sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-26 13:41:10 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,463 Commits 2 Branches 130 Tags 114 MiB
5d37df6104
Commit Graph

134 Commits

Author SHA1 Message Date
Bernardo Damele
9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) 2010-12-03 16:12:47 +00:00
Bernardo Damele
072835e04b Removed for time being 2010-12-03 14:48:31 +00:00
Bernardo Damele
11058667e4 Better naming 2010-12-03 14:45:13 +00:00
Miroslav Stampar
73dfb69308 minor update for OR based time injection (Firebird) 2010-12-03 12:15:41 +00:00
Bernardo Damele
4dec049c22 Major bug fix for test on ORDER BY and GROUP BY clauses. 
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
 2010-12-03 12:00:03 +00:00
Miroslav Stampar
23a86ed612 minor bug fix related to Firebird time based test vectors 2010-12-03 11:05:16 +00:00
Bernardo Damele
0069a21a0d Added also OR error-based checks, tweaked some TODOs and added some new boundaries for login forms (yet to test) 2010-12-03 10:52:24 +00:00
Miroslav Stampar
bf09b8a6d9 added Firebird error based (WHERE) attack vector 2010-12-02 15:09:21 +00:00
Bernardo Damele
df4cb1a601 On the way to get full support for injection on ORDER BY and GROUP BY clauses 2010-12-01 23:30:38 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. 
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
 2010-12-01 17:09:52 +00:00
Bernardo Damele
2708aad504 Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests. 2010-12-01 10:31:50 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. 
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
 2010-11-30 22:40:25 +00:00
Bernardo Damele
6525e08d6b Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values 2010-11-29 12:13:42 +00:00
Bernardo Damele
75f7df75b6 Minor fix 2010-11-28 23:33:51 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. 
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
 2010-11-28 18:10:54 +00:00
Bernardo Damele
e32be2b4e7 Minor adjustment 2010-11-23 15:06:40 +00:00
Miroslav Stampar
c6545f5c9f we had a bug (nooooooooo!!!! :)) 2010-11-19 10:36:47 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Miroslav Stampar
42272ca78c minor update 2010-11-11 22:26:36 +00:00
Miroslav Stampar
1a708cf12d update for ASP/Ingres 2010-11-05 16:21:22 +00:00
Miroslav Stampar
173e893d11 added error message support for Ingres 2010-11-05 16:19:41 +00:00
Miroslav Stampar
3f0a443b83 some updates 2010-11-04 23:08:59 +00:00
Miroslav Stampar
d5fcc9d8b5 few updates/fixes here and there 2010-11-04 08:03:59 +00:00
Miroslav Stampar
977df7276d minor update 2010-11-03 06:25:24 +00:00
Miroslav Stampar
4b56fa4f8f now --tables work for MaxDB 2010-11-02 22:11:45 +00:00
Miroslav Stampar
b761523f3f now --users works for MaxDB too 2010-11-02 21:52:48 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Miroslav Stampar
49bf34ffd9 minor fix 2010-11-02 18:43:20 +00:00
Bernardo Damele
720e235d9a Fixed Windows 2003/2008 signatures. Added more old RedHat Server header signatures. Added old Debian etch signature too. 2010-10-31 18:18:49 +00:00
Miroslav Stampar
f7d42af046 some fixes regarding --check-payload 2010-10-29 11:00:23 +00:00
Bernardo Damele
0efecde248 Minor update to properly differentiate Windows 2003 by 2008 via HTTP response headers 2010-10-27 10:09:47 +00:00
Miroslav Stampar
749e25a217 Implementation of --passwords for Sybase 2010-10-26 21:35:30 +00:00
Miroslav Stampar
1b90c1d131 added FreeBSD 2010-10-26 20:48:52 +00:00
Miroslav Stampar
4da2046492 massive update of server fingerprints 2010-10-26 20:00:29 +00:00
Miroslav Stampar
080c5aef80 minor update 2010-10-26 19:08:11 +00:00
Miroslav Stampar
8a9a57c709 update for Sybase and major bug fix for --passwords on MSSQL 2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe that Sybase is going to be pain in the ass 2010-10-25 21:43:13 +00:00
Miroslav Stampar
228ac0cde5 refactoring regarding --check-payload 2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec added IDS payload testing 2010-10-25 15:37:43 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
68d39d5976 minor minor fix 2010-10-23 09:12:08 +00:00
Miroslav Stampar
32a4350779 update for MaxDB 2010-10-23 09:03:59 +00:00
Miroslav Stampar
98f5586b87 minor update 2010-10-23 08:05:24 +00:00
Miroslav Stampar
f8850e3f41 update (xml fix and refactoring) 2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924 update for Sybase 2010-10-23 07:37:43 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
e24bff0497 nice refactoring 2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457 no more regex. web server independent. 2010-10-20 09:35:46 +00:00
Miroslav Stampar
b032fdbf74 added randInt to error injection vectors 2010-10-20 08:56:58 +00:00
Miroslav Stampar
f2dae98448 fix for MySQL error queries 2010-10-19 23:30:08 +00:00