
|
If no Accept header field is present, then it is assumed that the client accepts all media types.
|
2011-02-22 22:26:22 +00:00 |
|
Miroslav Stampar
|
d05bd75068
|
adding experimental for --group-concat
|
2011-02-22 14:35:38 +00:00 |
|
Miroslav Stampar
|
12ede1e5de
|
minor JIC (just-in-case) update
|
2011-02-22 13:18:47 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Miroslav Stampar
|
17c39fe231
|
fix for that non-HTML stuff
|
2011-02-22 11:32:55 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
90582ed7dc
|
minor change
|
2011-02-21 11:35:21 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
70449eb01b
|
minor bug fix
|
2011-02-20 21:35:28 +00:00 |
|
Miroslav Stampar
|
345df5968d
|
minor update
|
2011-02-20 21:27:38 +00:00 |
|
Miroslav Stampar
|
0c57f2af0f
|
minor fix
|
2011-02-20 12:20:44 +00:00 |
|
Bernardo Damele
|
023a80c31c
|
Section explanation change to reflect recent enhancements
|
2011-02-19 21:06:24 +00:00 |
|
Bernardo Damele
|
60b05ff49f
|
Reflect new switch name
|
2011-02-19 21:05:15 +00:00 |
|
Bernardo Damele
|
8e60acae5d
|
Added support for --scope also in WebScarab logs (-l)
|
2011-02-19 21:03:55 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
cec7694aac
|
some progress regarding SYBASE
|
2011-02-19 14:56:58 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
df58bcaf95
|
minor improvement
|
2011-02-18 14:27:02 +00:00 |
|
Miroslav Stampar
|
3badf92ceb
|
not doing "basic" filtering in default cases because of a bug reported by Kazim
|
2011-02-18 07:38:13 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
7ebc1ab90a
|
minor cosmetics
|
2011-02-17 08:59:14 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Bernardo Damele
|
2ea828e416
|
Proper fix for r3307 (file-write on MySQL via UNION query tech)
|
2011-02-13 22:48:01 +00:00 |
|
Miroslav Stampar
|
417b311475
|
minor update
|
2011-02-13 22:02:47 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Bernardo Damele
|
429ab631fe
|
Minor refactoring
|
2011-02-13 21:25:01 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
45a005737d
|
Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2
|
2011-02-13 21:08:42 +00:00 |
|
Miroslav Stampar
|
83d7803ce7
|
other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)
|
2011-02-12 20:03:28 +00:00 |
|
Miroslav Stampar
|
9f7d666451
|
removing --method per request of buawig
|
2011-02-12 19:50:27 +00:00 |
|
Miroslav Stampar
|
1cd483f42f
|
one more update
|
2011-02-12 10:24:09 +00:00 |
|
Miroslav Stampar
|
25a3a64327
|
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
|
2011-02-12 10:15:42 +00:00 |
|
Miroslav Stampar
|
521635c84d
|
quick fix for UA and Referer
|
2011-02-11 23:36:23 +00:00 |
|
Bernardo Damele
|
7253362114
|
Minor bug fix so that --file-write on MySQL via UNION query now works again
|
2011-02-11 23:35:45 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Miroslav Stampar
|
a6ab24e0b5
|
just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed
|
2011-02-10 22:47:43 +00:00 |
|
Miroslav Stampar
|
5f2fcd1eea
|
minor adjustment regarding "file" switches
|
2011-02-10 19:55:47 +00:00 |
|
Miroslav Stampar
|
4295a78c5f
|
minor update
|
2011-02-10 19:51:34 +00:00 |
|
Bernardo Damele
|
c078de894f
|
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
|
2011-02-10 14:24:04 +00:00 |
|
Bernardo Damele
|
864eade744
|
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
|
2011-02-10 11:14:05 +00:00 |
|
Bernardo Damele
|
aa0fb276ba
|
More fixes for --common-columns to work against MSSQL too
|
2011-02-09 17:22:07 +00:00 |
|
Miroslav Stampar
|
917b2b0d6b
|
one more commit related to the previous one
|
2011-02-09 17:07:02 +00:00 |
|
Miroslav Stampar
|
6c582343fe
|
.. fix
|
2011-02-09 17:05:06 +00:00 |
|
Miroslav Stampar
|
d9af01d73d
|
imporant fix for boolean expression which return [None]
|
2011-02-09 16:53:22 +00:00 |
|
Miroslav Stampar
|
7d9be18789
|
added one comment
|
2011-02-09 14:34:18 +00:00 |
|
Miroslav Stampar
|
bafc8a1b0f
|
another update
|
2011-02-09 13:29:52 +00:00 |
|
Miroslav Stampar
|
600f729139
|
fix for a bug reported by skysbsb@gmail.com (double ORDER BY)
|
2011-02-09 12:43:09 +00:00 |
|
Miroslav Stampar
|
5b57a69f3e
|
fix
|
2011-02-09 11:20:03 +00:00 |
|
Miroslav Stampar
|
3de6117253
|
revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)
|
2011-02-09 09:53:59 +00:00 |
|
Miroslav Stampar
|
98ca1702ae
|
los cosmeticado
|
2011-02-08 16:30:32 +00:00 |
|
Miroslav Stampar
|
87e36796c6
|
just to not cause confusion
|
2011-02-08 16:29:42 +00:00 |
|
Miroslav Stampar
|
dcb9c93328
|
minor cleanup
|
2011-02-08 16:27:58 +00:00 |
|
Miroslav Stampar
|
37f7001143
|
first commit with mysql/error/substringing
|
2011-02-08 16:23:33 +00:00 |
|
Bernardo Damele
|
c3eb82e60b
|
Proper fix
|
2011-02-08 10:08:48 +00:00 |
|
Miroslav Stampar
|
dba2f74588
|
revert of r3274
|
2011-02-08 09:44:34 +00:00 |
|
Bernardo Damele
|
156d8cd99b
|
Directory restyling
|
2011-02-08 00:15:02 +00:00 |
|
Bernardo Damele
|
cfe2da0195
|
Minor fix
|
2011-02-08 00:13:39 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
2c4f6d2e99
|
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
|
2011-02-07 21:53:05 +00:00 |
|
Miroslav Stampar
|
a577d0e9a5
|
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
|
2011-02-07 21:18:01 +00:00 |
|
Miroslav Stampar
|
66adf23532
|
Unbiased approach for searching appropriate usable column
|
2011-02-07 21:00:59 +00:00 |
|
Miroslav Stampar
|
f958b21613
|
there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)
|
2011-02-07 16:55:02 +00:00 |
|
Miroslav Stampar
|
771020abd6
|
one more related commit
|
2011-02-07 16:32:08 +00:00 |
|
Miroslav Stampar
|
265e7ca272
|
fix for that MSSQL limit/top problem
|
2011-02-07 16:24:23 +00:00 |
|
Miroslav Stampar
|
71d1b72e0e
|
minor adjustment
|
2011-02-07 12:51:38 +00:00 |
|
Bernardo Damele
|
b33ac19d39
|
Minor fix
|
2011-02-07 12:36:00 +00:00 |
|
Miroslav Stampar
|
99e9412f74
|
minor update
|
2011-02-07 12:34:23 +00:00 |
|
Miroslav Stampar
|
e023e0d233
|
proper fix
|
2011-02-07 12:32:08 +00:00 |
|
Bernardo Damele
|
39decebe85
|
Minor fixes to checking/re-enabling of xp_cmdshell procedure
|
2011-02-07 12:17:19 +00:00 |
|
Miroslav Stampar
|
c0233dcd4f
|
preventing crashes for output=[]
|
2011-02-07 10:24:15 +00:00 |
|
Miroslav Stampar
|
096efea282
|
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
|
2011-02-07 10:22:43 +00:00 |
|
Bernardo Damele
|
ba3a8a69d4
|
More statements to exclude from unescap'ing
|
2011-02-07 00:33:54 +00:00 |
|
Bernardo Damele
|
3719f085ae
|
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
|
2011-02-07 00:21:17 +00:00 |
|
Bernardo Damele
|
2e00656235
|
Minor fix
|
2011-02-07 00:20:23 +00:00 |
|
Bernardo Damele
|
bf5ca4bd9a
|
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
|
2011-02-06 23:30:43 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
6a71629575
|
Converted from DOS format (\n\r to \n only)
|
2011-02-06 23:25:55 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Bernardo Damele
|
9eac2339ca
|
|
2011-02-06 22:55:26 +00:00 |
|
Bernardo Damele
|
f3d6be7868
|
Code cleanup
|
2011-02-06 22:32:44 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
c4c2cf1d58
|
can't stay as it is right now. temporary disabling.
|
2011-02-06 21:17:41 +00:00 |
|
Miroslav Stampar
|
d2b96a66a2
|
one more update regarding last few "unescape" related commits
|
2011-02-06 20:23:23 +00:00 |
|
Bernardo Damele
|
6191a7f26f
|
Major fix for a silent bug
|
2011-02-06 15:53:43 +00:00 |
|
Bernardo Damele
|
c44978862e
|
Minor reordering of what gets saved into the injection object
|
2011-02-06 15:20:44 +00:00 |
|
Miroslav Stampar
|
412a97b7fe
|
fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')
|
2011-02-05 14:17:28 +00:00 |
|
Miroslav Stampar
|
4df8a03c04
|
using OrderedDict to store parameters in order of appearance
|
2011-02-04 18:07:21 +00:00 |
|
Miroslav Stampar
|
acb986ae80
|
minor refactoring
|
2011-02-04 17:40:55 +00:00 |
|
Bernardo Damele
|
fec88f6a6d
|
Minor fix
|
2011-02-04 15:57:53 +00:00 |
|
Miroslav Stampar
|
09e88cfb19
|
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
|
2011-02-04 14:05:47 +00:00 |
|
Miroslav Stampar
|
f83f1a1e06
|
minor just in case update
|
2011-02-04 13:08:54 +00:00 |
|
Miroslav Stampar
|
c69b76776e
|
minor refactoring
|
2011-02-04 13:04:19 +00:00 |
|
Miroslav Stampar
|
accf4e6ce0
|
one important fix (URI injection parameter '*' now can go anywhere)
|
2011-02-04 12:43:18 +00:00 |
|
Miroslav Stampar
|
c19d481bb1
|
little clean up
|
2011-02-04 12:25:14 +00:00 |
|
Miroslav Stampar
|
c229efba05
|
revert
|
2011-02-04 11:33:21 +00:00 |
|
Miroslav Stampar
|
d211def899
|
minor adjustment (accepting strange new looking uri formats)
|
2011-02-04 10:55:03 +00:00 |
|
Miroslav Stampar
|
1af418d444
|
huge bug fix
|
2011-02-04 10:18:26 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
9a1a28c804
|
adding comments to filtering function
|
2011-02-03 23:09:08 +00:00 |
|
Miroslav Stampar
|
1aecbe6b08
|
minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)
|
2011-02-03 22:59:26 +00:00 |
|
Miroslav Stampar
|
e5f54644f0
|
minor "statistical" update
|
2011-02-03 16:59:49 +00:00 |
|
Miroslav Stampar
|
3bd6e538f8
|
more appropriate
|
2011-02-03 16:48:27 +00:00 |
|
Miroslav Stampar
|
3a13fd87fd
|
new UNION column detection is going into wild
|
2011-02-03 16:16:38 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Bernardo Damele
|
253a8d0679
|
Minor bug fix
|
2011-02-03 15:24:36 +00:00 |
|
Miroslav Stampar
|
0edb4ee314
|
minor fix
|
2011-02-03 13:28:10 +00:00 |
|
Miroslav Stampar
|
1b9850b73a
|
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
|
2011-02-03 12:21:29 +00:00 |
|
Miroslav Stampar
|
5edba2ffbc
|
minor change (conf.updateAll to conf.update)
|
2011-02-03 11:13:39 +00:00 |
|
Miroslav Stampar
|
402c1b622e
|
removing urlencode from UA
|
2011-02-02 15:18:06 +00:00 |
|
Miroslav Stampar
|
5f49e20cc8
|
adding --random-agent and removing -a
|
2011-02-02 14:51:12 +00:00 |
|
Miroslav Stampar
|
2dae57a56d
|
cosmetics
|
2011-02-02 14:35:21 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Bernardo Damele
|
5f0114a2a8
|
Minor bug fix
|
2011-02-02 14:06:40 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
847b648e4a
|
minor update
|
2011-02-02 12:42:55 +00:00 |
|
Miroslav Stampar
|
e73a147fb5
|
minor update
|
2011-02-02 11:49:59 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
23c95107ed
|
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
|
2011-02-02 09:24:37 +00:00 |
|
Miroslav Stampar
|
af99105c27
|
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
|
2011-02-01 22:45:38 +00:00 |
|
Bernardo Damele
|
a37f5e05b9
|
Refactoring
|
2011-02-01 22:27:36 +00:00 |
|
Bernardo Damele
|
9b342a4c95
|
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
|
2011-02-01 22:07:42 +00:00 |
|
Bernardo Damele
|
2619e4895f
|
Properly handle --technique at save/resume phase
|
2011-02-01 22:05:48 +00:00 |
|
Bernardo Damele
|
3d966bd569
|
You never know..
|
2011-02-01 22:05:12 +00:00 |
|
Bernardo Damele
|
d875d848ce
|
Better sort
|
2011-02-01 22:04:48 +00:00 |
|
Miroslav Stampar
|
705d45f4db
|
minor cosmetics
|
2011-02-01 11:10:23 +00:00 |
|
Miroslav Stampar
|
196e2d35b2
|
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
|
2011-02-01 11:06:56 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
35b6d7278a
|
minor update
|
2011-01-31 22:50:54 +00:00 |
|
Miroslav Stampar
|
25c175a9a5
|
minor bug fix
|
2011-01-31 22:34:57 +00:00 |
|
Bernardo Damele
|
b04e1a0313
|
More detailed message for unhandled exception
|
2011-01-31 21:23:40 +00:00 |
|
Bernardo Damele
|
2fd9621499
|
Minor adjustments
Cosmetics
|
2011-01-31 21:22:39 +00:00 |
|
Bernardo Damele
|
ec9ebb3479
|
Set threads to 4 when optimization switch is provided, -o
|
2011-01-31 21:21:13 +00:00 |
|
Bernardo Damele
|
8397c526d8
|
Minor adjustment
|
2011-01-31 21:20:23 +00:00 |
|
Bernardo Damele
|
e3a3ae11cc
|
Proper return from error-based technique enumeration
|
2011-01-31 21:13:29 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
777a19cfa9
|
LOL. removing that debug 'True'
|
2011-01-31 16:22:55 +00:00 |
|
Miroslav Stampar
|
a80fe28631
|
one more thing ;)
|
2011-01-31 16:21:28 +00:00 |
|
Miroslav Stampar
|
933d701667
|
cosmetics
|
2011-01-31 16:14:44 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Miroslav Stampar
|
a6f2cd56ff
|
removed junky import
|
2011-01-31 11:59:58 +00:00 |
|
Miroslav Stampar
|
fb3513650d
|
adding ID properties
|
2011-01-31 11:41:28 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
7175efcae1
|
another minor cosmetic update
|
2011-01-31 10:59:51 +00:00 |
|
Miroslav Stampar
|
97328c3104
|
minor fix
|
2011-01-31 10:54:13 +00:00 |
|
Miroslav Stampar
|
5e768be509
|
minor bug fix
|
2011-01-31 09:34:54 +00:00 |
|
Miroslav Stampar
|
f7feebe0df
|
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
|
2011-01-31 09:28:16 +00:00 |
|
Bernardo Damele
|
2a0b03e5c6
|
Unused import
|
2011-01-30 17:07:27 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Bernardo Damele
|
21e7223779
|
perhaps this is better english
|
2011-01-30 16:34:13 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Bernardo Damele
|
71d82e6f57
|
Minor layout adjustment
|
2011-01-30 16:19:58 +00:00 |
|
Bernardo Damele
|
02e5c4b1e6
|
Minor bug fix for --sql-query/-shell with error-based technique
|
2011-01-30 14:19:50 +00:00 |
|
Miroslav Stampar
|
bc8f1142c9
|
minor revert
|
2011-01-30 11:41:58 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
3060c369a5
|
minor fix for previous commit
|
2011-01-30 07:44:47 +00:00 |
|
Miroslav Stampar
|
1abf354630
|
minor update
|
2011-01-30 07:41:09 +00:00 |
|
Miroslav Stampar
|
d63339ca26
|
minor bug fix
|
2011-01-30 07:34:07 +00:00 |
|
Miroslav Stampar
|
e8883de2c6
|
minor update regarding unicode decoding of supplied arguments
|
2011-01-29 23:01:39 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
a184a4c772
|
major of majors bug fix
|
2011-01-28 14:31:25 +00:00 |
|
Miroslav Stampar
|
0f4fb156d3
|
major bug fix
|
2011-01-28 14:09:28 +00:00 |
|
Miroslav Stampar
|
b98cbeee04
|
page for handling binary files
|
2011-01-27 22:00:34 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
49aeb41be8
|
quick bug fix for FALSE positives with UNION based technique
|
2011-01-27 18:49:44 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
539168dcca
|
sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)
|
2011-01-27 13:40:42 +00:00 |
|
Miroslav Stampar
|
bb6e36fb02
|
minor updates
|
2011-01-27 12:38:39 +00:00 |
|
Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
d3ddaba7be
|
minor refactoring
|
2011-01-25 13:04:13 +00:00 |
|
Miroslav Stampar
|
cab86871fe
|
fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)
|
2011-01-25 11:02:41 +00:00 |
|
Miroslav Stampar
|
5692506131
|
this was bad thing to have
|
2011-01-25 01:08:38 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Miroslav Stampar
|
4093599f38
|
added parseTargetUrl to redirect choice
|
2011-01-24 14:45:35 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
8d0c2efbe2
|
unescaping of char marked payloads
|
2011-01-24 12:00:16 +00:00 |
|
Miroslav Stampar
|
4441e11f68
|
fix for case -r with no params and cookie available
|
2011-01-24 11:26:51 +00:00 |
|
Bernardo Damele
|
47fa600c04
|
Minor fix and cosmetics
|
2011-01-24 11:12:33 +00:00 |
|
Miroslav Stampar
|
a3e3387113
|
fix for proper Firebird resume of version
|
2011-01-24 11:04:32 +00:00 |
|
Miroslav Stampar
|
c1145c244e
|
fix for user-agent injections
|
2011-01-23 23:23:30 +00:00 |
|
Miroslav Stampar
|
818c9787b2
|
minor update
|
2011-01-23 21:20:16 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Miroslav Stampar
|
ff7707579f
|
minor improvement
|
2011-01-23 11:35:24 +00:00 |
|
Miroslav Stampar
|
f5ff78d40c
|
revert
|
2011-01-23 11:21:27 +00:00 |
|
Miroslav Stampar
|
97f66a87c5
|
minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message
|
2011-01-23 10:51:57 +00:00 |
|
Miroslav Stampar
|
3a5f0760f6
|
minor optimization (only way to prematurely stop SAX parser)
|
2011-01-23 10:12:01 +00:00 |
|
Miroslav Stampar
|
30cd877c4a
|
fix for URI based injections
|
2011-01-22 16:23:33 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Bernardo Damele
|
03a880c6f1
|
Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors
|
2011-01-20 22:02:20 +00:00 |
|
Bernardo Damele
|
0f2634c4b0
|
Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)
|
2011-01-20 22:01:21 +00:00 |
|
Bernardo Damele
|
97573693be
|
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
|
2011-01-20 21:59:47 +00:00 |
|
Bernardo Damele
|
f1b402b103
|
Proper handling of CASE in Oracle, finally
|
2011-01-20 21:58:50 +00:00 |
|
Bernardo Damele
|
4128b2c87f
|
Enforce that when --prefix is provided, --suffix is too and viceversa.
|
2011-01-20 21:57:54 +00:00 |
|
Bernardo Damele
|
7d1c704575
|
Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
|
2011-01-20 21:56:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Bernardo Damele
|
e734efcda7
|
Removed deprecated code
|
2011-01-20 21:50:58 +00:00 |
|
Miroslav Stampar
|
496a84c356
|
minor update
|
2011-01-20 18:32:04 +00:00 |
|
Miroslav Stampar
|
dd7262d9e6
|
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
|
2011-01-20 17:53:49 +00:00 |
|
Miroslav Stampar
|
ad12242151
|
LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)
|
2011-01-20 16:27:59 +00:00 |
|