sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	8fd3e7ba1f	thread based data added	2010-12-20 22:45:01 +00:00
Miroslav Stampar	3ee44584d4	i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string')	2010-12-14 12:57:59 +00:00
Bernardo Damele	a02dd6b55b	Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring.	2010-12-13 21:33:42 +00:00
Miroslav Stampar	c93634b6c7	blind dumping of tables in sqlite implemented	2010-12-11 22:13:19 +00:00
Miroslav Stampar	e6c66fa37c	update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available	2010-12-11 17:55:28 +00:00
Miroslav Stampar	bbffea2cbc	bug fix	2010-12-09 17:10:22 +00:00
Miroslav Stampar	0eb2c408a9	code refactoring	2010-12-09 16:49:02 +00:00
Miroslav Stampar	cdff29ada7	update	2010-12-09 11:23:44 +00:00
Bernardo Damele	c8f943f5e4	Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.	2010-11-30 22:40:25 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Miroslav Stampar	6ef3846400	update regarding error parsing (and reporting)	2010-11-16 10:42:42 +00:00
Bernardo Damele	66c82d72e4	Typo fix	2010-11-12 10:02:02 +00:00
Miroslav Stampar	42272ca78c	minor update	2010-11-11 22:26:36 +00:00
Miroslav Stampar	be992b4471	update regarding common columns existance check	2010-11-11 17:09:31 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Bernardo Damele	27ce4b0cf0	Set proper verbose level for dbms direct error messages	2010-11-07 22:14:06 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	3f0a443b83	some updates	2010-11-04 23:08:59 +00:00
Miroslav Stampar	d7dbf814a0	fix/update for Access	2010-11-04 21:47:21 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Miroslav Stampar	6ad8bbfc8e	one more ms access update	2010-11-02 10:50:57 +00:00
Miroslav Stampar	c98d8fed83	minor ms access update	2010-11-02 10:13:36 +00:00
Bernardo Damele	215175e3b7	Minor code adjustments	2010-10-25 14:11:47 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00
Miroslav Stampar	a63c2c9f7c	just a test	2010-10-14 14:16:45 +00:00
Bernardo Damele	65a05452f7	Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 : * --search -D foobar: searches all database names like the ones provided * --search -T foobar: searches all databases' table names like the ones provided (soon) * --search -C foobar: replaces --dump -C	2010-05-07 13:40:57 +00:00
Miroslav Stampar	6762f592c1	direct connection supported only on Windows machines	2010-04-13 08:57:47 +00:00
Miroslav Stampar	939fa5d2c4	some fixes	2010-04-13 08:29:15 +00:00
Bernardo Damele	9e29120603	Minor fix to make MS Access direct access to work also from Linux	2010-04-12 15:52:40 +00:00
Bernardo Damele	eecee3b274	Added resume functionality to -d and fixed logging with -d	2010-04-12 09:35:20 +00:00
Miroslav Stampar	e2810003ae	more update	2010-04-06 15:12:52 +00:00
Miroslav Stampar	c24f1cc07c	some update	2010-04-06 14:59:31 +00:00
Bernardo Damele	5fdebb5d5b	Added support to directly connect also to Microsoft SQL Server database. Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output). Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods. Forced conf.timeout to 10 seconds when directly connecting to database. Slightly improved regular expression to parse -d parameter. Added import check for all connectors' third-party libraries. Code refactoring: * Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed). * Back-delegated to generic connector close() and other methods.	2010-03-31 10:50:47 +00:00
Miroslav Stampar	d583cc07e7	ms access update	2010-03-30 15:04:55 +00:00
Miroslav Stampar	1973024ebf	added support for reusing connections	2010-03-30 13:52:47 +00:00
Miroslav Stampar	c2a6f21095	refactoring regarding usage of conf.dbmsConnector.connect()	2010-03-30 13:03:19 +00:00
Miroslav Stampar	88d74a00c1	ms access connector update	2010-03-30 12:48:51 +00:00
Miroslav Stampar	87d8c6719e	updates, fixes and stuff	2010-03-30 11:06:30 +00:00
Bernardo Damele	1416cd0d86	Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). Minor layout adjustments.	2010-03-26 23:23:25 +00:00
Bernardo Damele	a63e251b25	Ahead with code refactoring, related to r1502. Fixed svn:keywords propset to all .py files.	2010-03-23 21:26:45 +00:00
Bernardo Damele	09768a7b62	Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. Todo for firebird, sqlite, access.	2010-03-22 22:57:57 +00:00

42 Commits