sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	416755c0b7	minor adjustments	2010-12-21 00:25:03 +00:00
Miroslav Stampar	eaf8929085	more minor updates	2010-12-20 10:48:53 +00:00
Miroslav Stampar	e9f1ecb9e7	minor update	2010-12-20 10:32:58 +00:00
Miroslav Stampar	10a7a2dfb2	kids, don't use this at home	2010-12-20 10:13:14 +00:00
Miroslav Stampar	fe67d3827c	code refactoring and some fixes	2010-12-18 09:51:34 +00:00
Miroslav Stampar	f8a01ddaf8	minor update	2010-12-15 11:21:47 +00:00
Miroslav Stampar	63f5c35c23	bug fix	2010-12-15 10:02:58 +00:00
Miroslav Stampar	0dc630203f	code refactoring	2010-12-07 13:34:06 +00:00
Bernardo Damele	8e78057ac8	Added counter of total HTTP(s) requests done during detection phase	2010-12-07 12:33:47 +00:00
Bernardo Damele	0e6359ab6e	Minor layout adjustment	2010-12-03 16:11:35 +00:00
Miroslav Stampar	612ee08a0b	added response time kb attribute	2010-12-03 13:19:34 +00:00
Bernardo Damele	089c16a1b8	Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. Removed some useless tests. Moved <error> from queries.xml to payloads.xml as it makes more sense. Beeps at sql inj found only if --beep is provided. Minor fix in order to be able to pickle advancedDict() objects. Minor code refactoring. Removed useless folders.	2010-12-01 17:09:52 +00:00
Bernardo Damele	c8f943f5e4	Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.	2010-11-30 22:40:25 +00:00
Miroslav Stampar	fcdebbd55f	cosmeticados	2010-11-30 14:48:13 +00:00
Bernardo Damele	8b9706656e	Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now. Minor code refactoring too.	2010-11-29 17:18:38 +00:00
Bernardo Damele	e9291932e5	Apply --level also to User-Agent (level >= 4) and Cookie (level >= 3). GET and POST parameters are always tested.	2010-11-29 16:33:20 +00:00
Bernardo Damele	c76d740a25	just a precaution	2010-11-29 15:21:56 +00:00
Bernardo Damele	ee4e04ebca	Minor adjustment	2010-11-29 15:09:40 +00:00
Bernardo Damele	76ce9cc888	Minor bug fix for --forms	2010-11-29 12:46:18 +00:00
Bernardo Damele	9d7087e2ff	Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.	2010-11-29 01:04:42 +00:00
Bernardo Damele	75f7df75b6	Minor fix	2010-11-28 23:33:51 +00:00
Bernardo Damele	472f4465a6	Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase. Minor bug fix to properly handle the case that no injections are found. Nicer display of injection vulnerabilities detected. Minor code refactoring.	2010-11-28 21:27:47 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Miroslav Stampar	39c6c9f386	minor update	2010-11-15 12:19:22 +00:00
Miroslav Stampar	c25c017c08	cosmetics regarding --forms	2010-11-15 11:50:33 +00:00
Miroslav Stampar	36c544f440	update (--forms acts now more like -g switch)	2010-11-15 11:34:57 +00:00
Miroslav Stampar	96d88877ba	bug fix (reported by ToR)	2010-11-10 19:44:51 +00:00
Miroslav Stampar	6807fb04cc	minor update	2010-11-09 22:44:23 +00:00
Miroslav Stampar	fef60d5cb7	some fixes :)	2010-11-09 22:32:05 +00:00
Miroslav Stampar	fda8752dca	revert of some HTTP headers handling	2010-11-08 13:26:45 +00:00
Bernardo Damele	78d7b17483	More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.	2010-11-08 12:36:48 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	0482e02c37	minor optimization	2010-11-07 23:37:15 +00:00
Miroslav Stampar	620fa1c8fb	trust me, i know what i am doing :)	2010-11-07 20:33:33 +00:00
Bernardo Damele	4d81da6bc8	Cosmetics	2010-11-07 16:23:03 +00:00
Bernardo Damele	6716315a76	Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity	2010-11-07 15:45:26 +00:00
Bernardo Damele	9669dbdae1	Minor cosmetics and adjustments	2010-11-07 15:34:52 +00:00
Miroslav Stampar	06760182f1	cosmetics	2010-11-05 16:08:42 +00:00
Miroslav Stampar	9bc9302e58	minor fix	2010-11-05 16:03:12 +00:00
Miroslav Stampar	44435adc4a	added some fancy Ctrl+C when having multiple targets	2010-11-05 15:59:25 +00:00
Miroslav Stampar	0e895fa512	update of dynamicity testing and few misc fixes	2010-11-05 13:14:12 +00:00
Miroslav Stampar	ad6b2e9c21	minor fix	2010-11-04 16:47:18 +00:00
Miroslav Stampar	e1cec8c02b	fix for all that stable, dynamic mambo jambo :)	2010-11-04 16:44:34 +00:00
Miroslav Stampar	6adee3792a	removed all trailing spaces from blank lines	2010-11-03 10:08:27 +00:00
Bernardo Damele	6211915da5	Cosmetic fix	2010-10-16 22:31:16 +00:00
Bernardo Damele	2129935e06	Split character for tamper scripts (--tamper option) is now comma, not semi-colon. Minor enhancement	2010-10-16 21:52:16 +00:00
Miroslav Stampar	0f48dd6f73	fix for skipping non-GET urls	2010-10-15 09:54:29 +00:00
Miroslav Stampar	d0df8cdac9	fix for that duplicates	2010-10-15 00:34:16 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00

1 2

100 Commits