sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 03:23:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,244 Commits 4 Branches 117 Tags 97 MiB
41ae9bc7ff
Commit Graph

448 Commits

Author SHA1 Message Date
Miroslav Stampar
ce51326bff quick fix 2011-03-31 08:43:17 +00:00
Miroslav Stampar
0916117447 improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names 2011-03-30 18:32:10 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
1823c116bb minor update for special cases of union testing results 2011-03-28 21:45:38 +00:00
Miroslav Stampar
1119a85f39 it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage) 2011-03-25 21:31:26 +00:00
Miroslav Stampar
6c6133e8aa revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is) 2011-03-25 20:46:37 +00:00
Miroslav Stampar
737b4abf13 this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user) 2011-03-25 20:30:15 +00:00
Miroslav Stampar
422967fbcd just an minor update related to the last commit 2011-03-25 12:21:53 +00:00
Miroslav Stampar
ea52d7acad minor revisit of inference 2011-03-24 20:10:40 +00:00
Miroslav Stampar
0f7bce5c66 fixing a huge mess going on because of counting on error and union techniques 2011-03-23 11:36:40 +00:00
Miroslav Stampar
7613134515 it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic) 2011-03-22 12:37:05 +00:00
Miroslav Stampar
9479a68eb5 minor fix regarding last commit 2011-03-22 12:21:56 +00:00
Miroslav Stampar
c24ed6e622 minor fix related to a bug reported by warninggp@gmail.com 2011-03-22 09:22:48 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
9b1f2d82d0 minor update (that .strip() was a leftover) 2011-03-20 23:20:47 +00:00
Miroslav Stampar
db992a0a86 mssql likes to htmlescape error reports 2011-03-20 23:16:34 +00:00
Bernardo Damele
03fac62592 Minor code restyle 2011-03-17 12:34:29 +00:00
Miroslav Stampar
beba69faa9 implementation of request from Santiago (look for error based responses in redirects) 2011-03-17 09:12:28 +00:00
Miroslav Stampar
847ce863e3 refactoring 2011-03-17 08:54:20 +00:00
Bernardo Damele
d8a76ebe34 Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs 2011-03-11 16:03:19 +00:00
Bernardo Damele
3cb0ca4b63 Minor bug fix for --privileges on PgSQL with error-based SQL inj technique 2011-03-11 15:24:25 +00:00
Bernardo Damele
60605b6e7c Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only) 2011-02-27 12:14:13 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
83d7803ce7 other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2) 2011-02-12 20:03:28 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba More fixes for --common-columns to work against MSSQL too 2011-02-09 17:22:07 +00:00
Miroslav Stampar
917b2b0d6b one more commit related to the previous one 2011-02-09 17:07:02 +00:00
Miroslav Stampar
6c582343fe .. fix 2011-02-09 17:05:06 +00:00
Miroslav Stampar
3de6117253 revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) 2011-02-09 09:53:59 +00:00
Miroslav Stampar
98ca1702ae los cosmeticado 2011-02-08 16:30:32 +00:00
Miroslav Stampar
87e36796c6 just to not cause confusion 2011-02-08 16:29:42 +00:00
Miroslav Stampar
dcb9c93328 minor cleanup 2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
66adf23532 Unbiased approach for searching appropriate usable column 2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) 2011-02-07 16:55:02 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload(). 
Minor code cleanup related to error-based payload.
 2011-02-06 23:27:56 +00:00
Bernardo Damele
9eac2339ca 2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8 more appropriate 2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd new UNION column detection is going into wild 2011-02-03 16:16:38 +00:00
Bernardo Damele
253a8d0679 Minor bug fix 2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314 minor fix 2011-02-03 13:28:10 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. 
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
 2011-02-01 22:07:42 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Miroslav Stampar
777a19cfa9 LOL. removing that debug 'True' 2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631 one more thing ;) 2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667 cosmetics 2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Bernardo Damele
2a0b03e5c6 Unused import 2011-01-30 17:07:27 +00:00
Bernardo Damele
71d82e6f57 Minor layout adjustment 2011-01-30 16:19:58 +00:00
Bernardo Damele
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique 2011-01-30 14:19:50 +00:00
Miroslav Stampar
bc8f1142c9 minor revert 2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
a184a4c772 major of majors bug fix 2011-01-28 14:31:25 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
49aeb41be8 quick bug fix for FALSE positives with UNION based technique 2011-01-27 18:49:44 +00:00
Miroslav Stampar
d3ddaba7be minor refactoring 2011-01-25 13:04:13 +00:00
Miroslav Stampar
5692506131 this was bad thing to have 2011-01-25 01:08:38 +00:00
Miroslav Stampar
8d0c2efbe2 unescaping of char marked payloads 2011-01-24 12:00:16 +00:00
Miroslav Stampar
ff7707579f minor improvement 2011-01-23 11:35:24 +00:00
Miroslav Stampar
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message 2011-01-23 10:51:57 +00:00
Bernardo Damele
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors 2011-01-20 22:02:20 +00:00
Bernardo Damele
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) 2011-01-20 22:01:21 +00:00
Miroslav Stampar
a4a0f10950 minor minor minor 2011-01-20 09:25:34 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
4bdc19d879 minor cosmetics 2011-01-19 22:48:06 +00:00
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. 
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
 2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781 minor fix (for numeric columns with all 0) 2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix. 
Minor code refactoring.
 2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. 
Minor bug fixes thanks to previous refactoring too.
 2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f revert 2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19 minor fix 2011-01-13 15:19:37 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix. 
Minor code restyling.
 2011-01-13 09:41:55 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections. 
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
 2011-01-12 12:01:32 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92 Proper fix to avoid UNION test false positives 2011-01-11 23:59:02 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase. 
Added minor support to escape quotes in UNION payloads during detection phase.
 2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f Major bug fix 2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns. 
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
 2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
 2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
c17714c423 suppress session in case of brute methods 2011-01-07 16:47:46 +00:00
Bernardo Damele
16a06117f7 Mere cosmetics 2011-01-07 16:36:32 +00:00
Miroslav Stampar
c968b438f2 Ctrl+C added to union dump 2011-01-06 09:48:04 +00:00
Miroslav Stampar
0616edcc44 adding progress to --union-test 2011-01-06 09:26:01 +00:00
Miroslav Stampar
8b9a624546 added progress into union based entry retrieval 2011-01-06 09:10:20 +00:00
Miroslav Stampar
7ae5192070 adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data) 2011-01-05 10:25:07 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
c7a160bf72 minor update (users want this to see) 2010-12-27 12:00:54 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
a555d1ad68 minor improvement 2010-12-26 11:15:02 +00:00
Miroslav Stampar
320a6f9efb minor minor update 2010-12-26 09:55:33 +00:00
Miroslav Stampar
17d74fc83c cosmeticado 2010-12-26 09:53:40 +00:00
Miroslav Stampar
eaf4b93856 minor update 2010-12-26 09:40:40 +00:00
Miroslav Stampar
6c72e41972 minor fix/update 2010-12-26 02:19:10 +00:00
Miroslav Stampar
c5c4aae3d5 minor update (to prevent adding too much items) 2010-12-25 10:42:36 +00:00
Miroslav Stampar
ea7ba19f6b minor update 2010-12-25 09:43:14 +00:00
Miroslav Stampar
272476773f getPageTextWordsSet on tableExists is pretty powerful stuff 2010-12-25 09:37:33 +00:00
Miroslav Stampar
6845d402fa well, here and there, merry Christmas to all :) 2010-12-24 20:17:53 +00:00
Miroslav Stampar
edcf1a0872 few bug fixes 2010-12-24 18:40:48 +00:00
Miroslav Stampar
7f7fb93155 cosmetics 2010-12-23 18:44:18 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00
Miroslav Stampar
466d61ee85 minor fix 2010-12-21 14:29:47 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Miroslav Stampar
29001a4fce minor update 2010-12-20 23:21:01 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
f8a01ddaf8 minor update 2010-12-15 11:21:47 +00:00