Commit Graph

352 Commits

Author SHA1 Message Date
Miroslav Stampar
df4e3be191 using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions) 2011-11-23 22:57:02 +00:00
Miroslav Stampar
d8047c79f3 reverting back last two commits 2011-11-22 15:28:31 +00:00
Miroslav Stampar
73276c0785 even better (added long before plugins table) 2011-11-22 15:23:31 +00:00
Miroslav Stampar
ff07031170 better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based) 2011-11-22 15:20:12 +00:00
Miroslav Stampar
bbb7e1562d adding AGAINST full-text search boundaries 2011-11-12 14:16:43 +00:00
Miroslav Stampar
2e5222bfd8 adding INSERT/UPDATE generic boundaries 2011-10-28 11:00:09 +00:00
Miroslav Stampar
b6ccc0cc43 minor update 2011-10-18 14:35:42 +00:00
Miroslav Stampar
597d554153 minor update 2011-10-18 13:05:49 +00:00
Miroslav Stampar
382db1b67a degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level) 2011-08-31 20:35:57 +00:00
Miroslav Stampar
d283e3eb3c adding support for pre-WHERE injections 2011-08-24 09:04:18 +00:00
Miroslav Stampar
13eb20cea1 minor beautification 2011-08-03 10:12:06 +00:00
Bernardo Damele
2e20eb1a88 Minor fix 2011-08-03 10:08:59 +00:00
Bernardo Damele
b8e2d60bfa Added MSSQL 2008 R2 signatures 2011-07-24 23:42:32 +00:00
Bernardo Damele
48f580fb10 Minor adjustments to MSSQL fingerprint 2011-07-24 23:30:23 +00:00
Bernardo Damele
99a0b62d0d Minor adjustments 2011-07-24 22:26:11 +00:00
Miroslav Stampar
ca83305b58 added MySQL updatexml error-based payload 2011-07-24 21:08:32 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
4cb9988243 quick fix 2011-07-12 21:09:33 +00:00
Bernardo Damele
c9ba58acb6 Moved MS Access UNION query tests after generic as generic test must identify MSSQL 2011-07-11 09:47:52 +00:00
Miroslav Stampar
5d31eb5ef7 cosmetics and also tested against testing env - works perfectly 2011-07-10 09:07:07 +00:00
Miroslav Stampar
eb42cedf2a adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment 2011-07-10 08:54:22 +00:00
Miroslav Stampar
93219b9e13 i've accidentally left table_schema removed while doing some tests. now it should be ok 2011-07-08 10:24:46 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
9eb683531d Minor improvement at blind SQL inj technique for DB2 2011-06-27 22:28:12 +00:00
Bernardo Damele
ed4cfbb6d2 Minor fix 2011-06-27 08:58:59 +00:00
Miroslav Stampar
bedf16b88b adding payloads for time-based injection on SAP MaxDB (heavy query) 2011-06-26 23:46:09 +00:00
Miroslav Stampar
d0490cc4e7 adding payloads for time-based injection on DB2 (heavy query) 2011-06-26 16:38:22 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Bernardo Damele
b2e6cf3ed9 Enabled --search -C also for Oracle 2011-06-24 14:34:20 +00:00
Miroslav Stampar
4188df0501 fixes for Sybase 2011-06-15 18:49:35 +00:00
Miroslav Stampar
9f6b70f3f9 update 2011-05-26 22:45:33 +00:00
Miroslav Stampar
0baf931669 real generic comment is "-- " not "--" (MySQL doesn't support "--") 2011-05-24 09:16:21 +00:00
Miroslav Stampar
171a4c389b added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload 2011-05-23 06:24:45 +00:00
Miroslav Stampar
939e6541d0 far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES) 2011-05-19 23:36:51 +00:00
Miroslav Stampar
bd1b07fbc2 one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL 2011-05-19 06:32:23 +00:00
Miroslav Stampar
7f086916c0 decent parameter replace payload for PostgreSQL (GENERATE_SERIES) 2011-05-18 23:40:42 +00:00
Miroslav Stampar
e58d6d2e00 removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable) 2011-05-18 23:20:02 +00:00
Miroslav Stampar
fe50d09cc8 added new payload for PostgreSQL (parameter replace) 2011-05-18 23:01:41 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
36a9ddaacc Minor bug fixes and code restyling for --privileges and --passwords 2011-04-30 14:50:27 +00:00
Bernardo Damele
7df954dd9f paranoy 2011-04-21 23:41:25 +00:00
Miroslav Stampar
0764c4c752 parenthesis were missing; banning OR NOT from payloads 2011-04-21 23:32:53 +00:00
Bernardo Damele
1d61611145 leftover 2011-04-21 22:46:43 +00:00
Bernardo Damele
870f773d70 In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this 2011-04-21 20:36:50 +00:00
Miroslav Stampar
05a0e1d3b0 fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting) 2011-04-15 11:34:14 +00:00
Miroslav Stampar
136e85abf3 little refresh of PHPIDS rules for --check-payload 2011-04-11 15:37:49 +00:00