sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	570562369b	Further fixes for sqlmap to work properly with HSQLDB (WebGoat)	2015-10-13 13:04:59 +02:00
Miroslav Stampar	47a42c234e	Fixes #1459	2015-10-10 19:19:50 +02:00
Miroslav Stampar	9641e84dd9	Bug fixes for HSQLDB	2015-10-09 16:52:13 +02:00
Miroslav Stampar	d424d4cdc7	Fixes #1457	2015-10-09 11:54:28 +02:00
Miroslav Stampar	401905b2dd	Minor improvement to UNION file write	2015-07-26 17:02:46 +02:00
Miroslav Stampar	96327b6701	Fixes #1290	2015-07-05 01:47:01 +02:00
Miroslav Stampar	166dc98e81	Minor patch	2015-07-05 00:03:29 +02:00
Miroslav Stampar	97244f5e5e	Fixes #1279	2015-06-29 00:20:35 +02:00
Miroslav Stampar	b212321c07	Fixes #1278	2015-06-26 10:30:53 +02:00
Miroslav Stampar	b02be9674f	Fixes #1277	2015-06-26 10:11:34 +02:00
Miroslav Stampar	7d418af274	Fix for a bug reported privately by email	2015-06-22 16:28:35 +02:00
Miroslav Stampar	9e5ef094a3	Closes #1270	2015-06-16 22:20:21 +02:00
Miroslav Stampar	77c96de4ea	Minor patch related to the last commit	2015-04-22 10:33:22 +02:00
Miroslav Stampar	95b52a02ec	Minor patch for custom injection into HTTP Authorization header	2015-04-22 10:28:16 +02:00
Miroslav Stampar	45bdefd29b	Update of copyright	2015-01-06 15:02:16 +01:00
Miroslav Stampar	4f122ee008	Bug fix regarding a problem reported by user @blink2014	2014-12-20 00:23:31 +01:00
Miroslav Stampar	8cd40f8917	Patch for an Issue #971	2014-11-25 13:54:26 +01:00
Miroslav Stampar	816348f1ab	Patch for an Issue #963	2014-11-24 11:54:04 +01:00
Miroslav Stampar	4e0e64d06b	Bug fix for DNS Exfiltration in PgSQL case ('invalid URI')	2014-10-31 20:28:37 +01:00
Miroslav Stampar	e239fefe67	Minor patch for JSON requests	2014-10-22 10:38:49 +02:00
Miroslav Stampar	c823c58d47	One patch related to the Issue #846	2014-10-09 14:39:54 +02:00
Miroslav Stampar	00fc842c6f	Update agent.py	2014-09-20 10:20:57 +02:00
Miroslav Stampar	637d3cbaf7	Fix for cases when parameter name is urlencoded	2014-09-12 13:29:30 +02:00
Miroslav Stampar	658110e644	Minor fix	2014-08-11 12:46:37 +02:00
Miroslav Stampar	3cfa63646b	Minor bug fix	2014-07-19 23:17:23 +02:00
Miroslav Stampar	7f371c499d	Commit related to the last one	2014-04-10 21:29:59 +02:00
Miroslav Stampar	096ce7881e	Minor beauty patch	2014-04-10 21:18:24 +02:00
Miroslav Stampar	0d1690de61	Minor fix	2014-04-10 21:18:24 +02:00
Miroslav Stampar	1e8349eeaa	Minor fix	2014-04-10 21:18:24 +02:00
Miroslav Stampar	1632bec10b	Another fix related to the last commit	2014-04-03 09:05:12 +02:00
Miroslav Stampar	3e024ac8e6	Minor update (consistency patch)	2014-03-30 16:51:31 +02:00
Miroslav Stampar	97f603af4a	Fix for an Issue #641	2014-03-17 20:20:25 +01:00
Miroslav Stampar	6369a38ebc	Adding support for JSON-like data with single quote	2014-02-26 08:56:17 +01:00
Miroslav Stampar	f97fcb7bb3	Adding a switch --invalid-string	2014-01-23 21:56:06 +01:00
Miroslav Stampar	f88f6dcd7e	Changing --invalid-bignum from float producing to int producing	2014-01-23 09:07:25 +01:00
Bernardo Damele	43a4e85749	updated copyright	2014-01-13 17:24:49 +00:00
Miroslav Stampar	6c80f2903b	Patch for an Issue #564	2013-12-27 11:02:59 +01:00
Miroslav Stampar	cadbddd607	Adding a boundary proposed in Issue #564	2013-12-27 10:46:18 +01:00
Miroslav Stampar	02de2aee6d	Patch for an Issue #582	2013-12-26 22:27:04 +01:00
Miroslav Stampar	dd2ddec79a	Minor fix (better extraction of original value in case of replacement and custom POST injection mark)	2013-12-03 13:37:04 +01:00
Miroslav Stampar	fabbe63f00	Proper fix for re.sub() call with repl value containing backslash	2013-10-23 18:07:38 +02:00
Miroslav Stampar	28529a92a7	Minor fix (for parameters with \ in value)	2013-10-23 10:49:50 +02:00
Miroslav Stampar	304c9822bd	Patch for an Issue #545	2013-10-17 16:38:07 +02:00
Miroslav Stampar	a944028114	Revert of last commit	2013-10-02 22:14:50 +02:00
Miroslav Stampar	9ceb518a50	Minor patch	2013-10-02 22:03:53 +02:00
Miroslav Stampar	2fbd7e8929	Minor fix	2013-09-24 21:56:40 +02:00
stamparm	28cd50b2f1	Patch for an Issue #490	2013-07-16 14:08:32 +02:00
stamparm	ac2d40e259	Revert of last commit (there is a chance that that big integer value is really valid :)	2013-07-15 13:34:38 +02:00
stamparm	a097ee1505	Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)	2013-07-15 13:31:56 +02:00
stamparm	dc1623a40f	Fix for a bug reported over ML (error: unbalanced parenthesis)	2013-07-11 10:20:58 +02:00
stamparm	aad102378a	Fix for an Issue #487	2013-07-09 11:00:43 +02:00
stamparm	f97b35dcc1	Patch for an Issue #475	2013-07-01 13:43:38 +02:00
stamparm	f7d15cb465	Official naming is HSQLDB (and/or HyperSQL)	2013-07-01 11:57:47 +02:00
Miroslav Stampar	aeb83ba651	Merge pull request #475 from Meatballs1/hsql_clean HSQL Payloads and Query Support	2013-07-01 02:38:04 -07:00
Meatballs	09e1dc814d	Fix concat	2013-06-24 23:20:34 +01:00
Miroslav Stampar	fca6772df6	Implementation for an Issue #468	2013-06-22 00:13:46 +02:00
stamparm	1c47b33020	Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)	2013-04-15 15:23:45 +02:00
Miroslav Stampar	b67f342975	Minor patch	2013-04-01 17:32:16 +02:00
stamparm	473a39b820	Minor language fix	2013-03-26 14:11:17 +01:00
stamparm	ad039c335d	Implementation for an Issue #423	2013-03-21 11:28:44 +01:00
stamparm	10e6c70c22	Trivial style update (undoing last dummy commit)	2013-03-19 10:43:29 +01:00
stamparm	70265fd3b5	Trivial style update	2013-03-19 10:43:03 +01:00
stamparm	5adac57ca9	Trivial style update	2013-03-19 10:42:50 +01:00
Miroslav Stampar	5df1f5528e	More general update for an Issue #421	2013-03-15 22:49:09 +01:00
Miroslav Stampar	f0a419bdec	Patch for an Issue #421	2013-03-15 22:08:15 +01:00
Miroslav Stampar	8e6692d793	Minor fix (for JSON values with :)	2013-03-05 20:12:24 +01:00
stamparm	55f33da85a	Fix for invalid logical test cases	2013-03-01 12:04:49 +01:00
Miroslav Stampar	515be4ee0b	Minor just in case commit related to the last one	2013-02-14 19:58:10 +01:00
Miroslav Stampar	fef60b73f4	Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases	2013-02-14 19:53:26 +01:00
Miroslav Stampar	c72353321d	Minor update for an Issue #392	2013-02-14 13:36:33 +01:00
Bernardo Damele	4b9d8ed673	reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter	2013-02-14 11:32:17 +00:00
Bernardo Damele	a67ef4117f	make sure to use Python 2 interpreter when default system Python is version 3	2013-02-14 11:25:04 +00:00
Miroslav Stampar	d78a3e977b	Update (allowing regular char * to be inside SOAP/JSON/XML)	2013-02-13 12:24:42 +01:00
Miroslav Stampar	6314d64a70	Renaming --binary to --binary-fields	2013-02-13 11:27:03 +01:00
Miroslav Stampar	8b4f72322a	Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format)	2013-02-13 09:56:44 +01:00
Miroslav Stampar	cfcf8a3abb	Another update for an Issue #380 (--common-... switches)	2013-01-31 13:49:19 +01:00
Miroslav Stampar	2420a4b626	Update for an Issue #342 and #372	2013-01-31 10:01:52 +01:00
Miroslav Stampar	9b4eaa9272	Minor fix	2013-01-30 18:21:15 +01:00
Miroslav Stampar	fdea8ddea6	Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372 )	2013-01-30 16:55:09 +01:00
Miroslav Stampar	719c7f622b	Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)	2013-01-22 15:51:06 +01:00
Miroslav Stampar	2ec828f1cb	Fix for an Issue #367	2013-01-22 14:27:17 +01:00
Miroslav Stampar	b35a0810ef	Fix for an Issue #364	2013-01-21 17:01:52 +01:00
Miroslav Stampar	1e3f68c7ff	Rewriting some query crafting parts (especially those .find(' FROM '))	2013-01-21 16:15:38 +01:00
Miroslav Stampar	832d95984c	IFNULL-like mechanism now works on SQLite 2 too	2013-01-21 15:04:27 +01:00
Miroslav Stampar	3200134b3b	Fix for a regression test #30 test case fail (Firebird inline)	2013-01-21 10:12:54 +01:00
Bernardo Damele	3373e30808	minor fix for a bug introduced with commit `1ad9e26a21`	2013-01-20 02:40:40 +00:00
Bernardo Damele	0e78fbef56	correctly format SQLi payload for inline query technique	2013-01-19 00:28:03 +00:00
Bernardo Damele	1ad9e26a21	bug fix for ORDER BY users provided statements (issue #354 )	2013-01-18 21:40:50 +00:00
Miroslav Stampar	601eb1e49a	Unescaping is renamed to escaping	2013-01-18 15:40:37 +01:00
Bernardo Damele	a43202f3c0	updated copyright	2013-01-18 14:07:51 +00:00
Bernardo Damele	3464a70ac2	bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected	2013-01-16 01:53:33 +00:00
Bernardo Damele	2a751e075d	more work on #342	2013-01-15 17:14:44 +00:00
Miroslav Stampar	7a1d484115	Implementation for an Issue #340	2013-01-15 16:05:33 +01:00
Miroslav Stampar	fc560f2b75	Minor revert and proper fix	2013-01-14 00:47:29 +01:00
Bernardo Damele	fdd6075859	temporary patch to fix UNION query enumeration	2013-01-13 23:08:23 +00:00
Miroslav Stampar	03dd958d96	Implementation for an Issue #48	2013-01-13 16:22:43 +01:00
Miroslav Stampar	bc4d8d3e02	Implementation for an Issue #332	2013-01-11 11:17:41 +01:00
Miroslav Stampar	934d41dac2	Minor style update (PEP8)	2013-01-10 15:02:28 +01:00
Miroslav Stampar	ca3d35a878	Some PEP8 related style cleaning	2013-01-10 13:18:44 +01:00
Miroslav Stampar	ca1c0c2a1d	Minor style update	2013-01-10 11:54:07 +01:00
Miroslav Stampar	25f01a419f	Minor style update (for the sake of consistency over the code and our PEP8 adaptation)	2013-01-09 15:38:41 +01:00
Miroslav Stampar	55a552ddc4	Update for an Issue #24	2013-01-08 10:55:25 +01:00
Miroslav Stampar	e4a3c015e5	Replacing old and deprecated raise Exception style (PEP8)	2013-01-03 23:20:55 +01:00
Miroslav Stampar	6ae4590edc	Removing problematic per-MySQL LIMIT prefix	2012-12-26 19:48:01 +01:00
Miroslav Stampar	77625e5af7	Minor revert	2012-12-21 19:31:05 +01:00
Miroslav Stampar	8b3e17ed4d	Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)	2012-12-21 14:52:47 +01:00
Bernardo Damele	86872956d5	minor bug fix (for PostgreSQL)	2012-12-19 22:55:31 +00:00
Bernardo Damele	77843f44fb	minor bug fix (issue #314 )	2012-12-19 22:49:02 +00:00
Bernardo Damele	b91c829103	minor bug fix (issue #310 )	2012-12-19 12:42:31 +00:00
Bernardo Damele	9149d77cc8	removed duplicate code - fixes issue #310	2012-12-19 12:17:56 +00:00
Miroslav Stampar	9e2f0131b9	Update lib/core/agent.py	2012-12-18 20:25:00 +01:00
Bernardo Damele	58656bbeb5	minor bug fix, union query has to be limited 0, 0	2012-12-18 16:36:30 +00:00
Miroslav Stampar	974407396e	Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)	2012-12-06 14:14:19 +01:00
Miroslav Stampar	ab67344448	Removed unused imports and variables (pyflake-ing)	2012-12-06 11:15:05 +01:00
Miroslav Stampar	b6650add46	Introducing 'new style classes' (idea from Pull request #284 )	2012-12-06 10:42:53 +01:00
Miroslav Stampar	a7e1e856d4	Fix for an Issue #260	2012-11-28 17:00:26 +01:00
Miroslav Stampar	d490ffb163	Fix for an Issue #259	2012-11-27 11:45:22 +01:00
Miroslav Stampar	d37be5f97b	Fix for an Issue #248	2012-11-14 15:54:24 +01:00
Miroslav Stampar	c1eb803ef5	Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly)	2012-10-28 21:16:51 +01:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	12fc9442b9	Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)	2012-10-25 10:10:23 +02:00
Miroslav Stampar	b82eb3a1ae	Fix for an Issue #210	2012-10-23 13:58:25 +02:00
Miroslav Stampar	f11a640e99	Undo of a previous commit (pdb left inside)	2012-10-22 14:39:35 +02:00
Miroslav Stampar	b913e2123d	Displaying hex-decoded resulting output in --hex mode	2012-10-22 14:39:11 +02:00
Miroslav Stampar	e440b096c5	Fix for an Issue #202	2012-10-15 12:24:30 +02:00
Miroslav Stampar	d464678e10	Minor update for an Issue #49	2012-10-04 18:01:42 +02:00
Miroslav Stampar	84b05e2d18	Better treating of numeric values (Issue #49 )	2012-10-04 16:08:37 +02:00
Miroslav Stampar	9129dac77b	Minor fix for an Issue #134	2012-10-04 15:33:26 +02:00
Miroslav Stampar	461e5ebc5f	Work for Issue #197 and Issue #49	2012-10-04 11:25:44 +02:00
Miroslav Stampar	bcbf0571a5	Implementation for an Issue #49	2012-10-02 14:23:58 +02:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	efe4c13ed1	Update regarding suffixQuery (user supplied --suffix should nullify any eventual payload comments)	2012-09-25 14:36:15 +02:00
Miroslav Stampar	f26ea04e38	Fix for an Issue #175	2012-09-07 17:06:38 +02:00
Miroslav Stampar	cea5127ffd	Update for an Issue #6	2012-09-06 15:51:38 +02:00
Miroslav Stampar	2c66ca39f1	Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0)	2012-08-22 09:53:53 +02:00
Miroslav Stampar	01f481c332	Minor refactoring of dictionaries	2012-08-21 11:19:15 +02:00
Miroslav Stampar	8ee9feafb9	Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)	2012-08-20 21:57:25 +02:00
Bernardo Damele	92c2b3bd4c	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-26 23:11:11 +01:00
Bernardo Damele	d492291744	working on issue #12	2012-07-26 23:11:07 +01:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	f8c9868cb6	Implementation for an Issue #118	2012-07-24 15:34:50 +02:00
Miroslav Stampar	95e0d46e3e	Fix for an Issue #110	2012-07-21 09:15:54 +02:00
Miroslav Stampar	08244c7ebf	Fix for an Issue #104	2012-07-17 15:05:50 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Miroslav Stampar	3fd5119f3f	Redesigning for Issue #75	2012-07-12 13:42:22 +02:00
Bernardo Damele	ee3aeb8dcf	actual implementation of issue #75 , still some work to do	2012-07-12 01:16:00 +01:00
Bernardo Damele	a5924739f6	minor code refactoring in preparation of ticket #75	2012-07-12 01:12:30 +01:00
Bernardo Damele	d3da3f5c52	refactoring for issue #51	2012-07-10 00:19:32 +01:00
Bernardo Damele	99c5ea54f7	cleanup for #34	2012-07-09 12:39:43 +01:00
Bernardo Damele	04d803c7fd	more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)	2012-07-02 15:02:00 +01:00

1 2 3 4 5 ...

482 Commits