Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
6232397129
|
minor update
|
2010-11-16 10:52:49 +00:00 |
|
Miroslav Stampar
|
6ef3846400
|
update regarding error parsing (and reporting)
|
2010-11-16 10:42:42 +00:00 |
|
Miroslav Stampar
|
b3ad63b71e
|
major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)
|
2010-11-15 14:59:37 +00:00 |
|
Miroslav Stampar
|
39c6c9f386
|
minor update
|
2010-11-15 12:19:22 +00:00 |
|
Miroslav Stampar
|
c25c017c08
|
cosmetics regarding --forms
|
2010-11-15 11:50:33 +00:00 |
|
Miroslav Stampar
|
36c544f440
|
update (--forms acts now more like -g switch)
|
2010-11-15 11:34:57 +00:00 |
|
Miroslav Stampar
|
a0fb96816f
|
fix for a bug reported by ToR (value += actVer)
|
2010-11-14 08:31:29 +00:00 |
|
Miroslav Stampar
|
84849316b3
|
improvement of heuristic check (now original value is included too)
|
2010-11-12 23:06:01 +00:00 |
|
Miroslav Stampar
|
0d66f101da
|
fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)
|
2010-11-12 22:29:33 +00:00 |
|
Miroslav Stampar
|
2d872f850a
|
quick fix
|
2010-11-11 19:54:54 +00:00 |
|
Miroslav Stampar
|
24238ccd0b
|
re-renaming of brute force switches. this way is better.
|
2010-11-11 07:57:44 +00:00 |
|
Miroslav Stampar
|
96d88877ba
|
bug fix (reported by ToR)
|
2010-11-10 19:44:51 +00:00 |
|
Miroslav Stampar
|
6807fb04cc
|
minor update
|
2010-11-09 22:44:23 +00:00 |
|
Miroslav Stampar
|
fef60d5cb7
|
some fixes :)
|
2010-11-09 22:32:05 +00:00 |
|
Bernardo Damele
|
2205099a5e
|
Python stylish
|
2010-11-09 21:39:05 +00:00 |
|
Miroslav Stampar
|
cee888b613
|
tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)
|
2010-11-09 19:14:55 +00:00 |
|
Miroslav Stampar
|
a7fa8d4975
|
update regarding brute force retrieval of table names and table column names
|
2010-11-09 16:15:55 +00:00 |
|
Miroslav Stampar
|
4be0631161
|
refactoring of brute force techniques
|
2010-11-09 09:42:43 +00:00 |
|
Miroslav Stampar
|
fda8752dca
|
revert of some HTTP headers handling
|
2010-11-08 13:26:45 +00:00 |
|
Bernardo Damele
|
78d7b17483
|
More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
|
2010-11-08 12:36:48 +00:00 |
|
Miroslav Stampar
|
0d0e2a2228
|
minor update
|
2010-11-08 09:49:57 +00:00 |
|
Miroslav Stampar
|
d551423379
|
further enum refactoring
|
2010-11-08 09:44:32 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Miroslav Stampar
|
0482e02c37
|
minor optimization
|
2010-11-07 23:37:15 +00:00 |
|
Miroslav Stampar
|
4f346eab33
|
fix for resume from session
|
2010-11-07 23:25:53 +00:00 |
|
Miroslav Stampar
|
620fa1c8fb
|
trust me, i know what i am doing :)
|
2010-11-07 20:33:33 +00:00 |
|
Bernardo Damele
|
4d81da6bc8
|
Cosmetics
|
2010-11-07 16:23:03 +00:00 |
|
Bernardo Damele
|
6716315a76
|
Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity
|
2010-11-07 15:45:26 +00:00 |
|
Bernardo Damele
|
9669dbdae1
|
Minor cosmetics and adjustments
|
2010-11-07 15:34:52 +00:00 |
|
Miroslav Stampar
|
2b8c942b4a
|
more update
|
2010-11-07 08:58:24 +00:00 |
|
Miroslav Stampar
|
00dfd55830
|
added powerful switch --longest-common for dealing with heavy dynamicity
|
2010-11-07 08:52:09 +00:00 |
|
Miroslav Stampar
|
508b9cc763
|
dynamicity engine update
|
2010-11-07 00:12:00 +00:00 |
|
Miroslav Stampar
|
3619fc5127
|
minor update
|
2010-11-06 08:31:11 +00:00 |
|
Miroslav Stampar
|
06760182f1
|
cosmetics
|
2010-11-05 16:08:42 +00:00 |
|
Miroslav Stampar
|
9bc9302e58
|
minor fix
|
2010-11-05 16:03:12 +00:00 |
|
Miroslav Stampar
|
44435adc4a
|
added some fancy Ctrl+C when having multiple targets
|
2010-11-05 15:59:25 +00:00 |
|
Miroslav Stampar
|
0e895fa512
|
update of dynamicity testing and few misc fixes
|
2010-11-05 13:14:12 +00:00 |
|
Miroslav Stampar
|
ad6b2e9c21
|
minor fix
|
2010-11-04 16:47:18 +00:00 |
|
Miroslav Stampar
|
e1cec8c02b
|
fix for all that stable, dynamic mambo jambo :)
|
2010-11-04 16:44:34 +00:00 |
|
Miroslav Stampar
|
efe75aa8a3
|
added some debug messages
|
2010-11-04 09:18:32 +00:00 |
|
Miroslav Stampar
|
71d0b1bcd7
|
several bug fixes
|
2010-11-03 21:51:36 +00:00 |
|
Miroslav Stampar
|
6adee3792a
|
removed all trailing spaces from blank lines
|
2010-11-03 10:08:27 +00:00 |
|
Miroslav Stampar
|
685a8e7d2c
|
refactoring of hard coded dbms names
|
2010-11-02 11:59:24 +00:00 |
|
Miroslav Stampar
|
13e93f564a
|
one bug fix in dynamic content engine and some code refactoring
|
2010-11-02 07:32:08 +00:00 |
|
Bernardo Damele
|
486a113560
|
Consolidate logger messages for --*-test switches
|
2010-10-31 16:58:38 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Miroslav Stampar
|
5cc1bd8a12
|
major fix for heuristic check
|
2010-10-27 08:27:31 +00:00 |
|
Bernardo Damele
|
f5904d0bc0
|
Major bug fix to --union-test
|
2010-10-25 23:39:55 +00:00 |
|
Miroslav Stampar
|
73eea81b3a
|
minor cosmetics
|
2010-10-25 19:45:53 +00:00 |
|
Miroslav Stampar
|
d7bf94d4d6
|
fix for --beep
|
2010-10-25 19:16:42 +00:00 |
|
Bernardo Damele
|
debaf2215f
|
Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch
|
2010-10-25 15:54:45 +00:00 |
|
Miroslav Stampar
|
24c5d7b313
|
code refactoring
|
2010-10-25 14:06:56 +00:00 |
|
Miroslav Stampar
|
9c94a233a1
|
conf.md5hash thrown out
|
2010-10-25 13:52:21 +00:00 |
|
Miroslav Stampar
|
8df7c88174
|
implementation of a new dynamic content removal engine
|
2010-10-25 10:41:37 +00:00 |
|
Miroslav Stampar
|
52f910f752
|
added --beep (tested on Windows and Linux; for now turned off) switch
|
2010-10-23 09:38:46 +00:00 |
|
Miroslav Stampar
|
00449f1402
|
fix/upgrade/chicken soup
|
2010-10-20 09:54:17 +00:00 |
|
Miroslav Stampar
|
934adb5e8d
|
code refactoring
|
2010-10-20 09:09:04 +00:00 |
|
Bernardo Damele
|
0817d1b78d
|
Cosmetics
|
2010-10-19 23:09:30 +00:00 |
|
Miroslav Stampar
|
4009ef385e
|
more update regarding error based injection support
|
2010-10-19 18:17:34 +00:00 |
|
Miroslav Stampar
|
9a7fd29d4f
|
using pushValue and popValue
|
2010-10-18 22:22:41 +00:00 |
|
Miroslav Stampar
|
a97319656c
|
optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing
|
2010-10-18 21:47:11 +00:00 |
|
Miroslav Stampar
|
8b8fff41fe
|
cosmetics (adding html parsed DBMS) regarding heuristic check
|
2010-10-18 12:11:16 +00:00 |
|
Bernardo Damele
|
1d74036ee3
|
Minor cosmetic fixes
|
2010-10-18 11:34:53 +00:00 |
|
Bernardo Damele
|
6211915da5
|
Cosmetic fix
|
2010-10-16 22:31:16 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Bernardo Damele
|
84ed7f192a
|
Cosmetic fixes
|
2010-10-16 15:10:48 +00:00 |
|
Bernardo Damele
|
bf56f8c63c
|
Cosmetic fix
|
2010-10-15 12:46:41 +00:00 |
|
Bernardo Damele
|
5f6d88a418
|
Minor comment
|
2010-10-15 11:17:17 +00:00 |
|
Bernardo Damele
|
48cc8a308d
|
More verbose messages on successful --null-connection
|
2010-10-15 10:24:54 +00:00 |
|
Miroslav Stampar
|
0f48dd6f73
|
fix for skipping non-GET urls
|
2010-10-15 09:54:29 +00:00 |
|
Miroslav Stampar
|
d0df8cdac9
|
fix for that duplicates
|
2010-10-15 00:34:16 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
162d01abed
|
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
|
2010-10-14 11:06:28 +00:00 |
|
Miroslav Stampar
|
f700692c74
|
added missing files for Sybase
|
2010-10-13 18:55:17 +00:00 |
|
Miroslav Stampar
|
562df9c107
|
temporary fix (files left at home)
|
2010-10-13 07:39:48 +00:00 |
|
Miroslav Stampar
|
d2ec132469
|
added --text-only switch
|
2010-10-12 19:41:29 +00:00 |
|
Miroslav Stampar
|
f9f79ffbaf
|
basic stuff for sybase
|
2010-10-12 19:05:12 +00:00 |
|
Miroslav Stampar
|
9ffa928783
|
added some user interaction when page is dynamic
|
2010-10-12 15:49:04 +00:00 |
|
Miroslav Stampar
|
b748e6ea44
|
minor update
|
2010-10-12 12:52:06 +00:00 |
|
Miroslav Stampar
|
e2bbfbe650
|
bug fix
|
2010-10-11 14:32:02 +00:00 |
|
Miroslav Stampar
|
43892cddbb
|
some updates
|
2010-10-11 12:26:35 +00:00 |
|
Miroslav Stampar
|
8b0a132fa9
|
minor update
|
2010-10-11 11:47:07 +00:00 |
|
Miroslav Stampar
|
7a5bb2b0d6
|
update
|
2010-10-10 19:50:10 +00:00 |
|
Miroslav Stampar
|
8fcad29bbf
|
new feature --forms (still unfinished)
|
2010-10-10 18:56:43 +00:00 |
|
Miroslav Stampar
|
18d27cabc5
|
more changes
|
2010-10-07 15:34:17 +00:00 |
|
Miroslav Stampar
|
1e9ae40397
|
major refactoring
|
2010-10-07 12:12:26 +00:00 |
|
Miroslav Stampar
|
1bf8939e2f
|
further updates
|
2010-10-06 22:43:04 +00:00 |
|
Miroslav Stampar
|
de6fa1247b
|
moved injections to xml format
|
2010-10-06 22:29:52 +00:00 |
|
Miroslav Stampar
|
8abcdae1b5
|
some update
|
2010-09-30 19:45:23 +00:00 |
|
Miroslav Stampar
|
cf8e92699c
|
changes regarding EXISTS feature
|
2010-09-30 12:35:45 +00:00 |
|
Miroslav Stampar
|
c6bf0e43af
|
minor update
|
2010-09-27 13:41:18 +00:00 |
|
Miroslav Stampar
|
dc11ae0d65
|
update
|
2010-09-26 14:56:55 +00:00 |
|
Miroslav Stampar
|
35f35605df
|
changes regarding Feature #160
|
2010-09-26 14:02:13 +00:00 |
|
Miroslav Stampar
|
8cf1aa6abe
|
added keepAlive under -o switch too
|
2010-09-16 10:41:52 +00:00 |
|
Miroslav Stampar
|
6259114c02
|
added optimization switch (-o)
|
2010-09-16 10:12:53 +00:00 |
|
Miroslav Stampar
|
bfffd5e333
|
added --null-connection as an experimental option
|
2010-09-16 10:01:33 +00:00 |
|
Miroslav Stampar
|
b745331974
|
added null connection check
|
2010-09-16 08:43:10 +00:00 |
|
Miroslav Stampar
|
9a72a25704
|
again minor update
|
2010-09-15 13:59:55 +00:00 |
|