Miroslav Stampar
|
7c7aff12c6
|
Update for an Issue #225
|
2012-10-30 01:26:19 +01:00 |
|
Miroslav Stampar
|
726de868e2
|
Fix for an Issue #225
|
2012-10-30 00:37:43 +01:00 |
|
Miroslav Stampar
|
5358d85d37
|
Important refactoring for web-based functionality
|
2012-10-29 15:09:05 +01:00 |
|
Miroslav Stampar
|
d6e16e8641
|
Minor update
|
2012-10-29 11:08:02 +01:00 |
|
Miroslav Stampar
|
359e734954
|
Minor refactoring
|
2012-10-29 10:48:49 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
06805b27f2
|
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
|
2012-10-27 23:16:25 +02:00 |
|
Miroslav Stampar
|
54fbb22ab8
|
Minor refactoring
|
2012-10-25 09:56:36 +02:00 |
|
Miroslav Stampar
|
f3aa09c794
|
Minor language fix
|
2012-10-23 15:52:43 +02:00 |
|
Miroslav Stampar
|
a6eeebfca8
|
Fix for an Issue #188
|
2012-09-20 11:30:07 +02:00 |
|
Miroslav Stampar
|
ebab05cf7c
|
Fix for an Issue #158
|
2012-08-21 20:20:38 +02:00 |
|
Miroslav Stampar
|
1669c6bdb4
|
Another update for an Issue #28
|
2012-07-27 17:05:21 +02:00 |
|
Miroslav Stampar
|
6ffc5665d0
|
Update for Issue #28
|
2012-07-27 16:29:33 +02:00 |
|
Miroslav Stampar
|
f8c9868cb6
|
Implementation for an Issue #118
|
2012-07-24 15:34:50 +02:00 |
|
Bernardo Damele
|
0a4b6431a8
|
minor bug fix - issue #112
|
2012-07-21 16:51:01 +01:00 |
|
Bernardo Damele
|
dba0a96c2e
|
fall-back to UNION technique if web file stager was not uploaded with LIMIT
|
2012-07-20 17:11:22 +01:00 |
|
Bernardo Damele
|
cbe8f41746
|
minor code refactoring preparing for #96
|
2012-07-20 16:20:17 +01:00 |
|
Bernardo Damele
|
318a01b867
|
minor typo fixes
|
2012-07-17 00:25:02 +01:00 |
|
Miroslav Stampar
|
87ecf205cb
|
More work for Issue #66
|
2012-07-14 17:01:04 +02:00 |
|
Miroslav Stampar
|
9ff9c951bc
|
Language update
|
2012-07-13 14:33:16 +02:00 |
|
Miroslav Stampar
|
6677da63cd
|
Fix for an Issue #88
|
2012-07-13 14:25:39 +02:00 |
|
Miroslav Stampar
|
c5ecc8b8db
|
Closing work on Issue #83
|
2012-07-13 11:23:21 +02:00 |
|
Miroslav Stampar
|
48f68bd076
|
First commit for Issue #83
|
2012-07-13 10:35:22 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Bernardo Damele
|
0702dd70b5
|
verify also that the web backdoor has been successfully uploaded
|
2012-07-11 14:08:51 +01:00 |
|
Miroslav Stampar
|
9c4a62f725
|
Some work on Issue #68
|
2012-07-11 11:58:47 +02:00 |
|
Bernardo Damele
|
d3da3f5c52
|
refactoring for issue #51
|
2012-07-10 00:19:32 +01:00 |
|
Bernardo Damele
|
25eca9d671
|
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
|
2012-07-09 14:26:23 +01:00 |
|
Bernardo Damele
|
99c5ea54f7
|
cleanup for #34
|
2012-07-09 12:39:43 +01:00 |
|
Bernardo Damele
|
d08a54e375
|
properly display the command stdout
|
2012-07-09 10:52:48 +01:00 |
|
Miroslav Stampar
|
54e0a2d8ee
|
--os-shell now works perfect for inference-like techniques too
|
2012-07-07 17:57:06 +02:00 |
|
Miroslav Stampar
|
58f6687194
|
Some refactoring (reusing xpCmdshellForgeCmd)
|
2012-07-07 10:51:29 +02:00 |
|
Miroslav Stampar
|
8620767b77
|
Proper fix
|
2012-07-07 10:38:07 +02:00 |
|
Miroslav Stampar
|
1c69eb5d30
|
Revert "major fix"
This reverts commit 3a11fc2d9e .
|
2012-07-07 10:26:13 +02:00 |
|
Bernardo Damele
|
3a11fc2d9e
|
major fix
|
2012-07-06 22:55:34 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
Miroslav Stampar
|
982fcde1c0
|
Fix for Issue #62
|
2012-07-06 12:24:55 +02:00 |
|
Bernardo Damele
|
fd4cfb0cc0
|
working on #51
|
2012-07-02 15:28:19 +01:00 |
|
Bernardo Damele
|
7335072ab8
|
leftover
|
2012-07-02 15:11:21 +01:00 |
|
Bernardo Damele
|
04d803c7fd
|
more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
|
2012-07-02 15:02:00 +01:00 |
|
Bernardo Damele
|
b7d2680e55
|
minor refactoring, issue #51
|
2012-07-02 12:50:26 +01:00 |
|
Bernardo Damele
|
add8352804
|
make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too
|
2012-07-02 02:14:03 +01:00 |
|
Bernardo Damele
|
6697927098
|
initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap
|
2012-07-02 02:04:19 +01:00 |
|
Bernardo Damele
|
18be319d13
|
hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run
|
2012-07-01 23:41:10 +01:00 |
|
Bernardo Damele
|
ff9e97a42c
|
minor code refactoring
|
2012-07-01 23:31:45 +01:00 |
|
Bernardo Damele
|
ab412da27f
|
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
|
2012-07-01 23:25:05 +01:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Bernardo Damele
|
4da03d898e
|
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
|
2012-04-25 07:40:42 +00:00 |
|
Miroslav Stampar
|
5e358b51f9
|
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
|
2012-04-04 09:25:05 +00:00 |
|