Commit Graph

273 Commits

Author SHA1 Message Date
Bernardo Damele
d4d26b59eb Merged UDF Linux and Windows development environments 2010-01-14 01:51:20 +00:00
Bernardo Damele
1100b37feb Minor adjustments to UDF source code and file system structure 2010-01-14 00:46:48 +00:00
Bernardo Damele
2915b5d7e9 Partial cleanup of UDF source code path 2010-01-13 23:18:17 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...)
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
f3e8d6db70 Fixed MySQL comment injection 2009-05-01 16:29:45 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
d54a51a328 Updated the HTML manual for the MySQL UDF and consequently other files. Thanks Roland! 2009-01-22 21:28:56 +00:00
Bernardo Damele
69204afe1f Updated copyright 2009-01-22 00:41:57 +00:00
Bernardo Damele
9631dc115e Added PostgreSQL UDF to execute commands on the underlying system:
* sys_eval() to return the standard output
* sys_exec() to return the exit status

Inspired by lib_mysqludf_sys 0.0.3 (https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/mysqludfsys/)
2009-01-22 00:35:17 +00:00
Bernardo Damele
ae0f1985f3 Updated also the patch file 2009-01-21 20:54:14 +00:00
Bernardo Damele
deeccf9b5e Updated tar.gz package 2009-01-21 00:53:10 +00:00
Bernardo Damele
1c5925ea2b Minor adjustments 2009-01-21 00:52:23 +00:00
Bernardo Damele
96db179ffe Minor adjustment 2009-01-19 21:26:02 +00:00
Bernardo Damele
161590e121 Added MySQL UDF to execute commands on the underlying system:
* sys_eval() to return the standard output
* sys_exec() to return the exit status

It's a patched version of http://mysqludf.org/lib_mysqludf_sys/index.php
2009-01-17 00:13:16 +00:00
Bernardo Damele
73e713c5ba Minor adjustments 2009-01-12 23:59:07 +00:00
Bernardo Damele
26cb082fc3 Added a README for dbgtool 2009-01-12 23:17:15 +00:00
Bernardo Damele
de393628d0 Added dbgtool to extras, a port in python of toolcrypt.org dbgtool. Inspired by sqlninja perl script makescr.pl. 2009-01-12 23:02:02 +00:00
Bernardo Damele
bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. 2008-12-12 19:06:31 +00:00
Bernardo Damele
fee52bce3e Minor improvements to sqlmap msf3 auxiliary modules based on Efrain Torres' commit on msf3 trunk, http://metasploit.com/dev/trac/changeset/5787 2008-10-25 19:43:13 +00:00
Bernardo Damele
fcc16b2346 Updated site, documentation (dev and user) and packaging scripts for 0.6.1 2008-10-20 13:43:18 +00:00
Bernardo Damele
016118ce7a Some more fixes and adjustments before 0.6.1 release. 2008-10-17 15:26:43 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00