PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-13 18:09:03 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • c6545f5c9f we had a bug (nooooooooo!!!! :)) Miroslav Stampar 2010-11-19 10:36:47 +00:00
  • df88280681 minor update of google regex (that * was a junky one) Miroslav Stampar 2010-11-19 10:04:29 +00:00
  • e8bef28337 updating google parsing regex (for the better, of course) Miroslav Stampar 2010-11-19 10:00:29 +00:00
  • d97e97d884 minor update :) Miroslav Stampar 2010-11-19 09:02:44 +00:00
  • 4a9bd3a240 Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well! Bernardo Damele 2010-11-18 17:55:43 +00:00
  • 544327379f Little precaution Bernardo Damele 2010-11-18 14:32:52 +00:00
  • f6a17cb1a8 Revert wrong fix Bernardo Damele 2010-11-18 10:41:06 +00:00
  • 17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! Bernardo Damele 2010-11-17 22:00:09 +00:00
  • ca5125bbe0 minor update related to r2401 Miroslav Stampar 2010-11-17 20:50:31 +00:00
  • 360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle Bernardo Damele 2010-11-17 17:20:32 +00:00
  • a0df36beda when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared) Miroslav Stampar 2010-11-17 15:33:07 +00:00
  • 17f0609263 minor bug fix Miroslav Stampar 2010-11-17 13:29:57 +00:00
  • 3d25071d06 another minor improvement regarding logging of http traffic Miroslav Stampar 2010-11-17 12:16:48 +00:00
  • 3e569a1693 minor update Miroslav Stampar 2010-11-17 12:04:33 +00:00
  • 2802923dbe some improvements regarding --os-shell web server application choice Miroslav Stampar 2010-11-17 11:45:52 +00:00
  • 5abbea4a9f fix for a bug reported by nightman (unknown charset 'null') Miroslav Stampar 2010-11-17 09:57:32 +00:00
  • d757e4ae1c bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs) Miroslav Stampar 2010-11-17 09:46:04 +00:00
  • bec152609a minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \) Miroslav Stampar 2010-11-17 09:33:05 +00:00
  • af92c05930 removing 'MD5' referings Miroslav Stampar 2010-11-17 09:15:40 +00:00
  • 76c3f5768b cosmetics Miroslav Stampar 2010-11-17 09:12:48 +00:00
  • 2a8e270bef proper handling of carriage return character from Windows target machines Miroslav Stampar 2010-11-16 15:11:03 +00:00
  • ab33651f96 minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior) Miroslav Stampar 2010-11-16 15:02:22 +00:00
  • 3487429eac minor cosmetics Miroslav Stampar 2010-11-16 14:41:46 +00:00
  • 3640dbf745 fix for --parse-errors (on IIS HTTP error is raised which need to be processed) Miroslav Stampar 2010-11-16 14:33:30 +00:00
  • cccb565859 cosmetics Miroslav Stampar 2010-11-16 14:11:32 +00:00
  • b9d9f18939 added General cmdline group Miroslav Stampar 2010-11-16 14:09:09 +00:00
  • e7a66371f8 update regarding os shell-ing regarding JSP and ASPX Miroslav Stampar 2010-11-16 13:46:46 +00:00
  • 6232397129 minor update Miroslav Stampar 2010-11-16 10:52:49 +00:00
  • 6ef3846400 update regarding error parsing (and reporting) Miroslav Stampar 2010-11-16 10:42:42 +00:00
  • 71cb982039 Another bug fix to --union-test Bernardo Damele 2010-11-15 21:42:56 +00:00
  • b3ad63b71e major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page) Miroslav Stampar 2010-11-15 14:59:37 +00:00
  • ff310475c8 some reporting update for --forms Miroslav Stampar 2010-11-15 14:17:51 +00:00
  • 20d6b9a5c1 minor fix Miroslav Stampar 2010-11-15 12:24:32 +00:00
  • 39c6c9f386 minor update Miroslav Stampar 2010-11-15 12:19:22 +00:00
  • 819085155e minor update/fix Miroslav Stampar 2010-11-15 12:07:13 +00:00
  • c25c017c08 cosmetics regarding --forms Miroslav Stampar 2010-11-15 11:50:33 +00:00
  • 36c544f440 update (--forms acts now more like -g switch) Miroslav Stampar 2010-11-15 11:34:57 +00:00
  • 42d09d604e minor fix Miroslav Stampar 2010-11-15 09:48:58 +00:00
  • a9152c6723 Updated doc Bernardo Damele 2010-11-14 22:36:54 +00:00
  • 5f46a549ba Cosmetics for --forms Bernardo Damele 2010-11-14 21:59:35 +00:00
  • 0bfc1b411a Another bug fix for --union-test Bernardo Damele 2010-11-14 15:39:57 +00:00
  • a0fb96816f fix for a bug reported by ToR (value += actVer) Miroslav Stampar 2010-11-14 08:31:29 +00:00
  • 5e41cd07a3 Updated doc Bernardo Damele 2010-11-13 23:31:18 +00:00
  • 7da079fa32 More verbose comment for direct connection Bernardo Damele 2010-11-13 23:30:38 +00:00
  • 8d07272c82 Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file. Bernardo Damele 2010-11-13 23:24:41 +00:00
  • df5dc10111 Major enhancement to --union-test check Bernardo Damele 2010-11-13 22:47:37 +00:00
  • 84849316b3 improvement of heuristic check (now original value is included too) Miroslav Stampar 2010-11-12 23:06:01 +00:00
  • 06a872fc99 update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read)) Miroslav Stampar 2010-11-12 22:57:33 +00:00
  • 27735b14df update (--string and --regex should be done regardless of wasLastRequestError) Miroslav Stampar 2010-11-12 22:44:15 +00:00
  • 0d66f101da fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages) Miroslav Stampar 2010-11-12 22:29:33 +00:00
  • a777d59870 Minor bug fix Bernardo Damele 2010-11-12 15:17:12 +00:00
  • 0a83a830d9 Properly handle both HTTPS and HTTP requests through proxy Bernardo Damele 2010-11-12 14:21:46 +00:00
  • e1ef27f592 work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https Bernardo Damele 2010-11-12 12:25:02 +00:00
  • 9f53048ff4 Put a space always between the user's provided prefix and sqlmap payload Bernardo Damele 2010-11-12 11:48:26 +00:00
  • 697b32554c fix for a bug "ordinal not in range(128)" reported by bugtrace Miroslav Stampar 2010-11-12 11:48:25 +00:00
  • f83dd2251b Properly save error-based enumerated data in session file, able to be resumed like with other techniques Bernardo Damele 2010-11-12 11:40:37 +00:00
  • a34c1b287c Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) Bernardo Damele 2010-11-12 11:33:11 +00:00
  • 8cec75656c Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp) Bernardo Damele 2010-11-12 10:31:42 +00:00
  • a14e4d9668 Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually. Bernardo Damele 2010-11-12 10:16:39 +00:00
  • 64b5de44a0 Converted to new XML object format Bernardo Damele 2010-11-12 10:11:13 +00:00
  • 66c82d72e4 Typo fix Bernardo Damele 2010-11-12 10:02:02 +00:00
  • 306e96331d Updated doc Bernardo Damele 2010-11-12 10:00:49 +00:00
  • 42272ca78c minor update Miroslav Stampar 2010-11-11 22:26:36 +00:00
  • 8aefd0bbf7 improvement of --common-tables and --common-columns Miroslav Stampar 2010-11-11 20:37:25 +00:00
  • 2d872f850a quick fix Miroslav Stampar 2010-11-11 19:54:54 +00:00
  • be992b4471 update regarding common columns existance check Miroslav Stampar 2010-11-11 17:09:31 +00:00
  • 3b996c3ed8 adding JSP stager Miroslav Stampar 2010-11-11 16:42:01 +00:00
  • 2d361cb359 some minor updates of stager.asp and backdoor.asp, and completely rewritten stager.aspx Miroslav Stampar 2010-11-11 10:33:29 +00:00
  • 24238ccd0b re-renaming of brute force switches. this way is better. Miroslav Stampar 2010-11-11 07:57:44 +00:00
  • ca06db8f28 now, this is the real deal Miroslav Stampar 2010-11-11 00:20:47 +00:00
  • 5034868b36 cleaning up of common tables and new common columns Miroslav Stampar 2010-11-10 23:31:23 +00:00
  • 96d88877ba bug fix (reported by ToR) Miroslav Stampar 2010-11-10 19:44:51 +00:00
  • f3fe19c4e5 backdoor for ASP revisited Miroslav Stampar 2010-11-10 15:40:17 +00:00
  • 09836dc568 backdoor for ASPX revisited Miroslav Stampar 2010-11-10 15:35:22 +00:00
  • 61b6ad64e3 JSP backdoor revisited, and in PHP removed trailing spaces from a blank line Miroslav Stampar 2010-11-10 15:13:36 +00:00
  • 19c1bfa368 just a precaution (now i really need to go for a sleep) Miroslav Stampar 2010-11-09 23:38:29 +00:00
  • 88c00e61d3 another update Miroslav Stampar 2010-11-09 23:35:37 +00:00
  • 47720a43dd minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result) Miroslav Stampar 2010-11-09 23:21:21 +00:00
  • 5ebd5d935c another name change Miroslav Stampar 2010-11-09 22:49:31 +00:00
  • 06f00cf8c1 name change Miroslav Stampar 2010-11-09 22:48:22 +00:00
  • 6807fb04cc minor update Miroslav Stampar 2010-11-09 22:44:23 +00:00
  • fef60d5cb7 some fixes :) Miroslav Stampar 2010-11-09 22:32:05 +00:00
  • 1cc99e2247 Possible quick fix for missing of True/False comparison of stable-but-not-really pages Bernardo Damele 2010-11-09 21:39:58 +00:00
  • 2205099a5e Python stylish Bernardo Damele 2010-11-09 21:39:05 +00:00
  • cee888b613 tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected) Miroslav Stampar 2010-11-09 19:14:55 +00:00
  • 726825ca70 minor update Miroslav Stampar 2010-11-09 16:59:36 +00:00
  • 759433f0f1 fix of my mistake Miroslav Stampar 2010-11-09 16:54:40 +00:00
  • b43334165d update regarding brute forcing Miroslav Stampar 2010-11-09 16:53:33 +00:00
  • a7fa8d4975 update regarding brute force retrieval of table names and table column names Miroslav Stampar 2010-11-09 16:15:55 +00:00
  • 45f2d8f5d2 trival update Miroslav Stampar 2010-11-09 15:46:09 +00:00
  • 7752b5efe9 minor update Miroslav Stampar 2010-11-09 09:51:54 +00:00
  • 4be0631161 refactoring of brute force techniques Miroslav Stampar 2010-11-09 09:42:43 +00:00
  • 221f976fbd minor update Miroslav Stampar 2010-11-09 01:23:54 +00:00
  • 45ec8c169a Consistency between --*-test switches/output Bernardo Damele 2010-11-08 16:46:25 +00:00
  • dac7436edf Fix inconsistence with -b --error-test Bernardo Damele 2010-11-08 15:36:07 +00:00
  • fda8752dca revert of some HTTP headers handling Miroslav Stampar 2010-11-08 13:26:45 +00:00
  • 0c8918bf07 Minor bug fix, thanks Alex Bernardo Damele 2010-11-08 12:45:23 +00:00
  • 78d7b17483 More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters. Bernardo Damele 2010-11-08 12:36:48 +00:00
  • eb999de0f1 added Range handler (dealing with 206 HTTP messages) Miroslav Stampar 2010-11-08 12:26:13 +00:00
  • 875781bf97 another minor fix Miroslav Stampar 2010-11-08 11:55:56 +00:00