Miroslav Stampar
|
052d9455fe
|
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
|
2012-04-12 09:44:54 +00:00 |
|
Miroslav Stampar
|
b45ae10da4
|
minor fixes
|
2012-04-11 21:36:37 +00:00 |
|
Miroslav Stampar
|
e33ea7c33a
|
minor fix
|
2012-04-10 22:29:39 +00:00 |
|
Miroslav Stampar
|
a82206cec4
|
minor cosmetics
|
2012-04-10 21:57:00 +00:00 |
|
Miroslav Stampar
|
119eec3598
|
improving "boolean detection" by automatic recognition of convenient --string candidate
|
2012-04-10 21:48:34 +00:00 |
|
Miroslav Stampar
|
56638f9e95
|
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
|
2012-03-30 10:50:01 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
ce4c697bbd
|
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
|
2012-03-29 13:39:12 +00:00 |
|
Miroslav Stampar
|
c9cac957bb
|
adding one more case for false positive check (Generic tests without any DBMS knowledge)
|
2012-03-29 09:56:09 +00:00 |
|
Miroslav Stampar
|
3abcd6910a
|
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
|
2012-03-22 00:06:50 +00:00 |
|
Miroslav Stampar
|
0fc4288a7c
|
modifying redirection code for only two choices
|
2012-03-18 17:27:08 +00:00 |
|
Miroslav Stampar
|
577caac4de
|
putting kb.negativeLogic setting to the safe place
|
2012-03-16 09:17:11 +00:00 |
|
Miroslav Stampar
|
7d313ac911
|
few more fixes for proper redirecting mechanism
|
2012-03-15 19:47:59 +00:00 |
|
Bernardo Damele
|
4520744b4d
|
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
|
2012-03-15 16:25:26 +00:00 |
|
Miroslav Stampar
|
a7fbc55748
|
grammar fix
|
2012-03-13 22:03:23 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Miroslav Stampar
|
a0b46963cb
|
minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)
|
2012-03-09 10:28:19 +00:00 |
|
Miroslav Stampar
|
0ead1fd87e
|
minor update
|
2012-03-05 09:42:52 +00:00 |
|
Miroslav Stampar
|
1ec56f93ec
|
minor update
|
2012-03-01 10:10:19 +00:00 |
|
Miroslav Stampar
|
f142c0f782
|
minor update
|
2012-02-28 14:04:13 +00:00 |
|
Miroslav Stampar
|
22b3fa0749
|
minor update
|
2012-02-27 15:28:36 +00:00 |
|
Miroslav Stampar
|
a9bf0297f6
|
moving injection data to HashDB
|
2012-02-27 13:44:07 +00:00 |
|
Miroslav Stampar
|
f94b91ad87
|
added helper function for HashDB data storing/retrieval
|
2012-02-24 13:07:20 +00:00 |
|
Miroslav Stampar
|
6e54cb171f
|
minor code restyling
|
2012-02-22 15:53:36 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
386e98a0e3
|
using UNION SELECT for where=..NEGATIVE
|
2012-02-22 09:41:58 +00:00 |
|
Miroslav Stampar
|
844fc8addb
|
minor cleanup
|
2012-02-16 10:19:36 +00:00 |
|
Miroslav Stampar
|
23cc8b6974
|
minor fix for special cases when parameter value contains html encoded characters
|
2012-02-14 14:08:10 +00:00 |
|
Miroslav Stampar
|
2604e73d88
|
minor change in workflow
|
2012-02-13 11:18:47 +00:00 |
|
Miroslav Stampar
|
96f589fc89
|
minor fix
|
2012-02-12 19:22:33 +00:00 |
|
Miroslav Stampar
|
249cb48b0b
|
minor fix
|
2012-02-10 15:59:11 +00:00 |
|
Miroslav Stampar
|
6be95194a7
|
matter of concision
|
2012-02-10 15:37:43 +00:00 |
|
Miroslav Stampar
|
eab7a54e03
|
cosmetics
|
2012-02-10 15:34:04 +00:00 |
|
Miroslav Stampar
|
92590d0d59
|
minor fix
|
2012-02-10 15:26:55 +00:00 |
|
Miroslav Stampar
|
e36e9de57e
|
minor update by request
|
2012-02-10 15:12:23 +00:00 |
|
Miroslav Stampar
|
11af0b1bbc
|
minor fix
|
2012-02-07 11:16:03 +00:00 |
|
Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
23117e72ca
|
minor improvement
|
2012-01-13 20:56:06 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
1d0b43b1a2
|
implemented mechanism for merging cookies by request
|
2012-01-11 14:28:08 +00:00 |
|
Miroslav Stampar
|
1f085a0241
|
now [SLEEPTIME] is changeable properly in vivo
|
2012-01-05 14:45:05 +00:00 |
|
Miroslav Stampar
|
94d43a4135
|
minor bug fix
|
2011-12-30 14:20:06 +00:00 |
|
Miroslav Stampar
|
22c3fe49bb
|
some refactoring
|
2011-12-28 13:50:03 +00:00 |
|
Miroslav Stampar
|
f622995a29
|
compatibility with partial union and error technique resumed data
|
2011-12-22 12:20:21 +00:00 |
|
Miroslav Stampar
|
6f8d8a15aa
|
minor update
|
2011-12-22 11:55:02 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
c57941c102
|
minor beautification
|
2011-12-15 23:33:44 +00:00 |
|
Miroslav Stampar
|
27d244b326
|
minor update
|
2011-12-15 23:29:11 +00:00 |
|
Miroslav Stampar
|
563c0c1066
|
adding switch --tor-type
|
2011-12-15 23:19:55 +00:00 |
|
Miroslav Stampar
|
0f5d48ff20
|
minor update
|
2011-12-05 09:25:56 +00:00 |
|
Miroslav Stampar
|
872a73f631
|
minor refactoring
|
2011-11-29 19:17:07 +00:00 |
|
Miroslav Stampar
|
2842c13d75
|
minor update
|
2011-11-29 16:59:06 +00:00 |
|
Miroslav Stampar
|
2ed3efba12
|
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
|
2011-11-22 08:39:13 +00:00 |
|
Miroslav Stampar
|
eee03871d7
|
minor refactoring
|
2011-11-21 21:31:08 +00:00 |
|
Miroslav Stampar
|
49fddaf668
|
minor update (for cases with 404 original page - e.g. time based injections in some cases)
|
2011-11-20 23:11:18 +00:00 |
|
Miroslav Stampar
|
8c32b3653b
|
minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)
|
2011-11-20 20:27:30 +00:00 |
|
Miroslav Stampar
|
7314de3490
|
language update
|
2011-11-15 11:17:39 +00:00 |
|
Miroslav Stampar
|
20ae1c2187
|
added switch --logic-negative
|
2011-10-24 00:40:06 +00:00 |
|
Miroslav Stampar
|
eb240243ea
|
minor update
|
2011-10-21 22:21:41 +00:00 |
|
Miroslav Stampar
|
05b9951a8b
|
minor beautification
|
2011-10-21 09:19:31 +00:00 |
|
Miroslav Stampar
|
4989e8e6d3
|
minor update
|
2011-10-10 17:29:54 +00:00 |
|
Miroslav Stampar
|
a31a0aa8d4
|
minor update
|
2011-10-06 22:29:49 +00:00 |
|
Miroslav Stampar
|
b888a84764
|
minor update
|
2011-09-27 14:31:58 +00:00 |
|
Miroslav Stampar
|
88f1110c44
|
adding a new (for now) hidden switch --test-filter for filtering tests by their name
|
2011-09-27 14:09:25 +00:00 |
|
Miroslav Stampar
|
7e80274fac
|
refactoring
|
2011-09-25 21:10:45 +00:00 |
|
Miroslav Stampar
|
d95ff4350d
|
bug fix
|
2011-09-20 13:08:35 +00:00 |
|
Miroslav Stampar
|
08e0eb9b61
|
minor lower/upper case fix
|
2011-08-29 13:47:32 +00:00 |
|
Miroslav Stampar
|
9be89422da
|
implemented parameter --skip
|
2011-08-29 13:29:42 +00:00 |
|
Miroslav Stampar
|
ac00014c4a
|
implemented --randomize switch by request
|
2011-08-29 12:50:52 +00:00 |
|
Miroslav Stampar
|
f46baac70b
|
bug fix (when comment is None this was errornous)
|
2011-08-17 10:58:29 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Miroslav Stampar
|
2ad267132a
|
minor update for empty normal responses (like AJAX requests)
|
2011-08-05 10:55:21 +00:00 |
|
Miroslav Stampar
|
f7562da754
|
from now on proper union column count should be displayed in injection info output
|
2011-08-03 10:34:50 +00:00 |
|
Miroslav Stampar
|
07afcd5440
|
fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)
|
2011-08-02 18:20:21 +00:00 |
|
Miroslav Stampar
|
07c3d4fb18
|
minor adjustment
|
2011-08-02 17:35:43 +00:00 |
|
Bernardo Damele
|
6cbb927012
|
Partial fix for -o not resumed at following runs if missing from command line
|
2011-07-25 11:05:49 +00:00 |
|
Miroslav Stampar
|
0d6afca7db
|
adding new switch '--smart' by request
|
2011-07-10 15:16:58 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Bernardo Damele
|
0d28c1e9e7
|
cosmetics
|
2011-07-06 20:41:13 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
b8ffcf9495
|
few fixes here and there and multi-core processing for dictionary based hash attack
|
2011-07-04 19:58:41 +00:00 |
|
Miroslav Stampar
|
8a8b94883b
|
minor update (that default quit in --batch was bothering me - my original idea and it was bad :)
|
2011-06-27 14:14:49 +00:00 |
|
Bernardo Damele
|
36c96ef796
|
Added DB2 support - patch provided by Sebastian Bittig
|
2011-06-25 09:44:24 +00:00 |
|
Miroslav Stampar
|
c4cb367e65
|
looks nicer (though --tor is implicitly converted into --proxy)
|
2011-06-24 19:00:53 +00:00 |
|
Miroslav Stampar
|
2de88bd90b
|
minor update
|
2011-06-24 17:19:24 +00:00 |
|
Miroslav Stampar
|
eaa2a4202f
|
changing to: --crawl=CRAWLDEPTH
|
2011-06-24 05:40:03 +00:00 |
|
Miroslav Stampar
|
29314f425e
|
minor fix
|
2011-06-20 13:42:31 +00:00 |
|
Miroslav Stampar
|
07e2c72943
|
adding Beautifulsoup (BSD) into extras; adding --crawl to options
|
2011-06-20 11:32:30 +00:00 |
|
Bernardo Damele
|
f8c32cf6b9
|
Moved folder
|
2011-06-18 12:34:41 +00:00 |
|
Miroslav Stampar
|
a0129dcbcb
|
this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)
|
2011-06-17 16:52:39 +00:00 |
|
Miroslav Stampar
|
6b1d5a0ab8
|
minor fix
|
2011-06-16 14:11:30 +00:00 |
|
Miroslav Stampar
|
25b923bbc3
|
minor fixes and minor updates
|
2011-06-16 12:12:30 +00:00 |
|
Miroslav Stampar
|
4d51fa8155
|
minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)
|
2011-06-15 17:37:28 +00:00 |
|
Miroslav Stampar
|
9331abb96f
|
minor update
|
2011-06-11 08:33:36 +00:00 |
|
Miroslav Stampar
|
71093b1cad
|
adding one more user friendly message
|
2011-06-09 09:58:42 +00:00 |
|
Bernardo Damele
|
d217cf71b2
|
Minor bug fix
|
2011-06-08 23:32:44 +00:00 |
|
Bernardo Damele
|
70cac24909
|
Cosmetics
|
2011-06-08 15:31:27 +00:00 |
|
Miroslav Stampar
|
d8155dfae9
|
change by request
|
2011-06-08 14:44:11 +00:00 |
|
Bernardo Damele
|
0d3e8a76d8
|
Cosmetics and a missing param
|
2011-06-08 14:40:42 +00:00 |
|
Miroslav Stampar
|
4a9640160e
|
more concise
|
2011-06-08 14:35:23 +00:00 |
|
Bernardo Damele
|
cce3208b35
|
Cleanup
|
2011-06-08 14:15:34 +00:00 |
|
Miroslav Stampar
|
1c633b7351
|
i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified
|
2011-06-07 22:14:18 +00:00 |
|
Miroslav Stampar
|
97d8c60c3f
|
better language
|
2011-06-03 15:58:19 +00:00 |
|
Miroslav Stampar
|
0a620bf322
|
more info to the user
|
2011-06-03 15:43:50 +00:00 |
|
Miroslav Stampar
|
8aa5625cd0
|
proper fix related to the last commit
|
2011-06-01 23:00:18 +00:00 |
|
Miroslav Stampar
|
fd57aae779
|
bug fix (until this moment we had UNION unfunctional for MSSQL)
|
2011-06-01 22:47:54 +00:00 |
|
Miroslav Stampar
|
b7088440c2
|
better sentence
|
2011-05-30 22:47:17 +00:00 |
|
Miroslav Stampar
|
a8b58afdb2
|
minor update
|
2011-05-27 08:21:02 +00:00 |
|
Miroslav Stampar
|
48f52d7697
|
minor beautification
|
2011-05-27 08:16:14 +00:00 |
|
Miroslav Stampar
|
45caadbd4a
|
important update - finally found what was causing headache for UNION payloads in noticeable number of cases
|
2011-05-26 21:54:19 +00:00 |
|
Miroslav Stampar
|
97bd5355dd
|
minor update
|
2011-05-26 21:18:55 +00:00 |
|
Miroslav Stampar
|
5d56e89cf5
|
minor update
|
2011-05-26 21:08:46 +00:00 |
|
Miroslav Stampar
|
06108b6da6
|
minor update related to the last commit
|
2011-05-26 20:58:24 +00:00 |
|
Miroslav Stampar
|
4f46a5ab63
|
minor usability enhancement regarding warning for --text-only switch
|
2011-05-26 20:48:18 +00:00 |
|
Miroslav Stampar
|
a1fd2898a0
|
added friendly tip message for url encoding GET and POST payloads
|
2011-05-25 11:10:52 +00:00 |
|
Miroslav Stampar
|
bec2c04671
|
helping dummy users
|
2011-05-24 17:15:25 +00:00 |
|
Miroslav Stampar
|
faa74cd2bc
|
introducing results file for multiple target mode
|
2011-05-15 22:21:38 +00:00 |
|
Miroslav Stampar
|
f11d5c91e3
|
minor update so that only one DNS request per scan is being done (before this commit there were two)
|
2011-05-12 14:32:39 +00:00 |
|
Miroslav Stampar
|
120b0d756e
|
unfix
|
2011-05-10 21:33:06 +00:00 |
|
Miroslav Stampar
|
deae534ee7
|
minor refactoring
|
2011-05-10 20:44:36 +00:00 |
|
Bernardo Damele
|
3a8309c4b0
|
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
|
2011-05-10 15:34:54 +00:00 |
|
Bernardo Damele
|
9955483052
|
Major improvement for --dump.
Minor improvement for --dump-all.
Minor bug fix for infinite loop
|
2011-05-08 02:08:18 +00:00 |
|
Bernardo Damele
|
8179fd63c0
|
Minor fix
|
2011-05-07 23:48:03 +00:00 |
|
Bernardo Damele
|
1151af52bb
|
More fix for save/resume of --technique
|
2011-05-07 21:08:14 +00:00 |
|
Bernardo Damele
|
aae140080e
|
SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
|
2011-05-06 10:27:43 +00:00 |
|
Miroslav Stampar
|
6e392b6054
|
applying contributed patch for DB2
|
2011-05-06 09:30:39 +00:00 |
|
Bernardo Damele
|
2d8408c885
|
More fix for --technique resume
|
2011-05-05 16:38:46 +00:00 |
|
Bernardo Damele
|
6cff3e97f4
|
cosmetics
|
2011-05-02 21:48:08 +00:00 |
|
Miroslav Stampar
|
06498796b9
|
minor cosmetics
|
2011-05-02 20:51:53 +00:00 |
|
Bernardo Damele
|
955dbc85e7
|
Minor variable rename
|
2011-04-30 15:29:59 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
a5968fff3e
|
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
|
2011-04-30 00:22:22 +00:00 |
|
Bernardo Damele
|
a23ca952e4
|
Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason
|
2011-04-29 21:09:07 +00:00 |
|
Bernardo Damele
|
edac0b2558
|
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
|
2011-04-28 23:59:00 +00:00 |
|
Bernardo Damele
|
441c288dd9
|
cosmeticados
|
2011-04-25 00:36:09 +00:00 |
|
Miroslav Stampar
|
7b3b9e6a87
|
it seems that this was indeed not meant to be here
|
2011-04-22 15:07:09 +00:00 |
|
Miroslav Stampar
|
304500a2e8
|
implemented checkFalsePositives method (simple Turing like tests)
|
2011-04-22 12:24:16 +00:00 |
|
Bernardo Damele
|
eabb5a2ba7
|
More adjustments to the error message when no sql injections are detected
|
2011-04-21 22:04:20 +00:00 |
|
Bernardo Damele
|
6d07dddf60
|
updated doc and minor layout adjustments
|
2011-04-21 21:53:35 +00:00 |
|
Bernardo Damele
|
770b1523ff
|
More verbose output when no SQL injections are detected
|
2011-04-21 21:31:16 +00:00 |
|
Bernardo Damele
|
edc2d75702
|
Cosmetics and major bug fix
|
2011-04-21 21:15:23 +00:00 |
|
Miroslav Stampar
|
df0331fe9b
|
some more refactoring
|
2011-04-19 23:04:10 +00:00 |
|
Miroslav Stampar
|
9b0db33cc5
|
initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model
|
2011-04-19 08:55:38 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
2db2e9b6a2
|
now GET forms are also prone to "do you want to fill with random values"
|
2011-04-11 11:38:41 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Bernardo Damele
|
c6b9d89d31
|
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
|
2011-04-07 11:10:35 +00:00 |
|
Bernardo Damele
|
05d12790f1
|
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
|
2011-04-06 14:41:44 +00:00 |
|
Miroslav Stampar
|
bbd4c128b0
|
minor update related to the last commit
|
2011-04-01 22:19:42 +00:00 |
|
Miroslav Stampar
|
0916117447
|
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
|
2011-03-30 18:32:10 +00:00 |
|
Miroslav Stampar
|
dd01d66f13
|
proper update regarding last commit
|
2011-03-29 22:10:08 +00:00 |
|
Miroslav Stampar
|
4d78eac938
|
revert of that thingy as requested by Bernardo
|
2011-03-29 10:06:35 +00:00 |
|
Miroslav Stampar
|
e8debbe724
|
minor cosmetics and one minor fix (|= is a nono with None)
|
2011-03-29 06:38:19 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
1e22ff45de
|
minor update regarding testing of GET parameters if --data and/or --forms is used
|
2011-03-28 16:14:08 +00:00 |
|
Miroslav Stampar
|
bd75fd26e9
|
implementing a --page-rank switch as requested by l0rda@l0rda.biz
|
2011-03-23 11:57:57 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
970cde5a8a
|
minor update regarding last commit
|
2011-03-17 09:23:46 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
90582ed7dc
|
minor change
|
2011-02-21 11:35:21 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
7ebc1ab90a
|
minor cosmetics
|
2011-02-17 08:59:14 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
45a005737d
|
Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2
|
2011-02-13 21:08:42 +00:00 |
|
Miroslav Stampar
|
521635c84d
|
quick fix for UA and Referer
|
2011-02-11 23:36:23 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Miroslav Stampar
|
a6ab24e0b5
|
just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed
|
2011-02-10 22:47:43 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
2c4f6d2e99
|
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
|
2011-02-07 21:53:05 +00:00 |
|
Miroslav Stampar
|
a577d0e9a5
|
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
|
2011-02-07 21:18:01 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
d2b96a66a2
|
one more update regarding last few "unescape" related commits
|
2011-02-06 20:23:23 +00:00 |
|
Bernardo Damele
|
c44978862e
|
Minor reordering of what gets saved into the injection object
|
2011-02-06 15:20:44 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Bernardo Damele
|
d875d848ce
|
Better sort
|
2011-02-01 22:04:48 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Miroslav Stampar
|
496a84c356
|
minor update
|
2011-01-20 18:32:04 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Bernardo Damele
|
eda0b41859
|
Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
|
2011-01-18 23:03:50 +00:00 |
|
Bernardo Damele
|
c2a358561f
|
Proper support for --union-cols
|
2011-01-17 22:57:33 +00:00 |
|