Commit Graph

11 Commits

Author SHA1 Message Date
Bernardo Damele
727664aea7 Minor enhancement to fingerprint the web server operating system and
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f Major enhancement to the engine to parse XML files and matches on DBMS banner
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
66fb3c3033 Minor enhancement to show the DBMS operating system (if fingerprinted)
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
654aecedfe Minor layout adjustments, minor fixes and updated changelog 2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.

Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
03b90e0a3f Be more user friendly on messages and minor code layout improvement 2008-11-02 18:23:42 +00:00
Bernardo Damele
09ca578ca1 Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option; 2008-11-02 18:17:12 +00:00
Bernardo Damele
2fcbb57e1c Minor code restyling 2008-10-26 17:00:07 +00:00
Bernardo Damele
8f5fb5657d Major improvement to correctly enumerate tables, columns and dump tables
entries on PostgreSQL when the database name is not 'public' or a system
database and on Oracle. Minor code restyle.
2008-10-26 16:19:15 +00:00
Bernardo Damele
892a7b2f8a propsets.. 2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00