Commit Graph

1798 Commits

Author SHA1 Message Date
Miroslav Stampar
e51d3a02f1 Update for Issue #43 (renamed --disable-cracking to --disable-hash) 2012-06-28 18:53:47 +02:00
Miroslav Stampar
18b596ea75 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-06-28 18:48:18 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
Miroslav Stampar
2a72fcce2b Fix for Issue #42 2012-06-28 13:55:30 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
ea5d483c86 session file no more 2012-06-21 11:19:30 +00:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
1e67b4f0b9 minor fix 2012-06-20 14:16:26 +00:00
Miroslav Stampar
302d782a0f minor style update 2012-06-19 08:33:51 +00:00
Miroslav Stampar
452ef202ae minor fixes 2012-06-17 22:48:23 +00:00
Miroslav Stampar
b9f6943a42 minor update 2012-06-17 21:23:12 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
76c873a222 minor fix 2012-06-15 06:22:44 +00:00
Miroslav Stampar
76584ff0fa unhidding --test-filter 2012-06-14 14:36:53 +00:00
Miroslav Stampar
d2dd47fb23 some more refactoring 2012-06-14 13:52:56 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
1204eb00b2 minor fix 2012-06-14 12:46:32 +00:00
Miroslav Stampar
19c0efec59 just a minor refactoring 2012-06-14 09:10:28 +00:00
Miroslav Stampar
a51d8c4c79 replacing identifier safe char " with [] enclosing for MsSQL 2012-06-13 15:27:42 +00:00
Miroslav Stampar
367de838c1 minor update 2012-06-13 14:08:32 +00:00
Miroslav Stampar
d7f698fa14 minor update 2012-06-11 22:01:13 +00:00
Miroslav Stampar
058a9c59a2 fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results) 2012-06-05 22:40:55 +00:00
Miroslav Stampar
f94ebe3107 minor fix (credentials were only set for the first target) 2012-06-04 22:30:12 +00:00
Miroslav Stampar
7b282b1d6c adding support for newer SSL protocols 2012-06-04 19:46:28 +00:00
Miroslav Stampar
10b0639a96 making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE) 2012-06-04 09:24:46 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
76eeba10e2 unhiding --dns-domain switch 2012-05-27 18:41:06 +00:00
Miroslav Stampar
71ff081fde minor update 2012-05-27 09:11:19 +00:00
Miroslav Stampar
d335ec0c34 turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars 2012-05-26 07:00:26 +00:00
Miroslav Stampar
db526bdbc0 minor update (tainted values are not checked any more in multipleTargets mode) 2012-05-25 09:52:17 +00:00
Miroslav Stampar
c394610740 adding switch --skip-urlencode to skip URL encoding of POST data 2012-05-24 23:30:33 +00:00
Miroslav Stampar
86fdad2bfa minor update 2012-05-24 22:07:50 +00:00
Miroslav Stampar
eed8d7eb5d finalizing support for IPv6 2012-05-24 21:55:57 +00:00
Miroslav Stampar
b6d37d766a minor update regarding IPv6 support 2012-05-24 21:49:20 +00:00
Miroslav Stampar
92286104e3 minor just in case update 2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177 minor fix 2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293 minor fix 2012-05-24 20:53:01 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d minor style update 2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d minor update 2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5 minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces 2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c minor language update 2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b minor language upgrade 2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284 adding a warning about --tor switch 2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b turning off null connection on -o when --tor used (not compatible) 2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc minor just in case patch 2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98 minor code refactoring 2012-05-10 14:15:17 +00:00
Miroslav Stampar
1418ae9767 little refactoring of parseUnionPage together with a patch for some special case 2012-05-09 18:47:40 +00:00
Miroslav Stampar
37f2709197 making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) 2012-05-09 09:08:23 +00:00
Miroslav Stampar
64c241fe92 limiting original UNION query results to only 1 result (potentially speeding things up in some cases) 2012-05-08 13:45:53 +00:00
Miroslav Stampar
a121339395 automatically writing uncracked hashes to a file for eventual further processing 2012-05-08 10:46:05 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b minor update 2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f causing too much confusion among dummy users 2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set) 2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical 2012-04-25 20:29:07 +00:00
Miroslav Stampar
cec432f94d minor update 2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a adding --purge-output to be one of mandatory switches 2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c minor update 2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce adding new file related to the last commit 2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1 adding option '--purge' 2012-04-23 14:24:23 +00:00
Miroslav Stampar
be2da77bf8 minor update 2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198 minor fix 2012-04-23 10:11:00 +00:00
Miroslav Stampar
2b1b4c0742 minor fix 2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade minor renaming 2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68 reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types) 2012-04-15 16:59:03 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
c7422546e1 tiny update 2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981 minor update 2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093 correcting comment on reflective removal function 2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4 minor fixes 2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f some more updates in reflective removal mechanism 2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497 minor improvement for reflective values (when missing first part of payload like in error reports) 2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2 some more updates for reflective mechanism 2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e improvement of reflective mechanism 2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf minor adjustment 2012-04-11 08:35:09 +00:00
Miroslav Stampar
8541222080 minor update 2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47 minor fix 2012-04-10 22:20:53 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) 2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5 minor refactoring 2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345 minor update 2012-04-04 23:47:06 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255 proper fix 2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00 removing default values for referer and host from higher level/risk options 2012-04-04 10:34:27 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
2c28423cb8 minor update 2012-04-02 14:57:15 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562 few just in case "patches" 2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd minor fix 2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929 minor update regarding DNS data retrieval task 2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4 bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value) 2012-03-31 10:22:50 +00:00
Miroslav Stampar
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection 2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa minor update 2012-03-30 10:37:46 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values 2012-03-29 12:44:20 +00:00
Miroslav Stampar
60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) 2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed) 2012-03-28 19:27:12 +00:00
Miroslav Stampar
7fd64df167 minor code cleaning 2012-03-28 13:31:07 +00:00
Miroslav Stampar
11132ba993 fix for a bug in reflection removal mechanism 2012-03-19 14:28:18 +00:00
Miroslav Stampar
0fc4288a7c modifying redirection code for only two choices 2012-03-18 17:27:08 +00:00
Miroslav Stampar
cbdcbdd786 minor minor update 2012-03-16 11:18:18 +00:00
Miroslav Stampar
adb5fff6b2 one more update related to the redirection mechanism 2012-03-15 20:17:40 +00:00
Miroslav Stampar
19beb912fa first step toward negative logic support 2012-03-15 15:52:12 +00:00
Miroslav Stampar
3d9b1599d1 minor update 2012-03-15 11:45:32 +00:00
Miroslav Stampar
a8c9a47092 redirect logic rewritten from scratch 2012-03-15 11:10:58 +00:00
Bernardo Damele
890bf708bc Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported) 2012-03-15 00:19:57 +00:00
Miroslav Stampar
ca0d068575 distinguishing NULL from BLANK 2012-03-14 13:52:23 +00:00
Miroslav Stampar
61ad3b999a fix for a crash with partial union and --hex 2012-03-14 10:31:24 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
e827f41cdb using pickle HIGHEST_PROTOCOL just in case 2012-03-13 09:35:37 +00:00
Miroslav Stampar
cda8815634 introducing safe deprecation mechanism for HashDB versioning 2012-03-12 22:55:57 +00:00
Miroslav Stampar
6ed1b04bbe minor update 2012-03-12 13:27:07 +00:00
Bernardo Damele
c79807f5fb Minor layout adjustments 2012-03-08 15:11:24 +00:00
Miroslav Stampar
775e424bf2 bug fix for using --no-cast and --hex switches together 2012-03-08 15:04:52 +00:00
Miroslav Stampar
11c7cc5224 minor temporary fix 2012-03-08 11:08:43 +00:00
Miroslav Stampar
98a3e43f53 bug fix for writing raw pickled data into SQLite HashDB 2012-03-08 10:57:47 +00:00
Miroslav Stampar
cd28eb6544 minor update regarding --load-cookies 2012-03-08 10:19:34 +00:00
Miroslav Stampar
2c87d061e9 minor update 2012-03-08 10:03:59 +00:00
Miroslav Stampar
b4cf8b05b3 added switch --load-cookies 2012-03-07 14:48:45 +00:00
Miroslav Stampar
4cfea96471 minor update 2012-03-05 09:56:48 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
37db27b720 turning back on automatic adjusting of delays in time based queries 2012-02-29 15:51:23 +00:00
Miroslav Stampar
0205d96d7b minor fix 2012-02-29 15:38:01 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
f6f98f1b41 minor improvement 2012-02-29 14:19:59 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
f142c0f782 minor update 2012-02-28 14:04:13 +00:00
Miroslav Stampar
22b3fa0749 minor update 2012-02-27 15:28:36 +00:00
Miroslav Stampar
a9bf0297f6 moving injection data to HashDB 2012-02-27 13:44:07 +00:00
Miroslav Stampar
68e08d2749 minor fix for not displaying 'None' but None in enumeration when data unavailable 2012-02-27 13:15:10 +00:00
Miroslav Stampar
3909658fc2 few minor just in case updates 2012-02-27 11:15:53 +00:00
Miroslav Stampar
85125018a1 minor bug fix 2012-02-25 22:54:32 +00:00
Miroslav Stampar
5d307cf886 minor update 2012-02-25 10:54:39 +00:00
Miroslav Stampar
06ab3fa134 minor update 2012-02-25 10:53:38 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
5b67af3b20 minor update 2012-02-24 15:03:39 +00:00
Miroslav Stampar
8a203ef79d making session data strictly dependent on url through HashDB helper functions 2012-02-24 14:58:24 +00:00
Miroslav Stampar
c36cbbb3ae minor fix 2012-02-24 14:54:10 +00:00
Miroslav Stampar
9d6fd2e507 bug fix for --schema --technique=BST 2012-02-24 14:12:19 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f minor update 2012-02-24 11:25:56 +00:00
Miroslav Stampar
1f6ce265b9 minor fix 2012-02-24 11:05:04 +00:00
Miroslav Stampar
5afbd52b61 more update related to last commits 2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00