sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
8,745 Commits 4 Branches 117 Tags 97 MiB
33b42a17d7
Commit Graph

763 Commits

Author SHA1 Message Date
Miroslav Stampar
bc7ab01066 Bug fix for generic parameter replacement (CASE) 2016-09-27 14:29:18 +02:00
Miroslav Stampar
978f56ad10 One more commit for #552 (--passwords) 2016-09-26 16:38:03 +02:00
Miroslav Stampar
aa0b97b562 Support for Informix --roles/--privileges (Issue #552) 2016-09-26 14:20:04 +02:00
Miroslav Stampar
484d9a4825 Implementation of --dump for Informix (Issue #552) 2016-09-23 17:21:48 +02:00
Miroslav Stampar
1b48ff223d Adding initial support for Informix (Issue #552) 2016-09-23 12:33:27 +02:00
Miroslav Stampar
e519484230 Patching live-testing 2016-09-19 15:51:28 +02:00
Miroslav Stampar
c7f615f707 Renaming payload files (consistency with the rest of the project) 2016-07-17 00:21:16 +02:00
Miroslav Stampar
47ba7d4705 Minor update 2016-07-07 10:37:00 +02:00
Miroslav Stampar
292a28131d Minor updates 2016-07-06 23:43:10 +02:00
Miroslav Stampar
2e775fbb75 (e.g.) ASPx MsSQL Chinese exception messages don't start with 'Exception: string' 2016-07-06 14:06:18 +02:00
Miroslav Stampar
e1d7641b8a Good for different generic OleDB-alike connectors 2016-07-06 13:48:35 +02:00
Miroslav Stampar
7ad49f4185 Less problematic regexes for MsSQL errors 2016-07-05 09:32:08 +02:00
Miroslav Stampar
d9315830f9 Less problematic regex for MsSQL errors 2016-07-05 09:20:04 +02:00
Miroslav Stampar
2e2c62b6a7 More error regexes 2016-07-04 17:24:17 +02:00
Miroslav Stampar
53289b0234 Some more Informix error regexes 2016-07-04 10:03:36 +02:00
Miroslav Stampar
dd082ef79d Minor update (new error regex for Informix) 2016-07-04 09:49:18 +02:00
Miroslav Stampar
74d0315fef Update related to the last commit 2016-07-03 02:14:23 +02:00
Miroslav Stampar
3a9e36c52b Reintroducing stacked queries removed in 79d08906a4 (good for WAF bypass) 2016-07-03 02:03:30 +02:00
Miroslav Stampar
65a0f15f69 Minor update (error regex for PHP's sqlsrv module) 2016-06-28 15:13:37 +02:00
Miroslav Stampar
98b77d32cc Minor update 2016-06-27 11:16:41 +02:00
Miroslav Stampar
a4b60dc00f New error regex for MsSQL 2016-06-26 00:40:54 +02:00
Miroslav Stampar
e9407cf791 Cleaning some garbage boundaries (it doesn't make any sense to use %00 as prefix) 2016-06-23 22:57:59 +02:00
Miroslav Stampar
cc313280af Payload that never ever worked (now fixed) 2016-06-03 13:16:00 +02:00
Miroslav Stampar
f06ff42c58 This never worked. Not sure who incorporated it (WAITFOR DELAY can't go to SELECT/CASE) 2016-06-03 10:42:57 +02:00
Miroslav Stampar
4bc1cf4518 Vastly better patch for MsSQL payloads 2016-06-03 10:29:04 +02:00
Miroslav Stampar
d326965966 Reordering MySQL's error-based payloads (BIGINT and EXP have crazy bigger chunk lenghts) 2016-06-01 14:12:22 +02:00
Miroslav Stampar
f0b8fbb7fd Implemented support for JSON_KEYS error-based SQLi (and tons of fixes for MySQL 'ORDER BY,GROUP BY' payloads) 2016-06-01 13:23:41 +02:00
Miroslav Stampar
7d1bdb35ca Update of parsed versions 2016-06-01 10:44:08 +02:00
Miroslav Stampar
acc1277246 Minor update 2016-05-30 14:13:57 +02:00
Miroslav Stampar
b4ebbae354 New payload(s) 2016-05-30 11:25:24 +02:00
Miroslav Stampar
79d08906a4 Cleaning some redundant payload(s) 2016-05-27 23:59:48 +02:00
Miroslav Stampar
b9e5655e3c Proper naming 2016-05-22 14:26:36 +02:00
Miroslav Stampar
3b74e99576 Minor update (support for MariaDB) 2016-05-11 15:47:35 +02:00
Miroslav Stampar
439fff684e Minor update (MSSQL CONCAT payload) 2016-05-11 09:42:54 +02:00
Miroslav Stampar
5ed3cdc819 Minor update 2016-04-22 10:54:55 +02:00
Miroslav Stampar
a9526bda92 Minor patch 2016-04-11 22:38:44 +02:00
Miroslav Stampar
c9b410c97f Minor update 2016-04-08 14:59:52 +02:00
Miroslav Stampar
38fcc5a35a Update for pre-WHERE payloads 2016-04-08 13:19:42 +02:00
Miroslav Stampar
8ceb4907a5 Another update for Issue #1800 2016-04-08 11:37:38 +02:00
Miroslav Stampar
ce3749622a Minor revisit of payload boundaries (Issue #1800) 2016-04-08 11:28:17 +02:00
Miroslav Stampar
ac08db82b2 Including one more error regex (based on testasp[.]vulnweb[.]com) 2016-04-04 16:14:30 +02:00
Miroslav Stampar
ad3b766b65 Adding in-table name boundaries 2016-03-26 09:39:28 +01:00
Miroslav Stampar
242800c085 Minor update related to the #1740 2016-03-01 15:40:34 +01:00
Ewerson Guimaraes (Crash)
8df56ecc72 Update errors.xml 
Add support to Sybase 15.7 error based
 2016-03-01 15:13:38 +01:00
Miroslav Stampar
f54b25ca2a Adding one more regex for MsAccess error recognition 2016-01-17 15:22:53 +01:00
Miroslav Stampar
df8e4b504d Patch for special cases of OR boolean-based blind (covered with last two commits) 2016-01-14 13:51:30 +01:00
Miroslav Stampar
85b35f44a0 Minor refactoring for #1637 2016-01-09 17:39:53 +01:00
Andrew Smith
777e4a3db2 Update for false positives 
Attempt to eliminate false positives using more specific regex
 2016-01-07 15:42:22 -05:00
Andrew Smith
b84d787f4a Addition of IBM DB2 Error Codes 2016-01-07 10:15:09 -05:00
Miroslav Stampar
7411ff93e5 Minor update related to the #1620 2015-12-23 08:14:18 +01:00
Miroslav Stampar
94639d11a3 Another update related to the #1539 2015-11-16 15:33:05 +01:00
Miroslav Stampar
5593bf2fee Another patch related to #1539 (simplifying unicode bad chars and preventing double encoding of safe chars) 2015-11-16 15:02:30 +01:00
Miroslav Stampar
5ff59296ef Space after the generic comments has to be "protected" 2015-10-22 14:47:19 +02:00
Miroslav Stampar
570562369b Further fixes for sqlmap to work properly with HSQLDB (WebGoat) 2015-10-13 13:04:59 +02:00
Miroslav Stampar
ecef769200 More generic approach (non-: versions appear too) 2015-10-10 15:23:09 +02:00
Miroslav Stampar
786b51e6e4 Minor patch 2015-10-10 15:18:47 +02:00
Miroslav Stampar
17ee402592 Adding error regexes for HSQLDB 2015-10-10 14:53:08 +02:00
Miroslav Stampar
9641e84dd9 Bug fixes for HSQLDB 2015-10-09 16:52:13 +02:00
Miroslav Stampar
ee22c477db Minor patch for #1363 2015-08-28 10:59:12 +02:00
Miroslav Stampar
61b33f24d4 Implements #1363 2015-08-28 10:52:36 +02:00
Miroslav Stampar
26bec7219d Update for an Issue #1184 2015-03-31 07:33:50 +02:00
Bernardo Damele
9eb7a0a0f2 enhanced time-based payloads - issue #1169 2015-03-19 12:09:43 +00:00
Bernardo Damele
43f6cb1508 some more boundaries 2015-03-19 12:07:26 +00:00
Bernardo Damele
2bdf121915 cleanup 2015-03-04 13:36:09 +00:00
Bernardo Damele A. G.
b2fca35c36 consolidated some time-based blind payloads - issue #1169 2015-03-03 14:22:20 +00:00
Bernardo Damele
37ca0a95f1 consolidated stacked queries payloads - issue #1169 2015-03-03 14:19:36 +00:00
Bernardo Damele
849ca3da3d added a newline 2015-03-03 14:18:53 +00:00
Miroslav Stampar
b74edf9664 Fixes #1175 2015-02-25 10:16:01 +01:00
Bernardo Damele
21c1ae427b swapped generic and MySQL-specific UNION payloads - issue #1169 2015-02-21 12:57:28 +00:00
Bernardo Damele
ef9d4b58ae minor signature for PHP pgsql functions 2015-02-21 02:24:03 +00:00
Bernardo Damele
4bbf168b18 Minor titles fix 2015-02-20 18:35:13 +00:00
Bernardo Damele
ab6cc271d3 Major consistency rework of error-based payloads - issue #1169 2015-02-20 18:34:47 +00:00
Bernardo Damele
9fed41ddc2 Major consistency rework of boolean payloads - issue #1169 2015-02-20 18:34:23 +00:00
Bernardo Damele
2d886011c8 Consistency in enums 2015-02-20 18:33:04 +00:00
Bernardo Damele
1ecb921ba7 Consistency in enums 2015-02-20 18:31:47 +00:00
Bernardo Damele
3b3205c532 Minor stacked queries and time-based payloads cleanup - issue #1169 2015-02-20 15:44:06 +00:00
Bernardo Damele
5b65d2e133 more consistency of boolean blind payloads - issue #1169 2015-02-20 11:34:16 +00:00
Bernardo Damele
f547a776d8 consolidating blind based payloads - issue #1169 2015-02-19 16:42:26 +00:00
Bernardo Damele
4195f770a3 removing one unnecessary character from stacked payloads 2015-02-19 16:41:55 +00:00
Bernardo Damele
1e9586c90b minor layout fix 2015-02-19 16:18:16 +00:00
Bernardo Damele
6cc092b926 split payloads in different files 2015-02-18 10:13:44 +00:00
Bernardo Damele
560bc7cc28 minor fixes 2015-02-18 09:51:07 +00:00
Bernardo Damele
c51ecf33f3 ported the recent MySQL time-based payload (introduced with 66c2a79397) to other techniques and conditions 2015-02-18 09:45:44 +00:00
Bernardo Damele
84349a370a minor code cleanup 2015-02-15 19:51:07 +00:00
Bernardo Damele
32ab52b8ca code refactoring: split boundaries and payloads XML files 2015-02-15 16:31:35 +00:00
Bernardo Damele
66c2a79397 added a time-based payload for MySQL when the simpler AND SLEEP(X) does not work 2015-02-03 15:14:41 +00:00
Miroslav Stampar
ae95fd91c2 Implementation for an Issue #1135 2015-01-24 23:49:33 +01:00
Miroslav Stampar
4f122ee008 Bug fix regarding a problem reported by user @blink2014 2014-12-20 00:23:31 +01:00
Miroslav Stampar
0b91a6098f Patch for an Issue #1050 2014-12-18 15:13:44 +01:00
Miroslav Stampar
0c99b79c60 Minor fix 2014-11-28 00:54:03 +01:00
Miroslav Stampar
80b9fc4821 Minor fix 2014-11-19 09:21:52 +01:00
Miroslav Stampar
b7aeb670e1 Implementation of a new MySQL error-based payload (found at RDot) 2014-10-29 10:14:01 +01:00
Miroslav Stampar
90869244fd Minor update 2014-09-09 16:19:38 +02:00
Miroslav Stampar
af21fc513d Bug fix for HSQLDB (some queries were runnable on MySQL) 2014-09-03 21:39:38 +02:00
Miroslav Stampar
1478c206f1 Trivial update 2014-09-03 21:27:02 +02:00
Miroslav Stampar
ff8bfff87a Bug fix (FreeBSD != Linux) 2014-08-20 14:45:58 +02:00
Miroslav Stampar
5436635acb Minor update 2014-08-13 13:32:22 +02:00
Bernardo Damele
a09e590fe8 updated regression tests 2014-07-17 17:13:09 +01:00
Markus Wulftange
cf4e0c755b
Add boundary checks for derived tables in FROM clause 2014-05-24 17:25:11 +02:00
Bernardo Damele
78ab525966 minor fix to Oracle payloads 2014-04-09 12:31:52 +00:00