Commit Graph

8080 Commits

Author SHA1 Message Date
Bernardo Damele
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 15:02:56 +00:00
Bernardo Damele
473024bd6e Newline 2010-01-04 14:03:31 +00:00
Miroslav Stampar
6319eb6e5c just added PGP Key ID 2010-01-04 13:08:40 +00:00
Bernardo Damele
232f927dd0 Slightly updated the documentation 2010-01-04 12:53:58 +00:00
Miroslav Stampar
d71e47ce56 fix regarding dirnames in Feature #110 2010-01-04 12:39:07 +00:00
Bernardo Damele
2eb24c6368 Avoid useless queries 2010-01-04 12:35:53 +00:00
Bernardo Damele
236ca9b952 Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). 2010-01-04 10:47:09 +00:00
Miroslav Stampar
96a033b51d found and fixed few bugs regarding my "fix" of Bug #110 2010-01-03 15:56:29 +00:00
Bernardo Damele
d5b1863dec Updated documentation and svn properties 2010-01-02 02:07:28 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. 2010-01-02 01:35:13 +00:00
Bernardo Damele
9c620da0a5 Minor fix 2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9 Minor bug fix 2009-12-21 11:21:18 +00:00
Bernardo Damele
e6c4154cac Fixed minor bug in --reg-del 2009-12-21 11:04:54 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
a605980d66 Minor adjustments to configuration file 2009-12-15 14:16:25 +00:00
Bernardo Damele
b363f1c5ab Added support for NTLM authentication 2009-12-02 22:54:39 +00:00
Bernardo Damele
e28b98a366 Minor layout adjustments 2009-12-02 22:52:17 +00:00
Bernardo Damele
c332c72808 Minor update to user's manual to reflect new Metasploit release 2009-11-17 23:36:18 +00:00
Bernardo Damele
6e36a6f8ed Major enhancement to MSSQL MS09-004 exploit 2009-11-17 23:33:20 +00:00
Bernardo Damele
4779a5fe0f Minor layout adjustment 2009-11-16 16:39:31 +00:00
Bernardo Damele
1bf6a7cadc Adapted sqlmap to latest changes in Metasploit trunk 2009-11-03 16:49:19 +00:00
Bernardo Damele
aa14bea051 Test again 2009-11-01 12:30:30 +00:00
Bernardo Damele
e518ae82e4 Testing post-commit hook on redmine 2009-11-01 12:28:33 +00:00
Bernardo Damele
bfd8128693 Updated name 2009-11-01 12:10:29 +00:00
Bernardo Damele
de68a499f5 Typo fix 2009-11-01 12:08:46 +00:00
Bernardo Damele
bb123b2769 Updated changelog 2009-10-23 10:20:47 +00:00
Bernardo Damele
f1a7d095aa Minor patch to make the PHP web backdoor work also on Windows 2009-10-22 16:25:19 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c Minor bug fix in MSSQL version fingerprint 2009-08-11 09:16:20 +00:00
Bernardo Damele
14578a7a4d Updated THANKS file 2009-07-30 12:02:34 +00:00
Bernardo Damele
17289c5ff2 Minor bug fix 2009-07-30 12:01:23 +00:00
Bernardo Damele
e608a5ca55 Updated THANKS file 2009-07-29 10:44:56 +00:00
Bernardo Damele
19c6804ded Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks! 2009-07-29 10:44:24 +00:00
Bernardo Damele
2c98c11e80 user's manual PDF recreated 2009-07-25 16:46:30 +00:00
Bernardo Damele
45e3ce798f Updated documentation with all new features introduced since sqlmap 0.7-rc1 2009-07-25 14:31:44 +00:00
Bernardo Damele
d905e5ef9f Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server 2009-07-25 11:45:23 +00:00
Bernardo Damele
576cc97742 Minor update to the user's manual, almost there to release 0.7 stable! 2009-07-25 00:25:59 +00:00
Bernardo Damele
b2b2ec8a26 Preparing to release sqlmap 0.7 stable 2009-07-24 23:20:57 +00:00
Bernardo Damele
3d4bfb3263 More appropriate warning message, got rid of a TODO 2009-07-24 23:20:22 +00:00
Bernardo Damele
b4fd71e8b9 Minor adjustment to reflect Metasploit r6849 (http://trac.metasploit.com/changeset/6849) and minor code refactoring. 2009-07-20 14:36:33 +00:00
Bernardo Damele
8096a37940 Major bug fix in --read-file option and minor code refactoring. 2009-07-09 11:50:15 +00:00
Bernardo Damele
cb3d2bac16 Minor improvement so that sqlmap tests also all parameters with no value (ig. par=). 2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356 Avoid to upload the web backdoor to unexisting empty-name directory 2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159 Minor bug fix to --dbms, updated user's manual 2009-07-09 11:05:24 +00:00
Bernardo Damele
4b622ed860 Minor bug fix.
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02 Added support for reflective meterpreter by default when the target OS
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
ba2e009fd9 Now it's fixed 2009-06-29 10:15:10 +00:00
Bernardo Damele
bc31bd1dd9 Minor bug fix 2009-06-29 10:13:39 +00:00
Bernardo Damele
fd7de4bbb8 Updated THANKS file 2009-06-24 13:57:50 +00:00