stamparm
|
3a3f9c5ea1
|
Trivial commit related to the last one
|
2013-03-01 12:09:03 +01:00 |
|
stamparm
|
440b484bf6
|
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
|
2013-03-01 10:59:04 +01:00 |
|
Miroslav Stampar
|
e42350ddce
|
Minor style update
|
2013-02-28 20:28:34 +01:00 |
|
Miroslav Stampar
|
0e89cc62a2
|
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
|
2013-02-28 20:20:08 +01:00 |
|
stamparm
|
af4762ace2
|
Minor style update
|
2013-02-26 11:16:09 +01:00 |
|
stamparm
|
f6b43b4b13
|
Minor update for an Issue #290
|
2013-02-26 11:08:06 +01:00 |
|
stamparm
|
68ce51bfd4
|
Changing from warn to info for no WAF found
|
2013-02-22 12:15:38 +01:00 |
|
stamparm
|
0bbbfc2eac
|
Adding a small warning message (related to the Issue #407)
|
2013-02-22 11:12:41 +01:00 |
|
Miroslav Stampar
|
229e4e167b
|
Minor cosmetics
|
2013-02-21 21:06:31 +01:00 |
|
stamparm
|
3a8c0cd3a2
|
Minor style update
|
2013-02-21 14:52:56 +01:00 |
|
stamparm
|
29ba43ee6c
|
Unhidding switch '--identify-waf' (Issue #290)
|
2013-02-21 14:48:19 +01:00 |
|
stamparm
|
08f0670aca
|
Minor refactoring for an Issue #290
|
2013-02-21 14:39:22 +01:00 |
|
stamparm
|
8e49872d7c
|
Finalizing implementation for an Issue #290
|
2013-02-21 14:33:12 +01:00 |
|
stamparm
|
6b2981ef4e
|
Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)
|
2013-02-21 11:14:57 +01:00 |
|
Miroslav Stampar
|
5c099efccc
|
Fix for an Issue #401
|
2013-02-18 11:38:18 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
1618086027
|
Minor fix
|
2013-02-05 10:58:02 +01:00 |
|
Miroslav Stampar
|
44579120b5
|
Cosmetics
|
2013-02-05 10:02:11 +01:00 |
|
Miroslav Stampar
|
e7b93b5b66
|
Implementation for an Issue #363
|
2013-02-01 17:24:04 +01:00 |
|
Miroslav Stampar
|
993372aae4
|
Bug fix (causing search problems)
|
2013-02-01 11:24:17 +01:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Miroslav Stampar
|
8c84a16cb7
|
Minor style update for an Issue #377
|
2013-01-25 12:52:31 +01:00 |
|
Miroslav Stampar
|
194a9e7b88
|
Implementation for an Issue #377
|
2013-01-25 12:34:57 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Miroslav Stampar
|
ac7709204a
|
Better fix for that page/headers/comparison --string candidate problem
|
2013-01-18 17:00:11 +01:00 |
|
Miroslav Stampar
|
8141d17985
|
Revert of previous commit (more care has to be done regarding headers dynamicity)
|
2013-01-18 16:49:35 +01:00 |
|
Miroslav Stampar
|
33094a118c
|
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
|
2013-01-18 16:35:09 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Bernardo Damele
|
542f6de72e
|
typo fix
|
2013-01-16 01:31:03 +00:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Bernardo Damele
|
3a11d36c66
|
minor bug fix
|
2013-01-02 21:49:15 +00:00 |
|
Miroslav Stampar
|
df0f08bc6a
|
Cleaning some (web upload based) garbage
|
2012-12-13 13:19:47 +01:00 |
|
Miroslav Stampar
|
a54c261496
|
Minor update for Issues #292 & #293 (only single alert per target)
|
2012-12-11 14:44:43 +01:00 |
|
Miroslav Stampar
|
5c2451d83c
|
Implementation for an Issue #293
|
2012-12-11 12:48:58 +01:00 |
|
Miroslav Stampar
|
562044577b
|
Implementation for an Issue #292
|
2012-12-11 12:02:06 +01:00 |
|
Miroslav Stampar
|
42f4c2bac9
|
Minor fix when --dbms is enforced
|
2012-12-10 11:42:10 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
ca427af8b3
|
Minor refactoring/improvement
|
2012-10-28 01:42:08 +02:00 |
|
Miroslav Stampar
|
bcdba7b7bb
|
Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details
|
2012-10-28 01:11:50 +02:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
235cc656b9
|
Fix for an Issue #224
|
2012-10-25 15:25:31 +02:00 |
|
Miroslav Stampar
|
bcf708f4b1
|
Minor update
|
2012-10-25 13:37:33 +02:00 |
|
Miroslav Stampar
|
fdcdd11cb9
|
Minor update for an Issue #222
|
2012-10-25 13:35:44 +02:00 |
|
Miroslav Stampar
|
8a5844a364
|
Implementation for an Issue #222
|
2012-10-25 13:21:32 +02:00 |
|
Miroslav Stampar
|
9ad58cb531
|
Implementation for an Issue #204
|
2012-10-16 10:24:05 +02:00 |
|
Miroslav Stampar
|
f71b937add
|
Minor language cleanup
|
2012-10-04 18:28:36 +02:00 |
|
Miroslav Stampar
|
2fbd05c98f
|
Minor language update
|
2012-10-04 18:04:55 +02:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
9ca7b3e20e
|
Implementation for an Issue #194
|
2012-09-25 09:25:35 +02:00 |
|
Miroslav Stampar
|
c1c65a7167
|
Fix for an Issue #166
|
2012-08-29 20:21:45 +02:00 |
|
Miroslav Stampar
|
e9ae44c6fc
|
Implementation for an #162
|
2012-08-22 16:50:01 +02:00 |
|
Miroslav Stampar
|
0ad3846451
|
Minor language update
|
2012-08-22 16:10:56 +02:00 |
|
Miroslav Stampar
|
a62a874d59
|
Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)
|
2012-08-22 16:06:09 +02:00 |
|
Miroslav Stampar
|
4ab4fd1cb4
|
Minor update
|
2012-08-22 15:53:40 +02:00 |
|
Miroslav Stampar
|
52351e5d81
|
Update for an Issue #161 (now detecting format error messages too)
|
2012-08-22 15:51:47 +02:00 |
|
Miroslav Stampar
|
7b93108e7d
|
Favoring non-string specific boundaries in case of digit-like parameter values
|
2012-08-22 13:58:52 +02:00 |
|
Miroslav Stampar
|
8a5042b6a4
|
Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)
|
2012-08-22 11:56:30 +02:00 |
|
Miroslav Stampar
|
7d0662da23
|
Update for an #161
|
2012-08-22 11:42:06 +02:00 |
|
Miroslav Stampar
|
61151447fe
|
Implementation of an Issue #161
|
2012-08-22 11:27:58 +02:00 |
|
Miroslav Stampar
|
6210ddfbd6
|
Minor refactoring
|
2012-08-22 11:00:39 +02:00 |
|
Miroslav Stampar
|
a927d94d39
|
Update for an Issue #155
|
2012-08-22 10:57:31 +02:00 |
|
Miroslav Stampar
|
6f450ac8bf
|
Implementation for an Issue #155
|
2012-08-20 12:14:01 +02:00 |
|
Miroslav Stampar
|
823dde73ab
|
Minor cleanup
|
2012-08-20 11:40:49 +02:00 |
|
Miroslav Stampar
|
76338add17
|
Fix for an Issue #152
|
2012-08-20 10:41:43 +02:00 |
|
Miroslav Stampar
|
6f529542e3
|
Making those --string tips (containing escaped characters) decodable by sqlmap
|
2012-07-31 11:32:53 +02:00 |
|
Miroslav Stampar
|
b3552494c4
|
Minor preparation for an Issue #48
|
2012-07-26 12:26:57 +02:00 |
|
Miroslav Stampar
|
30f8d09651
|
Implementation for an Issue #70
|
2012-07-26 12:06:02 +02:00 |
|
Miroslav Stampar
|
2b60e61d54
|
Minor update for #119
|
2012-07-25 10:57:19 +02:00 |
|
Miroslav Stampar
|
922ea9d1f4
|
Update for Issue #118
|
2012-07-24 15:43:29 +02:00 |
|
Bernardo Damele
|
318a01b867
|
minor typo fixes
|
2012-07-17 00:25:02 +01:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
Miroslav Stampar
|
7ad6697446
|
Fix for Issue #57
|
2012-07-04 20:21:44 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
3da8f86e97
|
minor fix
|
2012-06-15 21:01:27 +00:00 |
|
Miroslav Stampar
|
76584ff0fa
|
unhidding --test-filter
|
2012-06-14 14:36:53 +00:00 |
|
Miroslav Stampar
|
d2bbfa4aad
|
minor style update
|
2012-05-28 14:04:17 +00:00 |
|
Miroslav Stampar
|
dc20bff1d0
|
minor update
|
2012-05-25 08:30:24 +00:00 |
|
Miroslav Stampar
|
7657bbeaf9
|
minor update
|
2012-05-24 22:32:06 +00:00 |
|
Miroslav Stampar
|
86fdad2bfa
|
minor update
|
2012-05-24 22:07:50 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
80ee687b41
|
minor beauty patch
|
2012-05-07 13:51:31 +00:00 |
|
Miroslav Stampar
|
6f67dc85ee
|
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
|
2012-04-25 20:29:07 +00:00 |
|
Miroslav Stampar
|
3532d23933
|
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
|
2012-04-23 13:41:36 +00:00 |
|
Miroslav Stampar
|
54576ab3a6
|
making a random choice from candidates
|
2012-04-13 10:54:30 +00:00 |
|
Miroslav Stampar
|
bbbcc95fe5
|
use it only if page is stable
|
2012-04-13 10:19:26 +00:00 |
|
Miroslav Stampar
|
b45ae10da4
|
minor fixes
|
2012-04-11 21:36:37 +00:00 |
|
Miroslav Stampar
|
e33ea7c33a
|
minor fix
|
2012-04-10 22:29:39 +00:00 |
|
Miroslav Stampar
|
a82206cec4
|
minor cosmetics
|
2012-04-10 21:57:00 +00:00 |
|
Miroslav Stampar
|
119eec3598
|
improving "boolean detection" by automatic recognition of convenient --string candidate
|
2012-04-10 21:48:34 +00:00 |
|
Miroslav Stampar
|
56638f9e95
|
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
|
2012-03-30 10:50:01 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
ce4c697bbd
|
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
|
2012-03-29 13:39:12 +00:00 |
|
Miroslav Stampar
|
c9cac957bb
|
adding one more case for false positive check (Generic tests without any DBMS knowledge)
|
2012-03-29 09:56:09 +00:00 |
|
Miroslav Stampar
|
3abcd6910a
|
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
|
2012-03-22 00:06:50 +00:00 |
|
Miroslav Stampar
|
0fc4288a7c
|
modifying redirection code for only two choices
|
2012-03-18 17:27:08 +00:00 |
|
Miroslav Stampar
|
577caac4de
|
putting kb.negativeLogic setting to the safe place
|
2012-03-16 09:17:11 +00:00 |
|