Miroslav Stampar
|
6e392b6054
|
applying contributed patch for DB2
|
2011-05-06 09:30:39 +00:00 |
|
Bernardo Damele
|
2d8408c885
|
More fix for --technique resume
|
2011-05-05 16:38:46 +00:00 |
|
Bernardo Damele
|
6cff3e97f4
|
cosmetics
|
2011-05-02 21:48:08 +00:00 |
|
Miroslav Stampar
|
06498796b9
|
minor cosmetics
|
2011-05-02 20:51:53 +00:00 |
|
Bernardo Damele
|
955dbc85e7
|
Minor variable rename
|
2011-04-30 15:29:59 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
a5968fff3e
|
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
|
2011-04-30 00:22:22 +00:00 |
|
Bernardo Damele
|
a23ca952e4
|
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
|
2011-04-29 21:09:07 +00:00 |
|
Bernardo Damele
|
edac0b2558
|
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
|
2011-04-28 23:59:00 +00:00 |
|
Bernardo Damele
|
441c288dd9
|
cosmeticados
|
2011-04-25 00:36:09 +00:00 |
|
Miroslav Stampar
|
7b3b9e6a87
|
it seems that this was indeed not meant to be here
|
2011-04-22 15:07:09 +00:00 |
|
Miroslav Stampar
|
304500a2e8
|
implemented checkFalsePositives method (simple Turing like tests)
|
2011-04-22 12:24:16 +00:00 |
|
Bernardo Damele
|
eabb5a2ba7
|
More adjustments to the error message when no sql injections are detected
|
2011-04-21 22:04:20 +00:00 |
|
Bernardo Damele
|
6d07dddf60
|
updated doc and minor layout adjustments
|
2011-04-21 21:53:35 +00:00 |
|
Bernardo Damele
|
770b1523ff
|
More verbose output when no SQL injections are detected
|
2011-04-21 21:31:16 +00:00 |
|
Bernardo Damele
|
edc2d75702
|
Cosmetics and major bug fix
|
2011-04-21 21:15:23 +00:00 |
|
Miroslav Stampar
|
df0331fe9b
|
some more refactoring
|
2011-04-19 23:04:10 +00:00 |
|
Miroslav Stampar
|
9b0db33cc5
|
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
|
2011-04-19 08:55:38 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
2db2e9b6a2
|
now GET forms are also prone to "do you want to fill with random values"
|
2011-04-11 11:38:41 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Bernardo Damele
|
c6b9d89d31
|
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
|
2011-04-07 11:10:35 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Miroslav Stampar
|
bbd4c128b0
|
minor update related to the last commit
|
2011-04-01 22:19:42 +00:00 |
|
Miroslav Stampar
|
0916117447
|
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
|
2011-03-30 18:32:10 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
4d78eac938
|
revert of that thingy as requested by Bernardo
|
2011-03-29 10:06:35 +00:00 |
|
Miroslav Stampar
|
e8debbe724
|
minor cosmetics and one minor fix (|= is a nono with None)
|
2011-03-29 06:38:19 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
1e22ff45de
|
minor update regarding testing of GET parameters if --data and/or --forms is used
|
2011-03-28 16:14:08 +00:00 |
|
Miroslav Stampar
|
bd75fd26e9
|
implementing a --page-rank switch as requested by l0rda@l0rda.biz
|
2011-03-23 11:57:57 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
970cde5a8a
|
minor update regarding last commit
|
2011-03-17 09:23:46 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
90582ed7dc
|
minor change
|
2011-02-21 11:35:21 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
7ebc1ab90a
|
minor cosmetics
|
2011-02-17 08:59:14 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
45a005737d
|
Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2
|
2011-02-13 21:08:42 +00:00 |
|
Miroslav Stampar
|
521635c84d
|
quick fix for UA and Referer
|
2011-02-11 23:36:23 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Miroslav Stampar
|
a6ab24e0b5
|
just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed
|
2011-02-10 22:47:43 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
2c4f6d2e99
|
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
|
2011-02-07 21:53:05 +00:00 |
|
Miroslav Stampar
|
a577d0e9a5
|
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
|
2011-02-07 21:18:01 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
d2b96a66a2
|
one more update regarding last few "unescape" related commits
|
2011-02-06 20:23:23 +00:00 |
|
Bernardo Damele
|
c44978862e
|
Minor reordering of what gets saved into the injection object
|
2011-02-06 15:20:44 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Bernardo Damele
|
d875d848ce
|
Better sort
|
2011-02-01 22:04:48 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Miroslav Stampar
|
496a84c356
|
minor update
|
2011-01-20 18:32:04 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Bernardo Damele
|
eda0b41859
|
Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
|
2011-01-18 23:03:50 +00:00 |
|
Bernardo Damele
|
c2a358561f
|
Proper support for --union-cols
|
2011-01-17 22:57:33 +00:00 |
|
Bernardo Damele
|
47565f9459
|
Minor code refactoring
|
2011-01-17 21:13:59 +00:00 |
|
Miroslav Stampar
|
f5e36876e7
|
removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency
|
2011-01-16 19:29:06 +00:00 |
|
Miroslav Stampar
|
718eef8753
|
minor fix
|
2011-01-16 18:11:35 +00:00 |
|
Miroslav Stampar
|
ec1ab3cd2a
|
removing timeSec from injection configuration attributes as it highly depends on current connection "variables"
|
2011-01-16 12:12:01 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Bernardo Damele
|
0fc4ebdc1b
|
Major bug fix.
Minor code refactoring.
|
2011-01-16 01:17:09 +00:00 |
|
Bernardo Damele
|
c0d5daee99
|
More refactoring and cleanup
|
2011-01-16 00:15:30 +00:00 |
|
Bernardo Damele
|
d3a28124b1
|
More code cleanup
|
2011-01-15 23:11:36 +00:00 |
|
Bernardo Damele
|
4a35f598b8
|
Minor refactoring
|
2011-01-15 22:09:53 +00:00 |
|
Miroslav Stampar
|
0f565c941e
|
bug fix and proper warning message
|
2011-01-15 16:59:53 +00:00 |
|
Miroslav Stampar
|
5bdb50c224
|
code review part 3
|
2011-01-15 13:15:10 +00:00 |
|
Miroslav Stampar
|
6a0e0cde3c
|
code review of modules in lib/core directory
|
2011-01-15 12:13:45 +00:00 |
|
Miroslav Stampar
|
05b2a338fe
|
cosmetics
|
2011-01-14 16:12:44 +00:00 |
|
Miroslav Stampar
|
bff989d348
|
minor update
|
2011-01-14 15:43:53 +00:00 |
|
Miroslav Stampar
|
daf5662eab
|
update
|
2011-01-14 15:33:49 +00:00 |
|
Miroslav Stampar
|
08f7e20c51
|
minor code refactoring
|
2011-01-14 14:55:59 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Bernardo Damele
|
e4e9b11b79
|
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
|
2011-01-14 12:47:07 +00:00 |
|
Bernardo Damele
|
3c95d71ea5
|
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
|
2011-01-14 11:55:20 +00:00 |
|
Miroslav Stampar
|
676b95b30a
|
minor code refactoring
|
2011-01-14 09:44:56 +00:00 |
|
Bernardo Damele
|
f8c04ce020
|
Minor bug fix
|
2011-01-13 20:59:13 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Miroslav Stampar
|
ece2eb31ca
|
minor update
|
2011-01-13 11:08:29 +00:00 |
|
Bernardo Damele
|
be6e2d6a31
|
Important bug fix.
Minor code restyling.
|
2011-01-13 09:41:55 +00:00 |
|
Bernardo Damele
|
af9725214a
|
Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
|
2011-01-12 12:01:32 +00:00 |
|
Bernardo Damele
|
8bdb7ec58c
|
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
|
2011-01-12 00:47:39 +00:00 |
|
Bernardo Damele
|
5c7c3c76c3
|
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
|
2011-01-11 23:47:32 +00:00 |
|