| 
							
							
								 Miroslav Stampar | 39b406c5c1 | fix for --search on Oracle | 2011-12-02 18:13:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 94790bf08a | minor update (removing reference to Microsoft Access for Generic payload) | 2011-12-01 13:25:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | df4e3be191 | using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions) | 2011-11-23 22:57:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d8047c79f3 | reverting back last two commits | 2011-11-22 15:28:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 73276c0785 | even better (added long before plugins table) | 2011-11-22 15:23:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ff07031170 | better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based) | 2011-11-22 15:20:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bbb7e1562d | adding AGAINST full-text search boundaries | 2011-11-12 14:16:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2e5222bfd8 | adding INSERT/UPDATE generic boundaries | 2011-10-28 11:00:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b6ccc0cc43 | minor update | 2011-10-18 14:35:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 597d554153 | minor update | 2011-10-18 13:05:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 382db1b67a | degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level) | 2011-08-31 20:35:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d283e3eb3c | adding support for pre-WHERE injections | 2011-08-24 09:04:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 13eb20cea1 | minor beautification | 2011-08-03 10:12:06 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2e20eb1a88 | Minor fix | 2011-08-03 10:08:59 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b8e2d60bfa | Added MSSQL 2008 R2 signatures | 2011-07-24 23:42:32 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 48f580fb10 | Minor adjustments to MSSQL fingerprint | 2011-07-24 23:30:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 99a0b62d0d | Minor adjustments | 2011-07-24 22:26:11 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ca83305b58 | added MySQL updatexml error-based payload | 2011-07-24 21:08:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a89140e1ce | revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) | 2011-07-23 06:07:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4cb9988243 | quick fix | 2011-07-12 21:09:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c9ba58acb6 | Moved MS Access UNION query tests after generic as generic test must identify MSSQL | 2011-07-11 09:47:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5d31eb5ef7 | cosmetics and also tested against testing env - works perfectly | 2011-07-10 09:07:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eb42cedf2a | adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment | 2011-07-10 08:54:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 93219b9e13 | i've accidentally left table_schema removed while doing some tests. now it should be ok | 2011-07-08 10:24:46 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b5dd4d4a63 | Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection | 2011-07-08 10:19:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c517e97a44 | few fixes and minor cosmetics | 2011-07-08 06:02:31 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 067354b97f | Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access | 2011-07-07 13:20:40 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9eb683531d | Minor improvement at blind SQL inj technique for DB2 | 2011-06-27 22:28:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ed4cfbb6d2 | Minor fix | 2011-06-27 08:58:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bedf16b88b | adding payloads for time-based injection on SAP MaxDB (heavy query) | 2011-06-26 23:46:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d0490cc4e7 | adding payloads for time-based injection on DB2 (heavy query) | 2011-06-26 16:38:22 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 36c96ef796 | Added DB2 support - patch provided by Sebastian Bittig | 2011-06-25 09:44:24 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b2e6cf3ed9 | Enabled --search -C also for Oracle | 2011-06-24 14:34:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4188df0501 | fixes for Sybase | 2011-06-15 18:49:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9f6b70f3f9 | update | 2011-05-26 22:45:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0baf931669 | real generic comment is "-- " not "--" (MySQL doesn't support "--") | 2011-05-24 09:16:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 171a4c389b | added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload | 2011-05-23 06:24:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 939e6541d0 | far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES) | 2011-05-19 23:36:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bd1b07fbc2 | one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL | 2011-05-19 06:32:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7f086916c0 | decent parameter replace payload for PostgreSQL (GENERATE_SERIES) | 2011-05-18 23:40:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e58d6d2e00 | removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable) | 2011-05-18 23:20:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe50d09cc8 | added new payload for PostgreSQL (parameter replace) | 2011-05-18 23:01:41 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3a8309c4b0 | Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches | 2011-05-10 15:34:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aae140080e | SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 . | 2011-05-06 10:27:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6e392b6054 | applying contributed patch for DB2 | 2011-05-06 09:30:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 36a9ddaacc | Minor bug fixes and code restyling for --privileges and --passwords | 2011-04-30 14:50:27 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 7df954dd9f | paranoy | 2011-04-21 23:41:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0764c4c752 | parenthesis were missing; banning OR NOT from payloads | 2011-04-21 23:32:53 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1d61611145 | leftover | 2011-04-21 22:46:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 870f773d70 | In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this | 2011-04-21 20:36:50 +00:00 |  |