sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-09-21 03:22:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 8227e6d3cf bug fix for BENCHMARK time-based vectors Miroslav Stampar 2010-12-08 11:49:55 +0000
  • 47bb31fb47 code refactoring Miroslav Stampar 2010-12-08 11:30:25 +0000
  • 1ae2fa7f1a update regarding time based payloads Miroslav Stampar 2010-12-08 11:26:54 +0000
  • bdff4aba6a switching to quick_ratio Miroslav Stampar 2010-12-07 23:57:43 +0000
  • c1b82cf09c ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results Miroslav Stampar 2010-12-07 23:53:44 +0000
  • a4a63f5b1e minor update Miroslav Stampar 2010-12-07 23:49:00 +0000
  • 293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) Miroslav Stampar 2010-12-07 23:32:33 +0000
  • b21eb88905 minor update Miroslav Stampar 2010-12-07 22:45:38 +0000
  • 575e50673b minor update Miroslav Stampar 2010-12-07 19:27:01 +0000
  • 398b82644a little explanation Miroslav Stampar 2010-12-07 19:25:26 +0000
  • dc651d59ec little mathematics here and there (used "Rules for normally distributed data") Miroslav Stampar 2010-12-07 19:19:12 +0000
  • ee72838231 Removed debug print Bernardo Damele 2010-12-07 17:19:29 +0000
  • 5f97312f29 Minor fix Bernardo Damele 2010-12-07 17:17:38 +0000
  • 8ff7c9a5a1 Works on Oracle's GROUP BY too Bernardo Damele 2010-12-07 17:17:01 +0000
  • 81e7465ed2 Cosmetics Bernardo Damele 2010-12-07 17:16:21 +0000
  • ecd4a5a532 added standard deviation check in time based tests Miroslav Stampar 2010-12-07 16:39:31 +0000
  • 294119d2ec more advanced time technique(s) Miroslav Stampar 2010-12-07 16:04:53 +0000
  • 4959da3ce6 it's a must to double check time based payloads Miroslav Stampar 2010-12-07 14:59:11 +0000
  • e53fef546e update regarding session page templates Miroslav Stampar 2010-12-07 14:35:31 +0000
  • add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session Miroslav Stampar 2010-12-07 14:06:54 +0000
  • 0dc630203f code refactoring Miroslav Stampar 2010-12-07 13:34:06 +0000
  • 4f01d4c109 number crunching based time payloads are now affected by conf.timeSec Miroslav Stampar 2010-12-07 13:24:18 +0000
  • d0936bc8ed adding vectors for SQLite time-based payloads Miroslav Stampar 2010-12-07 13:14:56 +0000
  • 54b8cb76a1 Messed up with my last merge, all fixed now Bernardo Damele 2010-12-07 12:59:53 +0000
  • b38a634d95 bug fix Miroslav Stampar 2010-12-07 12:55:31 +0000
  • 7c32db6e9d Forgot when merged with my last commit Bernardo Damele 2010-12-07 12:52:09 +0000
  • acac0d346f Minor bug fixes and adjustments Bernardo Damele 2010-12-07 12:45:45 +0000
  • 8e78057ac8 Added counter of total HTTP(s) requests done during detection phase Bernardo Damele 2010-12-07 12:33:47 +0000
  • effd2ca0e3 Cosmetics Bernardo Damele 2010-12-07 12:32:58 +0000
  • 2b2b7dc3a6 added vectors for time-based Firebird payloads Miroslav Stampar 2010-12-07 12:20:48 +0000
  • 36a7fca8d5 added time-based payload vector for MSSQL Miroslav Stampar 2010-12-07 12:06:25 +0000
  • 485981c619 added vectors for PostgresSQL time-based payloads Miroslav Stampar 2010-12-07 11:57:33 +0000
  • f9085e01e7 added vectors for Oracle time-based payloads Miroslav Stampar 2010-12-07 11:47:29 +0000
  • 2af8835a94 fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter) Miroslav Stampar 2010-12-07 10:57:32 +0000
  • 3d87489de5 minor update Miroslav Stampar 2010-12-07 08:05:03 +0000
  • 90b776c1a2 update Miroslav Stampar 2010-12-07 00:58:54 +0000
  • 0da1ebde7d introducing PostgreSQL time based blind Miroslav Stampar 2010-12-07 00:51:14 +0000
  • 1ba98dc9ec found a fix for a OR time-based MySQL payload :) Miroslav Stampar 2010-12-07 00:31:46 +0000
  • 61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic Miroslav Stampar 2010-12-07 00:27:26 +0000
  • 32f1909131 Some more "advanced" boundaries Bernardo Damele 2010-12-06 23:15:41 +0000
  • 84a038d0a3 added one more subtag Miroslav Stampar 2010-12-06 23:10:38 +0000
  • 1031723c89 added one more time based blind for Oracle Miroslav Stampar 2010-12-06 23:05:53 +0000
  • 7697d19292 space replace is not needed in other two Oracle error based payloads; removing incorrect dbms_version for ctxsys.drithsx.sn as it also works on 10g Miroslav Stampar 2010-12-06 22:52:18 +0000
  • 2735848ab6 removed ERROR_SPACE Miroslav Stampar 2010-12-06 22:40:07 +0000
  • f516c18a2a minor update Miroslav Stampar 2010-12-06 21:39:57 +0000
  • 0c5c2aa807 adding one more error based payload for Oracle Miroslav Stampar 2010-12-06 21:20:26 +0000
  • 956a155377 adding one more error based payload for Oracle Miroslav Stampar 2010-12-06 20:43:23 +0000
  • ff43a4a955 minor update to preserve consistency of payload naming Miroslav Stampar 2010-12-06 20:28:26 +0000
  • c0e05d6869 update Miroslav Stampar 2010-12-06 19:11:05 +0000
  • 9ccc8f90a3 minor cosmetic update ("heuristics shows" is not grammatically correct) Miroslav Stampar 2010-12-06 18:47:22 +0000
  • d336f1df23 minor update Miroslav Stampar 2010-12-06 18:44:42 +0000
  • d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) Miroslav Stampar 2010-12-06 18:20:57 +0000
  • e4b51dd549 proper way of handling OR based injections (completely compatible with current AND based inference engine) Miroslav Stampar 2010-12-06 17:23:21 +0000
  • 27ee9a5ccf minor refactoring Miroslav Stampar 2010-12-06 15:50:19 +0000
  • e8be14e00a minor refactoring Miroslav Stampar 2010-12-06 07:48:14 +0000
  • a43d252ae9 minor update Miroslav Stampar 2010-12-06 00:14:08 +0000
  • 5189f138d7 increasing socket timeout in case of time based checks Miroslav Stampar 2010-12-05 23:18:16 +0000
  • 17449754fe Got rid of UNION false cond Bernardo Damele 2010-12-05 16:16:15 +0000
  • a1e89d3e94 Minor tweak Bernardo Damele 2010-12-05 13:12:12 +0000
  • da3fd17fc3 Adjustment to make it work also in OR based injection Bernardo Damele 2010-12-05 12:24:23 +0000
  • bf425d90bc More tweaking Bernardo Damele 2010-12-05 12:23:18 +0000
  • 41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections Bernardo Damele 2010-12-05 11:25:44 +0000
  • 7a5cd3b35f minor comment update Miroslav Stampar 2010-12-05 11:15:09 +0000
  • 191ba3118f Cosmetics Bernardo Damele 2010-12-05 11:08:52 +0000
  • 1b17bac494 Sorted out Bernardo Damele 2010-12-05 11:06:37 +0000
  • 618b3b0211 Cosmetics Bernardo Damele 2010-12-05 11:05:57 +0000
  • 8066610217 Minor improvements to OR based injections Bernardo Damele 2010-12-05 10:55:19 +0000
  • 2612615978 Major improvements Bernardo Damele 2010-12-04 16:40:08 +0000
  • 9e5f933ace some updates Miroslav Stampar 2010-12-04 15:47:02 +0000
  • 3f9450b9dc minor fix Miroslav Stampar 2010-12-04 14:43:35 +0000
  • 1f795622b3 some fine tuning of dynamicity removing engine Miroslav Stampar 2010-12-04 13:39:35 +0000
  • eeb199375b usage of compiled regexes in case of dynamic markings and other refactoring Miroslav Stampar 2010-12-04 13:23:28 +0000
  • 0fc7a8f9e8 code refactoring Miroslav Stampar 2010-12-04 10:13:18 +0000
  • 04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) Miroslav Stampar 2010-12-04 10:05:18 +0000
  • 95a3f4b52f Rudimental OR boolean-based tests for login forms Bernardo Damele 2010-12-03 22:58:35 +0000
  • b3a094b9d6 fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql') Miroslav Stampar 2010-12-03 22:44:29 +0000
  • 5764816891 minor cosmetics Miroslav Stampar 2010-12-03 22:28:09 +0000
  • 5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too Bernardo Damele 2010-12-03 17:41:10 +0000
  • 9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) Bernardo Damele 2010-12-03 16:12:47 +0000
  • 91c3cf8fd0 Minor improvement Bernardo Damele 2010-12-03 16:11:57 +0000
  • 0e6359ab6e Minor layout adjustment Bernardo Damele 2010-12-03 16:11:35 +0000
  • 6e73adec47 Get rid of one useless attribute Bernardo Damele 2010-12-03 16:11:13 +0000
  • 126a1479d8 Bug fix for --union-test Bernardo Damele 2010-12-03 14:57:30 +0000
  • 072835e04b Removed for time being Bernardo Damele 2010-12-03 14:48:31 +0000
  • 11058667e4 Better naming Bernardo Damele 2010-12-03 14:45:13 +0000
  • b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses Bernardo Damele 2010-12-03 14:39:51 +0000
  • bb40ab9fb0 Major bug fix for default boolean-based vector still work and minor adjustments Bernardo Damele 2010-12-03 14:31:11 +0000
  • 612ee08a0b added response time kb attribute Miroslav Stampar 2010-12-03 13:19:34 +0000
  • 73dfb69308 minor update for OR based time injection (Firebird) Miroslav Stampar 2010-12-03 12:15:41 +0000
  • 4dec049c22 Major bug fix for test on ORDER BY and GROUP BY clauses. Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value). Bernardo Damele 2010-12-03 12:00:03 +0000
  • 827a0aea05 Minor bug fix Bernardo Damele 2010-12-03 11:15:11 +0000
  • 23a86ed612 minor bug fix related to Firebird time based test vectors Miroslav Stampar 2010-12-03 11:05:16 +0000
  • 7690aa85ce Added a comment needed to understand this hack when looking at the code in a month or so ;) Bernardo Damele 2010-12-03 11:00:41 +0000
  • 0069a21a0d Added also OR error-based checks, tweaked some TODOs and added some new boundaries for login forms (yet to test) Bernardo Damele 2010-12-03 10:52:24 +0000
  • a9d4b37987 Code cleanup and minor refactoring Bernardo Damele 2010-12-03 10:51:27 +0000
  • 22de82634a Important update to parse correctly the <where> tag during exploitation phase. Minor code cleanup. Bernardo Damele 2010-12-03 10:44:16 +0000
  • 7d6f51f758 Avoid blank space between prefix and test's payload if it's a stacked queries test Bernardo Damele 2010-12-03 10:42:46 +0000
  • b0928e02c6 Proper comment Bernardo Damele 2010-12-03 10:39:36 +0000
  • 2cc167a42e fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'" Miroslav Stampar 2010-12-02 18:57:43 +0000
  • bf09b8a6d9 added Firebird error based (WHERE) attack vector Miroslav Stampar 2010-12-02 15:09:21 +0000