Bernardo Damele
41e1b95c6c
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
2010-12-05 11:25:44 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
e32be2b4e7
Minor adjustment
2010-11-23 15:06:40 +00:00
Miroslav Stampar
c6545f5c9f
we had a bug (nooooooooo!!!! :))
2010-11-19 10:36:47 +00:00
Miroslav Stampar
42272ca78c
minor update
2010-11-11 22:26:36 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
d5fcc9d8b5
few updates/fixes here and there
2010-11-04 08:03:59 +00:00
Miroslav Stampar
977df7276d
minor update
2010-11-03 06:25:24 +00:00
Miroslav Stampar
4b56fa4f8f
now --tables work for MaxDB
2010-11-02 22:11:45 +00:00
Miroslav Stampar
b761523f3f
now --users works for MaxDB too
2010-11-02 21:52:48 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Miroslav Stampar
749e25a217
Implementation of --passwords for Sybase
2010-10-26 21:35:30 +00:00
Miroslav Stampar
8a9a57c709
update for Sybase and major bug fix for --passwords on MSSQL
2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe
that Sybase is going to be pain in the ass
2010-10-25 21:43:13 +00:00
Miroslav Stampar
aa931efd4d
several MySQL fixes/enhancements pointed out by Anton Mogilin
2010-10-24 22:05:14 +00:00
Miroslav Stampar
68d39d5976
minor minor fix
2010-10-23 09:12:08 +00:00
Miroslav Stampar
32a4350779
update for MaxDB
2010-10-23 09:03:59 +00:00
Miroslav Stampar
98f5586b87
minor update
2010-10-23 08:05:24 +00:00
Miroslav Stampar
f8850e3f41
update (xml fix and refactoring)
2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924
update for Sybase
2010-10-23 07:37:43 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
b032fdbf74
added randInt to error injection vectors
2010-10-20 08:56:58 +00:00
Miroslav Stampar
f2dae98448
fix for MySQL error queries
2010-10-19 23:30:08 +00:00
Miroslav Stampar
1fce9683f8
now --users work for MSSQL too
2010-10-19 15:05:32 +00:00
Miroslav Stampar
80505de15b
now --users work on Oracle and Postgre (tested)
2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c
error based update
2010-10-19 14:47:13 +00:00
Miroslav Stampar
bf850af2d8
fix for Oracle error based query "space" problem
2010-10-19 14:10:09 +00:00
Miroslav Stampar
878135fe40
minor fix
2010-10-19 14:00:27 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Miroslav Stampar
d123bb741a
added error based queries for MySQL, Postgre, MS SQL and Oracle
2010-10-18 21:26:13 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
9840d25b55
update of MaxDB queries
2010-10-12 17:04:20 +00:00
Miroslav Stampar
c4040ab297
fix for Feature #136
2010-08-31 14:25:37 +00:00
Miroslav Stampar
27496b91b2
fix
2010-08-31 13:08:57 +00:00
Miroslav Stampar
266974829d
minor update
2010-08-30 22:39:07 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Bernardo Damele
e0e2349529
Refactor to --search -C and minor bug fix - See #190 .
2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4
Added support to search for tables (--search with -T). See #190 .
2010-05-16 20:46:17 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
14f8514fb5
Minor "revert" to make resume of queries work again
2010-04-15 11:56:47 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00
Miroslav Stampar
d583cc07e7
ms access update
2010-03-30 15:04:55 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
2aadc5c939
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180 .
...
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Miroslav Stampar
6a5a5d55f2
fix for that --stacked-test error reported by dsu@dsu.com.ua
2010-02-09 11:27:42 +00:00
Bernardo Damele
80bd146696
Added support for --dump with -C also on MSSQL
2010-01-10 19:12:54 +00:00
Bernardo Damele
6c1b31d93c
Adjusted --columns with -C also for Microsoft SQL Server
2010-01-10 00:21:03 +00:00