Commit Graph

3802 Commits

Author SHA1 Message Date
Miroslav Stampar
570d3a19c2 more general fix 2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f fixing problems with chars deletition by logging messages in inference mode 2012-02-24 10:48:19 +00:00
Miroslav Stampar
71028a81f5 fix for proper retrieval of columns in SQLite 2012-02-24 09:55:13 +00:00
Miroslav Stampar
f9d2971474 minor just in case fix 2012-02-23 16:37:06 +00:00
Miroslav Stampar
7941504c3a minor update 2012-02-23 15:32:36 +00:00
Miroslav Stampar
0478e4166a minor justin case fix 2012-02-23 15:19:20 +00:00
Miroslav Stampar
086c3a3662 minor fix 2012-02-23 13:31:50 +00:00
Bernardo Damele
82e2f27024 Minor doc update 2012-02-23 10:45:52 +00:00
Miroslav Stampar
da22e82309 minor fix 2012-02-23 10:29:55 +00:00
Miroslav Stampar
2866aaf4cf minor fixes 2012-02-23 10:16:58 +00:00
Miroslav Stampar
4e44900039 minor update 2012-02-23 10:01:45 +00:00
Miroslav Stampar
03070d17a6 minor update 2012-02-23 09:40:03 +00:00
Miroslav Stampar
a0106ff7b4 minor update of CHANGES 2012-02-23 09:34:18 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
386e98a0e3 using UNION SELECT for where=..NEGATIVE 2012-02-22 09:41:58 +00:00
Miroslav Stampar
c9d570c83b minor update 2012-02-21 13:49:30 +00:00
Miroslav Stampar
686eacda9a minor update regarding --hex 2012-02-21 13:38:18 +00:00
Miroslav Stampar
bcf3255fe1 implementation of switch --hex for 4 major DBMSes 2012-02-21 11:44:48 +00:00
Miroslav Stampar
77723a7aee minor update 2012-02-21 10:24:04 +00:00
Miroslav Stampar
d70f4b7150 adding hex conversion functions to queries.xml for 4 major DBMSes 2012-02-21 10:10:43 +00:00
Miroslav Stampar
3e4db6d140 minor fix for Python v2.6 2012-02-20 19:35:57 +00:00
Bernardo Damele
f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently 2012-02-20 11:06:55 +00:00
Miroslav Stampar
08bf8c201f few minor fixes 2012-02-20 10:24:55 +00:00
Miroslav Stampar
bc4dd7c0dd fix for -g 2012-02-20 10:02:19 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Bernardo Damele
ebd40b3933 Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection) 2012-02-17 15:16:05 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
6632aa7308 some more refactoring 2012-02-16 13:46:01 +00:00
Miroslav Stampar
32ca99da53 minor update of FAQ files 2012-02-16 13:26:00 +00:00
Miroslav Stampar
17d9cc0c7a replaced tabs with spaces and removed some pesky unprintable chars 2012-02-16 13:15:01 +00:00
Miroslav Stampar
844fc8addb minor cleanup 2012-02-16 10:19:36 +00:00
Miroslav Stampar
0e23521adc some more refactoring 2012-02-16 09:54:29 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
bcf9fc6c6f minor refactoring 2012-02-16 09:32:47 +00:00
Miroslav Stampar
8d7912ad34 minor update and refactoring 2012-02-15 14:05:50 +00:00
Miroslav Stampar
bf923a97df minor update 2012-02-15 13:45:10 +00:00
Miroslav Stampar
122db6e164 minor update 2012-02-15 13:24:02 +00:00
Miroslav Stampar
9059d30312 adding first code example for SPL snippets 2012-02-15 13:17:01 +00:00
Miroslav Stampar
edeb4b6113 bug fix for --os-shell on Windows (echo ... > requires double quotes if the piped filename contains whitespace, otherwise doesn't hurt) 2012-02-15 11:14:01 +00:00
Miroslav Stampar
35fa214a1e minor update (it was working before too, but this is cleaner) 2012-02-15 10:14:29 +00:00
Bernardo Damele
1c44d6d3c7 Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d 2012-02-14 17:29:00 +00:00
Miroslav Stampar
23cc8b6974 minor fix for special cases when parameter value contains html encoded characters 2012-02-14 14:08:10 +00:00
Miroslav Stampar
c1ab02494c minor grammar and cosmetics 2012-02-14 13:18:37 +00:00
Miroslav Stampar
bb5113980b minor update 2012-02-14 10:27:56 +00:00
Miroslav Stampar
3f15c52188 minor change in workflow for "tainted" parameter values 2012-02-14 09:26:52 +00:00
Miroslav Stampar
2604e73d88 minor change in workflow 2012-02-13 11:18:47 +00:00
Miroslav Stampar
96f589fc89 minor fix 2012-02-12 19:22:33 +00:00