sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 03:23:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,027 Commits 4 Branches 117 Tags 97 MiB
1440c9f2d4
Commit Graph

321 Commits

Author SHA1 Message Date
Miroslav Stampar
ff9080de48 MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL 2011-02-21 20:59:34 +00:00
Miroslav Stampar
08697e60a9 added some Microsoft Access payloads 2011-02-21 20:04:50 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
68a95fd1b1 minor update 2011-02-20 22:45:23 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
a3ba8b6928 --dump now works on MaxDB too 2011-02-20 22:07:12 +00:00
Miroslav Stampar
59e666d16e --is-dba (related) update for Sybase 2011-02-20 17:28:06 +00:00
Miroslav Stampar
67ec691eb1 more updates regarding Sybase 2011-02-20 16:28:48 +00:00
Miroslav Stampar
823e4351b5 minor change 2011-02-20 12:34:09 +00:00
Miroslav Stampar
f30dea74f3 more Sybase updates 2011-02-19 18:36:26 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Miroslav Stampar
e0efe453ab minor update regarding Sybase support 2011-02-19 14:07:08 +00:00
Miroslav Stampar
5f4ffc9287 update regarding Sybase dumping 2011-02-19 00:36:47 +00:00
Miroslav Stampar
5fb11fd173 update regarding multiple DBMS payloads 2011-02-13 21:20:21 +00:00
Bernardo Damele
394ccb5cc5 Added query for MSSQL/--privileges 2011-02-10 15:52:55 +00:00
Miroslav Stampar
5050a76b59 update regarding reading of table names from access system tables 2011-02-09 10:33:29 +00:00
Miroslav Stampar
1a5a66870e problem fixed 2011-02-07 11:57:41 +00:00
Bernardo Damele
7dcfcca87f Tests' titles adjustments 2011-02-06 23:17:39 +00:00
Miroslav Stampar
5ecb75cc56 minor update 2011-02-06 15:14:07 +00:00
Miroslav Stampar
f754953c4f reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded. 2011-02-06 12:33:58 +00:00
Miroslav Stampar
97f9c9d119 bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values 2011-02-06 12:24:50 +00:00
Bernardo Damele
27601babb4 Minor adjustments to levels of boundaries 2011-02-04 11:57:47 +00:00
Miroslav Stampar
76ab14f20f revert of r3203 2011-02-04 09:30:20 +00:00
Miroslav Stampar
78d696fd4f i believe that this one should be the first level 1 boundary 2011-02-03 21:27:03 +00:00
Miroslav Stampar
64f18724ad new default UNION test(s) ranges 2011-02-03 16:26:35 +00:00
Miroslav Stampar
4bb7ffcb3a minor update 2011-02-03 13:18:43 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
14de5809ea update 2011-01-31 11:08:58 +00:00
Miroslav Stampar
5aa958a146 ASCII & CHR is quite common, so removing this one 2011-01-24 22:51:15 +00:00
Miroslav Stampar
a1619f84b6 changing level of last payload 2011-01-24 22:31:26 +00:00
Miroslav Stampar
8155f95b82 new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted") 2011-01-24 22:28:54 +00:00
Miroslav Stampar
9f76468005 another premiere, yeeej. IDSes, watch yourself :) 2011-01-24 21:30:46 +00:00
Miroslav Stampar
2fb0c946d2 minor update 2011-01-24 21:21:47 +00:00
Miroslav Stampar
15645f50d4 world premiere :) 2011-01-24 21:21:11 +00:00
Miroslav Stampar
440264341c minor update 2011-01-24 17:43:25 +00:00
Miroslav Stampar
0eea5665b2 minor update 2011-01-24 17:41:36 +00:00
Bernardo Damele
b0dc6c24eb Moved 2011-01-24 17:04:49 +00:00
Miroslav Stampar
c188996627 patch for possible query optimization (avoid precalculation of 1/0) 2011-01-24 16:21:27 +00:00
Bernardo Damele
47fa600c04 Minor fix and cosmetics 2011-01-24 11:12:33 +00:00
Miroslav Stampar
db76bcb327 fix for cases when mixing ingres dbms with spanish word "ingresa" 2011-01-23 11:19:10 +00:00
Miroslav Stampar
7bf05bf2cb minor update 2011-01-22 00:12:03 +00:00
Miroslav Stampar
d6d8d54eda implemented Johannes Dahse / Reiners' technique 2011-01-22 00:06:27 +00:00
Miroslav Stampar
0743202879 minor update 2011-01-21 23:54:25 +00:00
Miroslav Stampar
cb0e7080c5 more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked) 2011-01-21 23:47:45 +00:00
Miroslav Stampar
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) 2011-01-21 18:32:10 +00:00
Miroslav Stampar
79e4b1efd5 added new signature for SQLite error messages 2011-01-20 22:47:03 +00:00
Bernardo Damele
6c490bfc8f Avoid a traceback elsewhere 2011-01-20 21:43:41 +00:00
Bernardo Damele
7ce49bcf0d Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this! 
Adjusted comments accordingly to new UNION-specific tags.
 2011-01-20 21:42:55 +00:00
Miroslav Stampar
f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) 2011-01-20 21:13:28 +00:00
Miroslav Stampar
ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky 2011-01-20 20:30:18 +00:00
Miroslav Stampar
a1d77737f5 minor grammar update (this should be a better form) 2011-01-20 18:35:21 +00:00
Bernardo Damele
81be23976e Confirmed HAVING payloads work as WHERE ones. 
Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS.
Proper handling of title for UNION tests when --union-char is provided.
 2011-01-18 22:55:20 +00:00
Miroslav Stampar
f7d9b22510 because other major DBMSes have at least one level 1 time based payload 2011-01-18 20:32:49 +00:00
Miroslav Stampar
bdcb10cdab added MSSQL time based vector 2011-01-18 02:05:18 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Miroslav Stampar
fb166e9445 adding USER_LOCK stacked query support for ORACLE (older versions) 2011-01-16 10:31:16 +00:00
Miroslav Stampar
f31c028232 Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436) 2011-01-16 10:07:56 +00:00
Bernardo Damele
1b3717c79c Improvement to make time-based blind to work also against login forms 2011-01-12 16:20:29 +00:00
Bernardo Damele
d7a7993e0d Minor comment fix 2011-01-12 11:57:36 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns. 
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
 2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
 2011-01-11 22:18:47 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
2efe7928c0 more concise than previously 2011-01-02 17:06:13 +00:00
Miroslav Stampar
a56934e68b one more MSSQL/ASPX error banner regex 2011-01-02 15:36:57 +00:00
Miroslav Stampar
e6f0c4d857 minor update 2011-01-02 15:32:35 +00:00
Miroslav Stampar
c1d0dde769 added support for .NET banners (http://msdn.microsoft.com/en-us/library/system.data.sqlclient.aspx) 2011-01-02 14:46:31 +00:00
Miroslav Stampar
93cb75ff65 added Nginx 2011-01-02 08:50:27 +00:00
Miroslav Stampar
ded9798e3d minor bug fix 2011-01-01 23:07:50 +00:00
Miroslav Stampar
c3065f6ecc minor fix 2010-12-29 20:38:56 +00:00
Miroslav Stampar
96c3ffd3d7 changing risk level to 0 - lots of MySQL databases around have information_schema unreadable, thus disabling first AND based error payload 2010-12-27 19:02:13 +00:00
Miroslav Stampar
2c8115eed9 further improvement for ms access table dumping 2010-12-26 01:04:30 +00:00
Miroslav Stampar
fb099615e2 minor update 2010-12-25 11:16:35 +00:00
Miroslav Stampar
272476773f getPageTextWordsSet on tableExists is pretty powerful stuff 2010-12-25 09:37:33 +00:00
Miroslav Stampar
706d8e0b88 development update (basic ms access dumping implemented) 2010-12-24 19:53:11 +00:00
Miroslav Stampar
edcf1a0872 few bug fixes 2010-12-24 18:40:48 +00:00
Miroslav Stampar
3043ed095a bug fix (those two regexes where too generic making false MS ACCESS positives here and there) 2010-12-24 00:11:10 +00:00
Miroslav Stampar
5a0aef0f33 fix for a case: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [MySQL][ODBC 3.51 Driver][mysqld-5.1.31-community] - it was wrongly error message recognized as MS SQL Server 2010-12-23 09:53:13 +00:00
Miroslav Stampar
8fc60215ed lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. 2010-12-22 19:12:46 +00:00
Bernardo Damele
c9ab8ae60e Bug fix to properly identify if current user is DBA (--is-dba) on MySQL 2010-12-22 14:06:01 +00:00
Bernardo Damele
e791f8f2b7 Minor fix 2010-12-20 10:33:24 +00:00
Miroslav Stampar
bfdc4fa000 new error vector for MS SQL (from David Guimaraes' mail) 2010-12-17 19:00:20 +00:00
Miroslav Stampar
3ee44584d4 i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string') 2010-12-14 12:57:59 +00:00
Bernardo Damele
207f63cebc Prepare for UNION query tests at detection phase 2010-12-13 21:31:34 +00:00
Miroslav Stampar
33639578ee minor update for MS Access 2010-12-12 15:25:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
acc7d6d40c fix 2010-12-11 11:03:32 +00:00
Miroslav Stampar
ac9080c07b update 2010-12-11 08:24:29 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
7e2984b4b6 added stacked query support for Oracle 2010-12-09 15:24:48 +00:00
Bernardo Damele
4bb40c0a06 Higher the level for Oracle stacked tests just in case the SQL inj is within a PL/SQL function ('cause of no support for stacked queries by design on Oracle) 2010-12-09 15:14:18 +00:00
Miroslav Stampar
d8edc5b244 adding stacked-query vector for Firebird 2010-12-09 15:11:21 +00:00
Bernardo Damele
13b522efc2 Added error-based support for MySQL < 5.0 - closes #14 2010-12-09 15:09:03 +00:00
Miroslav Stampar
5aafd19957 added vector for SQLite's stacked query payload 2010-12-09 15:06:40 +00:00
Miroslav Stampar
71761ba9a5 another fix for another beautiful heavy query payload which took a few 100 megs and 5 mins to run 2010-12-09 10:35:18 +00:00
Miroslav Stampar
094baadc5b bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay) 2010-12-09 10:17:04 +00:00
Bernardo Damele
3b293c4ea7 Added possible stacked queries time-based blind vector for MSSQL 2010-12-08 23:55:42 +00:00
Bernardo Damele
f5ce739bdf Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. 2010-12-08 23:52:31 +00:00
Miroslav Stampar
69c4f94980 update 2010-12-08 15:40:01 +00:00
Miroslav Stampar
ad00fe13c1 another fix for MySQL time based payloads 2010-12-08 12:00:27 +00:00