Miroslav Stampar
|
95998e3989
|
Implementing undocumented way how to retrieve w+ temporary directory name on MsSQL (suggested by Vlado Velichkovski)
|
2013-01-30 14:38:21 +01:00 |
|
Miroslav Stampar
|
6005046280
|
Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working)
|
2013-01-30 11:36:04 +01:00 |
|
Miroslav Stampar
|
7e73825ece
|
Minor cosmetics
|
2013-01-29 15:34:41 +01:00 |
|
Miroslav Stampar
|
c83f468a37
|
Trivial changes
|
2013-01-23 15:34:20 +01:00 |
|
Miroslav Stampar
|
9825e247db
|
Refactoring search module
|
2013-01-23 14:22:35 +01:00 |
|
Bernardo Damele
|
ff160abf10
|
minor bug fix
|
2013-01-23 13:02:02 +00:00 |
|
Bernardo Damele
|
45af22872a
|
fixes #370 (the bug was introduced with commit edb977a74e )#
|
2013-01-23 13:00:58 +00:00 |
|
Bernardo Damele
|
f4028bd7d2
|
minor adjustment
|
2013-01-23 02:10:38 +00:00 |
|
Bernardo Damele
|
d8a0e7eacb
|
fixes #187
|
2013-01-23 01:27:01 +00:00 |
|
Bernardo Damele
|
bd7fd862b0
|
forgot import
|
2013-01-22 10:16:18 +00:00 |
|
Bernardo Damele
|
edb977a74e
|
bug fix so that if search fails with union/error and blind techniques are available, it falls back to them (like any other enumeration switch) and minor bug fix so that in search mode, the provided table name to search is upped
|
2013-01-22 10:14:35 +00:00 |
|
Bernardo Damele
|
e23340f002
|
added support for search for tables on Firebird (issue #365)
|
2013-01-22 09:53:05 +00:00 |
|
Bernardo Damele
|
e9dea8d394
|
no need to raise an exception if one enumeration fails
|
2013-01-21 17:11:46 +00:00 |
|
Miroslav Stampar
|
f9d330ec98
|
Fix for that Firebird column data types issue (tec=EU)
|
2013-01-21 17:20:46 +01:00 |
|
Miroslav Stampar
|
457217f2d3
|
Fix for an Issue #356
|
2013-01-21 16:46:48 +01:00 |
|
Miroslav Stampar
|
65c55a6a49
|
Fix for escaping single quote character(s)
|
2013-01-21 11:21:41 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Bernardo Damele
|
6f61fc04f1
|
minor bug fix
|
2013-01-20 01:22:25 +00:00 |
|
Bernardo Damele
|
d1acdee9c4
|
fixed --count for DBMSes that are single-database
|
2013-01-18 23:07:16 +00:00 |
|
Bernardo Damele
|
8748cceff3
|
no point enumerating current database for --count on some DBMSes
|
2013-01-18 23:04:28 +00:00 |
|
Bernardo Damele
|
a390c48692
|
code refactoring
|
2013-01-18 23:04:01 +00:00 |
|
Bernardo Damele
|
b80e195c78
|
bug fix for #355
|
2013-01-18 22:10:10 +00:00 |
|
Bernardo Damele
|
f3d7be9200
|
more adjustments for #353
|
2013-01-18 20:44:56 +00:00 |
|
Bernardo Damele
|
2550bbc05e
|
fix for #353
|
2013-01-18 20:40:38 +00:00 |
|
Bernardo Damele
|
f49657eacc
|
minor fix to previous commit
|
2013-01-18 15:10:34 +00:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
e7576a3b11
|
Better naming
|
2013-01-18 11:21:23 +01:00 |
|
Miroslav Stampar
|
caae773b2d
|
Minor removal of redundant code
|
2013-01-18 10:44:57 +01:00 |
|
Bernardo Damele
|
d1b91790f5
|
fixed --count on DB2
|
2013-01-17 22:13:59 +00:00 |
|
Miroslav Stampar
|
14b7e655a9
|
Minor refactoring
|
2013-01-16 16:33:04 +01:00 |
|
Bernardo Damele
|
404ecbcaec
|
typo fix
|
2013-01-15 17:14:58 +00:00 |
|
Miroslav Stampar
|
7a1d484115
|
Implementation for an Issue #340
|
2013-01-15 16:05:33 +01:00 |
|
Bernardo Damele
|
e555c2be30
|
added support for --search -T for SQLite
|
2013-01-14 16:26:11 +00:00 |
|
Bernardo Damele
|
e835a2af9a
|
minor bug fix
|
2013-01-14 13:43:03 +00:00 |
|
Bernardo Damele
|
279f6cb9ce
|
minor bug fix for PostgreSQL --file-read
|
2013-01-14 12:22:15 +00:00 |
|
Bernardo Damele
|
146d9fedf0
|
fix for bug #337
|
2013-01-14 10:24:45 +00:00 |
|
Miroslav Stampar
|
bc4d8d3e02
|
Implementation for an Issue #332
|
2013-01-11 11:17:41 +01:00 |
|
Miroslav Stampar
|
ec4e49d771
|
Minor refactoring
|
2013-01-10 16:09:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
6cfa9cb0b3
|
Removing unused imports
|
2013-01-10 12:15:12 +01:00 |
|
Miroslav Stampar
|
ca1c0c2a1d
|
Minor style update
|
2013-01-10 11:54:07 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Miroslav Stampar
|
55a552ddc4
|
Update for an Issue #24
|
2013-01-08 10:55:25 +01:00 |
|
Miroslav Stampar
|
ad85c4c964
|
Minor refactoring for an Issue #295
|
2013-01-08 10:23:02 +01:00 |
|
Bernardo Damele
|
8ee840bc8e
|
maintained release is on Google code
|
2013-01-07 17:11:14 +00:00 |
|
Miroslav Stampar
|
46e2ad53cd
|
Fix for an Issue #331
|
2013-01-07 16:36:29 +01:00 |
|
Miroslav Stampar
|
ac407ae4a1
|
Implementation for an Issue #295
|
2013-01-07 15:55:40 +01:00 |
|
Miroslav Stampar
|
6270e9337b
|
Minor cosmetics
|
2013-01-07 14:34:20 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
a77b7f00d9
|
Fix for an Issue #323
|
2012-12-23 19:34:35 +01:00 |
|
Miroslav Stampar
|
2fc187489b
|
Removing leftover
|
2012-12-21 14:01:59 +01:00 |
|
Miroslav Stampar
|
35728fa443
|
Fix (and some hidden bug fixes/improvements) regarding an Issue #317
|
2012-12-21 10:51:35 +01:00 |
|
Miroslav Stampar
|
0f62e677b5
|
Minor just in case commit (plural/singular unArrayize())
|
2012-12-21 10:15:42 +01:00 |
|
Miroslav Stampar
|
18f4a916ea
|
Minor fix
|
2012-12-20 14:58:26 +01:00 |
|
Bernardo Damele
|
cefb03c835
|
fixed bug related to issue #223
|
2012-12-19 14:12:09 +00:00 |
|
Bernardo Damele
|
4f0f729982
|
be more specific in standard output message as to whether or not the read file is same as remote file
|
2012-12-19 13:42:56 +00:00 |
|
Bernardo Damele
|
9b422e1e94
|
minor fix for issue #309
|
2012-12-19 09:37:29 +00:00 |
|
Bernardo Damele
|
738dbde16c
|
avoid displaying "do you want to dump" message if no searched columns have been found
|
2012-12-18 18:07:34 +00:00 |
|
Bernardo Damele
|
326ed33f31
|
added support for comma separated list of files for --file-read - fixes issue #223
|
2012-12-18 17:55:21 +00:00 |
|
Bernardo Damele
|
8d9aa2c384
|
minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223
|
2012-12-18 17:49:18 +00:00 |
|
Bernardo Damele
|
9a1eca20b5
|
lowered gravity
|
2012-12-18 16:42:03 +00:00 |
|
Bernardo Damele
|
d1d99d930b
|
proper fix for #306
|
2012-12-18 15:31:30 +00:00 |
|
Bernardo Damele
|
6b1dd05e62
|
reverted
|
2012-12-18 14:51:04 +00:00 |
|
Bernardo Damele
|
e1b7a6350e
|
consistency between --tables and --columns when -T and -C are respectively provided - there was a leftover from when --search called getColumns() as --columns: this is no longer the case (closes issue #306)
|
2012-12-18 14:37:04 +00:00 |
|
Bernardo Damele
|
57412f8475
|
default to --search shall stay LIKE
|
2012-12-18 13:55:26 +00:00 |
|
Miroslav Stampar
|
699a0f756a
|
Minor fix
|
2012-12-18 12:43:23 +01:00 |
|
Miroslav Stampar
|
f56b846864
|
Patch for an Issue #300
|
2012-12-18 09:55:33 +01:00 |
|
Bernardo Damele
|
a00cd9b3ea
|
syntax fix
|
2012-12-17 14:13:34 +00:00 |
|
Bernardo Damele
|
d2bd275652
|
refactoring
|
2012-12-17 14:07:28 +00:00 |
|
Bernardo Damele
|
3c1cead406
|
WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now
|
2012-12-17 14:06:12 +00:00 |
|
Bernardo Damele
|
eb44f30d63
|
minor layout output fix
|
2012-12-17 13:51:46 +00:00 |
|
Miroslav Stampar
|
9e38ccbc3d
|
Removing unused imports
|
2012-12-10 17:47:42 +01:00 |
|
Miroslav Stampar
|
ed1b5d0ada
|
Minor fix
|
2012-12-07 10:57:57 +01:00 |
|
Miroslav Stampar
|
b5c8707323
|
Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL
|
2012-12-06 15:55:33 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
0f191f624c
|
Taking some goodies from Pull request #284
|
2012-12-06 10:21:53 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
d4b5133df7
|
Update for an Issue #272
|
2012-12-04 17:04:32 +01:00 |
|
Miroslav Stampar
|
b250b68231
|
Bug fix (--users was returning only 1 value because of this bug; probably introduced by mistake months ago)
|
2012-11-29 12:02:59 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
a435ba6863
|
Minor fix
|
2012-10-28 00:19:00 +02:00 |
|
Miroslav Stampar
|
0aeb9dbe8b
|
Bug fix (in --dump mode if error/inband failed with None other techniques were ignored)
|
2012-10-27 23:42:52 +02:00 |
|
Miroslav Stampar
|
06805b27f2
|
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
|
2012-10-27 23:16:25 +02:00 |
|
Miroslav Stampar
|
ba55bed008
|
More general approach for PostgreSQL concatenation operator precedence problem (Issue #219)
|
2012-10-25 10:41:16 +02:00 |
|
Miroslav Stampar
|
54fbb22ab8
|
Minor refactoring
|
2012-10-25 09:56:36 +02:00 |
|
Miroslav Stampar
|
c2058dfc8f
|
Fix for an Issue #220
|
2012-10-25 09:42:43 +02:00 |
|
Miroslav Stampar
|
b7429dc6bb
|
Minor fix for an Issue #219
|
2012-10-25 00:15:59 +02:00 |
|
Miroslav Stampar
|
344ef9af7d
|
Language fix (in lots of cases wrong statement 'unable to retrieve columns for any table in database' was reported)
|
2012-10-24 23:38:35 +02:00 |
|
Miroslav Stampar
|
5477c9f7ba
|
Fix for an Issue #216
|
2012-10-24 22:59:46 +02:00 |
|
Miroslav Stampar
|
f25f5c9eeb
|
Minor fix
|
2012-10-23 10:33:30 +02:00 |
|
Miroslav Stampar
|
3f596cda85
|
Minor fix for --dump --technique=B when empty strings are returned
|
2012-10-22 11:49:23 +02:00 |
|
Miroslav Stampar
|
ebe3f4c34c
|
Minor fix
|
2012-10-15 18:51:42 +02:00 |
|
Miroslav Stampar
|
e440b096c5
|
Fix for an Issue #202
|
2012-10-15 12:24:30 +02:00 |
|
Miroslav Stampar
|
f71b937add
|
Minor language cleanup
|
2012-10-04 18:28:36 +02:00 |
|
Miroslav Stampar
|
75990b715d
|
Fix for an Issue #184
|
2012-09-13 10:20:24 +02:00 |
|
Miroslav Stampar
|
959225af55
|
Minor fix
|
2012-09-10 19:28:15 +02:00 |
|
Miroslav Stampar
|
1f49e4ae36
|
Fix for an Issue #179
|
2012-09-10 19:23:24 +02:00 |
|
Miroslav Stampar
|
f26ea04e38
|
Fix for an Issue #175
|
2012-09-07 17:06:38 +02:00 |
|
Miroslav Stampar
|
1bcf5a6b88
|
Some more dict refactorings
|
2012-08-21 11:30:01 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
4649450603
|
Fix for an Issue #137
|
2012-08-16 22:20:24 +02:00 |
|
Miroslav Stampar
|
74ee0ce78a
|
Fix for an Issue #148
|
2012-08-14 23:25:12 +02:00 |
|
Miroslav Stampar
|
b78163f99b
|
Update for Issue #138
|
2012-08-08 19:06:47 +02:00 |
|
Miroslav Stampar
|
20a66567a3
|
Minor refactoring
|
2012-07-30 10:06:14 +02:00 |
|
Miroslav Stampar
|
ffc520b35f
|
Minor refactoring
|
2012-07-24 14:35:56 +02:00 |
|
Bernardo Damele
|
60242f92c5
|
made --search -D on MSSQL consistent with other DBMSes - issue #81
|
2012-07-20 23:37:56 +01:00 |
|
Bernardo Damele
|
7f10b01265
|
same fix as previous commit for blind techniques
|
2012-07-20 22:35:20 +01:00 |
|
Bernardo Damele
|
b54ae107cc
|
major bug fix in --search with multiple -C provided
|
2012-07-20 22:29:48 +01:00 |
|
Bernardo Damele
|
45177cf93d
|
minor restyling
|
2012-07-20 22:29:30 +01:00 |
|
Bernardo Damele
|
16668e1b8d
|
leftover debug message
|
2012-07-20 21:48:29 +01:00 |
|
Bernardo Damele
|
b0ab837832
|
minor code refactoring and implemented issue #95
|
2012-07-20 21:46:36 +01:00 |
|
Bernardo Damele
|
9cb1c4c0d9
|
plugin refactoring - issue #22
|
2012-07-20 19:17:35 +01:00 |
|
Bernardo Damele
|
52431402dd
|
minor fix to avoid cleanup() if web backdoor upload failed
|
2012-07-16 17:58:30 +01:00 |
|
Miroslav Stampar
|
c1a14257a4
|
Removing --disable... switches and making changes in default choice(s) for respectable sections
|
2012-07-16 11:31:51 +02:00 |
|
Miroslav Stampar
|
3f4186ce2c
|
Removing duplicate user password hashes
|
2012-07-14 10:57:46 +02:00 |
|
Miroslav Stampar
|
6677da63cd
|
Fix for an Issue #88
|
2012-07-13 14:25:39 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
cba2a26b68
|
Finishing Issue #75 (inference dumping)
|
2012-07-12 14:46:57 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Miroslav Stampar
|
3fd5119f3f
|
Redesigning for Issue #75
|
2012-07-12 13:42:22 +02:00 |
|
Bernardo Damele
|
fed178646a
|
minor refactoring
|
2012-07-12 01:48:07 +01:00 |
|
Bernardo Damele
|
01474f6272
|
proper debug message added - issue #75
|
2012-07-12 01:19:36 +01:00 |
|
Bernardo Damele
|
ee3aeb8dcf
|
actual implementation of issue #75, still some work to do
|
2012-07-12 01:16:00 +01:00 |
|
Bernardo Damele
|
caeddf6822
|
avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file
|
2012-07-12 00:17:07 +01:00 |
|
Bernardo Damele
|
66d854c7d8
|
leftover space
|
2012-07-12 00:04:56 +01:00 |
|
Bernardo Damele
|
53c0336b48
|
added --hostname switch to retrieve DBMS server hostname - closes issue #69
|
2012-07-12 00:01:57 +01:00 |
|
Bernardo Damele
|
6f6cd676b7
|
clean up the file system from sqlmap created web files
|
2012-07-11 14:07:20 +01:00 |
|
Bernardo Damele
|
0c5f259481
|
var renaming
|
2012-07-11 13:39:33 +01:00 |
|
Miroslav Stampar
|
9c4a62f725
|
Some work on Issue #68
|
2012-07-11 11:58:47 +02:00 |
|
Miroslav Stampar
|
8caffac4bc
|
conf.unescape->kb.unescape
|
2012-07-10 10:55:04 +02:00 |
|
Bernardo Damele
|
4656d23d82
|
increased verbosity level of some messages and removed a leftover
|
2012-07-10 01:43:19 +01:00 |
|
Bernardo Damele
|
00b7411a87
|
more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok
|
2012-07-10 01:39:03 +01:00 |
|
Bernardo Damele
|
2527554f8e
|
more work on #33
|
2012-07-10 00:53:07 +01:00 |
|
Bernardo Damele
|
c4af7b9aa0
|
initial work for issue #33
|
2012-07-10 00:27:08 +01:00 |
|
Bernardo Damele
|
25eca9d671
|
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
|
2012-07-09 14:26:23 +01:00 |
|
Bernardo Damele
|
e673033ac1
|
minor layout adjustment
|
2012-07-06 15:26:45 +01:00 |
|
Bernardo Damele
|
fb7fe552b7
|
proper naming
|
2012-07-06 15:13:50 +01:00 |
|
Miroslav Stampar
|
6a05e3fd79
|
Fix for Issue #61
|
2012-07-06 14:24:44 +02:00 |
|
Miroslav Stampar
|
27fdccc858
|
Update for Issue #55 (falling back to SELECT DB_NAME(N))
|
2012-07-03 20:15:17 +02:00 |
|
Bernardo Damele
|
ab412da27f
|
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
|
2012-07-01 23:25:05 +01:00 |
|
Miroslav Stampar
|
e51d3a02f1
|
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
|
2012-06-28 18:53:47 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
303aa10507
|
only a small update
|
2012-06-27 14:43:18 +02:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
d5e80089ff
|
minor summer cleanup
|
2012-06-14 13:44:16 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
96177393e1
|
minor update regarding --exact switch
|
2012-06-10 13:38:12 +00:00 |
|