Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc47737c44 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-20 16:00:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2f9227bcce 
							
						 
					 
					
						
						
							
							Sybase update (--passwords)  
						
						
						
					 
					
						2011-02-20 12:07:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f30dea74f3 
							
						 
					 
					
						
						
							
							more Sybase updates  
						
						
						
					 
					
						2011-02-19 18:36:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b71bb321dd 
							
						 
					 
					
						
						
							
							some more Sybase updates  
						
						
						
					 
					
						2011-02-19 18:04:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cec7694aac 
							
						 
					 
					
						
						
							
							some progress regarding SYBASE  
						
						
						
					 
					
						2011-02-19 14:56:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e0efe453ab 
							
						 
					 
					
						
						
							
							minor update regarding Sybase support  
						
						
						
					 
					
						2011-02-19 14:07:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							de7ca5a27c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-19 09:40:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							72fc0a0565 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-19 09:36:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f4ffc9287 
							
						 
					 
					
						
						
							
							update regarding Sybase dumping  
						
						
						
					 
					
						2011-02-19 00:36:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							199f14df46 
							
						 
					 
					
						
						
							
							implementation of MySQL GROUP_CONCAT technique  
						
						
						
					 
					
						2011-02-15 00:28:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7253362114 
							
						 
					 
					
						
						
							
							Minor bug fix so that --file-write on MySQL via UNION query now works again  
						
						
						
					 
					
						2011-02-11 23:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c078de894f 
							
						 
					 
					
						
						
							
							Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA  
						
						
						
					 
					
						2011-02-10 14:24:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a2c20acf94 
							
						 
					 
					
						
						
							
							Minor fixes once more  
						
						
						
					 
					
						2011-02-10 11:34:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0ddaee3c8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-10 11:28:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7539881ffa 
							
						 
					 
					
						
						
							
							fix for dump on Oracle but we still need to discuss some things around  
						
						
						
					 
					
						2011-02-09 14:52:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							caf6220c53 
							
						 
					 
					
						
						
							
							done with implementation for retrieving table names via access system table(s)  
						
						
						
					 
					
						2011-02-09 10:50:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5050a76b59 
							
						 
					 
					
						
						
							
							update regarding reading of table names from access system tables  
						
						
						
					 
					
						2011-02-09 10:33:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b48213783a 
							
						 
					 
					
						
						
							
							Removed senseless debug messsage  
						
						
						
					 
					
						2011-02-08 17:09:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e16bab7117 
							
						 
					 
					
						
						
							
							re-enabled --read-file for MySQL with all techniques  
						
						
						
					 
					
						2011-02-08 17:03:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							008d434325 
							
						 
					 
					
						
						
							
							Important fix now that the file writing is unescaped too  
						
						
						
					 
					
						2011-02-07 00:56:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							db77f8b055 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-02-06 22:33:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecaf5729fd 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-02-06 22:14:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							caaac72029 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-02-06 20:15:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8980227d30 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-06 15:32:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2afc1e5021 
							
						 
					 
					
						
						
							
							Layout adjustments  
						
						
						
					 
					
						2011-02-06 15:28:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a5a648f4fe 
							
						 
					 
					
						
						
							
							Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.  
						
						... 
						
						
						
						Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug 
						
					 
					
						2011-02-06 15:23:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							14c87ec80d 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-02-04 13:29:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a37f5e05b9 
							
						 
					 
					
						
						
							
							Refactoring  
						
						
						
					 
					
						2011-02-01 22:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e3a3ae11cc 
							
						 
					 
					
						
						
							
							Proper return from error-based technique enumeration  
						
						
						
					 
					
						2011-01-31 21:13:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9fc0bedea8 
							
						 
					 
					
						
						
							
							Minor bug fixes  
						
						
						
					 
					
						2011-01-30 21:01:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							50969d238b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-24 17:51:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eea5665b2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-24 17:41:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3e3387113 
							
						 
					 
					
						
						
							
							fix for proper Firebird resume of version  
						
						
						
					 
					
						2011-01-24 11:04:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb33612736 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2011-01-24 10:20:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							77999fb39d 
							
						 
					 
					
						
						
							
							Allow in --sql-shell to always ('a') retrieve query output.  
						
						... 
						
						
						
						Minor bug fix in case with --columns it is not possible to retrieve a column datatype. 
						
					 
					
						2011-01-20 21:49:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b1d6040a48 
							
						 
					 
					
						
						
							
							Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside)  
						
						
						
					 
					
						2011-01-20 21:46:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							50c02fbb37 
							
						 
					 
					
						
						
							
							Done with previous refactoring  
						
						
						
					 
					
						2011-01-20 00:01:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							daebb0010b 
							
						 
					 
					
						
						
							
							Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.  
						
						... 
						
						
						
						Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup. 
						
					 
					
						2011-01-18 23:02:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47565f9459 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2011-01-17 21:13:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							02b333e30b 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2011-01-15 23:54:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa8f0cba7 
							
						 
					 
					
						
						
							
							code reviewing part 2  
						
						
						
					 
					
						2011-01-15 12:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2d9b151883 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-15 10:14:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e9b11b79 
							
						 
					 
					
						
						
							
							Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.  
						
						
						
					 
					
						2011-01-14 12:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8a67aea754 
							
						 
					 
					
						
						
							
							One more step to fully working UNION exploitation after merge into detection phase  
						
						
						
					 
					
						2011-01-12 01:13:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8bdb7ec58c 
							
						 
					 
					
						
						
							
							Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.  
						
						
						
					 
					
						2011-01-12 00:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06230e4d92 
							
						 
					 
					
						
						
							
							Minor code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-11 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0676b38063 
							
						 
					 
					
						
						
							
							revert of one thing for Bernardo and minor update  
						
						
						
					 
					
						2011-01-10 10:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e83a26acf 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:53:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cc46940159 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-07 17:10:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b313a20a3f 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2011-01-07 16:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16a06117f7 
							
						 
					 
					
						
						
							
							Mere cosmetics  
						
						
						
					 
					
						2011-01-07 16:36:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8a48baf789 
							
						 
					 
					
						
						
							
							update for a "problem" reported by nightman@email.de where he lost all of large dumped table because in the middle of dumping 401 was raised  
						
						
						
					 
					
						2011-01-04 13:23:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e1927fe31 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 18:12:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b763feafd9 
							
						 
					 
					
						
						
							
							bug fix (TypeError: object of type 'NoneType' has no len())  
						
						
						
					 
					
						2011-01-02 12:26:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f0dad2a1e4 
							
						 
					 
					
						
						
							
							minor bug fix (in multiple item search only last item was shown)  
						
						
						
					 
					
						2011-01-02 12:23:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7b9d978cf9 
							
						 
					 
					
						
						
							
							minor fix (database and/or table names with - sign inside needs to be escaped by ` character or will lead to a "SQL syntax")  
						
						
						
					 
					
						2011-01-02 11:01:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73e8a10527 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 09:12:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e28b9f26fc 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 08:01:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							26b06bfcfb 
							
						 
					 
					
						
						
							
							update ( http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html )  
						
						
						
					 
					
						2011-01-01 19:38:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ea3d060f6 
							
						 
					 
					
						
						
							
							some fixes/updates here and there  
						
						
						
					 
					
						2011-01-01 12:41:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							076560f59f 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-31 12:58:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5db8ebbfa9 
							
						 
					 
					
						
						
							
							update of mysql comment versions  
						
						
						
					 
					
						2010-12-31 12:42:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							40e3489099 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-31 12:27:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ce19b0c431 
							
						 
					 
					
						
						
							
							optimization of comment checking in MySQL  
						
						
						
					 
					
						2010-12-31 12:21:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							42e7b1b3a7 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-30 22:40:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							20e3a6d72f 
							
						 
					 
					
						
						
							
							fix/refactor/cosmetics (references:  http://www.postgresql.org/docs/6.4/static/release.htm,http://www.postgresql.org/docs/8.2/static/functions-datetime.html#FUNCTIONS-DATETIME-TABLE,http://www.postgresql.org/docs/8.3/static/release-8-3.html )  
						
						
						
					 
					
						2010-12-30 21:53:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7f4acaf6f9 
							
						 
					 
					
						
						
							
							now comment injection fingerprint works with all techniques  
						
						
						
					 
					
						2010-12-30 21:24:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6f17e84e19 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-30 08:29:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a77b186aca 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-27 16:55:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5015f04826 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 16:36:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c1676bdfa 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-27 14:44:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9fb0e0fc85 
							
						 
					 
					
						
						
							
							resume of brute forced data is now available  
						
						
						
					 
					
						2010-12-27 14:17:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d23f226ae 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 11:47:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68462466f2 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by shaohua pan (argument of type 'NoneType' is not iterable)  
						
						
						
					 
					
						2010-12-27 11:36:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							51a492e17d 
							
						 
					 
					
						
						
							
							pretty important commit (now dumped tables are prone to dictionary attack)  
						
						
						
					 
					
						2010-12-27 10:56:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c8d5a6b980 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-27 00:41:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							89c2640d23 
							
						 
					 
					
						
						
							
							basic --search now works with MS Access  
						
						
						
					 
					
						2010-12-26 23:50:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4d6a367e9 
							
						 
					 
					
						
						
							
							this way order given in -C is preserved  
						
						
						
					 
					
						2010-12-26 14:11:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c93f2a703d 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-26 14:02:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e41acb6fc2 
							
						 
					 
					
						
						
							
							further ms access improvements  
						
						
						
					 
					
						2010-12-26 02:13:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c8115eed9 
							
						 
					 
					
						
						
							
							further improvement for ms access table dumping  
						
						
						
					 
					
						2010-12-26 01:04:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5249762794 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-25 16:46:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb099615e2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-25 11:16:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9853c1ec7f 
							
						 
					 
					
						
						
							
							fix for a bug reported by alessio.dallapiazza@gmail.com (AttributeError: users)  
						
						
						
					 
					
						2010-12-25 09:13:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6845d402fa 
							
						 
					 
					
						
						
							
							well, here and there, merry Christmas to all :)  
						
						
						
					 
					
						2010-12-24 20:17:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							706d8e0b88 
							
						 
					 
					
						
						
							
							development update (basic ms access dumping implemented)  
						
						
						
					 
					
						2010-12-24 19:53:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c06dbffc3 
							
						 
					 
					
						
						
							
							bug fix (AttributeError: 'unicode' object has no attribute 'sort')  
						
						
						
					 
					
						2010-12-22 18:55:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b3da473840 
							
						 
					 
					
						
						
							
							Minor bug fix when --dbs has only one DB name  
						
						
						
					 
					
						2010-12-22 14:29:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c9ab8ae60e 
							
						 
					 
					
						
						
							
							Bug fix to properly identify if current user is DBA (--is-dba) on MySQL  
						
						
						
					 
					
						2010-12-22 14:06:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c89021f0bb 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2010-12-22 11:46:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d25da5135 
							
						 
					 
					
						
						
							
							better way to handle this one  
						
						
						
					 
					
						2010-12-22 00:51:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							306501363c 
							
						 
					 
					
						
						
							
							fuck, sorry, 0 was OK (STRCMP() returns 0 if the strings are the same)  
						
						
						
					 
					
						2010-12-22 00:41:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6e6afd6f2 
							
						 
					 
					
						
						
							
							minor fix ("To clarify a bit: STRCMP() is case-insensitive as of MySQL 4.0." -  http://bugs.mysql.com/bug.php?id=2102 )  
						
						
						
					 
					
						2010-12-22 00:38:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6f2ce15478 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-22 00:27:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cb61401c18 
							
						 
					 
					
						
						
							
							bug fix ( http://dev.mysql.com/doc/refman/5.0/es/news-5-0-11.html  - "Added support of where clause for queries with FROM DUAL")  
						
						
						
					 
					
						2010-12-22 00:20:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f905adb7c1 
							
						 
					 
					
						
						
							
							way better as there is no official release version for FOUND_ROWS() (it appears somewhere in alphas/betas of 4.0.x - i've stumbled upon one site with 4.0.22 and it didn't recognized FOUND_ROWS).  
						
						
						
					 
					
						2010-12-21 22:18:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							385e208f38 
							
						 
					 
					
						
						
							
							code refactoring regarding standard output suppression and some threading issues  
						
						
						
					 
					
						2010-12-21 14:21:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b37ddada4 
							
						 
					 
					
						
						
							
							removed some blank trailing spaces (with extra/shutils/blanks.sh)  
						
						
						
					 
					
						2010-12-21 10:31:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1a3f57e5fe 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-21 09:23:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03b275ce33 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-20 23:27:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							518b3e094c 
							
						 
					 
					
						
						
							
							bug fix ( http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows )  
						
						
						
					 
					
						2010-12-20 23:00:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd3e7ba1f 
							
						 
					 
					
						
						
							
							thread based data added  
						
						
						
					 
					
						2010-12-20 22:45:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							364bc8e7d4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 11:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							28da1141cf 
							
						 
					 
					
						
						
							
							some fixes (for MySQL < 4.0)  
						
						
						
					 
					
						2010-12-20 11:23:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76024c455f 
							
						 
					 
					
						
						
							
							minor fix (using older commands for basic MySQL check)  
						
						
						
					 
					
						2010-12-20 11:15:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36862e2efa 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-18 15:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71cf0bd2a5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-18 13:08:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a067e805fa 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-17 22:23:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							108a96c6b4 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2010-12-17 21:45:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a19cb2c13a 
							
						 
					 
					
						
						
							
							code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")  
						
						
						
					 
					
						2010-12-17 21:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b4450c6ddd 
							
						 
					 
					
						
						
							
							added one more level of MSSQL version check (if first fails for some reason)  
						
						
						
					 
					
						2010-12-17 21:01:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3ee44584d4 
							
						 
					 
					
						
						
							
							i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string')  
						
						
						
					 
					
						2010-12-14 12:57:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4c6e902471 
							
						 
					 
					
						
						
							
							removed obsolete comment  
						
						
						
					 
					
						2010-12-14 07:49:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a02dd6b55b 
							
						 
					 
					
						
						
							
							Minor enhancement to speedup active dbms fingerprint (-f).  
						
						... 
						
						
						
						Code cleanup and refactoring. 
						
					 
					
						2010-12-13 21:33:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e98d9c08e1 
							
						 
					 
					
						
						
							
							dumping table is now possible on Firebird too  
						
						
						
					 
					
						2010-12-12 14:38:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f9bc6fc78f 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-11 22:14:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c93634b6c7 
							
						 
					 
					
						
						
							
							blind dumping of tables in sqlite implemented  
						
						
						
					 
					
						2010-12-11 22:13:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b1babeefe5 
							
						 
					 
					
						
						
							
							update regarding dumping of tables with blind on Sqlite  
						
						
						
					 
					
						2010-12-11 22:00:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c66fa37c 
							
						 
					 
					
						
						
							
							update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available  
						
						
						
					 
					
						2010-12-11 17:55:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1beb1dd2cc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-11 09:30:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							435f48b8cc 
							
						 
					 
					
						
						
							
							polite cosmetics  
						
						
						
					 
					
						2010-12-10 15:28:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7c87ad4065 
							
						 
					 
					
						
						
							
							Minor speedup in -f mysql  
						
						
						
					 
					
						2010-12-10 13:05:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b02bd55edc 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-10 13:04:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d71e51e765 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2010-12-10 11:31:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4741874e9e 
							
						 
					 
					
						
						
							
							Enhancement to speedup MySQL fingerprint  
						
						
						
					 
					
						2010-12-10 11:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e98b81fe32 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2010-12-10 10:56:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5e7a8d305 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-10 10:54:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bbffea2cbc 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-09 17:10:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eb2c408a9 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-09 16:49:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cdff29ada7 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-09 11:23:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81c16926c1 
							
						 
					 
					
						
						
							
							code refactoring some more  
						
						
						
					 
					
						2010-12-08 14:46:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17449754fe 
							
						 
					 
					
						
						
							
							Got rid of UNION false cond  
						
						
						
					 
					
						2010-12-05 16:16:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5764816891 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-03 22:28:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2cc167a42e 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"  
						
						
						
					 
					
						2010-12-02 18:57:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bf09b8a6d9 
							
						 
					 
					
						
						
							
							added Firebird error based (WHERE) attack vector  
						
						
						
					 
					
						2010-12-02 15:09:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f943f5e4 
							
						 
					 
					
						
						
							
							Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.  
						
						... 
						
						
						
						Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file. 
						
					 
					
						2010-11-30 22:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c22338ce90 
							
						 
					 
					
						
						
							
							Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).  
						
						
						
					 
					
						2010-11-29 11:47:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ba4ea32603 
							
						 
					 
					
						
						
							
							first working version of dictionary attack  
						
						
						
					 
					
						2010-11-23 13:24:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							360aff7a4d 
							
						 
					 
					
						
						
							
							sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle  
						
						
						
					 
					
						2010-11-17 17:20:32 +00:00