sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 01:47:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,936 Commits 2 Branches 130 Tags 98 MiB
5b932941fe
Commit Graph

181 Commits

Author SHA1 Message Date
Miroslav Stampar
c1145c244e fix for user-agent injections 2011-01-23 23:23:30 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
701947490b Two major bug fixes related to UNION technique query forging 2011-01-19 23:46:39 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. 
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
 2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix. 
Minor code refactoring.
 2011-01-16 01:17:09 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. 
Minor bug fixes thanks to previous refactoring too.
 2011-01-13 17:36:54 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix. 
Minor code restyling.
 2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. 
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
 2011-01-11 22:18:47 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00
Miroslav Stampar
8212b7b745 bug fix 2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Bernardo Damele
698f30e65e Cosmetics 2010-12-13 21:34:35 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
af22679605 minor update 2010-12-08 13:09:27 +00:00
Bernardo Damele
5f97312f29 Minor fix 2010-12-07 17:17:38 +00:00
Bernardo Damele
effd2ca0e3 Cosmetics 2010-12-07 12:32:58 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Miroslav Stampar
a43d252ae9 minor update 2010-12-06 00:14:08 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Bernardo Damele
41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections 2010-12-05 11:25:44 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) 2010-12-03 16:12:47 +00:00
Bernardo Damele
126a1479d8 Bug fix for --union-test 2010-12-03 14:57:30 +00:00
Bernardo Damele
b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses 2010-12-03 14:39:51 +00:00
Bernardo Damele
827a0aea05 Minor bug fix 2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce Added a comment needed to understand this hack when looking at the code in a month or so ;) 2010-12-03 11:00:41 +00:00
Bernardo Damele
22de82634a Important update to parse correctly the <where> tag during exploitation phase. 
Minor code cleanup.
 2010-12-03 10:44:16 +00:00
Bernardo Damele
283a04e29a On my way to properly parse test's <where> tag in exploitation phase 2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. 
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
 2010-12-01 17:09:52 +00:00
Bernardo Damele
2708aad504 Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests. 2010-12-01 10:31:50 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. 
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
 2010-11-30 22:40:25 +00:00
Bernardo Damele
e8c6c01e27 precaution 2010-11-29 09:54:30 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. 
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
 2010-11-28 18:10:54 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Bernardo Damele
4a9bd3a240 Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well! 2010-11-18 17:55:43 +00:00
Bernardo Damele
f6a17cb1a8 Revert wrong fix 2010-11-18 10:41:06 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
9f53048ff4 Put a space always between the user's provided prefix and sqlmap payload 2010-11-12 11:48:26 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83 some updates 2010-11-04 23:08:59 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
0ffffef088 Implemented --tamper for direct connection too (-d) 2010-10-31 14:22:32 +00:00
Bernardo Damele
617edf7fc2 Minor bug fix 2010-10-31 12:24:19 +00:00
Bernardo Damele
fcada4df0f Removed debug print 2010-10-31 12:21:22 +00:00
Bernardo Damele
2a2f949275 Minor bug fix 2010-10-31 12:20:38 +00:00
Bernardo Damele
264247d318 revert of a stupid commit 2010-10-31 12:09:55 +00:00
Bernardo Damele
2fb059a644 Bug fix 2010-10-31 12:02:20 +00:00
Bernardo Damele
9d08cb3a6f Revert r2209 and minor code refactoring 2010-10-31 11:51:45 +00:00
Bernardo Damele
3869ccebe8 Minor code refactoring 2010-10-31 11:17:51 +00:00
Bernardo Damele
6afc9bffaa Minor bug fix: there will always be only one pair of delimiters as we add it for each place 2010-10-31 11:09:29 +00:00
Miroslav Stampar
0125198210 minor fix 2010-10-29 21:19:28 +00:00
Miroslav Stampar
5a38ac7ea9 important update regarding (Bug #209) - probably more will be needed 2010-10-29 16:11:50 +00:00
Bernardo Damele
f5904d0bc0 Major bug fix to --union-test 2010-10-25 23:39:55 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
1b376c99a6 removed temp dictionary and replaced with kb.misc 2010-10-19 23:00:19 +00:00
Miroslav Stampar
c9f0c75030 removed --space (usage of tampering modules is now a prefered way to do it) 2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec removed that spaces from URI payloads 2010-10-15 12:49:03 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
18d27cabc5 more changes 2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb more refactoring 2010-10-07 14:05:34 +00:00
Miroslav Stampar
1e9ae40397 major refactoring 2010-10-07 12:12:26 +00:00
Miroslav Stampar
9cd5d3bde7 added new option --space 2010-09-24 21:59:03 +00:00
Miroslav Stampar
ff419f7384 more changes regarding path (URI) injection 2010-09-24 09:19:14 +00:00
Miroslav Stampar
e4925eb3dd update 2010-09-23 21:57:11 +00:00
Miroslav Stampar
13bb3a6212 minor update 2010-09-23 14:07:23 +00:00
Miroslav Stampar
927ad7bf13 update 2010-09-22 12:21:21 +00:00
Miroslav Stampar
da8ae5578b first commit regarding Feature #144 2010-09-22 11:56:35 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
4129cb22a7 update regarding bug reported by Ole Rasmussen 2010-04-03 19:41:47 +00:00
Miroslav Stampar
a02ec29c15 too 2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f replace only first occurrence 2010-03-30 11:52:01 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). 
Minor layout adjustments.
 2010-03-26 23:23:25 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx). 
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
 2010-03-18 17:20:54 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
2825ab5e4e Major bug fix in url-encoding 2010-01-16 21:56:40 +00:00