Commit Graph

927 Commits

Author SHA1 Message Date
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe minor refactoring 2011-02-22 12:54:22 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b minor bug fix 2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d minor update 2011-02-20 21:27:38 +00:00
Bernardo Damele
8e60acae5d Added support for --scope also in WebScarab logs (-l) 2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac some progress regarding SYBASE 2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab minor update regarding Sybase support 2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95 minor improvement 2011-02-18 14:27:02 +00:00
Miroslav Stampar
6cdf08b81c minor fix 2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416 Proper fix for r3307 (file-write on MySQL via UNION query tech) 2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475 minor update 2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d update regarding explicit testing of ua and referer when using -p 2011-02-13 21:58:48 +00:00
Miroslav Stampar
5fb11fd173 update regarding multiple DBMS payloads 2011-02-13 21:20:21 +00:00
Miroslav Stampar
9f7d666451 removing --method per request of buawig 2011-02-12 19:50:27 +00:00
Bernardo Damele
7253362114 Minor bug fix so that --file-write on MySQL via UNION query now works again 2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Miroslav Stampar
4295a78c5f minor update 2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA 2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba More fixes for --common-columns to work against MSSQL too 2011-02-09 17:22:07 +00:00
Miroslav Stampar
7d9be18789 added one comment 2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f another update 2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139 fix for a bug reported by skysbsb@gmail.com (double ORDER BY) 2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e fix 2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b Proper fix 2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588 revert of r3274 2011-02-08 09:44:34 +00:00
Bernardo Damele
cfe2da0195 Minor fix 2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
771020abd6 one more related commit 2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Miroslav Stampar
99e9412f74 minor update 2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233 proper fix 2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure 2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] 2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4 More statements to exclude from unescap'ing 2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae Added back-end dbms' OS based methods to Backend object - will be used for refactoring 2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235 Minor fix 2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') 2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00