Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							041abb56e2 
							
						 
					 
					
						
						
							
							you can't believe how much man can learn when having good testing points  
						
						
						
					 
					
						2011-01-17 13:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d225c5c9aa 
							
						 
					 
					
						
						
							
							was wrong about this one (just now tested on a real site)  
						
						
						
					 
					
						2011-01-17 11:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac0b5e6dbc 
							
						 
					 
					
						
						
							
							proper way to handle this (console output has totally different encoding than the page one)  
						
						
						
					 
					
						2011-01-17 10:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34d13be0d3 
							
						 
					 
					
						
						
							
							minor update regarding default page encoding  
						
						
						
					 
					
						2011-01-17 10:23:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c857779c1 
							
						 
					 
					
						
						
							
							important fix for unicode based character inference  
						
						
						
					 
					
						2011-01-17 10:15:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99a3a3b89c 
							
						 
					 
					
						
						
							
							minor fix (break if all found)  
						
						
						
					 
					
						2011-01-17 09:41:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fcca671bd 
							
						 
					 
					
						
						
							
							information update regarding common password suffixes  
						
						
						
					 
					
						2011-01-17 09:28:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a835f233ac 
							
						 
					 
					
						
						
							
							fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')  
						
						
						
					 
					
						2011-01-17 00:17:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2041361695 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-16 23:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e2c821eb81 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-16 22:35:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e881465a9f 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-01-16 20:55:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5e36876e7 
							
						 
					 
					
						
						
							
							removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency  
						
						
						
					 
					
						2011-01-16 19:29:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6516798c0 
							
						 
					 
					
						
						
							
							proper fix for that previous "stacked" fix (that one screwed other injection types)  
						
						
						
					 
					
						2011-01-16 19:25:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5476a8a27e 
							
						 
					 
					
						
						
							
							russian sites are great for testing :)  
						
						
						
					 
					
						2011-01-16 19:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19dcaeaabf 
							
						 
					 
					
						
						
							
							fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)  
						
						
						
					 
					
						2011-01-16 18:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							718eef8753 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-16 18:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec1ab3cd2a 
							
						 
					 
					
						
						
							
							removing timeSec from injection configuration attributes as it highly depends on current connection "variables"  
						
						
						
					 
					
						2011-01-16 12:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2001bad7e1 
							
						 
					 
					
						
						
							
							automatic adjustment of timeSec for delayed queries  
						
						
						
					 
					
						2011-01-16 12:04:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc4ebdc1b 
							
						 
					 
					
						
						
							
							Major bug fix.  
						
						... 
						
						
						
						Minor code refactoring. 
						
					 
					
						2011-01-16 01:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c0d5daee99 
							
						 
					 
					
						
						
							
							More refactoring and cleanup  
						
						
						
					 
					
						2011-01-16 00:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29ea0950b6 
							
						 
					 
					
						
						
							
							now False is also affected (along with None and "")  
						
						
						
					 
					
						2011-01-15 23:43:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e4b65a822 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 23:28:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							558f3894f4 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2011-01-15 23:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3a28124b1 
							
						 
					 
					
						
						
							
							More code cleanup  
						
						
						
					 
					
						2011-01-15 23:11:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a35f598b8 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 22:09:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f565c941e 
							
						 
					 
					
						
						
							
							bug fix and proper warning message  
						
						
						
					 
					
						2011-01-15 16:59:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e105e1ea32 
							
						 
					 
					
						
						
							
							bug fix (some sites raise 404 during union tests)  
						
						
						
					 
					
						2011-01-15 16:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3873d204bb 
							
						 
					 
					
						
						
							
							important update for dictionary attack  
						
						
						
					 
					
						2011-01-15 15:56:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e17ac5fdca 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-15 15:14:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5bdb50c224 
							
						 
					 
					
						
						
							
							code review part 3  
						
						
						
					 
					
						2011-01-15 13:15:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa8f0cba7 
							
						 
					 
					
						
						
							
							code reviewing part 2  
						
						
						
					 
					
						2011-01-15 12:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a0e0cde3c 
							
						 
					 
					
						
						
							
							code review of modules in lib/core directory  
						
						
						
					 
					
						2011-01-15 12:13:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05b2a338fe 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-14 16:12:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bff989d348 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 15:43:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							daf5662eab 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-14 15:33:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1cfd6a6b9d 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-14 15:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08f7e20c51 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 14:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							534f51f9fc 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-14 14:20:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e9b11b79 
							
						 
					 
					
						
						
							
							Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.  
						
						
						
					 
					
						2011-01-14 12:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d9fd5a7b7 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-14 09:49:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2c7ae77d4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 09:45:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							676b95b30a 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 09:44:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f8c04ce020 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 20:59:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a1d1f69c3f 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-01-13 15:28:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d937e27b19 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-13 15:19:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b0fdbdb13b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 15:15:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							877ea31521 
							
						 
					 
					
						
						
							
							Verbose docstring  
						
						
						
					 
					
						2011-01-13 12:05:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac5b49f555 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-13 11:24:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af4ee81e62 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-01-13 11:23:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ece2eb31ca 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 11:08:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee4727850c 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 10:29:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ca33728fbc 
							
						 
					 
					
						
						
							
							Minor fix to avoid query splitting/unpacking when the statement is EXISTS()  
						
						
						
					 
					
						2011-01-13 10:00:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							be6e2d6a31 
							
						 
					 
					
						
						
							
							Important bug fix.  
						
						... 
						
						
						
						Minor code restyling. 
						
					 
					
						2011-01-13 09:41:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b3a0f38f3f 
							
						 
					 
					
						
						
							
							Minor code refactoring and added internal debug prints  
						
						
						
					 
					
						2011-01-12 12:03:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cff42986f 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-12 01:17:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8a67aea754 
							
						 
					 
					
						
						
							
							One more step to fully working UNION exploitation after merge into detection phase  
						
						
						
					 
					
						2011-01-12 01:13:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c6f7556f 
							
						 
					 
					
						
						
							
							Minor update  
						
						
						
					 
					
						2011-01-12 00:53:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8bdb7ec58c 
							
						 
					 
					
						
						
							
							Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.  
						
						
						
					 
					
						2011-01-12 00:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							873951ab92 
							
						 
					 
					
						
						
							
							Proper fix to avoid UNION test false positives  
						
						
						
					 
					
						2011-01-11 23:59:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2e994e806 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2011-01-11 23:56:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7c3c76c3 
							
						 
					 
					
						
						
							
							Fixed previous bug in getErrorParsedDBMSes() call in detection phase.  
						
						... 
						
						
						
						Added minor support to escape quotes in UNION payloads during detection phase. 
						
					 
					
						2011-01-11 23:47:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aa49aa579f 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2011-01-11 23:09:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06230e4d92 
							
						 
					 
					
						
						
							
							Minor code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-11 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3146464da 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by nightman  
						
						
						
					 
					
						2011-01-11 12:27:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							643c464268 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-11 12:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							394b6bc029 
							
						 
					 
					
						
						
							
							reverting some changes  
						
						
						
					 
					
						2011-01-11 12:11:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54e0ba935a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-11 12:08:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							690281dce1 
							
						 
					 
					
						
						
							
							didn't know this to be honest  
						
						
						
					 
					
						2011-01-11 10:17:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0676b38063 
							
						 
					 
					
						
						
							
							revert of one thing for Bernardo and minor update  
						
						
						
					 
					
						2011-01-10 10:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							77b51dae57 
							
						 
					 
					
						
						
							
							adding openFile method with an exception block around file opening part  
						
						
						
					 
					
						2011-01-08 09:30:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3899f7467 
							
						 
					 
					
						
						
							
							fix of a fix  
						
						
						
					 
					
						2011-01-07 18:07:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e83a26acf 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:53:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed2aed972f 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:38:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							27628dca42 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-07 17:25:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97ae7e330f 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-07 17:10:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e373dac1f2 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-01-07 16:50:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c17714c423 
							
						 
					 
					
						
						
							
							suppress session in case of brute methods  
						
						
						
					 
					
						2011-01-07 16:47:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b313a20a3f 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2011-01-07 16:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16a06117f7 
							
						 
					 
					
						
						
							
							Mere cosmetics  
						
						
						
					 
					
						2011-01-07 16:36:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1a079c62cb 
							
						 
					 
					
						
						
							
							minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)  
						
						
						
					 
					
						2011-01-07 16:08:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a8d660db54 
							
						 
					 
					
						
						
							
							fixes for bugs reported by pragmatk@gmail.com  
						
						
						
					 
					
						2011-01-06 16:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c968b438f2 
							
						 
					 
					
						
						
							
							Ctrl+C added to union dump  
						
						
						
					 
					
						2011-01-06 09:48:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0616edcc44 
							
						 
					 
					
						
						
							
							adding progress to --union-test  
						
						
						
					 
					
						2011-01-06 09:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9a624546 
							
						 
					 
					
						
						
							
							added progress into union based entry retrieval  
						
						
						
					 
					
						2011-01-06 09:10:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc9ca802bf 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-06 08:54:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1297df66da 
							
						 
					 
					
						
						
							
							fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)  
						
						
						
					 
					
						2011-01-06 08:04:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							694a65f6f1 
							
						 
					 
					
						
						
							
							minor fix/update  
						
						
						
					 
					
						2011-01-05 13:32:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7411052456 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-01-05 12:09:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							042e3f76ba 
							
						 
					 
					
						
						
							
							bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)  
						
						
						
					 
					
						2011-01-05 11:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ae5192070 
							
						 
					 
					
						
						
							
							adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)  
						
						
						
					 
					
						2011-01-05 10:25:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c83e9f6ca5 
							
						 
					 
					
						
						
							
							foundation for filtering binary string values (for example, replacement of non readable chars with #)  
						
						
						
					 
					
						2011-01-04 21:56:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa81ed4033 
							
						 
					 
					
						
						
							
							implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)  
						
						
						
					 
					
						2011-01-04 15:49:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb11f5b2e0 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 13:07:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1dc73d0a1 
							
						 
					 
					
						
						
							
							minor, just in case update related to the previous commit  
						
						
						
					 
					
						2011-01-04 12:56:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							709a7d156b 
							
						 
					 
					
						
						
							
							fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)  
						
						
						
					 
					
						2011-01-04 12:51:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d288c6d6e3 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 08:40:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fdc463d08b 
							
						 
					 
					
						
						
							
							fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)  
						
						
						
					 
					
						2011-01-03 23:36:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08ccbf2c1e 
							
						 
					 
					
						
						
							
							important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)  
						
						
						
					 
					
						2011-01-03 22:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							572f403069 
							
						 
					 
					
						
						
							
							update of one thing that was missing  
						
						
						
					 
					
						2011-01-03 21:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ce48ea75d0 
							
						 
					 
					
						
						
							
							noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links  
						
						
						
					 
					
						2011-01-03 14:39:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6aa616bd0d 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2011-01-03 14:28:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92e4cdb241 
							
						 
					 
					
						
						
							
							raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic  
						
						
						
					 
					
						2011-01-03 14:21:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07129371bf 
							
						 
					 
					
						
						
							
							bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)  
						
						
						
					 
					
						2011-01-03 13:04:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3629c2737b 
							
						 
					 
					
						
						
							
							automatically turn on --text-only in case of heavily-dynamicity instead of critical exit  
						
						
						
					 
					
						2011-01-03 11:06:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adc41181e6 
							
						 
					 
					
						
						
							
							some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one  
						
						
						
					 
					
						2011-01-03 10:37:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5860b8942f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 09:16:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d19a8d53e4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 08:46:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8625494ff2 
							
						 
					 
					
						
						
							
							added one new quick check for multiple target(s) mode  
						
						
						
					 
					
						2011-01-03 08:32:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f762f32de8 
							
						 
					 
					
						
						
							
							bug fix for proper --parse-errors on .aspx pages  
						
						
						
					 
					
						2011-01-02 13:00:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dce9a762f1 
							
						 
					 
					
						
						
							
							important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode  
						
						
						
					 
					
						2011-01-02 10:37:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96341f8f78 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 09:16:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c6c870db4 
							
						 
					 
					
						
						
							
							removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode  
						
						
						
					 
					
						2011-01-02 08:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6651ba05eb 
							
						 
					 
					
						
						
							
							another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)  
						
						
						
					 
					
						2011-01-02 08:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec4440108b 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-02 07:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							428e817a32 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2011-01-01 23:57:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							212035e64d 
							
						 
					 
					
						
						
							
							user can now choose if he wants to skip non-heuristic based DBMS tests  
						
						
						
					 
					
						2011-01-01 23:38:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8a93cfd975 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 22:43:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52e44df86c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 21:11:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							942cbafba6 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 20:19:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4fd8b3f0c 
							
						 
					 
					
						
						
							
							(e) finally works as it should  
						
						
						
					 
					
						2011-01-01 19:22:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e815177c8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 19:07:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ef27fd5ea1 
							
						 
					 
					
						
						
							
							there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) ( http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html ,  http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html )  
						
						
						
					 
					
						2011-01-01 15:20:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							15e6911fd8 
							
						 
					 
					
						
						
							
							fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')  
						
						
						
					 
					
						2011-01-01 12:23:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							91f665aaaa 
							
						 
					 
					
						
						
							
							bug fix for Ctrl+C  
						
						
						
					 
					
						2010-12-31 15:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5db8ebbfa9 
							
						 
					 
					
						
						
							
							update of mysql comment versions  
						
						
						
					 
					
						2010-12-31 12:42:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							281d124fa6 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-31 12:04:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							613242e298 
							
						 
					 
					
						
						
							
							bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)  
						
						
						
					 
					
						2010-12-29 19:48:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8f32c740ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-29 19:39:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6700cabc36 
							
						 
					 
					
						
						
							
							minor optimization  
						
						
						
					 
					
						2010-12-29 19:01:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d1f5c1d7b7 
							
						 
					 
					
						
						
							
							now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering  
						
						
						
					 
					
						2010-12-29 15:10:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							79e97824ef 
							
						 
					 
					
						
						
							
							adding user names to the attack dictionary  
						
						
						
					 
					
						2010-12-29 00:37:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93838fb155 
							
						 
					 
					
						
						
							
							"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)  
						
						
						
					 
					
						2010-12-28 14:40:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0423761e8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 18:27:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f8dbf0a7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 15:39:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9fb0e0fc85 
							
						 
					 
					
						
						
							
							resume of brute forced data is now available  
						
						
						
					 
					
						2010-12-27 14:17:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c7a160bf72 
							
						 
					 
					
						
						
							
							minor update (users want this to see)  
						
						
						
					 
					
						2010-12-27 12:00:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							51a492e17d 
							
						 
					 
					
						
						
							
							pretty important commit (now dumped tables are prone to dictionary attack)  
						
						
						
					 
					
						2010-12-27 10:56:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							269d6bde24 
							
						 
					 
					
						
						
							
							this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)  
						
						
						
					 
					
						2010-12-27 00:14:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							89c2640d23 
							
						 
					 
					
						
						
							
							basic --search now works with MS Access  
						
						
						
					 
					
						2010-12-26 23:50:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f2373121d0 
							
						 
					 
					
						
						
							
							noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)  
						
						
						
					 
					
						2010-12-26 14:36:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ceeb6374e8 
							
						 
					 
					
						
						
							
							bug fix (TypeError: object of type 'NoneType' has no len())  
						
						
						
					 
					
						2010-12-26 13:27:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							569e060aab 
							
						 
					 
					
						
						
							
							important improvement  
						
						
						
					 
					
						2010-12-26 13:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a555d1ad68 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2010-12-26 11:15:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							320a6f9efb 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-26 09:55:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							17d74fc83c 
							
						 
					 
					
						
						
							
							cosmeticado  
						
						
						
					 
					
						2010-12-26 09:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cd337d9f39 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-26 09:46:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf4b93856 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-26 09:40:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							562a6440d1 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (same as  http://bugs.python.org/issue8797 )  
						
						
						
					 
					
						2010-12-26 09:33:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c72e41972 
							
						 
					 
					
						
						
							
							minor fix/update  
						
						
						
					 
					
						2010-12-26 02:19:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c5c4aae3d5 
							
						 
					 
					
						
						
							
							minor update (to prevent adding too much items)  
						
						
						
					 
					
						2010-12-25 10:42:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b472b96f92 
							
						 
					 
					
						
						
							
							bug fix, refactoring and improved extractErrorMessage capabilities  
						
						
						
					 
					
						2010-12-25 10:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ea7ba19f6b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-25 09:43:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							272476773f 
							
						 
					 
					
						
						
							
							getPageTextWordsSet on tableExists is pretty powerful stuff  
						
						
						
					 
					
						2010-12-25 09:37:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6845d402fa 
							
						 
					 
					
						
						
							
							well, here and there, merry Christmas to all :)  
						
						
						
					 
					
						2010-12-24 20:17:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2d115e0350 
							
						 
					 
					
						
						
							
							one more fix  
						
						
						
					 
					
						2010-12-24 18:44:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							edcf1a0872 
							
						 
					 
					
						
						
							
							few bug fixes  
						
						
						
					 
					
						2010-12-24 18:40:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96a06351a1 
							
						 
					 
					
						
						
							
							minor fix (in testing phase raise404 should be set to False)  
						
						
						
					 
					
						2010-12-24 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aab14fa2d3 
							
						 
					 
					
						
						
							
							minor refactoring/cosmetics  
						
						
						
					 
					
						2010-12-24 11:06:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23dc408901 
							
						 
					 
					
						
						
							
							prioritization of tests based on DBMS error messages and some comments in common.py  
						
						
						
					 
					
						2010-12-24 10:55:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a09716a701 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-24 10:07:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d9f08e4aa3 
							
						 
					 
					
						
						
							
							randomization of user agents  
						
						
						
					 
					
						2010-12-24 10:04:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5eebb1cbf 
							
						 
					 
					
						
						
							
							fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6  
						
						
						
					 
					
						2010-12-24 09:49:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cb17e61f35 
							
						 
					 
					
						
						
							
							bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)  
						
						
						
					 
					
						2010-12-24 02:54:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8470de7b76 
							
						 
					 
					
						
						
							
							bug fix for boolean proxy when using time based payloads  
						
						
						
					 
					
						2010-12-23 23:46:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7f7fb93155 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-23 18:44:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73f33c1999 
							
						 
					 
					
						
						
							
							bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)  
						
						
						
					 
					
						2010-12-23 11:28:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fc60215ed 
							
						 
					 
					
						
						
							
							lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.  
						
						
						
					 
					
						2010-12-22 19:12:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c06dbffc3 
							
						 
					 
					
						
						
							
							bug fix (AttributeError: 'unicode' object has no attribute 'sort')  
						
						
						
					 
					
						2010-12-22 18:55:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c1f2534e9a 
							
						 
					 
					
						
						
							
							More bug fixes to properly distinguish between full inband and single-entry inband sql injections  
						
						
						
					 
					
						2010-12-22 15:47:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							250608660d 
							
						 
					 
					
						
						
							
							Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)  
						
						
						
					 
					
						2010-12-22 13:41:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5228f336da 
							
						 
					 
					
						
						
							
							Minor fix for ctrl+c during detection phase  
						
						
						
					 
					
						2010-12-22 13:15:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08c88495d0 
							
						 
					 
					
						
						
							
							removed that ugly hack  
						
						
						
					 
					
						2010-12-22 13:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8212b7b745 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-22 12:16:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5be9c04e44 
							
						 
					 
					
						
						
							
							update regarding Sybase syntax  
						
						
						
					 
					
						2010-12-22 10:39:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d974a966b8 
							
						 
					 
					
						
						
							
							minor fix for end phase (Ctrl+C)  
						
						
						
					 
					
						2010-12-21 23:55:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb75d0636b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-21 23:42:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							39a13077c4 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-21 23:09:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							09479c85dc 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-21 22:35:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a525f28d4 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-21 15:26:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2e7f9484d 
							
						 
					 
					
						
						
							
							minor tuning (2 techniques MAX per value used)  
						
						
						
					 
					
						2010-12-21 15:24:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c1133c4d4 
							
						 
					 
					
						
						
							
							some code refactoring  
						
						
						
					 
					
						2010-12-21 15:13:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							466d61ee85 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-21 14:29:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							385e208f38 
							
						 
					 
					
						
						
							
							code refactoring regarding standard output suppression and some threading issues  
						
						
						
					 
					
						2010-12-21 14:21:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e68248f60 
							
						 
					 
					
						
						
							
							minor update of heuristic check  
						
						
						
					 
					
						2010-12-21 12:56:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							16f1f4e13e 
							
						 
					 
					
						
						
							
							when doing dynamic checks there are cases when 404 can be raised (perfectly normal)  
						
						
						
					 
					
						2010-12-21 11:04:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aca074b769 
							
						 
					 
					
						
						
							
							Removed unused outdated code  
						
						
						
					 
					
						2010-12-21 10:49:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad6b528b33 
							
						 
					 
					
						
						
							
							Bit more verbose comment  
						
						
						
					 
					
						2010-12-21 10:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b37ddada4 
							
						 
					 
					
						
						
							
							removed some blank trailing spaces (with extra/shutils/blanks.sh)  
						
						
						
					 
					
						2010-12-21 10:31:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1a3f57e5fe 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-21 09:23:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d554460aec 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-21 01:09:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							116c141dfa 
							
						 
					 
					
						
						
							
							another fix  
						
						
						
					 
					
						2010-12-21 00:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							416755c0b7 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2010-12-21 00:25:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8067365b93 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident')  
						
						
						
					 
					
						2010-12-20 23:47:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e10670d9ac 
							
						 
					 
					
						
						
							
							added end detection phase choice into Ctrl+C list  
						
						
						
					 
					
						2010-12-20 23:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29001a4fce 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 23:21:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b34fe5c334 
							
						 
					 
					
						
						
							
							no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)  
						
						
						
					 
					
						2010-12-20 22:49:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd3e7ba1f 
							
						 
					 
					
						
						
							
							thread based data added  
						
						
						
					 
					
						2010-12-20 22:45:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c9e8aae8a2 
							
						 
					 
					
						
						
							
							we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads)  
						
						
						
					 
					
						2010-12-20 19:34:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e09bc2406c 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-20 19:24:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5852bad963 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2010-12-20 18:56:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19d8733e9a 
							
						 
					 
					
						
						
							
							this is strictly for educational purposes  
						
						
						
					 
					
						2010-12-20 17:30:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c948bced61 
							
						 
					 
					
						
						
							
							should solve the problem with timeout problems in time-based payloads  
						
						
						
					 
					
						2010-12-20 16:45:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf8929085 
							
						 
					 
					
						
						
							
							more minor updates  
						
						
						
					 
					
						2010-12-20 10:48:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fd00ff7a82 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-20 10:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e9f1ecb9e7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 10:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10a7a2dfb2 
							
						 
					 
					
						
						
							
							kids, don't use this at home  
						
						
						
					 
					
						2010-12-20 10:13:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13d5b2c0ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-20 09:44:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4cb83654dc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-18 16:28:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36862e2efa 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-18 15:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							21d083272e 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2010-12-18 14:31:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f73feec2f 
							
						 
					 
					
						
						
							
							now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)  
						
						
						
					 
					
						2010-12-18 14:11:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05c6d661e8 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-18 10:49:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03220d34ba 
							
						 
					 
					
						
						
							
							added Ctrl+C check in detection phase  
						
						
						
					 
					
						2010-12-18 10:42:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e355f92f22 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-18 10:02:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							108a96c6b4 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2010-12-17 21:45:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a19cb2c13a 
							
						 
					 
					
						
						
							
							code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")  
						
						
						
					 
					
						2010-12-17 21:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b4450c6ddd 
							
						 
					 
					
						
						
							
							added one more level of MSSQL version check (if first fails for some reason)  
						
						
						
					 
					
						2010-12-17 21:01:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07609bfb53 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-17 19:33:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							323af45ce4 
							
						 
					 
					
						
						
							
							added one more time request payload to confirm test results  
						
						
						
					 
					
						2010-12-17 07:53:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3fa3b0e8e 
							
						 
					 
					
						
						
							
							fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')  
						
						
						
					 
					
						2010-12-17 07:48:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							95b2c0803b 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-15 20:51:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de54219571 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-15 12:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cda00c7501 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-15 12:43:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3f34b06a24 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-15 12:34:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							445cc3bf3c 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-15 12:15:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1c525aaea 
							
						 
					 
					
						
						
							
							quick fix of a fix  
						
						
						
					 
					
						2010-12-15 12:10:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7cfeb5447b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:46:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4dec24d056 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by Andreas Constantinides (KeyError: 5)  
						
						
						
					 
					
						2010-12-15 11:30:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8a01ddaf8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63f5c35c23 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-15 10:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c3d0295d21 
							
						 
					 
					
						
						
							
							minor update (checking for --time-sec value)  
						
						
						
					 
					
						2010-12-14 12:37:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b75d7fa348 
							
						 
					 
					
						
						
							
							minor cache based optimization  
						
						
						
					 
					
						2010-12-14 12:22:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							270ae0f080 
							
						 
					 
					
						
						
							
							just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False  
						
						
						
					 
					
						2010-12-14 09:05:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							04caef6de0 
							
						 
					 
					
						
						
							
							Tuning  
						
						
						
					 
					
						2010-12-13 23:04:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cfcee6439e 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-13 21:55:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							86690682c7 
							
						 
					 
					
						
						
							
							Minor bug fix to respect -v value in --common-tables and --common-columns  
						
						
						
					 
					
						2010-12-13 21:37:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4b79227b5a 
							
						 
					 
					
						
						
							
							Minor bug fix to properly merge options from .conf file (-c) with command line switches  
						
						
						
					 
					
						2010-12-13 21:36:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							db844c1785 
							
						 
					 
					
						
						
							
							No point in showing the error-based inject payload, it's same as the one showed in -v3  
						
						
						
					 
					
						2010-12-13 21:35:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							698f30e65e 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-13 21:34:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a02dd6b55b 
							
						 
					 
					
						
						
							
							Minor enhancement to speedup active dbms fingerprint (-f).  
						
						... 
						
						
						
						Code cleanup and refactoring. 
						
					 
					
						2010-12-13 21:33:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d56f47d530 
							
						 
					 
					
						
						
							
							fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20')  
						
						
						
					 
					
						2010-12-12 23:59:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a3c4485e6 
							
						 
					 
					
						
						
							
							minor update (removing extra ())  
						
						
						
					 
					
						2010-12-12 14:44:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e98d9c08e1 
							
						 
					 
					
						
						
							
							dumping table is now possible on Firebird too  
						
						
						
					 
					
						2010-12-12 14:38:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c93634b6c7 
							
						 
					 
					
						
						
							
							blind dumping of tables in sqlite implemented  
						
						
						
					 
					
						2010-12-11 22:13:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b1babeefe5 
							
						 
					 
					
						
						
							
							update regarding dumping of tables with blind on Sqlite  
						
						
						
					 
					
						2010-12-11 22:00:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f7344a5fc3 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 21:28:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a24048aa6 
							
						 
					 
					
						
						
							
							urllib2 doesn't play well with '\n' when non unescaped chars used  
						
						
						
					 
					
						2010-12-11 21:17:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c66fa37c 
							
						 
					 
					
						
						
							
							update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available  
						
						
						
					 
					
						2010-12-11 17:55:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e32fa9df43 
							
						 
					 
					
						
						
							
							further update regarding bugtrace's report  
						
						
						
					 
					
						2010-12-11 17:32:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d18c98ec2 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)  
						
						
						
					 
					
						2010-12-11 17:20:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03447acc1d 
							
						 
					 
					
						
						
							
							avoiding some trashy match ratios  
						
						
						
					 
					
						2010-12-11 17:12:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2a3e8f44f 
							
						 
					 
					
						
						
							
							first time firebird error-based query success  
						
						
						
					 
					
						2010-12-11 11:17:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f021548bd0 
							
						 
					 
					
						
						
							
							added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)  
						
						
						
					 
					
						2010-12-11 10:52:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c17f444aab 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-11 10:22:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3dc0a51d34 
							
						 
					 
					
						
						
							
							major bug fix with boolean expressions  
						
						
						
					 
					
						2010-12-11 08:46:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac9080c07b 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 08:24:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							66db80804d 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-12-10 16:03:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							435f48b8cc 
							
						 
					 
					
						
						
							
							polite cosmetics  
						
						
						
					 
					
						2010-12-10 15:28:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							977988c0ab 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-10 15:24:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa8d378e80 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2010-12-10 15:18:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ef44cfe60 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-12-10 15:06:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe186cde55 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2010-12-10 13:26:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9957881040 
							
						 
					 
					
						
						
							
							you won't believe commit  
						
						
						
					 
					
						2010-12-10 13:20:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fc9ed10a8 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-10 12:30:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d8628e8fb 
							
						 
					 
					
						
						
							
							fix for booleans  
						
						
						
					 
					
						2010-12-10 12:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe2039f5ba 
							
						 
					 
					
						
						
							
							coollyy little commits  
						
						
						
					 
					
						2010-12-10 11:32:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5e7a8d305 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-10 10:54:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b6dcbcef5b 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-10 10:52:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							471d9ccd65 
							
						 
					 
					
						
						
							
							another fix of my lala  
						
						
						
					 
					
						2010-12-10 10:11:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							029a6abba2 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-12-10 09:54:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							441fc8dbd9 
							
						 
					 
					
						
						
							
							update regarding boolean based expressions  
						
						
						
					 
					
						2010-12-09 21:15:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5fb921154 
							
						 
					 
					
						
						
							
							removed debug print  
						
						
						
					 
					
						2010-12-09 20:08:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1492823de0 
							
						 
					 
					
						
						
							
							it wasn't pretty, now it's pretty  
						
						
						
					 
					
						2010-12-09 20:06:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bbffea2cbc 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-09 17:10:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eb2c408a9 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-09 16:49:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							df5f6bc1b7 
							
						 
					 
					
						
						
							
							Little precaution  
						
						
						
					 
					
						2010-12-09 14:06:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9230877d98 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-09 13:57:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cdff29ada7 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-09 11:23:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							196131bbca 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-09 10:42:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec5c08ca7a 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-09 09:24:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3fd1c37d53 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-09 07:49:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db39dc32fc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-09 00:59:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c01be0eeb 
							
						 
					 
					
						
						
							
							Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).  
						
						
						
					 
					
						2010-12-09 00:34:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c61adb21d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-09 00:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c6527c72 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-09 00:25:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f5ce739bdf 
							
						 
					 
					
						
						
							
							Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.  
						
						
						
					 
					
						2010-12-08 23:52:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							10ef2b5de8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-08 23:09:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54f6673609 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-08 22:38:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6077273e0 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-08 22:14:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							258e9fb50e 
							
						 
					 
					
						
						
							
							fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)  
						
						
						
					 
					
						2010-12-08 21:16:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81c16926c1 
							
						 
					 
					
						
						
							
							code refactoring some more  
						
						
						
					 
					
						2010-12-08 14:46:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							40fadf2f35 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-08 14:33:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							95b48746a6 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-08 14:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed09c53ee4 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-08 14:27:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							01cf1394a4 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-08 14:26:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							af22679605 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-08 13:09:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6223f25dd9 
							
						 
					 
					
						
						
							
							code beautification  
						
						
						
					 
					
						2010-12-08 13:04:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							64cc2588f1 
							
						 
					 
					
						
						
							
							now resume is available for time-based blinds too  
						
						
						
					 
					
						2010-12-08 12:49:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							537b619165 
							
						 
					 
					
						
						
							
							removing junk  
						
						
						
					 
					
						2010-12-08 12:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5e45939e3 
							
						 
					 
					
						
						
							
							sqlmap premiere of blind time based query/bisection  
						
						
						
					 
					
						2010-12-08 12:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47bb31fb47 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-08 11:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae2fa7f1a 
							
						 
					 
					
						
						
							
							update regarding time based payloads  
						
						
						
					 
					
						2010-12-08 11:26:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bdff4aba6a 
							
						 
					 
					
						
						
							
							switching to quick_ratio  
						
						
						
					 
					
						2010-12-07 23:57:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1b82cf09c 
							
						 
					 
					
						
						
							
							ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results  
						
						
						
					 
					
						2010-12-07 23:53:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a63f5b1e 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 23:49:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b21eb88905 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 22:45:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							575e50673b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 19:27:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							398b82644a 
							
						 
					 
					
						
						
							
							little explanation  
						
						
						
					 
					
						2010-12-07 19:25:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee72838231 
							
						 
					 
					
						
						
							
							Removed debug print  
						
						
						
					 
					
						2010-12-07 17:19:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f97312f29 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-07 17:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81e7465ed2 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-07 17:16:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd4a5a532 
							
						 
					 
					
						
						
							
							added standard deviation check in time based tests  
						
						
						
					 
					
						2010-12-07 16:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4959da3ce6 
							
						 
					 
					
						
						
							
							it's a must to double check time based payloads  
						
						
						
					 
					
						2010-12-07 14:59:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e53fef546e 
							
						 
					 
					
						
						
							
							update regarding session page templates  
						
						
						
					 
					
						2010-12-07 14:35:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							add6235b16 
							
						 
					 
					
						
						
							
							removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session  
						
						
						
					 
					
						2010-12-07 14:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc630203f 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-07 13:34:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e78057ac8 
							
						 
					 
					
						
						
							
							Added counter of total HTTP(s) requests done during detection phase  
						
						
						
					 
					
						2010-12-07 12:33:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							effd2ca0e3 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-07 12:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2af8835a94 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter)  
						
						
						
					 
					
						2010-12-07 10:57:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d87489de5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 08:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0da1ebde7d 
							
						 
					 
					
						
						
							
							introducing PostgreSQL time based blind  
						
						
						
					 
					
						2010-12-07 00:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							61f82fd274 
							
						 
					 
					
						
						
							
							introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic  
						
						
						
					 
					
						2010-12-07 00:27:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2735848ab6 
							
						 
					 
					
						
						
							
							removed ERROR_SPACE  
						
						
						
					 
					
						2010-12-06 22:40:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ccc8f90a3 
							
						 
					 
					
						
						
							
							minor cosmetic update ("heuristics shows" is not grammatically correct)  
						
						
						
					 
					
						2010-12-06 18:47:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d336f1df23 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-06 18:44:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27ee9a5ccf 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 15:50:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8be14e00a 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 07:48:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a43d252ae9 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-06 00:14:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5189f138d7 
							
						 
					 
					
						
						
							
							increasing socket timeout in case of time based checks  
						
						
						
					 
					
						2010-12-05 23:18:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17449754fe 
							
						 
					 
					
						
						
							
							Got rid of UNION false cond  
						
						
						
					 
					
						2010-12-05 16:16:15 +00:00