Commit Graph

416 Commits

Author SHA1 Message Date
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Miroslav Stampar
bc72180a3b Lowering --limit for inline query technique 2012-12-05 10:58:41 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
2e2a7a34b6 Minor consistency update 2012-11-29 12:11:53 +01:00
Miroslav Stampar
c0796b4742 Minor bug fix (RLIKE boolean case was using wrong comparison payload) 2012-11-27 12:03:38 +01:00
Miroslav Stampar
919f75db9b Improvement and fix for pivotDumpTable mechanism 2012-10-28 23:09:35 +01:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
67cfc3b492 Removing boundaries (it were meant to be used as 'parameter replace' logic but it's not doable for boundaries) 2012-09-17 22:36:40 +02:00
Miroslav Stampar
acad7a34a2 Minor update 2012-09-17 22:23:44 +02:00
Miroslav Stampar
f26ea04e38 Fix for an Issue #175 2012-09-07 17:06:38 +02:00
Miroslav Stampar
59ab3c7bdc Updating server.xml with fresh banners 2012-08-23 11:01:57 +02:00
Miroslav Stampar
d7cf0de090 Fixing INSERT/UPDATE generic boundaries (those previous few were junkies) 2012-08-22 14:12:51 +02:00
Miroslav Stampar
8ee9feafb9 Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries) 2012-08-20 21:57:25 +02:00
Miroslav Stampar
6fdbe4eb89 Fix by zhouhx@knownsec.com (better LIKE boundaries) 2012-08-06 19:04:23 +02:00
Miroslav Stampar
57f2fccc24 Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :) 2012-07-26 11:40:47 +02:00
Miroslav Stampar
ec96689556 Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db 2012-07-26 11:39:51 +02:00
Miroslav Stampar
6878ef92b2 Style update 2012-07-26 11:22:00 +02:00
Miroslav Stampar
ab3160316f Implementation of payloads for Issue #122 2012-07-26 11:17:09 +02:00
Miroslav Stampar
95e0d46e3e Fix for an Issue #110 2012-07-21 09:15:54 +02:00
Bernardo Damele
1928d5464d fixes issue #97 2012-07-20 15:56:14 +01:00
Bernardo Damele
243a905788 more on issue #97 2012-07-17 23:07:16 +01:00
Bernardo Damele
c483e91445 added payloads for ORDER BY/GROUP BY time-based injections - issue #97 2012-07-17 22:52:28 +01:00
Bernardo Damele
771e7a9fc3 Initial commit for issue #97 2012-07-17 10:13:09 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Miroslav Stampar
5d35d255ba minor refactoring 2012-06-11 22:27:33 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
3a9e266d78 adding revisited wildcard LIKE payloads 2012-05-21 21:49:54 +00:00
Miroslav Stampar
602369c762 reverting last changes on boundaries 2012-05-21 09:20:46 +00:00
Miroslav Stampar
1500b3fccd adding a new payload boundaries by smcintyre@securestate.com 2012-05-21 08:31:37 +00:00
Miroslav Stampar
37f2709197 making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) 2012-05-09 09:08:23 +00:00
Miroslav Stampar
deec97dfe3 adding Frontbase to error message regexes 2012-05-08 17:02:58 +00:00
Miroslav Stampar
57234e1ff5 fix for proper (international character) inference on MsAccess 2012-05-03 23:13:48 +00:00
Miroslav Stampar
1e45ee9ab6 reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago 2012-04-25 20:37:39 +00:00
Bernardo Damele
eb73cab636 increased UNION test ranges 2012-04-23 11:54:52 +00:00
Miroslav Stampar
414c74b8aa new payload 2012-04-13 08:16:33 +00:00
Bernardo Damele
1f82d29a36 switch two conditional payloads for proper detection 2012-04-04 10:11:48 +00:00
Bernardo Damele
d5b4b7996a minor revert 2012-04-04 00:09:47 +00:00
Bernardo Damele
049c27c739 improved detection for INSERT and UPDATE statements 2012-04-03 23:29:06 +00:00
Bernardo Damele
40a7232de6 Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings) 2012-03-30 16:27:08 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values 2012-03-29 12:44:20 +00:00
Miroslav Stampar
84479eebe9 minor fix 2012-03-15 08:55:42 +00:00
Bernardo Damele
890bf708bc Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported) 2012-03-15 00:19:57 +00:00
Bernardo Damele
012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
2012-03-09 17:47:50 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
686eacda9a minor update regarding --hex 2012-02-21 13:38:18 +00:00
Miroslav Stampar
77723a7aee minor update 2012-02-21 10:24:04 +00:00
Miroslav Stampar
d70f4b7150 adding hex conversion functions to queries.xml for 4 major DBMSes 2012-02-21 10:10:43 +00:00
Miroslav Stampar
6632aa7308 some more refactoring 2012-02-16 13:46:01 +00:00