Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4fadcf0615 
							
						 
					 
					
						
						
							
							improvement for UNION/ERROR case  
						
						
						
					 
					
						2011-04-20 10:17:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1c1c20fb64 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-20 09:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4b6c524d4c 
							
						 
					 
					
						
						
							
							one more minor update regarding last commit  
						
						
						
					 
					
						2011-04-20 09:26:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							44926757da 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-20 09:23:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52c98afe93 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-04-20 08:38:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24435a2c20 
							
						 
					 
					
						
						
							
							implemented "break a tie" request by Andres Riancho  
						
						
						
					 
					
						2011-04-20 08:35:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							df0331fe9b 
							
						 
					 
					
						
						
							
							some more refactoring  
						
						
						
					 
					
						2011-04-19 23:04:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3b133303bf 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-04-19 22:54:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de2479b864 
							
						 
					 
					
						
						
							
							dealing with  http://bugs.python.org/issue1602  
						
						
						
					 
					
						2011-04-19 22:33:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a9838f1e6 
							
						 
					 
					
						
						
							
							cleaning a mess with UPX and virus scanners  
						
						
						
					 
					
						2011-04-19 21:57:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							44bbef42f8 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-04-19 20:23:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b7efa255d6 
							
						 
					 
					
						
						
							
							minor update of usage string  
						
						
						
					 
					
						2011-04-19 20:14:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fc90974940 
							
						 
					 
					
						
						
							
							revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)  
						
						
						
					 
					
						2011-04-19 14:50:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7abbd0c029 
							
						 
					 
					
						
						
							
							removing a leftover  
						
						
						
					 
					
						2011-04-19 14:29:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96b5fede5a 
							
						 
					 
					
						
						
							
							automatic increasing of time delay on lagging connections  
						
						
						
					 
					
						2011-04-19 14:28:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13f8c001a7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-19 11:13:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a06af9a92 
							
						 
					 
					
						
						
							
							added "lagging" critical message  
						
						
						
					 
					
						2011-04-19 10:37:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9b0db33cc5 
							
						 
					 
					
						
						
							
							initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model  
						
						
						
					 
					
						2011-04-19 08:55:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7c26366b4 
							
						 
					 
					
						
						
							
							doing that auto default value for --time-sec only for --tor  
						
						
						
					 
					
						2011-04-19 08:43:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d48ac54dc 
							
						 
					 
					
						
						
							
							automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)  
						
						
						
					 
					
						2011-04-19 08:34:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b79d4f70f3 
							
						 
					 
					
						
						
							
							cleaner solution for the problem solved with last commit  
						
						
						
					 
					
						2011-04-18 14:51:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5cff067c6 
							
						 
					 
					
						
						
							
							little hack for --time-sec  
						
						
						
					 
					
						2011-04-18 14:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6463cad8c5 
							
						 
					 
					
						
						
							
							minor update for SOAP payloads  
						
						
						
					 
					
						2011-04-18 14:29:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da9ec67869 
							
						 
					 
					
						
						
							
							removing leftover  
						
						
						
					 
					
						2011-04-18 13:43:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							354a2ce249 
							
						 
					 
					
						
						
							
							'chardet' heuristic engine added to the project  
						
						
						
					 
					
						2011-04-18 13:38:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5aef9bcf9 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')  
						
						
						
					 
					
						2011-04-18 10:16:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6fab44d635 
							
						 
					 
					
						
						
							
							minor refactoring and improving of used regex  
						
						
						
					 
					
						2011-04-17 22:37:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76d1f09b0a 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-04-17 22:25:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9aae447553 
							
						 
					 
					
						
						
							
							minor update for matching SOAP messages  
						
						
						
					 
					
						2011-04-17 22:21:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4fa00121e4 
							
						 
					 
					
						
						
							
							that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one  
						
						
						
					 
					
						2011-04-17 21:58:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7366bf710 
							
						 
					 
					
						
						
							
							SOAP refactoring  
						
						
						
					 
					
						2011-04-17 21:39:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c7ff5dcbeb 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-17 08:48:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ee88ccf0ac 
							
						 
					 
					
						
						
							
							well, this could be important :)  
						
						
						
					 
					
						2011-04-17 08:33:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29ee760021 
							
						 
					 
					
						
						
							
							improving time based data retrieval mechanism  
						
						
						
					 
					
						2011-04-17 07:24:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5e70eac98c 
							
						 
					 
					
						
						
							
							fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes  
						
						
						
					 
					
						2011-04-16 06:44:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							88c76147e1 
							
						 
					 
					
						
						
							
							removed few trailing whitespace lines  
						
						
						
					 
					
						2011-04-15 20:52:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3b6f9945ae 
							
						 
					 
					
						
						
							
							minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)  
						
						
						
					 
					
						2011-04-15 14:15:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c461fdca54 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2011-04-15 13:51:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0387654166 
							
						 
					 
					
						
						
							
							update of copyright string (until year)  
						
						
						
					 
					
						2011-04-15 12:33:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d8a49a87c 
							
						 
					 
					
						
						
							
							more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation  
						
						
						
					 
					
						2011-04-15 11:53:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							467d1a50b3 
							
						 
					 
					
						
						
							
							removed debug message that could cause confusion  
						
						
						
					 
					
						2011-04-15 11:28:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8c6f7c7d5f 
							
						 
					 
					
						
						
							
							explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay  
						
						
						
					 
					
						2011-04-15 08:52:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3efd9e3959 
							
						 
					 
					
						
						
							
							improved htmlunescape (great for localized html escape codes)  
						
						
						
					 
					
						2011-04-14 21:36:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ded28442fb 
							
						 
					 
					
						
						
							
							minor fixes and refactoring regarding safecharencoding  
						
						
						
					 
					
						2011-04-14 15:54:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							866cdb4cf7 
							
						 
					 
					
						
						
							
							speed of --replicate is now vastly improved  
						
						
						
					 
					
						2011-04-14 14:34:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eafab03d99 
							
						 
					 
					
						
						
							
							safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)  
						
						
						
					 
					
						2011-04-14 13:53:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30bfefd638 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-04-14 12:58:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5cf38cd0d7 
							
						 
					 
					
						
						
							
							More cookies to ignore  
						
						
						
					 
					
						2011-04-14 12:46:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8426d48e2e 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-04-14 10:14:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							930262f573 
							
						 
					 
					
						
						
							
							minor update related to the last commit  
						
						
						
					 
					
						2011-04-14 10:12:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1c5427baf8 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-04-14 09:54:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bb99bd2fbe 
							
						 
					 
					
						
						
							
							one more commit related to the issue with displaying of garbled characters  
						
						
						
					 
					
						2011-04-14 09:43:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04986be4b9 
							
						 
					 
					
						
						
							
							update regarding safe character output together with a small fix for newlines  
						
						
						
					 
					
						2011-04-14 09:31:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5dfb55effc 
							
						 
					 
					
						
						
							
							revert of the last commit because of this  http://osvdb.org/show/osvdb/26582  
						
						
						
					 
					
						2011-04-14 06:46:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							786f305e1a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-14 06:43:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							21114d1748 
							
						 
					 
					
						
						
							
							added IGNORE_PARAMETERS to skip testing of state/session web server parameters  
						
						
						
					 
					
						2011-04-13 19:01:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							58a93c5b1f 
							
						 
					 
					
						
						
							
							better beep for MacOSX  
						
						
						
					 
					
						2011-04-13 18:32:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bf55b0b77a 
							
						 
					 
					
						
						
							
							more restrictions on crypt(3) hash recognition to prevent false positives  
						
						
						
					 
					
						2011-04-13 14:40:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d06ae9cd47 
							
						 
					 
					
						
						
							
							implemented retrieved items info for partial union too  
						
						
						
					 
					
						2011-04-13 14:33:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5f2201bbc 
							
						 
					 
					
						
						
							
							minor cosmetics for partial inband retrieval  
						
						
						
					 
					
						2011-04-13 11:25:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c193b896be 
							
						 
					 
					
						
						
							
							just in case update to prevent gibberish "retrieved: " outputs  
						
						
						
					 
					
						2011-04-12 23:07:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5346ecbb56 
							
						 
					 
					
						
						
							
							fix for a "accept certificate first time for svn"  
						
						
						
					 
					
						2011-04-12 14:25:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a883ce26b5 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')  
						
						
						
					 
					
						2011-04-12 13:25:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0ae74f27e4 
							
						 
					 
					
						
						
							
							avoiding annoying "payload 'None' possibly..." in case where payload is not specified  
						
						
						
					 
					
						2011-04-11 15:24:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							941daa1645 
							
						 
					 
					
						
						
							
							just in case to prevent "object of type 'NoneType' has no len()" error reports  
						
						
						
					 
					
						2011-04-11 11:59:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2db2e9b6a2 
							
						 
					 
					
						
						
							
							now GET forms are also prone to "do you want to fill with random values"  
						
						
						
					 
					
						2011-04-11 11:38:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08d14886fd 
							
						 
					 
					
						
						
							
							added new dev version string  
						
						
						
					 
					
						2011-04-11 09:44:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							07d6b18c4e 
							
						 
					 
					
						
						
							
							cutting for 0.9 stable  
						
						
						
					 
					
						2011-04-11 00:24:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8597409d9e 
							
						 
					 
					
						
						
							
							lowering the value  
						
						
						
					 
					
						2011-04-10 22:57:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							14219a3dac 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-04-10 22:44:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6012ab1c46 
							
						 
					 
					
						
						
							
							better one for previous commit  
						
						
						
					 
					
						2011-04-10 21:52:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c50df4f9 
							
						 
					 
					
						
						
							
							preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)  
						
						
						
					 
					
						2011-04-10 21:38:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							940c225d7c 
							
						 
					 
					
						
						
							
							few fixes  
						
						
						
					 
					
						2011-04-10 20:53:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d324704844 
							
						 
					 
					
						
						
							
							Removed unused code  
						
						
						
					 
					
						2011-04-10 20:39:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							decab6642d 
							
						 
					 
					
						
						
							
							fix for that @chunk bug  
						
						
						
					 
					
						2011-04-10 16:46:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							723a7447b2 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-04-10 07:16:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c714ac6421 
							
						 
					 
					
						
						
							
							added support for handling binary data values (no more garbish chars)  
						
						
						
					 
					
						2011-04-09 23:13:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4ad73f9263 
							
						 
					 
					
						
						
							
							added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics  
						
						
						
					 
					
						2011-04-09 22:39:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							277f16d6b3 
							
						 
					 
					
						
						
							
							removing commented out debug print  
						
						
						
					 
					
						2011-04-08 22:44:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4c40308c6 
							
						 
					 
					
						
						
							
							no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)  
						
						
						
					 
					
						2011-04-08 22:42:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							83feb097ef 
							
						 
					 
					
						
						
							
							greater flexibility for --batch when default is None  
						
						
						
					 
					
						2011-04-08 22:29:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6fa2fd139c 
							
						 
					 
					
						
						
							
							implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)  
						
						
						
					 
					
						2011-04-08 15:17:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							beb98140b3 
							
						 
					 
					
						
						
							
							Minor improvement to --check-payload  
						
						
						
					 
					
						2011-04-08 14:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							228cc68747 
							
						 
					 
					
						
						
							
							fix for those ugly DEBUG messages in brute mode  
						
						
						
					 
					
						2011-04-08 11:02:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5b21352656 
							
						 
					 
					
						
						
							
							cosmeticados ;)  
						
						
						
					 
					
						2011-04-08 10:39:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							be11e2535e 
							
						 
					 
					
						
						
							
							one more minor update  
						
						
						
					 
					
						2011-04-08 00:05:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3435d549a9 
							
						 
					 
					
						
						
							
							minor update regarding the last commit  
						
						
						
					 
					
						2011-04-07 23:35:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							726155383d 
							
						 
					 
					
						
						
							
							higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])  
						
						
						
					 
					
						2011-04-07 23:32:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b288e5ef57 
							
						 
					 
					
						
						
							
							implemented DNS caching mechanism  
						
						
						
					 
					
						2011-04-07 21:39:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ae4ea0af45 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')  
						
						
						
					 
					
						2011-04-07 13:57:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a8a5db9aa 
							
						 
					 
					
						
						
							
							minor code restyling  
						
						
						
					 
					
						2011-04-07 13:27:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e33a48d40f 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-04-07 12:54:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c6b9d89d31 
							
						 
					 
					
						
						
							
							Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly  
						
						
						
					 
					
						2011-04-07 11:10:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9e8c933333 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-04-07 10:40:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68828d68a5 
							
						 
					 
					
						
						
							
							removed integers from --technique  
						
						
						
					 
					
						2011-04-07 10:37:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fced81b6be 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-07 10:32:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							845533e92f 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-04-07 10:27:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1880f18367 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2011-04-07 10:07:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17844eb87c 
							
						 
					 
					
						
						
							
							Refactoring to --technique  
						
						
						
					 
					
						2011-04-07 10:00:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05d12790f1 
							
						 
					 
					
						
						
							
							closes   #219  - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)  
						
						
						
					 
					
						2011-04-06 14:41:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b14a9eaa7 
							
						 
					 
					
						
						
							
							Minor code adjustments  
						
						
						
					 
					
						2011-04-06 14:40:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a379463213 
							
						 
					 
					
						
						
							
							cosmeticado  
						
						
						
					 
					
						2011-04-06 08:40:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b327bbcd9b 
							
						 
					 
					
						
						
							
							minor fix (it was quite ... to have this check at the later stage)  
						
						
						
					 
					
						2011-04-06 08:39:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fdef6726cf 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-06 08:30:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d436ba2da5 
							
						 
					 
					
						
						
							
							Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value  
						
						
						
					 
					
						2011-04-06 08:19:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81034140c0 
							
						 
					 
					
						
						
							
							Reduced number of threads to 3 when -o is provided  
						
						
						
					 
					
						2011-04-06 08:15:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							265fa52600 
							
						 
					 
					
						
						
							
							minor code cosmetics  
						
						
						
					 
					
						2011-04-04 18:24:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							018b6b9430 
							
						 
					 
					
						
						
							
							fix for a charset encoding reported by Kirill  
						
						
						
					 
					
						2011-04-04 18:20:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c01fc56e6 
							
						 
					 
					
						
						
							
							minor update regarding misusage of --proxy and --ignore-proxy switches  
						
						
						
					 
					
						2011-04-04 09:19:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e957c4400c 
							
						 
					 
					
						
						
							
							minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)  
						
						
						
					 
					
						2011-04-04 08:04:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							305115a68b 
							
						 
					 
					
						
						
							
							important improvement of data handling (POST data and header values)  
						
						
						
					 
					
						2011-04-03 15:02:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bbd4c128b0 
							
						 
					 
					
						
						
							
							minor update related to the last commit  
						
						
						
					 
					
						2011-04-01 22:19:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cd7e4f5afc 
							
						 
					 
					
						
						
							
							improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)  
						
						
						
					 
					
						2011-04-01 22:12:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c3b54cc222 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-04-01 16:40:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e27afef6be 
							
						 
					 
					
						
						
							
							minor update regarding --current-db on Oracle  
						
						
						
					 
					
						2011-04-01 15:56:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eb99f68a7a 
							
						 
					 
					
						
						
							
							Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)  
						
						
						
					 
					
						2011-04-01 14:55:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de4e0c7346 
							
						 
					 
					
						
						
							
							minor update related to the problem with request files reported by jorge_a_santos@hotmail.com  
						
						
						
					 
					
						2011-04-01 12:09:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ee15988878 
							
						 
					 
					
						
						
							
							another minor update related to previous commit  
						
						
						
					 
					
						2011-03-31 17:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							156d24203f 
							
						 
					 
					
						
						
							
							speed optimization  
						
						
						
					 
					
						2011-03-31 17:16:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							220366b6e8 
							
						 
					 
					
						
						
							
							minor update (ip addresses will not be confused any more for crypt_generic hashes)  
						
						
						
					 
					
						2011-03-31 16:56:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							557ed7d665 
							
						 
					 
					
						
						
							
							minor fix for a invalid charset reported by Kirill  
						
						
						
					 
					
						2011-03-31 14:39:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fed57282fc 
							
						 
					 
					
						
						
							
							Added one more warning message to show what's going on with ctrl+c  
						
						
						
					 
					
						2011-03-31 14:26:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3948cd9e77 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2011-03-31 14:13:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c5de903eab 
							
						 
					 
					
						
						
							
							minor improvement ("quick defense against substr fields")  
						
						
						
					 
					
						2011-03-31 09:35:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ce51326bff 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2011-03-31 08:43:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0916117447 
							
						 
					 
					
						
						
							
							improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names  
						
						
						
					 
					
						2011-03-30 18:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dd01d66f13 
							
						 
					 
					
						
						
							
							proper update regarding last commit  
						
						
						
					 
					
						2011-03-29 22:10:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							850328df6c 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-03-29 22:03:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b6af80bab3 
							
						 
					 
					
						
						
							
							refactoring, cleanup and improvement  
						
						
						
					 
					
						2011-03-29 21:54:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adfbfef8c1 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-29 21:01:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							12f3024c8a 
							
						 
					 
					
						
						
							
							removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)  
						
						
						
					 
					
						2011-03-29 20:45:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9f707febf5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-03-29 15:43:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d0861a00e2 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-03-29 15:37:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d28ca5809b 
							
						 
					 
					
						
						
							
							adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)  
						
						
						
					 
					
						2011-03-29 14:16:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7cf4ba83dc 
							
						 
					 
					
						
						
							
							minor refactoring and comment update  
						
						
						
					 
					
						2011-03-29 12:08:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1821a008af 
							
						 
					 
					
						
						
							
							Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once  
						
						
						
					 
					
						2011-03-29 12:00:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5560196648 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-29 11:50:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e20d460809 
							
						 
					 
					
						
						
							
							Bernardo will kill me (added --wizard for total beginners)  
						
						
						
					 
					
						2011-03-29 11:42:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d78eac938 
							
						 
					 
					
						
						
							
							revert of that thingy as requested by Bernardo  
						
						
						
					 
					
						2011-03-29 10:06:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a9f5d828c6 
							
						 
					 
					
						
						
							
							minor fix avoiding problems with hashing strange characters in usernames  
						
						
						
					 
					
						2011-03-29 07:50:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8debbe724 
							
						 
					 
					
						
						
							
							minor cosmetics and one minor fix (|= is a nono with None)  
						
						
						
					 
					
						2011-03-29 06:38:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							86f93713d3 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update  
						
						
						
					 
					
						2011-03-29 06:25:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a2d5358b08 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-28 23:40:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e900ccbac 
							
						 
					 
					
						
						
							
							minor comment update  
						
						
						
					 
					
						2011-03-28 23:12:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a61e287d23 
							
						 
					 
					
						
						
							
							making updates for dummy Windows users  
						
						
						
					 
					
						2011-03-28 23:09:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bf0e3c4662 
							
						 
					 
					
						
						
							
							improvement for --forms with empty fields  
						
						
						
					 
					
						2011-03-28 22:48:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1823c116bb 
							
						 
					 
					
						
						
							
							minor update for special cases of union testing results  
						
						
						
					 
					
						2011-03-28 21:45:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ae53ad4c30 
							
						 
					 
					
						
						
							
							making an update for special case of timed out response  
						
						
						
					 
					
						2011-03-28 21:05:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1e22ff45de 
							
						 
					 
					
						
						
							
							minor update regarding testing of GET parameters if --data and/or --forms is used  
						
						
						
					 
					
						2011-03-28 16:14:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							625f124263 
							
						 
					 
					
						
						
							
							little info message  
						
						
						
					 
					
						2011-03-28 12:13:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47924fb92e 
							
						 
					 
					
						
						
							
							fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')  
						
						
						
					 
					
						2011-03-27 13:41:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76b7e3517d 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-03-27 07:58:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dba32306b0 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-03-26 22:03:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d8f7c4bc4c 
							
						 
					 
					
						
						
							
							minor update regarding support for crypt(3)  
						
						
						
					 
					
						2011-03-26 21:41:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f00b9fa4b 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-26 21:10:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							afe2be6a9f 
							
						 
					 
					
						
						
							
							implementation of Standard DES hashing (crypt)  
						
						
						
					 
					
						2011-03-26 20:46:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1119a85f39 
							
						 
					 
					
						
						
							
							it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)  
						
						
						
					 
					
						2011-03-25 21:31:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c6133e8aa 
							
						 
					 
					
						
						
							
							revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)  
						
						
						
					 
					
						2011-03-25 20:46:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							737b4abf13 
							
						 
					 
					
						
						
							
							this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)  
						
						
						
					 
					
						2011-03-25 20:30:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							422967fbcd 
							
						 
					 
					
						
						
							
							just an minor update related to the last commit  
						
						
						
					 
					
						2011-03-25 12:21:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c5b6d377fb 
							
						 
					 
					
						
						
							
							fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)  
						
						
						
					 
					
						2011-03-25 12:14:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							af5342c495 
							
						 
					 
					
						
						
							
							fix for partial inband queries on MSSQL  
						
						
						
					 
					
						2011-03-25 11:19:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e80c9e08d8 
							
						 
					 
					
						
						
							
							minor update regarding --live-test  
						
						
						
					 
					
						2011-03-25 09:03:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ea52d7acad 
							
						 
					 
					
						
						
							
							minor revisit of inference  
						
						
						
					 
					
						2011-03-24 20:10:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f1c4c0e61 
							
						 
					 
					
						
						
							
							better update related to the last commit  
						
						
						
					 
					
						2011-03-24 20:04:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0cc5d1dad 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-03-24 17:18:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f3858a5fcf 
							
						 
					 
					
						
						
							
							another fix related to the bug reported by Alone Shell  
						
						
						
					 
					
						2011-03-24 17:08:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e42cdfd138 
							
						 
					 
					
						
						
							
							adding possibility to run only one live test (e.g. --run-case=8)  
						
						
						
					 
					
						2011-03-24 12:07:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b15ad57c2 
							
						 
					 
					
						
						
							
							basic live tests against 3 major DBMSes  
						
						
						
					 
					
						2011-03-24 11:47:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecbbfeba6e 
							
						 
					 
					
						
						
							
							introduction of --fresh-queries  
						
						
						
					 
					
						2011-03-24 10:08:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							762397854e 
							
						 
					 
					
						
						
							
							fix for a bug reported by Kirill (unknown charset '8859-1')  
						
						
						
					 
					
						2011-03-24 09:27:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d79fae724c 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-24 09:16:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0bb08d09d2 
							
						 
					 
					
						
						
							
							fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file  
						
						
						
					 
					
						2011-03-24 08:43:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bd75fd26e9 
							
						 
					 
					
						
						
							
							implementing a --page-rank switch as requested by l0rda@l0rda.biz  
						
						
						
					 
					
						2011-03-23 11:57:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f7bce5c66 
							
						 
					 
					
						
						
							
							fixing a huge mess going on because of counting on error and union techniques  
						
						
						
					 
					
						2011-03-23 11:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5a1aaecf16 
							
						 
					 
					
						
						
							
							minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')  
						
						
						
					 
					
						2011-03-22 13:07:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7613134515 
							
						 
					 
					
						
						
							
							it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)  
						
						
						
					 
					
						2011-03-22 12:37:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9479a68eb5 
							
						 
					 
					
						
						
							
							minor fix regarding last commit  
						
						
						
					 
					
						2011-03-22 12:21:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c24ed6e622 
							
						 
					 
					
						
						
							
							minor fix related to a bug reported by warninggp@gmail.com  
						
						
						
					 
					
						2011-03-22 09:22:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cbfb10cbd1 
							
						 
					 
					
						
						
							
							fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)  
						
						
						
					 
					
						2011-03-21 16:43:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c9ccb755 
							
						 
					 
					
						
						
							
							Oracle XML based error payload has problems with char $ as with space  
						
						
						
					 
					
						2011-03-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1abcd507b8 
							
						 
					 
					
						
						
							
							hidding --group-concat switch  
						
						
						
					 
					
						2011-03-21 12:13:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							19e2ed9803 
							
						 
					 
					
						
						
							
							Layout fix  
						
						
						
					 
					
						2011-03-21 00:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3ca5cddca7 
							
						 
					 
					
						
						
							
							massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)  
						
						
						
					 
					
						2011-03-20 23:54:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9b1f2d82d0 
							
						 
					 
					
						
						
							
							minor update (that .strip() was a leftover)  
						
						
						
					 
					
						2011-03-20 23:20:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db992a0a86 
							
						 
					 
					
						
						
							
							mssql likes to htmlescape error reports  
						
						
						
					 
					
						2011-03-20 23:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							088c815567 
							
						 
					 
					
						
						
							
							minor update (exposing --tor switch)  
						
						
						
					 
					
						2011-03-19 18:28:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2cc91b8470 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-03-19 17:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c2b3afafb 
							
						 
					 
					
						
						
							
							minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)  
						
						
						
					 
					
						2011-03-19 17:37:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							139448eeb9 
							
						 
					 
					
						
						
							
							little stabilization regarding POST url(de/en)coding  
						
						
						
					 
					
						2011-03-19 16:53:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fcd999e51 
							
						 
					 
					
						
						
							
							fix for a bug reported by malice  
						
						
						
					 
					
						2011-03-18 16:52:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							58e9a074d3 
							
						 
					 
					
						
						
							
							masking some more command line arguments  
						
						
						
					 
					
						2011-03-18 16:47:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36233fac42 
							
						 
					 
					
						
						
							
							update regarding a feature request from andyroyalbattle@yahoo.it  
						
						
						
					 
					
						2011-03-18 16:35:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00b9d85ffc 
							
						 
					 
					
						
						
							
							fix regarding bug report from andyroyalbattle@yahoo.it  
						
						
						
					 
					
						2011-03-18 16:26:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4e300baaf2 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-03-18 14:09:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3628887110 
							
						 
					 
					
						
						
							
							los cosmeticados  
						
						
						
					 
					
						2011-03-18 14:08:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							75c0e09f43 
							
						 
					 
					
						
						
							
							little refactoring  
						
						
						
					 
					
						2011-03-18 13:46:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c301b245a9 
							
						 
					 
					
						
						
							
							adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)  
						
						
						
					 
					
						2011-03-18 13:39:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b53c9a2599 
							
						 
					 
					
						
						
							
							minor fix and some refactoring  
						
						
						
					 
					
						2011-03-18 00:24:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9526f0c4c2 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2011-03-17 12:35:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							03fac62592 
							
						 
					 
					
						
						
							
							Minor code restyle  
						
						
						
					 
					
						2011-03-17 12:34:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cbdd9e921e 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-03-17 12:23:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6607a240cf 
							
						 
					 
					
						
						
							
							added logging to redirecthandler  
						
						
						
					 
					
						2011-03-17 12:21:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a513198dd 
							
						 
					 
					
						
						
							
							minor fix regarding last couple of commits  
						
						
						
					 
					
						2011-03-17 11:25:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							970cde5a8a 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-03-17 09:23:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							beba69faa9 
							
						 
					 
					
						
						
							
							implementation of request from Santiago (look for error based responses in redirects)  
						
						
						
					 
					
						2011-03-17 09:12:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							847ce863e3 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-03-17 08:54:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fbd0cfda29 
							
						 
					 
					
						
						
							
							minor update toward the implementation of request from Santiago  
						
						
						
					 
					
						2011-03-17 06:39:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f00aff5303 
							
						 
					 
					
						
						
							
							-v 0 shows both error, critical and raw_input messages  
						
						
						
					 
					
						2011-03-11 22:02:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d7d47b6257 
							
						 
					 
					
						
						
							
							Minor bug fix (revert)  
						
						
						
					 
					
						2011-03-11 21:56:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e64f225e65 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-11 20:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2fd3f0d7b2 
							
						 
					 
					
						
						
							
							minor update (added comment)  
						
						
						
					 
					
						2011-03-11 20:07:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cc745f789 
							
						 
					 
					
						
						
							
							removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)  
						
						
						
					 
					
						2011-03-11 20:04:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5eae525010 
							
						 
					 
					
						
						
							
							this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)  
						
						
						
					 
					
						2011-03-11 19:57:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d8a76ebe34 
							
						 
					 
					
						
						
							
							Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs  
						
						
						
					 
					
						2011-03-11 16:03:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cb0ca4b63 
							
						 
					 
					
						
						
							
							Minor bug fix for --privileges on PgSQL with error-based SQL inj technique  
						
						
						
					 
					
						2011-03-11 15:24:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5af7410cb1 
							
						 
					 
					
						
						
							
							Another bug fix for --privileges on PgSQL with UNION query technique  
						
						
						
					 
					
						2011-03-11 15:13:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							74ef1e53c7 
							
						 
					 
					
						
						
							
							Minor bug fixes to --privileges for PostgreSQL query (corner case)  
						
						
						
					 
					
						2011-03-11 14:54:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1879a49506 
							
						 
					 
					
						
						
							
							fix for a bug reported by andreoaz@gmail.com  
						
						
						
					 
					
						2011-03-10 20:40:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb1cda7065 
							
						 
					 
					
						
						
							
							minor refactoring (more consistent)  
						
						
						
					 
					
						2011-03-09 12:06:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							62e3510387 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-09 11:37:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c97f9a496 
							
						 
					 
					
						
						
							
							improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)  
						
						
						
					 
					
						2011-03-09 09:36:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9b2962ff1c 
							
						 
					 
					
						
						
							
							now when we don't urlencode whole URI using : and \ as safe chars is not a good idea  
						
						
						
					 
					
						2011-03-09 08:56:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30619c599b 
							
						 
					 
					
						
						
							
							minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)  
						
						
						
					 
					
						2011-03-08 11:53:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99adbbeaa3 
							
						 
					 
					
						
						
							
							los cosmeticados  
						
						
						
					 
					
						2011-03-07 22:04:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc0306044c 
							
						 
					 
					
						
						
							
							adding SVN revision number support for non SVN client platforms  
						
						
						
					 
					
						2011-03-07 21:54:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							154d947c62 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-03-07 10:15:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							16b286982d 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')  
						
						
						
					 
					
						2011-03-07 09:50:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8edc3b3302 
							
						 
					 
					
						
						
							
							further update regarding last commit  
						
						
						
					 
					
						2011-03-03 10:39:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bc50387a17 
							
						 
					 
					
						
						
							
							possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)  
						
						
						
					 
					
						2011-03-03 09:42:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a1f5744be 
							
						 
					 
					
						
						
							
							minor update to make counting variable totally independent of the urllib2's self.retried  
						
						
						
					 
					
						2011-03-02 10:42:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a010386a23 
							
						 
					 
					
						
						
							
							finally a proper fix for that annoying recursive bug  
						
						
						
					 
					
						2011-03-02 10:29:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f27f05308a 
							
						 
					 
					
						
						
							
							minor update for masking sensitive data in error report (added aCred too)  
						
						
						
					 
					
						2011-03-02 10:09:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ad2e4002ea 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-03-01 10:38:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f3cc153a3 
							
						 
					 
					
						
						
							
							fix for --technique  
						
						
						
					 
					
						2011-03-01 09:54:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9856cb71de 
							
						 
					 
					
						
						
							
							redo of the last commit with comments added  
						
						
						
					 
					
						2011-02-28 18:58:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ade31b2cb0 
							
						 
					 
					
						
						
							
							removal of obsolete item  
						
						
						
					 
					
						2011-02-28 18:49:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2bf212ffa9 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2011-02-27 20:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7036190e8e 
							
						 
					 
					
						
						
							
							minor improvement of regular expression  
						
						
						
					 
					
						2011-02-27 17:58:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							21041f8b90 
							
						 
					 
					
						
						
							
							further reflective value handling improvement  
						
						
						
					 
					
						2011-02-27 17:43:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e8ebd35f4 
							
						 
					 
					
						
						
							
							Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable  
						
						
						
					 
					
						2011-02-27 12:17:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							60605b6e7c 
							
						 
					 
					
						
						
							
							Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)  
						
						
						
					 
					
						2011-02-27 12:14:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							88faedc0fe 
							
						 
					 
					
						
						
							
							fix for a bug reported by -insane-  
						
						
						
					 
					
						2011-02-26 17:48:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							11996ce12e 
							
						 
					 
					
						
						
							
							bug fix for international encoded letters  
						
						
						
					 
					
						2011-02-25 22:43:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63b8156c00 
							
						 
					 
					
						
						
							
							some update (if header key is non-unicode comformant)  
						
						
						
					 
					
						2011-02-25 09:43:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2bbbc9a41e 
							
						 
					 
					
						
						
							
							few updates  
						
						
						
					 
					
						2011-02-25 09:35:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa88361ab1 
							
						 
					 
					
						
						
							
							incorporation of method for neutralization of reflective values  
						
						
						
					 
					
						2011-02-25 09:22:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							708ddf5608 
							
						 
					 
					
						
						
							
							added protection mechanism against reflected values  
						
						
						
					 
					
						2011-02-24 16:52:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							38dc82e13e 
							
						 
					 
					
						
						
							
							If no Accept header field is present, then it is assumed that the client accepts all media types.  
						
						
						
					 
					
						2011-02-22 22:26:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d05bd75068 
							
						 
					 
					
						
						
							
							adding experimental for --group-concat  
						
						
						
					 
					
						2011-02-22 14:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							12ede1e5de 
							
						 
					 
					
						
						
							
							minor JIC (just-in-case) update  
						
						
						
					 
					
						2011-02-22 13:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3f8eadf4fe 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-22 13:00:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dcad5410fe 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-22 12:54:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							17c39fe231 
							
						 
					 
					
						
						
							
							fix for that non-HTML stuff  
						
						
						
					 
					
						2011-02-22 11:32:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3e8c204121 
							
						 
					 
					
						
						
							
							Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba  
						
						
						
					 
					
						2011-02-21 16:00:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							90582ed7dc 
							
						 
					 
					
						
						
							
							minor change  
						
						
						
					 
					
						2011-02-21 11:35:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aac817935a 
							
						 
					 
					
						
						
							
							further improvement of MaxDB support  
						
						
						
					 
					
						2011-02-20 22:41:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							70449eb01b 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-02-20 21:35:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							345df5968d 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-20 21:27:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0c57f2af0f 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-02-20 12:20:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							023a80c31c 
							
						 
					 
					
						
						
							
							Section explanation change to reflect recent enhancements  
						
						
						
					 
					
						2011-02-19 21:06:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							60b05ff49f 
							
						 
					 
					
						
						
							
							Reflect new switch name  
						
						
						
					 
					
						2011-02-19 21:05:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e60acae5d 
							
						 
					 
					
						
						
							
							Added support for --scope also in WebScarab logs (-l)  
						
						
						
					 
					
						2011-02-19 21:03:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b71bb321dd 
							
						 
					 
					
						
						
							
							some more Sybase updates  
						
						
						
					 
					
						2011-02-19 18:04:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cec7694aac 
							
						 
					 
					
						
						
							
							some progress regarding SYBASE  
						
						
						
					 
					
						2011-02-19 14:56:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e0efe453ab 
							
						 
					 
					
						
						
							
							minor update regarding Sybase support  
						
						
						
					 
					
						2011-02-19 14:07:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							df58bcaf95 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-02-18 14:27:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3badf92ceb 
							
						 
					 
					
						
						
							
							not doing "basic" filtering in default cases because of a bug reported by Kazim  
						
						
						
					 
					
						2011-02-18 07:38:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cdf08b81c 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-02-17 21:51:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							22cd49a217 
							
						 
					 
					
						
						
							
							--technique can now be something like 123 which includes both techniques 1, 2 and 3  
						
						
						
					 
					
						2011-02-17 21:39:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ebc1ab90a 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-02-17 08:59:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							199f14df46 
							
						 
					 
					
						
						
							
							implementation of MySQL GROUP_CONCAT technique  
						
						
						
					 
					
						2011-02-15 00:28:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ea828e416 
							
						 
					 
					
						
						
							
							Proper fix for r3307 (file-write on MySQL via UNION query tech)  
						
						
						
					 
					
						2011-02-13 22:48:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							417b311475 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-13 22:02:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							50d25c3b4d 
							
						 
					 
					
						
						
							
							update regarding explicit testing of ua and referer when using -p  
						
						
						
					 
					
						2011-02-13 21:58:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							429ab631fe 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-02-13 21:25:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb11fd173 
							
						 
					 
					
						
						
							
							update regarding multiple DBMS payloads  
						
						
						
					 
					
						2011-02-13 21:20:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							45a005737d 
							
						 
					 
					
						
						
							
							Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2  
						
						
						
					 
					
						2011-02-13 21:08:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							83d7803ce7 
							
						 
					 
					
						
						
							
							other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)  
						
						
						
					 
					
						2011-02-12 20:03:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9f7d666451 
							
						 
					 
					
						
						
							
							removing --method per request of buawig  
						
						
						
					 
					
						2011-02-12 19:50:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1cd483f42f 
							
						 
					 
					
						
						
							
							one more update  
						
						
						
					 
					
						2011-02-12 10:24:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25a3a64327 
							
						 
					 
					
						
						
							
							we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.  
						
						
						
					 
					
						2011-02-12 10:15:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							521635c84d 
							
						 
					 
					
						
						
							
							quick fix for UA and Referer  
						
						
						
					 
					
						2011-02-11 23:36:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7253362114 
							
						 
					 
					
						
						
							
							Minor bug fix so that --file-write on MySQL via UNION query now works again  
						
						
						
					 
					
						2011-02-11 23:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							535eb9f3eb 
							
						 
					 
					
						
						
							
							implementation of referer feature  
						
						
						
					 
					
						2011-02-11 23:07:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6ab24e0b5 
							
						 
					 
					
						
						
							
							just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed  
						
						
						
					 
					
						2011-02-10 22:47:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f2fcd1eea 
							
						 
					 
					
						
						
							
							minor adjustment regarding "file" switches  
						
						
						
					 
					
						2011-02-10 19:55:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4295a78c5f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-10 19:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c078de894f 
							
						 
					 
					
						
						
							
							Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA  
						
						
						
					 
					
						2011-02-10 14:24:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							864eade744 
							
						 
					 
					
						
						
							
							Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase  
						
						
						
					 
					
						2011-02-10 11:14:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aa0fb276ba 
							
						 
					 
					
						
						
							
							More fixes for --common-columns to work against MSSQL too  
						
						
						
					 
					
						2011-02-09 17:22:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							917b2b0d6b 
							
						 
					 
					
						
						
							
							one more commit related to the previous one  
						
						
						
					 
					
						2011-02-09 17:07:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c582343fe 
							
						 
					 
					
						
						
							
							.. fix  
						
						
						
					 
					
						2011-02-09 17:05:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d9af01d73d 
							
						 
					 
					
						
						
							
							imporant fix for boolean expression which return [None]  
						
						
						
					 
					
						2011-02-09 16:53:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7d9be18789 
							
						 
					 
					
						
						
							
							added one comment  
						
						
						
					 
					
						2011-02-09 14:34:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bafc8a1b0f 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2011-02-09 13:29:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							600f729139 
							
						 
					 
					
						
						
							
							fix for a bug reported by skysbsb@gmail.com (double ORDER BY)  
						
						
						
					 
					
						2011-02-09 12:43:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5b57a69f3e 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2011-02-09 11:20:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3de6117253 
							
						 
					 
					
						
						
							
							revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)  
						
						
						
					 
					
						2011-02-09 09:53:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							98ca1702ae 
							
						 
					 
					
						
						
							
							los cosmeticado  
						
						
						
					 
					
						2011-02-08 16:30:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							87e36796c6 
							
						 
					 
					
						
						
							
							just to not cause confusion  
						
						
						
					 
					
						2011-02-08 16:29:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dcb9c93328 
							
						 
					 
					
						
						
							
							minor cleanup  
						
						
						
					 
					
						2011-02-08 16:27:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							37f7001143 
							
						 
					 
					
						
						
							
							first commit with mysql/error/substringing  
						
						
						
					 
					
						2011-02-08 16:23:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c3eb82e60b 
							
						 
					 
					
						
						
							
							Proper fix  
						
						
						
					 
					
						2011-02-08 10:08:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dba2f74588 
							
						 
					 
					
						
						
							
							revert of r3274  
						
						
						
					 
					
						2011-02-08 09:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							156d8cd99b 
							
						 
					 
					
						
						
							
							Directory restyling  
						
						
						
					 
					
						2011-02-08 00:15:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cfe2da0195 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-08 00:13:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0a81415f2f 
							
						 
					 
					
						
						
							
							Minor code cleanup  
						
						
						
					 
					
						2011-02-08 00:02:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c4f6d2e99 
							
						 
					 
					
						
						
							
							fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too  
						
						
						
					 
					
						2011-02-07 21:53:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a577d0e9a5 
							
						 
					 
					
						
						
							
							restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)  
						
						
						
					 
					
						2011-02-07 21:18:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							66adf23532 
							
						 
					 
					
						
						
							
							Unbiased approach for searching appropriate usable column  
						
						
						
					 
					
						2011-02-07 21:00:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f958b21613 
							
						 
					 
					
						
						
							
							there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)  
						
						
						
					 
					
						2011-02-07 16:55:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							771020abd6 
							
						 
					 
					
						
						
							
							one more related commit  
						
						
						
					 
					
						2011-02-07 16:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							265e7ca272 
							
						 
					 
					
						
						
							
							fix for that MSSQL limit/top problem  
						
						
						
					 
					
						2011-02-07 16:24:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71d1b72e0e 
							
						 
					 
					
						
						
							
							minor adjustment  
						
						
						
					 
					
						2011-02-07 12:51:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b33ac19d39 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-07 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99e9412f74 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-07 12:34:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e023e0d233 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2011-02-07 12:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							39decebe85 
							
						 
					 
					
						
						
							
							Minor fixes to checking/re-enabling of xp_cmdshell procedure  
						
						
						
					 
					
						2011-02-07 12:17:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0233dcd4f 
							
						 
					 
					
						
						
							
							preventing crashes for output=[]  
						
						
						
					 
					
						2011-02-07 10:24:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							096efea282 
							
						 
					 
					
						
						
							
							added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]  
						
						
						
					 
					
						2011-02-07 10:22:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ba3a8a69d4 
							
						 
					 
					
						
						
							
							More statements to exclude from unescap'ing  
						
						
						
					 
					
						2011-02-07 00:33:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3719f085ae 
							
						 
					 
					
						
						
							
							Added back-end dbms' OS based methods to Backend object - will be used for refactoring  
						
						
						
					 
					
						2011-02-07 00:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2e00656235 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-07 00:20:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bf5ca4bd9a 
							
						 
					 
					
						
						
							
							No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')  
						
						
						
					 
					
						2011-02-06 23:30:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							061f56daf9 
							
						 
					 
					
						
						
							
							More adjustments related to unescape() and cleanupPayload().  
						
						... 
						
						
						
						Minor code cleanup related to error-based payload. 
						
					 
					
						2011-02-06 23:27:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6a71629575 
							
						 
					 
					
						
						
							
							Converted from DOS format (\n\r to \n only)  
						
						
						
					 
					
						2011-02-06 23:25:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0800d9e49b 
							
						 
					 
					
						
						
							
							Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()  
						
						
						
					 
					
						2011-02-06 22:58:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9eac2339ca 
							
						 
					 
					
						
						
							
							 
						
						
						
					 
					
						2011-02-06 22:55:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f3d6be7868 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-02-06 22:32:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							078a2207cc 
							
						 
					 
					
						
						
							
							few reverts  
						
						
						
					 
					
						2011-02-06 22:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9b2fe0e7c 
							
						 
					 
					
						
						
							
							little cleanup  
						
						
						
					 
					
						2011-02-06 21:52:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4c2cf1d58 
							
						 
					 
					
						
						
							
							can't stay as it is right now. temporary disabling.  
						
						
						
					 
					
						2011-02-06 21:17:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2b96a66a2 
							
						 
					 
					
						
						
							
							one more update regarding last few "unescape" related commits  
						
						
						
					 
					
						2011-02-06 20:23:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6191a7f26f 
							
						 
					 
					
						
						
							
							Major fix for a silent bug  
						
						
						
					 
					
						2011-02-06 15:53:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c44978862e 
							
						 
					 
					
						
						
							
							Minor reordering of what gets saved into the injection object  
						
						
						
					 
					
						2011-02-06 15:20:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							412a97b7fe 
							
						 
					 
					
						
						
							
							fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')  
						
						
						
					 
					
						2011-02-05 14:17:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4df8a03c04 
							
						 
					 
					
						
						
							
							using OrderedDict to store parameters in order of appearance  
						
						
						
					 
					
						2011-02-04 18:07:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							acb986ae80 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-04 17:40:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fec88f6a6d 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-04 15:57:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							09e88cfb19 
							
						 
					 
					
						
						
							
							fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())  
						
						
						
					 
					
						2011-02-04 14:05:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f83f1a1e06 
							
						 
					 
					
						
						
							
							minor just in case update  
						
						
						
					 
					
						2011-02-04 13:08:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c69b76776e 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-04 13:04:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							accf4e6ce0 
							
						 
					 
					
						
						
							
							one important fix (URI injection parameter '*' now can go anywhere)  
						
						
						
					 
					
						2011-02-04 12:43:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c19d481bb1 
							
						 
					 
					
						
						
							
							little clean up  
						
						
						
					 
					
						2011-02-04 12:25:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c229efba05 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-02-04 11:33:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d211def899 
							
						 
					 
					
						
						
							
							minor adjustment (accepting strange new looking uri formats)  
						
						
						
					 
					
						2011-02-04 10:55:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1af418d444 
							
						 
					 
					
						
						
							
							huge bug fix  
						
						
						
					 
					
						2011-02-04 10:18:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4933f0c92 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-02-03 23:25:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a1a28c804 
							
						 
					 
					
						
						
							
							adding comments to filtering function  
						
						
						
					 
					
						2011-02-03 23:09:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1aecbe6b08 
							
						 
					 
					
						
						
							
							minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)  
						
						
						
					 
					
						2011-02-03 22:59:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e5f54644f0 
							
						 
					 
					
						
						
							
							minor "statistical" update  
						
						
						
					 
					
						2011-02-03 16:59:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3bd6e538f8 
							
						 
					 
					
						
						
							
							more appropriate  
						
						
						
					 
					
						2011-02-03 16:48:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a13fd87fd 
							
						 
					 
					
						
						
							
							new UNION column detection is going into wild  
						
						
						
					 
					
						2011-02-03 16:16:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b56a77e573 
							
						 
					 
					
						
						
							
							removing obsolete switches (--threshold, --excl-reg, --excl-str)  
						
						
						
					 
					
						2011-02-03 15:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							253a8d0679 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-03 15:24:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0edb4ee314 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-02-03 13:28:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1b9850b73a 
							
						 
					 
					
						
						
							
							revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )  
						
						
						
					 
					
						2011-02-03 12:21:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5edba2ffbc 
							
						 
					 
					
						
						
							
							minor change (conf.updateAll to conf.update)  
						
						
						
					 
					
						2011-02-03 11:13:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							402c1b622e 
							
						 
					 
					
						
						
							
							removing urlencode from UA  
						
						
						
					 
					
						2011-02-02 15:18:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f49e20cc8 
							
						 
					 
					
						
						
							
							adding --random-agent and removing -a  
						
						
						
					 
					
						2011-02-02 14:51:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2dae57a56d 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-02-02 14:35:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c87bd1c63 
							
						 
					 
					
						
						
							
							added maskSensitiveData function  
						
						
						
					 
					
						2011-02-02 14:25:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f0114a2a8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-02 14:06:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8134c2154a 
							
						 
					 
					
						
						
							
							adding WHERE enum for payloads  
						
						
						
					 
					
						2011-02-02 13:34:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6c9515f78 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 13:03:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							847b648e4a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 12:42:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e73a147fb5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 11:49:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e33428b833 
							
						 
					 
					
						
						
							
							adding __findUnionCharCount function  
						
						
						
					 
					
						2011-02-02 11:22:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99aa38b58f 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-02 10:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23c95107ed 
							
						 
					 
					
						
						
							
							we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)  
						
						
						
					 
					
						2011-02-02 09:24:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							af99105c27 
							
						 
					 
					
						
						
							
							lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)  
						
						
						
					 
					
						2011-02-01 22:45:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a37f5e05b9 
							
						 
					 
					
						
						
							
							Refactoring  
						
						
						
					 
					
						2011-02-01 22:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9b342a4c95 
							
						 
					 
					
						
						
							
							Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.  
						
						... 
						
						
						
						Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too. 
						
					 
					
						2011-02-01 22:07:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2619e4895f 
							
						 
					 
					
						
						
							
							Properly handle --technique at save/resume phase  
						
						
						
					 
					
						2011-02-01 22:05:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3d966bd569 
							
						 
					 
					
						
						
							
							You never know..  
						
						
						
					 
					
						2011-02-01 22:05:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d875d848ce 
							
						 
					 
					
						
						
							
							Better sort  
						
						
						
					 
					
						2011-02-01 22:04:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							705d45f4db 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-02-01 11:10:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							196e2d35b2 
							
						 
					 
					
						
						
							
							maybe we could ask user "are you willing to import local data content into error report" and use this function respectably  
						
						
						
					 
					
						2011-02-01 11:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6761933f75 
							
						 
					 
					
						
						
							
							Just.. cosmetics ;)  
						
						
						
					 
					
						2011-01-31 22:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							35b6d7278a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-31 22:50:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25c175a9a5 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-31 22:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b04e1a0313 
							
						 
					 
					
						
						
							
							More detailed message for unhandled exception  
						
						
						
					 
					
						2011-01-31 21:23:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2fd9621499 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						... 
						
						
						
						Cosmetics 
						
					 
					
						2011-01-31 21:22:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ec9ebb3479 
							
						 
					 
					
						
						
							
							Set threads to 4 when optimization switch is provided, -o  
						
						
						
					 
					
						2011-01-31 21:21:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8397c526d8 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2011-01-31 21:20:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e3a3ae11cc 
							
						 
					 
					
						
						
							
							Proper return from error-based technique enumeration  
						
						
						
					 
					
						2011-01-31 21:13:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa58a9c86b 
							
						 
					 
					
						
						
							
							update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)  
						
						
						
					 
					
						2011-01-31 20:36:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							777a19cfa9 
							
						 
					 
					
						
						
							
							LOL. removing that debug 'True'  
						
						
						
					 
					
						2011-01-31 16:22:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a80fe28631 
							
						 
					 
					
						
						
							
							one more thing ;)  
						
						
						
					 
					
						2011-01-31 16:21:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							933d701667 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-31 16:14:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b1dc928e68 
							
						 
					 
					
						
						
							
							implemented validation for time-based inference  
						
						
						
					 
					
						2011-01-31 16:07:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25463bc67c 
							
						 
					 
					
						
						
							
							fix for a bug (--predict-output) noticed by Bernardo  
						
						
						
					 
					
						2011-01-31 15:00:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							60a2364f2b 
							
						 
					 
					
						
						
							
							now union technique parses headers too  
						
						
						
					 
					
						2011-01-31 12:41:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8ef47307db 
							
						 
					 
					
						
						
							
							added checking of header values for GREP (error); still UNION to do  
						
						
						
					 
					
						2011-01-31 12:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6f2cd56ff 
							
						 
					 
					
						
						
							
							removed junky import  
						
						
						
					 
					
						2011-01-31 11:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb3513650d 
							
						 
					 
					
						
						
							
							adding ID properties  
						
						
						
					 
					
						2011-01-31 11:41:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f9eac97fe8 
							
						 
					 
					
						
						
							
							refactoring of MSSQL XML banner parsing  
						
						
						
					 
					
						2011-01-31 11:38:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7175efcae1 
							
						 
					 
					
						
						
							
							another minor cosmetic update  
						
						
						
					 
					
						2011-01-31 10:59:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97328c3104 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-31 10:54:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5e768be509 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-31 09:34:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f7feebe0df 
							
						 
					 
					
						
						
							
							fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)  
						
						
						
					 
					
						2011-01-31 09:28:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2a0b03e5c6 
							
						 
					 
					
						
						
							
							Unused import  
						
						
						
					 
					
						2011-01-30 17:07:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fc9c626f9e 
							
						 
					 
					
						
						
							
							minor refactoring (removed URL_ENCODE_PAYLOAD)  
						
						
						
					 
					
						2011-01-30 17:03:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							21e7223779 
							
						 
					 
					
						
						
							
							perhaps this is better english  
						
						
						
					 
					
						2011-01-30 16:34:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8278d821ac 
							
						 
					 
					
						
						
							
							Another layout adjustment  
						
						
						
					 
					
						2011-01-30 16:23:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							71d82e6f57 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2011-01-30 16:19:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							02e5c4b1e6 
							
						 
					 
					
						
						
							
							Minor bug fix for --sql-query/-shell with error-based technique  
						
						
						
					 
					
						2011-01-30 14:19:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bc8f1142c9 
							
						 
					 
					
						
						
							
							minor revert  
						
						
						
					 
					
						2011-01-30 11:41:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3060c369a5 
							
						 
					 
					
						
						
							
							minor fix for previous commit  
						
						
						
					 
					
						2011-01-30 07:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1abf354630 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-30 07:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d63339ca26 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-30 07:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8883de2c6 
							
						 
					 
					
						
						
							
							minor update regarding unicode decoding of supplied arguments  
						
						
						
					 
					
						2011-01-29 23:01:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddd296030d 
							
						 
					 
					
						
						
							
							added some more info to unhandled exception message(s)  
						
						
						
					 
					
						2011-01-28 16:15:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a184a4c772 
							
						 
					 
					
						
						
							
							major of majors bug fix  
						
						
						
					 
					
						2011-01-28 14:31:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f4fb156d3 
							
						 
					 
					
						
						
							
							major bug fix  
						
						
						
					 
					
						2011-01-28 14:09:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b98cbeee04 
							
						 
					 
					
						
						
							
							page for handling binary files  
						
						
						
					 
					
						2011-01-27 22:00:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e74c571bc 
							
						 
					 
					
						
						
							
							centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels  
						
						
						
					 
					
						2011-01-27 19:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							49aeb41be8 
							
						 
					 
					
						
						
							
							quick bug fix for FALSE positives with UNION based technique  
						
						
						
					 
					
						2011-01-27 18:49:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81722b6881 
							
						 
					 
					
						
						
							
							major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)  
						
						
						
					 
					
						2011-01-27 18:36:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03413bd5e0 
							
						 
					 
					
						
						
							
							minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)  
						
						
						
					 
					
						2011-01-27 16:55:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							539168dcca 
							
						 
					 
					
						
						
							
							sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)  
						
						
						
					 
					
						2011-01-27 13:40:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bb6e36fb02 
							
						 
					 
					
						
						
							
							minor updates  
						
						
						
					 
					
						2011-01-27 12:38:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10b723f196 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by yonnym@googlemail.com  
						
						
						
					 
					
						2011-01-25 22:26:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							430fd5cd63 
							
						 
					 
					
						
						
							
							minor fixes  
						
						
						
					 
					
						2011-01-25 16:05:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d3ddaba7be 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-01-25 13:04:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cab86871fe 
							
						 
					 
					
						
						
							
							fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)  
						
						
						
					 
					
						2011-01-25 11:02:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5692506131 
							
						 
					 
					
						
						
							
							this was bad thing to have  
						
						
						
					 
					
						2011-01-25 01:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cc69f5e16 
							
						 
					 
					
						
						
							
							now --technique is appliable also after the injections have been identified  
						
						
						
					 
					
						2011-01-24 16:47:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81011be0d7 
							
						 
					 
					
						
						
							
							minor update of parseTargetUrl method  
						
						
						
					 
					
						2011-01-24 14:52:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4093599f38 
							
						 
					 
					
						
						
							
							added parseTargetUrl to redirect choice  
						
						
						
					 
					
						2011-01-24 14:45:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1db2700f0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads  
						
						
						
					 
					
						2011-01-24 12:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8d0c2efbe2 
							
						 
					 
					
						
						
							
							unescaping of char marked payloads  
						
						
						
					 
					
						2011-01-24 12:00:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4441e11f68 
							
						 
					 
					
						
						
							
							fix for case -r with no params and cookie available  
						
						
						
					 
					
						2011-01-24 11:26:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47fa600c04 
							
						 
					 
					
						
						
							
							Minor fix and cosmetics  
						
						
						
					 
					
						2011-01-24 11:12:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3e3387113 
							
						 
					 
					
						
						
							
							fix for proper Firebird resume of version  
						
						
						
					 
					
						2011-01-24 11:04:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1145c244e 
							
						 
					 
					
						
						
							
							fix for user-agent injections  
						
						
						
					 
					
						2011-01-23 23:23:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							818c9787b2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-23 21:20:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b18397fbc7 
							
						 
					 
					
						
						
							
							major revisit of --os-shell methods  
						
						
						
					 
					
						2011-01-23 20:47:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff7707579f 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-01-23 11:35:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5ff78d40c 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-01-23 11:21:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97f66a87c5 
							
						 
					 
					
						
						
							
							minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message  
						
						
						
					 
					
						2011-01-23 10:51:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a5f0760f6 
							
						 
					 
					
						
						
							
							minor optimization (only way to prematurely stop SAX parser)  
						
						
						
					 
					
						2011-01-23 10:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30cd877c4a 
							
						 
					 
					
						
						
							
							fix for URI based injections  
						
						
						
					 
					
						2011-01-22 16:23:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4c79477d 
							
						 
					 
					
						
						
							
							world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)  
						
						
						
					 
					
						2011-01-21 18:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							03a880c6f1 
							
						 
					 
					
						
						
							
							Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors  
						
						
						
					 
					
						2011-01-20 22:02:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0f2634c4b0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)  
						
						
						
					 
					
						2011-01-20 22:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97573693be 
							
						 
					 
					
						
						
							
							Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT  
						
						
						
					 
					
						2011-01-20 21:59:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f1b402b103 
							
						 
					 
					
						
						
							
							Proper handling of CASE in Oracle, finally  
						
						
						
					 
					
						2011-01-20 21:58:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4128b2c87f 
							
						 
					 
					
						
						
							
							Enforce that when --prefix is provided, --suffix is too and viceversa.  
						
						
						
					 
					
						2011-01-20 21:57:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d1c704575 
							
						 
					 
					
						
						
							
							Moved little precaution from checks.py to common.py.  
						
						... 
						
						
						
						Initial refactoring of kb.os* get/set. 
						
					 
					
						2011-01-20 21:56:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9770db597e 
							
						 
					 
					
						
						
							
							Centralization of unescape()  
						
						
						
					 
					
						2011-01-20 21:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e734efcda7 
							
						 
					 
					
						
						
							
							Removed deprecated code  
						
						
						
					 
					
						2011-01-20 21:50:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							496a84c356 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 18:32:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dd7262d9e6 
							
						 
					 
					
						
						
							
							we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode  
						
						
						
					 
					
						2011-01-20 17:53:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ad12242151 
							
						 
					 
					
						
						
							
							LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)  
						
						
						
					 
					
						2011-01-20 16:27:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8c037de1a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 16:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4e5f0da1ae 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 16:07:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2fa066f892 
							
						 
					 
					
						
						
							
							added support for WebScarab logs  
						
						
						
					 
					
						2011-01-20 15:55:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							345e2288e1 
							
						 
					 
					
						
						
							
							important fix regarding encoding stuff  
						
						
						
					 
					
						2011-01-20 13:54:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f6f4b5e9dd 
							
						 
					 
					
						
						
							
							bug fix for charset used in inference for pages retrieved with --null-connection  
						
						
						
					 
					
						2011-01-20 11:01:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a0f10950 
							
						 
					 
					
						
						
							
							minor minor minor  
						
						
						
					 
					
						2011-01-20 09:25:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							701947490b 
							
						 
					 
					
						
						
							
							Two major bug fixes related to UNION technique query forging  
						
						
						
					 
					
						2011-01-19 23:46:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a060e756d 
							
						 
					 
					
						
						
							
							dummy fix for SQLite schema retrieval (lots of spaces inside)  
						
						
						
					 
					
						2011-01-19 23:16:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4bdc19d879 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-19 22:48:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c106dc829a 
							
						 
					 
					
						
						
							
							more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)  
						
						
						
					 
					
						2011-01-19 22:08:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ad41f9b19 
							
						 
					 
					
						
						
							
							bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)  
						
						
						
					 
					
						2011-01-19 21:46:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aea43a1e43 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-01-19 15:26:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eadaf680de 
							
						 
					 
					
						
						
							
							fuck yea  
						
						
						
					 
					
						2011-01-19 15:25:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							89e0fd0709 
							
						 
					 
					
						
						
							
							back to roots  
						
						
						
					 
					
						2011-01-19 14:06:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							33485198e1 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-18 23:05:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eda0b41859 
							
						 
					 
					
						
						
							
							Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.  
						
						... 
						
						
						
						Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup 
						
					 
					
						2011-01-18 23:03:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cffa17f5a6 
							
						 
					 
					
						
						
							
							Major bug fix - before it raised a traceback, now works.  
						
						
						
					 
					
						2011-01-18 23:02:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							daebb0010b 
							
						 
					 
					
						
						
							
							Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.  
						
						... 
						
						
						
						Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup. 
						
					 
					
						2011-01-18 23:02:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							38d0958781 
							
						 
					 
					
						
						
							
							minor fix (for numeric columns with all 0)  
						
						
						
					 
					
						2011-01-18 11:42:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3822b494ea 
							
						 
					 
					
						
						
							
							Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.  
						
						
						
					 
					
						2011-01-17 23:43:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a358561f 
							
						 
					 
					
						
						
							
							Proper support for --union-cols  
						
						
						
					 
					
						2011-01-17 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							35fb50a6ee 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2011-01-17 22:56:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47565f9459 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2011-01-17 21:13:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							041abb56e2 
							
						 
					 
					
						
						
							
							you can't believe how much man can learn when having good testing points  
						
						
						
					 
					
						2011-01-17 13:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d225c5c9aa 
							
						 
					 
					
						
						
							
							was wrong about this one (just now tested on a real site)  
						
						
						
					 
					
						2011-01-17 11:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac0b5e6dbc 
							
						 
					 
					
						
						
							
							proper way to handle this (console output has totally different encoding than the page one)  
						
						
						
					 
					
						2011-01-17 10:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34d13be0d3 
							
						 
					 
					
						
						
							
							minor update regarding default page encoding  
						
						
						
					 
					
						2011-01-17 10:23:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c857779c1 
							
						 
					 
					
						
						
							
							important fix for unicode based character inference  
						
						
						
					 
					
						2011-01-17 10:15:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99a3a3b89c 
							
						 
					 
					
						
						
							
							minor fix (break if all found)  
						
						
						
					 
					
						2011-01-17 09:41:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fcca671bd 
							
						 
					 
					
						
						
							
							information update regarding common password suffixes  
						
						
						
					 
					
						2011-01-17 09:28:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a835f233ac 
							
						 
					 
					
						
						
							
							fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')  
						
						
						
					 
					
						2011-01-17 00:17:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2041361695 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-16 23:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e2c821eb81 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-16 22:35:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e881465a9f 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-01-16 20:55:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5e36876e7 
							
						 
					 
					
						
						
							
							removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency  
						
						
						
					 
					
						2011-01-16 19:29:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6516798c0 
							
						 
					 
					
						
						
							
							proper fix for that previous "stacked" fix (that one screwed other injection types)  
						
						
						
					 
					
						2011-01-16 19:25:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5476a8a27e 
							
						 
					 
					
						
						
							
							russian sites are great for testing :)  
						
						
						
					 
					
						2011-01-16 19:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19dcaeaabf 
							
						 
					 
					
						
						
							
							fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)  
						
						
						
					 
					
						2011-01-16 18:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							718eef8753 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-16 18:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec1ab3cd2a 
							
						 
					 
					
						
						
							
							removing timeSec from injection configuration attributes as it highly depends on current connection "variables"  
						
						
						
					 
					
						2011-01-16 12:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2001bad7e1 
							
						 
					 
					
						
						
							
							automatic adjustment of timeSec for delayed queries  
						
						
						
					 
					
						2011-01-16 12:04:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc4ebdc1b 
							
						 
					 
					
						
						
							
							Major bug fix.  
						
						... 
						
						
						
						Minor code refactoring. 
						
					 
					
						2011-01-16 01:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c0d5daee99 
							
						 
					 
					
						
						
							
							More refactoring and cleanup  
						
						
						
					 
					
						2011-01-16 00:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29ea0950b6 
							
						 
					 
					
						
						
							
							now False is also affected (along with None and "")  
						
						
						
					 
					
						2011-01-15 23:43:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e4b65a822 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 23:28:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							558f3894f4 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2011-01-15 23:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3a28124b1 
							
						 
					 
					
						
						
							
							More code cleanup  
						
						
						
					 
					
						2011-01-15 23:11:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a35f598b8 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 22:09:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f565c941e 
							
						 
					 
					
						
						
							
							bug fix and proper warning message  
						
						
						
					 
					
						2011-01-15 16:59:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e105e1ea32 
							
						 
					 
					
						
						
							
							bug fix (some sites raise 404 during union tests)  
						
						
						
					 
					
						2011-01-15 16:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3873d204bb 
							
						 
					 
					
						
						
							
							important update for dictionary attack  
						
						
						
					 
					
						2011-01-15 15:56:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e17ac5fdca 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-15 15:14:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5bdb50c224 
							
						 
					 
					
						
						
							
							code review part 3  
						
						
						
					 
					
						2011-01-15 13:15:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa8f0cba7 
							
						 
					 
					
						
						
							
							code reviewing part 2  
						
						
						
					 
					
						2011-01-15 12:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a0e0cde3c 
							
						 
					 
					
						
						
							
							code review of modules in lib/core directory  
						
						
						
					 
					
						2011-01-15 12:13:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05b2a338fe 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-14 16:12:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bff989d348 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 15:43:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							daf5662eab 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-14 15:33:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1cfd6a6b9d 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-14 15:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08f7e20c51 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 14:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							534f51f9fc 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-14 14:20:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e9b11b79 
							
						 
					 
					
						
						
							
							Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.  
						
						
						
					 
					
						2011-01-14 12:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d9fd5a7b7 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-14 09:49:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2c7ae77d4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 09:45:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							676b95b30a 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 09:44:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f8c04ce020 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 20:59:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a1d1f69c3f 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-01-13 15:28:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d937e27b19 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-13 15:19:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b0fdbdb13b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 15:15:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							877ea31521 
							
						 
					 
					
						
						
							
							Verbose docstring  
						
						
						
					 
					
						2011-01-13 12:05:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac5b49f555 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-13 11:24:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af4ee81e62 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-01-13 11:23:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ece2eb31ca 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 11:08:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee4727850c 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 10:29:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ca33728fbc 
							
						 
					 
					
						
						
							
							Minor fix to avoid query splitting/unpacking when the statement is EXISTS()  
						
						
						
					 
					
						2011-01-13 10:00:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							be6e2d6a31 
							
						 
					 
					
						
						
							
							Important bug fix.  
						
						... 
						
						
						
						Minor code restyling. 
						
					 
					
						2011-01-13 09:41:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b3a0f38f3f 
							
						 
					 
					
						
						
							
							Minor code refactoring and added internal debug prints  
						
						
						
					 
					
						2011-01-12 12:03:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cff42986f 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-12 01:17:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8a67aea754 
							
						 
					 
					
						
						
							
							One more step to fully working UNION exploitation after merge into detection phase  
						
						
						
					 
					
						2011-01-12 01:13:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c6f7556f 
							
						 
					 
					
						
						
							
							Minor update  
						
						
						
					 
					
						2011-01-12 00:53:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8bdb7ec58c 
							
						 
					 
					
						
						
							
							Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.  
						
						
						
					 
					
						2011-01-12 00:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							873951ab92 
							
						 
					 
					
						
						
							
							Proper fix to avoid UNION test false positives  
						
						
						
					 
					
						2011-01-11 23:59:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2e994e806 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2011-01-11 23:56:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7c3c76c3 
							
						 
					 
					
						
						
							
							Fixed previous bug in getErrorParsedDBMSes() call in detection phase.  
						
						... 
						
						
						
						Added minor support to escape quotes in UNION payloads during detection phase. 
						
					 
					
						2011-01-11 23:47:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aa49aa579f 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2011-01-11 23:09:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06230e4d92 
							
						 
					 
					
						
						
							
							Minor code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-11 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3146464da 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by nightman  
						
						
						
					 
					
						2011-01-11 12:27:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							643c464268 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-11 12:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							394b6bc029 
							
						 
					 
					
						
						
							
							reverting some changes  
						
						
						
					 
					
						2011-01-11 12:11:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54e0ba935a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-11 12:08:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							690281dce1 
							
						 
					 
					
						
						
							
							didn't know this to be honest  
						
						
						
					 
					
						2011-01-11 10:17:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0676b38063 
							
						 
					 
					
						
						
							
							revert of one thing for Bernardo and minor update  
						
						
						
					 
					
						2011-01-10 10:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							77b51dae57 
							
						 
					 
					
						
						
							
							adding openFile method with an exception block around file opening part  
						
						
						
					 
					
						2011-01-08 09:30:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3899f7467 
							
						 
					 
					
						
						
							
							fix of a fix  
						
						
						
					 
					
						2011-01-07 18:07:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e83a26acf 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:53:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed2aed972f 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:38:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							27628dca42 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-07 17:25:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97ae7e330f 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-07 17:10:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e373dac1f2 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-01-07 16:50:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c17714c423 
							
						 
					 
					
						
						
							
							suppress session in case of brute methods  
						
						
						
					 
					
						2011-01-07 16:47:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b313a20a3f 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2011-01-07 16:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16a06117f7 
							
						 
					 
					
						
						
							
							Mere cosmetics  
						
						
						
					 
					
						2011-01-07 16:36:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1a079c62cb 
							
						 
					 
					
						
						
							
							minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)  
						
						
						
					 
					
						2011-01-07 16:08:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a8d660db54 
							
						 
					 
					
						
						
							
							fixes for bugs reported by pragmatk@gmail.com  
						
						
						
					 
					
						2011-01-06 16:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c968b438f2 
							
						 
					 
					
						
						
							
							Ctrl+C added to union dump  
						
						
						
					 
					
						2011-01-06 09:48:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0616edcc44 
							
						 
					 
					
						
						
							
							adding progress to --union-test  
						
						
						
					 
					
						2011-01-06 09:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9a624546 
							
						 
					 
					
						
						
							
							added progress into union based entry retrieval  
						
						
						
					 
					
						2011-01-06 09:10:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc9ca802bf 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-06 08:54:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1297df66da 
							
						 
					 
					
						
						
							
							fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)  
						
						
						
					 
					
						2011-01-06 08:04:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							694a65f6f1 
							
						 
					 
					
						
						
							
							minor fix/update  
						
						
						
					 
					
						2011-01-05 13:32:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7411052456 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-01-05 12:09:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							042e3f76ba 
							
						 
					 
					
						
						
							
							bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)  
						
						
						
					 
					
						2011-01-05 11:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ae5192070 
							
						 
					 
					
						
						
							
							adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)  
						
						
						
					 
					
						2011-01-05 10:25:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c83e9f6ca5 
							
						 
					 
					
						
						
							
							foundation for filtering binary string values (for example, replacement of non readable chars with #)  
						
						
						
					 
					
						2011-01-04 21:56:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa81ed4033 
							
						 
					 
					
						
						
							
							implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)  
						
						
						
					 
					
						2011-01-04 15:49:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb11f5b2e0 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 13:07:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1dc73d0a1 
							
						 
					 
					
						
						
							
							minor, just in case update related to the previous commit  
						
						
						
					 
					
						2011-01-04 12:56:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							709a7d156b 
							
						 
					 
					
						
						
							
							fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)  
						
						
						
					 
					
						2011-01-04 12:51:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d288c6d6e3 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 08:40:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fdc463d08b 
							
						 
					 
					
						
						
							
							fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)  
						
						
						
					 
					
						2011-01-03 23:36:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08ccbf2c1e 
							
						 
					 
					
						
						
							
							important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)  
						
						
						
					 
					
						2011-01-03 22:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							572f403069 
							
						 
					 
					
						
						
							
							update of one thing that was missing  
						
						
						
					 
					
						2011-01-03 21:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ce48ea75d0 
							
						 
					 
					
						
						
							
							noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links  
						
						
						
					 
					
						2011-01-03 14:39:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6aa616bd0d 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2011-01-03 14:28:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92e4cdb241 
							
						 
					 
					
						
						
							
							raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic  
						
						
						
					 
					
						2011-01-03 14:21:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07129371bf 
							
						 
					 
					
						
						
							
							bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)  
						
						
						
					 
					
						2011-01-03 13:04:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3629c2737b 
							
						 
					 
					
						
						
							
							automatically turn on --text-only in case of heavily-dynamicity instead of critical exit  
						
						
						
					 
					
						2011-01-03 11:06:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adc41181e6 
							
						 
					 
					
						
						
							
							some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one  
						
						
						
					 
					
						2011-01-03 10:37:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5860b8942f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 09:16:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d19a8d53e4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 08:46:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8625494ff2 
							
						 
					 
					
						
						
							
							added one new quick check for multiple target(s) mode  
						
						
						
					 
					
						2011-01-03 08:32:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f762f32de8 
							
						 
					 
					
						
						
							
							bug fix for proper --parse-errors on .aspx pages  
						
						
						
					 
					
						2011-01-02 13:00:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dce9a762f1 
							
						 
					 
					
						
						
							
							important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode  
						
						
						
					 
					
						2011-01-02 10:37:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96341f8f78 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 09:16:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c6c870db4 
							
						 
					 
					
						
						
							
							removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode  
						
						
						
					 
					
						2011-01-02 08:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6651ba05eb 
							
						 
					 
					
						
						
							
							another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)  
						
						
						
					 
					
						2011-01-02 08:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec4440108b 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-02 07:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							428e817a32 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2011-01-01 23:57:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							212035e64d 
							
						 
					 
					
						
						
							
							user can now choose if he wants to skip non-heuristic based DBMS tests  
						
						
						
					 
					
						2011-01-01 23:38:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8a93cfd975 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 22:43:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52e44df86c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 21:11:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							942cbafba6 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 20:19:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4fd8b3f0c 
							
						 
					 
					
						
						
							
							(e) finally works as it should  
						
						
						
					 
					
						2011-01-01 19:22:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e815177c8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 19:07:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ef27fd5ea1 
							
						 
					 
					
						
						
							
							there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) ( http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html ,  http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html )  
						
						
						
					 
					
						2011-01-01 15:20:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							15e6911fd8 
							
						 
					 
					
						
						
							
							fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')  
						
						
						
					 
					
						2011-01-01 12:23:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							91f665aaaa 
							
						 
					 
					
						
						
							
							bug fix for Ctrl+C  
						
						
						
					 
					
						2010-12-31 15:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5db8ebbfa9 
							
						 
					 
					
						
						
							
							update of mysql comment versions  
						
						
						
					 
					
						2010-12-31 12:42:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							281d124fa6 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-31 12:04:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							613242e298 
							
						 
					 
					
						
						
							
							bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)  
						
						
						
					 
					
						2010-12-29 19:48:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8f32c740ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-29 19:39:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6700cabc36 
							
						 
					 
					
						
						
							
							minor optimization  
						
						
						
					 
					
						2010-12-29 19:01:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d1f5c1d7b7 
							
						 
					 
					
						
						
							
							now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering  
						
						
						
					 
					
						2010-12-29 15:10:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							79e97824ef 
							
						 
					 
					
						
						
							
							adding user names to the attack dictionary  
						
						
						
					 
					
						2010-12-29 00:37:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93838fb155 
							
						 
					 
					
						
						
							
							"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)  
						
						
						
					 
					
						2010-12-28 14:40:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0423761e8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 18:27:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f8dbf0a7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 15:39:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9fb0e0fc85 
							
						 
					 
					
						
						
							
							resume of brute forced data is now available  
						
						
						
					 
					
						2010-12-27 14:17:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c7a160bf72 
							
						 
					 
					
						
						
							
							minor update (users want this to see)  
						
						
						
					 
					
						2010-12-27 12:00:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							51a492e17d 
							
						 
					 
					
						
						
							
							pretty important commit (now dumped tables are prone to dictionary attack)  
						
						
						
					 
					
						2010-12-27 10:56:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							269d6bde24 
							
						 
					 
					
						
						
							
							this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)  
						
						
						
					 
					
						2010-12-27 00:14:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							89c2640d23 
							
						 
					 
					
						
						
							
							basic --search now works with MS Access  
						
						
						
					 
					
						2010-12-26 23:50:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f2373121d0 
							
						 
					 
					
						
						
							
							noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)  
						
						
						
					 
					
						2010-12-26 14:36:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ceeb6374e8 
							
						 
					 
					
						
						
							
							bug fix (TypeError: object of type 'NoneType' has no len())  
						
						
						
					 
					
						2010-12-26 13:27:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							569e060aab 
							
						 
					 
					
						
						
							
							important improvement  
						
						
						
					 
					
						2010-12-26 13:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a555d1ad68 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2010-12-26 11:15:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							320a6f9efb 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-26 09:55:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							17d74fc83c 
							
						 
					 
					
						
						
							
							cosmeticado  
						
						
						
					 
					
						2010-12-26 09:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cd337d9f39 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-26 09:46:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf4b93856 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-26 09:40:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							562a6440d1 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (same as  http://bugs.python.org/issue8797 )  
						
						
						
					 
					
						2010-12-26 09:33:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c72e41972 
							
						 
					 
					
						
						
							
							minor fix/update  
						
						
						
					 
					
						2010-12-26 02:19:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c5c4aae3d5 
							
						 
					 
					
						
						
							
							minor update (to prevent adding too much items)  
						
						
						
					 
					
						2010-12-25 10:42:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b472b96f92 
							
						 
					 
					
						
						
							
							bug fix, refactoring and improved extractErrorMessage capabilities  
						
						
						
					 
					
						2010-12-25 10:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ea7ba19f6b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-25 09:43:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							272476773f 
							
						 
					 
					
						
						
							
							getPageTextWordsSet on tableExists is pretty powerful stuff  
						
						
						
					 
					
						2010-12-25 09:37:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6845d402fa 
							
						 
					 
					
						
						
							
							well, here and there, merry Christmas to all :)  
						
						
						
					 
					
						2010-12-24 20:17:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2d115e0350 
							
						 
					 
					
						
						
							
							one more fix  
						
						
						
					 
					
						2010-12-24 18:44:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							edcf1a0872 
							
						 
					 
					
						
						
							
							few bug fixes  
						
						
						
					 
					
						2010-12-24 18:40:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96a06351a1 
							
						 
					 
					
						
						
							
							minor fix (in testing phase raise404 should be set to False)  
						
						
						
					 
					
						2010-12-24 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aab14fa2d3 
							
						 
					 
					
						
						
							
							minor refactoring/cosmetics  
						
						
						
					 
					
						2010-12-24 11:06:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23dc408901 
							
						 
					 
					
						
						
							
							prioritization of tests based on DBMS error messages and some comments in common.py  
						
						
						
					 
					
						2010-12-24 10:55:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a09716a701 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-24 10:07:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d9f08e4aa3 
							
						 
					 
					
						
						
							
							randomization of user agents  
						
						
						
					 
					
						2010-12-24 10:04:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5eebb1cbf 
							
						 
					 
					
						
						
							
							fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6  
						
						
						
					 
					
						2010-12-24 09:49:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cb17e61f35 
							
						 
					 
					
						
						
							
							bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)  
						
						
						
					 
					
						2010-12-24 02:54:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8470de7b76 
							
						 
					 
					
						
						
							
							bug fix for boolean proxy when using time based payloads  
						
						
						
					 
					
						2010-12-23 23:46:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7f7fb93155 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-23 18:44:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73f33c1999 
							
						 
					 
					
						
						
							
							bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)  
						
						
						
					 
					
						2010-12-23 11:28:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fc60215ed 
							
						 
					 
					
						
						
							
							lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.  
						
						
						
					 
					
						2010-12-22 19:12:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c06dbffc3 
							
						 
					 
					
						
						
							
							bug fix (AttributeError: 'unicode' object has no attribute 'sort')  
						
						
						
					 
					
						2010-12-22 18:55:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c1f2534e9a 
							
						 
					 
					
						
						
							
							More bug fixes to properly distinguish between full inband and single-entry inband sql injections  
						
						
						
					 
					
						2010-12-22 15:47:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							250608660d 
							
						 
					 
					
						
						
							
							Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)  
						
						
						
					 
					
						2010-12-22 13:41:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5228f336da 
							
						 
					 
					
						
						
							
							Minor fix for ctrl+c during detection phase  
						
						
						
					 
					
						2010-12-22 13:15:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08c88495d0 
							
						 
					 
					
						
						
							
							removed that ugly hack  
						
						
						
					 
					
						2010-12-22 13:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8212b7b745 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-22 12:16:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5be9c04e44 
							
						 
					 
					
						
						
							
							update regarding Sybase syntax  
						
						
						
					 
					
						2010-12-22 10:39:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d974a966b8 
							
						 
					 
					
						
						
							
							minor fix for end phase (Ctrl+C)  
						
						
						
					 
					
						2010-12-21 23:55:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb75d0636b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-21 23:42:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							39a13077c4 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-21 23:09:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							09479c85dc 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-21 22:35:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a525f28d4 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-21 15:26:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2e7f9484d 
							
						 
					 
					
						
						
							
							minor tuning (2 techniques MAX per value used)  
						
						
						
					 
					
						2010-12-21 15:24:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c1133c4d4 
							
						 
					 
					
						
						
							
							some code refactoring  
						
						
						
					 
					
						2010-12-21 15:13:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							466d61ee85 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-21 14:29:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							385e208f38 
							
						 
					 
					
						
						
							
							code refactoring regarding standard output suppression and some threading issues  
						
						
						
					 
					
						2010-12-21 14:21:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e68248f60 
							
						 
					 
					
						
						
							
							minor update of heuristic check  
						
						
						
					 
					
						2010-12-21 12:56:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							16f1f4e13e 
							
						 
					 
					
						
						
							
							when doing dynamic checks there are cases when 404 can be raised (perfectly normal)  
						
						
						
					 
					
						2010-12-21 11:04:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aca074b769 
							
						 
					 
					
						
						
							
							Removed unused outdated code  
						
						
						
					 
					
						2010-12-21 10:49:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad6b528b33 
							
						 
					 
					
						
						
							
							Bit more verbose comment  
						
						
						
					 
					
						2010-12-21 10:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b37ddada4 
							
						 
					 
					
						
						
							
							removed some blank trailing spaces (with extra/shutils/blanks.sh)  
						
						
						
					 
					
						2010-12-21 10:31:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1a3f57e5fe 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-21 09:23:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d554460aec 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-21 01:09:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							116c141dfa 
							
						 
					 
					
						
						
							
							another fix  
						
						
						
					 
					
						2010-12-21 00:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							416755c0b7 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2010-12-21 00:25:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8067365b93 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident')  
						
						
						
					 
					
						2010-12-20 23:47:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e10670d9ac 
							
						 
					 
					
						
						
							
							added end detection phase choice into Ctrl+C list  
						
						
						
					 
					
						2010-12-20 23:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29001a4fce 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 23:21:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b34fe5c334 
							
						 
					 
					
						
						
							
							no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)  
						
						
						
					 
					
						2010-12-20 22:49:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd3e7ba1f 
							
						 
					 
					
						
						
							
							thread based data added  
						
						
						
					 
					
						2010-12-20 22:45:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c9e8aae8a2 
							
						 
					 
					
						
						
							
							we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads)  
						
						
						
					 
					
						2010-12-20 19:34:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e09bc2406c 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-20 19:24:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5852bad963 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2010-12-20 18:56:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19d8733e9a 
							
						 
					 
					
						
						
							
							this is strictly for educational purposes  
						
						
						
					 
					
						2010-12-20 17:30:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c948bced61 
							
						 
					 
					
						
						
							
							should solve the problem with timeout problems in time-based payloads  
						
						
						
					 
					
						2010-12-20 16:45:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf8929085 
							
						 
					 
					
						
						
							
							more minor updates  
						
						
						
					 
					
						2010-12-20 10:48:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fd00ff7a82 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-20 10:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e9f1ecb9e7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 10:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10a7a2dfb2 
							
						 
					 
					
						
						
							
							kids, don't use this at home  
						
						
						
					 
					
						2010-12-20 10:13:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13d5b2c0ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-20 09:44:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4cb83654dc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-18 16:28:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36862e2efa 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-18 15:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							21d083272e 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2010-12-18 14:31:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f73feec2f 
							
						 
					 
					
						
						
							
							now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)  
						
						
						
					 
					
						2010-12-18 14:11:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05c6d661e8 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-18 10:49:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03220d34ba 
							
						 
					 
					
						
						
							
							added Ctrl+C check in detection phase  
						
						
						
					 
					
						2010-12-18 10:42:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e355f92f22 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-18 10:02:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							108a96c6b4 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2010-12-17 21:45:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a19cb2c13a 
							
						 
					 
					
						
						
							
							code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")  
						
						
						
					 
					
						2010-12-17 21:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b4450c6ddd 
							
						 
					 
					
						
						
							
							added one more level of MSSQL version check (if first fails for some reason)  
						
						
						
					 
					
						2010-12-17 21:01:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07609bfb53 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-17 19:33:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							323af45ce4 
							
						 
					 
					
						
						
							
							added one more time request payload to confirm test results  
						
						
						
					 
					
						2010-12-17 07:53:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3fa3b0e8e 
							
						 
					 
					
						
						
							
							fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')  
						
						
						
					 
					
						2010-12-17 07:48:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							95b2c0803b 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-15 20:51:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de54219571 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-15 12:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cda00c7501 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-15 12:43:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3f34b06a24 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-15 12:34:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							445cc3bf3c 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-15 12:15:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1c525aaea 
							
						 
					 
					
						
						
							
							quick fix of a fix  
						
						
						
					 
					
						2010-12-15 12:10:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7cfeb5447b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:46:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4dec24d056 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by Andreas Constantinides (KeyError: 5)  
						
						
						
					 
					
						2010-12-15 11:30:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8a01ddaf8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63f5c35c23 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-15 10:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c3d0295d21 
							
						 
					 
					
						
						
							
							minor update (checking for --time-sec value)  
						
						
						
					 
					
						2010-12-14 12:37:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b75d7fa348 
							
						 
					 
					
						
						
							
							minor cache based optimization  
						
						
						
					 
					
						2010-12-14 12:22:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							270ae0f080 
							
						 
					 
					
						
						
							
							just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False  
						
						
						
					 
					
						2010-12-14 09:05:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							04caef6de0 
							
						 
					 
					
						
						
							
							Tuning  
						
						
						
					 
					
						2010-12-13 23:04:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cfcee6439e 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-13 21:55:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							86690682c7 
							
						 
					 
					
						
						
							
							Minor bug fix to respect -v value in --common-tables and --common-columns  
						
						
						
					 
					
						2010-12-13 21:37:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4b79227b5a 
							
						 
					 
					
						
						
							
							Minor bug fix to properly merge options from .conf file (-c) with command line switches  
						
						
						
					 
					
						2010-12-13 21:36:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							db844c1785 
							
						 
					 
					
						
						
							
							No point in showing the error-based inject payload, it's same as the one showed in -v3  
						
						
						
					 
					
						2010-12-13 21:35:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							698f30e65e 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-13 21:34:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a02dd6b55b 
							
						 
					 
					
						
						
							
							Minor enhancement to speedup active dbms fingerprint (-f).  
						
						... 
						
						
						
						Code cleanup and refactoring. 
						
					 
					
						2010-12-13 21:33:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d56f47d530 
							
						 
					 
					
						
						
							
							fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20')  
						
						
						
					 
					
						2010-12-12 23:59:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a3c4485e6 
							
						 
					 
					
						
						
							
							minor update (removing extra ())  
						
						
						
					 
					
						2010-12-12 14:44:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e98d9c08e1 
							
						 
					 
					
						
						
							
							dumping table is now possible on Firebird too  
						
						
						
					 
					
						2010-12-12 14:38:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c93634b6c7 
							
						 
					 
					
						
						
							
							blind dumping of tables in sqlite implemented  
						
						
						
					 
					
						2010-12-11 22:13:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b1babeefe5 
							
						 
					 
					
						
						
							
							update regarding dumping of tables with blind on Sqlite  
						
						
						
					 
					
						2010-12-11 22:00:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f7344a5fc3 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 21:28:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a24048aa6 
							
						 
					 
					
						
						
							
							urllib2 doesn't play well with '\n' when non unescaped chars used  
						
						
						
					 
					
						2010-12-11 21:17:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c66fa37c 
							
						 
					 
					
						
						
							
							update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available  
						
						
						
					 
					
						2010-12-11 17:55:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e32fa9df43 
							
						 
					 
					
						
						
							
							further update regarding bugtrace's report  
						
						
						
					 
					
						2010-12-11 17:32:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d18c98ec2 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)  
						
						
						
					 
					
						2010-12-11 17:20:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03447acc1d 
							
						 
					 
					
						
						
							
							avoiding some trashy match ratios  
						
						
						
					 
					
						2010-12-11 17:12:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2a3e8f44f 
							
						 
					 
					
						
						
							
							first time firebird error-based query success  
						
						
						
					 
					
						2010-12-11 11:17:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f021548bd0 
							
						 
					 
					
						
						
							
							added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)  
						
						
						
					 
					
						2010-12-11 10:52:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c17f444aab 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-11 10:22:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3dc0a51d34 
							
						 
					 
					
						
						
							
							major bug fix with boolean expressions  
						
						
						
					 
					
						2010-12-11 08:46:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac9080c07b 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 08:24:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							66db80804d 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-12-10 16:03:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							435f48b8cc 
							
						 
					 
					
						
						
							
							polite cosmetics  
						
						
						
					 
					
						2010-12-10 15:28:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							977988c0ab 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-10 15:24:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa8d378e80 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2010-12-10 15:18:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ef44cfe60 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-12-10 15:06:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe186cde55 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2010-12-10 13:26:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9957881040 
							
						 
					 
					
						
						
							
							you won't believe commit  
						
						
						
					 
					
						2010-12-10 13:20:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fc9ed10a8 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-10 12:30:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d8628e8fb 
							
						 
					 
					
						
						
							
							fix for booleans  
						
						
						
					 
					
						2010-12-10 12:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe2039f5ba 
							
						 
					 
					
						
						
							
							coollyy little commits  
						
						
						
					 
					
						2010-12-10 11:32:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5e7a8d305 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-10 10:54:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b6dcbcef5b 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-10 10:52:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							471d9ccd65 
							
						 
					 
					
						
						
							
							another fix of my lala  
						
						
						
					 
					
						2010-12-10 10:11:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							029a6abba2 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-12-10 09:54:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							441fc8dbd9 
							
						 
					 
					
						
						
							
							update regarding boolean based expressions  
						
						
						
					 
					
						2010-12-09 21:15:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5fb921154 
							
						 
					 
					
						
						
							
							removed debug print  
						
						
						
					 
					
						2010-12-09 20:08:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1492823de0 
							
						 
					 
					
						
						
							
							it wasn't pretty, now it's pretty  
						
						
						
					 
					
						2010-12-09 20:06:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bbffea2cbc 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-09 17:10:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eb2c408a9 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-09 16:49:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							df5f6bc1b7 
							
						 
					 
					
						
						
							
							Little precaution  
						
						
						
					 
					
						2010-12-09 14:06:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9230877d98 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-09 13:57:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cdff29ada7 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-09 11:23:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							196131bbca 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-09 10:42:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec5c08ca7a 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-09 09:24:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3fd1c37d53 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-09 07:49:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db39dc32fc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-09 00:59:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c01be0eeb 
							
						 
					 
					
						
						
							
							Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).  
						
						
						
					 
					
						2010-12-09 00:34:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c61adb21d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-09 00:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c6527c72 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-09 00:25:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f5ce739bdf 
							
						 
					 
					
						
						
							
							Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.  
						
						
						
					 
					
						2010-12-08 23:52:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							10ef2b5de8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-08 23:09:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54f6673609 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-08 22:38:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6077273e0 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-08 22:14:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							258e9fb50e 
							
						 
					 
					
						
						
							
							fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)  
						
						
						
					 
					
						2010-12-08 21:16:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81c16926c1 
							
						 
					 
					
						
						
							
							code refactoring some more  
						
						
						
					 
					
						2010-12-08 14:46:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							40fadf2f35 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-08 14:33:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							95b48746a6 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-08 14:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed09c53ee4 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-08 14:27:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							01cf1394a4 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-08 14:26:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							af22679605 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-08 13:09:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6223f25dd9 
							
						 
					 
					
						
						
							
							code beautification  
						
						
						
					 
					
						2010-12-08 13:04:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							64cc2588f1 
							
						 
					 
					
						
						
							
							now resume is available for time-based blinds too  
						
						
						
					 
					
						2010-12-08 12:49:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							537b619165 
							
						 
					 
					
						
						
							
							removing junk  
						
						
						
					 
					
						2010-12-08 12:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5e45939e3 
							
						 
					 
					
						
						
							
							sqlmap premiere of blind time based query/bisection  
						
						
						
					 
					
						2010-12-08 12:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47bb31fb47 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-08 11:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae2fa7f1a 
							
						 
					 
					
						
						
							
							update regarding time based payloads  
						
						
						
					 
					
						2010-12-08 11:26:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bdff4aba6a 
							
						 
					 
					
						
						
							
							switching to quick_ratio  
						
						
						
					 
					
						2010-12-07 23:57:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1b82cf09c 
							
						 
					 
					
						
						
							
							ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results  
						
						
						
					 
					
						2010-12-07 23:53:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a63f5b1e 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 23:49:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b21eb88905 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 22:45:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							575e50673b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 19:27:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							398b82644a 
							
						 
					 
					
						
						
							
							little explanation  
						
						
						
					 
					
						2010-12-07 19:25:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee72838231 
							
						 
					 
					
						
						
							
							Removed debug print  
						
						
						
					 
					
						2010-12-07 17:19:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f97312f29 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-07 17:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81e7465ed2 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-07 17:16:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd4a5a532 
							
						 
					 
					
						
						
							
							added standard deviation check in time based tests  
						
						
						
					 
					
						2010-12-07 16:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4959da3ce6 
							
						 
					 
					
						
						
							
							it's a must to double check time based payloads  
						
						
						
					 
					
						2010-12-07 14:59:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e53fef546e 
							
						 
					 
					
						
						
							
							update regarding session page templates  
						
						
						
					 
					
						2010-12-07 14:35:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							add6235b16 
							
						 
					 
					
						
						
							
							removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session  
						
						
						
					 
					
						2010-12-07 14:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc630203f 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-07 13:34:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e78057ac8 
							
						 
					 
					
						
						
							
							Added counter of total HTTP(s) requests done during detection phase  
						
						
						
					 
					
						2010-12-07 12:33:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							effd2ca0e3 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-07 12:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2af8835a94 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter)  
						
						
						
					 
					
						2010-12-07 10:57:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d87489de5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 08:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0da1ebde7d 
							
						 
					 
					
						
						
							
							introducing PostgreSQL time based blind  
						
						
						
					 
					
						2010-12-07 00:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							61f82fd274 
							
						 
					 
					
						
						
							
							introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic  
						
						
						
					 
					
						2010-12-07 00:27:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2735848ab6 
							
						 
					 
					
						
						
							
							removed ERROR_SPACE  
						
						
						
					 
					
						2010-12-06 22:40:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ccc8f90a3 
							
						 
					 
					
						
						
							
							minor cosmetic update ("heuristics shows" is not grammatically correct)  
						
						
						
					 
					
						2010-12-06 18:47:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d336f1df23 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-06 18:44:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27ee9a5ccf 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 15:50:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8be14e00a 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 07:48:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a43d252ae9 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-06 00:14:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5189f138d7 
							
						 
					 
					
						
						
							
							increasing socket timeout in case of time based checks  
						
						
						
					 
					
						2010-12-05 23:18:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17449754fe 
							
						 
					 
					
						
						
							
							Got rid of UNION false cond  
						
						
						
					 
					
						2010-12-05 16:16:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							da3fd17fc3 
							
						 
					 
					
						
						
							
							Adjustment to make it work also in OR based injection  
						
						
						
					 
					
						2010-12-05 12:24:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							41e1b95c6c 
							
						 
					 
					
						
						
							
							Minor code refactoring and finally make exploitation work also on OR boolean-based injections  
						
						
						
					 
					
						2010-12-05 11:25:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a5cd3b35f 
							
						 
					 
					
						
						
							
							minor comment update  
						
						
						
					 
					
						2010-12-05 11:15:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							618b3b0211 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-05 11:05:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e5f933ace 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-12-04 15:47:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3f9450b9dc 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-04 14:43:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f795622b3 
							
						 
					 
					
						
						
							
							some fine tuning of dynamicity removing engine  
						
						
						
					 
					
						2010-12-04 13:39:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eeb199375b 
							
						 
					 
					
						
						
							
							usage of compiled regexes in case of dynamic markings and other refactoring  
						
						
						
					 
					
						2010-12-04 13:23:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc7a8f9e8 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-04 10:13:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04714374f9 
							
						 
					 
					
						
						
							
							now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))  
						
						
						
					 
					
						2010-12-04 10:05:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b3a094b9d6 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql')  
						
						
						
					 
					
						2010-12-03 22:44:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5764816891 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-03 22:28:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5d37df6104 
							
						 
					 
					
						
						
							
							Ugly code to set the cookies when got them from a 302 redirect too  
						
						
						
					 
					
						2010-12-03 17:41:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9d55c4da87 
							
						 
					 
					
						
						
							
							Done with support for injection in ORDER BY and GROUP BY (hopefully)  
						
						
						
					 
					
						2010-12-03 16:12:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							91c3cf8fd0 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2010-12-03 16:11:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0e6359ab6e 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2010-12-03 16:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e73adec47 
							
						 
					 
					
						
						
							
							Get rid of one useless attribute  
						
						
						
					 
					
						2010-12-03 16:11:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							126a1479d8 
							
						 
					 
					
						
						
							
							Bug fix for --union-test  
						
						
						
					 
					
						2010-12-03 14:57:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11058667e4 
							
						 
					 
					
						
						
							
							Better naming  
						
						
						
					 
					
						2010-12-03 14:45:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b824826a89 
							
						 
					 
					
						
						
							
							Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses  
						
						
						
					 
					
						2010-12-03 14:39:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bb40ab9fb0 
							
						 
					 
					
						
						
							
							Major bug fix for default boolean-based vector still work and minor adjustments  
						
						
						
					 
					
						2010-12-03 14:31:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							612ee08a0b 
							
						 
					 
					
						
						
							
							added response time kb attribute  
						
						
						
					 
					
						2010-12-03 13:19:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4dec049c22 
							
						 
					 
					
						
						
							
							Major bug fix for test on ORDER BY and GROUP BY clauses.  
						
						... 
						
						
						
						Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value). 
						
					 
					
						2010-12-03 12:00:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							827a0aea05 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-03 11:15:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7690aa85ce 
							
						 
					 
					
						
						
							
							Added a comment needed to understand this hack when looking at the code in a month or so ;)  
						
						
						
					 
					
						2010-12-03 11:00:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a9d4b37987 
							
						 
					 
					
						
						
							
							Code cleanup and minor refactoring  
						
						
						
					 
					
						2010-12-03 10:51:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							22de82634a 
							
						 
					 
					
						
						
							
							Important update to parse correctly the <where> tag during exploitation phase.  
						
						... 
						
						
						
						Minor code cleanup. 
						
					 
					
						2010-12-03 10:44:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d6f51f758 
							
						 
					 
					
						
						
							
							Avoid blank space between prefix and test's payload if it's a stacked queries test  
						
						
						
					 
					
						2010-12-03 10:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b0928e02c6 
							
						 
					 
					
						
						
							
							Proper comment  
						
						
						
					 
					
						2010-12-03 10:39:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2cc167a42e 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"  
						
						
						
					 
					
						2010-12-02 18:57:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							283a04e29a 
							
						 
					 
					
						
						
							
							On my way to properly parse test's <where> tag in exploitation phase  
						
						
						
					 
					
						2010-12-01 23:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							09b265a1ea 
							
						 
					 
					
						
						
							
							Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check  
						
						
						
					 
					
						2010-12-01 23:32:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47f2d22181 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-01 17:18:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							089c16a1b8 
							
						 
					 
					
						
						
							
							Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.  
						
						... 
						
						
						
						Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders. 
						
					 
					
						2010-12-01 17:09:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c00ea7f5e5 
							
						 
					 
					
						
						
							
							Store and resume also UNION char to session file (--union-char)  
						
						
						
					 
					
						2010-12-01 10:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							025361c970 
							
						 
					 
					
						
						
							
							Higher precedence to union query sql inj than error-based  
						
						
						
					 
					
						2010-12-01 10:57:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							56d2b2f322 
							
						 
					 
					
						
						
							
							Avoid storing to session file also payload delimiters  
						
						
						
					 
					
						2010-12-01 10:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2708aad504 
							
						 
					 
					
						
						
							
							Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.  
						
						
						
					 
					
						2010-12-01 10:31:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d84dcc5dc 
							
						 
					 
					
						
						
							
							More sense  
						
						
						
					 
					
						2010-12-01 09:17:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f943f5e4 
							
						 
					 
					
						
						
							
							Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.  
						
						... 
						
						
						
						Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file. 
						
					 
					
						2010-11-30 22:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fcdebbd55f 
							
						 
					 
					
						
						
							
							cosmeticados  
						
						
						
					 
					
						2010-11-30 14:48:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47a7708950 
							
						 
					 
					
						
						
							
							minor improvement of dynamic content detection/removal part  
						
						
						
					 
					
						2010-11-30 12:45:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9706656e 
							
						 
					 
					
						
						
							
							Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.  
						
						... 
						
						
						
						Minor code refactoring too. 
						
					 
					
						2010-11-29 17:18:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e9291932e5 
							
						 
					 
					
						
						
							
							Apply --level also to User-Agent (level >= 4) and Cookie (level >= 3).  
						
						... 
						
						
						
						GET and POST parameters are always tested. 
						
					 
					
						2010-11-29 16:33:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e735f2960a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-29 15:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c76d740a25 
							
						 
					 
					
						
						
							
							just a precaution  
						
						
						
					 
					
						2010-11-29 15:21:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							70e87d959e 
							
						 
					 
					
						
						
							
							update of dynamicity engine  
						
						
						
					 
					
						2010-11-29 15:14:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee4e04ebca 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2010-11-29 15:09:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2efb3b78ea 
							
						 
					 
					
						
						
							
							Consider also --dbms value during the detection phase  
						
						
						
					 
					
						2010-11-29 14:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							be6df7abd9 
							
						 
					 
					
						
						
							
							improvement of dynamicity engine  
						
						
						
					 
					
						2010-11-29 14:30:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							76ce9cc888 
							
						 
					 
					
						
						
							
							Minor bug fix for --forms  
						
						
						
					 
					
						2010-11-29 12:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6525e08d6b 
							
						 
					 
					
						
						
							
							Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values  
						
						
						
					 
					
						2010-11-29 12:13:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c22338ce90 
							
						 
					 
					
						
						
							
							Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).  
						
						
						
					 
					
						2010-11-29 11:47:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e8c6c01e27 
							
						 
					 
					
						
						
							
							precaution  
						
						
						
					 
					
						2010-11-29 09:54:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9d7087e2ff 
							
						 
					 
					
						
						
							
							Proper saving and resuming when more than a parameter are injectable.  
						
						... 
						
						
						
						Minor bug fix to --stacked-test
Minor code refactoring. 
						
					 
					
						2010-11-29 01:04:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							75f7df75b6 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-11-28 23:33:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							472f4465a6 
							
						 
					 
					
						
						
							
							Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.  
						
						... 
						
						
						
						Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring. 
						
					 
					
						2010-11-28 21:27:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6712f4da55 
							
						 
					 
					
						
						
							
							some refactoring and one less request for aspx maintanance during --os-shell  
						
						
						
					 
					
						2010-11-24 14:20:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							253eafb643 
							
						 
					 
					
						
						
							
							paranoid cosmetics  
						
						
						
					 
					
						2010-11-24 12:03:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2b521fc8a 
							
						 
					 
					
						
						
							
							gready regex bastard :)  
						
						
						
					 
					
						2010-11-24 12:01:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9579a97039 
							
						 
					 
					
						
						
							
							now ASPX works too for --os-shell  
						
						
						
					 
					
						2010-11-24 11:38:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c54c9ee5d1 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-23 22:33:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							57ad59206b 
							
						 
					 
					
						
						
							
							cosmetics as it's best  
						
						
						
					 
					
						2010-11-23 22:09:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a147041c4 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-23 21:44:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f4f0bc9db3 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-11-23 21:17:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f9f076ba97 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-11-23 21:00:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7877a931d5 
							
						 
					 
					
						
						
							
							more cosmetics regarding dictionary attack  
						
						
						
					 
					
						2010-11-23 20:54:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3b3e05748 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-23 19:21:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d24a15182 
							
						 
					 
					
						
						
							
							more cosmetics  
						
						
						
					 
					
						2010-11-23 19:10:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							836a1c214a 
							
						 
					 
					
						
						
							
							los cosmeticados (of hash dictionary attack)  
						
						
						
					 
					
						2010-11-23 18:57:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4414df594 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-23 15:33:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							78024eafe0 
							
						 
					 
					
						
						
							
							little precaution  
						
						
						
					 
					
						2010-11-23 15:31:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4af000e699 
							
						 
					 
					
						
						
							
							minor language update (in testing phase "used" is more preferable than "provided")  
						
						
						
					 
					
						2010-11-23 15:11:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b41ee8d0d0 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-11-23 14:57:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa5d038f18 
							
						 
					 
					
						
						
							
							more code refactoring  
						
						
						
					 
					
						2010-11-23 14:50:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3cae76627c 
							
						 
					 
					
						
						
							
							code refactoring regarding dictionary attack  
						
						
						
					 
					
						2010-11-23 13:58:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ba4ea32603 
							
						 
					 
					
						
						
							
							first working version of dictionary attack  
						
						
						
					 
					
						2010-11-23 13:24:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c471b815cc 
							
						 
					 
					
						
						
							
							fix for a bug reported by BugTrace (IndexError: list index out of range)  
						
						
						
					 
					
						2010-11-22 10:58:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bfc9378542 
							
						 
					 
					
						
						
							
							sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s))  
						
						
						
					 
					
						2010-11-20 13:22:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db59faedb9 
							
						 
					 
					
						
						
							
							more proper naming  
						
						
						
					 
					
						2010-11-20 13:20:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f8a9fe033 
							
						 
					 
					
						
						
							
							foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch)  
						
						
						
					 
					
						2010-11-20 13:14:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71107e4e9e 
							
						 
					 
					
						
						
							
							quick fix for google searches  
						
						
						
					 
					
						2010-11-19 21:38:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							99a23e23cf 
							
						 
					 
					
						
						
							
							Extra check on --union-cols value  
						
						
						
					 
					
						2010-11-19 16:39:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c23126547e 
							
						 
					 
					
						
						
							
							Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.  
						
						
						
					 
					
						2010-11-19 15:48:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad17e9ed2a 
							
						 
					 
					
						
						
							
							Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)  
						
						
						
					 
					
						2010-11-19 14:56:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							df88280681 
							
						 
					 
					
						
						
							
							minor update of google regex (that * was a junky one)  
						
						
						
					 
					
						2010-11-19 10:04:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8bef28337 
							
						 
					 
					
						
						
							
							updating google parsing regex (for the better, of course)  
						
						
						
					 
					
						2010-11-19 10:00:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d97e97d884 
							
						 
					 
					
						
						
							
							minor update :)  
						
						
						
					 
					
						2010-11-19 09:02:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a9bd3a240 
							
						 
					 
					
						
						
							
							Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!  
						
						
						
					 
					
						2010-11-18 17:55:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							544327379f 
							
						 
					 
					
						
						
							
							Little precaution  
						
						
						
					 
					
						2010-11-18 14:32:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f6a17cb1a8 
							
						 
					 
					
						
						
							
							Revert wrong fix  
						
						
						
					 
					
						2010-11-18 10:41:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ca5125bbe0 
							
						 
					 
					
						
						
							
							minor update related to r2401  
						
						
						
					 
					
						2010-11-17 20:50:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							360aff7a4d 
							
						 
					 
					
						
						
							
							sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle  
						
						
						
					 
					
						2010-11-17 17:20:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a0df36beda 
							
						 
					 
					
						
						
							
							when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)  
						
						
						
					 
					
						2010-11-17 15:33:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							17f0609263 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-11-17 13:29:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d25071d06 
							
						 
					 
					
						
						
							
							another minor improvement regarding logging of http traffic  
						
						
						
					 
					
						2010-11-17 12:16:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3e569a1693 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-17 12:04:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2802923dbe 
							
						 
					 
					
						
						
							
							some improvements regarding --os-shell web server application choice  
						
						
						
					 
					
						2010-11-17 11:45:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5abbea4a9f 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (unknown charset 'null')  
						
						
						
					 
					
						2010-11-17 09:57:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d757e4ae1c 
							
						 
					 
					
						
						
							
							bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)  
						
						
						
					 
					
						2010-11-17 09:46:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bec152609a 
							
						 
					 
					
						
						
							
							minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)  
						
						
						
					 
					
						2010-11-17 09:33:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76c3f5768b 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-17 09:12:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2a8e270bef 
							
						 
					 
					
						
						
							
							proper handling of carriage return character from Windows target machines  
						
						
						
					 
					
						2010-11-16 15:11:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ab33651f96 
							
						 
					 
					
						
						
							
							minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)  
						
						
						
					 
					
						2010-11-16 15:02:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3487429eac 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-11-16 14:41:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3640dbf745 
							
						 
					 
					
						
						
							
							fix for --parse-errors (on IIS HTTP error is raised which need to be processed)  
						
						
						
					 
					
						2010-11-16 14:33:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cccb565859 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-16 14:11:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9d9f18939 
							
						 
					 
					
						
						
							
							added General cmdline group  
						
						
						
					 
					
						2010-11-16 14:09:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e7a66371f8 
							
						 
					 
					
						
						
							
							update regarding os shell-ing regarding JSP and ASPX  
						
						
						
					 
					
						2010-11-16 13:46:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6232397129 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-16 10:52:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6ef3846400 
							
						 
					 
					
						
						
							
							update regarding error parsing (and reporting)  
						
						
						
					 
					
						2010-11-16 10:42:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							71cb982039 
							
						 
					 
					
						
						
							
							Another bug fix to --union-test  
						
						
						
					 
					
						2010-11-15 21:42:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b3ad63b71e 
							
						 
					 
					
						
						
							
							major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)  
						
						
						
					 
					
						2010-11-15 14:59:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff310475c8 
							
						 
					 
					
						
						
							
							some reporting update for --forms  
						
						
						
					 
					
						2010-11-15 14:17:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							20d6b9a5c1 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-11-15 12:24:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							39c6c9f386 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-15 12:19:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							819085155e 
							
						 
					 
					
						
						
							
							minor update/fix  
						
						
						
					 
					
						2010-11-15 12:07:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c25c017c08 
							
						 
					 
					
						
						
							
							cosmetics regarding --forms  
						
						
						
					 
					
						2010-11-15 11:50:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36c544f440 
							
						 
					 
					
						
						
							
							update (--forms acts now more like -g switch)  
						
						
						
					 
					
						2010-11-15 11:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f46a549ba 
							
						 
					 
					
						
						
							
							Cosmetics for --forms  
						
						
						
					 
					
						2010-11-14 21:59:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0bfc1b411a 
							
						 
					 
					
						
						
							
							Another bug fix for --union-test  
						
						
						
					 
					
						2010-11-14 15:39:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a0fb96816f 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (value += actVer)  
						
						
						
					 
					
						2010-11-14 08:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d07272c82 
							
						 
					 
					
						
						
							
							Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.  
						
						... 
						
						
						
						Now stores/resumes also the exact UNION payload to session file. 
						
					 
					
						2010-11-13 23:24:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							df5dc10111 
							
						 
					 
					
						
						
							
							Major enhancement to --union-test check  
						
						
						
					 
					
						2010-11-13 22:47:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							84849316b3 
							
						 
					 
					
						
						
							
							improvement of heuristic check (now original value is included too)  
						
						
						
					 
					
						2010-11-12 23:06:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06a872fc99 
							
						 
					 
					
						
						
							
							update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))  
						
						
						
					 
					
						2010-11-12 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27735b14df 
							
						 
					 
					
						
						
							
							update (--string and --regex should be done regardless of wasLastRequestError)  
						
						
						
					 
					
						2010-11-12 22:44:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d66f101da 
							
						 
					 
					
						
						
							
							fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)  
						
						
						
					 
					
						2010-11-12 22:29:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a777d59870 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-11-12 15:17:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0a83a830d9 
							
						 
					 
					
						
						
							
							Properly handle both HTTPS and HTTP requests through proxy  
						
						
						
					 
					
						2010-11-12 14:21:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1ef27f592 
							
						 
					 
					
						
						
							
							work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https  
						
						
						
					 
					
						2010-11-12 12:25:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9f53048ff4 
							
						 
					 
					
						
						
							
							Put a space always between the user's provided prefix and sqlmap payload  
						
						
						
					 
					
						2010-11-12 11:48:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							697b32554c 
							
						 
					 
					
						
						
							
							fix for a bug "ordinal not in range(128)" reported by bugtrace  
						
						
						
					 
					
						2010-11-12 11:48:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f83dd2251b 
							
						 
					 
					
						
						
							
							Properly save error-based enumerated data in session file, able to be resumed like with other techniques  
						
						
						
					 
					
						2010-11-12 11:40:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a34c1b287c 
							
						 
					 
					
						
						
							
							Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)  
						
						
						
					 
					
						2010-11-12 11:33:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8cec75656c 
							
						 
					 
					
						
						
							
							Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)  
						
						
						
					 
					
						2010-11-12 10:31:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a14e4d9668 
							
						 
					 
					
						
						
							
							Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.  
						
						
						
					 
					
						2010-11-12 10:16:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							66c82d72e4 
							
						 
					 
					
						
						
							
							Typo fix  
						
						
						
					 
					
						2010-11-12 10:02:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							42272ca78c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-11 22:26:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8aefd0bbf7 
							
						 
					 
					
						
						
							
							improvement of --common-tables and --common-columns  
						
						
						
					 
					
						2010-11-11 20:37:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2d872f850a 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-11-11 19:54:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24238ccd0b 
							
						 
					 
					
						
						
							
							re-renaming of brute force switches. this way is better.  
						
						
						
					 
					
						2010-11-11 07:57:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96d88877ba 
							
						 
					 
					
						
						
							
							bug fix (reported by ToR)  
						
						
						
					 
					
						2010-11-10 19:44:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19c1bfa368 
							
						 
					 
					
						
						
							
							just a precaution (now i really need to go for a sleep)  
						
						
						
					 
					
						2010-11-09 23:38:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							88c00e61d3 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2010-11-09 23:35:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47720a43dd 
							
						 
					 
					
						
						
							
							minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)  
						
						
						
					 
					
						2010-11-09 23:21:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ebd5d935c 
							
						 
					 
					
						
						
							
							another name change  
						
						
						
					 
					
						2010-11-09 22:49:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06f00cf8c1 
							
						 
					 
					
						
						
							
							name change  
						
						
						
					 
					
						2010-11-09 22:48:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6807fb04cc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-09 22:44:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fef60d5cb7 
							
						 
					 
					
						
						
							
							some fixes :)  
						
						
						
					 
					
						2010-11-09 22:32:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1cc99e2247 
							
						 
					 
					
						
						
							
							Possible quick fix for missing of True/False comparison of stable-but-not-really pages  
						
						
						
					 
					
						2010-11-09 21:39:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2205099a5e 
							
						 
					 
					
						
						
							
							Python stylish  
						
						
						
					 
					
						2010-11-09 21:39:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cee888b613 
							
						 
					 
					
						
						
							
							tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)  
						
						
						
					 
					
						2010-11-09 19:14:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							726825ca70 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-09 16:59:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b43334165d 
							
						 
					 
					
						
						
							
							update regarding brute forcing  
						
						
						
					 
					
						2010-11-09 16:53:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7fa8d4975 
							
						 
					 
					
						
						
							
							update regarding brute force retrieval of table names and table column names  
						
						
						
					 
					
						2010-11-09 16:15:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7752b5efe9 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-09 09:51:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4be0631161 
							
						 
					 
					
						
						
							
							refactoring of brute force techniques  
						
						
						
					 
					
						2010-11-09 09:42:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							221f976fbd 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-09 01:23:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							45ec8c169a 
							
						 
					 
					
						
						
							
							Consistency between --*-test switches/output  
						
						
						
					 
					
						2010-11-08 16:46:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fda8752dca 
							
						 
					 
					
						
						
							
							revert of some HTTP headers handling  
						
						
						
					 
					
						2010-11-08 13:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							78d7b17483 
							
						 
					 
					
						
						
							
							More replacements for refactoring.  
						
						... 
						
						
						
						Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters. 
						
					 
					
						2010-11-08 12:36:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb999de0f1 
							
						 
					 
					
						
						
							
							added Range handler (dealing with 206 HTTP messages)  
						
						
						
					 
					
						2010-11-08 12:26:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							875781bf97 
							
						 
					 
					
						
						
							
							another minor fix  
						
						
						
					 
					
						2010-11-08 11:55:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4a4a3051e5 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-11-08 11:39:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3de10e3a2 
							
						 
					 
					
						
						
							
							new option -t  
						
						
						
					 
					
						2010-11-08 11:22:47 +00:00