312 Commits

Author	SHA1	Message	Date
Bernardo Damele	3a8309c4b0	Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches	2011-05-10 15:34:54 +00:00
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: ... $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Bernardo Damele	36a9ddaacc	Minor bug fixes and code restyling for --privileges and --passwords	2011-04-30 14:50:27 +00:00
Bernardo Damele	7df954dd9f	paranoy	2011-04-21 23:41:25 +00:00
Miroslav Stampar	0764c4c752	parenthesis were missing; banning OR NOT from payloads	2011-04-21 23:32:53 +00:00
Bernardo Damele	1d61611145	leftover	2011-04-21 22:46:43 +00:00
Bernardo Damele	870f773d70	In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this	2011-04-21 20:36:50 +00:00
Miroslav Stampar	05a0e1d3b0	fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting)	2011-04-15 11:34:14 +00:00
Miroslav Stampar	136e85abf3	little refresh of PHPIDS rules for --check-payload	2011-04-11 15:37:49 +00:00
Miroslav Stampar	75f286cf6d	minor update conformant to http://dev.mysql.com/doc/refman/4.1/en/comments.html	2011-04-10 23:41:00 +00:00
Miroslav Stampar	3177c6023d	lol. re-revert	2011-04-10 23:30:56 +00:00
Bernardo Damele	9ea4010508	Leave it as is :)	2011-04-10 23:20:35 +00:00
Miroslav Stampar	3e680978a9	revert of that last commit (waiting for some better days)	2011-04-10 23:18:38 +00:00
Miroslav Stampar	f532478a34	update of MySQL comments	2011-04-10 23:08:18 +00:00
Bernardo Damele	af096b2c83	Leave it as is!!!	2011-04-10 21:47:23 +00:00
Miroslav Stampar	d0cef21d9c	fix	2011-04-10 21:19:34 +00:00
Miroslav Stampar	6fa2fd139c	implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)	2011-04-08 15:17:57 +00:00
Bernardo Damele	02eeeccd33	Added UNION query SQL injection tests also with a random number for columns (not only NULL)	2011-04-07 13:39:36 +00:00
Miroslav Stampar	ca009e9fe2	minor update	2011-04-07 10:43:19 +00:00
Miroslav Stampar	672abc27fd	minor adjustment of livetests for new flavor of --technique	2011-04-07 10:41:12 +00:00
Miroslav Stampar	e27afef6be	minor update regarding --current-db on Oracle	2011-04-01 15:56:11 +00:00
Miroslav Stampar	60102209f6	quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split')	2011-04-01 11:14:24 +00:00
Miroslav Stampar	b7813f9e68	incrementing level for MySQL stacked payloads	2011-03-29 07:31:56 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	73e5d20ade	bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)	2011-03-28 11:01:55 +00:00
Miroslav Stampar	5eb7787fc9	adding partial union cases to the live tests	2011-03-25 15:56:15 +00:00
Miroslav Stampar	670aa7f99b	update for live tests (added dumping of columns and table values)	2011-03-25 15:37:11 +00:00
Miroslav Stampar	e80c9e08d8	minor update regarding --live-test	2011-03-25 09:03:08 +00:00
Miroslav Stampar	82ab4c8dc2	minor fix (ORDER BY 1 screws things up in blind mode)	2011-03-24 14:19:32 +00:00
Miroslav Stampar	06a5c39efe	fix related to the bug reported by Alone Shell	2011-03-24 14:03:40 +00:00
Miroslav Stampar	cef2c0879d	adding live test cases for --technique=1 too	2011-03-24 12:19:40 +00:00
Miroslav Stampar	33c01726dd	adding basic live tests for MSSQL too	2011-03-24 12:01:53 +00:00
Miroslav Stampar	2b15ad57c2	basic live tests against 3 major DBMSes	2011-03-24 11:47:01 +00:00
Miroslav Stampar	b72cdfe9e6	fix for mssql regarding usage of schema names reported by jabra@spl0it.org	2011-03-23 10:40:34 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	4889764114	minor update regarding last commit	2011-03-21 11:40:27 +00:00
Miroslav Stampar	5291fe35c9	proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)	2011-03-21 11:29:43 +00:00
Miroslav Stampar	0535225fe7	throwing out obsolete ORDER BY 1 from inband queries	2011-03-16 14:18:12 +00:00
Miroslav Stampar	eedd6a990d	removing space after , for our payloads	2011-03-08 14:29:22 +00:00
Miroslav Stampar	3dc31f6273	removing spaces after , in our queries	2011-03-08 14:07:26 +00:00
Miroslav Stampar	ff9080de48	MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL	2011-02-21 20:59:34 +00:00
Miroslav Stampar	08697e60a9	added some Microsoft Access payloads	2011-02-21 20:04:50 +00:00
Bernardo Damele	3e8c204121	Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba	2011-02-21 16:00:56 +00:00
Miroslav Stampar	68a95fd1b1	minor update	2011-02-20 22:45:23 +00:00
Miroslav Stampar	aac817935a	further improvement of MaxDB support	2011-02-20 22:41:42 +00:00
Miroslav Stampar	a3ba8b6928	--dump now works on MaxDB too	2011-02-20 22:07:12 +00:00
Miroslav Stampar	59e666d16e	--is-dba (related) update for Sybase	2011-02-20 17:28:06 +00:00
Miroslav Stampar	67ec691eb1	more updates regarding Sybase	2011-02-20 16:28:48 +00:00
Miroslav Stampar	823e4351b5	minor change	2011-02-20 12:34:09 +00:00