Miroslav Stampar
2001bad7e1
automatic adjustment of timeSec for delayed queries
2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb
slightly faster and thread safer inference
2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b
Major bug fix.
...
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99
More refactoring and cleanup
2011-01-16 00:15:30 +00:00
Miroslav Stampar
29ea0950b6
now False is also affected (along with None and "")
2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822
Minor refactoring
2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4
Minor improvement
2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1
More code cleanup
2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8
Minor refactoring
2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e
bug fix and proper warning message
2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32
bug fix (some sites raise 404 during union tests)
2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca
update
2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c
code review of modules in lib/core directory
2011-01-15 12:13:45 +00:00
Miroslav Stampar
05b2a338fe
cosmetics
2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348
minor update
2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab
update
2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d
Code cleanup
2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51
minor code refactoring
2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc
Minor bug fix
2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7
Minor bug fix
2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4
minor update
2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a
minor code refactoring
2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020
Minor bug fix
2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f
revert
2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19
minor fix
2011-01-13 15:19:37 +00:00
Miroslav Stampar
b0fdbdb13b
minor update
2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521
Verbose docstring
2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555
update
2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62
Cosmetics
2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca
minor update
2011-01-13 11:08:29 +00:00
Bernardo Damele
ee4727850c
Minor bug fix
2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc
Minor fix to avoid query splitting/unpacking when the statement is EXISTS()
2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31
Important bug fix.
...
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f
Minor code refactoring and added internal debug prints
2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f
Code cleanup
2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f
Minor update
2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92
Proper fix to avoid UNION test false positives
2011-01-11 23:59:02 +00:00
Bernardo Damele
c2e994e806
Minor adjustment
2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
...
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f
Major bug fix
2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
e3146464da
minor fix for a bug reported by nightman
2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268
minor fix
2011-01-11 12:16:20 +00:00
Miroslav Stampar
394b6bc029
reverting some changes
2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a
minor update
2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1
didn't know this to be honest
2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57
adding openFile method with an exception block around file opening part
2011-01-08 09:30:10 +00:00
Miroslav Stampar
e3899f7467
fix of a fix
2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf
minor fix
2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f
minor fix
2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42
cosmetics
2011-01-07 17:25:22 +00:00
Bernardo Damele
97ae7e330f
cosmetics
2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2
Cosmetics
2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423
suppress session in case of brute methods
2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7
Mere cosmetics
2011-01-07 16:36:32 +00:00
Miroslav Stampar
1a079c62cb
minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)
2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54
fixes for bugs reported by pragmatk@gmail.com
2011-01-06 16:59:58 +00:00
Miroslav Stampar
c968b438f2
Ctrl+C added to union dump
2011-01-06 09:48:04 +00:00
Miroslav Stampar
0616edcc44
adding progress to --union-test
2011-01-06 09:26:01 +00:00
Miroslav Stampar
8b9a624546
added progress into union based entry retrieval
2011-01-06 09:10:20 +00:00
Miroslav Stampar
cc9ca802bf
minor update
2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da
fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)
2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1
minor fix/update
2011-01-05 13:32:40 +00:00
Miroslav Stampar
7411052456
minor update regarding last commit
2011-01-05 12:09:57 +00:00
Miroslav Stampar
042e3f76ba
bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)
2011-01-05 11:36:40 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
eb11f5b2e0
minor update
2011-01-04 13:07:12 +00:00
Miroslav Stampar
c1dc73d0a1
minor, just in case update related to the previous commit
2011-01-04 12:56:55 +00:00
Miroslav Stampar
709a7d156b
fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)
2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3
minor update
2011-01-04 08:40:41 +00:00
Miroslav Stampar
fdc463d08b
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
2011-01-03 22:02:58 +00:00
Miroslav Stampar
572f403069
update of one thing that was missing
2011-01-03 21:28:22 +00:00
Miroslav Stampar
ce48ea75d0
noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links
2011-01-03 14:39:23 +00:00
Miroslav Stampar
6aa616bd0d
minor minor fix
2011-01-03 14:28:20 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
07129371bf
bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)
2011-01-03 13:04:20 +00:00
Miroslav Stampar
3629c2737b
automatically turn on --text-only in case of heavily-dynamicity instead of critical exit
2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6
some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one
2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f
minor update
2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4
minor update
2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00