Commit Graph

221 Commits

Author SHA1 Message Date
Miroslav Stampar
1e8eb27156 update of doc/THANKS 2011-02-04 14:07:54 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
9fc0bedea8 Minor bug fixes 2011-01-30 21:01:57 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
3bb4ea2c7a THANKS update 2011-01-25 22:29:36 +00:00
Miroslav Stampar
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) 2011-01-25 11:02:41 +00:00
Bernardo Damele
ceca64193b Updated 2011-01-24 14:46:41 +00:00
Bernardo Damele
c1f6bf2eda Updated 2011-01-18 23:14:35 +00:00
Miroslav Stampar
bdcb10cdab added MSSQL time based vector 2011-01-18 02:05:18 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Bernardo Damele
f209b7a65e Updated 2011-01-14 09:56:55 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
1297df66da fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) 2011-01-06 08:04:59 +00:00
Miroslav Stampar
aa81ed4033 implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) 2011-01-04 15:49:20 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
8067365b93 fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') 2010-12-20 23:47:53 +00:00
Miroslav Stampar
e3fa3b0e8e fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint') 2010-12-17 07:48:32 +00:00
Miroslav Stampar
5aee1fd8e0 updated THANKS file 2010-12-08 21:19:46 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle 2010-11-17 17:20:32 +00:00
Bernardo Damele
5e41cd07a3 Updated doc 2010-11-13 23:31:18 +00:00
Bernardo Damele
306e96331d Updated doc 2010-11-12 10:00:49 +00:00
Bernardo Damele
0c8918bf07 Minor bug fix, thanks Alex 2010-11-08 12:45:23 +00:00
Miroslav Stampar
14e9425673 update of doc/THANKS 2010-11-05 16:09:30 +00:00
Miroslav Stampar
7d12dbff41 update of THANKS 2010-11-05 11:36:43 +00:00
Miroslav Stampar
71d0b1bcd7 several bug fixes 2010-11-03 21:51:36 +00:00
Miroslav Stampar
861706fb31 fix for bug reported by ToR (unknown charset 'utf-8, text/html') 2010-11-02 18:01:10 +00:00
Miroslav Stampar
73b33ed765 fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic 2010-11-01 20:56:13 +00:00
Miroslav Stampar
d75578c81f some update regarding common tables 2010-10-29 09:00:51 +00:00
Bernardo Damele
ed1f2da43f Updated 2010-10-27 21:05:58 +00:00
Bernardo Damele
7715ba778b Updated 2010-10-27 14:41:03 +00:00
Bernardo Damele
4ab3edfc94 Updated 2010-10-25 23:40:19 +00:00
Miroslav Stampar
c7578d4ea1 update of THANKS 2010-10-25 16:07:03 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
c5fb4edf3e update of THANKS 2010-10-23 09:25:34 +00:00
Miroslav Stampar
a8e42a4f2b bug fix 2010-10-23 06:42:21 +00:00
Bernardo Damele
22ed09a358 Updated 2010-10-20 21:52:33 +00:00
Miroslav Stampar
5c3d21065a bug fix (reported by nightman) 2010-10-16 21:29:35 +00:00
Miroslav Stampar
2b60304933 update 2010-10-16 21:19:44 +00:00
Bernardo Damele
bd3a791f23 Updated documentation 2010-10-15 10:29:53 +00:00
Miroslav Stampar
2198a60684 bug fix (reported by james@ev6.net) 2010-10-10 20:51:11 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
87abec16bd probable fix for a bug reported by Prashant Jadhav 2010-09-30 18:52:33 +00:00
Miroslav Stampar
7a7938a6da updated THANKS 2010-08-22 08:53:30 +00:00
Miroslav Stampar
f9752137f0 update of THANKS file 2010-08-08 22:28:01 +00:00
Miroslav Stampar
468eeb6ccf update of THANKS 2010-08-08 21:49:27 +00:00
Miroslav Stampar
1d8953ebdb update of THANKS file 2010-08-08 21:25:21 +00:00
Miroslav Stampar
6a6ff09c9a fix for a bug reported by Marek Sarvas 2010-07-26 08:11:28 +00:00
Miroslav Stampar
c39d819dd2 fix for a resume bug reported by Augusto Urbieta 2010-07-20 08:13:02 +00:00
Miroslav Stampar
6d11f86fdd update 2010-07-15 08:51:23 +00:00
Bernardo Damele
82bce81e28 Minor improvements 2010-07-02 13:38:52 +00:00
Bernardo Damele
dc8862a140 Updated 2010-07-01 10:46:59 +00:00
Bernardo Damele
3f2db471f5 Updated thanks 2010-06-30 13:27:07 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Bernardo Damele
887adfcf10 Minor adjustments to extra/ libraries 2010-06-09 21:43:22 +00:00
Miroslav Stampar
01f2dfe33f update 2010-06-04 17:08:32 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
2a1dd492f5 updated THANKS 2010-05-25 10:10:27 +00:00
Miroslav Stampar
d2c03c12fd updated thanks 2010-05-24 20:25:43 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
4c1ad7d8ce added Jose Fonseca (gprof2dot) to THANKS 2010-05-21 10:22:56 +00:00
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Bernardo Damele
107a900f51 Updated 2010-05-03 12:57:17 +00:00
Miroslav Stampar
d8e5585c66 fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError) 2010-04-29 08:30:29 +00:00
Bernardo Damele
3087c27659 Updated doc 2010-04-22 10:37:58 +00:00
Bernardo Damele
e11d511cad Updated doc 2010-04-15 12:12:53 +00:00
Bernardo Damele
e0d0913fc6 Updated doc 2010-04-12 09:34:20 +00:00
Bernardo Damele
822d22299f Updated 2010-04-09 13:48:02 +00:00
Bernardo Damele
bd669dd6fa Updated 2010-04-06 10:32:56 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Bernardo Damele
f0f1176396 Updated THANKS 2010-03-23 21:24:31 +00:00
Bernardo Damele
9e8a108768 Updated 2010-03-22 15:43:38 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
4d53b17320 Updated THANKS 2010-03-10 22:08:54 +00:00
Miroslav Stampar
0acef530ce update 2010-03-01 10:51:17 +00:00
Bernardo Damele
16599cf2cf typo fix 2010-02-16 22:54:22 +00:00
Bernardo Damele
7e0c411c0e Updated THANKS file 2010-02-11 23:46:50 +00:00
Bernardo Damele
22995787d1 Updated THANKS file 2010-02-04 15:24:13 +00:00
Bernardo Damele
232f927dd0 Slightly updated the documentation 2010-01-04 12:53:58 +00:00
Bernardo Damele
d5b1863dec Updated documentation and svn properties 2010-01-02 02:07:28 +00:00
Bernardo Damele
c1c14dabd9 Minor bug fix 2009-12-21 11:21:18 +00:00
Bernardo Damele
e6c4154cac Fixed minor bug in --reg-del 2009-12-21 11:04:54 +00:00
Bernardo Damele
de68a499f5 Typo fix 2009-11-01 12:08:46 +00:00
Bernardo Damele
f1a7d095aa Minor patch to make the PHP web backdoor work also on Windows 2009-10-22 16:25:19 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c Minor bug fix in MSSQL version fingerprint 2009-08-11 09:16:20 +00:00
Bernardo Damele
14578a7a4d Updated THANKS file 2009-07-30 12:02:34 +00:00
Bernardo Damele
e608a5ca55 Updated THANKS file 2009-07-29 10:44:56 +00:00
Bernardo Damele
bc31bd1dd9 Minor bug fix 2009-06-29 10:13:39 +00:00
Bernardo Damele
fd7de4bbb8 Updated THANKS file 2009-06-24 13:57:50 +00:00
Bernardo Damele
cfd8a83655 Minor adjustment to get also the port when parsing burp logs 2009-06-04 14:36:31 +00:00
Bernardo Damele
81d1a767ac Minor bug fix in output manager (dumper) object 2009-05-20 13:56:23 +00:00
Bernardo Damele
37d3b3adda Updated THANKS 2009-05-20 09:58:22 +00:00
Bernardo Damele
f7ee4d578e Updated THANKS file 2009-05-19 15:56:30 +00:00
Bernardo Damele
e8c115500d Now it works also on Mac OS X 2009-04-30 10:46:50 +00:00
Bernardo Damele
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
69259c5984 Updated THANKS 2009-04-23 08:42:57 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
207e96e2b2 Major bug fix in the comparison algorithm to correctly handle also the
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
770e000cb4 Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs 2009-02-02 23:44:19 +00:00
Bernardo Damele
6054090191 sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying. 2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031 Avoid DeprecationWarning with Python 2.6+ 2009-01-22 23:53:01 +00:00
Bernardo Damele
374b9ba878 Updated documentation based upon recent developments 2008-12-21 16:35:45 +00:00
Bernardo Damele
c32ef9d751 Major bug fix to avoid tracebacks when multiple targets are specified and one
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
bb9079aa9d Minor documentation adjustments 2008-12-17 20:58:19 +00:00
Bernardo Damele
9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
38c9627700 Minor enhancemet to support also --regexp, --excl-str and --excl-reg
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7 sqlmap 0.6.3-rc4:
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
8f74fe2ce9 Added new HTTP response headers on which fingerprint web app technology and web server OS.
Updated documentation.
2008-11-19 15:33:39 +00:00
Bernardo Damele
0c5d3df546 sqlmap 0.6.3-rc1:
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
544ced52b5 Name adjustment 2008-11-04 19:56:07 +00:00
Bernardo Damele
2a01de3f0b Minor bug fix to correctly dump table entries when the column is provided 2008-11-04 19:54:44 +00:00
Bernardo Damele
95d2a0fcd1 Updated documentation 2008-11-02 22:25:48 +00:00
Bernardo Damele
4eef34c532 Updated documentation 2008-10-28 00:08:00 +00:00
Bernardo Damele
56383cfaad Updated documentation and removed svn:keyword 2008-10-26 19:12:17 +00:00
Bernardo Damele
fcc16b2346 Updated site, documentation (dev and user) and packaging scripts for 0.6.1 2008-10-20 13:43:18 +00:00
Bernardo Damele
41f8acf0fd Updated documentation 2008-10-16 15:41:26 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00