Miroslav Stampar
|
8227298057
|
user friendliness uber 9000
|
2011-05-27 08:30:52 +00:00 |
|
Miroslav Stampar
|
5369657cd5
|
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
|
2011-05-25 20:54:30 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Miroslav Stampar
|
29ee760021
|
improving time based data retrieval mechanism
|
2011-04-17 07:24:18 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
277f16d6b3
|
removing commented out debug print
|
2011-04-08 22:44:05 +00:00 |
|
Miroslav Stampar
|
ea52d7acad
|
minor revisit of inference
|
2011-03-24 20:10:40 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
0edb4ee314
|
minor fix
|
2011-02-03 13:28:10 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|
Miroslav Stampar
|
777a19cfa9
|
LOL. removing that debug 'True'
|
2011-01-31 16:22:55 +00:00 |
|
Miroslav Stampar
|
a80fe28631
|
one more thing ;)
|
2011-01-31 16:21:28 +00:00 |
|
Miroslav Stampar
|
933d701667
|
cosmetics
|
2011-01-31 16:14:44 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Bernardo Damele
|
2a0b03e5c6
|
Unused import
|
2011-01-30 17:07:27 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
8d0c2efbe2
|
unescaping of char marked payloads
|
2011-01-24 12:00:16 +00:00 |
|
Miroslav Stampar
|
a4a0f10950
|
minor minor minor
|
2011-01-20 09:25:34 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
eadaf680de
|
fuck yea
|
2011-01-19 15:25:48 +00:00 |
|
Bernardo Damele
|
3822b494ea
|
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
|
2011-01-17 23:43:37 +00:00 |
|
Miroslav Stampar
|
5c857779c1
|
important fix for unicode based character inference
|
2011-01-17 10:15:19 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Bernardo Damele
|
6e4b65a822
|
Minor refactoring
|
2011-01-15 23:28:31 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Bernardo Damele
|
06230e4d92
|
Minor code refactoring and cosmetics
|
2011-01-11 21:46:21 +00:00 |
|
Miroslav Stampar
|
7ae5192070
|
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
|
2011-01-05 10:25:07 +00:00 |
|
Miroslav Stampar
|
edcf1a0872
|
few bug fixes
|
2010-12-24 18:40:48 +00:00 |
|
Miroslav Stampar
|
385e208f38
|
code refactoring regarding standard output suppression and some threading issues
|
2010-12-21 14:21:24 +00:00 |
|
Miroslav Stampar
|
5852bad963
|
some refactoring
|
2010-12-20 18:56:06 +00:00 |
|
Miroslav Stampar
|
36862e2efa
|
update
|
2010-12-18 15:57:47 +00:00 |
|
Miroslav Stampar
|
6a24048aa6
|
urllib2 doesn't play well with '\n' when non unescaped chars used
|
2010-12-11 21:17:54 +00:00 |
|
Miroslav Stampar
|
f021548bd0
|
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
|
2010-12-11 10:52:04 +00:00 |
|
Miroslav Stampar
|
c17f444aab
|
minor fix
|
2010-12-11 10:22:18 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|
Miroslav Stampar
|
cdff29ada7
|
update
|
2010-12-09 11:23:44 +00:00 |
|
Bernardo Damele
|
f5ce739bdf
|
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
|
2010-12-08 23:52:31 +00:00 |
|
Miroslav Stampar
|
6223f25dd9
|
code beautification
|
2010-12-08 13:04:48 +00:00 |
|
Miroslav Stampar
|
b5e45939e3
|
sqlmap premiere of blind time based query/bisection
|
2010-12-08 12:28:54 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|
Miroslav Stampar
|
3f0a443b83
|
some updates
|
2010-11-04 23:08:59 +00:00 |
|
Miroslav Stampar
|
cd0d4135ac
|
implemented --banner for MaxDB and some minor fixes
|
2010-11-02 20:51:55 +00:00 |
|
Miroslav Stampar
|
5269cb8c08
|
some code refactoring and beautification
|
2010-11-02 09:06:38 +00:00 |
|