sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-09-20 19:12:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 42d09d604e minor fix Miroslav Stampar 2010-11-15 09:48:58 +0000
  • a9152c6723 Updated doc Bernardo Damele 2010-11-14 22:36:54 +0000
  • 5f46a549ba Cosmetics for --forms Bernardo Damele 2010-11-14 21:59:35 +0000
  • 0bfc1b411a Another bug fix for --union-test Bernardo Damele 2010-11-14 15:39:57 +0000
  • a0fb96816f fix for a bug reported by ToR (value += actVer) Miroslav Stampar 2010-11-14 08:31:29 +0000
  • 5e41cd07a3 Updated doc Bernardo Damele 2010-11-13 23:31:18 +0000
  • 7da079fa32 More verbose comment for direct connection Bernardo Damele 2010-11-13 23:30:38 +0000
  • 8d07272c82 Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file. Bernardo Damele 2010-11-13 23:24:41 +0000
  • df5dc10111 Major enhancement to --union-test check Bernardo Damele 2010-11-13 22:47:37 +0000
  • 84849316b3 improvement of heuristic check (now original value is included too) Miroslav Stampar 2010-11-12 23:06:01 +0000
  • 06a872fc99 update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read)) Miroslav Stampar 2010-11-12 22:57:33 +0000
  • 27735b14df update (--string and --regex should be done regardless of wasLastRequestError) Miroslav Stampar 2010-11-12 22:44:15 +0000
  • 0d66f101da fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages) Miroslav Stampar 2010-11-12 22:29:33 +0000
  • a777d59870 Minor bug fix Bernardo Damele 2010-11-12 15:17:12 +0000
  • 0a83a830d9 Properly handle both HTTPS and HTTP requests through proxy Bernardo Damele 2010-11-12 14:21:46 +0000
  • e1ef27f592 work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https Bernardo Damele 2010-11-12 12:25:02 +0000
  • 9f53048ff4 Put a space always between the user's provided prefix and sqlmap payload Bernardo Damele 2010-11-12 11:48:26 +0000
  • 697b32554c fix for a bug "ordinal not in range(128)" reported by bugtrace Miroslav Stampar 2010-11-12 11:48:25 +0000
  • f83dd2251b Properly save error-based enumerated data in session file, able to be resumed like with other techniques Bernardo Damele 2010-11-12 11:40:37 +0000
  • a34c1b287c Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) Bernardo Damele 2010-11-12 11:33:11 +0000
  • 8cec75656c Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp) Bernardo Damele 2010-11-12 10:31:42 +0000
  • a14e4d9668 Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually. Bernardo Damele 2010-11-12 10:16:39 +0000
  • 64b5de44a0 Converted to new XML object format Bernardo Damele 2010-11-12 10:11:13 +0000
  • 66c82d72e4 Typo fix Bernardo Damele 2010-11-12 10:02:02 +0000
  • 306e96331d Updated doc Bernardo Damele 2010-11-12 10:00:49 +0000
  • 42272ca78c minor update Miroslav Stampar 2010-11-11 22:26:36 +0000
  • 8aefd0bbf7 improvement of --common-tables and --common-columns Miroslav Stampar 2010-11-11 20:37:25 +0000
  • 2d872f850a quick fix Miroslav Stampar 2010-11-11 19:54:54 +0000
  • be992b4471 update regarding common columns existance check Miroslav Stampar 2010-11-11 17:09:31 +0000
  • 3b996c3ed8 adding JSP stager Miroslav Stampar 2010-11-11 16:42:01 +0000
  • 2d361cb359 some minor updates of stager.asp and backdoor.asp, and completely rewritten stager.aspx Miroslav Stampar 2010-11-11 10:33:29 +0000
  • 24238ccd0b re-renaming of brute force switches. this way is better. Miroslav Stampar 2010-11-11 07:57:44 +0000
  • ca06db8f28 now, this is the real deal Miroslav Stampar 2010-11-11 00:20:47 +0000
  • 5034868b36 cleaning up of common tables and new common columns Miroslav Stampar 2010-11-10 23:31:23 +0000
  • 96d88877ba bug fix (reported by ToR) Miroslav Stampar 2010-11-10 19:44:51 +0000
  • f3fe19c4e5 backdoor for ASP revisited Miroslav Stampar 2010-11-10 15:40:17 +0000
  • 09836dc568 backdoor for ASPX revisited Miroslav Stampar 2010-11-10 15:35:22 +0000
  • 61b6ad64e3 JSP backdoor revisited, and in PHP removed trailing spaces from a blank line Miroslav Stampar 2010-11-10 15:13:36 +0000
  • 19c1bfa368 just a precaution (now i really need to go for a sleep) Miroslav Stampar 2010-11-09 23:38:29 +0000
  • 88c00e61d3 another update Miroslav Stampar 2010-11-09 23:35:37 +0000
  • 47720a43dd minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result) Miroslav Stampar 2010-11-09 23:21:21 +0000
  • 5ebd5d935c another name change Miroslav Stampar 2010-11-09 22:49:31 +0000
  • 06f00cf8c1 name change Miroslav Stampar 2010-11-09 22:48:22 +0000
  • 6807fb04cc minor update Miroslav Stampar 2010-11-09 22:44:23 +0000
  • fef60d5cb7 some fixes :) Miroslav Stampar 2010-11-09 22:32:05 +0000
  • 1cc99e2247 Possible quick fix for missing of True/False comparison of stable-but-not-really pages Bernardo Damele 2010-11-09 21:39:58 +0000
  • 2205099a5e Python stylish Bernardo Damele 2010-11-09 21:39:05 +0000
  • cee888b613 tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected) Miroslav Stampar 2010-11-09 19:14:55 +0000
  • 726825ca70 minor update Miroslav Stampar 2010-11-09 16:59:36 +0000
  • 759433f0f1 fix of my mistake Miroslav Stampar 2010-11-09 16:54:40 +0000
  • b43334165d update regarding brute forcing Miroslav Stampar 2010-11-09 16:53:33 +0000
  • a7fa8d4975 update regarding brute force retrieval of table names and table column names Miroslav Stampar 2010-11-09 16:15:55 +0000
  • 45f2d8f5d2 trival update Miroslav Stampar 2010-11-09 15:46:09 +0000
  • 7752b5efe9 minor update Miroslav Stampar 2010-11-09 09:51:54 +0000
  • 4be0631161 refactoring of brute force techniques Miroslav Stampar 2010-11-09 09:42:43 +0000
  • 221f976fbd minor update Miroslav Stampar 2010-11-09 01:23:54 +0000
  • 45ec8c169a Consistency between --*-test switches/output Bernardo Damele 2010-11-08 16:46:25 +0000
  • dac7436edf Fix inconsistence with -b --error-test Bernardo Damele 2010-11-08 15:36:07 +0000
  • fda8752dca revert of some HTTP headers handling Miroslav Stampar 2010-11-08 13:26:45 +0000
  • 0c8918bf07 Minor bug fix, thanks Alex Bernardo Damele 2010-11-08 12:45:23 +0000
  • 78d7b17483 More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters. Bernardo Damele 2010-11-08 12:36:48 +0000
  • eb999de0f1 added Range handler (dealing with 206 HTTP messages) Miroslav Stampar 2010-11-08 12:26:13 +0000
  • 875781bf97 another minor fix Miroslav Stampar 2010-11-08 11:55:56 +0000
  • 4a4a3051e5 fix Miroslav Stampar 2010-11-08 11:39:07 +0000
  • a3de10e3a2 new option -t Miroslav Stampar 2010-11-08 11:22:47 +0000
  • 4e6d1b5118 added "Detection" part in help listing Miroslav Stampar 2010-11-08 10:11:43 +0000
  • 0d0e2a2228 minor update Miroslav Stampar 2010-11-08 09:49:57 +0000
  • d551423379 further enum refactoring Miroslav Stampar 2010-11-08 09:44:32 +0000
  • 862395ced1 further refactoring (all enumerations are now put into enums.py) Miroslav Stampar 2010-11-08 09:20:02 +0000
  • 8e44aa605a refactoring regarding injection place (more left) Miroslav Stampar 2010-11-08 08:02:36 +0000
  • 0482e02c37 minor optimization Miroslav Stampar 2010-11-07 23:37:15 +0000
  • 4f346eab33 fix for resume from session Miroslav Stampar 2010-11-07 23:25:53 +0000
  • ea1b0d31be Avoid displaying single retrieved character when --verbose > 2 Bernardo Damele 2010-11-07 22:42:56 +0000
  • b6da946883 Added one new verbose level, -v 3 now shows the full injected payload. Fixed also -d verbose output. Bernardo Damele 2010-11-07 22:34:29 +0000
  • 27ce4b0cf0 Set proper verbose level for dbms direct error messages Bernardo Damele 2010-11-07 22:14:06 +0000
  • a96467b3e2 Refactoring Bernardo Damele 2010-11-07 21:55:24 +0000
  • 7a6c086a27 setting direct query info output to same level as payload info (logger.DEBUG) Miroslav Stampar 2010-11-07 21:42:36 +0000
  • d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces Miroslav Stampar 2010-11-07 21:18:09 +0000
  • 620fa1c8fb trust me, i know what i am doing :) Miroslav Stampar 2010-11-07 20:33:33 +0000
  • 73e85bfc75 Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now Bernardo Damele 2010-11-07 16:24:44 +0000
  • 4d81da6bc8 Cosmetics Bernardo Damele 2010-11-07 16:23:03 +0000
  • 6716315a76 Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity Bernardo Damele 2010-11-07 15:45:26 +0000
  • 9669dbdae1 Minor cosmetics and adjustments Bernardo Damele 2010-11-07 15:34:52 +0000
  • afba26a53f tiny winy update Miroslav Stampar 2010-11-07 09:00:45 +0000
  • 2b8c942b4a more update Miroslav Stampar 2010-11-07 08:58:24 +0000
  • 00dfd55830 added powerful switch --longest-common for dealing with heavy dynamicity Miroslav Stampar 2010-11-07 08:52:09 +0000
  • 16f52ab7ba cosmetic fix Miroslav Stampar 2010-11-07 08:13:20 +0000
  • 8d93bdfa4b minor update (optimization) regarding -a switch Miroslav Stampar 2010-11-07 08:11:56 +0000
  • 857a2a4521 minor minor update Miroslav Stampar 2010-11-07 01:29:05 +0000
  • bc83d92144 update Miroslav Stampar 2010-11-07 01:27:34 +0000
  • 508b9cc763 dynamicity engine update Miroslav Stampar 2010-11-07 00:12:00 +0000
  • 3619fc5127 minor update Miroslav Stampar 2010-11-06 08:31:11 +0000
  • 1a708cf12d update for ASP/Ingres Miroslav Stampar 2010-11-05 16:21:22 +0000
  • 173e893d11 added error message support for Ingres Miroslav Stampar 2010-11-05 16:19:41 +0000
  • 14e9425673 update of doc/THANKS Miroslav Stampar 2010-11-05 16:09:30 +0000
  • 06760182f1 cosmetics Miroslav Stampar 2010-11-05 16:08:42 +0000
  • 9bc9302e58 minor fix Miroslav Stampar 2010-11-05 16:03:12 +0000
  • 44435adc4a added some fancy Ctrl+C when having multiple targets Miroslav Stampar 2010-11-05 15:59:25 +0000
  • 0e895fa512 update of dynamicity testing and few misc fixes Miroslav Stampar 2010-11-05 13:14:12 +0000
  • ef1809464d bug fix for that BadStatusLine (http://bugs.python.org/issue8450) Miroslav Stampar 2010-11-05 11:58:20 +0000