Miroslav Stampar
|
0ed5ba5559
|
minor update
|
2010-02-16 13:24:09 +00:00 |
|
Miroslav Stampar
|
c4951fd631
|
some updates regarding --os-shell option
|
2010-02-16 13:20:34 +00:00 |
|
Miroslav Stampar
|
b5deab1e43
|
added some basic error handling for it to be more user friendly
|
2010-02-15 12:46:03 +00:00 |
|
Miroslav Stampar
|
6db0905137
|
some fixes regarding caveats part of article at http://www.postgresql.org/docs/6.3/static/c3102.htm
|
2010-02-14 19:37:20 +00:00 |
|
Miroslav Stampar
|
1d55923c9d
|
some fixes regarding caveats part of article at http://www.postgresql.org/docs/6.3/static/c3102.htm
|
2010-02-14 19:36:02 +00:00 |
|
Bernardo Damele
|
8131f9c77c
|
Added and fixed README files
|
2010-02-12 00:20:53 +00:00 |
|
Bernardo Damele
|
7e0c411c0e
|
Updated THANKS file
|
2010-02-11 23:46:50 +00:00 |
|
Bernardo Damele
|
dc06b40ddc
|
Minor exception message fix
|
2010-02-11 23:07:33 +00:00 |
|
Bernardo Damele
|
89dc99188d
|
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
|
2010-02-11 22:57:50 +00:00 |
|
Bernardo Damele
|
f728208ff7
|
Minor cosmetic fix
|
2010-02-10 15:51:52 +00:00 |
|
Miroslav Stampar
|
cef248a5ea
|
update for that invalid target url Otavio Augusto reported
|
2010-02-10 12:06:23 +00:00 |
|
Miroslav Stampar
|
203cfd114f
|
changed raised exception type
|
2010-02-10 09:39:36 +00:00 |
|
Miroslav Stampar
|
8e8f6f842c
|
fix for that md5 error reported by Dani (lgrecol@gmail.com)
|
2010-02-10 09:27:34 +00:00 |
|
Miroslav Stampar
|
00a23ace9a
|
some changes regarding web takeover
|
2010-02-09 14:27:41 +00:00 |
|
Miroslav Stampar
|
542b01993e
|
minor fix regarding exception handling of multi-part post handler
|
2010-02-09 14:02:47 +00:00 |
|
Miroslav Stampar
|
a6674edf8a
|
regular expressions revisited
|
2010-02-09 13:01:08 +00:00 |
|
Miroslav Stampar
|
6a5a5d55f2
|
fix for that --stacked-test error reported by dsu@dsu.com.ua
|
2010-02-09 11:27:42 +00:00 |
|
Miroslav Stampar
|
212cd828d6
|
new and working asp uploader
|
2010-02-08 17:07:09 +00:00 |
|
Miroslav Stampar
|
bc0eb880df
|
fix for that -- bug
|
2010-02-08 11:44:32 +00:00 |
|
Miroslav Stampar
|
4e6af8d6c9
|
some syntax corrections
|
2010-02-08 09:10:32 +00:00 |
|
Bernardo Damele
|
5c92fad5dc
|
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
|
2010-02-05 23:14:16 +00:00 |
|
Bernardo Damele
|
b08a4efb4b
|
Minor layout adjustments
|
2010-02-04 17:45:56 +00:00 |
|
Bernardo Damele
|
22995787d1
|
Updated THANKS file
|
2010-02-04 15:24:13 +00:00 |
|
Miroslav Stampar
|
d291464cd4
|
code refactoring regarding path normalization
|
2010-02-04 14:50:54 +00:00 |
|
Miroslav Stampar
|
dbd52c52e4
|
minor fix
|
2010-02-04 14:39:24 +00:00 |
|
Miroslav Stampar
|
ec63fc4036
|
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
|
2010-02-04 14:37:00 +00:00 |
|
Miroslav Stampar
|
a1e80e77a1
|
fix for HTTP_POST_FILES issue ( added if (phpversion() < '4.1.0')...else... )
|
2010-02-04 13:08:48 +00:00 |
|
Miroslav Stampar
|
87239476af
|
more fixes :)
|
2010-02-04 10:10:41 +00:00 |
|
Miroslav Stampar
|
e4699f389d
|
some bug fixes regarding --os-shell usage against windows servers
|
2010-02-04 09:49:31 +00:00 |
|
Miroslav Stampar
|
ea045eaa2f
|
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
|
2010-02-03 16:40:12 +00:00 |
|
Miroslav Stampar
|
7c88e32f9d
|
bug fix for 404 program termination during shell upload attempt
|
2010-02-03 16:16:34 +00:00 |
|
Miroslav Stampar
|
565433097e
|
used normalizePath instead of os.path.normalize
|
2010-02-03 16:10:09 +00:00 |
|
Miroslav Stampar
|
494e014a4a
|
minor update
|
2010-02-03 16:04:44 +00:00 |
|
Miroslav Stampar
|
8b0d31a6b7
|
fix for cases where both posix and nt path versions of windows paths are in parsed web page
|
2010-02-03 15:34:20 +00:00 |
|
Miroslav Stampar
|
894b9f0f80
|
minor minor update
|
2010-02-03 15:15:30 +00:00 |
|
Miroslav Stampar
|
25f1a9c7d0
|
upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)
|
2010-02-03 15:06:41 +00:00 |
|
Miroslav Stampar
|
87c8bdbc29
|
removed pdb tracing
|
2010-02-03 14:52:29 +00:00 |
|
Miroslav Stampar
|
c74b920f54
|
bug fix
|
2010-02-03 14:49:28 +00:00 |
|
Bernardo Damele
|
950dba5139
|
Minor bug fix for --start and --stop
|
2010-02-02 14:17:39 +00:00 |
|
Bernardo Damele
|
9ed0744510
|
Added some error messages to detect back-end DBMS
|
2010-01-30 22:24:20 +00:00 |
|
Bernardo Damele
|
267cf5dd1a
|
Updated documentation
|
2010-01-30 00:08:10 +00:00 |
|
Bernardo Damele
|
7faefcca88
|
Minor logging messages adjustments
|
2010-01-29 23:19:52 +00:00 |
|
Bernardo Damele
|
979c919dc7
|
Minor logging message adjustment
|
2010-01-29 22:58:12 +00:00 |
|
Bernardo Damele
|
e8b0fd90c8
|
Minor bug fix
|
2010-01-29 19:32:02 +00:00 |
|
Bernardo Damele
|
767c67e37a
|
--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique
|
2010-01-29 14:57:33 +00:00 |
|
Miroslav Stampar
|
c20b196518
|
not sure that svn added binary flag automatically to this file (done it manually)
|
2010-01-29 10:18:17 +00:00 |
|
Miroslav Stampar
|
061794650f
|
minor fix
|
2010-01-29 10:15:05 +00:00 |
|
Miroslav Stampar
|
92817159dc
|
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
|
2010-01-29 10:12:09 +00:00 |
|
Bernardo Damele
|
200518724c
|
By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
|
2010-01-29 02:27:50 +00:00 |
|
Bernardo Damele
|
7b8316728c
|
Major bug fix in takeover functionalities on Microsoft SQL Server
|
2010-01-29 00:09:05 +00:00 |
|