sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Bernardo Damele	f83dd2251b	Properly save error-based enumerated data in session file, able to be resumed like with other techniques	2010-11-12 11:40:37 +00:00
Bernardo Damele	a14e4d9668	Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.	2010-11-12 10:16:39 +00:00
Miroslav Stampar	19c1bfa368	just a precaution (now i really need to go for a sleep)	2010-11-09 23:38:29 +00:00
Miroslav Stampar	88c00e61d3	another update	2010-11-09 23:35:37 +00:00
Miroslav Stampar	47720a43dd	minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)	2010-11-09 23:21:21 +00:00
Miroslav Stampar	5ebd5d935c	another name change	2010-11-09 22:49:31 +00:00
Miroslav Stampar	06f00cf8c1	name change	2010-11-09 22:48:22 +00:00
Miroslav Stampar	fef60d5cb7	some fixes :)	2010-11-09 22:32:05 +00:00
Bernardo Damele	1cc99e2247	Possible quick fix for missing of True/False comparison of stable-but-not-really pages	2010-11-09 21:39:58 +00:00
Bernardo Damele	45ec8c169a	Consistency between --*-test switches/output	2010-11-08 16:46:25 +00:00
Miroslav Stampar	fda8752dca	revert of some HTTP headers handling	2010-11-08 13:26:45 +00:00
Bernardo Damele	78d7b17483	More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.	2010-11-08 12:36:48 +00:00
Miroslav Stampar	eb999de0f1	added Range handler (dealing with 206 HTTP messages)	2010-11-08 12:26:13 +00:00
Miroslav Stampar	875781bf97	another minor fix	2010-11-08 11:55:56 +00:00
Miroslav Stampar	4a4a3051e5	fix	2010-11-08 11:39:07 +00:00
Miroslav Stampar	a3de10e3a2	new option -t	2010-11-08 11:22:47 +00:00
Miroslav Stampar	0d0e2a2228	minor update	2010-11-08 09:49:57 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Miroslav Stampar	8e44aa605a	refactoring regarding injection place (more left)	2010-11-08 08:02:36 +00:00
Bernardo Damele	b6da946883	Added one new verbose level, -v 3 now shows the full injected payload. Fixed also -d verbose output.	2010-11-07 22:34:29 +00:00
Bernardo Damele	a96467b3e2	Refactoring	2010-11-07 21:55:24 +00:00
Miroslav Stampar	7a6c086a27	setting direct query info output to same level as payload info (logger.DEBUG)	2010-11-07 21:42:36 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	620fa1c8fb	trust me, i know what i am doing :)	2010-11-07 20:33:33 +00:00
Bernardo Damele	4d81da6bc8	Cosmetics	2010-11-07 16:23:03 +00:00
Miroslav Stampar	00dfd55830	added powerful switch --longest-common for dealing with heavy dynamicity	2010-11-07 08:52:09 +00:00
Miroslav Stampar	508b9cc763	dynamicity engine update	2010-11-07 00:12:00 +00:00
Miroslav Stampar	3619fc5127	minor update	2010-11-06 08:31:11 +00:00
Miroslav Stampar	0e895fa512	update of dynamicity testing and few misc fixes	2010-11-05 13:14:12 +00:00
Miroslav Stampar	ef1809464d	bug fix for that BadStatusLine (http://bugs.python.org/issue8450 )	2010-11-05 11:58:20 +00:00
Miroslav Stampar	6295a59a30	minor update/fix	2010-11-05 11:39:35 +00:00
Miroslav Stampar	5f7f4bf15b	minor debug update (probably temporary)	2010-11-05 11:04:00 +00:00
Miroslav Stampar	29b7c5366c	cosmetics	2010-11-04 17:22:33 +00:00
Miroslav Stampar	e1cec8c02b	fix for all that stable, dynamic mambo jambo :)	2010-11-04 16:44:34 +00:00
Miroslav Stampar	f1f7e0bfe0	fix for "unknown charset 'en_us'" (reported by ToR)	2010-11-04 13:56:01 +00:00
Bernardo Damele	b152b1a04d	Cosmetics	2010-11-03 22:07:13 +00:00
Miroslav Stampar	71d0b1bcd7	several bug fixes	2010-11-03 21:51:36 +00:00
Miroslav Stampar	44678fa320	fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')	2010-11-03 12:40:11 +00:00
Miroslav Stampar	6adee3792a	removed all trailing spaces from blank lines	2010-11-03 10:08:27 +00:00
Miroslav Stampar	861706fb31	fix for bug reported by ToR (unknown charset 'utf-8, text/html')	2010-11-02 18:01:10 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Miroslav Stampar	5269cb8c08	some code refactoring and beautification	2010-11-02 09:06:38 +00:00
Miroslav Stampar	13e93f564a	one bug fix in dynamic content engine and some code refactoring	2010-11-02 07:32:08 +00:00
Bernardo Damele	486a113560	Consolidate logger messages for --*-test switches	2010-10-31 16:58:38 +00:00
Bernardo Damele	3eda4510e2	Properly encode the cookie	2010-10-31 11:26:33 +00:00
Bernardo Damele	3a48bee9b0	Minor code refactoring	2010-10-31 11:03:59 +00:00
Bernardo Damele	8cf0ebde1e	Cosmetics	2010-10-29 23:00:48 +00:00
Miroslav Stampar	cbf38436f2	minor update	2010-10-29 16:15:23 +00:00
Miroslav Stampar	5a38ac7ea9	important update regarding (Bug #209 ) - probably more will be needed	2010-10-29 16:11:50 +00:00
Miroslav Stampar	895efd28a6	one more update regarding Bug #205	2010-10-28 23:22:13 +00:00
Miroslav Stampar	788eb8fb50	update regarding Bug #205	2010-10-28 22:59:51 +00:00
Bernardo Damele	f5904d0bc0	Major bug fix to --union-test	2010-10-25 23:39:55 +00:00
Miroslav Stampar	228ac0cde5	refactoring regarding --check-payload	2010-10-25 18:38:54 +00:00
Miroslav Stampar	378653a1ec	added IDS payload testing	2010-10-25 15:37:43 +00:00
Bernardo Damele	215175e3b7	Minor code adjustments	2010-10-25 14:11:47 +00:00
Miroslav Stampar	24c5d7b313	code refactoring	2010-10-25 14:06:56 +00:00
Miroslav Stampar	9c94a233a1	conf.md5hash thrown out	2010-10-25 13:52:21 +00:00
Miroslav Stampar	32728d14b7	fix for --union-use with --error-test	2010-10-25 12:25:29 +00:00
Miroslav Stampar	71543092b7	update regarding comparison engine	2010-10-25 12:00:59 +00:00
Miroslav Stampar	8df7c88174	implementation of a new dynamic content removal engine	2010-10-25 10:41:37 +00:00
Miroslav Stampar	db260c44d3	minor update	2010-10-24 22:25:05 +00:00
Miroslav Stampar	dec4d858b3	fix for Bug #207	2010-10-22 14:01:48 +00:00
Miroslav Stampar	bc79eec702	removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)	2010-10-21 13:13:12 +00:00
Miroslav Stampar	be443c6947	refactoring regarding __START__,...	2010-10-21 09:51:07 +00:00
Miroslav Stampar	2668c95ef4	added default HTTP version used by httplib and urllib2	2010-10-21 09:10:07 +00:00
Bernardo Damele	7f1aa3b94f	Removed unused imports	2010-10-20 22:48:51 +00:00
Miroslav Stampar	934adb5e8d	code refactoring	2010-10-20 09:09:04 +00:00
Miroslav Stampar	b032fdbf74	added randInt to error injection vectors	2010-10-20 08:56:58 +00:00
Miroslav Stampar	dabbcf9e23	fix for that 'Subquery returns more than 1 row'	2010-10-20 08:50:05 +00:00
Miroslav Stampar	82f44989ce	update of error based injection and bug fix for --roles on MSSQL server	2010-10-20 06:40:33 +00:00
Miroslav Stampar	8776db872c	minor refactoring	2010-10-19 23:05:24 +00:00
Miroslav Stampar	1b376c99a6	removed temp dictionary and replaced with kb.misc	2010-10-19 23:00:19 +00:00
Miroslav Stampar	7927e97007	update	2010-10-19 18:34:57 +00:00
Miroslav Stampar	415524bd5a	remove --error, now it's only --error-test (it needs to return True to be able to use it)	2010-10-19 18:34:14 +00:00
Miroslav Stampar	4009ef385e	more update regarding error based injection support	2010-10-19 18:17:34 +00:00
Miroslav Stampar	b2e0b615f8	fix for that MySQL checking	2010-10-19 17:38:39 +00:00
Miroslav Stampar	34d7de1d46	cosmetics	2010-10-19 15:28:54 +00:00
Miroslav Stampar	d7622bb9cf	major fix for MySQL error based injections	2010-10-19 15:17:16 +00:00
Miroslav Stampar	80505de15b	now --users work on Oracle and Postgre (tested)	2010-10-19 14:56:57 +00:00
Miroslav Stampar	4bc541ec3c	error based update	2010-10-19 14:47:13 +00:00
Miroslav Stampar	d0ebe428da	i've left error flag	2010-10-19 14:12:34 +00:00
Miroslav Stampar	bf850af2d8	fix for Oracle error based query "space" problem	2010-10-19 14:10:09 +00:00
Miroslav Stampar	6a8b1046d4	first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)	2010-10-19 12:02:04 +00:00
Miroslav Stampar	8b8fff41fe	cosmetics (adding html parsed DBMS) regarding heuristic check	2010-10-18 12:11:16 +00:00
Bernardo Damele	36bc410333	Minor bug fix	2010-10-18 09:50:23 +00:00
Miroslav Stampar	149837ebf5	added the same for proxy authorization header	2010-10-18 09:02:56 +00:00
Miroslav Stampar	aaebb4336e	fix for Bug #202	2010-10-18 08:54:08 +00:00
Miroslav Stampar	dcb9c2103a	just in case update	2010-10-15 11:20:19 +00:00
Bernardo Damele	5f6d88a418	Minor comment	2010-10-15 11:17:17 +00:00
Bernardo Damele	c5e385f77a	More layout adjustments	2010-10-15 10:28:34 +00:00
Miroslav Stampar	207bef7f19	fix for that SQLite3 vs SQLite2 issue	2010-10-15 09:39:41 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Bernardo Damele	1674142d82	Minor cosmetic fixes	2010-10-14 15:28:54 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00
Miroslav Stampar	162d01abed	commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)	2010-10-14 11:06:28 +00:00
Miroslav Stampar	dc50543ea4	major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)	2010-10-13 23:01:23 +00:00
Miroslav Stampar	36ef8ca575	bug fix	2010-10-13 22:42:48 +00:00
Miroslav Stampar	02a14d4c45	added Referer (part of Feature #37 )	2010-10-13 22:08:09 +00:00
Miroslav Stampar	34580f56fc	added --tamper option	2010-10-12 22:45:25 +00:00

1 2 3 4 5 ...

314 Commits