Commit Graph

126 Commits

Author SHA1 Message Date
Miroslav Stampar
46e2ad53cd Fix for an Issue #331 2013-01-07 16:36:29 +01:00
Miroslav Stampar
ac407ae4a1 Implementation for an Issue #295 2013-01-07 15:55:40 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Bernardo Damele
9b422e1e94 minor fix for issue #309 2012-12-19 09:37:29 +00:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
8d9aa2c384 minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223 2012-12-18 17:49:18 +00:00
Miroslav Stampar
9e38ccbc3d Removing unused imports 2012-12-10 17:47:42 +01:00
Miroslav Stampar
ed1b5d0ada Minor fix 2012-12-07 10:57:57 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
ffc520b35f Minor refactoring 2012-07-24 14:35:56 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
e673033ac1 minor layout adjustment 2012-07-06 15:26:45 +01:00
Bernardo Damele
fb7fe552b7 proper naming 2012-07-06 15:13:50 +01:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
f34b395c65 fixing typo 2011-06-07 14:58:22 +00:00
Miroslav Stampar
eceb5eca7b fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla) 2011-05-02 21:55:06 +00:00
Miroslav Stampar
b327a78522 minor minor update of the last commit 2011-05-02 19:24:49 +00:00
Miroslav Stampar
0bb7d715a7 more user friendliness/handiness for users which mix Linux and Windows paths where they shouldn't do that 2011-05-02 19:18:28 +00:00
Bernardo Damele
b3a0424269 More Backend class method usage refactoring 2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
bd4fbb3251 fix for a bug reported by l0rda@l0rda.biz (TypeError: cannot concatenate 'str' and 'NoneType' objects) 2011-04-21 14:53:02 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
fbf8e7f32d Minor bug fix to --file-read 2011-04-10 19:53:42 +00:00
Bernardo Damele
b48213783a Removed senseless debug messsage 2011-02-08 17:09:35 +00:00
Bernardo Damele
e16bab7117 re-enabled --read-file for MySQL with all techniques 2011-02-08 17:03:57 +00:00
Bernardo Damele
008d434325 Important fix now that the file writing is unescaped too 2011-02-07 00:56:15 +00:00
Bernardo Damele
2afc1e5021 Layout adjustments 2011-02-06 15:28:23 +00:00
Bernardo Damele
a5a648f4fe Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
2011-02-06 15:23:27 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
c22338ce90 Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more). 2010-11-29 11:47:58 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Bernardo Damele
c7c84c3089 Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 15:31:51 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Miroslav Stampar
2323d858a9 modification of temporary directory from C:/Windows/Temp to %TEMP% 2010-05-13 09:32:27 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
09768a7b62 Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
cc611c0010 Minor layout adjustments 2010-03-09 22:14:26 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Bernardo Damele
89dc99188d --read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
8096a37940 Major bug fix in --read-file option and minor code refactoring. 2009-07-09 11:50:15 +00:00
Bernardo Damele
02f6425db8 Work-around to avoid a TypeError traceback when reading a file content on MySQL/MSSQL 2009-06-02 14:24:48 +00:00
Bernardo Damele
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 2009-04-22 11:48:07 +00:00
Bernardo Damele
5560f0b68a Updated the copyright 2009-01-12 21:35:38 +00:00
Bernardo Damele
03b90e0a3f Be more user friendly on messages and minor code layout improvement 2008-11-02 18:23:42 +00:00
Bernardo Damele
892a7b2f8a propsets.. 2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00