sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
7,483 Commits 4 Branches 117 Tags 97 MiB
640e605412
Commit Graph

1130 Commits

Author SHA1 Message Date
Bernardo Damele
5c64a31a9c works now.. can upload arbitrary files via powershell now, closes #742 2014-07-01 00:26:59 +01:00
Bernardo Damele
3e431ec202 working on allowing large files to be uploaded via powershell - issue #742 2014-06-30 23:53:04 +01:00
Bernardo Damele
1218e694ef more on issue #742 2014-06-30 20:43:48 +01:00
Bernardo Damele
8ce98ae22c more on issue #742 2014-06-30 20:43:02 +01:00
Bernardo Damele
0c1b3f2dbc more on issue #742 2014-06-30 20:39:21 +01:00
Bernardo Damele
ce67156d80 trying some more encoding as the file wasnt exactly the same - issue #742 2014-06-30 20:26:05 +01:00
Bernardo Damele
3ec37b14a6 trying some more encoding as the file wasnt exactly the same - issue #742 2014-06-30 20:23:57 +01:00
Bernardo Damele
9c583bc96e trying some more encoding as the file wasnt exactly the same - issue #742 2014-06-30 20:23:01 +01:00
Bernardo Damele
5c4c4c6abe minor cleanup, prefer powershell to the other two techniques to upload files - issue #742 2014-06-30 19:11:01 +01:00
Bernardo Damele
fcc50193b3 working on #742 - working on it 2014-06-30 18:50:33 +01:00
Bernardo Damele
4be0b366eb working on #742 - working on it 2014-06-30 18:38:18 +01:00
Bernardo Damele
6999c3413c working on #742 - working on it 2014-06-30 18:26:40 +01:00
Bernardo Damele
aa076013a7 working on #742 - minor fixes 2014-06-30 18:18:14 +01:00
Bernardo Damele
563c73c4c7 working on #742 - code cleanup 2014-06-30 18:09:11 +01:00
Bernardo Damele
94c09019fd working on #742 - missing import 2014-06-30 18:07:45 +01:00
Bernardo Damele
cd260a7470 working on #742 - powershell support for file write on MSSQL 2014-06-30 18:06:19 +01:00
Bernardo Damele
e2aed41c6f minor fixed 2014-06-30 17:30:20 +01:00
Miroslav Stampar
ac43051df2 Patch for an Issue #553 2014-06-23 21:24:45 +02:00
Miroslav Stampar
11dee4c8cd Patch for an Issue #731 2014-06-22 00:19:10 +02:00
Miroslav Stampar
2beeb178fb Minor patch 2014-06-12 08:56:50 +02:00
Miroslav Stampar
65c4ea1562 Minor update 2014-05-20 22:30:53 +02:00
Miroslav Stampar
401f896175 Patch related to the Issue #696 2014-05-20 13:44:10 +02:00
Miroslav Stampar
67115ed558 Minor fix (for a bug reported via ML) 2014-05-17 15:00:09 +02:00
Miroslav Stampar
c51e219cc1 Fix for an Issue #691 2014-05-15 19:39:18 +02:00
Miroslav Stampar
fc3c321b01 Minor update 2014-05-15 19:08:41 +02:00
Miroslav Stampar
e7bc57b00b Fix for an Issue #683 2014-05-04 20:44:11 +02:00
Miroslav Stampar
3beb1ae2a1 Trivial fix (backslashes should be escaped) 2014-04-06 18:15:06 +02:00
Miroslav Stampar
fca57da1cf Fix for --tables on HSQLDB 2014-03-07 15:57:41 +01:00
Miroslav Stampar
d05bfdd7dd Implementing option '--where' (Issue #605) 2014-02-11 16:20:45 +01:00
Miroslav Stampar
de8cb15350 Fix for an Issue #601 2014-02-05 15:11:39 +01:00
Miroslav Stampar
ab36e5a2f0 Fix for an Issue #597 2014-01-15 10:29:58 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
6863436d4e Implementation for an Issue #596 2014-01-13 10:05:56 +01:00
Bernardo Damele
a06a6de193 minor bug fix 2013-12-06 13:26:34 +00:00
Miroslav Stampar
b7244a07cb Changing testing payload for MsSQL (BINARY_CHECKSUM seems to be blocked in some cases) 2013-12-04 11:32:42 +01:00
Miroslav Stampar
24e67289c8 Bug fix 2013-11-25 11:57:20 +01:00
Miroslav Stampar
354aaeae5b Removing unused imports 2013-11-12 14:11:07 +01:00
Miroslav Stampar
2ee4b81a6e Minor fix 2013-10-18 15:59:25 +02:00
Miroslav Stampar
5aaf18f556 Minor update 2013-10-18 15:26:55 +02:00
Miroslav Stampar
7104e00c95 Minor update 2013-10-18 14:47:11 +02:00
Miroslav Stampar
7cb7c6361f Minor fix (Sybase Adaptive Server Anywhere doesn't have support for tempdb_id()) 2013-10-17 16:04:55 +02:00
Miroslav Stampar
ebccba922b Fix for an Issue #543 2013-10-16 11:25:55 +02:00
Miroslav Stampar
6a3d804af5 Minor update (display NULL instead of FALSE when non-query statement is sqlQueried) 2013-09-02 11:32:32 +02:00
Miroslav Stampar
3bbe02a714 Bug fix (0 datetime value not liked by direct connector) 2013-08-22 12:05:59 +02:00
Miroslav Stampar
5721f6007e Fix for an Issue #509 2013-08-18 01:24:40 +02:00
Miroslav Stampar
b2855e0281 Minor patch 2013-08-12 14:25:51 +02:00
Miroslav Stampar
de31688c4f Update for an Issue #481 2013-07-29 18:25:27 +02:00
stamparm
dbb0d7f700 Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used) 2013-07-19 13:24:35 +02:00
stamparm
e498694928 Fix for a NoneType/--columns issue reported over ML 2013-07-02 15:02:07 +02:00
Bernardo Damele
5882ab59d8 fixed #478 2013-07-01 22:30:59 +01:00
stamparm
f97b35dcc1 Patch for an Issue #475 2013-07-01 13:43:38 +02:00
stamparm
b9491317a6 Minor update (Issue #475) 2013-07-01 13:11:16 +02:00
stamparm
017ce22a2f Minor consistency patch (Issue #475) 2013-07-01 13:01:53 +02:00
Bernardo Damele
cfbed43066 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-07-01 11:54:35 +01:00
Bernardo Damele
6468211f65 tables and databases names on MSQLDB are capitalized 2013-07-01 11:54:31 +01:00
stamparm
5ff09aff63 Some more adjustments (Issue #475) 2013-07-01 12:50:12 +02:00
stamparm
4fb33bb26c Some more cleanup (Issue #475) 2013-07-01 12:11:09 +02:00
stamparm
b5e644694a Minor cleanup 2013-07-01 12:05:02 +02:00
stamparm
f7d15cb465 Official naming is HSQLDB (and/or HyperSQL) 2013-07-01 11:57:47 +02:00
Miroslav Stampar
aeb83ba651 Merge pull request #475 from Meatballs1/hsql_clean 
HSQL Payloads and Query Support
 2013-07-01 02:38:04 -07:00
stamparm
991cafc4e4 Minor refactoring 2013-06-26 13:53:42 +02:00
stamparm
c83cca4cd4 Minor patch 2013-06-26 13:49:34 +02:00
Meatballs
eb2012c599 Fix escaper 2013-06-24 23:50:33 +01:00
Meatballs
5b6c01d739 Escaper 2013-06-24 23:41:45 +01:00
Meatballs
a393b17513 modify fingerprint value 2013-06-24 15:12:37 +01:00
Meatballs
550693032b Remote whitespace in databases.py 2013-06-24 15:03:08 +01:00
Meatballs
b886e47b6d Add unimplemented files 2013-06-24 14:53:41 +01:00
Meatballs
62000c6406 Remaining files 2013-06-24 14:42:58 +01:00
Meatballs
d739d5062d hsql plugin folder 2013-06-24 14:34:25 +01:00
Miroslav Stampar
95ed6b7203 Minor patch (Issue #470) 2013-06-24 14:37:45 +02:00
Miroslav Stampar
92dfb0f817 Minor patch 2013-06-16 12:35:20 +02:00
Miroslav Stampar
c2dce66a46 Fix for an user reported bug (tbl can be None) 2013-06-16 12:35:05 +02:00
Miroslav Stampar
540493a69f Fix for empty strings (previously '' was just removed) 2013-06-11 12:56:20 +02:00
Miroslav Stampar
ca53dfad84 Minor fix 2013-06-01 13:44:50 +02:00
stamparm
1c2197e8de Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends) 2013-04-15 16:18:40 +02:00
stamparm
1c47b33020 Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple) 2013-04-15 15:23:45 +02:00
stamparm
f936746423 Code restyling 2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6 Update for an Issue #361 2013-04-15 14:20:21 +02:00
stamparm
3e65037a05 Introducing lib/utils/sqlalchemy.py (Issue #361) 2013-04-15 10:33:25 +02:00
stamparm
ae6ce7db30 Removal of unused imports 2013-03-20 10:44:15 +01:00
Miroslav Stampar
db0a1e58b9 Update for an Issue #352 2013-03-11 14:58:05 +01:00
Bernardo Damele
34ce8742f1 removed leftover 2013-02-26 10:12:18 +00:00
stamparm
9d81be7af5 Removing redundant piece of code 2013-02-25 14:12:57 +01:00
stamparm
dc9dc233b6 Adding a comment 2013-02-25 14:07:20 +01:00
stamparm
0d2138a4a0 Minor fix for escaping unicode strings in SQLite escaper 2013-02-25 14:06:46 +01:00
Miroslav Stampar
f817105db3 Minor bug fix 2013-02-18 14:40:39 +01:00
Miroslav Stampar
046f347f5d Minor fix 2013-02-15 17:36:58 +01:00
Miroslav Stampar
834ae6aac0 Another minor update 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Miroslav Stampar
67157fa2ba Some more minor fixes 2013-02-15 14:28:05 +01:00
Miroslav Stampar
b1c0cabde5 Minor fixes 2013-02-15 14:21:51 +01:00
Miroslav Stampar
2fb599619a Bug fix 2013-02-15 13:55:09 +01:00
Miroslav Stampar
5d068896a9 Minor bug fix 2013-02-15 09:54:51 +01:00
Bernardo Damele
d8942d2ae0 fixes #396 - adapted the engine to properly verify all steps of takeover were successul, minor code refactoring too 2013-02-14 18:32:22 +00:00
Bernardo Damele
d42d28392a avoid tracebacks because the parameter does not exist 2013-02-14 13:18:33 +00:00
Bernardo Damele
c9c520a325 no need to repeat the debug message each time this function is called 2013-02-14 13:18:15 +00:00
Bernardo Damele
1de109747f minor bug fix introduced in 2267dd8f47 2013-02-14 12:39:17 +00:00
Miroslav Stampar
0b8de94ace Putting cases with INTO here too 2013-02-14 12:35:17 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Bernardo Damele
cbb5c79d29 typo fix 2013-02-13 13:07:47 +00:00
Bernardo Damele
d9e716b95d added two debug messages for clarity 2013-02-13 12:46:45 +00:00
Miroslav Stampar
dd6f50a00e Removing unused imports 2013-02-13 11:15:24 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
c9447fbbe7 Minor patch to return False if --is-dba returns None 2013-02-12 13:04:42 +01:00
Miroslav Stampar
093a93938c Bug fix (making non-query statements available for stacked conditional-error blind cases too) 2013-02-11 20:43:12 +01:00
Bernardo Damele
3786541681 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-11 18:08:04 +00:00
Bernardo Damele
8bfee3b802 started to work on #373 to improve usability when user is not DBA 2013-02-11 18:07:58 +00:00
Miroslav Stampar
6d802867fc Bug fix (in some cases if random values are parsable as MMDD they will result as valid non-NULL TIMESTAMPADD value back - e.g. values 1224,0101,0212) 2013-02-11 12:02:03 +01:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Miroslav Stampar
2f69a94bcf Bug fix for --search -C 2013-02-05 12:24:57 +01:00
Miroslav Stampar
353c1cb63b Bug fix for escaping in SQLite 3 2013-02-05 11:58:11 +01:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Miroslav Stampar
31230c5a42 Minor fix 2013-02-05 11:23:22 +01:00
Miroslav Stampar
87ad96bf01 Minor cosmetic fix 2013-02-05 11:18:46 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Miroslav Stampar
0cc6e68be2 Refactoring MySQL fingeprint.py (those payloads are now stored into session file too) 2013-02-04 15:12:03 +01:00
Miroslav Stampar
81d4f9f7d1 Bug fix for last regression test (--search related) 2013-01-31 16:41:23 +01:00
Miroslav Stampar
6b6e36b2ec Continuation of work on fixing DISTINCT/--search issues (Oracle) 2013-01-30 18:08:34 +01:00
Miroslav Stampar
838e98192e Consistency update (we are not using DISTINCT in inband counterparts too) 2013-01-30 17:25:36 +01:00
Miroslav Stampar
93c59c7277 Fix for a --privileges --technique=B --dbms=Oracle (when one user has no privileges everything is foobared) 2013-01-30 16:41:57 +01:00
Miroslav Stampar
95998e3989 Implementing undocumented way how to retrieve w+ temporary directory name on MsSQL (suggested by Vlado Velichkovski) 2013-01-30 14:38:21 +01:00
Miroslav Stampar
6005046280 Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working) 2013-01-30 11:36:04 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Miroslav Stampar
adfb862cd5 Trivial style update 2013-01-24 15:12:52 +01:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
ff160abf10 minor bug fix 2013-01-23 13:02:02 +00:00
Bernardo Damele
45af22872a fixes #370 (the bug was introduced with commit edb977a74e)# 2013-01-23 13:00:58 +00:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
bd7fd862b0 forgot import 2013-01-22 10:16:18 +00:00
Bernardo Damele
edb977a74e bug fix so that if search fails with union/error and blind techniques are available, it falls back to them (like any other enumeration switch) and minor bug fix so that in search mode, the provided table name to search is upped 2013-01-22 10:14:35 +00:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
e9dea8d394 no need to raise an exception if one enumeration fails 2013-01-21 17:11:46 +00:00
Miroslav Stampar
f9d330ec98 Fix for that Firebird column data types issue (tec=EU) 2013-01-21 17:20:46 +01:00
Miroslav Stampar
457217f2d3 Fix for an Issue #356 2013-01-21 16:46:48 +01:00
Miroslav Stampar
65c55a6a49 Fix for escaping single quote character(s) 2013-01-21 11:21:41 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
a7028af2e9 Patch for an Issue #362 (more work required) 2013-01-20 22:16:34 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
6f61fc04f1 minor bug fix 2013-01-20 01:22:25 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Bernardo Damele
32a12c7e2b handle exception reported in issue #359 2013-01-19 00:24:15 +00:00
Bernardo Damele
d1acdee9c4 fixed --count for DBMSes that are single-database 2013-01-18 23:07:16 +00:00
Bernardo Damele
8748cceff3 no point enumerating current database for --count on some DBMSes 2013-01-18 23:04:28 +00:00