Commit Graph

480 Commits

Author SHA1 Message Date
Bernardo Damele
4550fa9e40 update 2011-07-24 22:43:22 +00:00
Miroslav Stampar
ff8fc90ac7 bug fix 2011-07-13 06:44:15 +00:00
Miroslav Stampar
a46b5230f5 minor "patch" 2011-07-11 20:33:16 +00:00
Bernardo Damele
86d28947aa updated 2011-07-11 10:07:36 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808 minor minor update 2011-07-10 15:41:45 +00:00
Miroslav Stampar
b3acaf85d8 minor update 2011-07-10 08:58:55 +00:00
Bernardo Damele
3985a81cb9 Update email addresses 2011-07-08 13:39:47 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
736327c893 Added two tamper scripts contributed by Roberto Salgado 2011-07-07 18:45:07 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
f434c3b29e update of THANKS file 2011-06-24 19:06:08 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
019f4d344a update of THANKS file 2011-06-21 21:03:50 +00:00
Miroslav Stampar
d9015ed800 fix for a bug reported by krasn@deventum.com 2011-06-20 13:25:19 +00:00
Bernardo Damele
d7da71ce8e politeness 2011-06-20 09:10:04 +00:00
Bernardo Damele
4b94ef2b7c A little bit more polite 2011-06-18 13:03:55 +00:00
Miroslav Stampar
ca8a60dd7a update of doc/THANKS 2011-06-15 19:04:43 +00:00
Miroslav Stampar
60ecf95383 fix for a bug reported by seyi.akin@gmail.com 2011-06-14 08:40:25 +00:00
Miroslav Stampar
03d6031fe7 update of doc/THANKS file 2011-06-09 09:09:52 +00:00
Bernardo Damele
6d2c97d06f updated thanks file 2011-06-08 10:44:55 +00:00
Miroslav Stampar
75c12c5edb fix for a bug reported by cclements@flatearth.​net (TypeError: argument of type 'NoneType' is not iterable) 2011-06-07 21:46:49 +00:00
Miroslav Stampar
e7e23d1b79 fix for a Ctrl+C bug reported by nightman@email.de 2011-06-07 17:16:01 +00:00
Miroslav Stampar
24ed99e5a3 fix for a bug reported by aboynes@gmail.com 2011-06-06 08:50:48 +00:00
Miroslav Stampar
46ceb14f37 update of doc/THANKS 2011-05-26 13:49:42 +00:00
Miroslav Stampar
9077eadf23 update of doc/THANKS 2011-05-26 08:22:52 +00:00
Miroslav Stampar
0072c3af8e fix for a bug reported by aboynes@gmail.com (for elt in self.a) 2011-05-24 15:03:21 +00:00
Miroslav Stampar
2b12b18357 incorporating metasploit patch from oliver.kuckertz@mologie.de 2011-05-23 15:27:10 +00:00
Miroslav Stampar
d2221e4604 fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...) 2011-05-16 00:23:50 +00:00
Bernardo Damele
49b925772b Minor update 2011-05-10 10:56:06 +00:00
Bernardo Damele
6e784e766b Minor bug fix 2011-05-07 21:20:47 +00:00
Miroslav Stampar
d2a71d647b minor update 2011-05-06 13:38:58 +00:00
Miroslav Stampar
9652efa995 minor update 2011-05-06 13:34:03 +00:00
Miroslav Stampar
079ddf84b2 updating FAQ 2011-05-06 11:19:49 +00:00
Bernardo Damele
2976ed7e90 Updated user's manual, added details about URI injection 2011-05-03 14:47:01 +00:00
Bernardo Damele
b2f6ce9716 updated documentation 2011-05-03 10:57:55 +00:00
Miroslav Stampar
845618934d update of doc/THANKS 2011-05-02 18:20:37 +00:00
Miroslav Stampar
900ee0ff93 fix for a major bug reported by k1971@live.co.uk (1..9 99..) 2011-05-01 15:47:00 +00:00
Bernardo Damele
ebe631ea57 doc update 2011-05-01 00:43:42 +00:00
Miroslav Stampar
41fc9f9d54 fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2') 2011-04-30 22:41:54 +00:00
Bernardo Damele
2f2758b033 Long form contributor name 2011-04-30 14:51:06 +00:00
Bernardo Damele
d3ed3268c3 minor adjustments 2011-04-28 21:17:06 +00:00
Bernardo Damele
8e63e1b70d more people to thanks 2011-04-28 21:15:15 +00:00
Bernardo Damele
3e66dae103 as we don't use UPX anymore.. 2011-04-28 20:54:21 +00:00
Bernardo Damele
6d07dddf60 updated doc and minor layout adjustments 2011-04-21 21:53:35 +00:00
Miroslav Stampar
c6a0209649 update of THANKS file 2011-04-18 14:01:45 +00:00
Miroslav Stampar
ad53e3f551 update of doc/THANKS 2011-04-17 07:39:49 +00:00
Bernardo Damele
d462937a2e added a contributor 2011-04-14 12:42:09 +00:00
Miroslav Stampar
f435f37d71 update of THANKS file 2011-04-12 15:54:00 +00:00
Bernardo Damele
30377621b8 slight update 2011-04-11 00:33:42 +00:00
Bernardo Damele
2f8ddd156c done with the manual 2011-04-11 00:23:47 +00:00
Bernardo Damele
9840a0491d more doc updates 2011-04-10 20:31:29 +00:00
Bernardo Damele
fe16360acb more doc updates 2011-04-10 13:28:14 +00:00
Bernardo Damele
64fcc88be5 typo 2011-04-08 10:26:03 +00:00
Bernardo Damele
1be7f859c6 Minor updates 2011-04-08 10:25:37 +00:00
Miroslav Stampar
bcc4c52cf7 minor update 2011-04-08 10:21:45 +00:00
Bernardo Damele
159789ba81 More user's manual updates 2011-04-08 10:20:42 +00:00
Bernardo Damele
d305183447 More updates to user's manual 2011-04-08 09:50:34 +00:00
Bernardo Damele
bac53eeef1 Allow --dump-all to accept -D switch in order to dump all tables' entries for only one (or more, comma-separated) specified database(s) 2011-04-07 22:08:10 +00:00
Miroslav Stampar
b288e5ef57 implemented DNS caching mechanism 2011-04-07 21:39:18 +00:00
Bernardo Damele
1880f18367 Minor layout adjustments 2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c Refactoring to --technique 2011-04-07 10:00:47 +00:00
Bernardo Damele
287f74dbd2 update 2011-04-06 14:59:51 +00:00
Bernardo Damele
72555f3b28 user's manual updated.. we are getting close to 0.9 stable, stay tuned! 2011-04-06 08:21:13 +00:00
Bernardo Damele
a1bde071d8 Minor adjustments 2011-04-04 09:26:20 +00:00
Miroslav Stampar
e27afef6be minor update regarding --current-db on Oracle 2011-04-01 15:56:11 +00:00
Bernardo Damele
60afd80460 Change of release date to unknown 2011-03-31 13:06:30 +00:00
Bernardo Damele
19a6f86954 Minor update 2011-03-27 16:37:57 +00:00
Miroslav Stampar
08d052d9b8 minor update of THANKS file 2011-03-27 13:45:19 +00:00
Miroslav Stampar
d2eb4c6a39 update of THANKS file 2011-03-26 21:48:36 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
cbfb10cbd1 fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...) 2011-03-21 16:43:46 +00:00
Miroslav Stampar
7b1021d100 minor update of THANKS file 2011-03-21 13:18:00 +00:00
Miroslav Stampar
f8a2cf0497 minor THANKS update 2011-03-21 09:53:34 +00:00
Bernardo Damele
f7c1b7dc5f Updated 2011-03-21 00:39:54 +00:00
Miroslav Stampar
36233fac42 update regarding a feature request from andyroyalbattle@yahoo.it 2011-03-18 16:35:30 +00:00
Bernardo Damele
3edb30968b Pff.. just layout 2011-03-17 12:37:50 +00:00
Miroslav Stampar
1879a49506 fix for a bug reported by andreoaz@gmail.com 2011-03-10 20:40:12 +00:00
Miroslav Stampar
8e7c3b4666 update of THANKS file 2011-03-07 21:29:06 +00:00
Bernardo Damele
da6a87af43 update 2011-02-28 16:59:39 +00:00
Bernardo Damele
50ba0fa955 More adjustments 2011-02-28 16:14:09 +00:00
Bernardo Damele
021fce5601 Should be done with the ChangeLog - ready for 0.9.
Minor adjustments to user's manual too.
2011-02-28 15:23:05 +00:00
Bernardo Damele
b47d3e1da3 Huge update to user's manual. A lot to be done yet. 2011-02-27 12:19:32 +00:00
Bernardo Damele
6e1a08a805 Documentation update 2011-02-19 21:08:18 +00:00
Bernardo Damele
808b03fc3e Minor reordering 2011-02-14 02:08:11 +00:00
Bernardo Damele
f0f5d3d3e8 Began with the update of the user's manual for 0.9 2011-02-07 00:55:10 +00:00
Bernardo Damele
1bc2ee2fbf Updated 2011-02-06 15:44:27 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
1e8eb27156 update of doc/THANKS 2011-02-04 14:07:54 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
9fc0bedea8 Minor bug fixes 2011-01-30 21:01:57 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
3bb4ea2c7a THANKS update 2011-01-25 22:29:36 +00:00
Miroslav Stampar
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) 2011-01-25 11:02:41 +00:00
Bernardo Damele
ceca64193b Updated 2011-01-24 14:46:41 +00:00
Bernardo Damele
c1f6bf2eda Updated 2011-01-18 23:14:35 +00:00
Miroslav Stampar
bdcb10cdab added MSSQL time based vector 2011-01-18 02:05:18 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Bernardo Damele
f209b7a65e Updated 2011-01-14 09:56:55 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
1297df66da fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) 2011-01-06 08:04:59 +00:00
Miroslav Stampar
aa81ed4033 implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) 2011-01-04 15:49:20 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
8067365b93 fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') 2010-12-20 23:47:53 +00:00
Miroslav Stampar
e3fa3b0e8e fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint') 2010-12-17 07:48:32 +00:00
Miroslav Stampar
5aee1fd8e0 updated THANKS file 2010-12-08 21:19:46 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle 2010-11-17 17:20:32 +00:00
Bernardo Damele
a9152c6723 Updated doc 2010-11-14 22:36:54 +00:00
Bernardo Damele
5e41cd07a3 Updated doc 2010-11-13 23:31:18 +00:00
Bernardo Damele
306e96331d Updated doc 2010-11-12 10:00:49 +00:00
Bernardo Damele
0c8918bf07 Minor bug fix, thanks Alex 2010-11-08 12:45:23 +00:00
Miroslav Stampar
14e9425673 update of doc/THANKS 2010-11-05 16:09:30 +00:00
Miroslav Stampar
7d12dbff41 update of THANKS 2010-11-05 11:36:43 +00:00
Miroslav Stampar
71d0b1bcd7 several bug fixes 2010-11-03 21:51:36 +00:00
Miroslav Stampar
861706fb31 fix for bug reported by ToR (unknown charset 'utf-8, text/html') 2010-11-02 18:01:10 +00:00
Miroslav Stampar
73b33ed765 fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic 2010-11-01 20:56:13 +00:00
Miroslav Stampar
d75578c81f some update regarding common tables 2010-10-29 09:00:51 +00:00
Bernardo Damele
ed1f2da43f Updated 2010-10-27 21:05:58 +00:00
Bernardo Damele
7715ba778b Updated 2010-10-27 14:41:03 +00:00
Bernardo Damele
4ab3edfc94 Updated 2010-10-25 23:40:19 +00:00
Miroslav Stampar
c7578d4ea1 update of THANKS 2010-10-25 16:07:03 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
c5fb4edf3e update of THANKS 2010-10-23 09:25:34 +00:00
Miroslav Stampar
a8e42a4f2b bug fix 2010-10-23 06:42:21 +00:00
Bernardo Damele
e5485a9958 Updated doc 2010-10-20 22:14:52 +00:00
Bernardo Damele
22ed09a358 Updated 2010-10-20 21:52:33 +00:00
Bernardo Damele
cfa5655150 Updated changelog 2010-10-16 22:23:53 +00:00
Miroslav Stampar
5c3d21065a bug fix (reported by nightman) 2010-10-16 21:29:35 +00:00
Miroslav Stampar
2b60304933 update 2010-10-16 21:19:44 +00:00
Bernardo Damele
bd3a791f23 Updated documentation 2010-10-15 10:29:53 +00:00
Miroslav Stampar
2198a60684 bug fix (reported by james@ev6.net) 2010-10-10 20:51:11 +00:00
Miroslav Stampar
0ad8090ad8 fix for a google bug reported by Brandon E. 2010-10-01 08:03:39 +00:00
Miroslav Stampar
87abec16bd probable fix for a bug reported by Prashant Jadhav 2010-09-30 18:52:33 +00:00
Miroslav Stampar
7a7938a6da updated THANKS 2010-08-22 08:53:30 +00:00
Miroslav Stampar
526aebc84c small fix 2010-08-15 21:10:19 +00:00
Miroslav Stampar
f9752137f0 update of THANKS file 2010-08-08 22:28:01 +00:00
Miroslav Stampar
468eeb6ccf update of THANKS 2010-08-08 21:49:27 +00:00
Miroslav Stampar
1d8953ebdb update of THANKS file 2010-08-08 21:25:21 +00:00
Miroslav Stampar
6a6ff09c9a fix for a bug reported by Marek Sarvas 2010-07-26 08:11:28 +00:00
Miroslav Stampar
c39d819dd2 fix for a resume bug reported by Augusto Urbieta 2010-07-20 08:13:02 +00:00
Miroslav Stampar
6d11f86fdd update 2010-07-15 08:51:23 +00:00
Bernardo Damele
82bce81e28 Minor improvements 2010-07-02 13:38:52 +00:00
Bernardo Damele
dc8862a140 Updated 2010-07-01 10:46:59 +00:00
Bernardo Damele
3f2db471f5 Updated thanks 2010-06-30 13:27:07 +00:00
Bernardo Damele
d40a238335 Make --keep-alive public 2010-06-30 11:29:35 +00:00
Bernardo Damele
abc3c24d62 Update 2010-06-30 09:48:48 +00:00
Bernardo Damele
4bba59aaf5 Updated doc 2010-06-29 23:52:22 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Bernardo Damele
7cad3cbda6 Minor code refactoring 2010-06-28 13:47:20 +00:00
Bernardo Damele
887adfcf10 Minor adjustments to extra/ libraries 2010-06-09 21:43:22 +00:00
Miroslav Stampar
01f2dfe33f update 2010-06-04 17:08:32 +00:00
Bernardo Damele
080c71b903 Updated documentation 2010-06-02 16:19:43 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta.
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
2a1dd492f5 updated THANKS 2010-05-25 10:10:27 +00:00
Miroslav Stampar
d2c03c12fd updated thanks 2010-05-24 20:25:43 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
4c1ad7d8ce added Jose Fonseca (gprof2dot) to THANKS 2010-05-21 10:22:56 +00:00
Bernardo Damele
bffa06f2ca Updated user's manual 2010-05-20 10:08:17 +00:00
Bernardo Damele
b2c5807109 Updated 2010-05-12 22:02:18 +00:00
Bernardo Damele
74860fee2a Updated 2010-05-10 14:52:02 +00:00
Bernardo Damele
7b6050f3c1 Minor update 2010-05-06 14:18:25 +00:00
Bernardo Damele
8dbf89afe4 Minor update 2010-05-06 11:22:53 +00:00
Bernardo Damele
783c48f6e9 Merged history into user's manual 2010-05-06 11:09:03 +00:00
Bernardo Damele
7bf31f54b8 Updated history SGML file 2010-05-06 10:54:13 +00:00
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Bernardo Damele
107a900f51 Updated 2010-05-03 12:57:17 +00:00
Miroslav Stampar
d8e5585c66 fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError) 2010-04-29 08:30:29 +00:00
Bernardo Damele
a588b2020b Added history SGML file 2010-04-26 15:00:53 +00:00
Bernardo Damele
2665066dae Updated changelog file 2010-04-26 12:35:39 +00:00
Bernardo Damele
3087c27659 Updated doc 2010-04-22 10:37:58 +00:00
Bernardo Damele
e11d511cad Updated doc 2010-04-15 12:12:53 +00:00
Bernardo Damele
e0d0913fc6 Updated doc 2010-04-12 09:34:20 +00:00
Bernardo Damele
822d22299f Updated 2010-04-09 13:48:02 +00:00
Bernardo Damele
bd669dd6fa Updated 2010-04-06 10:32:56 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Bernardo Damele
f0f1176396 Updated THANKS 2010-03-23 21:24:31 +00:00
Bernardo Damele
9e8a108768 Updated 2010-03-22 15:43:38 +00:00
Miroslav Stampar
f1fde2e443 added basic skeleton for FAQ doc 2010-03-17 12:56:26 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
bfbf58b04e Generated new user's manual html and pdf 2010-03-13 22:07:08 +00:00
Bernardo Damele
ee89709042 Updated manual 2010-03-13 21:56:38 +00:00
Miroslav Stampar
4bef12a2b4 doc update 2010-03-13 14:35:56 +00:00
Bernardo Damele
c42c4982c3 Updated documentation according to r1460 2010-03-12 22:59:03 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Bernardo Damele
054a4aaee7 Updated documentation, almost ready for 0.8 release! 2010-03-12 17:43:38 +00:00
Bernardo Damele
b50a2288f4 Minor layout adjustments 2010-03-11 23:54:07 +00:00
Bernardo Damele
b344a70ba1 Updated changelog 2010-03-11 01:10:55 +00:00
Bernardo Damele
4d53b17320 Updated THANKS 2010-03-10 22:08:54 +00:00
Bernardo Damele
6712b19df2 Updated ChangeLog 2010-03-10 01:14:23 +00:00
Bernardo Damele
8593741358 Minor bug fix 2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
d618964ab6 more time adjustments 2010-03-05 14:30:50 +00:00
Miroslav Stampar
45fc58d267 update 2010-03-05 14:24:54 +00:00
Miroslav Stampar
071e897f4e minor time adjustments 2010-03-05 14:09:20 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00