Miroslav Stampar
|
0e8d8577a7
|
adding a DB2 patch from smcintyre@securestate.com
|
2012-05-21 08:26:19 +00:00 |
|
Miroslav Stampar
|
079e0e1434
|
minor bug fix
|
2012-05-18 08:51:50 +00:00 |
|
Miroslav Stampar
|
96299d3d5d
|
minor refactoring
|
2012-05-03 22:34:18 +00:00 |
|
Miroslav Stampar
|
8013a64f8c
|
minor refactoring
|
2012-05-01 19:57:30 +00:00 |
|
Miroslav Stampar
|
c71d435d9f
|
making "id"-like columns prioritized for ORDER BY in MySQL
|
2012-05-01 19:52:02 +00:00 |
|
Miroslav Stampar
|
458a73c9b4
|
few consistency fixes
|
2012-04-29 23:09:00 +00:00 |
|
Miroslav Stampar
|
c7a606637f
|
switching few readInput defaults for brute forcing when no table/column found
|
2012-04-27 12:59:22 +00:00 |
|
Bernardo Damele
|
4da03d898e
|
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
|
2012-04-25 07:40:42 +00:00 |
|
Bernardo Damele
|
6116853025
|
Minor layout adjustments
|
2012-04-24 17:01:24 +00:00 |
|
Bernardo Damele
|
072e08836f
|
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE
|
2012-04-19 14:05:45 +00:00 |
|
Miroslav Stampar
|
5e358b51f9
|
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
|
2012-04-04 09:25:05 +00:00 |
|
Miroslav Stampar
|
b0787f193c
|
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
|
2012-04-03 14:34:15 +00:00 |
|
Miroslav Stampar
|
886aa22efc
|
minor update
|
2012-04-03 12:19:37 +00:00 |
|
Miroslav Stampar
|
f7a664b120
|
enablind DNS server for DNS data exfiltration
|
2012-03-31 12:08:27 +00:00 |
|
Miroslav Stampar
|
645fc8a21c
|
minor refactoring
|
2012-03-27 08:31:48 +00:00 |
|
Miroslav Stampar
|
72c5b034bf
|
minor update
|
2012-03-19 11:50:38 +00:00 |
|
Miroslav Stampar
|
cb8caf7e0f
|
i am not very bright today :)
|
2012-03-19 11:23:23 +00:00 |
|
Miroslav Stampar
|
d5915e5d44
|
one other fix
|
2012-03-19 11:19:26 +00:00 |
|
Miroslav Stampar
|
7abfa2e6d4
|
minor fix
|
2012-03-19 11:18:00 +00:00 |
|
Miroslav Stampar
|
cce5c3c009
|
minor changes for version numbers
|
2012-03-19 11:07:03 +00:00 |
|
Bernardo Damele
|
48e8c978fb
|
Minor fix, way more to do for --search -C for MSSQL
|
2012-03-15 17:55:49 +00:00 |
|
Bernardo Damele
|
0013b0970f
|
Minor layout adjustments - foundDb is misleading at that stage
|
2012-03-15 16:07:16 +00:00 |
|
Miroslav Stampar
|
8cf5d260fd
|
Application Data is not a temporary directory writable by everybody
|
2012-03-14 23:44:29 +00:00 |
|
Bernardo Damele
|
c735d846ee
|
The default temporary directory as to stay as is, do not touch this code snippet anymore please
|
2012-03-14 22:39:46 +00:00 |
|
Miroslav Stampar
|
ca0d068575
|
distinguishing NULL from BLANK
|
2012-03-14 13:52:23 +00:00 |
|
Miroslav Stampar
|
1d0c8a7f44
|
minor update
|
2012-03-12 15:19:02 +00:00 |
|
Bernardo Damele
|
48592f2515
|
minor adjustments
|
2012-03-09 18:34:18 +00:00 |
|
Bernardo Damele
|
be9b103b51
|
minor bug fix
|
2012-03-09 18:02:50 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Bernardo Damele
|
d9e499af9f
|
Set Id property
|
2012-03-09 12:05:21 +00:00 |
|
Bernardo Damele
|
7330dff255
|
Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries
|
2012-03-08 16:57:53 +00:00 |
|
Miroslav Stampar
|
e678219a8c
|
minor update
|
2012-03-08 15:51:30 +00:00 |
|
Bernardo Damele
|
ae87df5670
|
leftover
|
2012-03-08 15:45:33 +00:00 |
|
Bernardo Damele
|
4bc6f3f6c9
|
Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore
|
2012-03-08 15:32:05 +00:00 |
|
Miroslav Stampar
|
68b9d48d0a
|
minor update
|
2012-03-08 15:30:23 +00:00 |
|
Miroslav Stampar
|
2ab80bfb2c
|
minor bug fix
|
2012-03-08 15:24:05 +00:00 |
|
Bernardo Damele
|
c79807f5fb
|
Minor layout adjustments
|
2012-03-08 15:11:24 +00:00 |
|
Miroslav Stampar
|
761ec7529a
|
minor appereance fix
|
2012-03-01 11:52:30 +00:00 |
|
Miroslav Stampar
|
8b9c5c66cc
|
code refactoring regarding charsetType inside inference/bisection
|
2012-02-29 14:36:23 +00:00 |
|
Miroslav Stampar
|
10dd9096f7
|
one more just in case fix for safeSQLIdentificator naming on MSSQL --tables
|
2012-02-29 14:05:53 +00:00 |
|
Miroslav Stampar
|
d06182347f
|
fixing few potential problems
|
2012-02-29 13:56:40 +00:00 |
|
Miroslav Stampar
|
74b19a0386
|
minor update
|
2012-02-25 10:43:10 +00:00 |
|
Miroslav Stampar
|
26b33154ab
|
optimal fix related to the last commit
|
2012-02-24 14:28:41 +00:00 |
|
Miroslav Stampar
|
9d6fd2e507
|
bug fix for --schema --technique=BST
|
2012-02-24 14:12:19 +00:00 |
|
Miroslav Stampar
|
f9d2971474
|
minor just in case fix
|
2012-02-23 16:37:06 +00:00 |
|
Miroslav Stampar
|
6e54cb171f
|
minor code restyling
|
2012-02-22 15:53:36 +00:00 |
|
Miroslav Stampar
|
61a25418a9
|
minor update
|
2012-02-22 10:45:10 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Bernardo Damele
|
f55ad46119
|
Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently
|
2012-02-20 11:06:55 +00:00 |
|