Commit Graph

562 Commits

Author SHA1 Message Date
Bernardo Damele
60afd80460 Change of release date to unknown 2011-03-31 13:06:30 +00:00
Bernardo Damele
19a6f86954 Minor update 2011-03-27 16:37:57 +00:00
Miroslav Stampar
08d052d9b8 minor update of THANKS file 2011-03-27 13:45:19 +00:00
Miroslav Stampar
d2eb4c6a39 update of THANKS file 2011-03-26 21:48:36 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
cbfb10cbd1 fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...) 2011-03-21 16:43:46 +00:00
Miroslav Stampar
7b1021d100 minor update of THANKS file 2011-03-21 13:18:00 +00:00
Miroslav Stampar
f8a2cf0497 minor THANKS update 2011-03-21 09:53:34 +00:00
Bernardo Damele
f7c1b7dc5f Updated 2011-03-21 00:39:54 +00:00
Miroslav Stampar
36233fac42 update regarding a feature request from andyroyalbattle@yahoo.it 2011-03-18 16:35:30 +00:00
Bernardo Damele
3edb30968b Pff.. just layout 2011-03-17 12:37:50 +00:00
Miroslav Stampar
1879a49506 fix for a bug reported by andreoaz@gmail.com 2011-03-10 20:40:12 +00:00
Miroslav Stampar
8e7c3b4666 update of THANKS file 2011-03-07 21:29:06 +00:00
Bernardo Damele
da6a87af43 update 2011-02-28 16:59:39 +00:00
Bernardo Damele
50ba0fa955 More adjustments 2011-02-28 16:14:09 +00:00
Bernardo Damele
021fce5601 Should be done with the ChangeLog - ready for 0.9.
Minor adjustments to user's manual too.
2011-02-28 15:23:05 +00:00
Bernardo Damele
b47d3e1da3 Huge update to user's manual. A lot to be done yet. 2011-02-27 12:19:32 +00:00
Bernardo Damele
6e1a08a805 Documentation update 2011-02-19 21:08:18 +00:00
Bernardo Damele
808b03fc3e Minor reordering 2011-02-14 02:08:11 +00:00
Bernardo Damele
f0f5d3d3e8 Began with the update of the user's manual for 0.9 2011-02-07 00:55:10 +00:00
Bernardo Damele
1bc2ee2fbf Updated 2011-02-06 15:44:27 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
1e8eb27156 update of doc/THANKS 2011-02-04 14:07:54 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
9fc0bedea8 Minor bug fixes 2011-01-30 21:01:57 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
3bb4ea2c7a THANKS update 2011-01-25 22:29:36 +00:00
Miroslav Stampar
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) 2011-01-25 11:02:41 +00:00
Bernardo Damele
ceca64193b Updated 2011-01-24 14:46:41 +00:00
Bernardo Damele
c1f6bf2eda Updated 2011-01-18 23:14:35 +00:00
Miroslav Stampar
bdcb10cdab added MSSQL time based vector 2011-01-18 02:05:18 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Bernardo Damele
f209b7a65e Updated 2011-01-14 09:56:55 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
1297df66da fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) 2011-01-06 08:04:59 +00:00
Miroslav Stampar
aa81ed4033 implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) 2011-01-04 15:49:20 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
8067365b93 fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') 2010-12-20 23:47:53 +00:00
Miroslav Stampar
e3fa3b0e8e fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint') 2010-12-17 07:48:32 +00:00
Miroslav Stampar
5aee1fd8e0 updated THANKS file 2010-12-08 21:19:46 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle 2010-11-17 17:20:32 +00:00
Bernardo Damele
a9152c6723 Updated doc 2010-11-14 22:36:54 +00:00
Bernardo Damele
5e41cd07a3 Updated doc 2010-11-13 23:31:18 +00:00
Bernardo Damele
306e96331d Updated doc 2010-11-12 10:00:49 +00:00
Bernardo Damele
0c8918bf07 Minor bug fix, thanks Alex 2010-11-08 12:45:23 +00:00
Miroslav Stampar
14e9425673 update of doc/THANKS 2010-11-05 16:09:30 +00:00
Miroslav Stampar
7d12dbff41 update of THANKS 2010-11-05 11:36:43 +00:00
Miroslav Stampar
71d0b1bcd7 several bug fixes 2010-11-03 21:51:36 +00:00
Miroslav Stampar
861706fb31 fix for bug reported by ToR (unknown charset 'utf-8, text/html') 2010-11-02 18:01:10 +00:00
Miroslav Stampar
73b33ed765 fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic 2010-11-01 20:56:13 +00:00
Miroslav Stampar
d75578c81f some update regarding common tables 2010-10-29 09:00:51 +00:00
Bernardo Damele
ed1f2da43f Updated 2010-10-27 21:05:58 +00:00
Bernardo Damele
7715ba778b Updated 2010-10-27 14:41:03 +00:00
Bernardo Damele
4ab3edfc94 Updated 2010-10-25 23:40:19 +00:00
Miroslav Stampar
c7578d4ea1 update of THANKS 2010-10-25 16:07:03 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
c5fb4edf3e update of THANKS 2010-10-23 09:25:34 +00:00
Miroslav Stampar
a8e42a4f2b bug fix 2010-10-23 06:42:21 +00:00
Bernardo Damele
e5485a9958 Updated doc 2010-10-20 22:14:52 +00:00
Bernardo Damele
22ed09a358 Updated 2010-10-20 21:52:33 +00:00
Bernardo Damele
cfa5655150 Updated changelog 2010-10-16 22:23:53 +00:00
Miroslav Stampar
5c3d21065a bug fix (reported by nightman) 2010-10-16 21:29:35 +00:00
Miroslav Stampar
2b60304933 update 2010-10-16 21:19:44 +00:00
Bernardo Damele
bd3a791f23 Updated documentation 2010-10-15 10:29:53 +00:00
Miroslav Stampar
2198a60684 bug fix (reported by james@ev6.net) 2010-10-10 20:51:11 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
87abec16bd probable fix for a bug reported by Prashant Jadhav 2010-09-30 18:52:33 +00:00
Miroslav Stampar
7a7938a6da updated THANKS 2010-08-22 08:53:30 +00:00
Miroslav Stampar
526aebc84c small fix 2010-08-15 21:10:19 +00:00
Miroslav Stampar
f9752137f0 update of THANKS file 2010-08-08 22:28:01 +00:00
Miroslav Stampar
468eeb6ccf update of THANKS 2010-08-08 21:49:27 +00:00
Miroslav Stampar
1d8953ebdb update of THANKS file 2010-08-08 21:25:21 +00:00
Miroslav Stampar
6a6ff09c9a fix for a bug reported by Marek Sarvas 2010-07-26 08:11:28 +00:00
Miroslav Stampar
c39d819dd2 fix for a resume bug reported by Augusto Urbieta 2010-07-20 08:13:02 +00:00
Miroslav Stampar
6d11f86fdd update 2010-07-15 08:51:23 +00:00
Bernardo Damele
82bce81e28 Minor improvements 2010-07-02 13:38:52 +00:00
Bernardo Damele
dc8862a140 Updated 2010-07-01 10:46:59 +00:00
Bernardo Damele
3f2db471f5 Updated thanks 2010-06-30 13:27:07 +00:00
Bernardo Damele
d40a238335 Make --keep-alive public 2010-06-30 11:29:35 +00:00
Bernardo Damele
abc3c24d62 Update 2010-06-30 09:48:48 +00:00
Bernardo Damele
4bba59aaf5 Updated doc 2010-06-29 23:52:22 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Bernardo Damele
7cad3cbda6 Minor code refactoring 2010-06-28 13:47:20 +00:00
Bernardo Damele
887adfcf10 Minor adjustments to extra/ libraries 2010-06-09 21:43:22 +00:00
Miroslav Stampar
01f2dfe33f update 2010-06-04 17:08:32 +00:00
Bernardo Damele
080c71b903 Updated documentation 2010-06-02 16:19:43 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
2a1dd492f5 updated THANKS 2010-05-25 10:10:27 +00:00
Miroslav Stampar
d2c03c12fd updated thanks 2010-05-24 20:25:43 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
4c1ad7d8ce added Jose Fonseca (gprof2dot) to THANKS 2010-05-21 10:22:56 +00:00
Bernardo Damele
bffa06f2ca Updated user's manual 2010-05-20 10:08:17 +00:00
Bernardo Damele
b2c5807109 Updated 2010-05-12 22:02:18 +00:00
Bernardo Damele
74860fee2a Updated 2010-05-10 14:52:02 +00:00
Bernardo Damele
7b6050f3c1 Minor update 2010-05-06 14:18:25 +00:00
Bernardo Damele
8dbf89afe4 Minor update 2010-05-06 11:22:53 +00:00
Bernardo Damele
783c48f6e9 Merged history into user's manual 2010-05-06 11:09:03 +00:00
Bernardo Damele
7bf31f54b8 Updated history SGML file 2010-05-06 10:54:13 +00:00
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Bernardo Damele
107a900f51 Updated 2010-05-03 12:57:17 +00:00
Miroslav Stampar
d8e5585c66 fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError) 2010-04-29 08:30:29 +00:00
Bernardo Damele
a588b2020b Added history SGML file 2010-04-26 15:00:53 +00:00
Bernardo Damele
2665066dae Updated changelog file 2010-04-26 12:35:39 +00:00
Bernardo Damele
3087c27659 Updated doc 2010-04-22 10:37:58 +00:00
Bernardo Damele
e11d511cad Updated doc 2010-04-15 12:12:53 +00:00
Bernardo Damele
e0d0913fc6 Updated doc 2010-04-12 09:34:20 +00:00
Bernardo Damele
822d22299f Updated 2010-04-09 13:48:02 +00:00
Bernardo Damele
bd669dd6fa Updated 2010-04-06 10:32:56 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Bernardo Damele
f0f1176396 Updated THANKS 2010-03-23 21:24:31 +00:00
Bernardo Damele
9e8a108768 Updated 2010-03-22 15:43:38 +00:00
Miroslav Stampar
f1fde2e443 added basic skeleton for FAQ doc 2010-03-17 12:56:26 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
bfbf58b04e Generated new user's manual html and pdf 2010-03-13 22:07:08 +00:00
Bernardo Damele
ee89709042 Updated manual 2010-03-13 21:56:38 +00:00
Miroslav Stampar
4bef12a2b4 doc update 2010-03-13 14:35:56 +00:00
Bernardo Damele
c42c4982c3 Updated documentation according to r1460 2010-03-12 22:59:03 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Bernardo Damele
054a4aaee7 Updated documentation, almost ready for 0.8 release! 2010-03-12 17:43:38 +00:00
Bernardo Damele
b50a2288f4 Minor layout adjustments 2010-03-11 23:54:07 +00:00
Bernardo Damele
b344a70ba1 Updated changelog 2010-03-11 01:10:55 +00:00
Bernardo Damele
4d53b17320 Updated THANKS 2010-03-10 22:08:54 +00:00
Bernardo Damele
6712b19df2 Updated ChangeLog 2010-03-10 01:14:23 +00:00
Bernardo Damele
8593741358 Minor bug fix 2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
d618964ab6 more time adjustments 2010-03-05 14:30:50 +00:00
Miroslav Stampar
45fc58d267 update 2010-03-05 14:24:54 +00:00
Miroslav Stampar
071e897f4e minor time adjustments 2010-03-05 14:09:20 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00
Bernardo Damele
20d8275f0e Minor doc adjustment 2010-03-05 10:20:45 +00:00
Bernardo Damele
5209b5929f update 2010-03-04 17:38:00 +00:00
Miroslav Stampar
5334a40451 added description for --flush-session option 2010-03-04 13:17:11 +00:00
Bernardo Damele
a839566bb2 Added a link 2010-03-04 12:44:23 +00:00
Bernardo Damele
63880e3121 update 2010-03-03 22:02:48 +00:00
Bernardo Damele
1c7943f7b1 Update 2010-03-03 18:58:27 +00:00
Bernardo Damele
1704c73892 Update 2010-03-03 16:25:03 +00:00
Bernardo Damele
e774578180 Updated documentation 2010-03-03 15:16:43 +00:00
Miroslav Stampar
759b720425 documentation update 2010-03-03 13:59:29 +00:00
Miroslav Stampar
ddd8b277a6 updates, added #TODO marks for parts which have to be updated 2010-03-02 12:07:54 +00:00
Miroslav Stampar
0acef530ce update 2010-03-01 10:51:17 +00:00
Bernardo Damele
dd3f65f0fb Updated ChangeLog 2010-02-26 15:37:24 +00:00
Bernardo Damele
3c34066d19 Added newly compiled PostgreSQL UDFs for Windows 2010-02-20 20:59:13 +00:00
Bernardo Damele
16599cf2cf typo fix 2010-02-16 22:54:22 +00:00
Bernardo Damele
7e0c411c0e Updated THANKS file 2010-02-11 23:46:50 +00:00
Miroslav Stampar
bc0eb880df fix for that -- bug 2010-02-08 11:44:32 +00:00
Miroslav Stampar
4e6af8d6c9 some syntax corrections 2010-02-08 09:10:32 +00:00
Bernardo Damele
22995787d1 Updated THANKS file 2010-02-04 15:24:13 +00:00
Bernardo Damele
9ed0744510 Added some error messages to detect back-end DBMS 2010-01-30 22:24:20 +00:00
Bernardo Damele
267cf5dd1a Updated documentation 2010-01-30 00:08:10 +00:00
Bernardo Damele
7b8316728c Major bug fix in takeover functionalities on Microsoft SQL Server 2010-01-29 00:09:05 +00:00
Bernardo Damele
c6cae7da41 Updated changelog 2010-01-28 23:10:54 +00:00
Bernardo Damele
b4ce8fe361 Updated ChangeLog file 2010-01-18 15:43:06 +00:00
Bernardo Damele
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
055b14a11a Updated Changelog 2010-01-13 12:14:29 +00:00
Bernardo Damele
473024bd6e Newline 2010-01-04 14:03:31 +00:00
Miroslav Stampar
6319eb6e5c just added PGP Key ID 2010-01-04 13:08:40 +00:00
Bernardo Damele
232f927dd0 Slightly updated the documentation 2010-01-04 12:53:58 +00:00
Bernardo Damele
d5b1863dec Updated documentation and svn properties 2010-01-02 02:07:28 +00:00
Bernardo Damele
c1c14dabd9 Minor bug fix 2009-12-21 11:21:18 +00:00
Bernardo Damele
e6c4154cac Fixed minor bug in --reg-del 2009-12-21 11:04:54 +00:00
Bernardo Damele
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 2009-12-17 22:04:01 +00:00
Bernardo Damele
c332c72808 Minor update to user's manual to reflect new Metasploit release 2009-11-17 23:36:18 +00:00
Bernardo Damele
aa14bea051 Test again 2009-11-01 12:30:30 +00:00
Bernardo Damele
e518ae82e4 Testing post-commit hook on redmine 2009-11-01 12:28:33 +00:00
Bernardo Damele
bfd8128693 Updated name 2009-11-01 12:10:29 +00:00
Bernardo Damele
de68a499f5 Typo fix 2009-11-01 12:08:46 +00:00
Bernardo Damele
bb123b2769 Updated changelog 2009-10-23 10:20:47 +00:00
Bernardo Damele
f1a7d095aa Minor patch to make the PHP web backdoor work also on Windows 2009-10-22 16:25:19 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c Minor bug fix in MSSQL version fingerprint 2009-08-11 09:16:20 +00:00
Bernardo Damele
14578a7a4d Updated THANKS file 2009-07-30 12:02:34 +00:00
Bernardo Damele
e608a5ca55 Updated THANKS file 2009-07-29 10:44:56 +00:00
Bernardo Damele
2c98c11e80 user's manual PDF recreated 2009-07-25 16:46:30 +00:00
Bernardo Damele
45e3ce798f Updated documentation with all new features introduced since sqlmap 0.7-rc1 2009-07-25 14:31:44 +00:00
Bernardo Damele
576cc97742 Minor update to the user's manual, almost there to release 0.7 stable! 2009-07-25 00:25:59 +00:00
Bernardo Damele
b2b2ec8a26 Preparing to release sqlmap 0.7 stable 2009-07-24 23:20:57 +00:00
Bernardo Damele
24a3a23159 Minor bug fix to --dbms, updated user's manual 2009-07-09 11:05:24 +00:00
Bernardo Damele
bc31bd1dd9 Minor bug fix 2009-06-29 10:13:39 +00:00
Bernardo Damele
fd7de4bbb8 Updated THANKS file 2009-06-24 13:57:50 +00:00
Bernardo Damele
cfd8a83655 Minor adjustment to get also the port when parsing burp logs 2009-06-04 14:36:31 +00:00
Bernardo Damele
81d1a767ac Minor bug fix in output manager (dumper) object 2009-05-20 13:56:23 +00:00
Bernardo Damele
37d3b3adda Updated THANKS 2009-05-20 09:58:22 +00:00
Bernardo Damele
f7ee4d578e Updated THANKS file 2009-05-19 15:56:30 +00:00
Bernardo Damele
e8c115500d Now it works also on Mac OS X 2009-04-30 10:46:50 +00:00
Bernardo Damele
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
69259c5984 Updated THANKS 2009-04-23 08:42:57 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
207e96e2b2 Major bug fix in the comparison algorithm to correctly handle also the
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
c405fb51ab PDF regenerated 2009-02-04 16:32:06 +00:00
Bernardo Damele
b12d955274 Updated packaging scripts, site and finalized the documentation to release version 0.6.4 2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4 Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs 2009-02-02 23:44:19 +00:00
Bernardo Damele
9ab174a444 Almost ready with the user's manual for 0.6.4 release 2009-02-01 13:44:44 +00:00
Bernardo Damele
77d9d22ceb Minor update to the user's manual 2009-02-01 00:20:08 +00:00
Bernardo Damele
6054090191 sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying. 2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031 Avoid DeprecationWarning with Python 2.6+ 2009-01-22 23:53:01 +00:00
Bernardo Damele
193482a62b Updated user's manual 2009-01-22 23:44:44 +00:00
Bernardo Damele
981c7a4428 Updated Microsoft SQL Server XML signature db 2009-01-22 22:30:45 +00:00
Bernardo Damele
7adbf5892d Updated user's manual 2009-01-19 23:45:54 +00:00
Bernardo Damele
8f973ce574 Minor layout adjustments 2009-01-18 22:36:48 +00:00
Bernardo Damele
bc3b4c6936 Minor layout adjustments in the user's manual 2009-01-13 23:16:34 +00:00
Bernardo Damele
9c125a2b57 Minor improvement to use Python ConfigParser library when --save if specified.
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
6ff8feb5cf Updated documentation 2009-01-03 01:25:43 +00:00
Bernardo Damele
c1010c20d8 Minor adjustments 2008-12-30 21:24:01 +00:00
Bernardo Damele
0e9873fd4f Preparing documentation for 0.6.4 2008-12-29 18:44:20 +00:00
Bernardo Damele
b0ad102efb Better fingerprint technique for Microsoft SQL Server 2008-12-22 23:32:43 +00:00
Bernardo Damele
64bb57d786 Minor bug fix to make the Partial UNION query SQL injection technique
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
4ae464c80d Minor enhancement to support an option (--union-tech) to specify the
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
374b9ba878 Updated documentation based upon recent developments 2008-12-21 16:35:45 +00:00
Bernardo Damele
7e8ac16245 Added preventive check for stacked queries support when executing DDL,
DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947 Ahead with the improvements to the comparison algorithm.
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
3fe493b63d Minor enhancement to support an option (--is-dba) to show if the
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751 Major bug fix to avoid tracebacks when multiple targets are specified and one
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
2efb3ae2ba Documentation updated, now ready for 0.6.3 release 2008-12-17 23:26:14 +00:00
Bernardo Damele
bb9079aa9d Minor documentation adjustments 2008-12-17 20:58:19 +00:00
Bernardo Damele
94c79e3209 Updated documentation 2008-12-17 20:17:34 +00:00
Bernardo Damele
ec11f502df Site and documentation updated, ready to release 0.6.3 in two days 2008-12-17 00:19:01 +00:00
Bernardo Damele
36d9ede001 Updated documentation, ready for sqlmap 0.6.3 release 2008-12-16 23:52:16 +00:00
Bernardo Damele
2b0ec1868d Updated documentation 2008-12-16 21:31:15 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
072eb7154c Major enhancement to support Partial UNION query SQL injection technique too.
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
15542d2772 Minor layout adjustment 2008-12-05 16:00:18 +00:00
Bernardo Damele
38c9627700 Minor enhancemet to support also --regexp, --excl-str and --excl-reg
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7 sqlmap 0.6.3-rc4:
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
f97585c593 Show also SVN revision in error message when a traceback raises.
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
3cf1658532 Increased default output level from 0 to 1 2008-12-01 23:07:41 +00:00
Bernardo Damele
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
8f74fe2ce9 Added new HTTP response headers on which fingerprint web app technology and web server OS.
Updated documentation.
2008-11-19 15:33:39 +00:00
Bernardo Damele
727664aea7 Minor enhancement to fingerprint the web server operating system and
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
654aecedfe Minor layout adjustments, minor fixes and updated changelog 2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.

Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
84cbc60659 Major bug fix to correctly handle httplib.BadStatusLine exception.
Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual.
2008-11-15 12:25:19 +00:00
Bernardo Damele
0bd5b52d95 Minor fixes 2008-11-13 00:03:04 +00:00
Bernardo Damele
ecc4a98071 Properly moved and improved inject.goStacked() function and newly
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
0c5d3df546 sqlmap 0.6.3-rc1:
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
544ced52b5 Name adjustment 2008-11-04 19:56:07 +00:00
Bernardo Damele
2a01de3f0b Minor bug fix to correctly dump table entries when the column is provided 2008-11-04 19:54:44 +00:00
Bernardo Damele
be599d5a33 Updated documentation and minor fix in update functionality 2008-11-04 16:33:13 +00:00
Bernardo Damele
359b28bbaf Updated documentation 2008-11-04 16:09:12 +00:00
Bernardo Damele
278f0aad7c Documentation updated 2008-11-03 01:23:55 +00:00
Bernardo Damele
95d2a0fcd1 Updated documentation 2008-11-02 22:25:48 +00:00
Bernardo Damele
04474e3232 Updated ChangeLog 2008-11-02 22:20:02 +00:00
Bernardo Damele
de980ae79f Updated site and doc to 0.6.2 2008-11-02 20:23:06 +00:00
Bernardo Damele
3d81f60962 Updated documentation 2008-11-02 19:29:50 +00:00
Bernardo Damele
09ca578ca1 Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option; 2008-11-02 18:17:12 +00:00
Bernardo Damele
7ad9639ed0 Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3 2008-10-29 15:32:12 +00:00
Bernardo Damele
a19229cbd8 Updated documentation 2008-10-29 11:42:04 +00:00
Bernardo Damele
5e47518983 Minor layout fix 2008-10-28 00:09:03 +00:00
Bernardo Damele
4eef34c532 Updated documentation 2008-10-28 00:08:00 +00:00
Bernardo Damele
5d5bfaf3db Updated changelog 2008-10-26 20:07:22 +00:00
Bernardo Damele
56383cfaad Updated documentation and removed svn:keyword 2008-10-26 19:12:17 +00:00
Bernardo Damele
fcc16b2346 Updated site, documentation (dev and user) and packaging scripts for 0.6.1 2008-10-20 13:43:18 +00:00
Bernardo Damele
fe6e29fbf6 Minor updates to the user's manual, need still to write on new enhancements 2008-10-17 15:50:36 +00:00
Bernardo Damele
016118ce7a Some more fixes and adjustments before 0.6.1 release. 2008-10-17 15:26:43 +00:00
Bernardo Damele
66136b48c0 Minor fixes.. should work also for Cookie now the % parsing 2008-10-17 11:51:12 +00:00
Bernardo Damele
41f8acf0fd Updated documentation 2008-10-16 15:41:26 +00:00
Bernardo Damele
e5aa557bd4 Minor fix 2008-10-16 15:39:25 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00