151 Commits

Author	SHA1	Message	Date
Bernardo Damele	39decebe85	Minor fixes to checking/re-enabling of xp_cmdshell procedure	2011-02-07 12:17:19 +00:00
Miroslav Stampar	c0233dcd4f	preventing crashes for output=[]	2011-02-07 10:24:15 +00:00
Miroslav Stampar	096efea282	added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]	2011-02-07 10:22:43 +00:00
Miroslav Stampar	8134c2154a	adding WHERE enum for payloads	2011-02-02 13:34:09 +00:00
Miroslav Stampar	ddf23ba7cc	refactoring	2011-01-30 11:36:03 +00:00
Miroslav Stampar	367d0639f0	refactoring (class names should always be Capital cased)	2011-01-28 16:36:09 +00:00
Miroslav Stampar	430fd5cd63	minor fixes	2011-01-25 16:05:06 +00:00
Bernardo Damele	47fa600c04	Minor fix and cosmetics	2011-01-24 11:12:33 +00:00
Miroslav Stampar	818c9787b2	minor update	2011-01-23 21:20:16 +00:00
Miroslav Stampar	b18397fbc7	major revisit of --os-shell methods	2011-01-23 20:47:06 +00:00
Bernardo Damele	bade0e3124	Major code refactoring - centralized all kb.dbms* info for both retrieval and set.	2011-01-19 23:06:15 +00:00
Bernardo Damele	cffa17f5a6	Major bug fix - before it raised a traceback, now works.	2011-01-18 23:02:47 +00:00
Miroslav Stampar	1fa8f0cba7	code reviewing part 2	2011-01-15 12:53:40 +00:00
Bernardo Damele	2ac8debea0	Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. ... Minor bug fixes thanks to previous refactoring too.	2011-01-13 17:36:54 +00:00
Miroslav Stampar	0eabca9fd4	update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)	2011-01-03 22:31:29 +00:00
Miroslav Stampar	96341f8f78	minor fix	2011-01-02 09:16:17 +00:00
Miroslav Stampar	36862e2efa	update	2010-12-18 15:57:47 +00:00
Miroslav Stampar	de54219571	code refactoring	2010-12-15 12:50:56 +00:00
Bernardo Damele	698f30e65e	Cosmetics	2010-12-13 21:34:35 +00:00
Miroslav Stampar	435f48b8cc	polite cosmetics	2010-12-10 15:28:56 +00:00
Miroslav Stampar	01cf1394a4	code refactoring	2010-12-08 14:26:40 +00:00
Bernardo Damele	da3fd17fc3	Adjustment to make it work also in OR based injection	2010-12-05 12:24:23 +00:00
Miroslav Stampar	5764816891	minor cosmetics	2010-12-03 22:28:09 +00:00
Bernardo Damele	c22338ce90	Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).	2010-11-29 11:47:58 +00:00
Miroslav Stampar	6712f4da55	some refactoring and one less request for aspx maintanance during --os-shell	2010-11-24 14:20:43 +00:00
Miroslav Stampar	9579a97039	now ASPX works too for --os-shell	2010-11-24 11:38:27 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Miroslav Stampar	17f0609263	minor bug fix	2010-11-17 13:29:57 +00:00
Miroslav Stampar	2802923dbe	some improvements regarding --os-shell web server application choice	2010-11-17 11:45:52 +00:00
Miroslav Stampar	bec152609a	minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)	2010-11-17 09:33:05 +00:00
Miroslav Stampar	e7a66371f8	update regarding os shell-ing regarding JSP and ASPX	2010-11-16 13:46:46 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Bernardo Damele	91a3a582e8	Minor bug fix to avoid crash when running sqlmap behind a proxy server	2010-11-04 12:22:04 +00:00
Miroslav Stampar	6adee3792a	removed all trailing spaces from blank lines	2010-11-03 10:08:27 +00:00
Bernardo Damele	c7c84c3089	Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).	2010-11-02 15:31:51 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Bernardo Damele	65a0a8d285	Delegate urlencoding to agent.py only	2010-10-31 13:28:05 +00:00
Bernardo Damele	a0df231aa4	Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data	2010-10-29 13:09:53 +00:00
Bernardo Damele	b3b2c3864a	Minor code refactoring	2010-10-29 10:51:09 +00:00
Bernardo Damele	4f8e9da1b6	Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. ... Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls.	2010-10-28 00:19:40 +00:00
Bernardo Damele	56c16cb471	Minor bug fixes and enhancements to ICMPsh tunnel	2010-10-27 23:01:17 +00:00
Bernardo Damele	a391be833b	Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.	2010-10-27 21:02:22 +00:00
Bernardo Damele	bdb9c37a7e	Cosmetics	2010-10-25 15:17:59 +00:00
Miroslav Stampar	e6e48c5556	fix for Bug #204	2010-10-22 18:23:46 +00:00
Miroslav Stampar	1b2ec826bf	misc fixes regarding new query retrieval format	2010-10-21 23:17:06 +00:00
Bernardo Damele	e73e06069b	Minor code refactoring	2010-10-20 22:09:03 +00:00
Bernardo Damele	862cc9ac53	Minor cosmetic fixes	2010-10-20 21:58:33 +00:00
Bernardo Damele	f95098693f	Removed unused functions	2010-10-20 21:16:28 +00:00
Bernardo Damele	683184cc8f	Minor refactoring	2010-10-17 21:06:52 +00:00
Bernardo Damele	f54c134d22	Minor adjustment	2010-10-16 22:43:05 +00:00