Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c483e91445 
							
						 
					 
					
						
						
							
							added payloads for ORDER BY/GROUP BY time-based injections - issue  #97  
						
						
						
					 
					
						2012-07-17 22:52:28 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							771e7a9fc3 
							
						 
					 
					
						
						
							
							Initial commit for issue  #97  
						
						
						
					 
					
						2012-07-17 10:13:09 +01:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							53c0336b48 
							
						 
					 
					
						
						
							
							added --hostname switch to retrieve DBMS server hostname - closes issue  #69  
						
						
						
					 
					
						2012-07-12 00:01:57 +01:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27fdccc858 
							
						 
					 
					
						
						
							
							Update for Issue  #55  (falling back to SELECT DB_NAME(N))  
						
						
						
					 
					
						2012-07-03 20:15:17 +02:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d35d255ba 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2012-06-11 22:27:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2538e2d5b4 
							
						 
					 
					
						
						
							
							fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring  
						
						
						
					 
					
						2012-05-22 09:33:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a9e266d78 
							
						 
					 
					
						
						
							
							adding revisited wildcard LIKE payloads  
						
						
						
					 
					
						2012-05-21 21:49:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							602369c762 
							
						 
					 
					
						
						
							
							reverting last changes on boundaries  
						
						
						
					 
					
						2012-05-21 09:20:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1500b3fccd 
							
						 
					 
					
						
						
							
							adding a new payload boundaries by smcintyre@securestate.com  
						
						
						
					 
					
						2012-05-21 08:31:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							37f2709197 
							
						 
					 
					
						
						
							
							making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)  
						
						
						
					 
					
						2012-05-09 09:08:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							deec97dfe3 
							
						 
					 
					
						
						
							
							adding Frontbase to error message regexes  
						
						
						
					 
					
						2012-05-08 17:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							57234e1ff5 
							
						 
					 
					
						
						
							
							fix for proper (international character) inference on MsAccess  
						
						
						
					 
					
						2012-05-03 23:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1e45ee9ab6 
							
						 
					 
					
						
						
							
							reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago  
						
						
						
					 
					
						2012-04-25 20:37:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eb73cab636 
							
						 
					 
					
						
						
							
							increased UNION test ranges  
						
						
						
					 
					
						2012-04-23 11:54:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							414c74b8aa 
							
						 
					 
					
						
						
							
							new payload  
						
						
						
					 
					
						2012-04-13 08:16:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1f82d29a36 
							
						 
					 
					
						
						
							
							switch two conditional payloads for proper detection  
						
						
						
					 
					
						2012-04-04 10:11:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d5b4b7996a 
							
						 
					 
					
						
						
							
							minor revert  
						
						
						
					 
					
						2012-04-04 00:09:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							049c27c739 
							
						 
					 
					
						
						
							
							improved detection for INSERT and UPDATE statements  
						
						
						
					 
					
						2012-04-03 23:29:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							40a7232de6 
							
						 
					 
					
						
						
							
							Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings)  
						
						
						
					 
					
						2012-03-30 16:27:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							637a8d8273 
							
						 
					 
					
						
						
							
							improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism  
						
						
						
					 
					
						2012-03-29 14:33:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							772ead8d03 
							
						 
					 
					
						
						
							
							fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values  
						
						
						
					 
					
						2012-03-29 12:44:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							84479eebe9 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2012-03-15 08:55:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							890bf708bc 
							
						 
					 
					
						
						
							
							Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)  
						
						
						
					 
					
						2012-03-15 00:19:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							012fc21b49 
							
						 
					 
					
						
						
							
							Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.  
						
						... 
						
						
						
						Adapted the queries.xml file accordingly 
						
					 
					
						2012-03-09 17:47:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac5a752b12 
							
						 
					 
					
						
						
							
							Oracle's XMLType doesn't like '#' char too  
						
						
						
					 
					
						2012-03-01 11:59:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							686eacda9a 
							
						 
					 
					
						
						
							
							minor update regarding --hex  
						
						
						
					 
					
						2012-02-21 13:38:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							77723a7aee 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2012-02-21 10:24:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d70f4b7150 
							
						 
					 
					
						
						
							
							adding hex conversion functions to queries.xml for 4 major DBMSes  
						
						
						
					 
					
						2012-02-21 10:10:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6632aa7308 
							
						 
					 
					
						
						
							
							some more refactoring  
						
						
						
					 
					
						2012-02-16 13:46:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7bca926a0b 
							
						 
					 
					
						
						
							
							fixes, updates, patches  
						
						
						
					 
					
						2012-02-09 10:16:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f86c365694 
							
						 
					 
					
						
						
							
							added one more failsafe for MSSQL --tables  
						
						
						
					 
					
						2012-02-03 10:56:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f4e7bf1d51 
							
						 
					 
					
						
						
							
							minor update regarding support for Unicode characters in Oracle  
						
						
						
					 
					
						2012-02-01 14:17:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							704488a4e4 
							
						 
					 
					
						
						
							
							proper retrieval of unicode characters in inference mode on MSSQL  
						
						
						
					 
					
						2012-02-01 13:01:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6c2fc7ecc 
							
						 
					 
					
						
						
							
							some refactoring on MSSQL support  
						
						
						
					 
					
						2012-02-01 12:53:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ec9cc19951 
							
						 
					 
					
						
						
							
							Minor bug fixes for -d  
						
						
						
					 
					
						2012-01-13 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f1147035cf 
							
						 
					 
					
						
						
							
							minor concision/beautification update  
						
						
						
					 
					
						2012-01-10 11:50:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fecdce5801 
							
						 
					 
					
						
						
							
							implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too  
						
						
						
					 
					
						2012-01-09 21:09:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f412706fee 
							
						 
					 
					
						
						
							
							minor update for MSSQL --tables (fallback to other method)  
						
						
						
					 
					
						2012-01-03 18:01:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7d2fce16dc 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-12-16 11:40:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cff21814bb 
							
						 
					 
					
						
						
							
							minor patch for MSSQL 2008  
						
						
						
					 
					
						2011-12-16 11:23:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2adf358524 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-12-03 13:17:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							39b406c5c1 
							
						 
					 
					
						
						
							
							fix for --search on Oracle  
						
						
						
					 
					
						2011-12-02 18:13:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							94790bf08a 
							
						 
					 
					
						
						
							
							minor update (removing reference to Microsoft Access for Generic payload)  
						
						
						
					 
					
						2011-12-01 13:25:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							df4e3be191 
							
						 
					 
					
						
						
							
							using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)  
						
						
						
					 
					
						2011-11-23 22:57:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d8047c79f3 
							
						 
					 
					
						
						
							
							reverting back last two commits  
						
						
						
					 
					
						2011-11-22 15:28:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73276c0785 
							
						 
					 
					
						
						
							
							even better (added long before plugins table)  
						
						
						
					 
					
						2011-11-22 15:23:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff07031170 
							
						 
					 
					
						
						
							
							better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)  
						
						
						
					 
					
						2011-11-22 15:20:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bbb7e1562d 
							
						 
					 
					
						
						
							
							adding AGAINST full-text search boundaries  
						
						
						
					 
					
						2011-11-12 14:16:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2e5222bfd8 
							
						 
					 
					
						
						
							
							adding INSERT/UPDATE generic boundaries  
						
						
						
					 
					
						2011-10-28 11:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b6ccc0cc43 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-10-18 14:35:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							597d554153 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-10-18 13:05:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							382db1b67a 
							
						 
					 
					
						
						
							
							degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)  
						
						
						
					 
					
						2011-08-31 20:35:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d283e3eb3c 
							
						 
					 
					
						
						
							
							adding support for pre-WHERE injections  
						
						
						
					 
					
						2011-08-24 09:04:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13eb20cea1 
							
						 
					 
					
						
						
							
							minor beautification  
						
						
						
					 
					
						2011-08-03 10:12:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2e20eb1a88 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-08-03 10:08:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b8e2d60bfa 
							
						 
					 
					
						
						
							
							Added MSSQL 2008 R2 signatures  
						
						
						
					 
					
						2011-07-24 23:42:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							48f580fb10 
							
						 
					 
					
						
						
							
							Minor adjustments to MSSQL fingerprint  
						
						
						
					 
					
						2011-07-24 23:30:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							99a0b62d0d 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2011-07-24 22:26:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ca83305b58 
							
						 
					 
					
						
						
							
							added MySQL updatexml error-based payload  
						
						
						
					 
					
						2011-07-24 21:08:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a89140e1ce 
							
						 
					 
					
						
						
							
							revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)  
						
						
						
					 
					
						2011-07-23 06:07:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4cb9988243 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2011-07-12 21:09:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c9ba58acb6 
							
						 
					 
					
						
						
							
							Moved MS Access UNION query tests after generic as generic test must identify MSSQL  
						
						
						
					 
					
						2011-07-11 09:47:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d31eb5ef7 
							
						 
					 
					
						
						
							
							cosmetics and also tested against testing env - works perfectly  
						
						
						
					 
					
						2011-07-10 09:07:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb42cedf2a 
							
						 
					 
					
						
						
							
							adding extractvalue MySQL >= 5.1 error payload ( http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/ ) - untested (lack of particular ver for testing) and prone to level/risk adjustment  
						
						
						
					 
					
						2011-07-10 08:54:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93219b9e13 
							
						 
					 
					
						
						
							
							i've accidentally left table_schema removed while doing some tests. now it should be ok  
						
						
						
					 
					
						2011-07-08 10:24:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5dd4d4a63 
							
						 
					 
					
						
						
							
							Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection  
						
						
						
					 
					
						2011-07-08 10:19:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c517e97a44 
							
						 
					 
					
						
						
							
							few fixes and minor cosmetics  
						
						
						
					 
					
						2011-07-08 06:02:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							067354b97f 
							
						 
					 
					
						
						
							
							Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access  
						
						
						
					 
					
						2011-07-07 13:20:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9eb683531d 
							
						 
					 
					
						
						
							
							Minor improvement at blind SQL inj technique for DB2  
						
						
						
					 
					
						2011-06-27 22:28:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ed4cfbb6d2 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-06-27 08:58:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bedf16b88b 
							
						 
					 
					
						
						
							
							adding payloads for time-based injection on SAP MaxDB (heavy query)  
						
						
						
					 
					
						2011-06-26 23:46:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d0490cc4e7 
							
						 
					 
					
						
						
							
							adding payloads for time-based injection on DB2 (heavy query)  
						
						
						
					 
					
						2011-06-26 16:38:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							36c96ef796 
							
						 
					 
					
						
						
							
							Added DB2 support - patch provided by Sebastian Bittig  
						
						
						
					 
					
						2011-06-25 09:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b2e6cf3ed9 
							
						 
					 
					
						
						
							
							Enabled --search -C also for Oracle  
						
						
						
					 
					
						2011-06-24 14:34:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4188df0501 
							
						 
					 
					
						
						
							
							fixes for Sybase  
						
						
						
					 
					
						2011-06-15 18:49:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9f6b70f3f9 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-05-26 22:45:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0baf931669 
							
						 
					 
					
						
						
							
							real generic comment is "-- " not "--" (MySQL doesn't support "--")  
						
						
						
					 
					
						2011-05-24 09:16:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							171a4c389b 
							
						 
					 
					
						
						
							
							added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload  
						
						
						
					 
					
						2011-05-23 06:24:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							939e6541d0 
							
						 
					 
					
						
						
							
							far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES)  
						
						
						
					 
					
						2011-05-19 23:36:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bd1b07fbc2 
							
						 
					 
					
						
						
							
							one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL  
						
						
						
					 
					
						2011-05-19 06:32:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7f086916c0 
							
						 
					 
					
						
						
							
							decent parameter replace payload for PostgreSQL (GENERATE_SERIES)  
						
						
						
					 
					
						2011-05-18 23:40:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e58d6d2e00 
							
						 
					 
					
						
						
							
							removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable)  
						
						
						
					 
					
						2011-05-18 23:20:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe50d09cc8 
							
						 
					 
					
						
						
							
							added new payload for PostgreSQL (parameter replace)  
						
						
						
					 
					
						2011-05-18 23:01:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3a8309c4b0 
							
						 
					 
					
						
						
							
							Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches  
						
						
						
					 
					
						2011-05-10 15:34:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aae140080e 
							
						 
					 
					
						
						
							
							SVN roll back, DB2 patch will be recommitted after testing:  
						
						... 
						
						
						
						$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD  https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847  . 
						
					 
					
						2011-05-06 10:27:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6e392b6054 
							
						 
					 
					
						
						
							
							applying contributed patch for DB2  
						
						
						
					 
					
						2011-05-06 09:30:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							36a9ddaacc 
							
						 
					 
					
						
						
							
							Minor bug fixes and code restyling for --privileges and --passwords  
						
						
						
					 
					
						2011-04-30 14:50:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7df954dd9f 
							
						 
					 
					
						
						
							
							paranoy  
						
						
						
					 
					
						2011-04-21 23:41:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0764c4c752 
							
						 
					 
					
						
						
							
							parenthesis were missing; banning OR NOT from payloads  
						
						
						
					 
					
						2011-04-21 23:32:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d61611145 
							
						 
					 
					
						
						
							
							leftover  
						
						
						
					 
					
						2011-04-21 22:46:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							870f773d70 
							
						 
					 
					
						
						
							
							In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this  
						
						
						
					 
					
						2011-04-21 20:36:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05a0e1d3b0 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting)  
						
						
						
					 
					
						2011-04-15 11:34:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							136e85abf3 
							
						 
					 
					
						
						
							
							little refresh of PHPIDS rules for --check-payload  
						
						
						
					 
					
						2011-04-11 15:37:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							75f286cf6d 
							
						 
					 
					
						
						
							
							minor update conformant to  http://dev.mysql.com/doc/refman/4.1/en/comments.html  
						
						
						
					 
					
						2011-04-10 23:41:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3177c6023d 
							
						 
					 
					
						
						
							
							lol. re-revert  
						
						
						
					 
					
						2011-04-10 23:30:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9ea4010508 
							
						 
					 
					
						
						
							
							Leave it as is :)  
						
						
						
					 
					
						2011-04-10 23:20:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3e680978a9 
							
						 
					 
					
						
						
							
							revert of that last commit (waiting for some better days)  
						
						
						
					 
					
						2011-04-10 23:18:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f532478a34 
							
						 
					 
					
						
						
							
							update of MySQL comments  
						
						
						
					 
					
						2011-04-10 23:08:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af096b2c83 
							
						 
					 
					
						
						
							
							Leave it as is!!!  
						
						
						
					 
					
						2011-04-10 21:47:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d0cef21d9c 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2011-04-10 21:19:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6fa2fd139c 
							
						 
					 
					
						
						
							
							implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)  
						
						
						
					 
					
						2011-04-08 15:17:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							02eeeccd33 
							
						 
					 
					
						
						
							
							Added UNION query SQL injection tests also with a random number for columns (not only NULL)  
						
						
						
					 
					
						2011-04-07 13:39:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ca009e9fe2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-04-07 10:43:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							672abc27fd 
							
						 
					 
					
						
						
							
							minor adjustment of livetests for new flavor of --technique  
						
						
						
					 
					
						2011-04-07 10:41:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e27afef6be 
							
						 
					 
					
						
						
							
							minor update regarding --current-db on Oracle  
						
						
						
					 
					
						2011-04-01 15:56:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							60102209f6 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split')  
						
						
						
					 
					
						2011-04-01 11:14:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b7813f9e68 
							
						 
					 
					
						
						
							
							incrementing level for MySQL stacked payloads  
						
						
						
					 
					
						2011-03-29 07:31:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							86f93713d3 
							
						 
					 
					
						
						
							
							fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update  
						
						
						
					 
					
						2011-03-29 06:25:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73e5d20ade 
							
						 
					 
					
						
						
							
							bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)  
						
						
						
					 
					
						2011-03-28 11:01:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5eb7787fc9 
							
						 
					 
					
						
						
							
							adding partial union cases to the live tests  
						
						
						
					 
					
						2011-03-25 15:56:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							670aa7f99b 
							
						 
					 
					
						
						
							
							update for live tests (added dumping of columns and table values)  
						
						
						
					 
					
						2011-03-25 15:37:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e80c9e08d8 
							
						 
					 
					
						
						
							
							minor update regarding --live-test  
						
						
						
					 
					
						2011-03-25 09:03:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							82ab4c8dc2 
							
						 
					 
					
						
						
							
							minor fix (ORDER BY 1 screws things up in blind mode)  
						
						
						
					 
					
						2011-03-24 14:19:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06a5c39efe 
							
						 
					 
					
						
						
							
							fix related to the bug reported by Alone Shell  
						
						
						
					 
					
						2011-03-24 14:03:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cef2c0879d 
							
						 
					 
					
						
						
							
							adding live test cases for --technique=1 too  
						
						
						
					 
					
						2011-03-24 12:19:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							33c01726dd 
							
						 
					 
					
						
						
							
							adding basic live tests for MSSQL too  
						
						
						
					 
					
						2011-03-24 12:01:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2b15ad57c2 
							
						 
					 
					
						
						
							
							basic live tests against 3 major DBMSes  
						
						
						
					 
					
						2011-03-24 11:47:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b72cdfe9e6 
							
						 
					 
					
						
						
							
							fix for mssql regarding usage of schema names reported by jabra@spl0it.org  
						
						
						
					 
					
						2011-03-23 10:40:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c9ccb755 
							
						 
					 
					
						
						
							
							Oracle XML based error payload has problems with char $ as with space  
						
						
						
					 
					
						2011-03-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4889764114 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-03-21 11:40:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5291fe35c9 
							
						 
					 
					
						
						
							
							proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)  
						
						
						
					 
					
						2011-03-21 11:29:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0535225fe7 
							
						 
					 
					
						
						
							
							throwing out obsolete ORDER BY 1 from inband queries  
						
						
						
					 
					
						2011-03-16 14:18:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eedd6a990d 
							
						 
					 
					
						
						
							
							removing space after , for our payloads  
						
						
						
					 
					
						2011-03-08 14:29:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3dc31f6273 
							
						 
					 
					
						
						
							
							removing spaces after , in our queries  
						
						
						
					 
					
						2011-03-08 14:07:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff9080de48 
							
						 
					 
					
						
						
							
							MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL  
						
						
						
					 
					
						2011-02-21 20:59:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08697e60a9 
							
						 
					 
					
						
						
							
							added some Microsoft Access payloads  
						
						
						
					 
					
						2011-02-21 20:04:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3e8c204121 
							
						 
					 
					
						
						
							
							Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba  
						
						
						
					 
					
						2011-02-21 16:00:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68a95fd1b1 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-20 22:45:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aac817935a 
							
						 
					 
					
						
						
							
							further improvement of MaxDB support  
						
						
						
					 
					
						2011-02-20 22:41:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3ba8b6928 
							
						 
					 
					
						
						
							
							--dump now works on MaxDB too  
						
						
						
					 
					
						2011-02-20 22:07:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							59e666d16e 
							
						 
					 
					
						
						
							
							--is-dba (related) update for Sybase  
						
						
						
					 
					
						2011-02-20 17:28:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							67ec691eb1 
							
						 
					 
					
						
						
							
							more updates regarding Sybase  
						
						
						
					 
					
						2011-02-20 16:28:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							823e4351b5 
							
						 
					 
					
						
						
							
							minor change  
						
						
						
					 
					
						2011-02-20 12:34:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f30dea74f3 
							
						 
					 
					
						
						
							
							more Sybase updates  
						
						
						
					 
					
						2011-02-19 18:36:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b71bb321dd 
							
						 
					 
					
						
						
							
							some more Sybase updates  
						
						
						
					 
					
						2011-02-19 18:04:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e0efe453ab 
							
						 
					 
					
						
						
							
							minor update regarding Sybase support  
						
						
						
					 
					
						2011-02-19 14:07:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f4ffc9287 
							
						 
					 
					
						
						
							
							update regarding Sybase dumping  
						
						
						
					 
					
						2011-02-19 00:36:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb11fd173 
							
						 
					 
					
						
						
							
							update regarding multiple DBMS payloads  
						
						
						
					 
					
						2011-02-13 21:20:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							394ccb5cc5 
							
						 
					 
					
						
						
							
							Added query for MSSQL/--privileges  
						
						
						
					 
					
						2011-02-10 15:52:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5050a76b59 
							
						 
					 
					
						
						
							
							update regarding reading of table names from access system tables  
						
						
						
					 
					
						2011-02-09 10:33:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1a5a66870e 
							
						 
					 
					
						
						
							
							problem fixed  
						
						
						
					 
					
						2011-02-07 11:57:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7dcfcca87f 
							
						 
					 
					
						
						
							
							Tests' titles adjustments  
						
						
						
					 
					
						2011-02-06 23:17:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ecb75cc56 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-06 15:14:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f754953c4f 
							
						 
					 
					
						
						
							
							reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded.  
						
						
						
					 
					
						2011-02-06 12:33:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97f9c9d119 
							
						 
					 
					
						
						
							
							bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values  
						
						
						
					 
					
						2011-02-06 12:24:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							27601babb4 
							
						 
					 
					
						
						
							
							Minor adjustments to levels of boundaries  
						
						
						
					 
					
						2011-02-04 11:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76ab14f20f 
							
						 
					 
					
						
						
							
							revert of r3203  
						
						
						
					 
					
						2011-02-04 09:30:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							78d696fd4f 
							
						 
					 
					
						
						
							
							i believe that this one should be the first level 1 boundary  
						
						
						
					 
					
						2011-02-03 21:27:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							64f18724ad 
							
						 
					 
					
						
						
							
							new default UNION test(s) ranges  
						
						
						
					 
					
						2011-02-03 16:26:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4bb7ffcb3a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-03 13:18:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8397c526d8 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2011-01-31 21:20:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f9eac97fe8 
							
						 
					 
					
						
						
							
							refactoring of MSSQL XML banner parsing  
						
						
						
					 
					
						2011-01-31 11:38:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							14de5809ea 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-31 11:08:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5aa958a146 
							
						 
					 
					
						
						
							
							ASCII & CHR is quite common, so removing this one  
						
						
						
					 
					
						2011-01-24 22:51:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a1619f84b6 
							
						 
					 
					
						
						
							
							changing level of last payload  
						
						
						
					 
					
						2011-01-24 22:31:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8155f95b82 
							
						 
					 
					
						
						
							
							new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted")  
						
						
						
					 
					
						2011-01-24 22:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9f76468005 
							
						 
					 
					
						
						
							
							another premiere, yeeej. IDSes, watch yourself :)  
						
						
						
					 
					
						2011-01-24 21:30:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2fb0c946d2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-24 21:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							15645f50d4 
							
						 
					 
					
						
						
							
							world premiere :)  
						
						
						
					 
					
						2011-01-24 21:21:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							440264341c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-24 17:43:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eea5665b2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-24 17:41:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b0dc6c24eb 
							
						 
					 
					
						
						
							
							Moved  
						
						
						
					 
					
						2011-01-24 17:04:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c188996627 
							
						 
					 
					
						
						
							
							patch for possible query optimization (avoid precalculation of 1/0)  
						
						
						
					 
					
						2011-01-24 16:21:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47fa600c04 
							
						 
					 
					
						
						
							
							Minor fix and cosmetics  
						
						
						
					 
					
						2011-01-24 11:12:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db76bcb327 
							
						 
					 
					
						
						
							
							fix for cases when mixing ingres dbms with spanish word "ingresa"  
						
						
						
					 
					
						2011-01-23 11:19:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7bf05bf2cb 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-22 00:12:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6d8d54eda 
							
						 
					 
					
						
						
							
							implemented Johannes Dahse / Reiners' technique  
						
						
						
					 
					
						2011-01-22 00:06:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0743202879 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-21 23:54:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cb0e7080c5 
							
						 
					 
					
						
						
							
							more appropriate name (on  http://websec.wordpress.com/  they use term "conditional" for something very similar, although not stacked)  
						
						
						
					 
					
						2011-01-21 23:47:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4c79477d 
							
						 
					 
					
						
						
							
							world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)  
						
						
						
					 
					
						2011-01-21 18:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							79e4b1efd5 
							
						 
					 
					
						
						
							
							added new signature for SQLite error messages  
						
						
						
					 
					
						2011-01-20 22:47:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6c490bfc8f 
							
						 
					 
					
						
						
							
							Avoid a traceback elsewhere  
						
						
						
					 
					
						2011-01-20 21:43:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7ce49bcf0d 
							
						 
					 
					
						
						
							
							Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this!  
						
						... 
						
						
						
						Adjusted comments accordingly to new UNION-specific tags. 
						
					 
					
						2011-01-20 21:42:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f6d79f58bc 
							
						 
					 
					
						
						
							
							another fix (LIMIT is not a good idea to have in inband queries)  
						
						
						
					 
					
						2011-01-20 21:13:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff1a44c335 
							
						 
					 
					
						
						
							
							probably a fix for that SQLite bug reported by Ahmed Shawky  
						
						
						
					 
					
						2011-01-20 20:30:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a1d77737f5 
							
						 
					 
					
						
						
							
							minor grammar update (this should be a better form)  
						
						
						
					 
					
						2011-01-20 18:35:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81be23976e 
							
						 
					 
					
						
						
							
							Confirmed HAVING payloads work as WHERE ones.  
						
						... 
						
						
						
						Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS.
Proper handling of title for UNION tests when --union-char is provided. 
						
					 
					
						2011-01-18 22:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f7d9b22510 
							
						 
					 
					
						
						
							
							because other major DBMSes have at least one level 1 time based payload  
						
						
						
					 
					
						2011-01-18 20:32:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bdcb10cdab 
							
						 
					 
					
						
						
							
							added MSSQL time based vector  
						
						
						
					 
					
						2011-01-18 02:05:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a358561f 
							
						 
					 
					
						
						
							
							Proper support for --union-cols  
						
						
						
					 
					
						2011-01-17 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb166e9445 
							
						 
					 
					
						
						
							
							adding USER_LOCK stacked query support for ORACLE (older versions)  
						
						
						
					 
					
						2011-01-16 10:31:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f31c028232 
							
						 
					 
					
						
						
							
							Oracle stacked vector based on DBMS_LOCK.SLEEP ( https://foro.undersecurity.net/read.php?46,1436 )  
						
						
						
					 
					
						2011-01-16 10:07:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1b3717c79c 
							
						 
					 
					
						
						
							
							Improvement to make time-based blind to work also against login forms  
						
						
						
					 
					
						2011-01-12 16:20:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d7a7993e0d 
							
						 
					 
					
						
						
							
							Minor comment fix  
						
						
						
					 
					
						2011-01-12 11:57:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2efe7928c0 
							
						 
					 
					
						
						
							
							more concise than previously  
						
						
						
					 
					
						2011-01-02 17:06:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a56934e68b 
							
						 
					 
					
						
						
							
							one more MSSQL/ASPX error banner regex  
						
						
						
					 
					
						2011-01-02 15:36:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6f0c4d857 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-02 15:32:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1d0dde769 
							
						 
					 
					
						
						
							
							added support for .NET banners ( http://msdn.microsoft.com/en-us/library/system.data.sqlclient.aspx )  
						
						
						
					 
					
						2011-01-02 14:46:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93cb75ff65 
							
						 
					 
					
						
						
							
							added Nginx  
						
						
						
					 
					
						2011-01-02 08:50:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ded9798e3d 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-01 23:07:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c3065f6ecc 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-29 20:38:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96c3ffd3d7 
							
						 
					 
					
						
						
							
							changing risk level to 0 - lots of MySQL databases around have information_schema unreadable, thus disabling first AND based error payload  
						
						
						
					 
					
						2010-12-27 19:02:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c8115eed9 
							
						 
					 
					
						
						
							
							further improvement for ms access table dumping  
						
						
						
					 
					
						2010-12-26 01:04:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb099615e2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-25 11:16:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							272476773f 
							
						 
					 
					
						
						
							
							getPageTextWordsSet on tableExists is pretty powerful stuff  
						
						
						
					 
					
						2010-12-25 09:37:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							706d8e0b88 
							
						 
					 
					
						
						
							
							development update (basic ms access dumping implemented)  
						
						
						
					 
					
						2010-12-24 19:53:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							edcf1a0872 
							
						 
					 
					
						
						
							
							few bug fixes  
						
						
						
					 
					
						2010-12-24 18:40:48 +00:00