Commit Graph

224 Commits

Author SHA1 Message Date
Bernardo Damele
c078de894f Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA 2011-02-10 14:24:04 +00:00
Bernardo Damele
a2c20acf94 Minor fixes once more 2011-02-10 11:34:16 +00:00
Miroslav Stampar
7539881ffa fix for dump on Oracle but we still need to discuss some things around 2011-02-09 14:52:07 +00:00
Miroslav Stampar
caf6220c53 done with implementation for retrieving table names via access system table(s) 2011-02-09 10:50:38 +00:00
Miroslav Stampar
5050a76b59 update regarding reading of table names from access system tables 2011-02-09 10:33:29 +00:00
Bernardo Damele
b48213783a Removed senseless debug messsage 2011-02-08 17:09:35 +00:00
Bernardo Damele
e16bab7117 re-enabled --read-file for MySQL with all techniques 2011-02-08 17:03:57 +00:00
Bernardo Damele
008d434325 Important fix now that the file writing is unescaped too 2011-02-07 00:56:15 +00:00
Bernardo Damele
2afc1e5021 Layout adjustments 2011-02-06 15:28:23 +00:00
Bernardo Damele
a5a648f4fe Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
2011-02-06 15:23:27 +00:00
Miroslav Stampar
14c87ec80d minor fix 2011-02-04 13:29:02 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Bernardo Damele
9fc0bedea8 Minor bug fixes 2011-01-30 21:01:57 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Bernardo Damele
77999fb39d Allow in --sql-shell to always ('a') retrieve query output.
Minor bug fix in case with --columns it is not possible to retrieve a column datatype.
2011-01-20 21:49:06 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Bernardo Damele
02b333e30b Minor improvement 2011-01-15 23:54:03 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
0676b38063 revert of one thing for Bernardo and minor update 2011-01-10 10:30:17 +00:00
Miroslav Stampar
8e83a26acf minor fix 2011-01-07 17:53:17 +00:00
Bernardo Damele
cc46940159 Minor refactoring 2011-01-07 17:10:32 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7 Mere cosmetics 2011-01-07 16:36:32 +00:00
Miroslav Stampar
8a48baf789 update for a "problem" reported by nightman@email.de where he lost all of large dumped table because in the middle of dumping 401 was raised 2011-01-04 13:23:59 +00:00
Miroslav Stampar
b763feafd9 bug fix (TypeError: object of type 'NoneType' has no len()) 2011-01-02 12:26:31 +00:00
Miroslav Stampar
f0dad2a1e4 minor bug fix (in multiple item search only last item was shown) 2011-01-02 12:23:36 +00:00
Miroslav Stampar
7b9d978cf9 minor fix (database and/or table names with - sign inside needs to be escaped by ` character or will lead to a "SQL syntax") 2011-01-02 11:01:20 +00:00
Miroslav Stampar
e28b9f26fc minor fix 2011-01-02 08:01:01 +00:00
Miroslav Stampar
7ea3d060f6 some fixes/updates here and there 2011-01-01 12:41:51 +00:00
Miroslav Stampar
6f17e84e19 minor fix 2010-12-30 08:29:20 +00:00
Miroslav Stampar
a77b186aca minor fix 2010-12-27 16:55:27 +00:00
Miroslav Stampar
5015f04826 minor update 2010-12-27 16:36:05 +00:00
Miroslav Stampar
9c1676bdfa minor cosmetics 2010-12-27 14:44:00 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
3d23f226ae minor update 2010-12-27 11:47:50 +00:00
Miroslav Stampar
68462466f2 minor fix for a bug reported by shaohua pan (argument of type 'NoneType' is not iterable) 2010-12-27 11:36:36 +00:00
Miroslav Stampar
51a492e17d pretty important commit (now dumped tables are prone to dictionary attack) 2010-12-27 10:56:28 +00:00
Miroslav Stampar
c8d5a6b980 update 2010-12-27 00:41:16 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
c4d6a367e9 this way order given in -C is preserved 2010-12-26 14:11:42 +00:00
Miroslav Stampar
c93f2a703d minor update 2010-12-26 14:02:16 +00:00
Miroslav Stampar
e41acb6fc2 further ms access improvements 2010-12-26 02:13:56 +00:00
Miroslav Stampar
2c8115eed9 further improvement for ms access table dumping 2010-12-26 01:04:30 +00:00