| 
							
							
								 Miroslav Stampar | a58aaf2e1a | better format for results file (easier for sorting when lots of files) | 2011-05-22 07:02:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 25fff8c135 | changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) | 2011-05-21 11:46:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 939e6541d0 | far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES) | 2011-05-19 23:36:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 126cdf9e19 | minor info update | 2011-05-19 23:28:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a034462c31 | fixing annoying timeouts for basic DBMS check (reference: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_timestampadd) | 2011-05-19 23:03:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5a979f7667 | minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used | 2011-05-19 17:35:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9e5856caf8 | improvement for recognition of scalar vs multiple-row commands | 2011-05-19 16:45:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | db72428765 | minor update | 2011-05-19 15:57:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f40c6b2ce7 | added --cookie for maskSensitiveData too | 2011-05-19 15:42:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bd1b07fbc2 | one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL | 2011-05-19 06:32:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7f086916c0 | decent parameter replace payload for PostgreSQL (GENERATE_SERIES) | 2011-05-18 23:40:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e58d6d2e00 | removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable) | 2011-05-18 23:20:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe50d09cc8 | added new payload for PostgreSQL (parameter replace) | 2011-05-18 23:01:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9832fc42d4 | minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase) | 2011-05-18 21:47:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3048e9f710 | minor refactoring | 2011-05-17 23:03:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cc07e5dc97 | added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com | 2011-05-17 22:55:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dfe81cc66f | minor yielding | 2011-05-16 20:14:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a5ad4621c9 | minor refactoring | 2011-05-16 20:09:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ba1df457ab | fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com | 2011-05-16 19:26:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6ba9dea640 | just in case for trimmed output | 2011-05-16 06:17:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d2221e4604 | fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...) | 2011-05-16 00:23:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | faa74cd2bc | introducing results file for multiple target mode | 2011-05-15 22:21:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 90e84c9a6d | removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end | 2011-05-15 21:43:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c3bb5a03e1 | minor improvement | 2011-05-14 20:09:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3484a4426b | fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments) | 2011-05-14 19:57:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 053c245114 | few minor fixes | 2011-05-13 09:56:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a7d7be5ce0 | bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) | 2011-05-13 01:01:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f11d5c91e3 | minor update so that only one DNS request per scan is being done (before this commit there were two) | 2011-05-12 14:32:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 70688fb8b5 | minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic) | 2011-05-12 12:00:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c64eb38a8b | same thing as for the last commit, but for error technique this time | 2011-05-12 11:52:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 84a7e5ffb9 | "unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance | 2011-05-12 11:36:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0b2da2f9f5 | minor beautification for --tor switch | 2011-05-12 05:46:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e05a9c0554 | i was probably very tired or very stupid to do this | 2011-05-11 13:13:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2ab9e30f7a | bug fix | 2011-05-11 12:54:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4efc284b83 | adding more info for --passwords | 2011-05-11 12:35:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 48ac9911c0 | more graceful fix related to the last commit | 2011-05-11 09:42:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 402c623119 | minor fix | 2011-05-11 09:40:11 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 53065ee1fb | adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected) | 2011-05-11 08:55:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5ee07b90b9 | added -m switch for bulk loading multiple targets | 2011-05-11 08:46:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 120b0d756e | unfix | 2011-05-10 21:33:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6b66fce72c | minor fix | 2011-05-10 20:52:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 192c685bc8 | changing conf attribute to a more proper name | 2011-05-10 20:48:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | deae534ee7 | minor refactoring | 2011-05-10 20:44:36 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 97bc816aeb | layout | 2011-05-10 16:24:09 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b5f090cc4f | Minor bug fix | 2011-05-10 15:48:48 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3a8309c4b0 | Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches | 2011-05-10 15:34:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 707edc7b1a | fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along) | 2011-05-10 13:28:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1dea609019 | fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query) | 2011-05-10 12:51:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a64407d9db | minor bug fix for multithreading and lots of connection retries | 2011-05-10 12:40:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 22a1870c2c | adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 | 2011-05-10 12:32:07 +00:00 |  |