Miroslav Stampar
|
7bca926a0b
|
fixes, updates, patches
|
2012-02-09 10:16:58 +00:00 |
|
Miroslav Stampar
|
f86c365694
|
added one more failsafe for MSSQL --tables
|
2012-02-03 10:56:39 +00:00 |
|
Miroslav Stampar
|
f4e7bf1d51
|
minor update regarding support for Unicode characters in Oracle
|
2012-02-01 14:17:27 +00:00 |
|
Miroslav Stampar
|
704488a4e4
|
proper retrieval of unicode characters in inference mode on MSSQL
|
2012-02-01 13:01:46 +00:00 |
|
Miroslav Stampar
|
a6c2fc7ecc
|
some refactoring on MSSQL support
|
2012-02-01 12:53:07 +00:00 |
|
Bernardo Damele
|
ec9cc19951
|
Minor bug fixes for -d
|
2012-01-13 21:46:21 +00:00 |
|
Miroslav Stampar
|
f1147035cf
|
minor concision/beautification update
|
2012-01-10 11:50:26 +00:00 |
|
Miroslav Stampar
|
fecdce5801
|
implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too
|
2012-01-09 21:09:05 +00:00 |
|
Miroslav Stampar
|
f412706fee
|
minor update for MSSQL --tables (fallback to other method)
|
2012-01-03 18:01:14 +00:00 |
|
Miroslav Stampar
|
7d2fce16dc
|
minor fix
|
2011-12-16 11:40:23 +00:00 |
|
Miroslav Stampar
|
cff21814bb
|
minor patch for MSSQL 2008
|
2011-12-16 11:23:41 +00:00 |
|
Miroslav Stampar
|
2adf358524
|
minor update
|
2011-12-03 13:17:43 +00:00 |
|
Miroslav Stampar
|
39b406c5c1
|
fix for --search on Oracle
|
2011-12-02 18:13:27 +00:00 |
|
Miroslav Stampar
|
94790bf08a
|
minor update (removing reference to Microsoft Access for Generic payload)
|
2011-12-01 13:25:27 +00:00 |
|
Miroslav Stampar
|
df4e3be191
|
using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)
|
2011-11-23 22:57:02 +00:00 |
|
Miroslav Stampar
|
d8047c79f3
|
reverting back last two commits
|
2011-11-22 15:28:31 +00:00 |
|
Miroslav Stampar
|
73276c0785
|
even better (added long before plugins table)
|
2011-11-22 15:23:31 +00:00 |
|
Miroslav Stampar
|
ff07031170
|
better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)
|
2011-11-22 15:20:12 +00:00 |
|
Miroslav Stampar
|
bbb7e1562d
|
adding AGAINST full-text search boundaries
|
2011-11-12 14:16:43 +00:00 |
|
Miroslav Stampar
|
2e5222bfd8
|
adding INSERT/UPDATE generic boundaries
|
2011-10-28 11:00:09 +00:00 |
|
Miroslav Stampar
|
b6ccc0cc43
|
minor update
|
2011-10-18 14:35:42 +00:00 |
|
Miroslav Stampar
|
597d554153
|
minor update
|
2011-10-18 13:05:49 +00:00 |
|
Miroslav Stampar
|
382db1b67a
|
degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)
|
2011-08-31 20:35:57 +00:00 |
|
Miroslav Stampar
|
d283e3eb3c
|
adding support for pre-WHERE injections
|
2011-08-24 09:04:18 +00:00 |
|
Miroslav Stampar
|
13eb20cea1
|
minor beautification
|
2011-08-03 10:12:06 +00:00 |
|
Bernardo Damele
|
2e20eb1a88
|
Minor fix
|
2011-08-03 10:08:59 +00:00 |
|
Bernardo Damele
|
b8e2d60bfa
|
Added MSSQL 2008 R2 signatures
|
2011-07-24 23:42:32 +00:00 |
|
Bernardo Damele
|
48f580fb10
|
Minor adjustments to MSSQL fingerprint
|
2011-07-24 23:30:23 +00:00 |
|
Bernardo Damele
|
99a0b62d0d
|
Minor adjustments
|
2011-07-24 22:26:11 +00:00 |
|
Miroslav Stampar
|
ca83305b58
|
added MySQL updatexml error-based payload
|
2011-07-24 21:08:32 +00:00 |
|
Miroslav Stampar
|
a89140e1ce
|
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
|
2011-07-23 06:07:00 +00:00 |
|
Miroslav Stampar
|
4cb9988243
|
quick fix
|
2011-07-12 21:09:33 +00:00 |
|
Bernardo Damele
|
c9ba58acb6
|
Moved MS Access UNION query tests after generic as generic test must identify MSSQL
|
2011-07-11 09:47:52 +00:00 |
|
Miroslav Stampar
|
5d31eb5ef7
|
cosmetics and also tested against testing env - works perfectly
|
2011-07-10 09:07:07 +00:00 |
|
Miroslav Stampar
|
eb42cedf2a
|
adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment
|
2011-07-10 08:54:22 +00:00 |
|
Miroslav Stampar
|
93219b9e13
|
i've accidentally left table_schema removed while doing some tests. now it should be ok
|
2011-07-08 10:24:46 +00:00 |
|
Bernardo Damele
|
b5dd4d4a63
|
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
|
2011-07-08 10:19:01 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
9eb683531d
|
Minor improvement at blind SQL inj technique for DB2
|
2011-06-27 22:28:12 +00:00 |
|
Bernardo Damele
|
ed4cfbb6d2
|
Minor fix
|
2011-06-27 08:58:59 +00:00 |
|
Miroslav Stampar
|
bedf16b88b
|
adding payloads for time-based injection on SAP MaxDB (heavy query)
|
2011-06-26 23:46:09 +00:00 |
|
Miroslav Stampar
|
d0490cc4e7
|
adding payloads for time-based injection on DB2 (heavy query)
|
2011-06-26 16:38:22 +00:00 |
|
Bernardo Damele
|
36c96ef796
|
Added DB2 support - patch provided by Sebastian Bittig
|
2011-06-25 09:44:24 +00:00 |
|
Bernardo Damele
|
b2e6cf3ed9
|
Enabled --search -C also for Oracle
|
2011-06-24 14:34:20 +00:00 |
|
Miroslav Stampar
|
4188df0501
|
fixes for Sybase
|
2011-06-15 18:49:35 +00:00 |
|
Miroslav Stampar
|
9f6b70f3f9
|
update
|
2011-05-26 22:45:33 +00:00 |
|
Miroslav Stampar
|
0baf931669
|
real generic comment is "-- " not "--" (MySQL doesn't support "--")
|
2011-05-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
171a4c389b
|
added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload
|
2011-05-23 06:24:45 +00:00 |
|
Miroslav Stampar
|
939e6541d0
|
far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES)
|
2011-05-19 23:36:51 +00:00 |
|
Miroslav Stampar
|
bd1b07fbc2
|
one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL
|
2011-05-19 06:32:23 +00:00 |
|
Miroslav Stampar
|
7f086916c0
|
decent parameter replace payload for PostgreSQL (GENERATE_SERIES)
|
2011-05-18 23:40:42 +00:00 |
|
Miroslav Stampar
|
e58d6d2e00
|
removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable)
|
2011-05-18 23:20:02 +00:00 |
|
Miroslav Stampar
|
fe50d09cc8
|
added new payload for PostgreSQL (parameter replace)
|
2011-05-18 23:01:41 +00:00 |
|
Bernardo Damele
|
3a8309c4b0
|
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
|
2011-05-10 15:34:54 +00:00 |
|
Bernardo Damele
|
aae140080e
|
SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
|
2011-05-06 10:27:43 +00:00 |
|
Miroslav Stampar
|
6e392b6054
|
applying contributed patch for DB2
|
2011-05-06 09:30:39 +00:00 |
|
Bernardo Damele
|
36a9ddaacc
|
Minor bug fixes and code restyling for --privileges and --passwords
|
2011-04-30 14:50:27 +00:00 |
|
Bernardo Damele
|
7df954dd9f
|
paranoy
|
2011-04-21 23:41:25 +00:00 |
|
Miroslav Stampar
|
0764c4c752
|
parenthesis were missing; banning OR NOT from payloads
|
2011-04-21 23:32:53 +00:00 |
|
Bernardo Damele
|
1d61611145
|
leftover
|
2011-04-21 22:46:43 +00:00 |
|
Bernardo Damele
|
870f773d70
|
In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this
|
2011-04-21 20:36:50 +00:00 |
|
Miroslav Stampar
|
05a0e1d3b0
|
fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting)
|
2011-04-15 11:34:14 +00:00 |
|
Miroslav Stampar
|
136e85abf3
|
little refresh of PHPIDS rules for --check-payload
|
2011-04-11 15:37:49 +00:00 |
|
Miroslav Stampar
|
75f286cf6d
|
minor update conformant to http://dev.mysql.com/doc/refman/4.1/en/comments.html
|
2011-04-10 23:41:00 +00:00 |
|
Miroslav Stampar
|
3177c6023d
|
lol. re-revert
|
2011-04-10 23:30:56 +00:00 |
|
Bernardo Damele
|
9ea4010508
|
Leave it as is :)
|
2011-04-10 23:20:35 +00:00 |
|
Miroslav Stampar
|
3e680978a9
|
revert of that last commit (waiting for some better days)
|
2011-04-10 23:18:38 +00:00 |
|
Miroslav Stampar
|
f532478a34
|
update of MySQL comments
|
2011-04-10 23:08:18 +00:00 |
|
Bernardo Damele
|
af096b2c83
|
Leave it as is!!!
|
2011-04-10 21:47:23 +00:00 |
|
Miroslav Stampar
|
d0cef21d9c
|
fix
|
2011-04-10 21:19:34 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Bernardo Damele
|
02eeeccd33
|
Added UNION query SQL injection tests also with a random number for columns (not only NULL)
|
2011-04-07 13:39:36 +00:00 |
|
Miroslav Stampar
|
ca009e9fe2
|
minor update
|
2011-04-07 10:43:19 +00:00 |
|
Miroslav Stampar
|
672abc27fd
|
minor adjustment of livetests for new flavor of --technique
|
2011-04-07 10:41:12 +00:00 |
|
Miroslav Stampar
|
e27afef6be
|
minor update regarding --current-db on Oracle
|
2011-04-01 15:56:11 +00:00 |
|
Miroslav Stampar
|
60102209f6
|
quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split')
|
2011-04-01 11:14:24 +00:00 |
|
Miroslav Stampar
|
b7813f9e68
|
incrementing level for MySQL stacked payloads
|
2011-03-29 07:31:56 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
73e5d20ade
|
bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)
|
2011-03-28 11:01:55 +00:00 |
|
Miroslav Stampar
|
5eb7787fc9
|
adding partial union cases to the live tests
|
2011-03-25 15:56:15 +00:00 |
|
Miroslav Stampar
|
670aa7f99b
|
update for live tests (added dumping of columns and table values)
|
2011-03-25 15:37:11 +00:00 |
|
Miroslav Stampar
|
e80c9e08d8
|
minor update regarding --live-test
|
2011-03-25 09:03:08 +00:00 |
|
Miroslav Stampar
|
82ab4c8dc2
|
minor fix (ORDER BY 1 screws things up in blind mode)
|
2011-03-24 14:19:32 +00:00 |
|
Miroslav Stampar
|
06a5c39efe
|
fix related to the bug reported by Alone Shell
|
2011-03-24 14:03:40 +00:00 |
|
Miroslav Stampar
|
cef2c0879d
|
adding live test cases for --technique=1 too
|
2011-03-24 12:19:40 +00:00 |
|
Miroslav Stampar
|
33c01726dd
|
adding basic live tests for MSSQL too
|
2011-03-24 12:01:53 +00:00 |
|
Miroslav Stampar
|
2b15ad57c2
|
basic live tests against 3 major DBMSes
|
2011-03-24 11:47:01 +00:00 |
|
Miroslav Stampar
|
b72cdfe9e6
|
fix for mssql regarding usage of schema names reported by jabra@spl0it.org
|
2011-03-23 10:40:34 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
4889764114
|
minor update regarding last commit
|
2011-03-21 11:40:27 +00:00 |
|
Miroslav Stampar
|
5291fe35c9
|
proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)
|
2011-03-21 11:29:43 +00:00 |
|
Miroslav Stampar
|
0535225fe7
|
throwing out obsolete ORDER BY 1 from inband queries
|
2011-03-16 14:18:12 +00:00 |
|
Miroslav Stampar
|
eedd6a990d
|
removing space after , for our payloads
|
2011-03-08 14:29:22 +00:00 |
|
Miroslav Stampar
|
3dc31f6273
|
removing spaces after , in our queries
|
2011-03-08 14:07:26 +00:00 |
|
Miroslav Stampar
|
ff9080de48
|
MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL
|
2011-02-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
08697e60a9
|
added some Microsoft Access payloads
|
2011-02-21 20:04:50 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
68a95fd1b1
|
minor update
|
2011-02-20 22:45:23 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|