Commit Graph

1108 Commits

Author SHA1 Message Date
Miroslav Stampar
95998e3989 Implementing undocumented way how to retrieve w+ temporary directory name on MsSQL (suggested by Vlado Velichkovski) 2013-01-30 14:38:21 +01:00
Miroslav Stampar
6005046280 Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working) 2013-01-30 11:36:04 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Miroslav Stampar
adfb862cd5 Trivial style update 2013-01-24 15:12:52 +01:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
ff160abf10 minor bug fix 2013-01-23 13:02:02 +00:00
Bernardo Damele
45af22872a fixes #370 (the bug was introduced with commit edb977a74e)# 2013-01-23 13:00:58 +00:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
bd7fd862b0 forgot import 2013-01-22 10:16:18 +00:00
Bernardo Damele
edb977a74e bug fix so that if search fails with union/error and blind techniques are available, it falls back to them (like any other enumeration switch) and minor bug fix so that in search mode, the provided table name to search is upped 2013-01-22 10:14:35 +00:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
e9dea8d394 no need to raise an exception if one enumeration fails 2013-01-21 17:11:46 +00:00
Miroslav Stampar
f9d330ec98 Fix for that Firebird column data types issue (tec=EU) 2013-01-21 17:20:46 +01:00
Miroslav Stampar
457217f2d3 Fix for an Issue #356 2013-01-21 16:46:48 +01:00
Miroslav Stampar
65c55a6a49 Fix for escaping single quote character(s) 2013-01-21 11:21:41 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
a7028af2e9 Patch for an Issue #362 (more work required) 2013-01-20 22:16:34 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
6f61fc04f1 minor bug fix 2013-01-20 01:22:25 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Bernardo Damele
32a12c7e2b handle exception reported in issue #359 2013-01-19 00:24:15 +00:00
Bernardo Damele
d1acdee9c4 fixed --count for DBMSes that are single-database 2013-01-18 23:07:16 +00:00
Bernardo Damele
8748cceff3 no point enumerating current database for --count on some DBMSes 2013-01-18 23:04:28 +00:00
Bernardo Damele
a390c48692 code refactoring 2013-01-18 23:04:01 +00:00
Bernardo Damele
a4b0b98f8f aligned Firebird to recent DB2 string escaping syntax fix 2013-01-18 22:57:57 +00:00
Bernardo Damele
4526e31485 bug fix for Firebird fingerprint (issue #357) 2013-01-18 22:32:58 +00:00
Bernardo Damele
b80e195c78 bug fix for #355 2013-01-18 22:10:10 +00:00
Bernardo Damele
f3d7be9200 more adjustments for #353 2013-01-18 20:44:56 +00:00
Bernardo Damele
2550bbc05e fix for #353 2013-01-18 20:40:38 +00:00
Bernardo Damele
f49657eacc minor fix to previous commit 2013-01-18 15:10:34 +00:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
aa467cb54c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-18 11:31:25 +01:00
Miroslav Stampar
e7576a3b11 Better naming 2013-01-18 11:21:23 +01:00
Miroslav Stampar
caae773b2d Minor removal of redundant code 2013-01-18 10:44:57 +01:00
Bernardo Damele
a92ae93847 minor bug fix to properly identify if user is admin on Oracle across all techniques 2013-01-18 09:22:53 +00:00
Bernardo Damele
d1b91790f5 fixed --count on DB2 2013-01-17 22:13:59 +00:00
Bernardo Damele
5225375048 proper fix 2013-01-17 22:04:21 +00:00
Bernardo Damele
d2d3878de1 typo fix 2013-01-17 21:58:53 +00:00
Bernardo Damele
a5e9168993 minor fix because boolean-based blind on DB2 is a little bit different from other DBMSes 2013-01-17 21:58:15 +00:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Bernardo Damele
404ecbcaec typo fix 2013-01-15 17:14:58 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
413b5e7ab4 fixed error message 2013-01-14 16:49:05 +00:00
Bernardo Damele
e555c2be30 added support for --search -T for SQLite 2013-01-14 16:26:11 +00:00
Bernardo Damele
e835a2af9a minor bug fix 2013-01-14 13:43:03 +00:00
Bernardo Damele
279f6cb9ce minor bug fix for PostgreSQL --file-read 2013-01-14 12:22:15 +00:00
Bernardo Damele
146d9fedf0 fix for bug #337 2013-01-14 10:24:45 +00:00
Bernardo Damele
675e4a026b Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-11 13:31:49 +00:00
Bernardo Damele
2a2d7e886d align to MSSQL connector 2013-01-11 10:52:03 +00:00
Miroslav Stampar
bc4d8d3e02 Implementation for an Issue #332 2013-01-11 11:17:41 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
da7f63f125 cx_Oracle.DatabaseError is an ancestor of cx_Oracle.InternalError 2013-01-10 15:33:32 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3 Removing unused imports 2013-01-10 12:15:12 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Miroslav Stampar
ebde4b190e Minor update 2013-01-10 11:42:37 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964 Minor refactoring for an Issue #295 2013-01-08 10:23:02 +01:00
Bernardo Damele
8ee840bc8e maintained release is on Google code 2013-01-07 17:11:14 +00:00
Miroslav Stampar
46e2ad53cd Fix for an Issue #331 2013-01-07 16:36:29 +01:00
Miroslav Stampar
ac407ae4a1 Implementation for an Issue #295 2013-01-07 15:55:40 +01:00
Miroslav Stampar
6270e9337b Minor cosmetics 2013-01-07 14:34:20 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
1712603dce Replacing deprecated has_key() with operator in (PEP8) 2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
8b7cbe03b0 Replacing CRLF with LF in rest of files 2012-12-26 17:12:17 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Miroslav Stampar
2fc187489b Removing leftover 2012-12-21 14:01:59 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Miroslav Stampar
0f62e677b5 Minor just in case commit (plural/singular unArrayize()) 2012-12-21 10:15:42 +01:00
Miroslav Stampar
18f4a916ea Minor fix 2012-12-20 14:58:26 +01:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Bernardo Damele
9b422e1e94 minor fix for issue #309 2012-12-19 09:37:29 +00:00
Bernardo Damele
738dbde16c avoid displaying "do you want to dump" message if no searched columns have been found 2012-12-18 18:07:34 +00:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
8d9aa2c384 minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223 2012-12-18 17:49:18 +00:00
Bernardo Damele
9a1eca20b5 lowered gravity 2012-12-18 16:42:03 +00:00
Bernardo Damele
d1d99d930b proper fix for #306 2012-12-18 15:31:30 +00:00
Bernardo Damele
6b1dd05e62 reverted 2012-12-18 14:51:04 +00:00
Bernardo Damele
e1b7a6350e consistency between --tables and --columns when -T and -C are respectively provided - there was a leftover from when --search called getColumns() as --columns: this is no longer the case (closes issue #306) 2012-12-18 14:37:04 +00:00
Bernardo Damele
57412f8475 default to --search shall stay LIKE 2012-12-18 13:55:26 +00:00
Miroslav Stampar
eb23b1b1a5 Minor commit related to the last one (uniq roles/privileges) 2012-12-18 12:47:06 +01:00
Miroslav Stampar
699a0f756a Minor fix 2012-12-18 12:43:23 +01:00
Miroslav Stampar
f56b846864 Patch for an Issue #300 2012-12-18 09:55:33 +01:00
Bernardo Damele
a00cd9b3ea syntax fix 2012-12-17 14:13:34 +00:00
Bernardo Damele
d2bd275652 refactoring 2012-12-17 14:07:28 +00:00
Bernardo Damele
3c1cead406 WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now 2012-12-17 14:06:12 +00:00
Bernardo Damele
eb44f30d63 minor layout output fix 2012-12-17 13:51:46 +00:00
Miroslav Stampar
cb13735788 Fix for an Issue #294 2012-12-11 12:14:33 +01:00
Miroslav Stampar
9e38ccbc3d Removing unused imports 2012-12-10 17:47:42 +01:00
Miroslav Stampar
ed1b5d0ada Minor fix 2012-12-07 10:57:57 +01:00
Miroslav Stampar
b5c8707323 Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL 2012-12-06 15:55:33 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
d4b5133df7 Update for an Issue #272 2012-12-04 17:04:32 +01:00
Miroslav Stampar
b250b68231 Bug fix (--users was returning only 1 value because of this bug; probably introduced by mistake months ago) 2012-11-29 12:02:59 +01:00
Miroslav Stampar
ed40f18796 Minor fix 2012-11-26 14:59:44 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
ba55bed008 More general approach for PostgreSQL concatenation operator precedence problem (Issue #219) 2012-10-25 10:41:16 +02:00
Miroslav Stampar
54fbb22ab8 Minor refactoring 2012-10-25 09:56:36 +02:00
Miroslav Stampar
c2058dfc8f Fix for an Issue #220 2012-10-25 09:42:43 +02:00
Miroslav Stampar
b7429dc6bb Minor fix for an Issue #219 2012-10-25 00:15:59 +02:00
Miroslav Stampar
c0f57f4e90 Minor fix for an Issue #217 2012-10-24 23:43:28 +02:00
Miroslav Stampar
344ef9af7d Language fix (in lots of cases wrong statement 'unable to retrieve columns for any table in database' was reported) 2012-10-24 23:38:35 +02:00
Miroslav Stampar
5477c9f7ba Fix for an Issue #216 2012-10-24 22:59:46 +02:00
Miroslav Stampar
6e2fce66aa Patch for an Issue #212 2012-10-23 15:34:59 +02:00
Miroslav Stampar
f25f5c9eeb Minor fix 2012-10-23 10:33:30 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
ebe3f4c34c Minor fix 2012-10-15 18:51:42 +02:00
Miroslav Stampar
91ea8e52b7 Minor patch for an Issue #201 2012-10-15 18:01:52 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
ed2d163269 Fix for an Issue #201 2012-10-14 17:53:55 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
75990b715d Fix for an Issue #184 2012-09-13 10:20:24 +02:00
Miroslav Stampar
959225af55 Minor fix 2012-09-10 19:28:15 +02:00
Miroslav Stampar
5c21395fe2 Minor update for an Issue #179 2012-09-10 19:26:51 +02:00
Miroslav Stampar
1f49e4ae36 Fix for an Issue #179 2012-09-10 19:23:24 +02:00
Miroslav Stampar
9a631331a5 Fix for an Issue #177 2012-09-08 20:22:13 +02:00
Miroslav Stampar
f26ea04e38 Fix for an Issue #175 2012-09-07 17:06:38 +02:00
Miroslav Stampar
1bcf5a6b88 Some more dict refactorings 2012-08-21 11:30:01 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
4649450603 Fix for an Issue #137 2012-08-16 22:20:24 +02:00
Miroslav Stampar
74ee0ce78a Fix for an Issue #148 2012-08-14 23:25:12 +02:00
Miroslav Stampar
b78163f99b Update for Issue #138 2012-08-08 19:06:47 +02:00
Miroslav Stampar
20a66567a3 Minor refactoring 2012-07-30 10:06:14 +02:00
Miroslav Stampar
ffc520b35f Minor refactoring 2012-07-24 14:35:56 +02:00
Miroslav Stampar
95e0d46e3e Fix for an Issue #110 2012-07-21 09:15:54 +02:00
Bernardo Damele
34e77a8801 ported fix for issue #81 also to blind techniques 2012-07-21 00:20:32 +01:00
Bernardo Damele
3e21f3d07a fixed --search -C too on MSSQL - issue #81 2012-07-21 00:08:40 +01:00
Bernardo Damele
60242f92c5 made --search -D on MSSQL consistent with other DBMSes - issue #81 2012-07-20 23:37:56 +01:00
Bernardo Damele
7f10b01265 same fix as previous commit for blind techniques 2012-07-20 22:35:20 +01:00
Bernardo Damele
b54ae107cc major bug fix in --search with multiple -C provided 2012-07-20 22:29:48 +01:00
Bernardo Damele
45177cf93d minor restyling 2012-07-20 22:29:30 +01:00
Bernardo Damele
16668e1b8d leftover debug message 2012-07-20 21:48:29 +01:00
Bernardo Damele
b0ab837832 minor code refactoring and implemented issue #95 2012-07-20 21:46:36 +01:00
Bernardo Damele
9cb1c4c0d9 plugin refactoring - issue #22 2012-07-20 19:17:35 +01:00
Bernardo Damele
86df6037e3 reverted previous ugly hack for issue #110, perhaps a better fix is possible 2012-07-20 16:01:04 +01:00
Bernardo Damele
1928d5464d fixes issue #97 2012-07-20 15:56:14 +01:00
Bernardo Damele
52431402dd minor fix to avoid cleanup() if web backdoor upload failed 2012-07-16 17:58:30 +01:00
Miroslav Stampar
c1a14257a4 Removing --disable... switches and making changes in default choice(s) for respectable sections 2012-07-16 11:31:51 +02:00
Bernardo Damele
bb8cd788e1 minor fix 2012-07-16 09:56:41 +01:00
Miroslav Stampar
3f4186ce2c Removing duplicate user password hashes 2012-07-14 10:57:46 +02:00
Miroslav Stampar
6677da63cd Fix for an Issue #88 2012-07-13 14:25:39 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
cba2a26b68 Finishing Issue #75 (inference dumping) 2012-07-12 14:46:57 +02:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Miroslav Stampar
3fd5119f3f Redesigning for Issue #75 2012-07-12 13:42:22 +02:00
Bernardo Damele
fed178646a minor refactoring 2012-07-12 01:48:07 +01:00
Bernardo Damele
01474f6272 proper debug message added - issue #75 2012-07-12 01:19:36 +01:00
Bernardo Damele
ee3aeb8dcf actual implementation of issue #75, still some work to do 2012-07-12 01:16:00 +01:00
Bernardo Damele
caeddf6822 avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file 2012-07-12 00:17:07 +01:00
Bernardo Damele
66d854c7d8 leftover space 2012-07-12 00:04:56 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Bernardo Damele
6f6cd676b7 clean up the file system from sqlmap created web files 2012-07-11 14:07:20 +01:00
Bernardo Damele
0c5f259481 var renaming 2012-07-11 13:39:33 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
8caffac4bc conf.unescape->kb.unescape 2012-07-10 10:55:04 +02:00
Bernardo Damele
4656d23d82 increased verbosity level of some messages and removed a leftover 2012-07-10 01:43:19 +01:00
Bernardo Damele
00b7411a87 more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok 2012-07-10 01:39:03 +01:00
Bernardo Damele
2527554f8e more work on #33 2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0 initial work for issue #33 2012-07-10 00:27:08 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Miroslav Stampar
86c27cc4f2 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-06 17:28:13 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Bernardo Damele
e673033ac1 minor layout adjustment 2012-07-06 15:26:45 +01:00
Bernardo Damele
fb7fe552b7 proper naming 2012-07-06 15:13:50 +01:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
Miroslav Stampar
e51d3a02f1 Update for Issue #43 (renamed --disable-cracking to --disable-hash) 2012-06-28 18:53:47 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
303aa10507 only a small update 2012-06-27 14:43:18 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
d5e80089ff minor summer cleanup 2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
96177393e1 minor update regarding --exact switch 2012-06-10 13:38:12 +00:00
Miroslav Stampar
10b0639a96 making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE) 2012-06-04 09:24:46 +00:00
Miroslav Stampar
3f6bc1f3c2 minor fix 2012-05-24 18:05:33 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
0e8d8577a7 adding a DB2 patch from smcintyre@securestate.com 2012-05-21 08:26:19 +00:00
Miroslav Stampar
079e0e1434 minor bug fix 2012-05-18 08:51:50 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
8013a64f8c minor refactoring 2012-05-01 19:57:30 +00:00
Miroslav Stampar
c71d435d9f making "id"-like columns prioritized for ORDER BY in MySQL 2012-05-01 19:52:02 +00:00
Miroslav Stampar
458a73c9b4 few consistency fixes 2012-04-29 23:09:00 +00:00
Miroslav Stampar
c7a606637f switching few readInput defaults for brute forcing when no table/column found 2012-04-27 12:59:22 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Bernardo Damele
6116853025 Minor layout adjustments 2012-04-24 17:01:24 +00:00
Bernardo Damele
072e08836f Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 14:05:45 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
645fc8a21c minor refactoring 2012-03-27 08:31:48 +00:00
Miroslav Stampar
72c5b034bf minor update 2012-03-19 11:50:38 +00:00
Miroslav Stampar
cb8caf7e0f i am not very bright today :) 2012-03-19 11:23:23 +00:00
Miroslav Stampar
d5915e5d44 one other fix 2012-03-19 11:19:26 +00:00
Miroslav Stampar
7abfa2e6d4 minor fix 2012-03-19 11:18:00 +00:00
Miroslav Stampar
cce5c3c009 minor changes for version numbers 2012-03-19 11:07:03 +00:00
Bernardo Damele
48e8c978fb Minor fix, way more to do for --search -C for MSSQL 2012-03-15 17:55:49 +00:00
Bernardo Damele
0013b0970f Minor layout adjustments - foundDb is misleading at that stage 2012-03-15 16:07:16 +00:00
Miroslav Stampar
8cf5d260fd Application Data is not a temporary directory writable by everybody 2012-03-14 23:44:29 +00:00
Bernardo Damele
c735d846ee The default temporary directory as to stay as is, do not touch this code snippet anymore please 2012-03-14 22:39:46 +00:00
Miroslav Stampar
ca0d068575 distinguishing NULL from BLANK 2012-03-14 13:52:23 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00
Bernardo Damele
48592f2515 minor adjustments 2012-03-09 18:34:18 +00:00
Bernardo Damele
be9b103b51 minor bug fix 2012-03-09 18:02:50 +00:00
Bernardo Damele
012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
2012-03-09 17:47:50 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Bernardo Damele
d9e499af9f Set Id property 2012-03-09 12:05:21 +00:00
Bernardo Damele
7330dff255 Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries 2012-03-08 16:57:53 +00:00
Miroslav Stampar
e678219a8c minor update 2012-03-08 15:51:30 +00:00
Bernardo Damele
ae87df5670 leftover 2012-03-08 15:45:33 +00:00
Bernardo Damele
4bc6f3f6c9 Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore 2012-03-08 15:32:05 +00:00
Miroslav Stampar
68b9d48d0a minor update 2012-03-08 15:30:23 +00:00
Miroslav Stampar
2ab80bfb2c minor bug fix 2012-03-08 15:24:05 +00:00
Bernardo Damele
c79807f5fb Minor layout adjustments 2012-03-08 15:11:24 +00:00
Miroslav Stampar
761ec7529a minor appereance fix 2012-03-01 11:52:30 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
10dd9096f7 one more just in case fix for safeSQLIdentificator naming on MSSQL --tables 2012-02-29 14:05:53 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
26b33154ab optimal fix related to the last commit 2012-02-24 14:28:41 +00:00
Miroslav Stampar
9d6fd2e507 bug fix for --schema --technique=BST 2012-02-24 14:12:19 +00:00
Miroslav Stampar
f9d2971474 minor just in case fix 2012-02-23 16:37:06 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently 2012-02-20 11:06:55 +00:00
Miroslav Stampar
08bf8c201f few minor fixes 2012-02-20 10:24:55 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Bernardo Damele
ebd40b3933 Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection) 2012-02-17 15:16:05 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00