Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa58a9c86b 
							
						 
					 
					
						
						
							
							update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)  
						
						
						
					 
					
						2011-01-31 20:36:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8ef47307db 
							
						 
					 
					
						
						
							
							added checking of header values for GREP (error); still UNION to do  
						
						
						
					 
					
						2011-01-31 12:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8278d821ac 
							
						 
					 
					
						
						
							
							Another layout adjustment  
						
						
						
					 
					
						2011-01-30 16:23:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e74c571bc 
							
						 
					 
					
						
						
							
							centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels  
						
						
						
					 
					
						2011-01-27 19:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10b723f196 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by yonnym@googlemail.com  
						
						
						
					 
					
						2011-01-25 22:26:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1db2700f0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads  
						
						
						
					 
					
						2011-01-24 12:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4c79477d 
							
						 
					 
					
						
						
							
							world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)  
						
						
						
					 
					
						2011-01-21 18:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9770db597e 
							
						 
					 
					
						
						
							
							Centralization of unescape()  
						
						
						
					 
					
						2011-01-20 21:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							496a84c356 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 18:32:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eda0b41859 
							
						 
					 
					
						
						
							
							Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.  
						
						... 
						
						
						
						Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup 
						
					 
					
						2011-01-18 23:03:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a358561f 
							
						 
					 
					
						
						
							
							Proper support for --union-cols  
						
						
						
					 
					
						2011-01-17 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47565f9459 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2011-01-17 21:13:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5e36876e7 
							
						 
					 
					
						
						
							
							removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency  
						
						
						
					 
					
						2011-01-16 19:29:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							718eef8753 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-16 18:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec1ab3cd2a 
							
						 
					 
					
						
						
							
							removing timeSec from injection configuration attributes as it highly depends on current connection "variables"  
						
						
						
					 
					
						2011-01-16 12:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc4ebdc1b 
							
						 
					 
					
						
						
							
							Major bug fix.  
						
						... 
						
						
						
						Minor code refactoring. 
						
					 
					
						2011-01-16 01:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c0d5daee99 
							
						 
					 
					
						
						
							
							More refactoring and cleanup  
						
						
						
					 
					
						2011-01-16 00:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3a28124b1 
							
						 
					 
					
						
						
							
							More code cleanup  
						
						
						
					 
					
						2011-01-15 23:11:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a35f598b8 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 22:09:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f565c941e 
							
						 
					 
					
						
						
							
							bug fix and proper warning message  
						
						
						
					 
					
						2011-01-15 16:59:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5bdb50c224 
							
						 
					 
					
						
						
							
							code review part 3  
						
						
						
					 
					
						2011-01-15 13:15:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a0e0cde3c 
							
						 
					 
					
						
						
							
							code review of modules in lib/core directory  
						
						
						
					 
					
						2011-01-15 12:13:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05b2a338fe 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-14 16:12:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bff989d348 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 15:43:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							daf5662eab 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-14 15:33:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08f7e20c51 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 14:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e9b11b79 
							
						 
					 
					
						
						
							
							Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.  
						
						
						
					 
					
						2011-01-14 12:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							676b95b30a 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 09:44:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f8c04ce020 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 20:59:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ece2eb31ca 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 11:08:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							be6e2d6a31 
							
						 
					 
					
						
						
							
							Important bug fix.  
						
						... 
						
						
						
						Minor code restyling. 
						
					 
					
						2011-01-13 09:41:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8bdb7ec58c 
							
						 
					 
					
						
						
							
							Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.  
						
						
						
					 
					
						2011-01-12 00:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7c3c76c3 
							
						 
					 
					
						
						
							
							Fixed previous bug in getErrorParsedDBMSes() call in detection phase.  
						
						... 
						
						
						
						Added minor support to escape quotes in UNION payloads during detection phase. 
						
					 
					
						2011-01-11 23:47:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc9ca802bf 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-06 08:54:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							572f403069 
							
						 
					 
					
						
						
							
							update of one thing that was missing  
						
						
						
					 
					
						2011-01-03 21:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6aa616bd0d 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2011-01-03 14:28:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92e4cdb241 
							
						 
					 
					
						
						
							
							raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic  
						
						
						
					 
					
						2011-01-03 14:21:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3629c2737b 
							
						 
					 
					
						
						
							
							automatically turn on --text-only in case of heavily-dynamicity instead of critical exit  
						
						
						
					 
					
						2011-01-03 11:06:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adc41181e6 
							
						 
					 
					
						
						
							
							some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one  
						
						
						
					 
					
						2011-01-03 10:37:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5860b8942f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 09:16:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d19a8d53e4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 08:46:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8625494ff2 
							
						 
					 
					
						
						
							
							added one new quick check for multiple target(s) mode  
						
						
						
					 
					
						2011-01-03 08:32:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c6c870db4 
							
						 
					 
					
						
						
							
							removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode  
						
						
						
					 
					
						2011-01-02 08:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec4440108b 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-02 07:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							428e817a32 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2011-01-01 23:57:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							212035e64d 
							
						 
					 
					
						
						
							
							user can now choose if he wants to skip non-heuristic based DBMS tests  
						
						
						
					 
					
						2011-01-01 23:38:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8a93cfd975 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 22:43:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52e44df86c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 21:11:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							942cbafba6 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 20:19:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4fd8b3f0c 
							
						 
					 
					
						
						
							
							(e) finally works as it should  
						
						
						
					 
					
						2011-01-01 19:22:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							15e6911fd8 
							
						 
					 
					
						
						
							
							fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')  
						
						
						
					 
					
						2011-01-01 12:23:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							91f665aaaa 
							
						 
					 
					
						
						
							
							bug fix for Ctrl+C  
						
						
						
					 
					
						2010-12-31 15:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5db8ebbfa9 
							
						 
					 
					
						
						
							
							update of mysql comment versions  
						
						
						
					 
					
						2010-12-31 12:42:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							613242e298 
							
						 
					 
					
						
						
							
							bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)  
						
						
						
					 
					
						2010-12-29 19:48:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8f32c740ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-29 19:39:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6700cabc36 
							
						 
					 
					
						
						
							
							minor optimization  
						
						
						
					 
					
						2010-12-29 19:01:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							569e060aab 
							
						 
					 
					
						
						
							
							important improvement  
						
						
						
					 
					
						2010-12-26 13:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2d115e0350 
							
						 
					 
					
						
						
							
							one more fix  
						
						
						
					 
					
						2010-12-24 18:44:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							edcf1a0872 
							
						 
					 
					
						
						
							
							few bug fixes  
						
						
						
					 
					
						2010-12-24 18:40:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96a06351a1 
							
						 
					 
					
						
						
							
							minor fix (in testing phase raise404 should be set to False)  
						
						
						
					 
					
						2010-12-24 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aab14fa2d3 
							
						 
					 
					
						
						
							
							minor refactoring/cosmetics  
						
						
						
					 
					
						2010-12-24 11:06:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23dc408901 
							
						 
					 
					
						
						
							
							prioritization of tests based on DBMS error messages and some comments in common.py  
						
						
						
					 
					
						2010-12-24 10:55:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73f33c1999 
							
						 
					 
					
						
						
							
							bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)  
						
						
						
					 
					
						2010-12-23 11:28:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fc60215ed 
							
						 
					 
					
						
						
							
							lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.  
						
						
						
					 
					
						2010-12-22 19:12:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5228f336da 
							
						 
					 
					
						
						
							
							Minor fix for ctrl+c during detection phase  
						
						
						
					 
					
						2010-12-22 13:15:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08c88495d0 
							
						 
					 
					
						
						
							
							removed that ugly hack  
						
						
						
					 
					
						2010-12-22 13:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d974a966b8 
							
						 
					 
					
						
						
							
							minor fix for end phase (Ctrl+C)  
						
						
						
					 
					
						2010-12-21 23:55:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e68248f60 
							
						 
					 
					
						
						
							
							minor update of heuristic check  
						
						
						
					 
					
						2010-12-21 12:56:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							16f1f4e13e 
							
						 
					 
					
						
						
							
							when doing dynamic checks there are cases when 404 can be raised (perfectly normal)  
						
						
						
					 
					
						2010-12-21 11:04:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad6b528b33 
							
						 
					 
					
						
						
							
							Bit more verbose comment  
						
						
						
					 
					
						2010-12-21 10:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							416755c0b7 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2010-12-21 00:25:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e10670d9ac 
							
						 
					 
					
						
						
							
							added end detection phase choice into Ctrl+C list  
						
						
						
					 
					
						2010-12-20 23:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b34fe5c334 
							
						 
					 
					
						
						
							
							no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)  
						
						
						
					 
					
						2010-12-20 22:49:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf8929085 
							
						 
					 
					
						
						
							
							more minor updates  
						
						
						
					 
					
						2010-12-20 10:48:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fd00ff7a82 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-20 10:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e9f1ecb9e7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 10:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10a7a2dfb2 
							
						 
					 
					
						
						
							
							kids, don't use this at home  
						
						
						
					 
					
						2010-12-20 10:13:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4cb83654dc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-18 16:28:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05c6d661e8 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-18 10:49:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03220d34ba 
							
						 
					 
					
						
						
							
							added Ctrl+C check in detection phase  
						
						
						
					 
					
						2010-12-18 10:42:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							323af45ce4 
							
						 
					 
					
						
						
							
							added one more time request payload to confirm test results  
						
						
						
					 
					
						2010-12-17 07:53:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3fa3b0e8e 
							
						 
					 
					
						
						
							
							fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')  
						
						
						
					 
					
						2010-12-17 07:48:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8a01ddaf8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63f5c35c23 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-15 10:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5fb921154 
							
						 
					 
					
						
						
							
							removed debug print  
						
						
						
					 
					
						2010-12-09 20:08:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eb2c408a9 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-09 16:49:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							df5f6bc1b7 
							
						 
					 
					
						
						
							
							Little precaution  
						
						
						
					 
					
						2010-12-09 14:06:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c01be0eeb 
							
						 
					 
					
						
						
							
							Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).  
						
						
						
					 
					
						2010-12-09 00:34:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c61adb21d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-09 00:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							10ef2b5de8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-08 23:09:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81c16926c1 
							
						 
					 
					
						
						
							
							code refactoring some more  
						
						
						
					 
					
						2010-12-08 14:46:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed09c53ee4 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-08 14:27:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae2fa7f1a 
							
						 
					 
					
						
						
							
							update regarding time based payloads  
						
						
						
					 
					
						2010-12-08 11:26:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a63f5b1e 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 23:49:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							575e50673b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 19:27:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							398b82644a 
							
						 
					 
					
						
						
							
							little explanation  
						
						
						
					 
					
						2010-12-07 19:25:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee72838231 
							
						 
					 
					
						
						
							
							Removed debug print  
						
						
						
					 
					
						2010-12-07 17:19:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f97312f29 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-07 17:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd4a5a532 
							
						 
					 
					
						
						
							
							added standard deviation check in time based tests  
						
						
						
					 
					
						2010-12-07 16:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4959da3ce6 
							
						 
					 
					
						
						
							
							it's a must to double check time based payloads  
						
						
						
					 
					
						2010-12-07 14:59:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e53fef546e 
							
						 
					 
					
						
						
							
							update regarding session page templates  
						
						
						
					 
					
						2010-12-07 14:35:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							add6235b16 
							
						 
					 
					
						
						
							
							removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session  
						
						
						
					 
					
						2010-12-07 14:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc630203f 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-07 13:34:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e78057ac8 
							
						 
					 
					
						
						
							
							Added counter of total HTTP(s) requests done during detection phase  
						
						
						
					 
					
						2010-12-07 12:33:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d87489de5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 08:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0da1ebde7d 
							
						 
					 
					
						
						
							
							introducing PostgreSQL time based blind  
						
						
						
					 
					
						2010-12-07 00:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							61f82fd274 
							
						 
					 
					
						
						
							
							introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic  
						
						
						
					 
					
						2010-12-07 00:27:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2735848ab6 
							
						 
					 
					
						
						
							
							removed ERROR_SPACE  
						
						
						
					 
					
						2010-12-06 22:40:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ccc8f90a3 
							
						 
					 
					
						
						
							
							minor cosmetic update ("heuristics shows" is not grammatically correct)  
						
						
						
					 
					
						2010-12-06 18:47:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d336f1df23 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-06 18:44:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27ee9a5ccf 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 15:50:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5189f138d7 
							
						 
					 
					
						
						
							
							increasing socket timeout in case of time based checks  
						
						
						
					 
					
						2010-12-05 23:18:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a5cd3b35f 
							
						 
					 
					
						
						
							
							minor comment update  
						
						
						
					 
					
						2010-12-05 11:15:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							618b3b0211 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-05 11:05:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e5f933ace 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-12-04 15:47:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f795622b3 
							
						 
					 
					
						
						
							
							some fine tuning of dynamicity removing engine  
						
						
						
					 
					
						2010-12-04 13:39:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eeb199375b 
							
						 
					 
					
						
						
							
							usage of compiled regexes in case of dynamic markings and other refactoring  
						
						
						
					 
					
						2010-12-04 13:23:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc7a8f9e8 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-04 10:13:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04714374f9 
							
						 
					 
					
						
						
							
							now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))  
						
						
						
					 
					
						2010-12-04 10:05:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0e6359ab6e 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2010-12-03 16:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e73adec47 
							
						 
					 
					
						
						
							
							Get rid of one useless attribute  
						
						
						
					 
					
						2010-12-03 16:11:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11058667e4 
							
						 
					 
					
						
						
							
							Better naming  
						
						
						
					 
					
						2010-12-03 14:45:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b824826a89 
							
						 
					 
					
						
						
							
							Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses  
						
						
						
					 
					
						2010-12-03 14:39:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bb40ab9fb0 
							
						 
					 
					
						
						
							
							Major bug fix for default boolean-based vector still work and minor adjustments  
						
						
						
					 
					
						2010-12-03 14:31:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							612ee08a0b 
							
						 
					 
					
						
						
							
							added response time kb attribute  
						
						
						
					 
					
						2010-12-03 13:19:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4dec049c22 
							
						 
					 
					
						
						
							
							Major bug fix for test on ORDER BY and GROUP BY clauses.  
						
						... 
						
						
						
						Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value). 
						
					 
					
						2010-12-03 12:00:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d6f51f758 
							
						 
					 
					
						
						
							
							Avoid blank space between prefix and test's payload if it's a stacked queries test  
						
						
						
					 
					
						2010-12-03 10:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							283a04e29a 
							
						 
					 
					
						
						
							
							On my way to properly parse test's <where> tag in exploitation phase  
						
						
						
					 
					
						2010-12-01 23:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							089c16a1b8 
							
						 
					 
					
						
						
							
							Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.  
						
						... 
						
						
						
						Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders. 
						
					 
					
						2010-12-01 17:09:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							56d2b2f322 
							
						 
					 
					
						
						
							
							Avoid storing to session file also payload delimiters  
						
						
						
					 
					
						2010-12-01 10:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d84dcc5dc 
							
						 
					 
					
						
						
							
							More sense  
						
						
						
					 
					
						2010-12-01 09:17:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f943f5e4 
							
						 
					 
					
						
						
							
							Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.  
						
						... 
						
						
						
						Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file. 
						
					 
					
						2010-11-30 22:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fcdebbd55f 
							
						 
					 
					
						
						
							
							cosmeticados  
						
						
						
					 
					
						2010-11-30 14:48:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47a7708950 
							
						 
					 
					
						
						
							
							minor improvement of dynamic content detection/removal part  
						
						
						
					 
					
						2010-11-30 12:45:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9706656e 
							
						 
					 
					
						
						
							
							Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.  
						
						... 
						
						
						
						Minor code refactoring too. 
						
					 
					
						2010-11-29 17:18:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e9291932e5 
							
						 
					 
					
						
						
							
							Apply --level also to User-Agent (level >= 4) and Cookie (level >= 3).  
						
						... 
						
						
						
						GET and POST parameters are always tested. 
						
					 
					
						2010-11-29 16:33:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e735f2960a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-29 15:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c76d740a25 
							
						 
					 
					
						
						
							
							just a precaution  
						
						
						
					 
					
						2010-11-29 15:21:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							70e87d959e 
							
						 
					 
					
						
						
							
							update of dynamicity engine  
						
						
						
					 
					
						2010-11-29 15:14:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee4e04ebca 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2010-11-29 15:09:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2efb3b78ea 
							
						 
					 
					
						
						
							
							Consider also --dbms value during the detection phase  
						
						
						
					 
					
						2010-11-29 14:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							be6df7abd9 
							
						 
					 
					
						
						
							
							improvement of dynamicity engine  
						
						
						
					 
					
						2010-11-29 14:30:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							76ce9cc888 
							
						 
					 
					
						
						
							
							Minor bug fix for --forms  
						
						
						
					 
					
						2010-11-29 12:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6525e08d6b 
							
						 
					 
					
						
						
							
							Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values  
						
						
						
					 
					
						2010-11-29 12:13:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c22338ce90 
							
						 
					 
					
						
						
							
							Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).  
						
						
						
					 
					
						2010-11-29 11:47:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9d7087e2ff 
							
						 
					 
					
						
						
							
							Proper saving and resuming when more than a parameter are injectable.  
						
						... 
						
						
						
						Minor bug fix to --stacked-test
Minor code refactoring. 
						
					 
					
						2010-11-29 01:04:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							75f7df75b6 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-11-28 23:33:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							472f4465a6 
							
						 
					 
					
						
						
							
							Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.  
						
						... 
						
						
						
						Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring. 
						
					 
					
						2010-11-28 21:27:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6232397129 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-16 10:52:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6ef3846400 
							
						 
					 
					
						
						
							
							update regarding error parsing (and reporting)  
						
						
						
					 
					
						2010-11-16 10:42:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b3ad63b71e 
							
						 
					 
					
						
						
							
							major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)  
						
						
						
					 
					
						2010-11-15 14:59:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							39c6c9f386 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-15 12:19:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c25c017c08 
							
						 
					 
					
						
						
							
							cosmetics regarding --forms  
						
						
						
					 
					
						2010-11-15 11:50:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36c544f440 
							
						 
					 
					
						
						
							
							update (--forms acts now more like -g switch)  
						
						
						
					 
					
						2010-11-15 11:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a0fb96816f 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (value += actVer)  
						
						
						
					 
					
						2010-11-14 08:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							84849316b3 
							
						 
					 
					
						
						
							
							improvement of heuristic check (now original value is included too)  
						
						
						
					 
					
						2010-11-12 23:06:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d66f101da 
							
						 
					 
					
						
						
							
							fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)  
						
						
						
					 
					
						2010-11-12 22:29:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2d872f850a 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-11-11 19:54:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24238ccd0b 
							
						 
					 
					
						
						
							
							re-renaming of brute force switches. this way is better.  
						
						
						
					 
					
						2010-11-11 07:57:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96d88877ba 
							
						 
					 
					
						
						
							
							bug fix (reported by ToR)  
						
						
						
					 
					
						2010-11-10 19:44:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6807fb04cc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-09 22:44:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fef60d5cb7 
							
						 
					 
					
						
						
							
							some fixes :)  
						
						
						
					 
					
						2010-11-09 22:32:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2205099a5e 
							
						 
					 
					
						
						
							
							Python stylish  
						
						
						
					 
					
						2010-11-09 21:39:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cee888b613 
							
						 
					 
					
						
						
							
							tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)  
						
						
						
					 
					
						2010-11-09 19:14:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7fa8d4975 
							
						 
					 
					
						
						
							
							update regarding brute force retrieval of table names and table column names  
						
						
						
					 
					
						2010-11-09 16:15:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4be0631161 
							
						 
					 
					
						
						
							
							refactoring of brute force techniques  
						
						
						
					 
					
						2010-11-09 09:42:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fda8752dca 
							
						 
					 
					
						
						
							
							revert of some HTTP headers handling  
						
						
						
					 
					
						2010-11-08 13:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							78d7b17483 
							
						 
					 
					
						
						
							
							More replacements for refactoring.  
						
						... 
						
						
						
						Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters. 
						
					 
					
						2010-11-08 12:36:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d0e2a2228 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-08 09:49:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d551423379 
							
						 
					 
					
						
						
							
							further enum refactoring  
						
						
						
					 
					
						2010-11-08 09:44:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							862395ced1 
							
						 
					 
					
						
						
							
							further refactoring (all enumerations are now put into enums.py)  
						
						
						
					 
					
						2010-11-08 09:20:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0482e02c37 
							
						 
					 
					
						
						
							
							minor optimization  
						
						
						
					 
					
						2010-11-07 23:37:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f346eab33 
							
						 
					 
					
						
						
							
							fix for resume from session  
						
						
						
					 
					
						2010-11-07 23:25:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							620fa1c8fb 
							
						 
					 
					
						
						
							
							trust me, i know what i am doing :)  
						
						
						
					 
					
						2010-11-07 20:33:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4d81da6bc8 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-11-07 16:23:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6716315a76 
							
						 
					 
					
						
						
							
							Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity  
						
						
						
					 
					
						2010-11-07 15:45:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9669dbdae1 
							
						 
					 
					
						
						
							
							Minor cosmetics and adjustments  
						
						
						
					 
					
						2010-11-07 15:34:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b8c942b4a 
							
						 
					 
					
						
						
							
							more update  
						
						
						
					 
					
						2010-11-07 08:58:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00dfd55830 
							
						 
					 
					
						
						
							
							added powerful switch --longest-common for dealing with heavy dynamicity  
						
						
						
					 
					
						2010-11-07 08:52:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							508b9cc763 
							
						 
					 
					
						
						
							
							dynamicity engine update  
						
						
						
					 
					
						2010-11-07 00:12:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3619fc5127 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-06 08:31:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06760182f1 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-05 16:08:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9bc9302e58 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-11-05 16:03:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							44435adc4a 
							
						 
					 
					
						
						
							
							added some fancy Ctrl+C when having multiple targets  
						
						
						
					 
					
						2010-11-05 15:59:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e895fa512 
							
						 
					 
					
						
						
							
							update of dynamicity testing and few misc fixes  
						
						
						
					 
					
						2010-11-05 13:14:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ad6b2e9c21 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-11-04 16:47:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e1cec8c02b 
							
						 
					 
					
						
						
							
							fix for all that stable, dynamic mambo jambo :)  
						
						
						
					 
					
						2010-11-04 16:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							efe75aa8a3 
							
						 
					 
					
						
						
							
							added some debug messages  
						
						
						
					 
					
						2010-11-04 09:18:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71d0b1bcd7 
							
						 
					 
					
						
						
							
							several bug fixes  
						
						
						
					 
					
						2010-11-03 21:51:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6adee3792a 
							
						 
					 
					
						
						
							
							removed all trailing spaces from blank lines  
						
						
						
					 
					
						2010-11-03 10:08:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							685a8e7d2c 
							
						 
					 
					
						
						
							
							refactoring of hard coded dbms names  
						
						
						
					 
					
						2010-11-02 11:59:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13e93f564a 
							
						 
					 
					
						
						
							
							one bug fix in dynamic content engine and some code refactoring  
						
						
						
					 
					
						2010-11-02 07:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							486a113560 
							
						 
					 
					
						
						
							
							Consolidate logger messages for --*-test switches  
						
						
						
					 
					
						2010-10-31 16:58:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5a38ac7ea9 
							
						 
					 
					
						
						
							
							important update regarding (Bug  #209 ) - probably more will be needed  
						
						
						
					 
					
						2010-10-29 16:11:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5cc1bd8a12 
							
						 
					 
					
						
						
							
							major fix for heuristic check  
						
						
						
					 
					
						2010-10-27 08:27:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f5904d0bc0 
							
						 
					 
					
						
						
							
							Major bug fix to --union-test  
						
						
						
					 
					
						2010-10-25 23:39:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73eea81b3a 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-10-25 19:45:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d7bf94d4d6 
							
						 
					 
					
						
						
							
							fix for --beep  
						
						
						
					 
					
						2010-10-25 19:16:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							debaf2215f 
							
						 
					 
					
						
						
							
							Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch  
						
						
						
					 
					
						2010-10-25 15:54:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24c5d7b313 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-10-25 14:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c94a233a1 
							
						 
					 
					
						
						
							
							conf.md5hash thrown out  
						
						
						
					 
					
						2010-10-25 13:52:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8df7c88174 
							
						 
					 
					
						
						
							
							implementation of a new dynamic content removal engine  
						
						
						
					 
					
						2010-10-25 10:41:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52f910f752 
							
						 
					 
					
						
						
							
							added --beep (tested on Windows and Linux; for now turned off) switch  
						
						
						
					 
					
						2010-10-23 09:38:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00449f1402 
							
						 
					 
					
						
						
							
							fix/upgrade/chicken soup  
						
						
						
					 
					
						2010-10-20 09:54:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							934adb5e8d 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-10-20 09:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0817d1b78d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-10-19 23:09:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4009ef385e 
							
						 
					 
					
						
						
							
							more update regarding error based injection support  
						
						
						
					 
					
						2010-10-19 18:17:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a7fd29d4f 
							
						 
					 
					
						
						
							
							using pushValue and popValue  
						
						
						
					 
					
						2010-10-18 22:22:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a97319656c 
							
						 
					 
					
						
						
							
							optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing  
						
						
						
					 
					
						2010-10-18 21:47:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b8fff41fe 
							
						 
					 
					
						
						
							
							cosmetics (adding html parsed DBMS) regarding heuristic check  
						
						
						
					 
					
						2010-10-18 12:11:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d74036ee3 
							
						 
					 
					
						
						
							
							Minor cosmetic fixes  
						
						
						
					 
					
						2010-10-18 11:34:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6211915da5 
							
						 
					 
					
						
						
							
							Cosmetic fix  
						
						
						
					 
					
						2010-10-16 22:31:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2129935e06 
							
						 
					 
					
						
						
							
							Split character for tamper scripts (--tamper option) is now comma, not semi-colon.  
						
						... 
						
						
						
						Minor enhancement 
						
					 
					
						2010-10-16 21:52:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							84ed7f192a 
							
						 
					 
					
						
						
							
							Cosmetic fixes  
						
						
						
					 
					
						2010-10-16 15:10:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bf56f8c63c 
							
						 
					 
					
						
						
							
							Cosmetic fix  
						
						
						
					 
					
						2010-10-15 12:46:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f6d88a418 
							
						 
					 
					
						
						
							
							Minor comment  
						
						
						
					 
					
						2010-10-15 11:17:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							48cc8a308d 
							
						 
					 
					
						
						
							
							More verbose messages on successful --null-connection  
						
						
						
					 
					
						2010-10-15 10:24:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f48dd6f73 
							
						 
					 
					
						
						
							
							fix for skipping non-GET urls  
						
						
						
					 
					
						2010-10-15 09:54:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d0df8cdac9 
							
						 
					 
					
						
						
							
							fix for that duplicates  
						
						
						
					 
					
						2010-10-15 00:34:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f7f20b94f 
							
						 
					 
					
						
						
							
							sorry, cosmetics  
						
						
						
					 
					
						2010-10-14 23:18:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b48833136 
							
						 
					 
					
						
						
							
							large commit with copyright header modifications  
						
						
						
					 
					
						2010-10-14 14:41:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							162d01abed 
							
						 
					 
					
						
						
							
							commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)  
						
						
						
					 
					
						2010-10-14 11:06:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f700692c74 
							
						 
					 
					
						
						
							
							added missing files for Sybase  
						
						
						
					 
					
						2010-10-13 18:55:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							562df9c107 
							
						 
					 
					
						
						
							
							temporary fix (files left at home)  
						
						
						
					 
					
						2010-10-13 07:39:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2ec132469 
							
						 
					 
					
						
						
							
							added --text-only switch  
						
						
						
					 
					
						2010-10-12 19:41:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f9f79ffbaf 
							
						 
					 
					
						
						
							
							basic stuff for sybase  
						
						
						
					 
					
						2010-10-12 19:05:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ffa928783 
							
						 
					 
					
						
						
							
							added some user interaction when page is dynamic  
						
						
						
					 
					
						2010-10-12 15:49:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b748e6ea44 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-10-12 12:52:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e2bbfbe650 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-10-11 14:32:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							43892cddbb 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-10-11 12:26:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b0a132fa9 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-10-11 11:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a5bb2b0d6 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-10-10 19:50:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fcad29bbf 
							
						 
					 
					
						
						
							
							new feature --forms (still unfinished)  
						
						
						
					 
					
						2010-10-10 18:56:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							18d27cabc5 
							
						 
					 
					
						
						
							
							more changes  
						
						
						
					 
					
						2010-10-07 15:34:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1e9ae40397 
							
						 
					 
					
						
						
							
							major refactoring  
						
						
						
					 
					
						2010-10-07 12:12:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1bf8939e2f 
							
						 
					 
					
						
						
							
							further updates  
						
						
						
					 
					
						2010-10-06 22:43:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de6fa1247b 
							
						 
					 
					
						
						
							
							moved injections to xml format  
						
						
						
					 
					
						2010-10-06 22:29:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8abcdae1b5 
							
						 
					 
					
						
						
							
							some update  
						
						
						
					 
					
						2010-09-30 19:45:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cf8e92699c 
							
						 
					 
					
						
						
							
							changes regarding EXISTS feature  
						
						
						
					 
					
						2010-09-30 12:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c6bf0e43af 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-09-27 13:41:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc11ae0d65 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-09-26 14:56:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							35f35605df 
							
						 
					 
					
						
						
							
							changes regarding Feature  #160  
						
						
						
					 
					
						2010-09-26 14:02:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8cf1aa6abe 
							
						 
					 
					
						
						
							
							added keepAlive under -o switch too  
						
						
						
					 
					
						2010-09-16 10:41:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6259114c02 
							
						 
					 
					
						
						
							
							added optimization switch (-o)  
						
						
						
					 
					
						2010-09-16 10:12:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bfffd5e333 
							
						 
					 
					
						
						
							
							added --null-connection as an experimental option  
						
						
						
					 
					
						2010-09-16 10:01:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b745331974 
							
						 
					 
					
						
						
							
							added null connection check  
						
						
						
					 
					
						2010-09-16 08:43:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a72a25704 
							
						 
					 
					
						
						
							
							again minor update  
						
						
						
					 
					
						2010-09-15 13:59:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							53800ef65f 
							
						 
					 
					
						
						
							
							more refactoring  
						
						
						
					 
					
						2010-09-15 13:32:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							abc12bc361 
							
						 
					 
					
						
						
							
							more refactoring  
						
						
						
					 
					
						2010-09-15 13:28:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							77a53228c5 
							
						 
					 
					
						
						
							
							changes regarding dynamic content recognition  
						
						
						
					 
					
						2010-09-13 21:01:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c886659f82 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-09-13 15:24:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2350a3c74d 
							
						 
					 
					
						
						
							
							minor change  
						
						
						
					 
					
						2010-09-13 15:20:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cdc6bdcbe8 
							
						 
					 
					
						
						
							
							changes  
						
						
						
					 
					
						2010-09-13 15:19:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19fb2e3dcf 
							
						 
					 
					
						
						
							
							fix for Bug  #165  
						
						
						
					 
					
						2010-09-13 13:31:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							48cc87f6a9 
							
						 
					 
					
						
						
							
							added support for fingerprinting SAP MaxDB (Issue 143)  
						
						
						
					 
					
						2010-08-30 13:29:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8cb95583e3 
							
						 
					 
					
						
						
							
							some more adjustments  
						
						
						
					 
					
						2010-07-30 12:59:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							092829c189 
							
						 
					 
					
						
						
							
							implemented basic smoke testing mechanism  
						
						
						
					 
					
						2010-07-30 12:49:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							28d9115373 
							
						 
					 
					
						
						
							
							fix for Feature  #187  (Skip duplicates parameters in -g)  
						
						
						
					 
					
						2010-07-29 20:01:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							12a5ec9f3d 
							
						 
					 
					
						
						
							
							more unicode refactoring  
						
						
						
					 
					
						2010-06-02 12:45:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06af405efd 
							
						 
					 
					
						
						
							
							Adapted and merged in patch to support XML output (-x switch) - still in beta.  
						
						... 
						
						
						
						Minor bug fixes and adjustments. 
						
					 
					
						2010-05-28 16:43:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3db3c03c1 
							
						 
					 
					
						
						
							
							str() -> unicode()  
						
						
						
					 
					
						2010-05-28 13:05:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							14cab8527e 
							
						 
					 
					
						
						
							
							minor adjustment  
						
						
						
					 
					
						2010-05-21 14:25:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3110bb10fc 
							
						 
					 
					
						
						
							
							added test for site existance  
						
						
						
					 
					
						2010-05-21 13:36:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							65a05452f7 
							
						 
					 
					
						
						
							
							Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See  #190 :  
						
						... 
						
						
						
						* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C 
						
					 
					
						2010-05-07 13:40:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fdebb5d5b 
							
						 
					 
					
						
						
							
							Added support to directly connect also to Microsoft SQL Server database.  
						
						... 
						
						
						
						Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods. 
						
					 
					
						2010-03-31 10:50:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8702cce760 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-03-30 13:23:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a6f21095 
							
						 
					 
					
						
						
							
							refactoring regarding usage of conf.dbmsConnector.connect()  
						
						
						
					 
					
						2010-03-30 13:03:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1416cd0d86 
							
						 
					 
					
						
						
							
							Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see  #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).  
						
						... 
						
						
						
						Minor layout adjustments. 
						
					 
					
						2010-03-26 23:23:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2aadc5c939 
							
						 
					 
					
						
						
							
							Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket  #180 .  
						
						... 
						
						
						
						Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring. 
						
					 
					
						2010-03-25 15:46:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d00e4a458a 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2010-03-21 00:39:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0d559d14df 
							
						 
					 
					
						
						
							
							Initial support for SQLite (90% approx).  
						
						... 
						
						
						
						Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments. 
						
					 
					
						2010-03-18 17:20:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d2f86fb0a5 
							
						 
					 
					
						
						
							
							Fixes   #172  - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now  
						
						
						
					 
					
						2010-03-16 15:21:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							466df89c4a 
							
						 
					 
					
						
						
							
							Fixes   #178  and  #179  - proper handling of custom redirects  
						
						
						
					 
					
						2010-03-16 14:30:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3b3353e05b 
							
						 
					 
					
						
						
							
							Revert last commit  
						
						
						
					 
					
						2010-03-16 13:56:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1dfe558d3d 
							
						 
					 
					
						
						
							
							Fix for Issue  #177  
						
						
						
					 
					
						2010-03-16 13:11:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							323cf2b7f2 
							
						 
					 
					
						
						
							
							Fixes   #177  - Don't exit at exception if in "multiple targets" mode (-l or -g)  
						
						
						
					 
					
						2010-03-16 12:14:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8af7d6c58b 
							
						 
					 
					
						
						
							
							minor cosmetic update  
						
						
						
					 
					
						2010-03-15 11:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a0ec447b7d 
							
						 
					 
					
						
						
							
							fix for Issue  #170  
						
						
						
					 
					
						2010-03-15 11:33:34 +00:00