Bernardo Damele
8b9706656e
Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
...
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Bernardo Damele
9d7087e2ff
Proper saving and resuming when more than a parameter are injectable.
...
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
f9f076ba97
code refactoring
2010-11-23 21:00:42 +00:00
Miroslav Stampar
4af000e699
minor language update (in testing phase "used" is more preferable than "provided")
2010-11-23 15:11:15 +00:00
Bernardo Damele
c23126547e
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
2010-11-19 14:56:20 +00:00
Bernardo Damele
4a9bd3a240
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 17:55:43 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
71cb982039
Another bug fix to --union-test
2010-11-15 21:42:56 +00:00
Bernardo Damele
0bfc1b411a
Another bug fix for --union-test
2010-11-14 15:39:57 +00:00
Bernardo Damele
8d07272c82
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
...
Now stores/resumes also the exact UNION payload to session file.
2010-11-13 23:24:41 +00:00
Bernardo Damele
df5dc10111
Major enhancement to --union-test check
2010-11-13 22:47:37 +00:00
Miroslav Stampar
42272ca78c
minor update
2010-11-11 22:26:36 +00:00
Miroslav Stampar
8aefd0bbf7
improvement of --common-tables and --common-columns
2010-11-11 20:37:25 +00:00
Miroslav Stampar
b43334165d
update regarding brute forcing
2010-11-09 16:53:33 +00:00
Miroslav Stampar
a7fa8d4975
update regarding brute force retrieval of table names and table column names
2010-11-09 16:15:55 +00:00
Miroslav Stampar
4be0631161
refactoring of brute force techniques
2010-11-09 09:42:43 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
ea1b0d31be
Avoid displaying single retrieved character when --verbose > 2
2010-11-07 22:42:56 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
63af5444fd
fix (NameError: global name 'DBMS' is not defined)
2010-11-04 12:47:34 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
2010-11-01 20:56:13 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
4d70f2c210
reverting back to 100
2010-10-26 15:42:54 +00:00
Miroslav Stampar
8211e6a2bd
possible
2010-10-26 11:29:09 +00:00
Bernardo Damele
9b127e58d2
Adjusted for MySQL weirdness
2010-10-26 09:33:18 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
db260c44d3
minor update
2010-10-24 22:25:05 +00:00
Miroslav Stampar
aa931efd4d
several MySQL fixes/enhancements pointed out by Anton Mogilin
2010-10-24 22:05:14 +00:00
Miroslav Stampar
98f5586b87
minor update
2010-10-23 08:05:24 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Bernardo Damele
c60edf7c17
Minor cosmetics
2010-10-20 22:43:02 +00:00
Bernardo Damele
430bb7478f
Minor bug fix
2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee
fix for NULL values
2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402
fix/upgrade/chicken soup
2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d
code refactoring
2010-10-20 09:09:04 +00:00
Bernardo Damele
0817d1b78d
Cosmetics
2010-10-19 23:09:30 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Bernardo Damele
64b9f94fcf
Renamed --common-prediction switch to --predict-output
2010-10-16 23:50:13 +00:00
Bernardo Damele
2129935e06
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
...
Minor enhancement
2010-10-16 21:52:16 +00:00
Miroslav Stampar
1336b97c2c
removed --useBetween switch and added new tampering module ./tamper/between.py
2010-10-15 23:48:07 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82
Minor cosmetic fixes
2010-10-14 15:28:54 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
cbe7c902c1
just a development start of an error based injection support
2010-10-04 13:05:51 +00:00
Miroslav Stampar
827cd1d56b
minor fix
2010-09-13 15:22:29 +00:00
Miroslav Stampar
b37dca1c2c
minor adjustment
2010-07-19 09:06:19 +00:00
Miroslav Stampar
9edd468caf
multithreading save to session on abort
2010-07-19 08:37:45 +00:00
Bernardo Damele
7349f3a70f
Closes #197
2010-07-01 15:25:57 +00:00
Miroslav Stampar
bb9401ba52
minor minor fixup
2010-07-01 14:14:43 +00:00
Miroslav Stampar
9d28ae23ca
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
2010-07-01 14:11:45 +00:00
Bernardo Damele
17e228024b
Minor enhancements and bug fixes to "good samaritan" feature - see #4
2010-06-21 14:40:12 +00:00
Bernardo Damele
b98f6ac71c
Minor layout adjustment
2010-06-17 13:27:43 +00:00
Bernardo Damele
fd76f048b6
Added common pattern value support to bisection algorithm
2010-06-17 11:38:32 +00:00
Miroslav Stampar
35642a0450
some more adjustments
2010-06-10 15:03:08 +00:00
Miroslav Stampar
1b30c46348
fix for an bug reported by David Guimaraes
2010-06-10 14:52:33 +00:00
Miroslav Stampar
7fbeebc4d9
grammar fix
2010-06-03 08:55:13 +00:00
Miroslav Stampar
bf071d33d2
some comments added
2010-06-02 15:18:33 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Miroslav Stampar
af2f184464
some comments regarding inference.py
2010-05-31 15:20:20 +00:00
Bernardo Damele
6df2d98fc9
Minor bug fix in common.py goGoodSamaritan().
...
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
4bb5885413
some changes regarding --common-outputs feature
2010-05-31 09:41:41 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
655bd79fc4
some renaming
2010-05-28 10:50:54 +00:00
Miroslav Stampar
838762fb00
previous quick fix removal
2010-05-28 10:38:23 +00:00
Miroslav Stampar
7ef286a76f
some speed up
2010-05-28 10:33:09 +00:00
Miroslav Stampar
48c0f4f053
minor fix
2010-05-28 10:17:03 +00:00
Miroslav Stampar
4eccf1a25d
quick fix
2010-05-28 10:01:19 +00:00
Bernardo Damele
9de1671b8f
Code refactoring and minor bug fixes.
2010-05-27 16:45:09 +00:00
Miroslav Stampar
ce29c841cf
some comments added
2010-05-26 11:14:22 +00:00
Miroslav Stampar
bbdbe44e3f
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99
more code updates regarding good samaritan (common output) feature
2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024
minor update regarding good samaritan
2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e
new commit regarding good samaritan feature
2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
f718425cf4
minor fix
2010-05-24 11:18:47 +00:00
Miroslav Stampar
e9be60e1ac
added support for proper unicode session(s) storage/retrieval
2010-05-24 11:00:49 +00:00
Miroslav Stampar
f34e6badfd
removed pdb
2010-05-24 09:29:16 +00:00
Miroslav Stampar
f0d3e6c565
fix
2010-05-24 09:28:20 +00:00
Miroslav Stampar
887352746b
some speedup (usage of xrange (virtual range) instead of range)
2010-05-23 22:14:57 +00:00
Miroslav Stampar
2c2d6d3623
operator fix
2010-05-23 21:35:42 +00:00
Miroslav Stampar
7dc1bf0324
quick (probably not final) fix for unicode inference (not yet tested)
2010-05-23 21:32:51 +00:00
Miroslav Stampar
64f2afe585
in a mood for more changes
2010-05-21 12:44:09 +00:00
Miroslav Stampar
219628aa01
quick fixes
2010-05-21 12:25:49 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Bernardo Damele
72fda2a3e4
Minor bug fix to correctly resuming --union-test results from session file.
2010-05-19 14:21:59 +00:00
Miroslav Stampar
d96723a135
fix for Feature #157
2010-05-13 11:17:24 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Miroslav Stampar
0a4c1f8aec
unfix (conf.timeSec is an integer - my fault)
2010-05-13 09:34:08 +00:00
Miroslav Stampar
2fdac83607
minor fix
2010-05-13 08:27:51 +00:00
Bernardo Damele
9efe001515
SQLite does not support BETWEEN
2010-05-12 22:02:47 +00:00
Miroslav Stampar
893bc04fe4
changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)
2010-05-12 11:30:32 +00:00
Bernardo Damele
8b74c405f5
Minor output bug fix
2010-05-11 14:15:03 +00:00
Miroslav Stampar
430a25407b
fixed that thread partial output problem (one character behind) reported by Kasper Fons
2010-05-11 11:06:21 +00:00
Bernardo Damele
90d9900371
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
2010-04-30 15:48:40 +00:00
Miroslav Stampar
d8e5585c66
fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError)
2010-04-29 08:30:29 +00:00
Miroslav Stampar
7d3a200ab8
fix for Bug #183
2010-04-19 15:25:52 +00:00
Bernardo Damele
a0c8adc266
Minor bug fix to add the "hinted" request to the total number of requests performed
...
Minor layout adjustments.
2010-04-15 10:08:27 +00:00
Miroslav Stampar
17554759b7
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
2010-04-15 09:36:13 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
be81c20298
Minor layout adjustment
2010-03-25 16:26:50 +00:00
Bernardo Damele
8e57767c48
Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET
2010-03-23 10:27:39 +00:00
Bernardo Damele
f9a135e232
Minor bug fix and layout adjustment regarding --threading and standard output
2010-03-22 17:38:19 +00:00
Bernardo Damele
d13ad8b2d7
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 15:39:29 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
25f8a72414
Minor layout adjustment
2010-03-12 14:48:33 +00:00
Miroslav Stampar
17d0b82fee
two dots instead of three
2010-03-12 14:31:14 +00:00
Miroslav Stampar
15c638ac52
some beautification
2010-03-12 13:07:07 +00:00
Miroslav Stampar
7ec04281dd
minor adjustments
2010-03-12 12:46:26 +00:00
Miroslav Stampar
fffda32f76
fix for Bug #167
2010-03-12 12:38:19 +00:00
Miroslav Stampar
ec43419ad1
minor makeup fix
2010-03-11 11:20:52 +00:00
Miroslav Stampar
2c053d5cfb
fix for Bug #166 (Keyboard interrupt in Python threading)
2010-03-11 11:14:20 +00:00
Miroslav Stampar
91dd609e26
fixed threading bug (difflib :)
2010-03-10 14:14:27 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
b08a4efb4b
Minor layout adjustments
2010-02-04 17:45:56 +00:00
Bernardo Damele
4ce3abc56d
Minor adjustments
2010-01-15 17:42:46 +00:00
Miroslav Stampar
1a764e1f08
minor commit
2010-01-15 16:10:21 +00:00
Miroslav Stampar
5f171340f5
introduced safe string formatting
2010-01-15 16:06:59 +00:00
Bernardo Damele
954a927cee
Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12
2010-01-05 11:43:16 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
d905e5ef9f
Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server
2009-07-25 11:45:23 +00:00
Bernardo Damele
3b9303186e
Fixed minor bug with --eta
2009-06-24 13:44:14 +00:00
Bernardo Damele
13de8366d0
Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting!
2009-05-20 09:34:13 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
2d87a3349f
Fixed custom MSSQL "limited" query support also for Partial UNION query technique
2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be
Major bug fix to make it work properly with MSSQL custom limited (SELECT
...
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
a4d62af2ea
Minor layout adjustments to --union-tech
2008-12-29 18:48:23 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
1f7810e46a
Major bug fix to make partial UNION query sql injection work properly
...
also on Microsoft SQL Server
2008-12-22 19:36:01 +00:00
Bernardo Damele
2f406b3e56
Minor adjustments
2008-12-22 00:04:28 +00:00