Commit Graph

1591 Commits

Author SHA1 Message Date
Bernardo Damele
84778f0e6c Minor fix, leave like this 2010-05-29 08:58:55 +00:00
Miroslav Stampar
a4155269c5 bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” (http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/) 2010-05-29 07:25:38 +00:00
Miroslav Stampar
d3e527aba3 minor update 2010-05-29 07:13:54 +00:00
Bernardo Damele
e811101dce Minor bug fix 2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb Major bug fix in multipartpost and minor adjustments elsewhere 2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6 Minor bug fixes and code refactoring 2010-05-28 15:57:43 +00:00
Miroslav Stampar
919a8345d6 minor fix 2010-05-28 15:30:02 +00:00
Miroslav Stampar
ad3c425a18 quick fix 2010-05-28 15:26:55 +00:00
Miroslav Stampar
ac6ce478a0 just removing unneded and possible future source of confusion 2010-05-28 14:19:12 +00:00
Miroslav Stampar
accaf0b3bd minor refactoring 2010-05-28 14:07:48 +00:00
Miroslav Stampar
0f5768cddf more and more fixes 2010-05-28 14:04:34 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Bernardo Damele
7e78876f6a Minor bug fix to parse properly also unicode characters from configuration file 2010-05-28 12:07:30 +00:00
Miroslav Stampar
94354d0862 removing previous fix 2010-05-28 11:53:27 +00:00
Miroslav Stampar
37b8d0c480 utf8 decoding of program arguments 2010-05-28 11:48:44 +00:00
Bernardo Damele
f26de89216 Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 11:32:10 +00:00
Miroslav Stampar
655bd79fc4 some renaming 2010-05-28 10:50:54 +00:00
Miroslav Stampar
838762fb00 previous quick fix removal 2010-05-28 10:38:23 +00:00
Miroslav Stampar
7ef286a76f some speed up 2010-05-28 10:33:09 +00:00
Miroslav Stampar
48c0f4f053 minor fix 2010-05-28 10:17:03 +00:00
Miroslav Stampar
4eccf1a25d quick fix 2010-05-28 10:01:19 +00:00
Miroslav Stampar
f36e093fa7 minor update 2010-05-28 09:13:50 +00:00
Bernardo Damele
7e925bcfe8 Adapted code following last commit 2010-05-27 16:46:17 +00:00
Bernardo Damele
9de1671b8f Code refactoring and minor bug fixes. 2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e minor fix/adjustment regarding getCompiledRegex 2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf some comments added 2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced some more changes 2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f fuck yea, first tests (MySQL/--tables & --common-prediction) are great :) 2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99 more code updates regarding good samaritan (common output) feature 2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024 minor update regarding good samaritan 2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec added singleValue parameter for good samaritan (same thing Bernardo wanted :) 2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e new commit regarding good samaritan feature 2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Miroslav Stampar
1f07db875d fix for that float() report from Shaohua Pan 2010-05-24 20:12:37 +00:00
Bernardo Damele
a43eb64c5d Minor refactoring 2010-05-24 15:46:12 +00:00
Miroslav Stampar
f718425cf4 minor fix 2010-05-24 11:18:47 +00:00
Miroslav Stampar
0197f8db5c code refactoring regarding issue #184 2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac added support for proper unicode session(s) storage/retrieval 2010-05-24 11:00:49 +00:00
Miroslav Stampar
f34e6badfd removed pdb 2010-05-24 09:29:16 +00:00
Miroslav Stampar
f0d3e6c565 fix 2010-05-24 09:28:20 +00:00
Miroslav Stampar
887352746b some speedup (usage of xrange (virtual range) instead of range) 2010-05-23 22:14:57 +00:00
Miroslav Stampar
2c2d6d3623 operator fix 2010-05-23 21:35:42 +00:00
Miroslav Stampar
7dc1bf0324 quick (probably not final) fix for unicode inference (not yet tested) 2010-05-23 21:32:51 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
20d05cc404 way to handle re.I (ignore case) while using getCompiledRegex 2010-05-21 15:03:40 +00:00
Miroslav Stampar
5d5ebd49b6 introducing regex caching mechanism 2010-05-21 14:42:59 +00:00
Miroslav Stampar
14cab8527e minor adjustment 2010-05-21 14:25:38 +00:00
Miroslav Stampar
3110bb10fc added test for site existance 2010-05-21 13:36:49 +00:00
Bernardo Damele
7ee20480a4 Added a TODO note 2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4 Minor adjustment 2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb minor adjustments 2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53 minor code adjustment 2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585 in a mood for more changes 2010-05-21 12:44:09 +00:00
Miroslav Stampar
219628aa01 quick fixes 2010-05-21 12:25:49 +00:00
Miroslav Stampar
78547bb79e quick fix 2010-05-21 12:19:20 +00:00
Bernardo Damele
cda8da288c Minor adjustment 2010-05-21 12:18:43 +00:00
Bernardo Damele
a21a7fc56d Minor code refactoring 2010-05-21 12:09:31 +00:00
Miroslav Stampar
f6bffb61d3 minor adjustment 2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872 fix for my imperfect calculations :) 2010-05-21 11:41:49 +00:00
Miroslav Stampar
9b91b30b69 minor refactoring 2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530 changes regarding putting of gprof2dot script inside extras and its usage 2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872 periodical commit 2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7 Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191. 2010-05-20 10:52:14 +00:00
Bernardo Damele
72fda2a3e4 Minor bug fix to correctly resuming --union-test results from session file. 2010-05-19 14:21:59 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Miroslav Stampar
e938331d8e better regex used avoiding garbage google images 2010-05-15 22:02:28 +00:00
Miroslav Stampar
d20b99ed65 fix (google is changing that class r to class "r") 2010-05-15 21:51:31 +00:00
Miroslav Stampar
b8a5a54395 minor update 2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49 some code refactoring and minor speed up (jump prediction rule) 2010-05-14 15:20:34 +00:00
Miroslav Stampar
ed20f1cf33 some more speed up (one time compilation of popular regexes) 2010-05-14 14:48:54 +00:00
Miroslav Stampar
3ead88c364 minor tweak 2010-05-14 14:36:54 +00:00
Miroslav Stampar
131789a6e4 some code refactoring 2010-05-14 14:21:13 +00:00
Miroslav Stampar
19a82e151c minor cleanup 2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a optimization of CPU intensive sanitizeAsciiString 2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab added CPU throttling for lowering sqlmap's CPU intensivity 2010-05-13 15:19:28 +00:00
Miroslav Stampar
d96723a135 fix for Feature #157 2010-05-13 11:17:24 +00:00
Miroslav Stampar
ca3e12ae73 added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 11:05:35 +00:00
Miroslav Stampar
0a4c1f8aec unfix (conf.timeSec is an integer - my fault) 2010-05-13 09:34:08 +00:00
Miroslav Stampar
2fdac83607 minor fix 2010-05-13 08:27:51 +00:00
Bernardo Damele
9efe001515 SQLite does not support BETWEEN 2010-05-12 22:02:47 +00:00
Miroslav Stampar
893bc04fe4 changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm) 2010-05-12 11:30:32 +00:00
Bernardo Damele
8b74c405f5 Minor output bug fix 2010-05-11 14:15:03 +00:00
Bernardo Damele
457d32c73e Proper displaying of debug messages (-v >= 2) 2010-05-11 13:58:53 +00:00
Miroslav Stampar
1a8beebc8c minor fix 2010-05-11 13:55:30 +00:00
Miroslav Stampar
1e5ecbaa97 speedup of initial session file handling 2010-05-11 13:36:30 +00:00
Miroslav Stampar
6752e66164 added charsetType=2 (integer) to queryOutputLength 2010-05-11 12:23:38 +00:00
Miroslav Stampar
430a25407b fixed that thread partial output problem (one character behind) reported by Kasper Fons 2010-05-11 11:06:21 +00:00
Bernardo Damele
4c91b5a896 Minor fix 2010-05-10 14:18:41 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
44ea8f1861 Minor adjustment 2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3 one more thing 2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f more quick fixes 2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2 better way to handle that last commit problem 2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0 added exception handler around block reported by Thierry Zoller 2010-05-04 08:03:48 +00:00
Bernardo Damele
90d9900371 Minor bug fix to consider --start and --stop also in partial UNION query SQL injection 2010-04-30 15:48:40 +00:00
Bernardo Damele
4d46f997a7 Minor bug fix 2010-04-29 13:34:03 +00:00
Miroslav Stampar
d8e5585c66 fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError) 2010-04-29 08:30:29 +00:00
Bernardo Damele
fa48d26f95 Minor cosmetic fix 2010-04-26 12:34:21 +00:00
Miroslav Stampar
7eef76f1b0 added basic option validation for start/stop values regarding David Guimaraes mail 2010-04-26 11:23:12 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66 Reverted 2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17 Reimported needed imports! 2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95 fix for that takeover bug Ethan Robish posted (Windows/PHP) 2010-04-22 10:31:33 +00:00
Miroslav Stampar
7d3a200ab8 fix for Bug #183 2010-04-19 15:25:52 +00:00
Bernardo Damele
2840f20605 Minor bug fix 2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9 some code refactoring 2010-04-16 19:57:00 +00:00
Miroslav Stampar
1bdf94f236 fix for Bug #164 (Proper usage of special characters in paths) 2010-04-16 15:46:31 +00:00
Miroslav Stampar
bece99908c fix regarding Bug #164 (Proper usage of special characters in paths) - not clear if that's all 2010-04-16 15:12:42 +00:00
Miroslav Stampar
938a3ab0b9 fix for Bug #183 (--threads dot output) 2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Bernardo Damele
a0c8adc266 Minor bug fix to add the "hinted" request to the total number of requests performed
Minor layout adjustments.
2010-04-15 10:08:27 +00:00
Bernardo Damele
5e86087cb1 Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now. 2010-04-15 10:06:38 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e Added support to directly connect also to SQLite 2 db file 2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f Minor adjustment 2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947 added some nagging for connection details 2010-04-13 11:00:15 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
fcceceed45 fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version 2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00
Bernardo Damele
effc7dc41c Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password" 2010-04-07 09:47:14 +00:00
Bernardo Damele
758a858785 Minor adjustments 2010-04-06 20:40:14 +00:00
Miroslav Stampar
6e7be5edb0 another fix 2010-04-06 15:51:36 +00:00
Miroslav Stampar
3fe9f9cac9 another fix 2010-04-06 15:28:34 +00:00
Miroslav Stampar
a6a2e993cc minor update 2010-04-06 15:24:56 +00:00
Miroslav Stampar
c303feab17 fix 2010-04-06 15:14:32 +00:00
Miroslav Stampar
e2810003ae more update 2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c some update 2010-04-06 14:59:31 +00:00
Miroslav Stampar
60f04f0a41 new module for interruptable threads 2010-04-06 14:33:57 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9 fix for "Problem with --dbms set" reported by David Guimaraes 2010-04-05 23:09:35 +00:00
Miroslav Stampar
0a363d3f2b fix for not properly clearing cookies when in multiple targets scanning mode spotted by Kasper Fons 2010-04-04 14:38:48 +00:00
Miroslav Stampar
4129cb22a7 update regarding bug reported by Ole Rasmussen 2010-04-03 19:41:47 +00:00
Bernardo Damele
cad8f61d55 Force pymssql to version >= 1.0.2 2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
8702cce760 fix 2010-03-30 13:23:20 +00:00
Miroslav Stampar
c2a6f21095 refactoring regarding usage of conf.dbmsConnector.connect() 2010-03-30 13:03:19 +00:00
Miroslav Stampar
a02ec29c15 too 2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f replace only first occurrence 2010-03-30 11:52:01 +00:00
Miroslav Stampar
bfc12e93c5 ms access returns -1 for True 2010-03-30 11:33:51 +00:00
Miroslav Stampar
ae3455a0c2 more update 2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075 update 2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e updates, fixes and stuff 2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
4ca1adba2c update 2010-03-26 21:30:36 +00:00
Miroslav Stampar
1ec5221d82 minor update 2010-03-26 20:51:55 +00:00
Miroslav Stampar
0aa8f7309b added copyright notice and keywords 2010-03-26 20:23:08 +00:00
Miroslav Stampar
2e05e1c54d new module for Feature #61 2010-03-26 20:19:18 +00:00
Miroslav Stampar
8bab94de64 added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71 2010-03-26 17:18:02 +00:00
Miroslav Stampar
5a6a01f24c added socket timeout exception handling regarding that timeout message from Fahad Al Shunaiber 2010-03-26 11:51:23 +00:00
Bernardo Damele
be81c20298 Minor layout adjustment 2010-03-25 16:26:50 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180.
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
f4f68218bc Minor layout adjustment for --threads and --eta output 2010-03-25 11:47:18 +00:00
Bernardo Damele
8e57767c48 Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET 2010-03-23 10:27:39 +00:00
Bernardo Damele
f9a135e232 Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 17:38:19 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Bernardo Damele
72f3674844 Minor bug fix 2010-03-18 17:36:58 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
d2f86fb0a5 Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now 2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a Fixes #178 and #179 - proper handling of custom redirects 2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b Revert last commit 2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d Fix for Issue #177 2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2 Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g) 2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414 Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 14:24:43 +00:00
Miroslav Stampar
417f7fae00 Fix for "bug: -g uses wrong session file" 2010-03-15 12:02:04 +00:00
Miroslav Stampar
8af7d6c58b minor cosmetic update 2010-03-15 11:55:13 +00:00
Miroslav Stampar
a0ec447b7d fix for Issue #170 2010-03-15 11:33:34 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
5063401130 Minor bug fix, fixes #170 2010-03-15 11:00:14 +00:00
Bernardo Damele
572b6fd920 sqlmap 0.8 stable! 2010-03-15 01:17:27 +00:00
Miroslav Stampar
a6ab42c873 new file with getch() method which we'll use for good samaritan feature 2010-03-13 17:28:23 +00:00
Miroslav Stampar
4c6c91a80b another --reg-read fix 2010-03-12 23:12:06 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
6b1ae62753 final fix for reading registry keys (now both parse and non-parse reads work fine) 2010-03-12 22:26:06 +00:00
Miroslav Stampar
0a2fe651ab some fixes regarding registry reading 2010-03-12 22:09:58 +00:00
Bernardo Damele
25f8a72414 Minor layout adjustment 2010-03-12 14:48:33 +00:00
Miroslav Stampar
17d0b82fee two dots instead of three 2010-03-12 14:31:14 +00:00
Bernardo Damele
e8d76994ba Minor bug fix to avoid resuming data filled into the sqlmap support tables 2010-03-12 14:30:21 +00:00
Miroslav Stampar
15c638ac52 some beautification 2010-03-12 13:07:07 +00:00
Miroslav Stampar
7ec04281dd minor adjustments 2010-03-12 12:46:26 +00:00
Miroslav Stampar
fffda32f76 fix for Bug #167 2010-03-12 12:38:19 +00:00
Bernardo Damele
f6adb431e6 Minor layout adjustment and typo fix 2010-03-12 12:23:05 +00:00
Bernardo Damele
b50a2288f4 Minor layout adjustments 2010-03-11 23:54:07 +00:00
Miroslav Stampar
ec43419ad1 minor makeup fix 2010-03-11 11:20:52 +00:00
Miroslav Stampar
2c053d5cfb fix for Bug #166 (Keyboard interrupt in Python threading) 2010-03-11 11:14:20 +00:00
Bernardo Damele
fdf417f57e Minor adjustment and bug fix 2010-03-10 22:08:11 +00:00
Miroslav Stampar
91dd609e26 fixed threading bug (difflib :) 2010-03-10 14:14:27 +00:00
Bernardo Damele
cc611c0010 Minor layout adjustments 2010-03-09 22:14:26 +00:00
Miroslav Stampar
3f3ddd5437 fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior" 2010-03-09 13:14:43 +00:00
Bernardo Damele
8593741358 Minor bug fix 2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00
Miroslav Stampar
58d54b6515 added new option --flush-session 2010-03-04 13:01:18 +00:00
Miroslav Stampar
b544405878 fixed some issue involving banner parsing 2010-03-04 09:15:26 +00:00
Bernardo Damele
ef7666c12b Minor code cleanup 2010-03-03 19:23:43 +00:00
Bernardo Damele
9adeaa6191 Code cleanup 2010-03-03 18:57:09 +00:00
Bernardo Damele
a654a426ef Minor adjustments 2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
759b720425 documentation update 2010-03-03 13:59:29 +00:00
Miroslav Stampar
415d5f2b44 minor update 2010-03-03 13:49:24 +00:00
Miroslav Stampar
5d792feffd minor update 2010-03-03 10:57:54 +00:00
Bernardo Damele
2f452480b3 Minor bug fix in syntax 2010-03-01 14:40:18 +00:00
Miroslav Stampar
c93e265269 fix for that banner fetching issue reported by Daniel Huckmann 2010-03-01 10:33:36 +00:00
Bernardo Damele
dd3f65f0fb Updated ChangeLog 2010-02-26 15:37:24 +00:00
Bernardo Damele
f53ef947f1 Slightly stealthier 2010-02-26 13:14:57 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Miroslav Stampar
1f2a1bb24c removed some redundant code 2010-02-26 12:36:41 +00:00
Bernardo Damele
8c68d25b39 Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all 2010-02-26 12:00:47 +00:00
Miroslav Stampar
89e919f07a fixing my mistake 2010-02-26 10:01:23 +00:00
Miroslav Stampar
5ebf572cae added option --ignore-proxy 2010-02-25 20:55:10 +00:00
Bernardo Damele
98496fd173 Show also site in the banner 2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a Adjusted banner, increased release candidate to rc7 2010-02-25 17:34:54 +00:00
Miroslav Stampar
e4c34ff86c changed default web server language behaviour 2010-02-25 16:55:02 +00:00
Miroslav Stampar
d95a8850c8 fix 2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8 important update regarding default directories 2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08 Minor code cleanup 2010-02-25 15:16:41 +00:00
Miroslav Stampar
4a3fa69f9d minor adjustment 2010-02-25 15:07:54 +00:00
Miroslav Stampar
3721451cd6 default dirs update 2010-02-25 14:51:39 +00:00
Bernardo Damele
0df5b5fed9 Minor bug fix and code adjustments 2010-02-25 14:06:44 +00:00
Miroslav Stampar
a0f5c3d885 minor update 2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20 minor code refactoring 2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04 one more fix regarding localhost/global proxy issue 2010-02-25 13:30:22 +00:00
Miroslav Stampar
24d3e24db0 more updates regarding --os-shell feature 2010-02-25 12:16:49 +00:00
Miroslav Stampar
b558712a47 more feature updates 2010-02-25 11:40:49 +00:00
Miroslav Stampar
15d1fcbb7f now runcmd exe has random name too 2010-02-25 10:47:12 +00:00
Miroslav Stampar
2cafd5697b new changes regarding --os-shell 2010-02-25 10:33:41 +00:00
Miroslav Stampar
858cb25975 update 2010-02-24 23:40:56 +00:00
Miroslav Stampar
4bea0e343a Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 08:54:33 +00:00
Miroslav Stampar
9c014c0fd0 minor change 2010-02-20 23:11:05 +00:00
Miroslav Stampar
2a07af2294 removed pdb tracing 2010-02-20 22:36:17 +00:00
Miroslav Stampar
0debc95ad4 some fixes 2010-02-20 22:31:54 +00:00
Bernardo Damele
d1e3596382 Minor UPX adjustment 2010-02-20 19:02:55 +00:00
Miroslav Stampar
0ed5ba5559 minor update 2010-02-16 13:24:09 +00:00
Miroslav Stampar
c4951fd631 some updates regarding --os-shell option 2010-02-16 13:20:34 +00:00
Bernardo Damele
8131f9c77c Added and fixed README files 2010-02-12 00:20:53 +00:00
Bernardo Damele
dc06b40ddc Minor exception message fix 2010-02-11 23:07:33 +00:00
Bernardo Damele
89dc99188d --read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Miroslav Stampar
cef248a5ea update for that invalid target url Otavio Augusto reported 2010-02-10 12:06:23 +00:00
Miroslav Stampar
203cfd114f changed raised exception type 2010-02-10 09:39:36 +00:00
Miroslav Stampar
8e8f6f842c fix for that md5 error reported by Dani (lgrecol@gmail.com) 2010-02-10 09:27:34 +00:00
Miroslav Stampar
00a23ace9a some changes regarding web takeover 2010-02-09 14:27:41 +00:00
Miroslav Stampar
542b01993e minor fix regarding exception handling of multi-part post handler 2010-02-09 14:02:47 +00:00
Miroslav Stampar
a6674edf8a regular expressions revisited 2010-02-09 13:01:08 +00:00
Bernardo Damele
5c92fad5dc Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method 2010-02-05 23:14:16 +00:00
Bernardo Damele
b08a4efb4b Minor layout adjustments 2010-02-04 17:45:56 +00:00
Miroslav Stampar
d291464cd4 code refactoring regarding path normalization 2010-02-04 14:50:54 +00:00
Miroslav Stampar
dbd52c52e4 minor fix 2010-02-04 14:39:24 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Miroslav Stampar
87239476af more fixes :) 2010-02-04 10:10:41 +00:00
Miroslav Stampar
e4699f389d some bug fixes regarding --os-shell usage against windows servers 2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
7c88e32f9d bug fix for 404 program termination during shell upload attempt 2010-02-03 16:16:34 +00:00
Miroslav Stampar
565433097e used normalizePath instead of os.path.normalize 2010-02-03 16:10:09 +00:00
Miroslav Stampar
494e014a4a minor update 2010-02-03 16:04:44 +00:00
Miroslav Stampar
8b0d31a6b7 fix for cases where both posix and nt path versions of windows paths are in parsed web page 2010-02-03 15:34:20 +00:00
Miroslav Stampar
894b9f0f80 minor minor update 2010-02-03 15:15:30 +00:00
Miroslav Stampar
25f1a9c7d0 upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this) 2010-02-03 15:06:41 +00:00
Miroslav Stampar
87c8bdbc29 removed pdb tracing 2010-02-03 14:52:29 +00:00
Miroslav Stampar
c74b920f54 bug fix 2010-02-03 14:49:28 +00:00
Bernardo Damele
979c919dc7 Minor logging message adjustment 2010-01-29 22:58:12 +00:00
Bernardo Damele
e8b0fd90c8 Minor bug fix 2010-01-29 19:32:02 +00:00
Bernardo Damele
767c67e37a --priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique 2010-01-29 14:57:33 +00:00
Miroslav Stampar
061794650f minor fix 2010-01-29 10:15:05 +00:00
Miroslav Stampar
92817159dc cloaked upx for windows (used mkstemp because of execution and file access rights problem) 2010-01-29 10:12:09 +00:00
Bernardo Damele
200518724c By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
7b8316728c Major bug fix in takeover functionalities on Microsoft SQL Server 2010-01-29 00:09:05 +00:00
Bernardo Damele
6f5d2ed171 Minor cosmetic adjustments 2010-01-28 17:07:34 +00:00
Miroslav Stampar
a2077bfc0e quick fix 2010-01-28 16:56:00 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d Minor self fix, switched to rc6 2010-01-28 10:27:47 +00:00
Miroslav Stampar
f6b447f6e7 fix for "NameError: global name 'webFileStreamUpload' is not defined" 2010-01-28 08:54:47 +00:00
Miroslav Stampar
645afee359 some changes 2010-01-28 00:25:36 +00:00
Miroslav Stampar
921e449454 added support for cloaking Churrasco.exe file 2010-01-28 00:07:33 +00:00
Miroslav Stampar
4559ded6c1 added new line at the end of the file 2010-01-27 17:02:23 +00:00
Miroslav Stampar
f4b8ce5c72 fix for 'No such file or directory' OSError exception 2010-01-27 17:00:54 +00:00
Miroslav Stampar
d0acb1c5a3 another fix. hope it works :) 2010-01-27 16:01:50 +00:00
Miroslav Stampar
f8056f4098 quick fix regarding usage of StringIO instead of file stream 2010-01-27 15:44:35 +00:00
Miroslav Stampar
1d15c595a4 minor fix 2010-01-27 14:08:09 +00:00
Miroslav Stampar
e63428207c modified a way to handle shell scripts 2010-01-27 13:59:25 +00:00
Bernardo Damele
6437c16156 run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149). 2010-01-26 01:14:44 +00:00
Miroslav Stampar
3197fada59 update of IDS checking method 2010-01-25 10:06:52 +00:00
Bernardo Damele
952c280083 Added svn keyword 2010-01-25 09:21:39 +00:00
Miroslav Stampar
e689c2ec99 another minor fix (svn header comment) 2010-01-25 00:29:19 +00:00
Miroslav Stampar
44a74ccee8 minor grammar fix 2010-01-25 00:26:51 +00:00
Miroslav Stampar
b183b9cbb4 contains method for detecting if the generated payload is detectable by the PHPIDS filter rules 2010-01-25 00:25:58 +00:00
Miroslav Stampar
a4d8234875 minor update 2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488 another fix for Bug #148 2010-01-23 23:29:34 +00:00
Miroslav Stampar
39652bfbf4 update regarding Unicode char logging (Bug #148) 2010-01-23 15:36:55 +00:00
Miroslav Stampar
97840535c6 fix for situations where proxy is set in environment, but the user tries to test something on localhost 2010-01-19 13:47:35 +00:00
Bernardo Damele
574880ba73 Warn user of HTTP error codes in HTTP responses 2010-01-19 10:27:54 +00:00
Bernardo Damele
5c58747740 More tweaking on --update 2010-01-18 15:20:50 +00:00
Bernardo Damele
051db588a5 Minor tweaking to --update 2010-01-18 14:59:24 +00:00
Miroslav Stampar
44adbc5776 changes regarding Feature #125 2010-01-18 14:05:23 +00:00
Bernardo Damele
2825ab5e4e Major bug fix in url-encoding 2010-01-16 21:56:40 +00:00
Bernardo Damele
c18a5cb92f Fixed a minor bug when displaying requested page in -v >= 3 2010-01-16 21:47:52 +00:00
Bernardo Damele
f337cd6e0a Minor speedup to check if sqlmap's UDF have already been created 2010-01-16 21:46:35 +00:00
Bernardo Damele
4ce3abc56d Minor adjustments 2010-01-15 17:42:46 +00:00
Miroslav Stampar
1a764e1f08 minor commit 2010-01-15 16:10:21 +00:00
Miroslav Stampar
5f171340f5 introduced safe string formatting 2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1 minor update 2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4 updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before 2010-01-15 11:44:05 +00:00
Bernardo Damele
505647b00f Minor bug fix to --cookie-urlencode 2010-01-15 11:24:30 +00:00
Bernardo Damele
c4215ce8d2 Minor code refactoring 2010-01-14 20:42:45 +00:00
Miroslav Stampar
26c7b74e65 changes regarding Data (GET/POST/Cookie) encoding (Bug #129) 2010-01-14 18:05:03 +00:00
Bernardo Damele
1d968f51e9 More code refactoring 2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2 Minor code refactoring 2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
50bbb0cf8a Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository. 2010-01-13 14:52:23 +00:00
Bernardo Damele
0ad43952bd Minor bug fix 2010-01-12 23:56:43 +00:00
Miroslav Stampar
3434a22872 HTTP header HOST is now mandatory in a HTTP request file 2010-01-12 14:07:58 +00:00
Miroslav Stampar
a193205323 minor update regarding requestFile option 2010-01-12 14:01:58 +00:00
Miroslav Stampar
8817b2884f minor update 2010-01-12 13:16:30 +00:00
Miroslav Stampar
a58b36fe07 code commit regarding Feature #119 2010-01-12 13:11:26 +00:00
Bernardo Damele
df36eb6d11 Minor bug fix in --resume functionality 2010-01-11 14:16:37 +00:00
Bernardo Damele
12f371cd65 Minor bug fix and improvement in displaying of enumerated columns in --dump -C 2010-01-09 21:37:44 +00:00
Bernardo Damele
dc04fa7f06 Minor layout adjustments 2010-01-09 21:08:47 +00:00
Miroslav Stampar
d58ba7ee6d added --scope feature regarding Feature #105 2010-01-09 20:44:50 +00:00
Bernardo Damele
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
6a62a78b0a More generic 2010-01-08 23:50:06 +00:00
Bernardo Damele
067cc07fb9 Make 'field' parameter in limitQuery() method to be option 2010-01-08 23:23:15 +00:00
Miroslav Stampar
82222fcd3a minor update of help text 2010-01-07 13:09:14 +00:00
Miroslav Stampar
d07f60578c implementation of Feature #17 2010-01-07 12:59:09 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00
Bernardo Damele
954a927cee Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 11:43:16 +00:00
Miroslav Stampar
71547a3496 getDocRoot changes 2010-01-05 11:30:33 +00:00
Bernardo Damele
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 15:02:56 +00:00
Miroslav Stampar
d71e47ce56 fix regarding dirnames in Feature #110 2010-01-04 12:39:07 +00:00
Miroslav Stampar
96a033b51d found and fixed few bugs regarding my "fix" of Bug #110 2010-01-03 15:56:29 +00:00
Bernardo Damele
d5b1863dec Updated documentation and svn properties 2010-01-02 02:07:28 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 01:35:13 +00:00
Bernardo Damele
9c620da0a5 Minor fix 2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9 Minor bug fix 2009-12-21 11:21:18 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
b363f1c5ab Added support for NTLM authentication 2009-12-02 22:54:39 +00:00
Bernardo Damele
e28b98a366 Minor layout adjustments 2009-12-02 22:52:17 +00:00
Bernardo Damele
4779a5fe0f Minor layout adjustment 2009-11-16 16:39:31 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks! 2009-07-29 10:44:24 +00:00
Bernardo Damele
d905e5ef9f Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server 2009-07-25 11:45:23 +00:00
Bernardo Damele
b2b2ec8a26 Preparing to release sqlmap 0.7 stable 2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9 Minor adjustment to reflect Metasploit r6849 (http://trac.metasploit.com/changeset/6849) and minor code refactoring. 2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16 Minor improvement so that sqlmap tests also all parameters with no value (ig. par=). 2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356 Avoid to upload the web backdoor to unexisting empty-name directory 2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159 Minor bug fix to --dbms, updated user's manual 2009-07-09 11:05:24 +00:00
Bernardo Damele
4b622ed860 Minor bug fix.
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02 Added support for reflective meterpreter by default when the target OS
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
3b9303186e Fixed minor bug with --eta 2009-06-24 13:44:14 +00:00
Bernardo Damele
e5a01d500e Minor bug fix in --update option, updated also Microsoft XML versions file 2009-06-16 15:12:02 +00:00
Bernardo Damele
03a6739fbf Minor layout adjustments 2009-06-11 15:34:31 +00:00
Bernardo Damele
150abc0f1e sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring. 2009-06-11 15:01:48 +00:00
Bernardo Damele
3bca0d4b28 Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance. 2009-06-05 10:15:55 +00:00
Bernardo Damele
5ac2b0658c Fixed regular expression to parse burp log file hosts' scheme/port 2009-06-04 14:42:53 +00:00
Bernardo Damele
cfd8a83655 Minor adjustment to get also the port when parsing burp logs 2009-06-04 14:36:31 +00:00
Bernardo Damele
966f34f381 Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions 2009-06-03 15:26:18 +00:00
Bernardo Damele
c7b72abc0e Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls 2009-06-03 15:04:40 +00:00
Bernardo Damele
93ee4a01e5 HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+ 2009-05-20 14:27:25 +00:00
Bernardo Damele
81d1a767ac Minor bug fix in output manager (dumper) object 2009-05-20 13:56:23 +00:00
Bernardo Damele
8e7282f7c7 Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6. 2009-05-20 13:51:25 +00:00
Bernardo Damele
13de8366d0 Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting! 2009-05-20 09:34:13 +00:00
Bernardo Damele
ef3846e0de Minor fix in Host header value by Oliver Gruskovnjak 2009-05-19 14:40:04 +00:00
Bernardo Damele
45dff4a00a Added new function to search a file within the PATH environment variable paths:
it will be used when sqlmap will be packaged as DEB and RPM
2009-05-12 20:24:47 +00:00
Bernardo Damele
b463205544 Minor fixes for MacOSX 2009-05-12 20:24:00 +00:00
Bernardo Damele
06cc2a6d70 Minor bug fixes and code refactoring 2009-05-11 15:37:48 +00:00
Bernardo Damele
c5d20b8a86 Initial support for ASP web backdoor functionality 2009-05-06 12:14:38 +00:00
Bernardo Damele
ccedadd780 Finished Mac OS X 2009-04-30 21:42:54 +00:00
Bernardo Damele
e8c115500d Now it works also on Mac OS X 2009-04-30 10:46:50 +00:00
Bernardo Damele
722ca8bf2f Minor "fix" 2009-04-29 19:45:12 +00:00
Bernardo Damele
57b8bb4c8e Minor syntax adjustment for web backdoor functionality 2009-04-28 21:51:22 +00:00
Bernardo Damele
58f3eee390 Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library 2009-04-28 11:11:35 +00:00
Bernardo Damele
1d7de719b9 Almost done with web backdoor functionality 2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
5121a4dcba Send IE7.0 as default User-Agent 2009-04-24 20:13:21 +00:00
Bernardo Damele
406d5df195 Minor layout adjustments 2009-04-24 20:12:52 +00:00
Bernardo Damele
546a6c32e3 Avoid deprecation warning on sha and md5 libraries on Python >= 2.6 2009-04-24 20:10:30 +00:00
Bernardo Damele
6f4035938b Let the user choose also the local address in reverse OOB connection 2009-04-24 10:27:52 +00:00
Bernardo Damele
4ce74764b7 More verbose when reporting failure to create shellcode/payload stager (via Metasploit) 2009-04-23 20:39:32 +00:00
Bernardo Damele
1af6898618 Fixed POST parsing when -l option is provided (burp/webscarab log file) 2009-04-23 15:04:28 +00:00
Bernardo Damele
aefa7ef988 Avoid libmagic traceback on Windows.
WARNING: this release is a candidate, it only works on Linux/Unices for the moment!
2009-04-22 12:44:16 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
0c1a6b3edf Minor typo fix 2009-02-19 00:38:54 +00:00
Bernardo Damele
2efee058ea Major enhancement in comparison algorithm 2009-02-12 00:17:44 +00:00
Bernardo Damele
ba00a17205 Minor layout adjustment 2009-02-09 10:58:44 +00:00
Bernardo Damele
2355885712 Minor adjustment 2009-02-09 10:29:07 +00:00
Bernardo Damele
207e96e2b2 Major bug fix in the comparison algorithm to correctly handle also the
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
b12d955274 Updated packaging scripts, site and finalized the documentation to release version 0.6.4 2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4 Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs 2009-02-02 23:44:19 +00:00
Bernardo Damele
dded57f1cd Minor bug fix to correctly unpack user's custom queries on Microsoft SQL Server 2009-01-30 23:58:48 +00:00
Bernardo Damele
6054090191 sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying. 2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031 Avoid DeprecationWarning with Python 2.6+ 2009-01-22 23:53:01 +00:00
Bernardo Damele
793c323b2a Major bug fixes 2009-01-22 22:28:27 +00:00
Bernardo Damele
c25b49e80e Major bugfix to avoid "IFNULL and CAST" on CASE 2009-01-19 21:27:51 +00:00
Bernardo Damele
8f973ce574 Minor layout adjustments 2009-01-18 22:36:48 +00:00
Bernardo Damele
fd7cb9101c Major bug fix to forge SQL injection payload on Oracle 2009-01-13 23:15:57 +00:00
Bernardo Damele
bc448211c5 Minor layout adjustment 2009-01-13 23:15:23 +00:00
Bernardo Damele
5560f0b68a Updated the copyright 2009-01-12 21:35:38 +00:00
Bernardo Damele
92645dd264 Minor adjustment 2009-01-10 14:51:12 +00:00
Bernardo Damele
e10ab5aa0e Major bug fixes 2009-01-10 14:39:27 +00:00
Bernardo Damele
9c125a2b57 Minor improvement to use Python ConfigParser library when --save if specified.
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
d0604ef513 Major bug fix to correctly handle custom SQL "limited" queries on Oracle 2009-01-03 01:19:04 +00:00
Bernardo Damele
2d87a3349f Fixed custom MSSQL "limited" query support also for Partial UNION query technique 2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be Major bug fix to make it work properly with MSSQL custom limited (SELECT
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
c1010c20d8 Minor adjustments 2008-12-30 21:24:01 +00:00
Bernardo Damele
a4d62af2ea Minor layout adjustments to --union-tech 2008-12-29 18:48:23 +00:00
Bernardo Damele
9340bf59fb Updated Microsoft SQL Server signature XML file.
Minor layout adjustments to --update output messages/diff
2008-12-29 18:46:43 +00:00
Bernardo Damele
c83593c044 Limited custom query now works also on Oracle in inferential blind SQL
injection technique
2008-12-23 23:34:50 +00:00
Bernardo Damele
64bb57d786 Minor bug fix to make the Partial UNION query SQL injection technique
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
1f7810e46a Major bug fix to make partial UNION query sql injection work properly
also on Microsoft SQL Server
2008-12-22 19:36:01 +00:00
Bernardo Damele
04c187c66a Working on a bug (fix for Partial UNION query SQL injection technique
both Oracle and Microsoft SQL Server).
2008-12-22 00:51:09 +00:00
Bernardo Damele
2f406b3e56 Minor adjustments 2008-12-22 00:04:28 +00:00
Bernardo Damele
4ae464c80d Minor enhancement to support an option (--union-tech) to specify the
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
35708a0b97 Minor adjustment to UNION query SQL injection detection function.
Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py.
2008-12-21 16:35:03 +00:00
Bernardo Damele
996a872e51 We are already on sqlmap 0.6.4 release candidate 1.. 2008-12-20 13:23:26 +00:00
Bernardo Damele
c18efe5084 Minor adjustments 2008-12-20 13:21:47 +00:00
Bernardo Damele
8d06975142 Major enhancement to make the comparison algorithm work properly also
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
7e8ac16245 Added preventive check for stacked queries support when executing DDL,
DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947 Ahead with the improvements to the comparison algorithm.
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
68354be45a Ahead with enhancements on comparison algorithm: implemented content-length technique 2008-12-18 22:49:35 +00:00
Bernardo Damele
afbd66f6d9 Added some comments 2008-12-18 21:58:05 +00:00
Bernardo Damele
d0d6632c22 Initial support to automatically work around the dynamic page at each refresh
(Major refactor to the comparison algorithm (True/False response))
2008-12-18 20:48:23 +00:00
Bernardo Damele
3fe493b63d Minor enhancement to support an option (--is-dba) to show if the
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751 Major bug fix to avoid tracebacks when multiple targets are specified and one
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
6dec56d616 Major bug fix 2008-12-17 21:35:04 +00:00
Bernardo Damele
dda62ba463 Minor adjustments and bug fixes 2008-12-17 20:11:18 +00:00
Bernardo Damele
b7f2602b50 A bit more entropy in the sql injection detection 2008-12-16 23:51:56 +00:00
Bernardo Damele
05a8c8d3bf Added support to test for stacked queries support and improved check for time based blind sql injection.
Minor bug fix in --save option
2008-12-16 21:30:24 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
072eb7154c Major enhancement to support Partial UNION query SQL injection technique too.
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
38c9627700 Minor enhancemet to support also --regexp, --excl-str and --excl-reg
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7 sqlmap 0.6.3-rc4:
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
0f07e33e1a Removed REVISION, makes no sense.
Import and use python psyco library to speed up if it's installed: it's optional.
2008-12-03 17:32:16 +00:00
Bernardo Damele
e3ddbe751f Minor code refactoring 2008-12-02 23:49:38 +00:00
Bernardo Damele
b700485a1b Minor adjustment, still to work on the cookie urlencoding/decoding 2008-12-02 21:57:12 +00:00
Bernardo Damele
578bcb9140 Initial support for partial UNION query sql injection 2008-12-02 21:56:23 +00:00
Bernardo Damele
f97585c593 Show also SVN revision in error message when a traceback raises.
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
a777f1ca35 Minor bug fix 2008-12-01 23:27:51 +00:00
Bernardo Damele
034a3f387a Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters) 2008-12-01 23:09:07 +00:00
Bernardo Damele
3cf1658532 Increased default output level from 0 to 1 2008-12-01 23:07:41 +00:00
Bernardo Damele
428612b431 Comment and layout adjustments 2008-12-01 23:04:01 +00:00
Bernardo Damele
e967b13378 Minor adjustment to command line usage message 2008-11-27 23:06:02 +00:00
Bernardo Damele
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
f2737ad0a3 Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file).
Major bug fix in the controller library.
2008-11-22 01:57:22 +00:00
Bernardo Damele
9be844cf3e Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. 2008-11-20 17:56:09 +00:00
Bernardo Damele
80425c9ccd Minor adjustment to ETA feature 2008-11-20 11:13:04 +00:00
Bernardo Damele
8f74fe2ce9 Added new HTTP response headers on which fingerprint web app technology and web server OS.
Updated documentation.
2008-11-19 15:33:39 +00:00
Bernardo Damele
736b2e7323 Minor adjustments to the operating system fingerprint. 2008-11-19 00:36:44 +00:00
Bernardo Damele
727664aea7 Minor enhancement to fingerprint the web server operating system and
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f Major enhancement to the engine to parse XML files and matches on DBMS banner
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
66fb3c3033 Minor enhancement to show the DBMS operating system (if fingerprinted)
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
7d7170fc97 Minor code adjustments 2008-11-17 00:13:49 +00:00
Bernardo Damele
654aecedfe Minor layout adjustments, minor fixes and updated changelog 2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.

Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
84cbc60659 Major bug fix to correctly handle httplib.BadStatusLine exception.
Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual.
2008-11-15 12:25:19 +00:00
Bernardo Damele
0bd5b52d95 Minor fixes 2008-11-13 00:03:04 +00:00
Bernardo Damele
ecc4a98071 Properly moved and improved inject.goStacked() function and newly
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
9329f8c9c4 Minor enhancement to be able to enumerate table columns and dump table
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
2008-11-12 22:53:25 +00:00
Bernardo Damele
81ed7c2086 Initial implementation of support for stacked queries.
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
13f76cfe3b Adjusted unhandled exception error message 2008-11-11 14:08:40 +00:00
Bernardo Damele
0c5d3df546 sqlmap 0.6.3-rc1:
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
be599d5a33 Updated documentation and minor fix in update functionality 2008-11-04 16:33:13 +00:00
Bernardo Damele
8d130f12a0 Major bug fix to correctly update sqlmap to the latest stable release
with command line --update
2008-11-02 22:16:54 +00:00
Bernardo Damele
56a5e8d390 Updated sqlmap packaging scripts, site and documentation, almost ready for sqlmap 0.6.2 2008-11-02 20:12:50 +00:00
Bernardo Damele
206191d164 Major bug fix so that when the expected value of a query (count variable)
is an integer and for some reason the resumed value from session file is
a string or a binary file, the query is executed again and and its new
output saved to the session file
2008-11-02 19:21:19 +00:00
Bernardo Damele
03b90e0a3f Be more user friendly on messages and minor code layout improvement 2008-11-02 18:23:42 +00:00
Bernardo Damele
09ca578ca1 Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option; 2008-11-02 18:17:12 +00:00
Bernardo Damele
91a47246f8 Minor bug fix to correctly handle --start and --stop 2008-11-02 14:39:38 +00:00
Bernardo Damele
e2a0f7a47b Fix typo 2008-10-30 23:20:14 +00:00
Bernardo Damele
9895338630 Major bug fix following the last commit 2008-10-27 23:56:02 +00:00
Bernardo Damele
eb6e6f4d03 Major bug fix when the request is POST to also send the GET parameters in the request if they've been provided 2008-10-27 15:42:32 +00:00
Bernardo Damele
e07e48efb2 Major bug fix to correctly dump tables entries 2008-10-26 16:10:28 +00:00
Bernardo Damele
fc28372596 Added a comment 2008-10-26 16:06:43 +00:00
Bernardo Damele
6ddb5afef9 Adapted to latest enhancements 2008-10-20 10:13:03 +00:00
Bernardo Damele
016118ce7a Some more fixes and adjustments before 0.6.1 release. 2008-10-17 15:26:43 +00:00
Bernardo Damele
1f3ffc8ef7 Minor layout adjustment 2008-10-17 13:23:24 +00:00
Bernardo Damele
66136b48c0 Minor fixes.. should work also for Cookie now the % parsing 2008-10-17 11:51:12 +00:00
Bernardo Damele
e2fedd3b46 Minor layout adjustment 2008-10-16 16:39:24 +00:00
Bernardo Damele
f90a7cce28 Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie 2008-10-16 16:31:20 +00:00
Bernardo Damele
e5aa557bd4 Minor fix 2008-10-16 15:39:25 +00:00
Bernardo Damele
a5b2366033 Implemented a better way to deal with % characters in parameters' value. Minor code restyle. 2008-10-16 15:31:02 +00:00
Bernardo Damele
d664f0387e Fixed a bug reported by Bedirhan Urgun <bedirhanurgun@gmail.com> 2008-10-16 14:01:14 +00:00
Bernardo Damele
962d63eff5 Improved the message to display in case of unhandled exception 2008-10-16 14:00:39 +00:00
Bernardo Damele
892a7b2f8a propsets.. 2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00