stamparm
|
a530817727
|
Minor typo fix
|
2013-07-08 11:52:46 +02:00 |
|
stamparm
|
8d3435ab0b
|
Removing reflective warning for parsing heuristic test
|
2013-07-08 11:48:33 +02:00 |
|
stamparm
|
db536427f0
|
Adding a question for storing hashes to a temporary file (after a mention of it on Twitter)
|
2013-07-04 15:34:00 +02:00 |
|
stamparm
|
f97b35dcc1
|
Patch for an Issue #475
|
2013-07-01 13:43:38 +02:00 |
|
stamparm
|
017ce22a2f
|
Minor consistency patch (Issue #475)
|
2013-07-01 13:01:53 +02:00 |
|
stamparm
|
5ff09aff63
|
Some more adjustments (Issue #475)
|
2013-07-01 12:50:12 +02:00 |
|
stamparm
|
04046f38eb
|
Minor update (Issue #475)
|
2013-07-01 12:26:57 +02:00 |
|
stamparm
|
f7d15cb465
|
Official naming is HSQLDB (and/or HyperSQL)
|
2013-07-01 11:57:47 +02:00 |
|
Miroslav Stampar
|
aeb83ba651
|
Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
|
2013-07-01 02:38:04 -07:00 |
|
Miroslav Stampar
|
a1842f44f5
|
Fix for an Issue #477
|
2013-06-29 20:55:48 +02:00 |
|
stamparm
|
fd5b665f7d
|
Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)
|
2013-06-26 10:55:34 +02:00 |
|
Meatballs
|
4595b2c287
|
decodeHexValue
|
2013-06-24 23:45:39 +01:00 |
|
Meatballs
|
09e1dc814d
|
Fix concat
|
2013-06-24 23:20:34 +01:00 |
|
Meatballs
|
ed40a76c9d
|
Fix dummy table
|
2013-06-24 23:18:47 +01:00 |
|
Meatballs
|
9212b05eeb
|
Add call to execute statements
|
2013-06-24 15:01:44 +01:00 |
|
Meatballs
|
62000c6406
|
Remaining files
|
2013-06-24 14:42:58 +01:00 |
|
Meatballs
|
7b6cc3d183
|
Add hsql settings
|
2013-06-24 14:38:44 +01:00 |
|
Meatballs
|
20a5d9a16e
|
Include HSQL dummy table
|
2013-06-24 14:37:42 +01:00 |
|
Miroslav Stampar
|
0355e29b7c
|
Minor fix (NoneType has no attribute split)
|
2013-06-24 14:49:53 +02:00 |
|
Miroslav Stampar
|
95ed6b7203
|
Minor patch (Issue #470)
|
2013-06-24 14:37:45 +02:00 |
|
Miroslav Stampar
|
fca6772df6
|
Implementation for an Issue #468
|
2013-06-22 00:13:46 +02:00 |
|
Bernardo Damele
|
a72096a345
|
slightly more appropriate definition of output variable
|
2013-06-19 20:25:01 +01:00 |
|
Bernardo Damele
|
cae108d9fc
|
careful at merging pull requests with TABs (#466)
|
2013-06-19 19:49:53 +01:00 |
|
stamparm
|
a53823f9b7
|
Minor refactoring
|
2013-06-19 10:59:26 +02:00 |
|
stamparm
|
690645f6c7
|
Cosmetic fix
|
2013-06-19 10:50:00 +02:00 |
|
stamparm
|
a7787e83b8
|
Minor fix for case-insensitive union duplicates
|
2013-06-18 12:52:36 +02:00 |
|
Miroslav Stampar
|
aff7092736
|
Merge pull request #466 from Meatballs1/xp_cmdshell_output
Unable to retrieve XP_Cmdshell Output
|
2013-06-18 00:47:08 -07:00 |
|
stamparm
|
9a6f5a95f5
|
Minor patch for SQLAlchemy/MSSQL
|
2013-06-18 09:36:09 +02:00 |
|
Meatballs
|
c5087399c1
|
Fix exception if init technique not available
|
2013-06-16 10:47:27 +01:00 |
|
Meatballs
|
2c98507f1e
|
Add better error msg
|
2013-06-16 10:27:08 +01:00 |
|
Meatballs
|
caa326774c
|
Fallback to blind
|
2013-06-16 10:22:20 +01:00 |
|
Miroslav Stampar
|
63d0e9bb12
|
Adding support for MsSQL >=2012 hash format (based on commit 70107f74f0be5357654f170a3f321e3e55e81881)
|
2013-06-13 21:50:35 +02:00 |
|
Miroslav Stampar
|
f185e5cdd5
|
Fix for an Issue #463
|
2013-06-10 22:26:34 +02:00 |
|
Miroslav Stampar
|
cdb434805a
|
Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases
|
2013-06-10 22:14:45 +02:00 |
|
Miroslav Stampar
|
6f49b96a2d
|
Fix for an Issue #462
|
2013-06-10 12:20:58 +02:00 |
|
Miroslav Stampar
|
3583f45ee7
|
Fix for an Issue #461
|
2013-06-10 11:44:56 +02:00 |
|
Miroslav Stampar
|
39612b5d87
|
Fix for an Issue #457
|
2013-06-04 23:46:39 +02:00 |
|
Miroslav Stampar
|
c1592e8508
|
Code refactoring (moving import ctypes to be used only when needed)
|
2013-06-04 22:23:44 +02:00 |
|
Miroslav Stampar
|
3e0f747fad
|
Minor fix
|
2013-06-04 00:05:25 +02:00 |
|
Miroslav Stampar
|
213d0ecfb9
|
Minor fix
|
2013-06-03 23:32:57 +02:00 |
|
Miroslav Stampar
|
edc9da1226
|
Minor refactoring
|
2013-06-03 15:14:56 +02:00 |
|
Miroslav Stampar
|
351c70b390
|
Locale module screws string.letters, etc. in some cases (e.g. IDLE run)
|
2013-06-01 14:06:58 +02:00 |
|
Miroslav Stampar
|
b7989f93c5
|
Trivial update regarding last commit
|
2013-05-30 12:04:56 +02:00 |
|
Miroslav Stampar
|
ed8f16e754
|
Minor update on user's request
|
2013-05-30 12:01:13 +02:00 |
|
Miroslav Stampar
|
12870e6ff3
|
Minor fix
|
2013-05-30 11:42:27 +02:00 |
|
Miroslav Stampar
|
793a8ad349
|
Minor fix
|
2013-05-30 11:38:24 +02:00 |
|
stamparm
|
f4ca4cd6c5
|
Minor update
|
2013-05-29 15:49:09 +02:00 |
|
stamparm
|
c3038fcb65
|
Minor cosmetic update
|
2013-05-29 15:46:59 +02:00 |
|
stamparm
|
8fbf4b11d2
|
Trivial update regarding last commit
|
2013-05-29 15:45:13 +02:00 |
|
stamparm
|
dfd6ee20bb
|
Patch for an Issue #454
|
2013-05-29 15:26:11 +02:00 |
|
stamparm
|
60df3e9d1e
|
Minor cosmetic update (displaying 'Technique: DIRECT' instead of 'Technique: None' in case of direct access)
|
2013-05-29 15:04:14 +02:00 |
|
stamparm
|
e28b056028
|
Dummy fix
|
2013-05-29 14:26:00 +02:00 |
|
stamparm
|
6b280d8da4
|
Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup)
|
2013-05-28 14:40:45 +02:00 |
|
stamparm
|
bc4e1dab19
|
Getting rid of those ugly warning messages
|
2013-05-28 11:24:56 +02:00 |
|
stamparm
|
659c0bb418
|
Minor fix
|
2013-05-27 10:38:47 +02:00 |
|
Miroslav Stampar
|
f3f752d85c
|
Patch for an Issue #452
|
2013-05-25 18:52:59 +02:00 |
|
Miroslav Stampar
|
a85a0e53de
|
Fix for an Issue 'ValueError: Invalid IPv6 URL'
|
2013-05-25 18:00:21 +02:00 |
|
Miroslav Stampar
|
e18796dbe1
|
Minor style update
|
2013-05-25 18:00:20 +02:00 |
|
Miroslav Stampar
|
e7ddc2fcab
|
Minor fix
|
2013-05-23 12:57:33 +04:00 |
|
Miroslav Stampar
|
eb8e12b7c2
|
Minor adjustment (for headers like 'name:http://asdas')
|
2013-05-23 11:29:43 +04:00 |
|
stamparm
|
1b3f1a4016
|
More appropriate naming (also, preventing ambiguities with --smart)
|
2013-05-22 23:21:43 +04:00 |
|
stamparm
|
4b2cf07262
|
Minor style update
|
2013-05-20 16:15:35 +02:00 |
|
Miroslav Stampar
|
1a4ea186ca
|
Consistency fix
|
2013-05-19 23:00:40 +02:00 |
|
Miroslav Stampar
|
d3ad408a21
|
Minor cosmetics
|
2013-05-19 22:17:53 +02:00 |
|
Miroslav Stampar
|
4f49dad2ba
|
Minor cosmetics
|
2013-05-19 01:19:54 +02:00 |
|
Miroslav Stampar
|
6cfcc1af63
|
Minor cosmetic
|
2013-05-19 01:17:22 +02:00 |
|
Miroslav Stampar
|
ea5c742595
|
Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled)
|
2013-05-18 21:30:21 +02:00 |
|
Miroslav Stampar
|
980a0e3adb
|
Trivial update
|
2013-05-18 21:00:53 +02:00 |
|
Miroslav Stampar
|
1ff98c2ff9
|
Another minor text update
|
2013-05-18 21:00:11 +02:00 |
|
Miroslav Stampar
|
967513e1bb
|
Minor message update
|
2013-05-18 20:59:23 +02:00 |
|
Miroslav Stampar
|
caa4ee96cd
|
Minor cosmetic update
|
2013-05-18 18:28:44 +02:00 |
|
Miroslav Stampar
|
6608410320
|
Adding a question after WAF has been identified
|
2013-05-18 18:26:40 +02:00 |
|
Miroslav Stampar
|
b2b3b3b5a6
|
Minor bug fix (level names not properly used in non-logger output)
|
2013-05-18 16:44:21 +02:00 |
|
Miroslav Stampar
|
f24c8c6b6b
|
Changing logging type to warning for parsed error messages
|
2013-05-18 16:17:56 +02:00 |
|
Miroslav Stampar
|
dcea745576
|
Minor update (not displaying safe enclosings in table dumps)
|
2013-05-18 16:13:34 +02:00 |
|
Miroslav Stampar
|
e528ea8208
|
Minor language fix
|
2013-05-18 16:02:34 +02:00 |
|
stamparm
|
03732d2592
|
Minor fix
|
2013-05-17 16:04:05 +02:00 |
|
stamparm
|
b26ecfe087
|
Patch for an Issue #449
|
2013-05-17 15:14:51 +02:00 |
|
stamparm
|
76b4e1ccb9
|
Implementation for an Issue #450
|
2013-05-17 15:04:25 +02:00 |
|
stamparm
|
7ba9e75c97
|
Minor update related to the last commit
|
2013-05-16 15:23:20 +02:00 |
|
stamparm
|
7ea8dd9428
|
MySQL is specific (types are automatically being converted without any warning/error)
|
2013-05-16 15:12:36 +02:00 |
|
stamparm
|
f1f34a65a2
|
Minor update
|
2013-05-15 13:38:26 +02:00 |
|
stamparm
|
41f0e91662
|
Minor update (related to last commit)
|
2013-05-13 14:50:03 +02:00 |
|
stamparm
|
cb9ea67c8d
|
Code refactoring (moving progress.py to lib/utils)
|
2013-05-13 14:48:39 +02:00 |
|
stamparm
|
936815128d
|
Minor fix
|
2013-05-13 13:42:43 +02:00 |
|
Miroslav Stampar
|
034e123b0c
|
Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)
|
2013-05-12 16:24:13 +02:00 |
|
Miroslav Stampar
|
6676eaf88f
|
Minor fix
|
2013-05-12 14:02:50 +02:00 |
|
Miroslav Stampar
|
f8cef1fc6f
|
Minor fix for a test case 211
|
2013-05-09 21:20:17 +02:00 |
|
stamparm
|
8b64709c17
|
Completing implementation for an Issue #189 (union)
|
2013-05-09 16:36:03 +02:00 |
|
stamparm
|
3873805dab
|
Partial implementation for an Issue #189 (error-based; still partial union left)
|
2013-05-09 16:23:57 +02:00 |
|
stamparm
|
9fe5a8832f
|
Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box)
|
2013-05-09 15:52:18 +02:00 |
|
stamparm
|
fc57b7565d
|
Implementation for an Issue #432
|
2013-05-09 14:26:29 +02:00 |
|
stamparm
|
03be419d5d
|
Fix for an Issue #447
|
2013-05-07 13:25:30 +02:00 |
|
stamparm
|
2bfdac5ebc
|
Minor update for crawler
|
2013-04-30 18:32:46 +02:00 |
|
stamparm
|
887109a12d
|
Minor bug fix (for not displaying heuristic detected page charset None)
|
2013-04-30 18:16:32 +02:00 |
|
stamparm
|
ebe8ee3500
|
Fix for crawler and redirection case
|
2013-04-30 18:08:26 +02:00 |
|
stamparm
|
09e7f4f697
|
Minor bug fix regarding traffic logging of redirected requests
|
2013-04-30 17:46:26 +02:00 |
|
stamparm
|
3c110b3620
|
Minor bug fix
|
2013-04-30 16:40:16 +02:00 |
|
stamparm
|
bdb9219e9b
|
Minor revert
|
2013-04-30 14:41:38 +02:00 |
|
stamparm
|
d2a5548889
|
Some more reordering
|
2013-04-30 14:32:11 +02:00 |
|
stamparm
|
16866119b8
|
Another minor update
|
2013-04-30 14:11:56 +02:00 |
|
stamparm
|
08fbfda5d2
|
Minor update
|
2013-04-30 14:06:04 +02:00 |
|
stamparm
|
69e3a2cb9e
|
Minor update
|
2013-04-30 14:06:04 +02:00 |
|
stamparm
|
03c4eb8338
|
Minor update
|
2013-04-30 14:06:04 +02:00 |
|
stamparm
|
214d9aaf4b
|
Language fix
|
2013-04-30 14:06:04 +02:00 |
|
stamparm
|
3266c6c1f1
|
Language fix
|
2013-04-30 14:06:04 +02:00 |
|
Bernardo Damele
|
9f1e644f23
|
language fixes
|
2013-04-30 11:44:47 +01:00 |
|
stamparm
|
46557198a5
|
Minor update of doc root names
|
2013-04-29 11:29:59 +02:00 |
|
stamparm
|
1035ee9c3d
|
Patch for an Issue #442
|
2013-04-26 14:49:24 +02:00 |
|
Miroslav Stampar
|
beab72a180
|
Minor language update
|
2013-04-25 19:55:45 +02:00 |
|
stamparm
|
63d7707346
|
Adding support for appending to the existing table dump if --start/--stop is used
|
2013-04-24 16:08:40 +02:00 |
|
stamparm
|
e3a02f56e6
|
Just in case for --force-ssl (if url is returned in e.g. refresh toward the target)
|
2013-04-24 12:35:39 +02:00 |
|
stamparm
|
42a73d8e0b
|
Minor language update
|
2013-04-24 12:10:06 +02:00 |
|
stamparm
|
8d382f00e8
|
Minor style update
|
2013-04-22 11:38:47 +02:00 |
|
Miroslav Stampar
|
a475116853
|
Minor check
|
2013-04-21 21:42:23 +02:00 |
|
stamparm
|
0d92145fc6
|
Minor bug fix
|
2013-04-19 15:40:25 +02:00 |
|
stamparm
|
0cb3ce5765
|
Bug fix (maybe it will have repercusions in future as this was a silent bug)
|
2013-04-19 10:10:06 +02:00 |
|
stamparm
|
b7d4afcc63
|
Moving '--pivot-column' to a General section (Issue #437)
|
2013-04-18 17:12:32 +02:00 |
|
stamparm
|
9d045e14e8
|
Implementation for an Issue #437
|
2013-04-18 17:06:45 +02:00 |
|
stamparm
|
2defc30dc6
|
From now on --dbms-cred can be used also in combination with -d (more flexibility as spotted that one user used in that way on ML)
|
2013-04-17 11:12:15 +02:00 |
|
stamparm
|
feed2274c3
|
Patch for an Issue #435
|
2013-04-17 10:48:17 +02:00 |
|
stamparm
|
c73489aff3
|
Adding a couple of new option validation checks
|
2013-04-16 14:31:10 +02:00 |
|
stamparm
|
7204ec5616
|
Adding a basic validation check (-d with --url)
|
2013-04-16 14:23:27 +02:00 |
|
stamparm
|
6fed1921ed
|
Bug fix (there are cases when provided kwargs containing explicit None values while we want to use the alternative in those kind of cases; there was an intention in original code, while the implementation was buggy)
|
2013-04-16 14:17:41 +02:00 |
|
Miroslav Stampar
|
840ee26a14
|
If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available
|
2013-04-15 18:42:26 +02:00 |
|
stamparm
|
de99717b00
|
Disable sqlalchemy warnings if applicable
|
2013-04-15 16:29:08 +02:00 |
|
stamparm
|
1c2197e8de
|
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
|
2013-04-15 16:18:40 +02:00 |
|
stamparm
|
6ab2e8eca4
|
Trivial style update
|
2013-04-15 16:09:04 +02:00 |
|
stamparm
|
a3d36fcb73
|
Minor update
|
2013-04-15 16:07:27 +02:00 |
|
stamparm
|
140cffbde2
|
Patch for an Issue #434
|
2013-04-15 15:57:28 +02:00 |
|
stamparm
|
9ccbdb3fdf
|
Added a check for an Issue #361
|
2013-04-15 15:36:10 +02:00 |
|
stamparm
|
1c47b33020
|
Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)
|
2013-04-15 15:23:45 +02:00 |
|
stamparm
|
f936746423
|
Code restyling
|
2013-04-15 14:31:27 +02:00 |
|
stamparm
|
aed738d6e6
|
Update for an Issue #361
|
2013-04-15 14:20:21 +02:00 |
|
stamparm
|
a9a0d1a3f9
|
Minor update
|
2013-04-15 11:56:19 +02:00 |
|
stamparm
|
10fbeaed7b
|
Code refactoring
|
2013-04-15 11:49:11 +02:00 |
|
stamparm
|
349f885f08
|
Minor patch
|
2013-04-15 11:41:53 +02:00 |
|
stamparm
|
8853e43616
|
Applying patch from Brandon Perry via ML
|
2013-04-15 11:01:07 +02:00 |
|
stamparm
|
3e65037a05
|
Introducing lib/utils/sqlalchemy.py (Issue #361)
|
2013-04-15 10:33:25 +02:00 |
|
Miroslav Stampar
|
b6fee638ef
|
Neutralizing time of cookie expiration (in case of --load-cookies)
|
2013-04-14 01:13:08 +02:00 |
|
Miroslav Stampar
|
ed5599f489
|
In case that cookie file is given and cookie header inside request file clashes with one of contained cookies, give cookie file greater priority
|
2013-04-12 19:20:33 +02:00 |
|
stamparm
|
7edd7ee2aa
|
Trivial code change
|
2013-04-12 16:25:24 +02:00 |
|
Miroslav Stampar
|
73917fc9c8
|
Minor update (same, but safer)
|
2013-04-11 21:25:44 +02:00 |
|
Miroslav Stampar
|
0b449bb1d9
|
Fix for an Issue #433
|
2013-04-10 19:33:31 +02:00 |
|
stamparm
|
f67148a9a4
|
Update for an Issue #431
|
2013-04-10 16:43:57 +02:00 |
|
stamparm
|
661b44135d
|
Minor bug fix
|
2013-04-10 11:59:07 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
stamparm
|
3948b527dd
|
Update for an Issue #429
|
2013-04-09 11:36:33 +02:00 |
|
stamparm
|
91054099aa
|
Minor style update
|
2013-04-09 10:42:58 +02:00 |
|
stamparm
|
cce541cc33
|
Patch for an Issue #429
|
2013-04-09 10:39:20 +02:00 |
|
stamparm
|
33e9b3c451
|
Minor style update
|
2013-04-09 10:39:20 +02:00 |
|
Miroslav Stampar
|
7614c815ed
|
Minor update/patch
|
2013-04-07 21:32:03 +02:00 |
|
Miroslav Stampar
|
240e9f3f7e
|
Minor patch
|
2013-04-07 11:02:43 +02:00 |
|
Miroslav Stampar
|
50ac3aab7a
|
Minor patch
|
2013-04-06 01:56:24 +02:00 |
|
stamparm
|
a75d3ed0b8
|
Minor style update
|
2013-04-06 01:56:23 +02:00 |
|
Miroslav Stampar
|
df4fd82515
|
Minor update
|
2013-04-03 23:27:27 +02:00 |
|
Miroslav Stampar
|
c75a2d0c40
|
Minor patch
|
2013-04-03 21:31:37 +02:00 |
|
Miroslav Stampar
|
153aa10b77
|
Minor cosmetic update
|
2013-04-03 19:00:54 +02:00 |
|
Miroslav Stampar
|
f387333415
|
Minor cosmetics
|
2013-04-02 17:34:56 +02:00 |
|
Miroslav Stampar
|
4b5335a323
|
Moving --force-ssl from [Request] to [General] options
|
2013-04-02 17:18:21 +02:00 |
|
Miroslav Stampar
|
76a0d20799
|
Minor patch
|
2013-04-01 22:18:41 +02:00 |
|
Miroslav Stampar
|
b67f342975
|
Minor patch
|
2013-04-01 17:32:16 +02:00 |
|
stamparm
|
a371f182ac
|
Minor patch (previous combination is not working well with oriental characters - 0 length normalized unicode string is being returned)
|
2013-03-28 15:37:14 +01:00 |
|
stamparm
|
e1ffdde532
|
Little cleaning a mess with url encoding and post hint types
|
2013-03-27 13:39:27 +01:00 |
|
Miroslav Stampar
|
c19a283434
|
Minor patch
|
2013-03-26 20:06:50 +01:00 |
|
stamparm
|
7accba4cf9
|
Minor update
|
2013-03-26 16:10:41 +01:00 |
|
stamparm
|
0882fe0ce3
|
Minor update related to the last two
|
2013-03-26 16:04:56 +01:00 |
|
stamparm
|
eb1bfc20cb
|
Update related to the last commit
|
2013-03-26 15:36:44 +01:00 |
|
stamparm
|
2fe6aea0eb
|
Minor fix
|
2013-03-26 15:07:14 +01:00 |
|
stamparm
|
825aa4b8dd
|
Minor language update
|
2013-03-26 14:27:51 +01:00 |
|
stamparm
|
5dd2529b02
|
Minor language update
|
2013-03-26 14:18:37 +01:00 |
|
stamparm
|
4d2b77dde3
|
Minor language update
|
2013-03-26 14:15:40 +01:00 |
|
stamparm
|
473a39b820
|
Minor language fix
|
2013-03-26 14:11:17 +01:00 |
|
stamparm
|
3f8dafedae
|
Minor text update
|
2013-03-26 14:08:35 +01:00 |
|
stamparm
|
ad039c335d
|
Implementation for an Issue #423
|
2013-03-21 11:28:44 +01:00 |
|
stamparm
|
3740a97cc9
|
Adding a --version switch like all command line programs have
|
2013-03-20 11:44:09 +01:00 |
|
stamparm
|
7447773237
|
Update for consistency (all other enums are using _ in between words)
|
2013-03-20 11:10:24 +01:00 |
|
stamparm
|
ae6ce7db30
|
Removal of unused imports
|
2013-03-20 10:44:15 +01:00 |
|
Miroslav Stampar
|
8acf033715
|
Code refactoring
|
2013-03-19 19:24:14 +01:00 |
|
Miroslav Stampar
|
a3d9a7b1ff
|
Minor fix
|
2013-03-19 19:06:51 +01:00 |
|
stamparm
|
d1ae62b22b
|
Patch for an Issue #422
|
2013-03-19 12:27:49 +01:00 |
|
stamparm
|
6969874c02
|
Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values)
|
2013-03-19 10:52:37 +01:00 |
|
stamparm
|
10e6c70c22
|
Trivial style update (undoing last dummy commit)
|
2013-03-19 10:43:29 +01:00 |
|
stamparm
|
70265fd3b5
|
Trivial style update
|
2013-03-19 10:43:03 +01:00 |
|
stamparm
|
5adac57ca9
|
Trivial style update
|
2013-03-19 10:42:50 +01:00 |
|
stamparm
|
558ef0aaff
|
Minor fix
|
2013-03-19 10:42:20 +01:00 |
|
stamparm
|
e226006766
|
Trivial fix
|
2013-03-18 13:29:55 +01:00 |
|
stamparm
|
5e02bcbd58
|
Minor adjustment
|
2013-03-18 12:16:16 +01:00 |
|
stamparm
|
7111cdabe3
|
Minor cosmetics
|
2013-03-18 11:41:15 +01:00 |
|
Miroslav Stampar
|
5df1f5528e
|
More general update for an Issue #421
|
2013-03-15 22:49:09 +01:00 |
|
Miroslav Stampar
|
f0a419bdec
|
Patch for an Issue #421
|
2013-03-15 22:08:15 +01:00 |
|
Miroslav Stampar
|
596cf95040
|
Minor fix
|
2013-03-15 17:22:33 +01:00 |
|
Miroslav Stampar
|
ff4e62ff90
|
Minor cosmetics
|
2013-03-15 17:00:01 +01:00 |
|
Miroslav Stampar
|
4010df307e
|
Trivial cosmetics
|
2013-03-15 16:37:52 +01:00 |
|
Miroslav Stampar
|
4cb378ce3e
|
Another update for an Issue #352 and couple of fixes
|
2013-03-13 21:57:09 +01:00 |
|
Miroslav Stampar
|
b35122a42c
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-03-13 19:52:17 +01:00 |
|
Miroslav Stampar
|
eb08c8d752
|
Another update for an Issue #352
|
2013-03-13 19:42:22 +01:00 |
|
Bernardo Damele
|
dea62189b2
|
fixes #420
|
2013-03-12 22:16:42 +00:00 |
|
Miroslav Stampar
|
2f43c3eb9b
|
Minor fix (digest live test case) and some refactoring
|
2013-03-12 21:16:44 +01:00 |
|
Miroslav Stampar
|
65306f1ac1
|
Update for an Issue #352
|
2013-03-12 20:10:32 +01:00 |
|
Miroslav Stampar
|
db0a1e58b9
|
Update for an Issue #352
|
2013-03-11 14:58:05 +01:00 |
|
Miroslav Stampar
|
d6fc10092f
|
Minor refactoring
|
2013-03-11 13:31:50 +01:00 |
|
Miroslav Stampar
|
84a5bdb9cf
|
Trivial cosmetics
|
2013-03-09 19:41:24 +01:00 |
|
Miroslav Stampar
|
79d6a0e9c9
|
Using binary data in dummy mode
|
2013-03-09 19:40:24 +01:00 |
|
Miroslav Stampar
|
1e731f87a4
|
Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request)
|
2013-03-09 19:33:04 +01:00 |
|
Miroslav Stampar
|
8e6692d793
|
Minor fix (for JSON values with :)
|
2013-03-05 20:12:24 +01:00 |
|
Miroslav Stampar
|
e9b86350f1
|
Patch for an Issue #403
|
2013-03-05 18:32:31 +01:00 |
|
Miroslav Stampar
|
62980d7d5a
|
Automatically decoding url encoded data in response
|
2013-03-05 17:32:10 +01:00 |
|
Miroslav Stampar
|
9e49d8c68f
|
Adding support for SHA2 hash functions
|
2013-03-05 11:04:46 +01:00 |
|
Miroslav Stampar
|
2ada9e9b84
|
Patch for an Issue Issue #416
|
2013-03-04 18:05:40 +01:00 |
|
Miroslav Stampar
|
084cfc797a
|
Fix for an Issue #415
|
2013-03-02 09:55:12 +01:00 |
|
Martin Bjerregaard Jepsen
|
d7a77c79ad
|
Fixed incorrect call to checkBooleanExpression when testing for false positives
|
2013-03-01 22:51:34 +01:00 |
|
stamparm
|
3a3f9c5ea1
|
Trivial commit related to the last one
|
2013-03-01 12:09:03 +01:00 |
|
stamparm
|
55f33da85a
|
Fix for invalid logical test cases
|
2013-03-01 12:04:49 +01:00 |
|
stamparm
|
440b484bf6
|
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
|
2013-03-01 10:59:04 +01:00 |
|
Miroslav Stampar
|
e42350ddce
|
Minor style update
|
2013-02-28 20:28:34 +01:00 |
|
Miroslav Stampar
|
0e89cc62a2
|
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
|
2013-02-28 20:20:08 +01:00 |
|
stamparm
|
9ef79df23d
|
Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched)
|
2013-02-28 13:51:08 +01:00 |
|
stamparm
|
be50192d8d
|
Refactoring WAF scripts
|
2013-02-26 15:54:50 +01:00 |
|
stamparm
|
e5835dc74f
|
Update for WAF scripts
|
2013-02-26 15:30:11 +01:00 |
|
stamparm
|
17fa0f568c
|
Minor patch for an Issue #404
|
2013-02-26 12:55:09 +01:00 |
|
stamparm
|
ecbcd4afe6
|
Minor update
|
2013-02-26 12:55:09 +01:00 |
|
stamparm
|
af4762ace2
|
Minor style update
|
2013-02-26 11:16:09 +01:00 |
|
stamparm
|
f6b43b4b13
|
Minor update for an Issue #290
|
2013-02-26 11:08:06 +01:00 |
|
stamparm
|
e5e39bc682
|
Fix for an Issue #410
|
2013-02-25 11:07:30 +01:00 |
|
stamparm
|
6fbd902265
|
Minor refactoring (Issue #411)
|
2013-02-25 10:44:04 +01:00 |
|
stamparm
|
7127869ede
|
Minor bug fix (live test specific verbosity should be valid only inside of it)
|
2013-02-22 17:26:48 +01:00 |
|
stamparm
|
68ce51bfd4
|
Changing from warn to info for no WAF found
|
2013-02-22 12:15:38 +01:00 |
|
stamparm
|
ad471368f5
|
Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a
|
2013-02-22 11:42:09 +01:00 |
|
stamparm
|
0bbbfc2eac
|
Adding a small warning message (related to the Issue #407)
|
2013-02-22 11:12:41 +01:00 |
|
stamparm
|
42cbd94fa4
|
Better update regarding 6acb2480b8
|
2013-02-22 10:49:45 +01:00 |
|
stamparm
|
44a46d2b10
|
Fix for an Issue #409
|
2013-02-22 10:18:22 +01:00 |
|
Miroslav Stampar
|
6acb2480b8
|
Adding WAF script for SecureIIS
|
2013-02-21 21:34:26 +01:00 |
|
Miroslav Stampar
|
229e4e167b
|
Minor cosmetics
|
2013-02-21 21:06:31 +01:00 |
|
stamparm
|
3a8c0cd3a2
|
Minor style update
|
2013-02-21 14:52:56 +01:00 |
|
stamparm
|
29ba43ee6c
|
Unhidding switch '--identify-waf' (Issue #290)
|
2013-02-21 14:48:19 +01:00 |
|
stamparm
|
08f0670aca
|
Minor refactoring for an Issue #290
|
2013-02-21 14:39:22 +01:00 |
|
stamparm
|
8e49872d7c
|
Finalizing implementation for an Issue #290
|
2013-02-21 14:33:12 +01:00 |
|
stamparm
|
6b2981ef4e
|
Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)
|
2013-02-21 11:14:57 +01:00 |
|
stamparm
|
69063947b6
|
Debug message should go with logging.DEBUG
|
2013-02-19 09:46:51 +01:00 |
|
Bernardo Damele
|
d7247a51ee
|
do not prompt constantly if the page is not found
|
2013-02-18 18:08:20 +00:00 |
|
Miroslav Stampar
|
7f293afe74
|
Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b )
|
2013-02-18 15:18:53 +01:00 |
|
Miroslav Stampar
|
5c099efccc
|
Fix for an Issue #401
|
2013-02-18 11:38:18 +01:00 |
|
Miroslav Stampar
|
9b5f33560b
|
Oracle is too specific (only column names can be enclosed) - removing it
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
bf82506c1b
|
Oracle can't enclose table names with double quotations
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
1b3d749488
|
Proper fix related to the last commit/revert
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
5a793cbc7c
|
Minor revert
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
799bd51c2e
|
Minor fix when two readInput/dataToStdout are called one at a time
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
97c06854a4
|
Minor fixes
|
2013-02-15 17:36:58 +01:00 |
|
Bernardo Damele
|
0e7f771be6
|
minor adjustment
|
2013-02-15 16:28:09 +00:00 |
|
Bernardo Damele
|
35aa785870
|
bug fix to make --predict-output work also with time-based technique
|
2013-02-15 16:25:33 +00:00 |
|
Miroslav Stampar
|
014e4e0055
|
Minor represenation fix
|
2013-02-15 14:48:24 +01:00 |
|
Bernardo Damele
|
63ddeb9008
|
unnecessary variable
|
2013-02-15 13:26:28 +00:00 |
|
Miroslav Stampar
|
345d10a9e0
|
Consistency fix (everywhere else we show unsafe format of identificator names)
|
2013-02-15 14:05:14 +01:00 |
|
Bernardo Damele
|
b472d9809a
|
another consistency fix to readInput()
|
2013-02-15 09:35:09 +00:00 |
|
Bernardo Damele
|
32c8c67888
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-02-15 09:29:41 +00:00 |
|
Bernardo Damele
|
20c5f9a030
|
consistency fix
|
2013-02-15 09:29:36 +00:00 |
|
Miroslav Stampar
|
11bcf28d86
|
Fix for an Issue #399
|
2013-02-15 10:04:13 +01:00 |
|
Bernardo Damele
|
87db5d0dab
|
minor bug fix to avoid duplicates - #297
|
2013-02-15 00:53:05 +00:00 |
|
Bernardo Damele
|
c3f1e196e1
|
added missing parameter
|
2013-02-15 00:43:46 +00:00 |
|
Bernardo Damele
|
4727589135
|
code consistency
|
2013-02-15 00:17:13 +00:00 |
|
Miroslav Stampar
|
515be4ee0b
|
Minor just in case commit related to the last one
|
2013-02-14 19:58:10 +01:00 |
|
Miroslav Stampar
|
fef60b73f4
|
Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases
|
2013-02-14 19:53:26 +01:00 |
|
Bernardo Damele
|
0c79d7b1e2
|
unnecessary import
|
2013-02-14 18:33:47 +00:00 |
|
Bernardo Damele
|
614ff6029d
|
working on #396 - handle the case when we dont have a web backdoor/file stager for the language API, added a few more log messages to give further information about what is going on, minor bug fix to docRoot
|
2013-02-14 18:31:14 +00:00 |
|
Bernardo Damele
|
3b38b20176
|
working on #396 - adaptation for the verification phase
|
2013-02-14 18:29:55 +00:00 |
|
Bernardo Damele
|
261db6ed4f
|
working on #396 - verify shellcodeexec executable has been properly uploaded
|
2013-02-14 18:29:35 +00:00 |
|
Bernardo Damele
|
4d5ecc3b03
|
working on #396 - verify icmpsh executable has been properly uploaded
|
2013-02-14 18:28:48 +00:00 |
|
Bernardo Damele
|
66cee83ca4
|
if needed, allow to reinitialize the environment for takeover - issue #396
|
2013-02-14 17:39:19 +00:00 |
|
Bernardo Damele
|
d91530f885
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-02-14 17:16:55 +00:00 |
|
Bernardo Damele
|
52264f544e
|
minor fix for Windows file paths, do not strip the windows drive letter
|
2013-02-14 17:16:49 +00:00 |
|
Miroslav Stampar
|
fdf00e4842
|
Fix for an Issue #397
|
2013-02-14 17:14:36 +01:00 |
|
Miroslav Stampar
|
368a2fd297
|
Fix for an Issue #393
|
2013-02-14 16:18:16 +01:00 |
|
Miroslav Stampar
|
f97f575018
|
Trivial restyling
|
2013-02-14 15:41:27 +01:00 |
|
Miroslav Stampar
|
605c5b089e
|
Minor style update
|
2013-02-14 15:38:44 +01:00 |
|
Miroslav Stampar
|
06d8547916
|
Implementation for an Issue #394
|
2013-02-14 15:38:44 +01:00 |
|
Miroslav Stampar
|
7944684ff2
|
This was supposed to be a separate commit (going to commit it in next one)
|
2013-02-14 15:38:44 +01:00 |
|
Miroslav Stampar
|
6c0054bc5f
|
Putting that ugly parameter xyz is not inside the Cookie into the debug messages
|
2013-02-14 15:38:44 +01:00 |
|
Bernardo Damele
|
d42d28392a
|
avoid tracebacks because the parameter does not exist
|
2013-02-14 13:18:33 +00:00 |
|
Bernardo Damele
|
646df37884
|
minor bug fix for --reg-read
|
2013-02-14 13:17:30 +00:00 |
|
Miroslav Stampar
|
c72353321d
|
Minor update for an Issue #392
|
2013-02-14 13:36:33 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
2267dd8f47
|
working on #392 to fix --os-cmd and --os-shell output parsing
|
2013-02-14 11:31:20 +00:00 |
|
Bernardo Damele
|
cb6d549e57
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-02-14 11:25:12 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
efe1bf0ded
|
Minor fix (for those multiline cases like in MsSQL)
|
2013-02-14 12:20:40 +01:00 |
|
Miroslav Stampar
|
6629233de5
|
Minor update
|
2013-02-14 10:18:40 +01:00 |
|
Miroslav Stampar
|
a0b44da5d8
|
Minor fix for --threads>1 --binary-fields
|
2013-02-13 20:47:27 +01:00 |
|
Miroslav Stampar
|
0a4605644e
|
Minor fix for previous commit
|
2013-02-13 16:31:03 +01:00 |
|
Miroslav Stampar
|
2b121c938b
|
Minor fix
|
2013-02-13 16:24:21 +01:00 |
|
Miroslav Stampar
|
9b231f87d6
|
Minor bug fix (regarding Issue #379) - in case that two processes enter the same proc_count decrementing line sqlmap would halt
|
2013-02-13 15:31:50 +01:00 |
|
Miroslav Stampar
|
8138d1318e
|
Minor fix
|
2013-02-13 15:10:49 +01:00 |
|
Miroslav Stampar
|
c6d29e093e
|
Fixing issue with newlines after the data in -r mode
|
2013-02-13 12:36:01 +01:00 |
|
Miroslav Stampar
|
965fa04a33
|
Trivial update
|
2013-02-13 12:28:51 +01:00 |
|
Miroslav Stampar
|
d78a3e977b
|
Update (allowing regular char * to be inside SOAP/JSON/XML)
|
2013-02-13 12:24:42 +01:00 |
|
Miroslav Stampar
|
6314d64a70
|
Renaming --binary to --binary-fields
|
2013-02-13 11:27:03 +01:00 |
|
Miroslav Stampar
|
dd6f50a00e
|
Removing unused imports
|
2013-02-13 11:15:24 +01:00 |
|
Miroslav Stampar
|
7c802ed8cc
|
Minor fix
|
2013-02-13 11:14:45 +01:00 |
|
Miroslav Stampar
|
dc41484b3f
|
Refactoring of funcionality for finding out if stacking is available
|
2013-02-13 09:57:16 +01:00 |
|
Miroslav Stampar
|
8b4f72322a
|
Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format)
|
2013-02-13 09:56:44 +01:00 |
|
Miroslav Stampar
|
1d42aba01e
|
Minor update regarding 093a93938c (for goStacked to work properly with stacked conditional payloads - e.g. proper suffix/prefix)
|
2013-02-12 17:35:14 +01:00 |
|
Miroslav Stampar
|
c34f6e25b2
|
Minor fix for --eval (urldecoded values should be used inside evaluation)
|
2013-02-12 17:01:47 +01:00 |
|
Miroslav Stampar
|
6a98d375b1
|
More general except
|
2013-02-12 14:39:21 +01:00 |
|
Miroslav Stampar
|
212e92ea01
|
Minor update regarding --load-cookies (warning about expired ones)
|
2013-02-12 14:29:56 +01:00 |
|
Miroslav Stampar
|
c67b39d14d
|
Update for a last update
|
2013-02-12 12:58:15 +01:00 |
|
Miroslav Stampar
|
72984a578d
|
Update for --load-cookies
|
2013-02-12 12:42:12 +01:00 |
|
Miroslav Stampar
|
c2672e78fc
|
Support for multiple injection marks inside the same header value (Issue #48)
|
2013-02-12 12:06:13 +01:00 |
|
Miroslav Stampar
|
c75560ba69
|
Minor bug fix (getting ? in < 0xf char cases)
|
2013-02-11 21:16:35 +01:00 |
|
Miroslav Stampar
|
7c06a937e5
|
Minor refactoring
|
2013-02-09 20:21:17 +01:00 |
|
Bernardo Damele
|
f970b4f240
|
minor adjustment fixing the regression test stall
|
2013-02-09 12:19:21 +00:00 |
|
Bernardo Damele
|
e48181e28d
|
another attempt to fix the stall during regression test
|
2013-02-09 12:16:56 +00:00 |
|
Bernardo Damele
|
138a846cf1
|
possible fix for regression test stall
|
2013-02-09 10:50:06 +00:00 |
|
Bernardo Damele
|
1596b9ed59
|
revert
|
2013-02-08 16:43:49 +00:00 |
|
Bernardo Damele
|
98864e425f
|
minor "fix"
|
2013-02-08 16:30:34 +00:00 |
|
Bernardo Damele
|
8b510c55fb
|
minor code cleanup
|
2013-02-08 16:29:16 +00:00 |
|
Miroslav Stampar
|
5aaf7f1aa6
|
BUG fix
|
2013-02-08 16:44:30 +01:00 |
|
Miroslav Stampar
|
c0e59d94a9
|
Better naming
|
2013-02-08 16:28:58 +01:00 |
|
Miroslav Stampar
|
cdfe43560b
|
Update for an Issue #207 (and a potential patch for regression tests)
|
2013-02-08 16:20:48 +01:00 |
|
Miroslav Stampar
|
ee1017a5a7
|
Minor fix
|
2013-02-08 13:46:39 +01:00 |
|
Bernardo Damele
|
d015bf98fc
|
renamed variable to avoid confusion
|
2013-02-07 14:19:07 +00:00 |
|
Bernardo Damele
|
07fe6d44fb
|
unnecessary condition here
|
2013-02-07 14:18:52 +00:00 |
|
Bernardo Damele
|
b477c56b52
|
first steps to allow multiple scans on the same taskid - issue #297
|
2013-02-07 00:05:26 +00:00 |
|
Bernardo Damele
|
dd6c73ea24
|
fixed --passwords output for API - #297
|
2013-02-06 21:45:51 +00:00 |
|
Bernardo Damele
|
21afba9571
|
got the partial output finally properly replaced by complete output in IPC database - #297
|
2013-02-06 21:32:26 +00:00 |
|
Bernardo Damele
|
5c8335876f
|
minor bug fix to make --disable-coloring work on log messages too
|
2013-02-06 21:04:54 +00:00 |
|
Bernardo Damele
|
2fa2f30d21
|
slighlty better, still not optimal
|
2013-02-06 17:45:52 +00:00 |
|
Bernardo Damele
|
477c66ac4b
|
minor refactoring and trivial bug fix
|
2013-02-06 17:45:25 +00:00 |
|
Bernardo Damele
|
e439c3d3f5
|
minor refactoring - #297
|
2013-02-06 17:09:43 +00:00 |
|
Bernardo Damele
|
b272b0574d
|
minor fix to reset partRun value - #297
|
2013-02-06 17:09:28 +00:00 |
|
Miroslav Stampar
|
060eac110a
|
Cleaner version checking
|
2013-02-06 10:28:17 +01:00 |
|
Miroslav Stampar
|
b1f31103f9
|
Removing that ugly disk I/O error in live testing mode
|
2013-02-05 17:04:42 +01:00 |
|
Miroslav Stampar
|
934808f53b
|
Fix for an Issue #379
|
2013-02-05 16:13:45 +01:00 |
|
Bernardo Damele
|
e03010f48b
|
got rid of unnecessary output for API - #297
|
2013-02-05 15:00:06 +00:00 |
|
Bernardo Damele
|
4428ad5345
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-02-05 14:43:14 +00:00 |
|
Bernardo Damele
|
f7d826fee1
|
first case where partial output is retrievable via RESTful API - issue #297
|
2013-02-05 14:43:03 +00:00 |
|
Miroslav Stampar
|
01219219fc
|
Minor bug fix (for --first/--last through problematic DBMSes)
|
2013-02-05 15:03:55 +01:00 |
|
Miroslav Stampar
|
31daefc7c9
|
Minor fix (skipping one uneccesary request in single-threaded --first/--last mode)
|
2013-02-05 13:51:35 +01:00 |
|
Miroslav Stampar
|
62772125e3
|
Bug fix for HTTPSCertAuthHandler
|
2013-02-05 12:16:06 +01:00 |
|
Miroslav Stampar
|
e836629215
|
Bug fixes for search (safeStringFormat should not replace all if given scalar values)
|
2013-02-05 11:37:49 +01:00 |
|
Miroslav Stampar
|
1618086027
|
Minor fix
|
2013-02-05 10:58:02 +01:00 |
|
Miroslav Stampar
|
9296bdd959
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-02-05 10:27:43 +01:00 |
|
Miroslav Stampar
|
4faa5f0f49
|
Fix for stalling in retrieving international letters (--technique=B)
|
2013-02-05 10:27:31 +01:00 |
|
Bernardo Damele
|
9d04ae5db5
|
minor improvement to temporary folder name
|
2013-02-05 09:11:38 +00:00 |
|
Miroslav Stampar
|
44579120b5
|
Cosmetics
|
2013-02-05 10:02:11 +01:00 |
|
Miroslav Stampar
|
74e82b2b53
|
Removing redundant check
|
2013-02-04 20:42:28 +01:00 |
|
Miroslav Stampar
|
cf8e5d535d
|
Minor cleanup
|
2013-02-04 20:15:44 +01:00 |
|
Miroslav Stampar
|
c5ae967fe0
|
Potential fix for an Issue #379
|
2013-02-04 17:43:58 +01:00 |
|
Miroslav Stampar
|
6cab3d4759
|
Minor update
|
2013-02-04 16:46:08 +01:00 |
|
Miroslav Stampar
|
4f2981f163
|
Minor fix
|
2013-02-04 16:37:54 +01:00 |
|
Miroslav Stampar
|
f4b8a3c1d8
|
Bug fix for boolean (multithreaded Ctrl+C) resumed values
|
2013-02-04 15:49:29 +01:00 |
|
Miroslav Stampar
|
5e4e863986
|
Bug fix (introduced with f1ab887c55 )
|
2013-02-04 15:31:28 +01:00 |
|
Miroslav Stampar
|
235153ab39
|
Removal of unused imports
|
2013-02-04 15:29:13 +01:00 |
|
Miroslav Stampar
|
7e1ff1bb8e
|
Same refactoring as the last commit
|
2013-02-04 15:26:44 +01:00 |
|
Bernardo Damele
|
9370f96a67
|
step by step getting there to partial output presentation to restful API (issue #297), not quite yet though..
|
2013-02-03 22:09:33 +00:00 |
|
Bernardo Damele
|
b55555e4e5
|
minor bug fix
|
2013-02-03 21:39:26 +00:00 |
|
Bernardo Damele
|
dc2bbbeaa7
|
minor revert
|
2013-02-03 20:55:58 +00:00 |
|
Bernardo Damele
|
df3cc38cd9
|
minor improvements
|
2013-02-03 15:39:07 +00:00 |
|
Bernardo Damele
|
bd1ea13b8d
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-02-03 11:31:12 +00:00 |
|
Bernardo Damele
|
f8bc74758c
|
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297)
|
2013-02-03 11:31:05 +00:00 |
|
Miroslav Stampar
|
e7b93b5b66
|
Implementation for an Issue #363
|
2013-02-01 17:24:04 +01:00 |
|
Miroslav Stampar
|
993372aae4
|
Bug fix (causing search problems)
|
2013-02-01 11:24:17 +01:00 |
|
Miroslav Stampar
|
6d942f92b5
|
Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.))
|
2013-02-01 10:03:06 +01:00 |
|
Miroslav Stampar
|
8d51b4b63a
|
Minor bug fix
|
2013-01-31 16:24:44 +01:00 |
|
Miroslav Stampar
|
d6606a8f31
|
Patch to prevent problems like Issue #381
|
2013-01-31 13:58:39 +01:00 |
|
Miroslav Stampar
|
cfcf8a3abb
|
Another update for an Issue #380 (--common-... switches)
|
2013-01-31 13:49:19 +01:00 |
|
Miroslav Stampar
|
f5844eabae
|
Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60
|
2013-01-31 13:32:14 +01:00 |
|
Miroslav Stampar
|
2420a4b626
|
Update for an Issue #342 and #372
|
2013-01-31 10:01:52 +01:00 |
|
Miroslav Stampar
|
9b4eaa9272
|
Minor fix
|
2013-01-30 18:21:15 +01:00 |
|
Miroslav Stampar
|
fdea8ddea6
|
Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372)
|
2013-01-30 16:55:09 +01:00 |
|
Bernardo Damele
|
103045d284
|
variable renamed
|
2013-01-30 15:30:34 +00:00 |
|
Miroslav Stampar
|
f33bf06c88
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-30 11:38:20 +01:00 |
|
Bernardo Damele
|
6dfe91165d
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-30 10:34:51 +00:00 |
|
Bernardo Damele
|
8519717f25
|
minor fixes to --live-test
|
2013-01-30 10:32:56 +00:00 |
|
Miroslav Stampar
|
f391937083
|
Minor refactoring
|
2013-01-30 10:43:46 +01:00 |
|
Miroslav Stampar
|
d6fb0e8545
|
Update for an Issue #352
|
2013-01-30 10:38:11 +01:00 |
|
Miroslav Stampar
|
bd08ede117
|
Minor fine tuning
|
2013-01-29 21:06:02 +01:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Miroslav Stampar
|
95b922309c
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-29 20:50:40 +01:00 |
|
Bernardo Damele
|
e8bd3c9c9f
|
cosmetics
|
2013-01-29 17:00:28 +00:00 |
|
Bernardo Damele
|
8f36f92dd3
|
minor fix
|
2013-01-29 16:23:30 +00:00 |
|
Bernardo Damele
|
edd6699ed1
|
code refactoring and added /status method for scan (issue #297)
|
2013-01-29 16:11:25 +00:00 |
|
Bernardo Damele
|
c47b44e93f
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-29 15:38:16 +00:00 |
|
Bernardo Damele
|
1152cf8958
|
increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297)
|
2013-01-29 15:38:09 +00:00 |
|
Bernardo Damele
|
9677e0f910
|
more data content types for API (issue #297)
|
2013-01-29 15:36:19 +00:00 |
|
Bernardo Damele
|
92ae8145df
|
ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297)
|
2013-01-29 15:35:51 +00:00 |
|
Bernardo Damele
|
a56f4ec15c
|
techniques has to go too to the API (issue #297)
|
2013-01-29 15:34:53 +00:00 |
|
Bernardo Damele
|
bfce7210e6
|
improvements to the dump library to output to the API data fetched properly formatted (issue #297)
|
2013-01-29 15:34:20 +00:00 |
|
Bernardo Damele
|
eeecb3fe2c
|
split init() into two separate functions for API purposes (issue #297)
|
2013-01-29 15:33:16 +00:00 |
|
Miroslav Stampar
|
a59ac8e27f
|
Trivial cosmetics
|
2013-01-29 16:30:38 +01:00 |
|
Miroslav Stampar
|
f4b7b3fd35
|
Minor cosmetics
|
2013-01-29 16:04:20 +01:00 |
|
Miroslav Stampar
|
9eca41bae2
|
Minor fix
|
2013-01-29 15:55:50 +01:00 |
|
Miroslav Stampar
|
a104de01d7
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-29 15:35:01 +01:00 |
|
Miroslav Stampar
|
7e73825ece
|
Minor cosmetics
|
2013-01-29 15:34:41 +01:00 |
|
Bernardo Damele
|
085495024f
|
minor adjustment
|
2013-01-29 01:44:57 +00:00 |
|
Bernardo Damele
|
f1ab887c55
|
major enhancement, code refactoring for issue #297
|
2013-01-29 01:39:27 +00:00 |
|
Bernardo Damele
|
d07881b6c3
|
apply a little bit of secure coding practices to the API
|
2013-01-27 12:26:40 +00:00 |
|
Bernardo Damele
|
cd4075f6a3
|
no raise, just pass at ctrl-c
|
2013-01-26 15:33:09 +00:00 |
|
Bernardo Damele
|
a0b9e0f1c5
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-25 17:11:38 +00:00 |
|
Bernardo Damele
|
195d17449e
|
first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297)
|
2013-01-25 17:11:31 +00:00 |
|
Miroslav Stampar
|
c06f94e2c8
|
Fix for an Issue #378
|
2013-01-25 16:38:41 +01:00 |
|
Miroslav Stampar
|
8c84a16cb7
|
Minor style update for an Issue #377
|
2013-01-25 12:52:31 +01:00 |
|
Miroslav Stampar
|
479f791112
|
Minor fix
|
2013-01-25 12:41:51 +01:00 |
|
Miroslav Stampar
|
194a9e7b88
|
Implementation for an Issue #377
|
2013-01-25 12:34:57 +01:00 |
|
Bernardo Damele
|
5b3c8d8991
|
first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite
|
2013-01-24 12:57:24 +00:00 |
|
Chris Frohoff
|
218a6a9695
|
fixed response header logging for header names with special chars
|
2013-01-23 11:10:25 -08:00 |
|
Bernardo Damele
|
f848f259a6
|
upper() -D value for certain DBMSes
|
2013-01-23 16:22:28 +00:00 |
|
Bernardo Damele
|
012815333c
|
minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite
|
2013-01-23 15:52:03 +00:00 |
|
Miroslav Stampar
|
232f8d3585
|
Fix for an Issue #368
|
2013-01-23 13:36:17 +01:00 |
|
Bernardo Damele
|
f4028bd7d2
|
minor adjustment
|
2013-01-23 02:10:38 +00:00 |
|
Bernardo Damele
|
d8a0e7eacb
|
fixes #187
|
2013-01-23 01:27:01 +00:00 |
|
Bernardo Damele
|
5635776173
|
proper SQLite 2 library
|
2013-01-22 18:56:25 +00:00 |
|
Bernardo Damele
|
dea15b5892
|
notify user if --udf-inject is provided but no stacked queries SQLi is detected
|
2013-01-22 18:28:48 +00:00 |
|
Miroslav Stampar
|
d6a361f859
|
Proper implementation for --technique=Q --dbms=Firebird
|
2013-01-22 16:31:26 +01:00 |
|
Miroslav Stampar
|
719c7f622b
|
Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)
|
2013-01-22 15:51:06 +01:00 |
|
Miroslav Stampar
|
2ec828f1cb
|
Fix for an Issue #367
|
2013-01-22 14:27:17 +01:00 |
|
Miroslav Stampar
|
09c02c6c72
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-22 14:08:31 +01:00 |
|
Miroslav Stampar
|
15b0ab1b44
|
Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...'
|
2013-01-22 14:08:19 +01:00 |
|
Bernardo Damele
|
061aef57ba
|
missing import
|
2013-01-22 11:25:01 +00:00 |
|
Miroslav Stampar
|
59b02539ca
|
More general approach regarding that last commit
|
2013-01-22 11:34:34 +01:00 |
|
Miroslav Stampar
|
01f1488f07
|
Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query)
|
2013-01-22 11:29:51 +01:00 |
|
Bernardo Damele
|
e558040810
|
minor fix to previous commit
|
2013-01-21 17:10:56 +00:00 |
|
Bernardo Damele
|
d43b04c582
|
better detection if vulnerable of not for regression test
|
2013-01-21 17:09:35 +00:00 |
|
Miroslav Stampar
|
b35a0810ef
|
Fix for an Issue #364
|
2013-01-21 17:01:52 +01:00 |
|
Miroslav Stampar
|
1e3f68c7ff
|
Rewriting some query crafting parts (especially those .find(' FROM '))
|
2013-01-21 16:15:38 +01:00 |
|
Miroslav Stampar
|
832d95984c
|
IFNULL-like mechanism now works on SQLite 2 too
|
2013-01-21 15:04:27 +01:00 |
|
Miroslav Stampar
|
75bf8528d1
|
Minor just in case update
|
2013-01-21 14:50:43 +01:00 |
|
Miroslav Stampar
|
c55a002f95
|
Language fix
|
2013-01-21 13:19:08 +01:00 |
|
Miroslav Stampar
|
80255433b0
|
Trivial style update
|
2013-01-21 13:18:34 +01:00 |
|
Miroslav Stampar
|
0e86175342
|
Adding new common function for further refactoring
|
2013-01-21 11:50:47 +01:00 |
|
Miroslav Stampar
|
3200134b3b
|
Fix for a regression test #30 test case fail (Firebird inline)
|
2013-01-21 10:12:54 +01:00 |
|
Miroslav Stampar
|
069c6acabd
|
Another update for an Issue #362
|
2013-01-20 22:47:26 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Bernardo Damele
|
3373e30808
|
minor fix for a bug introduced with commit 1ad9e26a21
|
2013-01-20 02:40:40 +00:00 |
|
Bernardo Damele
|
115be9d7b5
|
minor fixes
|
2013-01-20 01:26:46 +00:00 |
|
Miroslav Stampar
|
0a4f5d2e51
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-19 19:08:18 +01:00 |
|
Miroslav Stampar
|
e9641e30db
|
This last commit was in haste :)
|
2013-01-19 19:07:38 +01:00 |
|
Miroslav Stampar
|
6a87dd9225
|
Minor update (just for consistency with the rest of code)
|
2013-01-19 19:07:06 +01:00 |
|
Miroslav Stampar
|
979e108c87
|
Minor update (just for consistency with the rest of code)
|
2013-01-19 19:06:51 +01:00 |
|
Bernardo Damele
|
f89b25fdb6
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-19 18:04:38 +00:00 |
|
Bernardo Damele
|
adf97e630f
|
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
|
2013-01-19 18:04:33 +00:00 |
|
Miroslav Stampar
|
9ce2395405
|
Minor refactoring
|
2013-01-19 18:40:44 +01:00 |
|
Miroslav Stampar
|
3f4c010370
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-19 18:28:52 +01:00 |
|
Miroslav Stampar
|
efe26ac3f8
|
In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value)
|
2013-01-19 18:28:37 +01:00 |
|
Bernardo Damele
|
6a62292a3f
|
layout adjustment
|
2013-01-19 17:11:16 +00:00 |
|
Miroslav Stampar
|
bb6b89fe93
|
Patch for an Issue #360
|
2013-01-19 18:06:36 +01:00 |
|
Bernardo Damele
|
dcf2dcd03d
|
all we need to debug failed test cases while regression test run..
|
2013-01-19 17:04:57 +00:00 |
|
Bernardo Damele
|
f22fd396ef
|
write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage
|
2013-01-19 16:41:19 +00:00 |
|
Bernardo Damele
|
1923ef691e
|
just in case, add also the test case name inside the temp folder for debug purposes
|
2013-01-19 16:06:46 +00:00 |
|
Bernardo Damele
|
c95119559e
|
minor bug fix
|
2013-01-19 00:41:51 +00:00 |
|
Bernardo Damele
|
0e78fbef56
|
correctly format SQLi payload for inline query technique
|
2013-01-19 00:28:03 +00:00 |
|
Bernardo Damele
|
6be7eee8d6
|
more fixes
|
2013-01-18 23:35:16 +00:00 |
|
Bernardo Damele
|
56eaa073ce
|
fixed test cases for Firebird - #312
|
2013-01-18 23:32:39 +00:00 |
|
Bernardo Damele
|
1f4c6a8371
|
avoid blank line if password hashes have not been fetched
|
2013-01-18 22:10:36 +00:00 |
|
Bernardo Damele
|
1ad9e26a21
|
bug fix for ORDER BY users provided statements (issue #354)
|
2013-01-18 21:40:50 +00:00 |
|
Miroslav Stampar
|
ac7709204a
|
Better fix for that page/headers/comparison --string candidate problem
|
2013-01-18 17:00:11 +01:00 |
|
Miroslav Stampar
|
8141d17985
|
Revert of previous commit (more care has to be done regarding headers dynamicity)
|
2013-01-18 16:49:35 +01:00 |
|
Miroslav Stampar
|
33094a118c
|
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
|
2013-01-18 16:35:09 +01:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Bernardo Damele
|
1bb061f68c
|
improvements to --live-test
|
2013-01-18 13:02:35 +00:00 |
|
Bernardo Damele
|
738ccb643d
|
minor output adjustment
|
2013-01-18 11:41:09 +00:00 |
|
Miroslav Stampar
|
33ea811c6c
|
Removing some unused stuff (mainly imports)
|
2013-01-18 11:50:02 +01:00 |
|
Miroslav Stampar
|
aa467cb54c
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-18 11:31:25 +01:00 |
|
Miroslav Stampar
|
17d36684b5
|
Removing obsolete proxy handling code (Python < 2.6)
|
2013-01-18 11:30:52 +01:00 |
|
Miroslav Stampar
|
4d5bae7131
|
Removing some obsolete functions
|
2013-01-18 11:18:56 +01:00 |
|
Miroslav Stampar
|
bcc907ce09
|
Minor update
|
2013-01-18 11:00:21 +01:00 |
|
Miroslav Stampar
|
d1008b45b5
|
Minor removal of unused function
|
2013-01-18 10:46:06 +01:00 |
|
Miroslav Stampar
|
caae773b2d
|
Minor removal of redundant code
|
2013-01-18 10:44:57 +01:00 |
|
Bernardo Damele
|
d66f7e22b1
|
more fixes to test cases
|
2013-01-18 09:32:05 +00:00 |
|
Miroslav Stampar
|
e941e60b20
|
Minor just in place update for an Issue #348
|
2013-01-17 22:44:55 +01:00 |
|
Bernardo Damele
|
1d6e642d41
|
fixed url
|
2013-01-17 21:29:00 +00:00 |
|
Bernardo Damele
|
38eb4eb33e
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-17 21:03:11 +00:00 |
|
Bernardo Damele
|
b6e44ae64e
|
fix for #349 (compatible with all others DBMSes too)
|
2013-01-17 21:03:03 +00:00 |
|
Miroslav Stampar
|
a8e3fd58c5
|
Implementation for an Issue #348
|
2013-01-17 21:49:58 +01:00 |
|
Miroslav Stampar
|
8480ceddcb
|
Minor style update
|
2013-01-17 19:55:56 +01:00 |
|
Miroslav Stampar
|
507f185b69
|
Revert of patch for an Issue #347
|
2013-01-17 18:38:37 +01:00 |
|
Miroslav Stampar
|
9dd69042de
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-17 15:31:55 +01:00 |
|
Miroslav Stampar
|
f7eda07d92
|
Patch for an Issue #347
|
2013-01-17 15:30:14 +01:00 |
|
Bernardo Damele
|
5e059ab6db
|
added check for DB2 lib
|
2013-01-17 14:20:34 +00:00 |
|
Miroslav Stampar
|
a38b3e397c
|
Patch for an Issue #286
|
2013-01-17 14:17:39 +01:00 |
|
Miroslav Stampar
|
65273295e3
|
Implementing a check for an Issue #25
|
2013-01-17 13:56:04 +01:00 |
|
Miroslav Stampar
|
9428d1819e
|
Fix for an Issue #346
|
2013-01-17 12:03:02 +01:00 |
|
Miroslav Stampar
|
3ab4a5e36d
|
Fix for an Issue #345
|
2013-01-17 11:50:12 +01:00 |
|
Miroslav Stampar
|
51a77d1fe2
|
Minor update for an Issue #8
|
2013-01-17 11:37:45 +01:00 |
|
Miroslav Stampar
|
14b7e655a9
|
Minor refactoring
|
2013-01-16 16:33:04 +01:00 |
|
Miroslav Stampar
|
053b7d12b4
|
Minor language update
|
2013-01-16 16:07:12 +01:00 |
|
Miroslav Stampar
|
fb7243c237
|
Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs
|
2013-01-16 16:04:00 +01:00 |
|
Miroslav Stampar
|
c0a6e1c3a7
|
Finishing first usable prototype for an Issue #8
|
2013-01-16 14:54:37 +01:00 |
|
Miroslav Stampar
|
ff5ec48abd
|
Minor update for an Issue #8
|
2013-01-16 14:16:22 +01:00 |
|
Bernardo Damele
|
3464a70ac2
|
bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected
|
2013-01-16 01:53:33 +00:00 |
|
Bernardo Damele
|
542f6de72e
|
typo fix
|
2013-01-16 01:31:03 +00:00 |
|
Bernardo Damele
|
e16ad38d3e
|
more work on #342
|
2013-01-15 18:15:07 +00:00 |
|
Bernardo Damele
|
329047fc12
|
restored fix for #210 to keep --hex work with --technique B
|
2013-01-15 17:51:40 +00:00 |
|
Bernardo Damele
|
2a751e075d
|
more work on #342
|
2013-01-15 17:14:44 +00:00 |
|
Bernardo Damele
|
ec076f5f8a
|
write console output to temporary folder in any case the test case fails, even if no traceback is raised
|
2013-01-15 15:51:03 +00:00 |
|
Bernardo Damele
|
4eaa0d17aa
|
Fix in forging query to calculate query output length - closes issue #342
|
2013-01-15 15:50:20 +00:00 |
|
Miroslav Stampar
|
7a1d484115
|
Implementation for an Issue #340
|
2013-01-15 16:05:33 +01:00 |
|
Bernardo Damele
|
3f84cefc77
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2013-01-15 14:59:22 +00:00 |
|
Bernardo Damele
|
c51358953a
|
add more Oracle system dbs
|
2013-01-15 14:51:29 +00:00 |
|
Miroslav Stampar
|
04aa39f0c6
|
Minor update
|
2013-01-15 13:51:19 +01:00 |
|