sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Bernardo Damele	089c16a1b8	Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. Removed some useless tests. Moved <error> from queries.xml to payloads.xml as it makes more sense. Beeps at sql inj found only if --beep is provided. Minor fix in order to be able to pickle advancedDict() objects. Minor code refactoring. Removed useless folders.	2010-12-01 17:09:52 +00:00
Bernardo Damele	2708aad504	Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.	2010-12-01 10:31:50 +00:00
Bernardo Damele	c8f943f5e4	Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.	2010-11-30 22:40:25 +00:00
Bernardo Damele	6525e08d6b	Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values	2010-11-29 12:13:42 +00:00
Bernardo Damele	75f7df75b6	Minor fix	2010-11-28 23:33:51 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Bernardo Damele	e32be2b4e7	Minor adjustment	2010-11-23 15:06:40 +00:00
Miroslav Stampar	c6545f5c9f	we had a bug (nooooooooo!!!! :))	2010-11-19 10:36:47 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Miroslav Stampar	42272ca78c	minor update	2010-11-11 22:26:36 +00:00
Miroslav Stampar	1a708cf12d	update for ASP/Ingres	2010-11-05 16:21:22 +00:00
Miroslav Stampar	173e893d11	added error message support for Ingres	2010-11-05 16:19:41 +00:00
Miroslav Stampar	3f0a443b83	some updates	2010-11-04 23:08:59 +00:00
Miroslav Stampar	d5fcc9d8b5	few updates/fixes here and there	2010-11-04 08:03:59 +00:00
Miroslav Stampar	977df7276d	minor update	2010-11-03 06:25:24 +00:00
Miroslav Stampar	4b56fa4f8f	now --tables work for MaxDB	2010-11-02 22:11:45 +00:00
Miroslav Stampar	b761523f3f	now --users works for MaxDB too	2010-11-02 21:52:48 +00:00
Miroslav Stampar	cd0d4135ac	implemented --banner for MaxDB and some minor fixes	2010-11-02 20:51:55 +00:00
Miroslav Stampar	49bf34ffd9	minor fix	2010-11-02 18:43:20 +00:00
Bernardo Damele	720e235d9a	Fixed Windows 2003/2008 signatures. Added more old RedHat Server header signatures. Added old Debian etch signature too.	2010-10-31 18:18:49 +00:00
Miroslav Stampar	f7d42af046	some fixes regarding --check-payload	2010-10-29 11:00:23 +00:00
Bernardo Damele	0efecde248	Minor update to properly differentiate Windows 2003 by 2008 via HTTP response headers	2010-10-27 10:09:47 +00:00
Miroslav Stampar	749e25a217	Implementation of --passwords for Sybase	2010-10-26 21:35:30 +00:00
Miroslav Stampar	1b90c1d131	added FreeBSD	2010-10-26 20:48:52 +00:00
Miroslav Stampar	4da2046492	massive update of server fingerprints	2010-10-26 20:00:29 +00:00
Miroslav Stampar	080c5aef80	minor update	2010-10-26 19:08:11 +00:00
Miroslav Stampar	8a9a57c709	update for Sybase and major bug fix for --passwords on MSSQL	2010-10-25 22:11:38 +00:00
Miroslav Stampar	9b56fbafbe	that Sybase is going to be pain in the ass	2010-10-25 21:43:13 +00:00
Miroslav Stampar	228ac0cde5	refactoring regarding --check-payload	2010-10-25 18:38:54 +00:00
Miroslav Stampar	378653a1ec	added IDS payload testing	2010-10-25 15:37:43 +00:00
Miroslav Stampar	aa931efd4d	several MySQL fixes/enhancements pointed out by Anton Mogilin	2010-10-24 22:05:14 +00:00
Miroslav Stampar	68d39d5976	minor minor fix	2010-10-23 09:12:08 +00:00
Miroslav Stampar	32a4350779	update for MaxDB	2010-10-23 09:03:59 +00:00
Miroslav Stampar	98f5586b87	minor update	2010-10-23 08:05:24 +00:00
Miroslav Stampar	f8850e3f41	update (xml fix and refactoring)	2010-10-23 07:44:34 +00:00
Miroslav Stampar	a7a53af924	update for Sybase	2010-10-23 07:37:43 +00:00
Miroslav Stampar	dec4d858b3	fix for Bug #207	2010-10-22 14:01:48 +00:00
Miroslav Stampar	e24bff0497	nice refactoring	2010-10-20 09:46:57 +00:00
Miroslav Stampar	5d3cbec457	no more regex. web server independent.	2010-10-20 09:35:46 +00:00
Miroslav Stampar	b032fdbf74	added randInt to error injection vectors	2010-10-20 08:56:58 +00:00
Miroslav Stampar	f2dae98448	fix for MySQL error queries	2010-10-19 23:30:08 +00:00
Miroslav Stampar	1fce9683f8	now --users work for MSSQL too	2010-10-19 15:05:32 +00:00
Miroslav Stampar	80505de15b	now --users work on Oracle and Postgre (tested)	2010-10-19 14:56:57 +00:00
Miroslav Stampar	4bc541ec3c	error based update	2010-10-19 14:47:13 +00:00
Miroslav Stampar	bf850af2d8	fix for Oracle error based query "space" problem	2010-10-19 14:10:09 +00:00
Miroslav Stampar	878135fe40	minor fix	2010-10-19 14:00:27 +00:00
Miroslav Stampar	6a8b1046d4	first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)	2010-10-19 12:02:04 +00:00
Miroslav Stampar	d123bb741a	added error based queries for MySQL, Postgre, MS SQL and Oracle	2010-10-18 21:26:13 +00:00
Miroslav Stampar	f9f79ffbaf	basic stuff for sybase	2010-10-12 19:05:12 +00:00
Miroslav Stampar	9840d25b55	update of MaxDB queries	2010-10-12 17:04:20 +00:00

1 2 3

125 Commits