sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
7,126 Commits 4 Branches 117 Tags 97 MiB
67ae620182
Commit Graph

563 Commits

Author SHA1 Message Date
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
dd6f50a00e Removing unused imports 2013-02-13 11:15:24 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
6d802867fc Bug fix (in some cases if random values are parsable as MMDD they will result as valid non-NULL TIMESTAMPADD value back - e.g. values 1224,0101,0212) 2013-02-11 12:02:03 +01:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Miroslav Stampar
353c1cb63b Bug fix for escaping in SQLite 3 2013-02-05 11:58:11 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Miroslav Stampar
0cc6e68be2 Refactoring MySQL fingeprint.py (those payloads are now stored into session file too) 2013-02-04 15:12:03 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
adfb862cd5 Trivial style update 2013-01-24 15:12:52 +01:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
a7028af2e9 Patch for an Issue #362 (more work required) 2013-01-20 22:16:34 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Bernardo Damele
32a12c7e2b handle exception reported in issue #359 2013-01-19 00:24:15 +00:00
Bernardo Damele
a4b0b98f8f aligned Firebird to recent DB2 string escaping syntax fix 2013-01-18 22:57:57 +00:00
Bernardo Damele
4526e31485 bug fix for Firebird fingerprint (issue #357) 2013-01-18 22:32:58 +00:00
Bernardo Damele
f49657eacc minor fix to previous commit 2013-01-18 15:10:34 +00:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
aa467cb54c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-18 11:31:25 +01:00
Miroslav Stampar
e7576a3b11 Better naming 2013-01-18 11:21:23 +01:00
Bernardo Damele
a92ae93847 minor bug fix to properly identify if user is admin on Oracle across all techniques 2013-01-18 09:22:53 +00:00
Bernardo Damele
5225375048 proper fix 2013-01-17 22:04:21 +00:00
Bernardo Damele
d2d3878de1 typo fix 2013-01-17 21:58:53 +00:00
Bernardo Damele
a5e9168993 minor fix because boolean-based blind on DB2 is a little bit different from other DBMSes 2013-01-17 21:58:15 +00:00
Bernardo Damele
413b5e7ab4 fixed error message 2013-01-14 16:49:05 +00:00
Bernardo Damele
675e4a026b Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-11 13:31:49 +00:00
Bernardo Damele
2a2d7e886d align to MSSQL connector 2013-01-11 10:52:03 +00:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
da7f63f125 cx_Oracle.DatabaseError is an ancestor of cx_Oracle.InternalError 2013-01-10 15:33:32 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Miroslav Stampar
ebde4b190e Minor update 2013-01-10 11:42:37 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
1712603dce Replacing deprecated has_key() with operator in (PEP8) 2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
8b7cbe03b0 Replacing CRLF with LF in rest of files 2012-12-26 17:12:17 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Bernardo Damele
8d9aa2c384 minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223 2012-12-18 17:49:18 +00:00
Miroslav Stampar
eb23b1b1a5 Minor commit related to the last one (uniq roles/privileges) 2012-12-18 12:47:06 +01:00
Miroslav Stampar
cb13735788 Fix for an Issue #294 2012-12-11 12:14:33 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
ed40f18796 Minor fix 2012-11-26 14:59:44 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
ba55bed008 More general approach for PostgreSQL concatenation operator precedence problem (Issue #219) 2012-10-25 10:41:16 +02:00
Miroslav Stampar
c0f57f4e90 Minor fix for an Issue #217 2012-10-24 23:43:28 +02:00
Miroslav Stampar
5477c9f7ba Fix for an Issue #216 2012-10-24 22:59:46 +02:00
Miroslav Stampar
6e2fce66aa Patch for an Issue #212 2012-10-23 15:34:59 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
91ea8e52b7 Minor patch for an Issue #201 2012-10-15 18:01:52 +02:00
Miroslav Stampar
ed2d163269 Fix for an Issue #201 2012-10-14 17:53:55 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
5c21395fe2 Minor update for an Issue #179 2012-09-10 19:26:51 +02:00
Miroslav Stampar
1f49e4ae36 Fix for an Issue #179 2012-09-10 19:23:24 +02:00
Miroslav Stampar
9a631331a5 Fix for an Issue #177 2012-09-08 20:22:13 +02:00
Miroslav Stampar
1bcf5a6b88 Some more dict refactorings 2012-08-21 11:30:01 +02:00
Miroslav Stampar
95e0d46e3e Fix for an Issue #110 2012-07-21 09:15:54 +02:00
Bernardo Damele
34e77a8801 ported fix for issue #81 also to blind techniques 2012-07-21 00:20:32 +01:00
Bernardo Damele
3e21f3d07a fixed --search -C too on MSSQL - issue #81 2012-07-21 00:08:40 +01:00
Bernardo Damele
60242f92c5 made --search -D on MSSQL consistent with other DBMSes - issue #81 2012-07-20 23:37:56 +01:00
Bernardo Damele
86df6037e3 reverted previous ugly hack for issue #110, perhaps a better fix is possible 2012-07-20 16:01:04 +01:00
Bernardo Damele
1928d5464d fixes issue #97 2012-07-20 15:56:14 +01:00
Bernardo Damele
bb8cd788e1 minor fix 2012-07-16 09:56:41 +01:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Bernardo Damele
fb7fe552b7 proper naming 2012-07-06 15:13:50 +01:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
3f6bc1f3c2 minor fix 2012-05-24 18:05:33 +00:00
Miroslav Stampar
0e8d8577a7 adding a DB2 patch from smcintyre@securestate.com 2012-05-21 08:26:19 +00:00
Miroslav Stampar
079e0e1434 minor bug fix 2012-05-18 08:51:50 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Bernardo Damele
6116853025 Minor layout adjustments 2012-04-24 17:01:24 +00:00
Bernardo Damele
072e08836f Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 14:05:45 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
645fc8a21c minor refactoring 2012-03-27 08:31:48 +00:00
Miroslav Stampar
72c5b034bf minor update 2012-03-19 11:50:38 +00:00
Miroslav Stampar
cb8caf7e0f i am not very bright today :) 2012-03-19 11:23:23 +00:00
Miroslav Stampar
d5915e5d44 one other fix 2012-03-19 11:19:26 +00:00
Miroslav Stampar
7abfa2e6d4 minor fix 2012-03-19 11:18:00 +00:00
Miroslav Stampar
cce5c3c009 minor changes for version numbers 2012-03-19 11:07:03 +00:00
Bernardo Damele
48e8c978fb Minor fix, way more to do for --search -C for MSSQL 2012-03-15 17:55:49 +00:00
Bernardo Damele
d9e499af9f Set Id property 2012-03-09 12:05:21 +00:00
Miroslav Stampar
e678219a8c minor update 2012-03-08 15:51:30 +00:00
Miroslav Stampar
2ab80bfb2c minor bug fix 2012-03-08 15:24:05 +00:00
Miroslav Stampar
761ec7529a minor appereance fix 2012-03-01 11:52:30 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
10dd9096f7 one more just in case fix for safeSQLIdentificator naming on MSSQL --tables 2012-02-29 14:05:53 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests. 
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
 2012-02-17 15:54:49 +00:00
Bernardo Damele
ebd40b3933 Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection) 2012-02-17 15:16:05 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
7bca926a0b fixes, updates, patches 2012-02-09 10:16:58 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
22f4d5650f fix for retrieving version of backend OS on MSSQL 2012-02-03 15:42:36 +00:00
Miroslav Stampar
f86c365694 added one more failsafe for MSSQL --tables 2012-02-03 10:56:39 +00:00
Miroslav Stampar
a6c2fc7ecc some refactoring on MSSQL support 2012-02-01 12:53:07 +00:00
Miroslav Stampar
2face9799a minor fix 2012-02-01 09:17:38 +00:00
Miroslav Stampar
91ebadff75 minor update 2012-01-30 13:32:52 +00:00
Miroslav Stampar
d8c343a88a minor update 2012-01-30 13:29:43 +00:00
Miroslav Stampar
f8ae0e5272 minor update 2012-01-30 13:20:33 +00:00
Miroslav Stampar
b2dad63000 some more refactoring 2012-01-13 22:00:34 +00:00
Miroslav Stampar
8e4b8d345f refactoring 2012-01-13 21:55:39 +00:00
Bernardo Damele
ec9cc19951 Minor bug fixes for -d 2012-01-13 21:46:21 +00:00
Bernardo Damele
5e853cae64 Minor bug fix so now when the back-end DBMS operating system is Windows 2000, it sets the temporary folder automatically to C:\WINNT\Temp - the user does not need to provide it anymore with --tmp-path C:\\WINNT\\Temp 2012-01-13 18:08:44 +00:00
Bernardo Damele
b03f91437b Minor code refactoring 2012-01-13 16:49:52 +00:00
Miroslav Stampar
accac776fe some fixes 2012-01-13 14:10:53 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
fecdce5801 implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too 2012-01-09 21:09:05 +00:00
Miroslav Stampar
ff52931140 some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available) 2012-01-07 19:30:35 +00:00
Miroslav Stampar
f412706fee minor update for MSSQL --tables (fallback to other method) 2012-01-03 18:01:14 +00:00
Miroslav Stampar
6f5ef23f28 minor update/patch 2012-01-01 22:55:32 +00:00
Miroslav Stampar
300abc2ba2 minor update regarding unicode unescaping 2012-01-01 22:31:09 +00:00
Miroslav Stampar
6c49af090c minor language patch 2011-12-28 14:18:17 +00:00
Miroslav Stampar
1ae413a206 some refactoring/speedup around UNION technique 2011-12-22 10:32:21 +00:00
Miroslav Stampar
0a039d84e0 some more refactoring 2011-12-21 19:40:42 +00:00
Miroslav Stampar
641055144a minor beautification 2011-12-16 11:49:20 +00:00
Miroslav Stampar
ebc04a3d5f minor fix 2011-12-16 11:44:33 +00:00
Miroslav Stampar
7d2fce16dc minor fix 2011-12-16 11:40:23 +00:00
Miroslav Stampar
cff21814bb minor patch for MSSQL 2008 2011-12-16 11:23:41 +00:00
Miroslav Stampar
8793fbc9f5 minor update 2011-12-14 12:59:25 +00:00
Miroslav Stampar
39b406c5c1 fix for --search on Oracle 2011-12-02 18:13:27 +00:00
Miroslav Stampar
0ce885e6e6 adding base64encode tampering script 2011-11-21 12:47:23 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
f574760c12 minor update 2011-10-28 13:16:22 +00:00
Miroslav Stampar
bd7da45546 minor update 2011-10-28 13:07:23 +00:00
Miroslav Stampar
f7be0ca4e2 minor fix 2011-10-28 12:49:35 +00:00
Miroslav Stampar
77e630d89e replaced longer CHAR form of escaped MySQL strings with more compact hex form 2011-10-23 20:19:42 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
af94ac7f02 minor fix 2011-09-20 22:16:56 +00:00