sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,141 Commits 4 Branches 117 Tags 97 MiB
02bfd05b20
Commit Graph

1295 Commits

Author SHA1 Message Date
Miroslav Stampar
64a862ed58 minor usability update 2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869 fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com 2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23 minor fix 2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
63145236b9 minor fix 2011-05-31 21:53:29 +00:00
Miroslav Stampar
3c12799ff0 minor improvement 2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it 2011-05-30 20:18:30 +00:00
Miroslav Stampar
20988e58ed warp 5 mr spock :) 2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9 speed up of 2 times for partial union technique 2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5 minor update 2011-05-30 08:33:01 +00:00
Miroslav Stampar
23d7820de7 minor update 2011-05-29 23:56:41 +00:00
Miroslav Stampar
86455ceb9c implementation of multithreading for UNION and ERROR techniques 2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d typo update 2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e adding legal disclaimer as latest situation (these days news headlines) seems out of control 2011-05-28 18:54:14 +00:00
Miroslav Stampar
eb9b84d1da type correction 2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a update regarding mysql function resolution and versionedkeywords 2011-05-28 17:34:43 +00:00
Miroslav Stampar
c11ea35d53 adding some user input for "refreshing" cases (like redirect ones) 2011-05-27 22:42:23 +00:00
Miroslav Stampar
8227298057 user friendliness uber 9000 2011-05-27 08:30:52 +00:00
Miroslav Stampar
45caadbd4a important update - finally found what was causing headache for UNION payloads in noticeable number of cases 2011-05-26 21:54:19 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24 minor cleanup of the leftover 2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82 minor update 2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4 adding --schema to the wizard/Basic as it looks like a cool thingy to put there 2011-05-26 14:30:05 +00:00
Miroslav Stampar
f3ed61af5f bug fix when using inference and kb.pageEncoding is None (like in binary cases) 2011-05-25 21:12:12 +00:00
Miroslav Stampar
0e480a9921 adding SYS to the ORACLE_SYSTEM_DBS 2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75 minor beautification 2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b making it easier for totally dummy users 2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671 helping dummy users 2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c serving everything for the users 2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca minor just in case patch 2011-05-24 15:07:37 +00:00
Miroslav Stampar
f774d8fea0 proper Tor settings (reverted r3915 and implemented it the right way) 2011-05-24 11:06:58 +00:00
Miroslav Stampar
a536bf210f improved redirection mechanism 2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121 this was causing that --suffix trouble 2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c minor fix for retrieving stuff like "SELECT * FROM testdb..users" 2011-05-23 19:45:40 +00:00
Miroslav Stampar
4542d4535f minor beautification 2011-05-23 14:28:05 +00:00
Miroslav Stampar
0ed03d474f now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate 2011-05-23 11:09:44 +00:00
Miroslav Stampar
fb23beef6f most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) 2011-05-22 19:14:36 +00:00
Miroslav Stampar
9b2623514a one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables 2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170 type correction and adding global flag kb.ignoreTimeout which could be useful 2011-05-22 08:24:13 +00:00
Miroslav Stampar
a58aaf2e1a better format for results file (easier for sorting when lots of files) 2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135 changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) 2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8 improvement for recognition of scalar vs multiple-row commands 2011-05-19 16:45:05 +00:00
Miroslav Stampar
db72428765 minor update 2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7 added --cookie for maskSensitiveData too 2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4 minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase) 2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710 minor refactoring 2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97 added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@y​ahoo.com 2011-05-17 22:55:22 +00:00
Miroslav Stampar
dfe81cc66f minor yielding 2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9 minor refactoring 2011-05-16 20:09:12 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Miroslav Stampar
90e84c9a6d removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end 2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1 minor improvement 2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b fix for a bug reported by itxx@qq.co​m (TypeError: encode() takes no keyword arguments) 2011-05-14 19:57:28 +00:00
Miroslav Stampar
a7d7be5ce0 bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) 2011-05-13 01:01:53 +00:00
Miroslav Stampar
70688fb8b5 minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic) 2011-05-12 12:00:17 +00:00
Miroslav Stampar
0b2da2f9f5 minor beautification for --tor switch 2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554 i was probably very tired or very stupid to do this 2011-05-11 13:13:46 +00:00
Miroslav Stampar
2ab9e30f7a bug fix 2011-05-11 12:54:33 +00:00
Miroslav Stampar
53065ee1fb adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected) 2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9 added -m switch for bulk loading multiple targets 2011-05-11 08:46:40 +00:00
Miroslav Stampar
120b0d756e unfix 2011-05-10 21:33:06 +00:00
Miroslav Stampar
192c685bc8 changing conf attribute to a more proper name 2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7 minor refactoring 2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb layout 2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along) 2011-05-10 13:28:07 +00:00
Miroslav Stampar
a64407d9db minor bug fix for multithreading and lots of connection retries 2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 2011-05-10 12:32:07 +00:00
Miroslav Stampar
ec4d9178f8 minor update related to the previous commit 2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c minor update 2011-05-08 06:17:43 +00:00
Bernardo Damele
6653907700 forgot in last commit 2011-05-07 21:13:56 +00:00
Bernardo Damele
1151af52bb More fix for save/resume of --technique 2011-05-07 21:08:14 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing: 
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
 2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968 removing blank lines and adding newline at the end of files 2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
e96a533a04 Bug fix to resume of --technique 2011-05-05 15:18:33 +00:00
Bernardo Damele
c58dc4a6d8 isDbmsWithin() must stay like this, no getIdentifiedDbms() in there 2011-05-03 14:13:45 +00:00
Miroslav Stampar
742b0ef76e major improvement of ERROR data retrieval on MSSQL 2011-05-03 13:25:20 +00:00
Miroslav Stampar
2a7838928e minor fancier --replicate update 2011-05-03 11:48:04 +00:00
Miroslav Stampar
b202d73b46 bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally) 2011-05-03 11:09:30 +00:00
Miroslav Stampar
1840b0e43b fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo) 2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74 update regarding warning for --random-agent during connection timeout in connection test phase 2011-05-03 10:05:42 +00:00
Miroslav Stampar
5e9620198c fix for a privately reported bug ("AttributeError: item is disabled") 2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895 better fix for the previous commit 2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f minor update to not confuse users when using -o 2011-05-02 13:24:35 +00:00
Bernardo Damele
ac2550535c Proper fix for --technique=U bug 2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93 fix for a major bug reported by k1971@live.co.uk (1..9 99..) 2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334 proper way to deal with generic cases 2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7 fix for a --technique=U 2011-05-01 07:37:22 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
00f14bec5f layout adjustment 2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf proper fix 2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5 Minor adjustment to --mobile. 
Bug fix to --random-agent.
 2011-04-29 21:50:48 +00:00
Miroslav Stampar
46f96f3c4c removing Kindle from list as it's not really a smartphone 2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9 implemented --mobile switch 2011-04-29 19:27:23 +00:00
Miroslav Stampar
6bb4dce3aa minor refactoring 2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8 fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer) 2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that: 
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
 2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Bernardo Damele
06a00fe85e For development version, print also the revision number in the banner 2011-04-21 21:34:57 +00:00
Bernardo Damele
edc2d75702 Cosmetics and major bug fix 2011-04-21 21:15:23 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Bernardo Damele
a313df4d37 Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file 2011-04-21 14:05:37 +00:00
Miroslav Stampar
e1a8d268d8 fix for UPX linux/macos 2011-04-21 10:52:34 +00:00
Bernardo Damele
11ecd16099 cosmetics 2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05 removing funny remark 2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440 layout 2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad added a comment 2011-04-21 10:01:58 +00:00
Miroslav Stampar
3b133303bf refactoring 2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864 dealing with http://bugs.python.org/issue1602 2011-04-19 22:33:03 +00:00
Miroslav Stampar
44bbef42f8 minor cosmetics 2011-04-19 20:23:08 +00:00
Miroslav Stampar
13f8c001a7 minor update 2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92 added "lagging" critical message 2011-04-19 10:37:20 +00:00
Miroslav Stampar
a7c26366b4 doing that auto default value for --time-sec only for --tor 2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set) 2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3 cleaner solution for the problem solved with last commit 2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6 little hack for --time-sec 2011-04-18 14:46:18 +00:00
Miroslav Stampar
354a2ce249 'chardet' heuristic engine added to the project 2011-04-18 13:38:46 +00:00
Miroslav Stampar
6fab44d635 minor refactoring and improving of used regex 2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a minor cosmetics 2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553 minor update for matching SOAP messages 2011-04-17 22:21:32 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb minor update 2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac well, this could be important :) 2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021 improving time based data retrieval mechanism 2011-04-17 07:24:18 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation 2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3 removed debug message that could cause confusion 2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay 2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959 improved htmlunescape (great for localized html escape codes) 2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb minor fixes and refactoring regarding safecharencoding 2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7 speed of --replicate is now vastly improved 2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99 safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) 2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638 minor fix 2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7 More cookies to ignore 2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e minor refactoring 2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573 minor update related to the last commit 2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8 minor fix 2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc revert of the last commit because of this http://osvdb.org/show/osvdb/26582 2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a minor update 2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f better beep for MacOSX 2011-04-13 18:32:47 +00:00