Bernardo Damele
1387ed0c25
This %TEMP% is a mere cause of problems (e.g. --os-cmd in MSSQL the BULK INSERT with '%TEMP%\foo' does not work), stick with C:/WINDOWS/Temp
2010-05-29 15:27:49 +00:00
Bernardo Damele
4ba22b5098
Added unicode support also to Oracle connector - see #184 .
2010-05-29 12:14:51 +00:00
Bernardo Damele
e98b049e7f
Added unicode support also to PostgreSQL connector - see #184 .
2010-05-29 11:46:41 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
20d05cc404
way to handle re.I (ignore case) while using getCompiledRegex
2010-05-21 15:03:40 +00:00
Bernardo Damele
f8cdde2d51
Layout adjustment
2010-05-17 16:23:44 +00:00
Bernardo Damele
e0e2349529
Refactor to --search -C and minor bug fix - See #190 .
2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4
Added support to search for tables (--search with -T). See #190 .
2010-05-16 20:46:17 +00:00
Bernardo Damele
762781e94d
Minor bug fix, %TEMP% is expanded only in xp_cmdshell (MSSQL), so disabled for MySQL/PGSQL
2010-05-13 10:40:15 +00:00
Bernardo Damele
091e0b2e05
Layout adjustment
2010-05-13 09:51:15 +00:00
Miroslav Stampar
2323d858a9
modification of temporary directory from C:/Windows/Temp to %TEMP%
2010-05-13 09:32:27 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
90d9900371
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
d034bf29ce
Add new "hinted" feature to MSSQL's getTables()
2010-04-15 12:09:26 +00:00
Miroslav Stampar
17554759b7
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e
Added support to directly connect also to SQLite 2 db file
2010-04-13 22:43:38 +00:00
Miroslav Stampar
4f299f22bf
removed timeout keyword which is not supported on linux build
2010-04-13 10:11:14 +00:00
Miroslav Stampar
6762f592c1
direct connection supported only on Windows machines
2010-04-13 08:57:47 +00:00
Miroslav Stampar
939fa5d2c4
some fixes
2010-04-13 08:29:15 +00:00
Bernardo Damele
9e29120603
Minor fix to make MS Access direct access to work also from Linux
2010-04-12 15:52:40 +00:00
Bernardo Damele
eecee3b274
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
Bernardo Damele
758a858785
Minor adjustments
2010-04-06 20:40:14 +00:00
Miroslav Stampar
5556db80db
fix for that sqlite thread nagging with undocumented argument check_same_thread
2010-04-06 16:01:37 +00:00
Miroslav Stampar
e2810003ae
more update
2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c
some update
2010-04-06 14:59:31 +00:00
Bernardo Damele
cad8f61d55
Force pymssql to version >= 1.0.2
2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
d583cc07e7
ms access update
2010-03-30 15:04:55 +00:00
Miroslav Stampar
1973024ebf
added support for reusing connections
2010-03-30 13:52:47 +00:00
Miroslav Stampar
f0729565a9
fixes for sqlite
2010-03-30 13:36:23 +00:00
Miroslav Stampar
c2a6f21095
refactoring regarding usage of conf.dbmsConnector.connect()
2010-03-30 13:03:19 +00:00
Miroslav Stampar
88d74a00c1
ms access connector update
2010-03-30 12:48:51 +00:00
Miroslav Stampar
87d8c6719e
updates, fixes and stuff
2010-03-30 11:06:30 +00:00
Miroslav Stampar
f04449be03
update
2010-03-29 23:48:21 +00:00
Miroslav Stampar
4dd2cdef47
update
2010-03-27 23:48:12 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
eaa9dd07bc
Minor bug fix for --roles
2010-03-26 20:45:22 +00:00
Bernardo Damele
2aadc5c939
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180 .
...
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
a63e251b25
Ahead with code refactoring, related to r1502.
...
Fixed svn:keywords propset to all .py files.
2010-03-23 21:26:45 +00:00
Bernardo Damele
09768a7b62
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
...
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Miroslav Stampar
5f76d27779
minor typo correction
2010-03-13 10:44:24 +00:00
Bernardo Damele
7d8cc1a482
Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
...
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
0a2fe651ab
some fixes regarding registry reading
2010-03-12 22:09:58 +00:00
Bernardo Damele
18d1d09f1c
Minor bug fix
2010-03-12 13:34:46 +00:00
Bernardo Damele
cc611c0010
Minor layout adjustments
2010-03-09 22:14:26 +00:00
Bernardo Damele
5bd8504f21
Newline adjustment
2010-03-04 14:23:52 +00:00
Miroslav Stampar
58d54b6515
added new option --flush-session
2010-03-04 13:01:18 +00:00
Miroslav Stampar
8663b5b68b
minor fixes
2010-03-04 09:16:45 +00:00
Miroslav Stampar
b544405878
fixed some issue involving banner parsing
2010-03-04 09:15:26 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
aa62465aad
minor update, also for that banner error
2010-03-01 10:49:07 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Bernardo Damele
42f53f380f
Now can work 'cause isWindowsPath has been fixed, normalizePath called after ntToPosixSlashes
2010-02-26 12:40:23 +00:00
Bernardo Damele
8c68d25b39
Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all
2010-02-26 12:00:47 +00:00
Bernardo Damele
66c9885b96
Minor path fix
2010-02-26 11:34:48 +00:00
Miroslav Stampar
38a37b89f6
fix for those slashes
2010-02-26 11:07:23 +00:00
Bernardo Damele
89dc99188d
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
...
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Bernardo Damele
f728208ff7
Minor cosmetic fix
2010-02-10 15:51:52 +00:00
Bernardo Damele
5c92fad5dc
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4
code refactoring regarding path normalization
2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Bernardo Damele
950dba5139
Minor bug fix for --start and --stop
2010-02-02 14:17:39 +00:00
Bernardo Damele
7faefcca88
Minor logging messages adjustments
2010-01-29 23:19:52 +00:00
Bernardo Damele
200518724c
By default do not use Churrasco, but still let the user choose it.
...
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
144dc1b8c4
Show proper warning message when --priv-esc is provided and underlying OS is not Windows
2010-01-28 17:22:17 +00:00
Miroslav Stampar
732ed48e2b
some refactoring regarding decloaking
2010-01-28 16:50:34 +00:00
Miroslav Stampar
921e449454
added support for cloaking Churrasco.exe file
2010-01-28 00:07:33 +00:00
Bernardo Damele
6437c16156
run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149 ).
2010-01-26 01:14:44 +00:00
Bernardo Damele
6d697d60b2
Minor adjustment
2010-01-15 18:00:15 +00:00
Bernardo Damele
1d968f51e9
More code refactoring
2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2
Minor code refactoring
2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
746cbdba96
Added support for takeover functionalities on PgSQL 8.4 running on Windows
2010-01-14 01:40:11 +00:00
Bernardo Damele
b4ddfe8333
Minor bug fixed (variable undeclared)
2010-01-13 21:26:59 +00:00
Bernardo Damele
4a72ad113a
Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups.
2010-01-12 11:44:47 +00:00
Bernardo Damele
c7e1649655
Minor speedup
2010-01-12 11:43:32 +00:00
Bernardo Damele
3a9f685e18
Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x.
2010-01-12 11:21:28 +00:00
Bernardo Damele
4512ef56d1
Minor bug fixes
2010-01-11 13:06:16 +00:00
Bernardo Damele
80bd146696
Added support for --dump with -C also on MSSQL
2010-01-10 19:12:54 +00:00
Bernardo Damele
e5dc3f51c8
Display a better message for the moment while working on support for --dump -C on MSSQL
2010-01-10 00:30:45 +00:00
Bernardo Damele
6c1b31d93c
Adjusted --columns with -C also for Microsoft SQL Server
2010-01-10 00:21:03 +00:00
Bernardo Damele
ef1180c3c2
Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment
2010-01-09 21:39:10 +00:00
Bernardo Damele
f316e722c1
sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
...
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00
Bernardo Damele
bb61010a45
Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling.
2010-01-04 15:02:56 +00:00
Bernardo Damele
2eb24c6368
Avoid useless queries
2010-01-04 12:35:53 +00:00
Bernardo Damele
236ca9b952
Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859).
2010-01-04 10:47:09 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
e6c4154cac
Fixed minor bug in --reg-del
2009-12-21 11:04:54 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
6e36a6f8ed
Major enhancement to MSSQL MS09-004 exploit
2009-11-17 23:33:20 +00:00
Bernardo Damele
1bf6a7cadc
Adapted sqlmap to latest changes in Metasploit trunk
2009-11-03 16:49:19 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c
Minor bug fix in MSSQL version fingerprint
2009-08-11 09:16:20 +00:00
Bernardo Damele
17289c5ff2
Minor bug fix
2009-07-30 12:01:23 +00:00
Bernardo Damele
3d4bfb3263
More appropriate warning message, got rid of a TODO
2009-07-24 23:20:22 +00:00
Bernardo Damele
8096a37940
Major bug fix in --read-file option and minor code refactoring.
2009-07-09 11:50:15 +00:00
Bernardo Damele
4b622ed860
Minor bug fix.
...
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
ba2e009fd9
Now it's fixed
2009-06-29 10:15:10 +00:00
Bernardo Damele
bc31bd1dd9
Minor bug fix
2009-06-29 10:13:39 +00:00
Bernardo Damele
03a6739fbf
Minor layout adjustments
2009-06-11 15:34:31 +00:00
Bernardo Damele
02f6425db8
Work-around to avoid a TypeError traceback when reading a file content on MySQL/MSSQL
2009-06-02 14:24:48 +00:00
Bernardo Damele
440a52b84d
Major bug fix to sql-query/sql-shell functionalities
2009-05-20 10:19:19 +00:00
Bernardo Damele
a727427299
Minor fix for Python <= 2.5.2 (os.path.normpath function)
2009-05-06 13:37:51 +00:00
Bernardo Damele
c5d20b8a86
Initial support for ASP web backdoor functionality
2009-05-06 12:14:38 +00:00
Bernardo Damele
f3e8d6db70
Fixed MySQL comment injection
2009-05-01 16:29:45 +00:00
Bernardo Damele
57b8bb4c8e
Minor syntax adjustment for web backdoor functionality
2009-04-28 21:51:22 +00:00
Bernardo Damele
1d7de719b9
Almost done with web backdoor functionality
2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
06e8546177
Finally fixed MSSQL 2000 fingerprint
2009-04-24 10:26:01 +00:00
Bernardo Damele
eeb34eb028
Again, minor fix to MSSQL 2000 fingerprint
2009-04-23 21:13:34 +00:00
Bernardo Damele
aec2419410
Fixed character escaping in SQL shell/query functionalities.
2009-04-23 15:37:12 +00:00
Bernardo Damele
8e88b32274
Minor fix in MSSQL 2000 fingerprint
2009-04-23 08:36:39 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
b997df740a
Minor bug fix
2009-02-25 20:11:14 +00:00
Bernardo Damele
f91843540f
Major bug fix when the CU alias (current user) is given (with -U option)
...
together with --privileges or --password to work properly also on
MySQL >= 5.0.
2009-01-19 21:25:37 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
e10ab5aa0e
Major bug fixes
2009-01-10 14:39:27 +00:00
Bernardo Damele
9e0d890171
Fixed MySQL 5.1 extensive fingerprint
2009-01-02 23:21:31 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
24ddbdc89d
Minor layout adjustment
2008-12-22 23:34:22 +00:00
Bernardo Damele
b0ad102efb
Better fingerprint technique for Microsoft SQL Server
2008-12-22 23:32:43 +00:00
Bernardo Damele
79c8d63b88
Major speed increase in DBMS basic fingerprint
2008-12-22 23:26:44 +00:00
Bernardo Damele
f92b76a8b0
Minor bug fix
2008-12-21 16:39:40 +00:00
Bernardo Damele
8d06975142
Major enhancement to make the comparison algorithm work properly also
...
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
7e8ac16245
Added preventive check for stacked queries support when executing DDL,
...
DML & co. statements in SQL query and SQL shell. Minor improvements on
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
3fe493b63d
Minor enhancement to support an option (--is-dba) to show if the
...
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
072eb7154c
Major enhancement to support Partial UNION query SQL injection technique too.
...
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
38c9627700
Minor enhancemet to support also --regexp, --excl-str and --excl-reg
...
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
78e8a83c11
Minor improvement to be able to provide CU as user value (-U) when enumerating
...
users privileges or users passwords.
2008-12-05 15:32:59 +00:00
Bernardo Damele
e75487a26c
Reverted last commit, cleaner this way
2008-12-01 23:33:15 +00:00
Bernardo Damele
e2a805ef6a
Minor workaround because of latest bug fix
2008-12-01 23:32:14 +00:00
Bernardo Damele
beea58f2e9
Updated MySQL versions
2008-12-01 23:02:52 +00:00
Bernardo Damele
dc1f2deb74
Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
...
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
727664aea7
Minor enhancement to fingerprint the web server operating system and
...
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f
Major enhancement to the engine to parse XML files and matches on DBMS banner
...
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
66fb3c3033
Minor enhancement to show the DBMS operating system (if fingerprinted)
...
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
654aecedfe
Minor layout adjustments, minor fixes and updated changelog
2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39
Minor enhancement to fingerprint the back-end DBMS operating system (type,
...
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
comment injection fingerprint: MySQL 5.0.67
banner parsing fingerprint: MySQL 5.0.67
html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
4bf1fcb8ec
Minor layout adjustment
2008-11-15 01:10:29 +00:00
Bernardo Damele
ecc4a98071
Properly moved and improved inject.goStacked() function and newly
...
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
9329f8c9c4
Minor enhancement to be able to enumerate table columns and dump table
...
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
2008-11-12 22:53:25 +00:00
Bernardo Damele
81ed7c2086
Initial implementation of support for stacked queries.
...
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
2a01de3f0b
Minor bug fix to correctly dump table entries when the column is provided
2008-11-04 19:54:44 +00:00
Bernardo Damele
0f79ec0088
Minor bug fix in MySQL comment injection fingerprint technique
2008-11-04 16:05:43 +00:00
Bernardo Damele
206191d164
Major bug fix so that when the expected value of a query (count variable)
...
is an integer and for some reason the resumed value from session file is
a string or a binary file, the query is executed again and and its new
output saved to the session file
2008-11-02 19:21:19 +00:00
Bernardo Damele
03b90e0a3f
Be more user friendly on messages and minor code layout improvement
2008-11-02 18:23:42 +00:00
Bernardo Damele
09ca578ca1
Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option;
2008-11-02 18:17:12 +00:00
Bernardo Damele
e2a0f7a47b
Fix typo
2008-10-30 23:20:14 +00:00
Bernardo Damele
7ad9639ed0
Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3
2008-10-29 15:32:12 +00:00
Bernardo Damele
342a5436f4
Minor enhancement to be able to dump entries also on MySQL < 5.0 when DB name, table name and column(s) are provided
2008-10-26 17:07:55 +00:00
Bernardo Damele
2fcbb57e1c
Minor code restyling
2008-10-26 17:00:07 +00:00
Bernardo Damele
4b02ed45fa
Due to last commit..
2008-10-26 16:45:36 +00:00
Bernardo Damele
5216fb6e02
Major bug fix so that the users' privileges enumeration now works properly also on MySQL < 5.0 (fix a traceback)
2008-10-26 16:45:14 +00:00
Bernardo Damele
fce61ff950
Minor if condition adjustment
2008-10-26 16:25:28 +00:00
Bernardo Damele
8f5fb5657d
Major improvement to correctly enumerate tables, columns and dump tables
...
entries on PostgreSQL when the database name is not 'public' or a system
database and on Oracle. Minor code restyle.
2008-10-26 16:19:15 +00:00
Bernardo Damele
38f13932bc
Minor improvements to queries
2008-10-20 10:09:37 +00:00
Bernardo Damele
892a7b2f8a
propsets..
2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00