Bernardo Damele
4b622ed860
Minor bug fix.
...
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
03a6739fbf
Minor layout adjustments
2009-06-11 15:34:31 +00:00
Bernardo Damele
f3e8d6db70
Fixed MySQL comment injection
2009-05-01 16:29:45 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
06e8546177
Finally fixed MSSQL 2000 fingerprint
2009-04-24 10:26:01 +00:00
Bernardo Damele
eeb34eb028
Again, minor fix to MSSQL 2000 fingerprint
2009-04-23 21:13:34 +00:00
Bernardo Damele
8e88b32274
Minor fix in MSSQL 2000 fingerprint
2009-04-23 08:36:39 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
b997df740a
Minor bug fix
2009-02-25 20:11:14 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
e10ab5aa0e
Major bug fixes
2009-01-10 14:39:27 +00:00
Bernardo Damele
9e0d890171
Fixed MySQL 5.1 extensive fingerprint
2009-01-02 23:21:31 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
24ddbdc89d
Minor layout adjustment
2008-12-22 23:34:22 +00:00
Bernardo Damele
b0ad102efb
Better fingerprint technique for Microsoft SQL Server
2008-12-22 23:32:43 +00:00
Bernardo Damele
79c8d63b88
Major speed increase in DBMS basic fingerprint
2008-12-22 23:26:44 +00:00
Bernardo Damele
8d06975142
Major enhancement to make the comparison algorithm work properly also
...
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
38c9627700
Minor enhancemet to support also --regexp, --excl-str and --excl-reg
...
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
e75487a26c
Reverted last commit, cleaner this way
2008-12-01 23:33:15 +00:00
Bernardo Damele
e2a805ef6a
Minor workaround because of latest bug fix
2008-12-01 23:32:14 +00:00
Bernardo Damele
beea58f2e9
Updated MySQL versions
2008-12-01 23:02:52 +00:00
Bernardo Damele
727664aea7
Minor enhancement to fingerprint the web server operating system and
...
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f
Major enhancement to the engine to parse XML files and matches on DBMS banner
...
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
66fb3c3033
Minor enhancement to show the DBMS operating system (if fingerprinted)
...
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
654aecedfe
Minor layout adjustments, minor fixes and updated changelog
2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39
Minor enhancement to fingerprint the back-end DBMS operating system (type,
...
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
comment injection fingerprint: MySQL 5.0.67
banner parsing fingerprint: MySQL 5.0.67
html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
4bf1fcb8ec
Minor layout adjustment
2008-11-15 01:10:29 +00:00
Bernardo Damele
81ed7c2086
Initial implementation of support for stacked queries.
...
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
0f79ec0088
Minor bug fix in MySQL comment injection fingerprint technique
2008-11-04 16:05:43 +00:00
Bernardo Damele
03b90e0a3f
Be more user friendly on messages and minor code layout improvement
2008-11-02 18:23:42 +00:00
Bernardo Damele
09ca578ca1
Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option;
2008-11-02 18:17:12 +00:00
Bernardo Damele
e2a0f7a47b
Fix typo
2008-10-30 23:20:14 +00:00
Bernardo Damele
7ad9639ed0
Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3
2008-10-29 15:32:12 +00:00
Bernardo Damele
2fcbb57e1c
Minor code restyling
2008-10-26 17:00:07 +00:00
Bernardo Damele
4b02ed45fa
Due to last commit..
2008-10-26 16:45:36 +00:00
Bernardo Damele
fce61ff950
Minor if condition adjustment
2008-10-26 16:25:28 +00:00
Bernardo Damele
8f5fb5657d
Major improvement to correctly enumerate tables, columns and dump tables
...
entries on PostgreSQL when the database name is not 'public' or a system
database and on Oracle. Minor code restyle.
2008-10-26 16:19:15 +00:00
Bernardo Damele
892a7b2f8a
propsets..
2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00