Commit Graph

2329 Commits

Author SHA1 Message Date
Miroslav Stampar
938a3ab0b9 fix for Bug #183 (--threads dot output) 2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e Added support to directly connect also to SQLite 2 db file 2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f Minor adjustment 2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947 added some nagging for connection details 2010-04-13 11:00:15 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
fcceceed45 fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version 2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00
Bernardo Damele
effc7dc41c Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password" 2010-04-07 09:47:14 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9 fix for "Problem with --dbms set" reported by David Guimaraes 2010-04-05 23:09:35 +00:00
Miroslav Stampar
0a363d3f2b fix for not properly clearing cookies when in multiple targets scanning mode spotted by Kasper Fons 2010-04-04 14:38:48 +00:00
Miroslav Stampar
4129cb22a7 update regarding bug reported by Ole Rasmussen 2010-04-03 19:41:47 +00:00
Bernardo Damele
cad8f61d55 Force pymssql to version >= 1.0.2 2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
a02ec29c15 too 2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f replace only first occurrence 2010-03-30 11:52:01 +00:00
Miroslav Stampar
ae3455a0c2 more update 2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075 update 2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e updates, fixes and stuff 2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
4ca1adba2c update 2010-03-26 21:30:36 +00:00
Miroslav Stampar
1ec5221d82 minor update 2010-03-26 20:51:55 +00:00
Miroslav Stampar
0aa8f7309b added copyright notice and keywords 2010-03-26 20:23:08 +00:00
Miroslav Stampar
2e05e1c54d new module for Feature #61 2010-03-26 20:19:18 +00:00
Miroslav Stampar
8bab94de64 added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71 2010-03-26 17:18:02 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180.
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
f4f68218bc Minor layout adjustment for --threads and --eta output 2010-03-25 11:47:18 +00:00
Bernardo Damele
f9a135e232 Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 17:38:19 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
d2f86fb0a5 Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now 2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a Fixes #178 and #179 - proper handling of custom redirects 2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b Revert last commit 2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d Fix for Issue #177 2010-03-16 13:11:44 +00:00
Bernardo Damele
6d0ea86414 Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 14:24:43 +00:00
Miroslav Stampar
417f7fae00 Fix for "bug: -g uses wrong session file" 2010-03-15 12:02:04 +00:00
Miroslav Stampar
8af7d6c58b minor cosmetic update 2010-03-15 11:55:13 +00:00
Miroslav Stampar
a0ec447b7d fix for Issue #170 2010-03-15 11:33:34 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
5063401130 Minor bug fix, fixes #170 2010-03-15 11:00:14 +00:00
Bernardo Damele
572b6fd920 sqlmap 0.8 stable! 2010-03-15 01:17:27 +00:00
Miroslav Stampar
7ec04281dd minor adjustments 2010-03-12 12:46:26 +00:00
Miroslav Stampar
2c053d5cfb fix for Bug #166 (Keyboard interrupt in Python threading) 2010-03-11 11:14:20 +00:00
Bernardo Damele
fdf417f57e Minor adjustment and bug fix 2010-03-10 22:08:11 +00:00
Miroslav Stampar
91dd609e26 fixed threading bug (difflib :) 2010-03-10 14:14:27 +00:00
Bernardo Damele
8593741358 Minor bug fix 2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00
Miroslav Stampar
58d54b6515 added new option --flush-session 2010-03-04 13:01:18 +00:00
Miroslav Stampar
b544405878 fixed some issue involving banner parsing 2010-03-04 09:15:26 +00:00
Bernardo Damele
ef7666c12b Minor code cleanup 2010-03-03 19:23:43 +00:00
Bernardo Damele
a654a426ef Minor adjustments 2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
5d792feffd minor update 2010-03-03 10:57:54 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Bernardo Damele
8c68d25b39 Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all 2010-02-26 12:00:47 +00:00
Miroslav Stampar
89e919f07a fixing my mistake 2010-02-26 10:01:23 +00:00
Miroslav Stampar
5ebf572cae added option --ignore-proxy 2010-02-25 20:55:10 +00:00
Bernardo Damele
98496fd173 Show also site in the banner 2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a Adjusted banner, increased release candidate to rc7 2010-02-25 17:34:54 +00:00
Miroslav Stampar
d95a8850c8 fix 2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8 important update regarding default directories 2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08 Minor code cleanup 2010-02-25 15:16:41 +00:00
Miroslav Stampar
3721451cd6 default dirs update 2010-02-25 14:51:39 +00:00
Miroslav Stampar
4bea0e343a Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 08:54:33 +00:00
Miroslav Stampar
9c014c0fd0 minor change 2010-02-20 23:11:05 +00:00
Miroslav Stampar
cef248a5ea update for that invalid target url Otavio Augusto reported 2010-02-10 12:06:23 +00:00
Miroslav Stampar
00a23ace9a some changes regarding web takeover 2010-02-09 14:27:41 +00:00
Miroslav Stampar
d291464cd4 code refactoring regarding path normalization 2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Miroslav Stampar
e4699f389d some bug fixes regarding --os-shell usage against windows servers 2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
494e014a4a minor update 2010-02-03 16:04:44 +00:00
Miroslav Stampar
894b9f0f80 minor minor update 2010-02-03 15:15:30 +00:00
Miroslav Stampar
25f1a9c7d0 upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this) 2010-02-03 15:06:41 +00:00
Miroslav Stampar
c74b920f54 bug fix 2010-02-03 14:49:28 +00:00
Miroslav Stampar
92817159dc cloaked upx for windows (used mkstemp because of execution and file access rights problem) 2010-01-29 10:12:09 +00:00
Bernardo Damele
6f5d2ed171 Minor cosmetic adjustments 2010-01-28 17:07:34 +00:00
Miroslav Stampar
732ed48e2b some refactoring regarding decloaking 2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d Minor self fix, switched to rc6 2010-01-28 10:27:47 +00:00
Miroslav Stampar
645afee359 some changes 2010-01-28 00:25:36 +00:00
Miroslav Stampar
a4d8234875 minor update 2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488 another fix for Bug #148 2010-01-23 23:29:34 +00:00
Miroslav Stampar
97840535c6 fix for situations where proxy is set in environment, but the user tries to test something on localhost 2010-01-19 13:47:35 +00:00
Bernardo Damele
5c58747740 More tweaking on --update 2010-01-18 15:20:50 +00:00
Bernardo Damele
051db588a5 Minor tweaking to --update 2010-01-18 14:59:24 +00:00
Miroslav Stampar
44adbc5776 changes regarding Feature #125 2010-01-18 14:05:23 +00:00
Bernardo Damele
2825ab5e4e Major bug fix in url-encoding 2010-01-16 21:56:40 +00:00
Bernardo Damele
4ce3abc56d Minor adjustments 2010-01-15 17:42:46 +00:00
Miroslav Stampar
5f171340f5 introduced safe string formatting 2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1 minor update 2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4 updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before 2010-01-15 11:44:05 +00:00
Bernardo Damele
505647b00f Minor bug fix to --cookie-urlencode 2010-01-15 11:24:30 +00:00
Bernardo Damele
c4215ce8d2 Minor code refactoring 2010-01-14 20:42:45 +00:00
Miroslav Stampar
26c7b74e65 changes regarding Data (GET/POST/Cookie) encoding (Bug #129) 2010-01-14 18:05:03 +00:00
Bernardo Damele
50bbb0cf8a Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository. 2010-01-13 14:52:23 +00:00
Miroslav Stampar
3434a22872 HTTP header HOST is now mandatory in a HTTP request file 2010-01-12 14:07:58 +00:00
Miroslav Stampar
a193205323 minor update regarding requestFile option 2010-01-12 14:01:58 +00:00
Miroslav Stampar
8817b2884f minor update 2010-01-12 13:16:30 +00:00
Miroslav Stampar
a58b36fe07 code commit regarding Feature #119 2010-01-12 13:11:26 +00:00
Bernardo Damele
12f371cd65 Minor bug fix and improvement in displaying of enumerated columns in --dump -C 2010-01-09 21:37:44 +00:00
Bernardo Damele
dc04fa7f06 Minor layout adjustments 2010-01-09 21:08:47 +00:00
Miroslav Stampar
d58ba7ee6d added --scope feature regarding Feature #105 2010-01-09 20:44:50 +00:00
Bernardo Damele
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
6a62a78b0a More generic 2010-01-08 23:50:06 +00:00
Bernardo Damele
067cc07fb9 Make 'field' parameter in limitQuery() method to be option 2010-01-08 23:23:15 +00:00
Miroslav Stampar
d07f60578c implementation of Feature #17 2010-01-07 12:59:09 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00
Bernardo Damele
954a927cee Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 11:43:16 +00:00
Miroslav Stampar
71547a3496 getDocRoot changes 2010-01-05 11:30:33 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
b363f1c5ab Added support for NTLM authentication 2009-12-02 22:54:39 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks! 2009-07-29 10:44:24 +00:00
Bernardo Damele
b2b2ec8a26 Preparing to release sqlmap 0.7 stable 2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9 Minor adjustment to reflect Metasploit r6849 (http://trac.metasploit.com/changeset/6849) and minor code refactoring. 2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16 Minor improvement so that sqlmap tests also all parameters with no value (ig. par=). 2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356 Avoid to upload the web backdoor to unexisting empty-name directory 2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159 Minor bug fix to --dbms, updated user's manual 2009-07-09 11:05:24 +00:00
Bernardo Damele
e5a01d500e Minor bug fix in --update option, updated also Microsoft XML versions file 2009-06-16 15:12:02 +00:00
Bernardo Damele
150abc0f1e sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring. 2009-06-11 15:01:48 +00:00
Bernardo Damele
3bca0d4b28 Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance. 2009-06-05 10:15:55 +00:00
Bernardo Damele
5ac2b0658c Fixed regular expression to parse burp log file hosts' scheme/port 2009-06-04 14:42:53 +00:00
Bernardo Damele
cfd8a83655 Minor adjustment to get also the port when parsing burp logs 2009-06-04 14:36:31 +00:00
Bernardo Damele
966f34f381 Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions 2009-06-03 15:26:18 +00:00
Bernardo Damele
c7b72abc0e Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls 2009-06-03 15:04:40 +00:00
Bernardo Damele
81d1a767ac Minor bug fix in output manager (dumper) object 2009-05-20 13:56:23 +00:00
Bernardo Damele
ef3846e0de Minor fix in Host header value by Oliver Gruskovnjak 2009-05-19 14:40:04 +00:00
Bernardo Damele
45dff4a00a Added new function to search a file within the PATH environment variable paths:
it will be used when sqlmap will be packaged as DEB and RPM
2009-05-12 20:24:47 +00:00
Bernardo Damele
b463205544 Minor fixes for MacOSX 2009-05-12 20:24:00 +00:00
Bernardo Damele
ccedadd780 Finished Mac OS X 2009-04-30 21:42:54 +00:00
Bernardo Damele
e8c115500d Now it works also on Mac OS X 2009-04-30 10:46:50 +00:00
Bernardo Damele
722ca8bf2f Minor "fix" 2009-04-29 19:45:12 +00:00
Bernardo Damele
57b8bb4c8e Minor syntax adjustment for web backdoor functionality 2009-04-28 21:51:22 +00:00
Bernardo Damele
1d7de719b9 Almost done with web backdoor functionality 2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
5121a4dcba Send IE7.0 as default User-Agent 2009-04-24 20:13:21 +00:00
Bernardo Damele
546a6c32e3 Avoid deprecation warning on sha and md5 libraries on Python >= 2.6 2009-04-24 20:10:30 +00:00
Bernardo Damele
4ce74764b7 More verbose when reporting failure to create shellcode/payload stager (via Metasploit) 2009-04-23 20:39:32 +00:00
Bernardo Damele
1af6898618 Fixed POST parsing when -l option is provided (burp/webscarab log file) 2009-04-23 15:04:28 +00:00
Bernardo Damele
aefa7ef988 Avoid libmagic traceback on Windows.
WARNING: this release is a candidate, it only works on Linux/Unices for the moment!
2009-04-22 12:44:16 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
0c1a6b3edf Minor typo fix 2009-02-19 00:38:54 +00:00
Bernardo Damele
2355885712 Minor adjustment 2009-02-09 10:29:07 +00:00
Bernardo Damele
207e96e2b2 Major bug fix in the comparison algorithm to correctly handle also the
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
b12d955274 Updated packaging scripts, site and finalized the documentation to release version 0.6.4 2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4 Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs 2009-02-02 23:44:19 +00:00
Bernardo Damele
dded57f1cd Minor bug fix to correctly unpack user's custom queries on Microsoft SQL Server 2009-01-30 23:58:48 +00:00
Bernardo Damele
6054090191 sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying. 2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031 Avoid DeprecationWarning with Python 2.6+ 2009-01-22 23:53:01 +00:00
Bernardo Damele
c25b49e80e Major bugfix to avoid "IFNULL and CAST" on CASE 2009-01-19 21:27:51 +00:00
Bernardo Damele
fd7cb9101c Major bug fix to forge SQL injection payload on Oracle 2009-01-13 23:15:57 +00:00
Bernardo Damele
bc448211c5 Minor layout adjustment 2009-01-13 23:15:23 +00:00
Bernardo Damele
5560f0b68a Updated the copyright 2009-01-12 21:35:38 +00:00
Bernardo Damele
e10ab5aa0e Major bug fixes 2009-01-10 14:39:27 +00:00
Bernardo Damele
9c125a2b57 Minor improvement to use Python ConfigParser library when --save if specified.
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
d0604ef513 Major bug fix to correctly handle custom SQL "limited" queries on Oracle 2009-01-03 01:19:04 +00:00
Bernardo Damele
2d87a3349f Fixed custom MSSQL "limited" query support also for Partial UNION query technique 2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be Major bug fix to make it work properly with MSSQL custom limited (SELECT
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
c1010c20d8 Minor adjustments 2008-12-30 21:24:01 +00:00
Bernardo Damele
a4d62af2ea Minor layout adjustments to --union-tech 2008-12-29 18:48:23 +00:00
Bernardo Damele
9340bf59fb Updated Microsoft SQL Server signature XML file.
Minor layout adjustments to --update output messages/diff
2008-12-29 18:46:43 +00:00
Bernardo Damele
64bb57d786 Minor bug fix to make the Partial UNION query SQL injection technique
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
1f7810e46a Major bug fix to make partial UNION query sql injection work properly
also on Microsoft SQL Server
2008-12-22 19:36:01 +00:00
Bernardo Damele
04c187c66a Working on a bug (fix for Partial UNION query SQL injection technique
both Oracle and Microsoft SQL Server).
2008-12-22 00:51:09 +00:00
Bernardo Damele
2f406b3e56 Minor adjustments 2008-12-22 00:04:28 +00:00
Bernardo Damele
4ae464c80d Minor enhancement to support an option (--union-tech) to specify the
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
996a872e51 We are already on sqlmap 0.6.4 release candidate 1.. 2008-12-20 13:23:26 +00:00
Bernardo Damele
c18efe5084 Minor adjustments 2008-12-20 13:21:47 +00:00
Bernardo Damele
8d06975142 Major enhancement to make the comparison algorithm work properly also
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
7e8ac16245 Added preventive check for stacked queries support when executing DDL,
DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947 Ahead with the improvements to the comparison algorithm.
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
d0d6632c22 Initial support to automatically work around the dynamic page at each refresh
(Major refactor to the comparison algorithm (True/False response))
2008-12-18 20:48:23 +00:00
Bernardo Damele
3fe493b63d Minor enhancement to support an option (--is-dba) to show if the
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751 Major bug fix to avoid tracebacks when multiple targets are specified and one
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
6dec56d616 Major bug fix 2008-12-17 21:35:04 +00:00
Bernardo Damele
dda62ba463 Minor adjustments and bug fixes 2008-12-17 20:11:18 +00:00
Bernardo Damele
05a8c8d3bf Added support to test for stacked queries support and improved check for time based blind sql injection.
Minor bug fix in --save option
2008-12-16 21:30:24 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
072eb7154c Major enhancement to support Partial UNION query SQL injection technique too.
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
38c9627700 Minor enhancemet to support also --regexp, --excl-str and --excl-reg
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7 sqlmap 0.6.3-rc4:
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
0f07e33e1a Removed REVISION, makes no sense.
Import and use python psyco library to speed up if it's installed: it's optional.
2008-12-03 17:32:16 +00:00
Bernardo Damele
e3ddbe751f Minor code refactoring 2008-12-02 23:49:38 +00:00
Bernardo Damele
b700485a1b Minor adjustment, still to work on the cookie urlencoding/decoding 2008-12-02 21:57:12 +00:00
Bernardo Damele
578bcb9140 Initial support for partial UNION query sql injection 2008-12-02 21:56:23 +00:00
Bernardo Damele
f97585c593 Show also SVN revision in error message when a traceback raises.
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
a777f1ca35 Minor bug fix 2008-12-01 23:27:51 +00:00
Bernardo Damele
3cf1658532 Increased default output level from 0 to 1 2008-12-01 23:07:41 +00:00
Bernardo Damele
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
f2737ad0a3 Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file).
Major bug fix in the controller library.
2008-11-22 01:57:22 +00:00
Bernardo Damele
9be844cf3e Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. 2008-11-20 17:56:09 +00:00
Bernardo Damele
80425c9ccd Minor adjustment to ETA feature 2008-11-20 11:13:04 +00:00
Bernardo Damele
736b2e7323 Minor adjustments to the operating system fingerprint. 2008-11-19 00:36:44 +00:00
Bernardo Damele
727664aea7 Minor enhancement to fingerprint the web server operating system and
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
7d0724843f Major enhancement to the engine to parse XML files and matches on DBMS banner
and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments.
2008-11-17 17:41:02 +00:00
Bernardo Damele
654aecedfe Minor layout adjustments, minor fixes and updated changelog 2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.

Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
84cbc60659 Major bug fix to correctly handle httplib.BadStatusLine exception.
Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual.
2008-11-15 12:25:19 +00:00
Bernardo Damele
0bd5b52d95 Minor fixes 2008-11-13 00:03:04 +00:00
Bernardo Damele
ecc4a98071 Properly moved and improved inject.goStacked() function and newly
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
9329f8c9c4 Minor enhancement to be able to enumerate table columns and dump table
entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments.
2008-11-12 22:53:25 +00:00
Bernardo Damele
81ed7c2086 Initial implementation of support for stacked queries.
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
13f76cfe3b Adjusted unhandled exception error message 2008-11-11 14:08:40 +00:00
Bernardo Damele
0c5d3df546 sqlmap 0.6.3-rc1:
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
be599d5a33 Updated documentation and minor fix in update functionality 2008-11-04 16:33:13 +00:00
Bernardo Damele
8d130f12a0 Major bug fix to correctly update sqlmap to the latest stable release
with command line --update
2008-11-02 22:16:54 +00:00
Bernardo Damele
56a5e8d390 Updated sqlmap packaging scripts, site and documentation, almost ready for sqlmap 0.6.2 2008-11-02 20:12:50 +00:00
Bernardo Damele
03b90e0a3f Be more user friendly on messages and minor code layout improvement 2008-11-02 18:23:42 +00:00
Bernardo Damele
09ca578ca1 Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option; 2008-11-02 18:17:12 +00:00
Bernardo Damele
91a47246f8 Minor bug fix to correctly handle --start and --stop 2008-11-02 14:39:38 +00:00
Bernardo Damele
e2a0f7a47b Fix typo 2008-10-30 23:20:14 +00:00
Bernardo Damele
e07e48efb2 Major bug fix to correctly dump tables entries 2008-10-26 16:10:28 +00:00
Bernardo Damele
fc28372596 Added a comment 2008-10-26 16:06:43 +00:00
Bernardo Damele
e2fedd3b46 Minor layout adjustment 2008-10-16 16:39:24 +00:00
Bernardo Damele
f90a7cce28 Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie 2008-10-16 16:31:20 +00:00
Bernardo Damele
a5b2366033 Implemented a better way to deal with % characters in parameters' value. Minor code restyle. 2008-10-16 15:31:02 +00:00
Bernardo Damele
962d63eff5 Improved the message to display in case of unhandled exception 2008-10-16 14:00:39 +00:00
Bernardo Damele
892a7b2f8a propsets.. 2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00