Bernardo Damele
b2f6ce9716
updated documentation
2011-05-03 10:57:55 +00:00
Bernardo Damele
fe16360acb
more doc updates
2011-04-10 13:28:14 +00:00
Bernardo Damele
021fce5601
Should be done with the ChangeLog - ready for 0.9.
...
Minor adjustments to user's manual too.
2011-02-28 15:23:05 +00:00
Bernardo Damele
b47d3e1da3
Huge update to user's manual. A lot to be done yet.
2011-02-27 12:19:32 +00:00
Bernardo Damele
808b03fc3e
Minor reordering
2011-02-14 02:08:11 +00:00
Bernardo Damele
a9152c6723
Updated doc
2010-11-14 22:36:54 +00:00
Bernardo Damele
e5485a9958
Updated doc
2010-10-20 22:14:52 +00:00
Bernardo Damele
22ed09a358
Updated
2010-10-20 21:52:33 +00:00
Bernardo Damele
cfa5655150
Updated changelog
2010-10-16 22:23:53 +00:00
Bernardo Damele
bd3a791f23
Updated documentation
2010-10-15 10:29:53 +00:00
Bernardo Damele
d40a238335
Make --keep-alive public
2010-06-30 11:29:35 +00:00
Bernardo Damele
abc3c24d62
Update
2010-06-30 09:48:48 +00:00
Bernardo Damele
4bba59aaf5
Updated doc
2010-06-29 23:52:22 +00:00
Bernardo Damele
7cad3cbda6
Minor code refactoring
2010-06-28 13:47:20 +00:00
Bernardo Damele
080c71b903
Updated documentation
2010-06-02 16:19:43 +00:00
Bernardo Damele
2665066dae
Updated changelog file
2010-04-26 12:35:39 +00:00
Bernardo Damele
054a4aaee7
Updated documentation, almost ready for 0.8 release!
2010-03-12 17:43:38 +00:00
Bernardo Damele
b344a70ba1
Updated changelog
2010-03-11 01:10:55 +00:00
Bernardo Damele
6712b19df2
Updated ChangeLog
2010-03-10 01:14:23 +00:00
Bernardo Damele
e774578180
Updated documentation
2010-03-03 15:16:43 +00:00
Bernardo Damele
dd3f65f0fb
Updated ChangeLog
2010-02-26 15:37:24 +00:00
Bernardo Damele
3c34066d19
Added newly compiled PostgreSQL UDFs for Windows
2010-02-20 20:59:13 +00:00
Bernardo Damele
9ed0744510
Added some error messages to detect back-end DBMS
2010-01-30 22:24:20 +00:00
Bernardo Damele
267cf5dd1a
Updated documentation
2010-01-30 00:08:10 +00:00
Bernardo Damele
7b8316728c
Major bug fix in takeover functionalities on Microsoft SQL Server
2010-01-29 00:09:05 +00:00
Bernardo Damele
c6cae7da41
Updated changelog
2010-01-28 23:10:54 +00:00
Bernardo Damele
b4ce8fe361
Updated ChangeLog file
2010-01-18 15:43:06 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
055b14a11a
Updated Changelog
2010-01-13 12:14:29 +00:00
Bernardo Damele
bb123b2769
Updated changelog
2009-10-23 10:20:47 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
b12d955274
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
2009-02-03 15:38:40 +00:00
Bernardo Damele
6ff8feb5cf
Updated documentation
2009-01-03 01:25:43 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
0e9873fd4f
Preparing documentation for 0.6.4
2008-12-29 18:44:20 +00:00
Bernardo Damele
b0ad102efb
Better fingerprint technique for Microsoft SQL Server
2008-12-22 23:32:43 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
4ae464c80d
Minor enhancement to support an option (--union-tech) to specify the
...
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
7e8ac16245
Added preventive check for stacked queries support when executing DDL,
...
DML & co. statements in SQL query and SQL shell. Minor improvements on
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
3fe493b63d
Minor enhancement to support an option (--is-dba) to show if the
...
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
94c79e3209
Updated documentation
2008-12-17 20:17:34 +00:00
Bernardo Damele
ec11f502df
Site and documentation updated, ready to release 0.6.3 in two days
2008-12-17 00:19:01 +00:00
Bernardo Damele
36d9ede001
Updated documentation, ready for sqlmap 0.6.3 release
2008-12-16 23:52:16 +00:00
Bernardo Damele
072eb7154c
Major enhancement to support Partial UNION query SQL injection technique too.
...
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
...
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
15542d2772
Minor layout adjustment
2008-12-05 16:00:18 +00:00