Commit Graph

10079 Commits

Author SHA1 Message Date
Miroslav Stampar
87d8c6719e updates, fixes and stuff 2010-03-30 11:06:30 +00:00
Miroslav Stampar
f04449be03 update 2010-03-29 23:48:21 +00:00
Miroslav Stampar
4dd2cdef47 update 2010-03-27 23:48:12 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
4ca1adba2c update 2010-03-26 21:30:36 +00:00
Miroslav Stampar
1ec5221d82 minor update 2010-03-26 20:51:55 +00:00
Bernardo Damele
eaa9dd07bc Minor bug fix for --roles 2010-03-26 20:45:22 +00:00
Miroslav Stampar
0aa8f7309b added copyright notice and keywords 2010-03-26 20:23:08 +00:00
Miroslav Stampar
2e05e1c54d new module for Feature #61 2010-03-26 20:19:18 +00:00
Miroslav Stampar
8bab94de64 added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71 2010-03-26 17:18:02 +00:00
Miroslav Stampar
5a6a01f24c added socket timeout exception handling regarding that timeout message from Fahad Al Shunaiber 2010-03-26 11:51:23 +00:00
Bernardo Damele
be81c20298 Minor layout adjustment 2010-03-25 16:26:50 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180.
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
f4f68218bc Minor layout adjustment for --threads and --eta output 2010-03-25 11:47:18 +00:00
Bernardo Damele
a63e251b25 Ahead with code refactoring, related to r1502.
Fixed svn:keywords propset to all .py files.
2010-03-23 21:26:45 +00:00
Bernardo Damele
f0f1176396 Updated THANKS 2010-03-23 21:24:31 +00:00
Bernardo Damele
8e57767c48 Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET 2010-03-23 10:27:39 +00:00
Bernardo Damele
09768a7b62 Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
f9a135e232 Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 17:38:19 +00:00
Bernardo Damele
9e8a108768 Updated 2010-03-22 15:43:38 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Bernardo Damele
72f3674844 Minor bug fix 2010-03-18 17:36:58 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Miroslav Stampar
f1fde2e443 added basic skeleton for FAQ doc 2010-03-17 12:56:26 +00:00
Bernardo Damele
d2f86fb0a5 Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now 2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a Fixes #178 and #179 - proper handling of custom redirects 2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b Revert last commit 2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d Fix for Issue #177 2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2 Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g) 2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414 Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 14:24:43 +00:00
Miroslav Stampar
417f7fae00 Fix for "bug: -g uses wrong session file" 2010-03-15 12:02:04 +00:00
Miroslav Stampar
8af7d6c58b minor cosmetic update 2010-03-15 11:55:13 +00:00
Miroslav Stampar
a0ec447b7d fix for Issue #170 2010-03-15 11:33:34 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
5063401130 Minor bug fix, fixes #170 2010-03-15 11:00:14 +00:00
Bernardo Damele
572b6fd920 sqlmap 0.8 stable! 2010-03-15 01:17:27 +00:00
Bernardo Damele
bfbf58b04e Generated new user's manual html and pdf 2010-03-13 22:07:08 +00:00
Bernardo Damele
ee89709042 Updated manual 2010-03-13 21:56:38 +00:00
Miroslav Stampar
ba6172a381 Added: svn:keywords 2010-03-13 17:30:16 +00:00
Miroslav Stampar
a6ab42c873 new file with getch() method which we'll use for good samaritan feature 2010-03-13 17:28:23 +00:00
Miroslav Stampar
4bef12a2b4 doc update 2010-03-13 14:35:56 +00:00
Miroslav Stampar
5f76d27779 minor typo correction 2010-03-13 10:44:24 +00:00
Miroslav Stampar
4c6c91a80b another --reg-read fix 2010-03-12 23:12:06 +00:00
Bernardo Damele
c42c4982c3 Updated documentation according to r1460 2010-03-12 22:59:03 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
6b1ae62753 final fix for reading registry keys (now both parse and non-parse reads work fine) 2010-03-12 22:26:06 +00:00
Miroslav Stampar
0a2fe651ab some fixes regarding registry reading 2010-03-12 22:09:58 +00:00
Bernardo Damele
054a4aaee7 Updated documentation, almost ready for 0.8 release! 2010-03-12 17:43:38 +00:00