Miroslav Stampar
bfe8e51b7c
minor fix for retrieving stuff like "SELECT * FROM testdb..users"
2011-05-23 19:45:40 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
db72428765
minor update
2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7
added --cookie for maskSensitiveData too
2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4
minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)
2011-05-18 21:47:40 +00:00
Miroslav Stampar
dfe81cc66f
minor yielding
2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9
minor refactoring
2011-05-16 20:09:12 +00:00
Miroslav Stampar
90e84c9a6d
removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end
2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1
minor improvement
2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b
fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)
2011-05-14 19:57:28 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Bernardo Damele
c58dc4a6d8
isDbmsWithin() must stay like this, no getIdentifiedDbms() in there
2011-05-03 14:13:45 +00:00
Miroslav Stampar
b202d73b46
bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)
2011-05-03 11:09:30 +00:00
Miroslav Stampar
1e6c2fea74
update regarding warning for --random-agent during connection timeout in connection test phase
2011-05-03 10:05:42 +00:00
Bernardo Damele
ac2550535c
Proper fix for --technique=U bug
2011-05-01 23:42:41 +00:00
Bernardo Damele
00f14bec5f
layout adjustment
2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Miroslav Stampar
6bb4dce3aa
minor refactoring
2011-04-29 15:22:32 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
e1a8d268d8
fix for UPX linux/macos
2011-04-21 10:52:34 +00:00
Miroslav Stampar
9ccf720c05
removing funny remark
2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440
layout
2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad
added a comment
2011-04-21 10:01:58 +00:00
Miroslav Stampar
3b133303bf
refactoring
2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864
dealing with http://bugs.python.org/issue1602
2011-04-19 22:33:03 +00:00
Miroslav Stampar
13f8c001a7
minor update
2011-04-19 11:13:53 +00:00
Miroslav Stampar
a7366bf710
SOAP refactoring
2011-04-17 21:39:00 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
8c6f7c7d5f
explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay
2011-04-15 08:52:53 +00:00
Miroslav Stampar
bb99bd2fbe
one more commit related to the issue with displaying of garbled characters
2011-04-14 09:43:36 +00:00
Miroslav Stampar
58a93c5b1f
better beep for MacOSX
2011-04-13 18:32:47 +00:00
Miroslav Stampar
c193b896be
just in case update to prevent gibberish "retrieved: " outputs
2011-04-12 23:07:50 +00:00
Miroslav Stampar
723a7447b2
minor refactoring
2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263
added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics
2011-04-09 22:39:03 +00:00
Miroslav Stampar
83feb097ef
greater flexibility for --batch when default is None
2011-04-08 22:29:50 +00:00
Miroslav Stampar
ae4ea0af45
fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')
2011-04-07 13:57:07 +00:00
Bernardo Damele
05d12790f1
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
2011-04-06 14:41:44 +00:00
Miroslav Stampar
305115a68b
important improvement of data handling (POST data and header values)
2011-04-03 15:02:52 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
156d24203f
speed optimization
2011-03-31 17:16:26 +00:00
Miroslav Stampar
ce51326bff
quick fix
2011-03-31 08:43:17 +00:00
Miroslav Stampar
dd01d66f13
proper update regarding last commit
2011-03-29 22:10:08 +00:00
Miroslav Stampar
b6af80bab3
refactoring, cleanup and improvement
2011-03-29 21:54:15 +00:00
Miroslav Stampar
12f3024c8a
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
2011-03-29 20:45:21 +00:00
Miroslav Stampar
c5b6d377fb
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
2011-03-25 12:14:19 +00:00
Miroslav Stampar
1f1c4c0e61
better update related to the last commit
2011-03-24 20:04:20 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
58e9a074d3
masking some more command line arguments
2011-03-18 16:47:18 +00:00
Miroslav Stampar
00b9d85ffc
fix regarding bug report from andyroyalbattle@yahoo.it
2011-03-18 16:26:39 +00:00
Miroslav Stampar
6cc745f789
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
2011-03-11 20:04:15 +00:00
Miroslav Stampar
16b286982d
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
2011-03-07 09:50:43 +00:00
Miroslav Stampar
f27f05308a
minor update for masking sensitive data in error report (added aCred too)
2011-03-02 10:09:17 +00:00
Miroslav Stampar
2bf212ffa9
minor minor update
2011-02-27 20:43:38 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Miroslav Stampar
88faedc0fe
fix for a bug reported by -insane-
2011-02-26 17:48:19 +00:00
Miroslav Stampar
2bbbc9a41e
few updates
2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1
incorporation of method for neutralization of reflective values
2011-02-25 09:22:44 +00:00
Miroslav Stampar
dcad5410fe
minor refactoring
2011-02-22 12:54:22 +00:00
Miroslav Stampar
6cdf08b81c
minor fix
2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217
--technique can now be something like 123 which includes both techniques 1, 2 and 3
2011-02-17 21:39:16 +00:00
Miroslav Stampar
5fb11fd173
update regarding multiple DBMS payloads
2011-02-13 21:20:21 +00:00
Bernardo Damele
c3eb82e60b
Proper fix
2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588
revert of r3274
2011-02-08 09:44:34 +00:00
Bernardo Damele
cfe2da0195
Minor fix
2011-02-08 00:13:39 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
3719f085ae
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
2011-02-07 00:21:17 +00:00
Miroslav Stampar
4df8a03c04
using OrderedDict to store parameters in order of appearance
2011-02-04 18:07:21 +00:00
Bernardo Damele
fec88f6a6d
Minor fix
2011-02-04 15:57:53 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c229efba05
revert
2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899
minor adjustment (accepting strange new looking uri formats)
2011-02-04 10:55:03 +00:00
Miroslav Stampar
9a1a28c804
adding comments to filtering function
2011-02-03 23:09:08 +00:00
Miroslav Stampar
2dae57a56d
cosmetics
2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Bernardo Damele
3d966bd569
You never know..
2011-02-01 22:05:12 +00:00
Miroslav Stampar
705d45f4db
minor cosmetics
2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75
Just.. cosmetics ;)
2011-01-31 22:51:14 +00:00
Miroslav Stampar
25c175a9a5
minor bug fix
2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313
More detailed message for unhandled exception
2011-01-31 21:23:40 +00:00
Miroslav Stampar
8ef47307db
added checking of header values for GREP (error); still UNION to do
2011-01-31 12:21:17 +00:00
Miroslav Stampar
5e768be509
minor bug fix
2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
2011-01-31 09:28:16 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d
added some more info to unhandled exception message(s)
2011-01-28 16:15:45 +00:00
Miroslav Stampar
81722b6881
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 18:36:28 +00:00
Miroslav Stampar
6cc69f5e16
now --technique is appliable also after the injections have been identified
2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7
minor update of parseTargetUrl method
2011-01-24 14:52:50 +00:00
Miroslav Stampar
b18397fbc7
major revisit of --os-shell methods
2011-01-23 20:47:06 +00:00
Bernardo Damele
7d1c704575
Moved little precaution from checks.py to common.py.
...
Initial refactoring of kb.os* get/set.
2011-01-20 21:56:10 +00:00
Miroslav Stampar
345e2288e1
important fix regarding encoding stuff
2011-01-20 13:54:18 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Miroslav Stampar
aea43a1e43
minor refactoring
2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de
fuck yea
2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709
back to roots
2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1
Code cleanup
2011-01-18 23:05:32 +00:00
Bernardo Damele
47565f9459
Minor code refactoring
2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2
you can't believe how much man can learn when having good testing points
2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa
was wrong about this one (just now tested on a real site)
2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc
proper way to handle this (console output has totally different encoding than the page one)
2011-01-17 10:27:36 +00:00
Miroslav Stampar
2041361695
minor cosmetics
2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81
minor cosmetics
2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f
minor improvement
2011-01-16 20:55:07 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
2001bad7e1
automatic adjustment of timeSec for delayed queries
2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb
slightly faster and thread safer inference
2011-01-16 10:52:42 +00:00
Miroslav Stampar
29ea0950b6
now False is also affected (along with None and "")
2011-01-15 23:43:26 +00:00
Bernardo Damele
558f3894f4
Minor improvement
2011-01-15 23:20:52 +00:00
Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Miroslav Stampar
6a0e0cde3c
code review of modules in lib/core directory
2011-01-15 12:13:45 +00:00
Miroslav Stampar
daf5662eab
update
2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d
Code cleanup
2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51
minor code refactoring
2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7
Minor bug fix
2011-01-14 09:49:14 +00:00
Miroslav Stampar
676b95b30a
minor code refactoring
2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020
Minor bug fix
2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
877ea31521
Verbose docstring
2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555
update
2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62
Cosmetics
2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca
minor update
2011-01-13 11:08:29 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
394b6bc029
reverting some changes
2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a
minor update
2011-01-11 12:08:36 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57
adding openFile method with an exception block around file opening part
2011-01-08 09:30:10 +00:00
Bernardo Damele
e373dac1f2
Cosmetics
2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423
suppress session in case of brute methods
2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
1a079c62cb
minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)
2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54
fixes for bugs reported by pragmatk@gmail.com
2011-01-06 16:59:58 +00:00
Miroslav Stampar
694a65f6f1
minor fix/update
2011-01-05 13:32:40 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
2011-01-03 22:02:58 +00:00
Miroslav Stampar
d19a8d53e4
minor update
2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
da138c46c1
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
2011-01-02 07:37:47 +00:00
Miroslav Stampar
428e817a32
some refactoring
2011-01-01 23:57:27 +00:00
Miroslav Stampar
0e815177c8
minor update
2011-01-01 19:07:40 +00:00
Miroslav Stampar
8f32c740ff
code refactoring
2010-12-29 19:39:32 +00:00
Miroslav Stampar
93838fb155
"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)
2010-12-28 14:40:34 +00:00
Miroslav Stampar
89c2640d23
basic --search now works with MS Access
2010-12-26 23:50:16 +00:00
Miroslav Stampar
ceeb6374e8
bug fix (TypeError: object of type 'NoneType' has no len())
2010-12-26 13:27:24 +00:00
Miroslav Stampar
569e060aab
important improvement
2010-12-26 13:20:52 +00:00
Miroslav Stampar
a555d1ad68
minor improvement
2010-12-26 11:15:02 +00:00
Miroslav Stampar
b472b96f92
bug fix, refactoring and improved extractErrorMessage capabilities
2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
23dc408901
prioritization of tests based on DBMS error messages and some comments in common.py
2010-12-24 10:55:41 +00:00
Miroslav Stampar
d9f08e4aa3
randomization of user agents
2010-12-24 10:04:27 +00:00
Miroslav Stampar
017ea9e686
update
2010-12-23 14:06:22 +00:00
Miroslav Stampar
7c06dbffc3
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
2010-12-22 18:55:50 +00:00
Miroslav Stampar
6c1133c4d4
some code refactoring
2010-12-21 15:13:13 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe
Cosmetics
2010-12-21 09:23:00 +00:00
Miroslav Stampar
116c141dfa
another fix
2010-12-21 00:47:07 +00:00
Miroslav Stampar
8067365b93
fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident')
2010-12-20 23:47:53 +00:00
Miroslav Stampar
8fd3e7ba1f
thread based data added
2010-12-20 22:45:01 +00:00
Miroslav Stampar
c9e8aae8a2
we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads)
2010-12-20 19:34:41 +00:00
Miroslav Stampar
e09bc2406c
minor refactoring
2010-12-20 19:24:20 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a
this is strictly for educational purposes
2010-12-20 17:30:47 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Miroslav Stampar
7cfeb5447b
minor update
2010-12-15 11:46:28 +00:00
Miroslav Stampar
f8a01ddaf8
minor update
2010-12-15 11:21:47 +00:00
Miroslav Stampar
b75d7fa348
minor cache based optimization
2010-12-14 12:22:17 +00:00
Bernardo Damele
cfcee6439e
Cosmetics
2010-12-13 21:55:30 +00:00
Miroslav Stampar
e98d9c08e1
dumping table is now possible on Firebird too
2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5
update regarding dumping of tables with blind on Sqlite
2010-12-11 22:00:16 +00:00
Miroslav Stampar
6a24048aa6
urllib2 doesn't play well with '\n' when non unescaped chars used
2010-12-11 21:17:54 +00:00
Miroslav Stampar
d2a3e8f44f
first time firebird error-based query success
2010-12-11 11:17:24 +00:00
Miroslav Stampar
d5e7a8d305
update
2010-12-10 10:54:17 +00:00
Bernardo Damele
9c61adb21d
Cosmetics
2010-12-09 00:26:06 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
95b48746a6
cosmetics
2010-12-08 14:29:09 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Miroslav Stampar
b21eb88905
minor update
2010-12-07 22:45:38 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Bernardo Damele
effd2ca0e3
Cosmetics
2010-12-07 12:32:58 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
3f9450b9dc
minor fix
2010-12-04 14:43:35 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
b3a094b9d6
fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql')
2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Miroslav Stampar
612ee08a0b
added response time kb attribute
2010-12-03 13:19:34 +00:00
Miroslav Stampar
2cc167a42e
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
2010-12-02 18:57:43 +00:00
Miroslav Stampar
70e87d959e
update of dynamicity engine
2010-11-29 15:14:49 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
6712f4da55
some refactoring and one less request for aspx maintanance during --os-shell
2010-11-24 14:20:43 +00:00
Bernardo Damele
253eafb643
paranoid cosmetics
2010-11-24 12:03:01 +00:00
Miroslav Stampar
b2b521fc8a
gready regex bastard :)
2010-11-24 12:01:36 +00:00
Miroslav Stampar
9579a97039
now ASPX works too for --os-shell
2010-11-24 11:38:27 +00:00
Miroslav Stampar
f9f076ba97
code refactoring
2010-11-23 21:00:42 +00:00
Miroslav Stampar
7877a931d5
more cosmetics regarding dictionary attack
2010-11-23 20:54:40 +00:00
Miroslav Stampar
c4414df594
minor update
2010-11-23 15:33:13 +00:00
Miroslav Stampar
78024eafe0
little precaution
2010-11-23 15:31:23 +00:00
Miroslav Stampar
aa5d038f18
more code refactoring
2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c
code refactoring regarding dictionary attack
2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603
first working version of dictionary attack
2010-11-23 13:24:02 +00:00
Miroslav Stampar
d757e4ae1c
bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)
2010-11-17 09:46:04 +00:00
Miroslav Stampar
2a8e270bef
proper handling of carriage return character from Windows target machines
2010-11-16 15:11:03 +00:00
Miroslav Stampar
ab33651f96
minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)
2010-11-16 15:02:22 +00:00
Miroslav Stampar
3487429eac
minor cosmetics
2010-11-16 14:41:46 +00:00
Miroslav Stampar
e7a66371f8
update regarding os shell-ing regarding JSP and ASPX
2010-11-16 13:46:46 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Bernardo Damele
a777d59870
Minor bug fix
2010-11-12 15:17:12 +00:00
Miroslav Stampar
697b32554c
fix for a bug "ordinal not in range(128)" reported by bugtrace
2010-11-12 11:48:25 +00:00
Bernardo Damele
a34c1b287c
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
2010-11-12 11:33:11 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Miroslav Stampar
7752b5efe9
minor update
2010-11-09 09:51:54 +00:00
Miroslav Stampar
221f976fbd
minor update
2010-11-09 01:23:54 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
a3de10e3a2
new option -t
2010-11-08 11:22:47 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Miroslav Stampar
508b9cc763
dynamicity engine update
2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127
minor update
2010-11-06 08:31:11 +00:00
Miroslav Stampar
06760182f1
cosmetics
2010-11-05 16:08:42 +00:00
Miroslav Stampar
f3e3420677
fix for a bug reported by Marcos Mateos Garcia (ValueError)
2010-11-05 11:34:09 +00:00
Miroslav Stampar
3aba0b1bec
minor update
2010-11-04 12:51:04 +00:00
Miroslav Stampar
18aea251b3
added concept of tamper script priority
2010-11-04 10:29:40 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
2010-11-01 20:56:13 +00:00
Bernardo Damele
c7b374534b
Minor cosmetics
2010-10-31 12:29:00 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Bernardo Damele
b3b2c3864a
Minor code refactoring
2010-10-29 10:51:09 +00:00
Miroslav Stampar
d75578c81f
some update regarding common tables
2010-10-29 09:00:51 +00:00
Bernardo Damele
43de8247ac
Code refactoring
2010-10-27 20:39:50 +00:00
Bernardo Damele
d554ffc0ae
yes, I am quite paranoid with cosmetics
2010-10-27 10:37:54 +00:00
Miroslav Stampar
8803096343
some update regarding beep()
2010-10-26 08:32:58 +00:00
Miroslav Stampar
b9ff91b6e9
update of beep
2010-10-26 06:30:27 +00:00
Miroslav Stampar
9ec9d223e1
minor
2010-10-26 06:08:40 +00:00
Bernardo Damele
7effd0c301
Cosmetics
2010-10-25 22:54:56 +00:00
Miroslav Stampar
73eea81b3a
minor cosmetics
2010-10-25 19:45:53 +00:00
Miroslav Stampar
d7bf94d4d6
fix for --beep
2010-10-25 19:16:42 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Miroslav Stampar
24c5d7b313
code refactoring
2010-10-25 14:06:56 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Bernardo Damele
1288def3b7
Cosmetics
2010-10-22 14:23:14 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Bernardo Damele
d8bfa76dca
Minor possible bug fix
2010-10-20 22:12:53 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Bernardo Damele
3b5c5cc457
Minor possible bug fix
2010-10-20 21:49:05 +00:00
Bernardo Damele
f95098693f
Removed unused functions
2010-10-20 21:16:28 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Bernardo Damele
7b71262de6
Cosmetic fix
2010-10-16 22:07:29 +00:00
Bernardo Damele
84ed7f192a
Cosmetic fixes
2010-10-16 15:10:48 +00:00
Miroslav Stampar
c9f0c75030
removed --space (usage of tampering modules is now a prefered way to do it)
2010-10-15 12:52:33 +00:00
Bernardo Damele
9fcab68700
Minor adjustments
2010-10-15 10:28:06 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
f07608ef4d
show static words in a sorted manner
2010-10-14 12:38:06 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
9a08f7feb8
minor update
2010-10-12 20:01:59 +00:00
Miroslav Stampar
9ffa928783
added some user interaction when page is dynamic
2010-10-12 15:49:04 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
1bf8939e2f
further updates
2010-10-06 22:43:04 +00:00
Miroslav Stampar
de6fa1247b
moved injections to xml format
2010-10-06 22:29:52 +00:00
Miroslav Stampar
cf8e92699c
changes regarding EXISTS feature
2010-09-30 12:35:45 +00:00
Miroslav Stampar
35f35605df
changes regarding Feature #160
2010-09-26 14:02:13 +00:00
Miroslav Stampar
9cd5d3bde7
added new option --space
2010-09-24 21:59:03 +00:00
Miroslav Stampar
abc12bc361
more refactoring
2010-09-15 13:28:56 +00:00
Miroslav Stampar
682872689a
some more refactoring
2010-09-15 12:59:51 +00:00
Miroslav Stampar
91a0b5df3c
minor update
2010-09-15 12:52:28 +00:00
Miroslav Stampar
b699f98cbb
minor refactoring
2010-09-15 12:51:02 +00:00
Miroslav Stampar
77a53228c5
changes regarding dynamic content recognition
2010-09-13 21:01:46 +00:00
Miroslav Stampar
19fb2e3dcf
fix for Bug #165
2010-09-13 13:31:01 +00:00
Miroslav Stampar
61120b0bac
minor comment added
2010-09-09 14:08:53 +00:00
Miroslav Stampar
1b3d287a09
fix for a bug reported by shaohua pan (and one other bug)
2010-09-07 10:21:42 +00:00
Miroslav Stampar
e810fe7b0b
no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions
2010-08-31 13:37:53 +00:00
Miroslav Stampar
f5953bacc0
fix for direct connection parsing (now on windows machines python sqlmap.py -d access://C:\testdb.mdb is valid, while before it wasn't)
2010-08-30 16:35:28 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Miroslav Stampar
2cd8f31003
some doc test samples included
2010-08-20 21:27:47 +00:00
Miroslav Stampar
4edf6ebe00
update for smoke tests
2010-08-20 21:01:51 +00:00
Miroslav Stampar
02523dbfb5
fix of fix
2010-08-09 22:13:56 +00:00
Miroslav Stampar
6eab7997d1
fix for bug reported by dragoun dash (TypeError: sequence item 0: expected string, NoneType found)
2010-08-08 22:25:33 +00:00
Miroslav Stampar
e0fe5d1504
bug fix for error reported by Marek Sarvas (error data)
2010-08-08 21:48:22 +00:00
Miroslav Stampar
7dcc2031ac
smoke test adjustments
2010-07-30 12:57:58 +00:00
Miroslav Stampar
092829c189
implemented basic smoke testing mechanism
2010-07-30 12:49:25 +00:00
Bernardo Damele
8625763c07
Minor code refactoring
2010-06-30 11:22:25 +00:00
Bernardo Damele
8576817a2b
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196 .
2010-06-29 21:07:23 +00:00
Bernardo Damele
7cad3cbda6
Minor code refactoring
2010-06-28 13:47:20 +00:00
Miroslav Stampar
ccfc9b0fec
fix for that bug linux man reported (UnicodeEncodeError inside raw_input)
2010-06-23 07:30:15 +00:00
Bernardo Damele
17e228024b
Minor enhancements and bug fixes to "good samaritan" feature - see #4
2010-06-21 14:40:12 +00:00
Bernardo Damele
fd76f048b6
Added common pattern value support to bisection algorithm
2010-06-17 11:38:32 +00:00
Bernardo Damele
d3c8e461cf
Minor layout adjustments
2010-06-10 14:14:56 +00:00
Miroslav Stampar
ac55e1b75f
fix for localhost firebird direct db access
2010-06-10 12:02:48 +00:00
Miroslav Stampar
9e76b847b3
fix regarding bug discovered by Andreas Constantinides
2010-06-04 17:07:17 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Miroslav Stampar
2fb8bf3b6a
more dump/unicode cleanup
2010-06-02 12:31:36 +00:00
Bernardo Damele
6df2d98fc9
Minor bug fix in common.py goGoodSamaritan().
...
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
db7ede96fd
more updates/fixes
2010-05-31 11:11:53 +00:00
Miroslav Stampar
4bb5885413
some changes regarding --common-outputs feature
2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77
added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)
2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb
Major bug fix in multipartpost and minor adjustments elsewhere
2010-05-28 23:12:20 +00:00
Bernardo Damele
a138dbe5f6
Minor bug fixes and code refactoring
2010-05-28 15:57:43 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Miroslav Stampar
f36e093fa7
minor update
2010-05-28 09:13:50 +00:00
Bernardo Damele
9de1671b8f
Code refactoring and minor bug fixes.
2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e
minor fix/adjustment regarding getCompiledRegex
2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf
some comments added
2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced
some more changes
2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99
more code updates regarding good samaritan (common output) feature
2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024
minor update regarding good samaritan
2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e
new commit regarding good samaritan feature
2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Bernardo Damele
a43eb64c5d
Minor refactoring
2010-05-24 15:46:12 +00:00
Miroslav Stampar
0197f8db5c
code refactoring regarding issue #184
2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac
added support for proper unicode session(s) storage/retrieval
2010-05-24 11:00:49 +00:00
Bernardo Damele
03fb84e29f
Minor enhancement to internal --profile function
2010-05-21 15:06:05 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Bernardo Damele
7ee20480a4
Added a TODO note
2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4
Minor adjustment
2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb
minor adjustments
2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53
minor code adjustment
2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585
in a mood for more changes
2010-05-21 12:44:09 +00:00
Miroslav Stampar
78547bb79e
quick fix
2010-05-21 12:19:20 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Miroslav Stampar
9b91b30b69
minor refactoring
2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530
changes regarding putting of gprof2dot script inside extras and its usage
2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Miroslav Stampar
19a82e151c
minor cleanup
2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a
optimization of CPU intensive sanitizeAsciiString
2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Bernardo Damele
4d46f997a7
Minor bug fix
2010-04-29 13:34:03 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66
Reverted
2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17
Reimported needed imports!
2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95
fix for that takeover bug Ethan Robish posted (Windows/PHP)
2010-04-22 10:31:33 +00:00
Bernardo Damele
2840f20605
Minor bug fix
2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9
some code refactoring
2010-04-16 19:57:00 +00:00
Miroslav Stampar
938a3ab0b9
fix for Bug #183 (--threads dot output)
2010-04-16 13:40:02 +00:00
Bernardo Damele
1ab78ce60e
Added support to directly connect also to SQLite 2 db file
2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f
Minor adjustment
2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947
added some nagging for connection details
2010-04-13 11:00:15 +00:00
Miroslav Stampar
fcceceed45
fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version
2010-04-09 10:40:08 +00:00
Bernardo Damele
cad8f61d55
Force pymssql to version >= 1.0.2
2010-03-31 15:31:11 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
ae3455a0c2
more update
2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075
update
2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e
updates, fixes and stuff
2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
8bab94de64
added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71
2010-03-26 17:18:02 +00:00
Bernardo Damele
f9a135e232
Minor bug fix and layout adjustment regarding --threading and standard output
2010-03-22 17:38:19 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00
Bernardo Damele
5063401130
Minor bug fix, fixes #170
2010-03-15 11:00:14 +00:00
Miroslav Stampar
b544405878
fixed some issue involving banner parsing
2010-03-04 09:15:26 +00:00
Bernardo Damele
a654a426ef
Minor adjustments
2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Bernardo Damele
8c68d25b39
Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all
2010-02-26 12:00:47 +00:00
Bernardo Damele
98496fd173
Show also site in the banner
2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a
Adjusted banner, increased release candidate to rc7
2010-02-25 17:34:54 +00:00
Miroslav Stampar
d95a8850c8
fix
2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8
important update regarding default directories
2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08
Minor code cleanup
2010-02-25 15:16:41 +00:00
Miroslav Stampar
3721451cd6
default dirs update
2010-02-25 14:51:39 +00:00
Miroslav Stampar
9c014c0fd0
minor change
2010-02-20 23:11:05 +00:00
Miroslav Stampar
cef248a5ea
update for that invalid target url Otavio Augusto reported
2010-02-10 12:06:23 +00:00
Miroslav Stampar
00a23ace9a
some changes regarding web takeover
2010-02-09 14:27:41 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Miroslav Stampar
e4699f389d
some bug fixes regarding --os-shell usage against windows servers
2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
...
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
494e014a4a
minor update
2010-02-03 16:04:44 +00:00
Miroslav Stampar
894b9f0f80
minor minor update
2010-02-03 15:15:30 +00:00
Miroslav Stampar
25f1a9c7d0
upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)
2010-02-03 15:06:41 +00:00
Miroslav Stampar
c74b920f54
bug fix
2010-02-03 14:49:28 +00:00
Miroslav Stampar
92817159dc
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
2010-01-29 10:12:09 +00:00
Bernardo Damele
6f5d2ed171
Minor cosmetic adjustments
2010-01-28 17:07:34 +00:00
Miroslav Stampar
732ed48e2b
some refactoring regarding decloaking
2010-01-28 16:50:34 +00:00
Miroslav Stampar
645afee359
some changes
2010-01-28 00:25:36 +00:00
Miroslav Stampar
a4d8234875
minor update
2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488
another fix for Bug #148
2010-01-23 23:29:34 +00:00
Bernardo Damele
4ce3abc56d
Minor adjustments
2010-01-15 17:42:46 +00:00
Miroslav Stampar
5f171340f5
introduced safe string formatting
2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1
minor update
2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4
updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before
2010-01-15 11:44:05 +00:00
Bernardo Damele
6a62a78b0a
More generic
2010-01-08 23:50:06 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00
Bernardo Damele
954a927cee
Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12
2010-01-05 11:43:16 +00:00
Miroslav Stampar
71547a3496
getDocRoot changes
2010-01-05 11:30:33 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16
Minor improvement so that sqlmap tests also all parameters with no value (ig. par=).
2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356
Avoid to upload the web backdoor to unexisting empty-name directory
2009-07-09 11:11:25 +00:00
Bernardo Damele
150abc0f1e
sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.
2009-06-11 15:01:48 +00:00
Bernardo Damele
45dff4a00a
Added new function to search a file within the PATH environment variable paths:
...
it will be used when sqlmap will be packaged as DEB and RPM
2009-05-12 20:24:47 +00:00
Bernardo Damele
57b8bb4c8e
Minor syntax adjustment for web backdoor functionality
2009-04-28 21:51:22 +00:00
Bernardo Damele
1d7de719b9
Almost done with web backdoor functionality
2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
aefa7ef988
Avoid libmagic traceback on Windows.
...
WARNING: this release is a candidate, it only works on Linux/Unices for the moment!
2009-04-22 12:44:16 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
bc448211c5
Minor layout adjustment
2009-01-13 23:15:23 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
072eb7154c
Major enhancement to support Partial UNION query SQL injection technique too.
...
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
a777f1ca35
Minor bug fix
2008-12-01 23:27:51 +00:00
Bernardo Damele
6e548eb2ec
Completed support to get the list of targets from WebScarab/Burp proxies
...
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
dc1f2deb74
Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
...
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
9be844cf3e
Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.
2008-11-20 17:56:09 +00:00
Bernardo Damele
736b2e7323
Minor adjustments to the operating system fingerprint.
2008-11-19 00:36:44 +00:00
Bernardo Damele
727664aea7
Minor enhancement to fingerprint the web server operating system and
...
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f
Major enhancement to the engine to parse XML files and matches on DBMS banner
...
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
654aecedfe
Minor layout adjustments, minor fixes and updated changelog
2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39
Minor enhancement to fingerprint the back-end DBMS operating system (type,
...
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
comment injection fingerprint: MySQL 5.0.67
banner parsing fingerprint: MySQL 5.0.67
html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
9329f8c9c4
Minor enhancement to be able to enumerate table columns and dump table
...
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
2008-11-12 22:53:25 +00:00
Bernardo Damele
91a47246f8
Minor bug fix to correctly handle --start and --stop
2008-11-02 14:39:38 +00:00
Bernardo Damele
f90a7cce28
Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie
2008-10-16 16:31:20 +00:00
Bernardo Damele
a5b2366033
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 15:31:02 +00:00
Bernardo Damele
892a7b2f8a
propsets..
2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00