Miroslav Stampar
4295a78c5f
minor update
2011-02-10 19:51:34 +00:00
Miroslav Stampar
5b57a69f3e
fix
2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143
first commit with mysql/error/substringing
2011-02-08 16:23:33 +00:00
Miroslav Stampar
99e9412f74
minor update
2011-02-07 12:34:23 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4
More statements to exclude from unescap'ing
2011-02-07 00:33:54 +00:00
Bernardo Damele
2e00656235
Minor fix
2011-02-07 00:20:23 +00:00
Bernardo Damele
f3d6be7868
Code cleanup
2011-02-06 22:32:44 +00:00
Miroslav Stampar
acb986ae80
minor refactoring
2011-02-04 17:40:55 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
e5f54644f0
minor "statistical" update
2011-02-03 16:59:49 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Miroslav Stampar
d6c9515f78
minor update
2011-02-02 13:03:24 +00:00
Miroslav Stampar
e33428b833
adding __findUnionCharCount function
2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f
minor refactoring
2011-02-02 10:10:28 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68
implemented validation for time-based inference
2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c
fix for a bug (--predict-output) noticed by Bernardo
2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b
now union technique parses headers too
2011-01-31 12:41:39 +00:00
Miroslav Stampar
f9eac97fe8
refactoring of MSSQL XML banner parsing
2011-01-31 11:38:00 +00:00
Miroslav Stampar
fc9c626f9e
minor refactoring (removed URL_ENCODE_PAYLOAD)
2011-01-30 17:03:06 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
03413bd5e0
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
2011-01-27 16:55:58 +00:00
Miroslav Stampar
4e5f0da1ae
minor update
2011-01-20 16:07:08 +00:00
Miroslav Stampar
7a060e756d
dummy fix for SQLite schema retrieval (lots of spaces inside)
2011-01-19 23:16:22 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Miroslav Stampar
34d13be0d3
minor update regarding default page encoding
2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1
important fix for unicode based character inference
2011-01-17 10:15:19 +00:00
Miroslav Stampar
0fcca671bd
information update regarding common password suffixes
2011-01-17 09:28:25 +00:00
Miroslav Stampar
5476a8a27e
russian sites are great for testing :)
2011-01-16 19:00:19 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca
update
2011-01-15 15:14:22 +00:00
Bernardo Damele
97ae7e330f
cosmetics
2011-01-07 17:10:58 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
f762f32de8
bug fix for proper --parse-errors on .aspx pages
2011-01-02 13:00:04 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
b472b96f92
bug fix, refactoring and improved extractErrorMessage capabilities
2010-12-25 10:16:20 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
d5eebb1cbf
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
2010-12-24 09:49:19 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
6c1133c4d4
some code refactoring
2010-12-21 15:13:13 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Bernardo Damele
04caef6de0
Tuning
2010-12-13 23:04:26 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
f021548bd0
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
2010-12-11 10:52:04 +00:00
Miroslav Stampar
fe2039f5ba
coollyy little commits
2010-12-10 11:32:46 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Miroslav Stampar
2a8e270bef
proper handling of carriage return character from Windows target machines
2010-11-16 15:11:03 +00:00
Miroslav Stampar
88c00e61d3
another update
2010-11-09 23:35:37 +00:00
Miroslav Stampar
5ebd5d935c
another name change
2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1
name change
2010-11-09 22:48:22 +00:00
Miroslav Stampar
fef60d5cb7
some fixes :)
2010-11-09 22:32:05 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
264e0a6fda
added support for displaying revision number at unhandled exception message
2010-10-19 08:55:14 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
7f5bc5e3fe
Increased version to 0.9-dev
2010-03-15 11:04:57 +00:00
Bernardo Damele
572b6fd920
sqlmap 0.8 stable!
2010-03-15 01:17:27 +00:00
Bernardo Damele
a654a426ef
Minor adjustments
2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
404927d04a
Adjusted banner, increased release candidate to rc7
2010-02-25 17:34:54 +00:00
Bernardo Damele
dcbbad642d
Minor self fix, switched to rc6
2010-01-28 10:27:47 +00:00
Bernardo Damele
c4215ce8d2
Minor code refactoring
2010-01-14 20:42:45 +00:00
Bernardo Damele
f316e722c1
sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
...
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded
Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks!
2009-07-29 10:44:24 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00