Miroslav Stampar
|
76b7e3517d
|
minor update
|
2011-03-27 07:58:15 +00:00 |
|
Miroslav Stampar
|
04c4578df7
|
minor fix
|
2011-03-26 05:55:49 +00:00 |
|
Miroslav Stampar
|
58f8703ecd
|
minor update before bedtime
|
2011-03-25 22:59:18 +00:00 |
|
Miroslav Stampar
|
ae12dee990
|
minor update
|
2011-03-25 22:08:54 +00:00 |
|
Miroslav Stampar
|
c9baa0094b
|
going global for protection of non-standard identificator naming
|
2011-03-25 22:02:28 +00:00 |
|
Miroslav Stampar
|
5a1f733a43
|
minor update (_ is part of normal identificator naming)
|
2011-03-25 21:49:20 +00:00 |
|
Miroslav Stampar
|
1a98095a93
|
minor improvement for that MySQL identification naming
|
2011-03-25 21:46:49 +00:00 |
|
Miroslav Stampar
|
48c4460e2c
|
bug fixed (there was a huge problem with space containing identifiers - fixed and tested for MySQL)
|
2011-03-25 21:22:06 +00:00 |
|
Miroslav Stampar
|
af39a441fa
|
minor improvement when --dbs returns no database names (like in many cases with MySQL 4)
|
2011-03-25 19:50:06 +00:00 |
|
Miroslav Stampar
|
f3858a5fcf
|
another fix related to the bug reported by Alone Shell
|
2011-03-24 17:08:14 +00:00 |
|
Miroslav Stampar
|
02379c01a2
|
minor update (will do "schema update" for sybase some other time; that COUNT(*) blew my mind)
|
2011-03-23 11:42:36 +00:00 |
|
Miroslav Stampar
|
0f7bce5c66
|
fixing a huge mess going on because of counting on error and union techniques
|
2011-03-23 11:36:40 +00:00 |
|
Miroslav Stampar
|
7ea45e9032
|
minor update for Sybase regarding last commit
|
2011-03-23 11:04:15 +00:00 |
|
Miroslav Stampar
|
b72cdfe9e6
|
fix for mssql regarding usage of schema names reported by jabra@spl0it.org
|
2011-03-23 10:40:34 +00:00 |
|
Miroslav Stampar
|
5291fe35c9
|
proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)
|
2011-03-21 11:29:43 +00:00 |
|
Bernardo Damele
|
74ef1e53c7
|
Minor bug fixes to --privileges for PostgreSQL query (corner case)
|
2011-03-11 14:54:41 +00:00 |
|
Miroslav Stampar
|
eb1cda7065
|
minor refactoring (more consistent)
|
2011-03-09 12:06:32 +00:00 |
|
Miroslav Stampar
|
62e3510387
|
minor refactoring
|
2011-03-09 11:37:37 +00:00 |
|
Miroslav Stampar
|
16b286982d
|
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
|
2011-03-07 09:50:43 +00:00 |
|
Bernardo Damele
|
7524a0c0cf
|
Proper error message
|
2011-03-04 11:59:09 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
13f0d5ce00
|
minor bug fix
|
2011-02-22 14:51:42 +00:00 |
|
Miroslav Stampar
|
640ba5d744
|
minor refactoring
|
2011-02-22 14:19:39 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
a3ba8b6928
|
--dump now works on MaxDB too
|
2011-02-20 22:07:12 +00:00 |
|
Miroslav Stampar
|
59e666d16e
|
--is-dba (related) update for Sybase
|
2011-02-20 17:28:06 +00:00 |
|
Miroslav Stampar
|
4d52f7fc6e
|
minor fix regarding --dump-table on Sybase for --technique=23
|
2011-02-20 16:58:01 +00:00 |
|
Miroslav Stampar
|
cc47737c44
|
minor update
|
2011-02-20 16:00:13 +00:00 |
|
Miroslav Stampar
|
2f9227bcce
|
Sybase update (--passwords)
|
2011-02-20 12:07:32 +00:00 |
|
Miroslav Stampar
|
f30dea74f3
|
more Sybase updates
|
2011-02-19 18:36:26 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
cec7694aac
|
some progress regarding SYBASE
|
2011-02-19 14:56:58 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
de7ca5a27c
|
minor update
|
2011-02-19 09:40:41 +00:00 |
|
Miroslav Stampar
|
72fc0a0565
|
minor refactoring
|
2011-02-19 09:36:57 +00:00 |
|
Miroslav Stampar
|
5f4ffc9287
|
update regarding Sybase dumping
|
2011-02-19 00:36:47 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Bernardo Damele
|
c078de894f
|
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
|
2011-02-10 14:24:04 +00:00 |
|
Bernardo Damele
|
a2c20acf94
|
Minor fixes once more
|
2011-02-10 11:34:16 +00:00 |
|
Miroslav Stampar
|
7539881ffa
|
fix for dump on Oracle but we still need to discuss some things around
|
2011-02-09 14:52:07 +00:00 |
|
Miroslav Stampar
|
caf6220c53
|
done with implementation for retrieving table names via access system table(s)
|
2011-02-09 10:50:38 +00:00 |
|
Miroslav Stampar
|
5050a76b59
|
update regarding reading of table names from access system tables
|
2011-02-09 10:33:29 +00:00 |
|
Bernardo Damele
|
b48213783a
|
Removed senseless debug messsage
|
2011-02-08 17:09:35 +00:00 |
|
Bernardo Damele
|
e16bab7117
|
re-enabled --read-file for MySQL with all techniques
|
2011-02-08 17:03:57 +00:00 |
|
Bernardo Damele
|
008d434325
|
Important fix now that the file writing is unescaped too
|
2011-02-07 00:56:15 +00:00 |
|
Bernardo Damele
|
2afc1e5021
|
Layout adjustments
|
2011-02-06 15:28:23 +00:00 |
|
Bernardo Damele
|
a5a648f4fe
|
Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
|
2011-02-06 15:23:27 +00:00 |
|
Miroslav Stampar
|
14c87ec80d
|
minor fix
|
2011-02-04 13:29:02 +00:00 |
|
Bernardo Damele
|
e3a3ae11cc
|
Proper return from error-based technique enumeration
|
2011-01-31 21:13:29 +00:00 |
|