Commit Graph

147 Commits

Author SHA1 Message Date
Bernardo Damele
05a8c8d3bf Added support to test for stacked queries support and improved check for time based blind sql injection.
Minor bug fix in --save option
2008-12-16 21:30:24 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
072eb7154c Major enhancement to support Partial UNION query SQL injection technique too.
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
15542d2772 Minor layout adjustment 2008-12-05 16:00:18 +00:00
Bernardo Damele
38c9627700 Minor enhancemet to support also --regexp, --excl-str and --excl-reg
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
78e8a83c11 Minor improvement to be able to provide CU as user value (-U) when enumerating
users privileges or users passwords.
2008-12-05 15:32:59 +00:00
Bernardo Damele
7f055924a7 sqlmap 0.6.3-rc4:
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
0f07e33e1a Removed REVISION, makes no sense.
Import and use python psyco library to speed up if it's installed: it's optional.
2008-12-03 17:32:16 +00:00
Bernardo Damele
e3ddbe751f Minor code refactoring 2008-12-02 23:49:38 +00:00
Bernardo Damele
4cb161ce4f Minor signatures adjustments 2008-12-02 23:48:07 +00:00
Bernardo Damele
b700485a1b Minor adjustment, still to work on the cookie urlencoding/decoding 2008-12-02 21:57:12 +00:00
Bernardo Damele
578bcb9140 Initial support for partial UNION query sql injection 2008-12-02 21:56:23 +00:00
Bernardo Damele
f97585c593 Show also SVN revision in error message when a traceback raises.
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
e75487a26c Reverted last commit, cleaner this way 2008-12-01 23:33:15 +00:00
Bernardo Damele
e2a805ef6a Minor workaround because of latest bug fix 2008-12-01 23:32:14 +00:00
Bernardo Damele
a777f1ca35 Minor bug fix 2008-12-01 23:27:51 +00:00
Bernardo Damele
034a3f387a Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters) 2008-12-01 23:09:07 +00:00
Bernardo Damele
3cf1658532 Increased default output level from 0 to 1 2008-12-01 23:07:41 +00:00
Bernardo Damele
428612b431 Comment and layout adjustments 2008-12-01 23:04:01 +00:00
Bernardo Damele
beea58f2e9 Updated MySQL versions 2008-12-01 23:02:52 +00:00
Bernardo Damele
e967b13378 Minor adjustment to command line usage message 2008-11-27 23:06:02 +00:00
Bernardo Damele
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
785352d700 Minor adjustments to signatures 2008-11-27 22:31:43 +00:00
Bernardo Damele
dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
f2737ad0a3 Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file).
Major bug fix in the controller library.
2008-11-22 01:57:22 +00:00
Bernardo Damele
9be844cf3e Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. 2008-11-20 17:56:09 +00:00
Bernardo Damele
80425c9ccd Minor adjustment to ETA feature 2008-11-20 11:13:04 +00:00
Bernardo Damele
8f74fe2ce9 Added new HTTP response headers on which fingerprint web app technology and web server OS.
Updated documentation.
2008-11-19 15:33:39 +00:00
Bernardo Damele
736b2e7323 Minor adjustments to the operating system fingerprint. 2008-11-19 00:36:44 +00:00
Bernardo Damele
727664aea7 Minor enhancement to fingerprint the web server operating system and
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f Major enhancement to the engine to parse XML files and matches on DBMS banner
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
66fb3c3033 Minor enhancement to show the DBMS operating system (if fingerprinted)
also when only -b option is provided since it's an information that
sqlmap get parsing the DBMS banner.
Got rid completely of useless passive fuzzing.
2008-11-17 11:22:03 +00:00
Bernardo Damele
7d7170fc97 Minor code adjustments 2008-11-17 00:13:49 +00:00
Bernardo Damele
654aecedfe Minor layout adjustments, minor fixes and updated changelog 2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.

Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
84cbc60659 Major bug fix to correctly handle httplib.BadStatusLine exception.
Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual.
2008-11-15 12:25:19 +00:00
Bernardo Damele
4bf1fcb8ec Minor layout adjustment 2008-11-15 01:10:29 +00:00
Bernardo Damele
0bd5b52d95 Minor fixes 2008-11-13 00:03:04 +00:00
Bernardo Damele
ecc4a98071 Properly moved and improved inject.goStacked() function and newly
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
9329f8c9c4 Minor enhancement to be able to enumerate table columns and dump table
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
2008-11-12 22:53:25 +00:00
Bernardo Damele
81ed7c2086 Initial implementation of support for stacked queries.
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
13f76cfe3b Adjusted unhandled exception error message 2008-11-11 14:08:40 +00:00
Bernardo Damele
e1385eb2bf Removed useless W3C reference for CSS/HTML validation 2008-11-09 19:00:54 +00:00
Bernardo Damele
0c5d3df546 sqlmap 0.6.3-rc1:
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
544ced52b5 Name adjustment 2008-11-04 19:56:07 +00:00
Bernardo Damele
2a01de3f0b Minor bug fix to correctly dump table entries when the column is provided 2008-11-04 19:54:44 +00:00
Bernardo Damele
be599d5a33 Updated documentation and minor fix in update functionality 2008-11-04 16:33:13 +00:00
Bernardo Damele
359b28bbaf Updated documentation 2008-11-04 16:09:12 +00:00
Bernardo Damele
0f79ec0088 Minor bug fix in MySQL comment injection fingerprint technique 2008-11-04 16:05:43 +00:00