Commit Graph

1422 Commits

Author SHA1 Message Date
Miroslav Stampar
4649450603 Fix for an Issue #137 2012-08-16 22:20:24 +02:00
Miroslav Stampar
74ee0ce78a Fix for an Issue #148 2012-08-14 23:25:12 +02:00
Miroslav Stampar
b78163f99b Update for Issue #138 2012-08-08 19:06:47 +02:00
Miroslav Stampar
20a66567a3 Minor refactoring 2012-07-30 10:06:14 +02:00
Miroslav Stampar
ffc520b35f Minor refactoring 2012-07-24 14:35:56 +02:00
Miroslav Stampar
95e0d46e3e Fix for an Issue #110 2012-07-21 09:15:54 +02:00
Bernardo Damele
34e77a8801 ported fix for issue #81 also to blind techniques 2012-07-21 00:20:32 +01:00
Bernardo Damele
3e21f3d07a fixed --search -C too on MSSQL - issue #81 2012-07-21 00:08:40 +01:00
Bernardo Damele
60242f92c5 made --search -D on MSSQL consistent with other DBMSes - issue #81 2012-07-20 23:37:56 +01:00
Bernardo Damele
7f10b01265 same fix as previous commit for blind techniques 2012-07-20 22:35:20 +01:00
Bernardo Damele
b54ae107cc major bug fix in --search with multiple -C provided 2012-07-20 22:29:48 +01:00
Bernardo Damele
45177cf93d minor restyling 2012-07-20 22:29:30 +01:00
Bernardo Damele
16668e1b8d leftover debug message 2012-07-20 21:48:29 +01:00
Bernardo Damele
b0ab837832 minor code refactoring and implemented issue #95 2012-07-20 21:46:36 +01:00
Bernardo Damele
9cb1c4c0d9 plugin refactoring - issue #22 2012-07-20 19:17:35 +01:00
Bernardo Damele
86df6037e3 reverted previous ugly hack for issue #110, perhaps a better fix is possible 2012-07-20 16:01:04 +01:00
Bernardo Damele
1928d5464d fixes issue #97 2012-07-20 15:56:14 +01:00
Bernardo Damele
52431402dd minor fix to avoid cleanup() if web backdoor upload failed 2012-07-16 17:58:30 +01:00
Miroslav Stampar
c1a14257a4 Removing --disable... switches and making changes in default choice(s) for respectable sections 2012-07-16 11:31:51 +02:00
Bernardo Damele
bb8cd788e1 minor fix 2012-07-16 09:56:41 +01:00
Miroslav Stampar
3f4186ce2c Removing duplicate user password hashes 2012-07-14 10:57:46 +02:00
Miroslav Stampar
6677da63cd Fix for an Issue #88 2012-07-13 14:25:39 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
cba2a26b68 Finishing Issue #75 (inference dumping) 2012-07-12 14:46:57 +02:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Miroslav Stampar
3fd5119f3f Redesigning for Issue #75 2012-07-12 13:42:22 +02:00
Bernardo Damele
fed178646a minor refactoring 2012-07-12 01:48:07 +01:00
Bernardo Damele
01474f6272 proper debug message added - issue #75 2012-07-12 01:19:36 +01:00
Bernardo Damele
ee3aeb8dcf actual implementation of issue #75, still some work to do 2012-07-12 01:16:00 +01:00
Bernardo Damele
caeddf6822 avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file 2012-07-12 00:17:07 +01:00
Bernardo Damele
66d854c7d8 leftover space 2012-07-12 00:04:56 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Bernardo Damele
6f6cd676b7 clean up the file system from sqlmap created web files 2012-07-11 14:07:20 +01:00
Bernardo Damele
0c5f259481 var renaming 2012-07-11 13:39:33 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
8caffac4bc conf.unescape->kb.unescape 2012-07-10 10:55:04 +02:00
Bernardo Damele
4656d23d82 increased verbosity level of some messages and removed a leftover 2012-07-10 01:43:19 +01:00
Bernardo Damele
00b7411a87 more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok 2012-07-10 01:39:03 +01:00
Bernardo Damele
2527554f8e more work on #33 2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0 initial work for issue #33 2012-07-10 00:27:08 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Miroslav Stampar
86c27cc4f2 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-06 17:28:13 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Bernardo Damele
e673033ac1 minor layout adjustment 2012-07-06 15:26:45 +01:00
Bernardo Damele
fb7fe552b7 proper naming 2012-07-06 15:13:50 +01:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
Miroslav Stampar
e51d3a02f1 Update for Issue #43 (renamed --disable-cracking to --disable-hash) 2012-06-28 18:53:47 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
303aa10507 only a small update 2012-06-27 14:43:18 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
d5e80089ff minor summer cleanup 2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
96177393e1 minor update regarding --exact switch 2012-06-10 13:38:12 +00:00
Miroslav Stampar
10b0639a96 making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE) 2012-06-04 09:24:46 +00:00
Miroslav Stampar
3f6bc1f3c2 minor fix 2012-05-24 18:05:33 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
0e8d8577a7 adding a DB2 patch from smcintyre@securestate.com 2012-05-21 08:26:19 +00:00
Miroslav Stampar
079e0e1434 minor bug fix 2012-05-18 08:51:50 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
8013a64f8c minor refactoring 2012-05-01 19:57:30 +00:00
Miroslav Stampar
c71d435d9f making "id"-like columns prioritized for ORDER BY in MySQL 2012-05-01 19:52:02 +00:00
Miroslav Stampar
458a73c9b4 few consistency fixes 2012-04-29 23:09:00 +00:00
Miroslav Stampar
c7a606637f switching few readInput defaults for brute forcing when no table/column found 2012-04-27 12:59:22 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Bernardo Damele
6116853025 Minor layout adjustments 2012-04-24 17:01:24 +00:00
Bernardo Damele
072e08836f Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 14:05:45 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
645fc8a21c minor refactoring 2012-03-27 08:31:48 +00:00
Miroslav Stampar
72c5b034bf minor update 2012-03-19 11:50:38 +00:00
Miroslav Stampar
cb8caf7e0f i am not very bright today :) 2012-03-19 11:23:23 +00:00
Miroslav Stampar
d5915e5d44 one other fix 2012-03-19 11:19:26 +00:00
Miroslav Stampar
7abfa2e6d4 minor fix 2012-03-19 11:18:00 +00:00
Miroslav Stampar
cce5c3c009 minor changes for version numbers 2012-03-19 11:07:03 +00:00
Bernardo Damele
48e8c978fb Minor fix, way more to do for --search -C for MSSQL 2012-03-15 17:55:49 +00:00
Bernardo Damele
0013b0970f Minor layout adjustments - foundDb is misleading at that stage 2012-03-15 16:07:16 +00:00
Miroslav Stampar
8cf5d260fd Application Data is not a temporary directory writable by everybody 2012-03-14 23:44:29 +00:00
Bernardo Damele
c735d846ee The default temporary directory as to stay as is, do not touch this code snippet anymore please 2012-03-14 22:39:46 +00:00
Miroslav Stampar
ca0d068575 distinguishing NULL from BLANK 2012-03-14 13:52:23 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00
Bernardo Damele
48592f2515 minor adjustments 2012-03-09 18:34:18 +00:00
Bernardo Damele
be9b103b51 minor bug fix 2012-03-09 18:02:50 +00:00
Bernardo Damele
012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
2012-03-09 17:47:50 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Bernardo Damele
d9e499af9f Set Id property 2012-03-09 12:05:21 +00:00
Bernardo Damele
7330dff255 Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries 2012-03-08 16:57:53 +00:00
Miroslav Stampar
e678219a8c minor update 2012-03-08 15:51:30 +00:00
Bernardo Damele
ae87df5670 leftover 2012-03-08 15:45:33 +00:00
Bernardo Damele
4bc6f3f6c9 Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore 2012-03-08 15:32:05 +00:00
Miroslav Stampar
68b9d48d0a minor update 2012-03-08 15:30:23 +00:00
Miroslav Stampar
2ab80bfb2c minor bug fix 2012-03-08 15:24:05 +00:00
Bernardo Damele
c79807f5fb Minor layout adjustments 2012-03-08 15:11:24 +00:00
Miroslav Stampar
761ec7529a minor appereance fix 2012-03-01 11:52:30 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
10dd9096f7 one more just in case fix for safeSQLIdentificator naming on MSSQL --tables 2012-02-29 14:05:53 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
26b33154ab optimal fix related to the last commit 2012-02-24 14:28:41 +00:00
Miroslav Stampar
9d6fd2e507 bug fix for --schema --technique=BST 2012-02-24 14:12:19 +00:00
Miroslav Stampar
f9d2971474 minor just in case fix 2012-02-23 16:37:06 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently 2012-02-20 11:06:55 +00:00
Miroslav Stampar
08bf8c201f few minor fixes 2012-02-20 10:24:55 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Bernardo Damele
ebd40b3933 Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection) 2012-02-17 15:16:05 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
7bca926a0b fixes, updates, patches 2012-02-09 10:16:58 +00:00
Miroslav Stampar
948cf25de4 more consistent 2012-02-09 09:53:40 +00:00
Miroslav Stampar
980367b7b2 minor update 2012-02-09 09:48:47 +00:00
Miroslav Stampar
1d4b10dbd1 bug fix 2012-02-08 13:55:50 +00:00
Miroslav Stampar
2662fe84f7 minor update 2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593 minor update 2012-02-08 12:00:03 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
e94f86a1ad minor update 2012-02-03 15:46:28 +00:00
Miroslav Stampar
22f4d5650f fix for retrieving version of backend OS on MSSQL 2012-02-03 15:42:36 +00:00
Miroslav Stampar
a48fc4efec minor update 2012-02-03 15:32:23 +00:00
Miroslav Stampar
e3466fa5d8 minor update 2012-02-03 15:28:11 +00:00
Miroslav Stampar
2136b3447d better solution 2012-02-03 15:22:21 +00:00
Miroslav Stampar
f86c365694 added one more failsafe for MSSQL --tables 2012-02-03 10:56:39 +00:00
Miroslav Stampar
a6c2fc7ecc some refactoring on MSSQL support 2012-02-01 12:53:07 +00:00
Miroslav Stampar
f79d01183d minor update 2012-02-01 09:23:52 +00:00
Miroslav Stampar
2face9799a minor fix 2012-02-01 09:17:38 +00:00
Miroslav Stampar
7d37a650d0 minor fix 2012-01-30 14:41:17 +00:00
Miroslav Stampar
91ebadff75 minor update 2012-01-30 13:32:52 +00:00
Miroslav Stampar
d8c343a88a minor update 2012-01-30 13:29:43 +00:00
Miroslav Stampar
f8ae0e5272 minor update 2012-01-30 13:20:33 +00:00
Miroslav Stampar
de94bee7b5 minor fix 2012-01-20 00:11:19 +00:00
Miroslav Stampar
b2dad63000 some more refactoring 2012-01-13 22:00:34 +00:00
Miroslav Stampar
8e4b8d345f refactoring 2012-01-13 21:55:39 +00:00
Bernardo Damele
ec9cc19951 Minor bug fixes for -d 2012-01-13 21:46:21 +00:00
Bernardo Damele
5e853cae64 Minor bug fix so now when the back-end DBMS operating system is Windows 2000, it sets the temporary folder automatically to C:\WINNT\Temp - the user does not need to provide it anymore with --tmp-path C:\\WINNT\\Temp 2012-01-13 18:08:44 +00:00
Bernardo Damele
0043336620 Minor fix and removed leftover debug message 2012-01-13 17:04:59 +00:00
Bernardo Damele
b03f91437b Minor code refactoring 2012-01-13 16:49:52 +00:00
Miroslav Stampar
accac776fe some fixes 2012-01-13 14:10:53 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
fecdce5801 implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too 2012-01-09 21:09:05 +00:00
Miroslav Stampar
ff52931140 some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available) 2012-01-07 19:30:35 +00:00
Miroslav Stampar
138b8039b3 better language 2012-01-07 17:35:53 +00:00
Miroslav Stampar
f85c5b3f4d minor update 2012-01-06 00:23:49 +00:00
Miroslav Stampar
f412706fee minor update for MSSQL --tables (fallback to other method) 2012-01-03 18:01:14 +00:00
Miroslav Stampar
6f5ef23f28 minor update/patch 2012-01-01 22:55:32 +00:00
Miroslav Stampar
300abc2ba2 minor update regarding unicode unescaping 2012-01-01 22:31:09 +00:00
Miroslav Stampar
6c49af090c minor language patch 2011-12-28 14:18:17 +00:00
Miroslav Stampar
8750532c3d minor fix 2011-12-28 14:13:36 +00:00
Miroslav Stampar
1ae413a206 some refactoring/speedup around UNION technique 2011-12-22 10:32:21 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
41ccf88990 some more refactoring 2011-12-21 22:09:21 +00:00
Miroslav Stampar
0a039d84e0 some more refactoring 2011-12-21 19:40:42 +00:00
Miroslav Stampar
d9d4e3ea9b minor fix 2011-12-21 17:43:50 +00:00
Miroslav Stampar
41b60b26fc minor refactoring 2011-12-21 14:25:39 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
d1bfdc6a48 minor fix for --start/--stop mechanism in pivot dumping mode 2011-12-20 13:04:57 +00:00
Miroslav Stampar
641055144a minor beautification 2011-12-16 11:49:20 +00:00
Miroslav Stampar
ebc04a3d5f minor fix 2011-12-16 11:44:33 +00:00
Miroslav Stampar
7d2fce16dc minor fix 2011-12-16 11:40:23 +00:00
Miroslav Stampar
cff21814bb minor patch for MSSQL 2008 2011-12-16 11:23:41 +00:00
Miroslav Stampar
8793fbc9f5 minor update 2011-12-14 12:59:25 +00:00
Miroslav Stampar
39b406c5c1 fix for --search on Oracle 2011-12-02 18:13:27 +00:00
Miroslav Stampar
96aacbf945 upgrade of --search mechanism (lowest common denominator is now searched for - e.g. if -D -T and -C are given then -C is searched for in -D and -T) 2011-12-02 13:32:30 +00:00
Miroslav Stampar
9697e80013 some more optimizations 2011-11-22 10:54:29 +00:00
Miroslav Stampar
b117c40aa5 major improvement of HashDB speed in multi-threaded mode 2011-11-22 10:09:35 +00:00
Miroslav Stampar
0ce885e6e6 adding base64encode tampering script 2011-11-21 12:47:23 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
f574760c12 minor update 2011-10-28 13:16:22 +00:00
Miroslav Stampar
bd7da45546 minor update 2011-10-28 13:07:23 +00:00
Miroslav Stampar
f7be0ca4e2 minor fix 2011-10-28 12:49:35 +00:00
Miroslav Stampar
6c0e8b0ea8 returning alphabetically sorted database and table names 2011-10-28 12:40:59 +00:00
Miroslav Stampar
9523da7663 minor optimization 2011-10-25 13:21:01 +00:00
Miroslav Stampar
23bf52e496 minor refactoring 2011-10-24 09:55:50 +00:00
Miroslav Stampar
77e630d89e replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-23 20:19:42 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
b6ccc0cc43 minor update 2011-10-18 14:35:42 +00:00
Miroslav Stampar
7f9f744b87 update regarding last commit 2011-10-12 12:37:05 +00:00
Miroslav Stampar
39e33bea99 important fix (LIMIT m,n should not be considered deterministic in column by column table dumping) 2011-10-12 12:31:47 +00:00
Miroslav Stampar
2d7d84e16b minor fix 2011-09-25 19:42:24 +00:00
Miroslav Stampar
af94ac7f02 minor fix 2011-09-20 22:16:56 +00:00
Miroslav Stampar
9a1ac96756 bug fix 2011-09-11 17:22:27 +00:00
Miroslav Stampar
8a174248dc fix for a bug reported by blueBoy 2011-08-20 20:08:11 +00:00
Miroslav Stampar
fb6a84b10b minor update (when columns are missing from information_schema too) 2011-08-18 07:03:53 +00:00
Miroslav Stampar
262996fc5b bug fix 2011-08-16 06:14:40 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Miroslav Stampar
41ae9bc7ff minor bug fix 2011-08-09 14:20:25 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Bernardo Damele
c15439ab7f Minor improvement to --passwords output 2011-08-02 09:04:34 +00:00
Bernardo Damele
ad4584da70 Minor bug fix when dumping tables with UNION query technique on Access, Firebird and MaxDB 2011-08-01 23:44:14 +00:00
Miroslav Stampar
4ca81dd345 quick fix 2011-08-01 23:25:58 +00:00
Miroslav Stampar
e0fda9f985 minor fix 2011-08-01 10:13:25 +00:00
Miroslav Stampar
79b4e26e23 bug fix 2011-08-01 00:17:26 +00:00
Miroslav Stampar
0627bb02cb minor beautification 2011-07-31 10:21:47 +00:00
Miroslav Stampar
4d923ec375 change in invalid logic regarding --sql-shell (retrieving output for non-query commands did nothing at all) 2011-07-30 21:46:59 +00:00
Miroslav Stampar
a6ade08c28 just in case commit to prevent join string iteration over 'None' values 2011-07-30 13:01:37 +00:00
Miroslav Stampar
4ce93221d1 minor update 2011-07-28 09:24:37 +00:00
Miroslav Stampar
684ddc43e6 minor patch 2011-07-28 08:53:09 +00:00
Bernardo Damele
37de709df2 leftover 2011-07-26 11:20:07 +00:00
Bernardo Damele
a2483b3bc4 Aligned OS takeover functionalities to recent Metasploit improvements 2011-07-26 10:29:14 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Bernardo Damele
5a1c9a42a3 Minor bug fix 2011-07-20 13:45:34 +00:00
Bernardo Damele
29b5115906 Minor bug fix 2011-07-20 13:28:10 +00:00
Miroslav Stampar
9c694ce3ec bug fix (--tables --columns) 2011-07-12 23:27:47 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
da049110df Minor revert 2011-07-04 15:23:05 +00:00
Miroslav Stampar
a1fe9d07ca minor revert 2011-07-02 23:00:22 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Miroslav Stampar
d063ae91eb propset update 2011-06-30 07:55:07 +00:00
Miroslav Stampar
8a36f7fc03 fix for a bug reported by aboynes@gmail.com (UnboundLocalError: local variable 'infoMsg' referenced before assignment) 2011-06-29 18:04:58 +00:00
Bernardo Damele
d3b44a5f58 Added copyright 2011-06-28 10:59:20 +00:00
Bernardo Damele
fe686feefa Added support for direct connection (-d switch) to IBM DB2 2011-06-28 10:52:07 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Bernardo Damele
f7196007ca --search on Oracle is now consistent with other plugins 2011-06-24 14:33:30 +00:00
Bernardo Damele
ddfae39d9e Minor bug fixes for --search with -C 2011-06-24 09:27:54 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Miroslav Stampar
ca6f9acf30 minor fix for resuming in multi threading mode 2011-06-18 12:23:18 +00:00
Miroslav Stampar
d27afaed7e some fixes 2011-06-16 14:27:44 +00:00
Miroslav Stampar
0eeb48f8f5 some fixes 2011-06-16 13:41:02 +00:00
Miroslav Stampar
afe0579487 minor fixes for pivot dumping 2011-06-15 19:03:37 +00:00
Miroslav Stampar
4188df0501 fixes for Sybase 2011-06-15 18:49:35 +00:00
Miroslav Stampar
60ecf95383 fix for a bug reported by seyi.akin@gmail.com 2011-06-14 08:40:25 +00:00
Bernardo Damele
9126c84442 Refactoring (standardized with --search -C ...) 2011-06-08 16:39:41 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Bernardo Damele
cce3208b35 Cleanup 2011-06-08 14:15:34 +00:00
Bernardo Damele
161ece5587 Rephrase 2011-06-08 11:33:45 +00:00
Miroslav Stampar
26062ec71e minor update 2011-06-07 15:13:51 +00:00
Miroslav Stampar
f34b395c65 fixing typo 2011-06-07 14:58:22 +00:00
Miroslav Stampar
89a7516c35 bug fix 2011-06-06 09:55:22 +00:00
Miroslav Stampar
0b875b160f cosmetics 2011-05-31 20:57:29 +00:00
Miroslav Stampar
3fa8e1db72 better language 2011-05-31 15:45:54 +00:00
Miroslav Stampar
4bb9754dfe using --dump for msaccess with -C switch was for some reason pain in the ass (you had to do the brute forcing again and again). now -C forces the result in those cases 2011-05-30 23:34:48 +00:00
Miroslav Stampar
bf2b58ba82 minor update 2011-05-26 15:23:28 +00:00
Miroslav Stampar
79f0b3a92a adding support for --start and --stop for __pivotDumpTable 2011-05-26 15:16:57 +00:00
Miroslav Stampar
b6fe5b12a4 adding --schema to the wizard/Basic as it looks like a cool thingy to put there 2011-05-26 14:30:05 +00:00
Miroslav Stampar
a397baa89a fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches 2011-05-26 08:17:21 +00:00
Miroslav Stampar
1067d43f14 minor update 2011-05-23 19:16:29 +00:00
Miroslav Stampar
0ed03d474f now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate 2011-05-23 11:09:44 +00:00
Miroslav Stampar
7b52bbe3fb reverting that ignoreTimeout for --tables (because of this and that) 2011-05-22 09:59:19 +00:00
Miroslav Stampar
9b2623514a one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables 2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170 type correction and adding global flag kb.ignoreTimeout which could be useful 2011-05-22 08:24:13 +00:00
Miroslav Stampar
126cdf9e19 minor info update 2011-05-19 23:28:27 +00:00
Miroslav Stampar
a034462c31 fixing annoying timeouts for basic DBMS check (reference: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_timestampadd) 2011-05-19 23:03:00 +00:00
Miroslav Stampar
5a979f7667 minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used 2011-05-19 17:35:33 +00:00
Miroslav Stampar
4efc284b83 adding more info for --passwords 2011-05-11 12:35:32 +00:00
Bernardo Damele
b5f090cc4f Minor bug fix 2011-05-10 15:48:48 +00:00
Miroslav Stampar
b713b18fd2 minor fix for a bug spotted on Sybase 2011-05-09 16:09:18 +00:00
Bernardo Damele
ac74557614 Minor adjustment for --dump-all 2011-05-08 10:25:40 +00:00
Bernardo Damele
356037ca22 cosmetics 2011-05-08 02:11:34 +00:00
Bernardo Damele
9955483052 Major improvement for --dump.
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
d3589493d1 Temporary fix for bug reported by ultramegaman (infinite loop) 2011-05-07 23:28:59 +00:00
Bernardo Damele
6e784e766b Minor bug fix 2011-05-07 21:20:47 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968 removing blank lines and adding newline at the end of files 2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
dac59a55bc leftover 2011-05-03 14:14:39 +00:00
Bernardo Damele
c58dc4a6d8 isDbmsWithin() must stay like this, no getIdentifiedDbms() in there 2011-05-03 14:13:45 +00:00
Miroslav Stampar
eceb5eca7b fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla) 2011-05-02 21:55:06 +00:00
Miroslav Stampar
b327a78522 minor minor update of the last commit 2011-05-02 19:24:49 +00:00
Miroslav Stampar
0bb7d715a7 more user friendliness/handiness for users which mix Linux and Windows paths where they shouldn't do that 2011-05-02 19:18:28 +00:00
Miroslav Stampar
8e8886cd20 minor improvement for --sql-shell/--sql-query (when non-SELECT default is N for retrieve data output which automatically does STACKED injection) 2011-05-01 21:41:14 +00:00
Bernardo Damele
64bb480414 Do not raise otherwise it won't work with --schema 2011-04-30 23:20:16 +00:00
Bernardo Damele
d5eeb91b35 Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns 2011-04-30 22:11:36 +00:00
Bernardo Damele
b31b861d7b Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc. 2011-04-30 22:10:27 +00:00
Bernardo Damele
284c69a686 Improved --tables for MSSQL too, like r3798 2011-04-30 22:05:02 +00:00
Bernardo Damele
aeb149db22 Proper ordering of enumeration methods, consistent with the others enumeration classes 2011-04-30 22:04:08 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
cb9b9c4204 Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too 2011-04-30 15:29:19 +00:00
Bernardo Damele
b3a0424269 More Backend class method usage refactoring 2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
36a9ddaacc Minor bug fixes and code restyling for --privileges and --passwords 2011-04-30 14:50:27 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
1a052245a6 duplicate code 2011-04-30 00:25:15 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Bernardo Damele
529595fd85 Moved method below 2011-04-29 22:37:43 +00:00
Bernardo Damele
14bf6abb7e Minor layout adjustment 2011-04-29 21:40:48 +00:00
Bernardo Damele
f449688f93 Proper resume of --schema data when calling with --columns switch, minor fixes too 2011-04-29 21:17:59 +00:00
Miroslav Stampar
a6015b59df fix for a bug reported by jaccovantuijl@gmail.​com (entries = zip(*[entries[colName] for colName in colList])) 2011-04-29 14:33:47 +00:00
Bernardo Damele
9927f5a7db Let --schema work also for Sybase and MaxDB 2011-04-29 00:02:28 +00:00
Bernardo Damele
edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0a534dee5 Do not even prompt for ICMP tunnel if the target OS is not Windows 2011-04-23 21:57:07 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
148fb26301 quick fix 2011-04-21 17:34:26 +00:00
Miroslav Stampar
e181d5412e fix for a bug reported by aboynes@gmail.com (@@datadir not available on MySQL 4) 2011-04-21 17:33:07 +00:00
Miroslav Stampar
bd4fbb3251 fix for a bug reported by l0rda@l0rda.biz (TypeError: cannot concatenate 'str' and 'NoneType' objects) 2011-04-21 14:53:02 +00:00
Miroslav Stampar
5052013ffa minor update 2011-04-20 14:48:23 +00:00
Miroslav Stampar
f909ecb369 bug fix for mssqlserver escape 2011-04-20 13:41:01 +00:00
Miroslav Stampar
88c76147e1 removed few trailing whitespace lines 2011-04-15 20:52:08 +00:00
Miroslav Stampar
c16b74ce1a covering __pivotDumpTable for keyboard and connection exceptions too 2011-04-15 14:21:13 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
aed994192e disabling safecharencode for --banner 2011-04-15 08:15:21 +00:00
Miroslav Stampar
8ddac7fe5a minor fix and speedup when pivoting empty table 2011-04-14 21:11:20 +00:00
Miroslav Stampar
384ca98ded don't let sqlmapNoneDataException for one table to break whole dumpAll() 2011-04-14 20:56:12 +00:00
Miroslav Stampar
dbbaefa79d minor update (pivot value should be safechardecoded) 2011-04-14 20:38:03 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Bernardo Damele
1c51e11c5c Minor adjustments to PgSQL fingerprint 2011-04-12 10:35:33 +00:00
Miroslav Stampar
7324d53997 reference (http://www.enterprisedb.com/docs/en/9.0/pg/release-9-0.html) 2011-04-12 10:30:33 +00:00
Miroslav Stampar
bc4c2f320c cosmetics 2011-04-12 10:24:09 +00:00
Miroslav Stampar
2f1786e65f added active fingerprint for pgsql >= 9.0.3 (reference: http://www.postgresql.org/docs/9.0/static/release-9-0.html) 2011-04-12 10:22:54 +00:00
Bernardo Damele
fdbd8bfe37 initial support for PostgreSQL 9.0 - #223 2011-04-11 22:02:00 +00:00
Bernardo Damele
f4745a95ea Possible fix for bug reported by David 2011-04-11 21:45:25 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
e20848c711 first commit toward v1.0 (it's smarter to start testing for pivot point from shorter column names as they tend to be some kind of identifiers) 2011-04-11 09:40:52 +00:00
Bernardo Damele
ea3ebafba1 Removed outdated sentence 2011-04-10 23:59:49 +00:00
Bernardo Damele
572708f184 More version adjustment 2011-04-10 23:28:24 +00:00
Bernardo Damele
fbf8e7f32d Minor bug fix to --file-read 2011-04-10 19:53:42 +00:00
Bernardo Damele
7dd5bd9d59 Minor fix for --cleanup on MSSQL 2011-04-10 13:48:29 +00:00
Bernardo Damele
6d165861c8 Minor version increase 2011-04-10 13:30:27 +00:00
Miroslav Stampar
c714ac6421 added support for handling binary data values (no more garbish chars) 2011-04-09 23:13:16 +00:00
Miroslav Stampar
6fa2fd139c implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field) 2011-04-08 15:17:57 +00:00
Bernardo Damele
d5fb1378cc Gone unnoticed for way too long 2011-04-08 11:15:19 +00:00
Miroslav Stampar
e8259a7665 minor update (now --dump also supports only -D parameter) 2011-04-07 22:38:13 +00:00
Bernardo Damele
bac53eeef1 Allow --dump-all to accept -D switch in order to dump all tables' entries for only one (or more, comma-separated) specified database(s) 2011-04-07 22:08:10 +00:00
Miroslav Stampar
60102209f6 quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split') 2011-04-01 11:14:24 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
4312a42b5d another minor fix 2011-03-28 12:04:39 +00:00
Miroslav Stampar
3173adbf6b minor update 2011-03-28 12:02:31 +00:00
Miroslav Stampar
73e5d20ade bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries) 2011-03-28 11:01:55 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
04c4578df7 minor fix 2011-03-26 05:55:49 +00:00
Miroslav Stampar
58f8703ecd minor update before bedtime 2011-03-25 22:59:18 +00:00
Miroslav Stampar
ae12dee990 minor update 2011-03-25 22:08:54 +00:00
Miroslav Stampar
c9baa0094b going global for protection of non-standard identificator naming 2011-03-25 22:02:28 +00:00
Miroslav Stampar
5a1f733a43 minor update (_ is part of normal identificator naming) 2011-03-25 21:49:20 +00:00
Miroslav Stampar
1a98095a93 minor improvement for that MySQL identification naming 2011-03-25 21:46:49 +00:00
Miroslav Stampar
48c4460e2c bug fixed (there was a huge problem with space containing identifiers - fixed and tested for MySQL) 2011-03-25 21:22:06 +00:00
Miroslav Stampar
af39a441fa minor improvement when --dbs returns no database names (like in many cases with MySQL 4) 2011-03-25 19:50:06 +00:00
Miroslav Stampar
f3858a5fcf another fix related to the bug reported by Alone Shell 2011-03-24 17:08:14 +00:00
Miroslav Stampar
02379c01a2 minor update (will do "schema update" for sybase some other time; that COUNT(*) blew my mind) 2011-03-23 11:42:36 +00:00
Miroslav Stampar
0f7bce5c66 fixing a huge mess going on because of counting on error and union techniques 2011-03-23 11:36:40 +00:00
Miroslav Stampar
7ea45e9032 minor update for Sybase regarding last commit 2011-03-23 11:04:15 +00:00
Miroslav Stampar
b72cdfe9e6 fix for mssql regarding usage of schema names reported by jabra@spl0it.org 2011-03-23 10:40:34 +00:00
Miroslav Stampar
4889764114 minor update regarding last commit 2011-03-21 11:40:27 +00:00
Miroslav Stampar
5291fe35c9 proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes) 2011-03-21 11:29:43 +00:00
Bernardo Damele
74ef1e53c7 Minor bug fixes to --privileges for PostgreSQL query (corner case) 2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065 minor refactoring (more consistent) 2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387 minor refactoring 2011-03-09 11:37:37 +00:00
Miroslav Stampar
68c7247ee4 bug fix (pgsql drop function requires input arguments - at cleanup() in plugins/generic/misc.py it's already fixed before) 2011-03-08 10:46:23 +00:00
Miroslav Stampar
16b286982d fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') 2011-03-07 09:50:43 +00:00
Bernardo Damele
7524a0c0cf Proper error message 2011-03-04 11:59:09 +00:00
Bernardo Damele
60605b6e7c Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only) 2011-02-27 12:14:13 +00:00
Miroslav Stampar
13f0d5ce00 minor bug fix 2011-02-22 14:51:42 +00:00
Miroslav Stampar
640ba5d744 minor refactoring 2011-02-22 14:19:39 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
68a95fd1b1 minor update 2011-02-20 22:45:23 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
a3ba8b6928 --dump now works on MaxDB too 2011-02-20 22:07:12 +00:00
Miroslav Stampar
0e512d3c09 minor update for MaxDB 2011-02-20 21:17:16 +00:00
Miroslav Stampar
59e666d16e --is-dba (related) update for Sybase 2011-02-20 17:28:06 +00:00
Miroslav Stampar
4d52f7fc6e minor fix regarding --dump-table on Sybase for --technique=23 2011-02-20 16:58:01 +00:00
Miroslav Stampar
67ec691eb1 more updates regarding Sybase 2011-02-20 16:28:48 +00:00
Miroslav Stampar
cc47737c44 minor update 2011-02-20 16:00:13 +00:00
Miroslav Stampar
2f9227bcce Sybase update (--passwords) 2011-02-20 12:07:32 +00:00
Miroslav Stampar
f30dea74f3 more Sybase updates 2011-02-19 18:36:26 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac some progress regarding SYBASE 2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab minor update regarding Sybase support 2011-02-19 14:07:08 +00:00
Miroslav Stampar
de7ca5a27c minor update 2011-02-19 09:40:41 +00:00
Miroslav Stampar
72fc0a0565 minor refactoring 2011-02-19 09:36:57 +00:00
Miroslav Stampar
5f4ffc9287 update regarding Sybase dumping 2011-02-19 00:36:47 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Bernardo Damele
7253362114 Minor bug fix so that --file-write on MySQL via UNION query now works again 2011-02-11 23:35:45 +00:00
Bernardo Damele
c078de894f Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA 2011-02-10 14:24:04 +00:00
Bernardo Damele
a2c20acf94 Minor fixes once more 2011-02-10 11:34:16 +00:00
Bernardo Damele
d0ddaee3c8 Minor bug fix 2011-02-10 11:28:24 +00:00
Miroslav Stampar
7539881ffa fix for dump on Oracle but we still need to discuss some things around 2011-02-09 14:52:07 +00:00
Miroslav Stampar
caf6220c53 done with implementation for retrieving table names via access system table(s) 2011-02-09 10:50:38 +00:00
Miroslav Stampar
5050a76b59 update regarding reading of table names from access system tables 2011-02-09 10:33:29 +00:00
Bernardo Damele
b48213783a Removed senseless debug messsage 2011-02-08 17:09:35 +00:00
Bernardo Damele
e16bab7117 re-enabled --read-file for MySQL with all techniques 2011-02-08 17:03:57 +00:00
Bernardo Damele
008d434325 Important fix now that the file writing is unescaped too 2011-02-07 00:56:15 +00:00
Bernardo Damele
db77f8b055 Code cleanup 2011-02-06 22:33:08 +00:00
Miroslav Stampar
ecaf5729fd revert 2011-02-06 22:14:18 +00:00
Miroslav Stampar
caaac72029 minor update regarding last commit 2011-02-06 20:15:03 +00:00
Bernardo Damele
8980227d30 Minor bug fix 2011-02-06 15:32:16 +00:00
Bernardo Damele
2afc1e5021 Layout adjustments 2011-02-06 15:28:23 +00:00
Bernardo Damele
a5a648f4fe Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
2011-02-06 15:23:27 +00:00
Miroslav Stampar
14c87ec80d minor fix 2011-02-04 13:29:02 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Bernardo Damele
9fc0bedea8 Minor bug fixes 2011-01-30 21:01:57 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
50969d238b minor update 2011-01-24 17:51:56 +00:00
Miroslav Stampar
0eea5665b2 minor update 2011-01-24 17:41:36 +00:00
Miroslav Stampar
a3e3387113 fix for proper Firebird resume of version 2011-01-24 11:04:32 +00:00
Miroslav Stampar
eb33612736 fix 2011-01-24 10:20:17 +00:00
Bernardo Damele
77999fb39d Allow in --sql-shell to always ('a') retrieve query output.
Minor bug fix in case with --columns it is not possible to retrieve a column datatype.
2011-01-20 21:49:06 +00:00
Bernardo Damele
b1d6040a48 Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside) 2011-01-20 21:46:56 +00:00
Bernardo Damele
50c02fbb37 Done with previous refactoring 2011-01-20 00:01:06 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Bernardo Damele
02b333e30b Minor improvement 2011-01-15 23:54:03 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Bernardo Damele
2d9b151883 Minor bug fix 2011-01-15 10:14:05 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
0676b38063 revert of one thing for Bernardo and minor update 2011-01-10 10:30:17 +00:00
Miroslav Stampar
8e83a26acf minor fix 2011-01-07 17:53:17 +00:00
Bernardo Damele
cc46940159 Minor refactoring 2011-01-07 17:10:32 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7 Mere cosmetics 2011-01-07 16:36:32 +00:00
Miroslav Stampar
8a48baf789 update for a "problem" reported by nightman@email.de where he lost all of large dumped table because in the middle of dumping 401 was raised 2011-01-04 13:23:59 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
8e1927fe31 minor fix 2011-01-02 18:12:18 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
b763feafd9 bug fix (TypeError: object of type 'NoneType' has no len()) 2011-01-02 12:26:31 +00:00
Miroslav Stampar
f0dad2a1e4 minor bug fix (in multiple item search only last item was shown) 2011-01-02 12:23:36 +00:00
Miroslav Stampar
7b9d978cf9 minor fix (database and/or table names with - sign inside needs to be escaped by ` character or will lead to a "SQL syntax") 2011-01-02 11:01:20 +00:00
Miroslav Stampar
73e8a10527 minor fix 2011-01-02 09:12:20 +00:00
Miroslav Stampar
e28b9f26fc minor fix 2011-01-02 08:01:01 +00:00
Miroslav Stampar
26b06bfcfb update (http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html) 2011-01-01 19:38:51 +00:00
Miroslav Stampar
7ea3d060f6 some fixes/updates here and there 2011-01-01 12:41:51 +00:00
Miroslav Stampar
076560f59f bug fix 2010-12-31 12:58:27 +00:00
Miroslav Stampar
5db8ebbfa9 update of mysql comment versions 2010-12-31 12:42:12 +00:00
Miroslav Stampar
40e3489099 minor update 2010-12-31 12:27:57 +00:00
Miroslav Stampar
ce19b0c431 optimization of comment checking in MySQL 2010-12-31 12:21:02 +00:00
Miroslav Stampar
42e7b1b3a7 bug fix 2010-12-30 22:40:37 +00:00
Miroslav Stampar
20e3a6d72f fix/refactor/cosmetics (references: http://www.postgresql.org/docs/6.4/static/release.htm,http://www.postgresql.org/docs/8.2/static/functions-datetime.html#FUNCTIONS-DATETIME-TABLE,http://www.postgresql.org/docs/8.3/static/release-8-3.html) 2010-12-30 21:53:34 +00:00
Miroslav Stampar
7f4acaf6f9 now comment injection fingerprint works with all techniques 2010-12-30 21:24:26 +00:00
Miroslav Stampar
6f17e84e19 minor fix 2010-12-30 08:29:20 +00:00
Miroslav Stampar
a77b186aca minor fix 2010-12-27 16:55:27 +00:00
Miroslav Stampar
5015f04826 minor update 2010-12-27 16:36:05 +00:00
Miroslav Stampar
9c1676bdfa minor cosmetics 2010-12-27 14:44:00 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
3d23f226ae minor update 2010-12-27 11:47:50 +00:00
Miroslav Stampar
68462466f2 minor fix for a bug reported by shaohua pan (argument of type 'NoneType' is not iterable) 2010-12-27 11:36:36 +00:00
Miroslav Stampar
51a492e17d pretty important commit (now dumped tables are prone to dictionary attack) 2010-12-27 10:56:28 +00:00
Miroslav Stampar
c8d5a6b980 update 2010-12-27 00:41:16 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
c4d6a367e9 this way order given in -C is preserved 2010-12-26 14:11:42 +00:00
Miroslav Stampar
c93f2a703d minor update 2010-12-26 14:02:16 +00:00
Miroslav Stampar
e41acb6fc2 further ms access improvements 2010-12-26 02:13:56 +00:00
Miroslav Stampar
2c8115eed9 further improvement for ms access table dumping 2010-12-26 01:04:30 +00:00
Miroslav Stampar
5249762794 update 2010-12-25 16:46:33 +00:00
Miroslav Stampar
fb099615e2 minor update 2010-12-25 11:16:35 +00:00
Miroslav Stampar
9853c1ec7f fix for a bug reported by alessio.dallapiazza@gmail.com (AttributeError: users) 2010-12-25 09:13:57 +00:00
Miroslav Stampar
6845d402fa well, here and there, merry Christmas to all :) 2010-12-24 20:17:53 +00:00
Miroslav Stampar
706d8e0b88 development update (basic ms access dumping implemented) 2010-12-24 19:53:11 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
7c06dbffc3 bug fix (AttributeError: 'unicode' object has no attribute 'sort') 2010-12-22 18:55:50 +00:00
Bernardo Damele
b3da473840 Minor bug fix when --dbs has only one DB name 2010-12-22 14:29:57 +00:00
Bernardo Damele
c9ab8ae60e Bug fix to properly identify if current user is DBA (--is-dba) on MySQL 2010-12-22 14:06:01 +00:00
Miroslav Stampar
c89021f0bb some fixes 2010-12-22 11:46:18 +00:00
Miroslav Stampar
5d25da5135 better way to handle this one 2010-12-22 00:51:20 +00:00
Miroslav Stampar
306501363c fuck, sorry, 0 was OK (STRCMP() returns 0 if the strings are the same) 2010-12-22 00:41:38 +00:00
Miroslav Stampar
d6e6afd6f2 minor fix ("To clarify a bit: STRCMP() is case-insensitive as of MySQL 4.0." - http://bugs.mysql.com/bug.php?id=2102) 2010-12-22 00:38:54 +00:00
Miroslav Stampar
6f2ce15478 minor refactoring 2010-12-22 00:27:21 +00:00
Miroslav Stampar
cb61401c18 bug fix (http://dev.mysql.com/doc/refman/5.0/es/news-5-0-11.html - "Added support of where clause for queries with FROM DUAL") 2010-12-22 00:20:56 +00:00
Miroslav Stampar
f905adb7c1 way better as there is no official release version for FOUND_ROWS() (it appears somewhere in alphas/betas of 4.0.x - i've stumbled upon one site with 4.0.22 and it didn't recognized FOUND_ROWS). 2010-12-21 22:18:27 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe Cosmetics 2010-12-21 09:23:00 +00:00
Miroslav Stampar
03b275ce33 update 2010-12-20 23:27:04 +00:00
Miroslav Stampar
518b3e094c bug fix (http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows) 2010-12-20 23:00:03 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
364bc8e7d4 minor update 2010-12-20 11:25:18 +00:00
Miroslav Stampar
28da1141cf some fixes (for MySQL < 4.0) 2010-12-20 11:23:57 +00:00
Miroslav Stampar
76024c455f minor fix (using older commands for basic MySQL check) 2010-12-20 11:15:43 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
71cf0bd2a5 minor update 2010-12-18 13:08:37 +00:00
Miroslav Stampar
a067e805fa minor update 2010-12-17 22:23:01 +00:00
Miroslav Stampar
108a96c6b4 some fixes 2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd added one more level of MSSQL version check (if first fails for some reason) 2010-12-17 21:01:14 +00:00
Miroslav Stampar
3ee44584d4 i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string') 2010-12-14 12:57:59 +00:00
Miroslav Stampar
4c6e902471 removed obsolete comment 2010-12-14 07:49:30 +00:00
Bernardo Damele
a02dd6b55b Minor enhancement to speedup active dbms fingerprint (-f).
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
e98d9c08e1 dumping table is now possible on Firebird too 2010-12-12 14:38:07 +00:00
Miroslav Stampar
f9bc6fc78f minor fix 2010-12-11 22:14:35 +00:00
Miroslav Stampar
c93634b6c7 blind dumping of tables in sqlite implemented 2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
e6c66fa37c update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available 2010-12-11 17:55:28 +00:00
Miroslav Stampar
1beb1dd2cc minor update 2010-12-11 09:30:38 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Bernardo Damele
7c87ad4065 Minor speedup in -f mysql 2010-12-10 13:05:46 +00:00
Miroslav Stampar
b02bd55edc minor refactoring 2010-12-10 13:04:36 +00:00
Bernardo Damele
d71e51e765 Minor improvement 2010-12-10 11:31:27 +00:00
Bernardo Damele
4741874e9e Enhancement to speedup MySQL fingerprint 2010-12-10 11:27:36 +00:00
Miroslav Stampar
e98b81fe32 another update 2010-12-10 10:56:55 +00:00
Miroslav Stampar
d5e7a8d305 update 2010-12-10 10:54:17 +00:00
Miroslav Stampar
bbffea2cbc bug fix 2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9 code refactoring 2010-12-09 16:49:02 +00:00
Miroslav Stampar
cdff29ada7 update 2010-12-09 11:23:44 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Miroslav Stampar
2cc167a42e fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'" 2010-12-02 18:57:43 +00:00
Miroslav Stampar
bf09b8a6d9 added Firebird error based (WHERE) attack vector 2010-12-02 15:09:21 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
c22338ce90 Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more). 2010-11-29 11:47:58 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
ba4ea32603 first working version of dictionary attack 2010-11-23 13:24:02 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle 2010-11-17 17:20:32 +00:00
Miroslav Stampar
6ef3846400 update regarding error parsing (and reporting) 2010-11-16 10:42:42 +00:00
Bernardo Damele
a34c1b287c Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) 2010-11-12 11:33:11 +00:00
Bernardo Damele
64b5de44a0 Converted to new XML object format 2010-11-12 10:11:13 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c minor update 2010-11-11 22:26:36 +00:00
Miroslav Stampar
be992b4471 update regarding common columns existance check 2010-11-11 17:09:31 +00:00
Miroslav Stampar
4be0631161 refactoring of brute force techniques 2010-11-09 09:42:43 +00:00
Bernardo Damele
dac7436edf Fix inconsistence with -b --error-test 2010-11-08 15:36:07 +00:00
Bernardo Damele
0c8918bf07 Minor bug fix, thanks Alex 2010-11-08 12:45:23 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Bernardo Damele
27ce4b0cf0 Set proper verbose level for dbms direct error messages 2010-11-07 22:14:06 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83 some updates 2010-11-04 23:08:59 +00:00
Miroslav Stampar
c8fe2fa8d8 minor fix 2010-11-04 22:00:14 +00:00
Miroslav Stampar
d7dbf814a0 fix/update for Access 2010-11-04 21:47:21 +00:00
Miroslav Stampar
f74b69cc29 fix (AttributeError: class ICMPsh has no attribute '__init__') 2010-11-04 12:45:33 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
4b56fa4f8f now --tables work for MaxDB 2010-11-02 22:11:45 +00:00
Miroslav Stampar
b761523f3f now --users works for MaxDB too 2010-11-02 21:52:48 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Bernardo Damele
c7c84c3089 Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 15:31:51 +00:00
Bernardo Damele
3596f81e6a Typo 2010-11-02 15:24:02 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Miroslav Stampar
9d2c81baa9 more update for ms access 2010-11-02 11:06:47 +00:00
Miroslav Stampar
6ad8bbfc8e one more ms access update 2010-11-02 10:50:57 +00:00
Miroslav Stampar
c98d8fed83 minor ms access update 2010-11-02 10:13:36 +00:00
Bernardo Damele
486a113560 Consolidate logger messages for --*-test switches 2010-10-31 16:58:38 +00:00
Bernardo Damele
eab331ebd7 Minor bug fix 2010-10-31 13:46:08 +00:00
Bernardo Damele
65a0a8d285 Delegate urlencoding to agent.py only 2010-10-31 13:28:05 +00:00
Bernardo Damele
17e8abe841 Removed useless call to urlencode() 2010-10-31 12:47:22 +00:00
Miroslav Stampar
a921fe0d5d fix for using --banner --stacked-test together 2010-10-29 15:31:24 +00:00
Bernardo Damele
a0df231aa4 Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data 2010-10-29 13:09:53 +00:00
Miroslav Stampar
d75578c81f some update regarding common tables 2010-10-29 09:00:51 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471 Minor bug fixes and enhancements to ICMPsh tunnel 2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136 Adjusted impacket import check 2010-10-27 21:10:56 +00:00
Bernardo Damele
a391be833b Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work. 2010-10-27 21:02:22 +00:00
Bernardo Damele
d554ffc0ae yes, I am quite paranoid with cosmetics 2010-10-27 10:37:54 +00:00
Miroslav Stampar
749e25a217 Implementation of --passwords for Sybase 2010-10-26 21:35:30 +00:00
Bernardo Damele
f5904d0bc0 Major bug fix to --union-test 2010-10-25 23:39:55 +00:00
Miroslav Stampar
8a9a57c709 update for Sybase and major bug fix for --passwords on MSSQL 2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe that Sybase is going to be pain in the ass 2010-10-25 21:43:13 +00:00
Bernardo Damele
debaf2215f Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch 2010-10-25 15:54:45 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
f8850e3f41 update (xml fix and refactoring) 2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924 update for Sybase 2010-10-23 07:37:43 +00:00
Miroslav Stampar
a8e42a4f2b bug fix 2010-10-23 06:42:21 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Miroslav Stampar
24e4429bf6 or better yet, there is no need for _ or *args on getPrivileges (tried with SQLite and MSSql which crashed) 2010-10-21 13:31:06 +00:00
Miroslav Stampar
fe3967bdec fix for --privileges (on MSSql --privileges returned exception) 2010-10-21 13:28:29 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Bernardo Damele
526694c80c Minor fix 2010-10-20 22:24:06 +00:00
Bernardo Damele
e73e06069b Minor code refactoring 2010-10-20 22:09:03 +00:00
Miroslav Stampar
82f44989ce update of error based injection and bug fix for --roles on MSSQL server 2010-10-20 06:40:33 +00:00
Miroslav Stampar
1b376c99a6 removed temp dictionary and replaced with kb.misc 2010-10-19 23:00:19 +00:00
Miroslav Stampar
6a8b1046d4 first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py) 2010-10-19 12:02:04 +00:00
Bernardo Damele
60a1b48194 Major bug fix for --os-pwn 2010-10-17 20:44:16 +00:00
Bernardo Damele
e7c8be1d45 Minor layout adjustments 2010-10-15 15:37:15 +00:00
Miroslav Stampar
8883918ef9 cosmetics 2010-10-15 10:03:51 +00:00
Miroslav Stampar
743e6d2655 cosmetics 2010-10-15 10:02:09 +00:00
Miroslav Stampar
207bef7f19 fix for that SQLite3 vs SQLite2 issue 2010-10-15 09:39:41 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
a63c2c9f7c just a test 2010-10-14 14:16:45 +00:00
Miroslav Stampar
f700692c74 added missing files for Sybase 2010-10-13 18:55:17 +00:00
Miroslav Stampar
47022071cb removed pdb 2010-10-12 19:17:48 +00:00
Miroslav Stampar
b4685aa77c quick fix 2010-10-12 19:16:58 +00:00
Miroslav Stampar
f9f79ffbaf basic stuff for sybase 2010-10-12 19:05:12 +00:00
Miroslav Stampar
1369529103 minor cosmetic update 2010-10-11 13:52:32 +00:00
Miroslav Stampar
8abcdae1b5 some update 2010-09-30 19:45:23 +00:00
Miroslav Stampar
cf8e92699c changes regarding EXISTS feature 2010-09-30 12:35:45 +00:00
Miroslav Stampar
e176b36a7f update 2010-09-24 22:09:33 +00:00
Miroslav Stampar
78ba5da4f7 fix 2010-09-23 22:07:33 +00:00
Miroslav Stampar
18db96c45f fix for bug reported by David Guimaraes (colEntry = entry[index] - IndexError: list index out of range) 2010-09-01 09:25:21 +00:00
Miroslav Stampar
b0ba559af5 minor update 2010-08-31 14:31:17 +00:00
Miroslav Stampar
c4040ab297 fix for Feature #136 2010-08-31 14:25:37 +00:00
Miroslav Stampar
e810fe7b0b no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions 2010-08-31 13:37:53 +00:00
Miroslav Stampar
54f9828e06 implemented active fingerprinting for MaxDB 2010-08-30 14:16:23 +00:00
Miroslav Stampar
48cc87f6a9 added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 13:29:19 +00:00
Bernardo Damele
26d1a07a1d Minor code refactoring and bug fix in the *rare case* that MySQL on Linux runs as root or the plugin dir (/usr/lib/.*?/plugin is world-writable 2010-07-01 10:39:04 +00:00
Bernardo Damele
7c3773a5d7 Minor bug fix to -d 2010-06-30 14:00:49 +00:00
Bernardo Damele
9ea72f9640 Minor bug fixes to -d 2010-06-25 13:24:43 +00:00
Miroslav Stampar
660bf0b077 fix for that struct pack error 2010-06-10 12:14:24 +00:00
Miroslav Stampar
ac55e1b75f fix for localhost firebird direct db access 2010-06-10 12:02:48 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
b380d34d3c Added unicode support also to SQLite (2 and 3) connector - see #184. 2010-05-29 15:35:38 +00:00
Bernardo Damele
0362f4408d Added unicode support also to MSSQL connector - see #184. 2010-05-29 15:29:21 +00:00
Bernardo Damele
1387ed0c25 This %TEMP% is a mere cause of problems (e.g. --os-cmd in MSSQL the BULK INSERT with '%TEMP%\foo' does not work), stick with C:/WINDOWS/Temp 2010-05-29 15:27:49 +00:00
Bernardo Damele
4ba22b5098 Added unicode support also to Oracle connector - see #184. 2010-05-29 12:14:51 +00:00
Bernardo Damele
e98b049e7f Added unicode support also to PostgreSQL connector - see #184. 2010-05-29 11:46:41 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Miroslav Stampar
20d05cc404 way to handle re.I (ignore case) while using getCompiledRegex 2010-05-21 15:03:40 +00:00
Bernardo Damele
f8cdde2d51 Layout adjustment 2010-05-17 16:23:44 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4 Added support to search for tables (--search with -T). See #190. 2010-05-16 20:46:17 +00:00
Bernardo Damele
762781e94d Minor bug fix, %TEMP% is expanded only in xp_cmdshell (MSSQL), so disabled for MySQL/PGSQL 2010-05-13 10:40:15 +00:00
Bernardo Damele
091e0b2e05 Layout adjustment 2010-05-13 09:51:15 +00:00
Miroslav Stampar
2323d858a9 modification of temporary directory from C:/Windows/Temp to %TEMP% 2010-05-13 09:32:27 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190:
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
90d9900371 Minor bug fix to consider --start and --stop also in partial UNION query SQL injection 2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Bernardo Damele
d034bf29ce Add new "hinted" feature to MSSQL's getTables() 2010-04-15 12:09:26 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e Added support to directly connect also to SQLite 2 db file 2010-04-13 22:43:38 +00:00
Miroslav Stampar
4f299f22bf removed timeout keyword which is not supported on linux build 2010-04-13 10:11:14 +00:00
Miroslav Stampar
6762f592c1 direct connection supported only on Windows machines 2010-04-13 08:57:47 +00:00
Miroslav Stampar
939fa5d2c4 some fixes 2010-04-13 08:29:15 +00:00
Bernardo Damele
9e29120603 Minor fix to make MS Access direct access to work also from Linux 2010-04-12 15:52:40 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
758a858785 Minor adjustments 2010-04-06 20:40:14 +00:00
Miroslav Stampar
5556db80db fix for that sqlite thread nagging with undocumented argument check_same_thread 2010-04-06 16:01:37 +00:00
Miroslav Stampar
e2810003ae more update 2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c some update 2010-04-06 14:59:31 +00:00
Bernardo Damele
cad8f61d55 Force pymssql to version >= 1.0.2 2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
d583cc07e7 ms access update 2010-03-30 15:04:55 +00:00
Miroslav Stampar
1973024ebf added support for reusing connections 2010-03-30 13:52:47 +00:00
Miroslav Stampar
f0729565a9 fixes for sqlite 2010-03-30 13:36:23 +00:00
Miroslav Stampar
c2a6f21095 refactoring regarding usage of conf.dbmsConnector.connect() 2010-03-30 13:03:19 +00:00
Miroslav Stampar
88d74a00c1 ms access connector update 2010-03-30 12:48:51 +00:00
Miroslav Stampar
87d8c6719e updates, fixes and stuff 2010-03-30 11:06:30 +00:00
Miroslav Stampar
f04449be03 update 2010-03-29 23:48:21 +00:00
Miroslav Stampar
4dd2cdef47 update 2010-03-27 23:48:12 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
eaa9dd07bc Minor bug fix for --roles 2010-03-26 20:45:22 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180.
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
a63e251b25 Ahead with code refactoring, related to r1502.
Fixed svn:keywords propset to all .py files.
2010-03-23 21:26:45 +00:00
Bernardo Damele
09768a7b62 Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Miroslav Stampar
5f76d27779 minor typo correction 2010-03-13 10:44:24 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Miroslav Stampar
0a2fe651ab some fixes regarding registry reading 2010-03-12 22:09:58 +00:00
Bernardo Damele
18d1d09f1c Minor bug fix 2010-03-12 13:34:46 +00:00
Bernardo Damele
cc611c0010 Minor layout adjustments 2010-03-09 22:14:26 +00:00
Bernardo Damele
5bd8504f21 Newline adjustment 2010-03-04 14:23:52 +00:00
Miroslav Stampar
58d54b6515 added new option --flush-session 2010-03-04 13:01:18 +00:00
Miroslav Stampar
8663b5b68b minor fixes 2010-03-04 09:16:45 +00:00
Miroslav Stampar
b544405878 fixed some issue involving banner parsing 2010-03-04 09:15:26 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
aa62465aad minor update, also for that banner error 2010-03-01 10:49:07 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Bernardo Damele
42f53f380f Now can work 'cause isWindowsPath has been fixed, normalizePath called after ntToPosixSlashes 2010-02-26 12:40:23 +00:00
Bernardo Damele
8c68d25b39 Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all 2010-02-26 12:00:47 +00:00
Bernardo Damele
66c9885b96 Minor path fix 2010-02-26 11:34:48 +00:00
Miroslav Stampar
38a37b89f6 fix for those slashes 2010-02-26 11:07:23 +00:00
Bernardo Damele
89dc99188d --read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Bernardo Damele
f728208ff7 Minor cosmetic fix 2010-02-10 15:51:52 +00:00
Bernardo Damele
5c92fad5dc Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method 2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4 code refactoring regarding path normalization 2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Bernardo Damele
950dba5139 Minor bug fix for --start and --stop 2010-02-02 14:17:39 +00:00
Bernardo Damele
7faefcca88 Minor logging messages adjustments 2010-01-29 23:19:52 +00:00
Bernardo Damele
200518724c By default do not use Churrasco, but still let the user choose it.
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
144dc1b8c4 Show proper warning message when --priv-esc is provided and underlying OS is not Windows 2010-01-28 17:22:17 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Miroslav Stampar
921e449454 added support for cloaking Churrasco.exe file 2010-01-28 00:07:33 +00:00
Bernardo Damele
6437c16156 run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149). 2010-01-26 01:14:44 +00:00
Bernardo Damele
6d697d60b2 Minor adjustment 2010-01-15 18:00:15 +00:00
Bernardo Damele
1d968f51e9 More code refactoring 2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2 Minor code refactoring 2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
746cbdba96 Added support for takeover functionalities on PgSQL 8.4 running on Windows 2010-01-14 01:40:11 +00:00
Bernardo Damele
b4ddfe8333 Minor bug fixed (variable undeclared) 2010-01-13 21:26:59 +00:00
Bernardo Damele
4a72ad113a Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups. 2010-01-12 11:44:47 +00:00
Bernardo Damele
c7e1649655 Minor speedup 2010-01-12 11:43:32 +00:00
Bernardo Damele
3a9f685e18 Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x. 2010-01-12 11:21:28 +00:00
Bernardo Damele
4512ef56d1 Minor bug fixes 2010-01-11 13:06:16 +00:00
Bernardo Damele
80bd146696 Added support for --dump with -C also on MSSQL 2010-01-10 19:12:54 +00:00
Bernardo Damele
e5dc3f51c8 Display a better message for the moment while working on support for --dump -C on MSSQL 2010-01-10 00:30:45 +00:00
Bernardo Damele
6c1b31d93c Adjusted --columns with -C also for Microsoft SQL Server 2010-01-10 00:21:03 +00:00
Bernardo Damele
ef1180c3c2 Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment 2010-01-09 21:39:10 +00:00
Bernardo Damele
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00
Bernardo Damele
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. 2010-01-04 15:02:56 +00:00
Bernardo Damele
2eb24c6368 Avoid useless queries 2010-01-04 12:35:53 +00:00
Bernardo Damele
236ca9b952 Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). 2010-01-04 10:47:09 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
e6c4154cac Fixed minor bug in --reg-del 2009-12-21 11:04:54 +00:00