Bernardo Damele
8c68d25b39
Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all
2010-02-26 12:00:47 +00:00
Miroslav Stampar
89e919f07a
fixing my mistake
2010-02-26 10:01:23 +00:00
Miroslav Stampar
5ebf572cae
added option --ignore-proxy
2010-02-25 20:55:10 +00:00
Bernardo Damele
98496fd173
Show also site in the banner
2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a
Adjusted banner, increased release candidate to rc7
2010-02-25 17:34:54 +00:00
Miroslav Stampar
e4c34ff86c
changed default web server language behaviour
2010-02-25 16:55:02 +00:00
Miroslav Stampar
d95a8850c8
fix
2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8
important update regarding default directories
2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08
Minor code cleanup
2010-02-25 15:16:41 +00:00
Miroslav Stampar
4a3fa69f9d
minor adjustment
2010-02-25 15:07:54 +00:00
Miroslav Stampar
3721451cd6
default dirs update
2010-02-25 14:51:39 +00:00
Bernardo Damele
0df5b5fed9
Minor bug fix and code adjustments
2010-02-25 14:06:44 +00:00
Miroslav Stampar
a0f5c3d885
minor update
2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20
minor code refactoring
2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04
one more fix regarding localhost/global proxy issue
2010-02-25 13:30:22 +00:00
Miroslav Stampar
24d3e24db0
more updates regarding --os-shell feature
2010-02-25 12:16:49 +00:00
Miroslav Stampar
b558712a47
more feature updates
2010-02-25 11:40:49 +00:00
Miroslav Stampar
15d1fcbb7f
now runcmd exe has random name too
2010-02-25 10:47:12 +00:00
Miroslav Stampar
2cafd5697b
new changes regarding --os-shell
2010-02-25 10:33:41 +00:00
Miroslav Stampar
858cb25975
update
2010-02-24 23:40:56 +00:00
Miroslav Stampar
4bea0e343a
Avoiding md5/sha1 deprecated warning in Python >=2.6
2010-02-23 08:54:33 +00:00
Miroslav Stampar
9c014c0fd0
minor change
2010-02-20 23:11:05 +00:00
Miroslav Stampar
2a07af2294
removed pdb tracing
2010-02-20 22:36:17 +00:00
Miroslav Stampar
0debc95ad4
some fixes
2010-02-20 22:31:54 +00:00
Bernardo Damele
d1e3596382
Minor UPX adjustment
2010-02-20 19:02:55 +00:00
Miroslav Stampar
0ed5ba5559
minor update
2010-02-16 13:24:09 +00:00
Miroslav Stampar
c4951fd631
some updates regarding --os-shell option
2010-02-16 13:20:34 +00:00
Bernardo Damele
8131f9c77c
Added and fixed README files
2010-02-12 00:20:53 +00:00
Bernardo Damele
dc06b40ddc
Minor exception message fix
2010-02-11 23:07:33 +00:00
Bernardo Damele
89dc99188d
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
...
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Miroslav Stampar
cef248a5ea
update for that invalid target url Otavio Augusto reported
2010-02-10 12:06:23 +00:00
Miroslav Stampar
203cfd114f
changed raised exception type
2010-02-10 09:39:36 +00:00
Miroslav Stampar
8e8f6f842c
fix for that md5 error reported by Dani (lgrecol@gmail.com)
2010-02-10 09:27:34 +00:00
Miroslav Stampar
00a23ace9a
some changes regarding web takeover
2010-02-09 14:27:41 +00:00
Miroslav Stampar
542b01993e
minor fix regarding exception handling of multi-part post handler
2010-02-09 14:02:47 +00:00
Miroslav Stampar
a6674edf8a
regular expressions revisited
2010-02-09 13:01:08 +00:00
Bernardo Damele
5c92fad5dc
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
2010-02-05 23:14:16 +00:00
Bernardo Damele
b08a4efb4b
Minor layout adjustments
2010-02-04 17:45:56 +00:00
Miroslav Stampar
d291464cd4
code refactoring regarding path normalization
2010-02-04 14:50:54 +00:00
Miroslav Stampar
dbd52c52e4
minor fix
2010-02-04 14:39:24 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Miroslav Stampar
87239476af
more fixes :)
2010-02-04 10:10:41 +00:00
Miroslav Stampar
e4699f389d
some bug fixes regarding --os-shell usage against windows servers
2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
...
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
7c88e32f9d
bug fix for 404 program termination during shell upload attempt
2010-02-03 16:16:34 +00:00
Miroslav Stampar
565433097e
used normalizePath instead of os.path.normalize
2010-02-03 16:10:09 +00:00
Miroslav Stampar
494e014a4a
minor update
2010-02-03 16:04:44 +00:00
Miroslav Stampar
8b0d31a6b7
fix for cases where both posix and nt path versions of windows paths are in parsed web page
2010-02-03 15:34:20 +00:00
Miroslav Stampar
894b9f0f80
minor minor update
2010-02-03 15:15:30 +00:00
Miroslav Stampar
25f1a9c7d0
upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)
2010-02-03 15:06:41 +00:00
Miroslav Stampar
87c8bdbc29
removed pdb tracing
2010-02-03 14:52:29 +00:00
Miroslav Stampar
c74b920f54
bug fix
2010-02-03 14:49:28 +00:00
Bernardo Damele
979c919dc7
Minor logging message adjustment
2010-01-29 22:58:12 +00:00
Bernardo Damele
e8b0fd90c8
Minor bug fix
2010-01-29 19:32:02 +00:00
Bernardo Damele
767c67e37a
--priv-esc now relieas on more powerful and complete getsystem Meterpreter command that also implements kitrap0d as 4th technique
2010-01-29 14:57:33 +00:00
Miroslav Stampar
061794650f
minor fix
2010-01-29 10:15:05 +00:00
Miroslav Stampar
92817159dc
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
2010-01-29 10:12:09 +00:00
Bernardo Damele
200518724c
By default do not use Churrasco, but still let the user choose it.
...
The default technique to privilege escalate the OS user to SYSTEM when --priv-esc is provided now it 'run kitrap0d'.
2010-01-29 02:27:50 +00:00
Bernardo Damele
7b8316728c
Major bug fix in takeover functionalities on Microsoft SQL Server
2010-01-29 00:09:05 +00:00
Bernardo Damele
6f5d2ed171
Minor cosmetic adjustments
2010-01-28 17:07:34 +00:00
Miroslav Stampar
a2077bfc0e
quick fix
2010-01-28 16:56:00 +00:00
Miroslav Stampar
732ed48e2b
some refactoring regarding decloaking
2010-01-28 16:50:34 +00:00
Bernardo Damele
dcbbad642d
Minor self fix, switched to rc6
2010-01-28 10:27:47 +00:00
Miroslav Stampar
f6b447f6e7
fix for "NameError: global name 'webFileStreamUpload' is not defined"
2010-01-28 08:54:47 +00:00
Miroslav Stampar
645afee359
some changes
2010-01-28 00:25:36 +00:00
Miroslav Stampar
921e449454
added support for cloaking Churrasco.exe file
2010-01-28 00:07:33 +00:00
Miroslav Stampar
4559ded6c1
added new line at the end of the file
2010-01-27 17:02:23 +00:00
Miroslav Stampar
f4b8ce5c72
fix for 'No such file or directory' OSError exception
2010-01-27 17:00:54 +00:00
Miroslav Stampar
d0acb1c5a3
another fix. hope it works :)
2010-01-27 16:01:50 +00:00
Miroslav Stampar
f8056f4098
quick fix regarding usage of StringIO instead of file stream
2010-01-27 15:44:35 +00:00
Miroslav Stampar
1d15c595a4
minor fix
2010-01-27 14:08:09 +00:00
Miroslav Stampar
e63428207c
modified a way to handle shell scripts
2010-01-27 13:59:25 +00:00
Bernardo Damele
6437c16156
run kitrap0d script along with listing Windows Impersonation Tokens via meterpreter's incognito extension when --priv-esc is provided (see #149 ).
2010-01-26 01:14:44 +00:00
Miroslav Stampar
3197fada59
update of IDS checking method
2010-01-25 10:06:52 +00:00
Bernardo Damele
952c280083
Added svn keyword
2010-01-25 09:21:39 +00:00
Miroslav Stampar
e689c2ec99
another minor fix (svn header comment)
2010-01-25 00:29:19 +00:00
Miroslav Stampar
44a74ccee8
minor grammar fix
2010-01-25 00:26:51 +00:00
Miroslav Stampar
b183b9cbb4
contains method for detecting if the generated payload is detectable by the PHPIDS filter rules
2010-01-25 00:25:58 +00:00
Miroslav Stampar
a4d8234875
minor update
2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488
another fix for Bug #148
2010-01-23 23:29:34 +00:00
Miroslav Stampar
39652bfbf4
update regarding Unicode char logging (Bug #148 )
2010-01-23 15:36:55 +00:00
Miroslav Stampar
97840535c6
fix for situations where proxy is set in environment, but the user tries to test something on localhost
2010-01-19 13:47:35 +00:00
Bernardo Damele
574880ba73
Warn user of HTTP error codes in HTTP responses
2010-01-19 10:27:54 +00:00
Bernardo Damele
5c58747740
More tweaking on --update
2010-01-18 15:20:50 +00:00
Bernardo Damele
051db588a5
Minor tweaking to --update
2010-01-18 14:59:24 +00:00
Miroslav Stampar
44adbc5776
changes regarding Feature #125
2010-01-18 14:05:23 +00:00
Bernardo Damele
2825ab5e4e
Major bug fix in url-encoding
2010-01-16 21:56:40 +00:00
Bernardo Damele
c18a5cb92f
Fixed a minor bug when displaying requested page in -v >= 3
2010-01-16 21:47:52 +00:00
Bernardo Damele
f337cd6e0a
Minor speedup to check if sqlmap's UDF have already been created
2010-01-16 21:46:35 +00:00
Bernardo Damele
4ce3abc56d
Minor adjustments
2010-01-15 17:42:46 +00:00
Miroslav Stampar
1a764e1f08
minor commit
2010-01-15 16:10:21 +00:00
Miroslav Stampar
5f171340f5
introduced safe string formatting
2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1
minor update
2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4
updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before
2010-01-15 11:44:05 +00:00
Bernardo Damele
505647b00f
Minor bug fix to --cookie-urlencode
2010-01-15 11:24:30 +00:00
Bernardo Damele
c4215ce8d2
Minor code refactoring
2010-01-14 20:42:45 +00:00
Miroslav Stampar
26c7b74e65
changes regarding Data (GET/POST/Cookie) encoding (Bug #129 )
2010-01-14 18:05:03 +00:00
Bernardo Damele
1d968f51e9
More code refactoring
2010-01-14 15:11:32 +00:00
Bernardo Damele
c9863bc1d2
Minor code refactoring
2010-01-14 14:33:08 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
50bbb0cf8a
Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository.
2010-01-13 14:52:23 +00:00
Bernardo Damele
0ad43952bd
Minor bug fix
2010-01-12 23:56:43 +00:00
Miroslav Stampar
3434a22872
HTTP header HOST is now mandatory in a HTTP request file
2010-01-12 14:07:58 +00:00
Miroslav Stampar
a193205323
minor update regarding requestFile option
2010-01-12 14:01:58 +00:00
Miroslav Stampar
8817b2884f
minor update
2010-01-12 13:16:30 +00:00
Miroslav Stampar
a58b36fe07
code commit regarding Feature #119
2010-01-12 13:11:26 +00:00
Bernardo Damele
df36eb6d11
Minor bug fix in --resume functionality
2010-01-11 14:16:37 +00:00
Bernardo Damele
12f371cd65
Minor bug fix and improvement in displaying of enumerated columns in --dump -C
2010-01-09 21:37:44 +00:00
Bernardo Damele
dc04fa7f06
Minor layout adjustments
2010-01-09 21:08:47 +00:00
Miroslav Stampar
d58ba7ee6d
added --scope feature regarding Feature #105
2010-01-09 20:44:50 +00:00
Bernardo Damele
f316e722c1
sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
...
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
6a62a78b0a
More generic
2010-01-08 23:50:06 +00:00
Bernardo Damele
067cc07fb9
Make 'field' parameter in limitQuery() method to be option
2010-01-08 23:23:15 +00:00
Miroslav Stampar
82222fcd3a
minor update of help text
2010-01-07 13:09:14 +00:00
Miroslav Stampar
d07f60578c
implementation of Feature #17
2010-01-07 12:59:09 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00
Bernardo Damele
954a927cee
Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12
2010-01-05 11:43:16 +00:00
Miroslav Stampar
71547a3496
getDocRoot changes
2010-01-05 11:30:33 +00:00
Bernardo Damele
bb61010a45
Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling.
2010-01-04 15:02:56 +00:00
Miroslav Stampar
d71e47ce56
fix regarding dirnames in Feature #110
2010-01-04 12:39:07 +00:00
Miroslav Stampar
96a033b51d
found and fixed few bugs regarding my "fix" of Bug #110
2010-01-03 15:56:29 +00:00
Bernardo Damele
d5b1863dec
Updated documentation and svn properties
2010-01-02 02:07:28 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340
Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection.
2010-01-02 01:35:13 +00:00
Bernardo Damele
9c620da0a5
Minor fix
2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9
Minor bug fix
2009-12-21 11:21:18 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
b363f1c5ab
Added support for NTLM authentication
2009-12-02 22:54:39 +00:00
Bernardo Damele
e28b98a366
Minor layout adjustments
2009-12-02 22:52:17 +00:00
Bernardo Damele
4779a5fe0f
Minor layout adjustment
2009-11-16 16:39:31 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded
Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks!
2009-07-29 10:44:24 +00:00
Bernardo Damele
d905e5ef9f
Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server
2009-07-25 11:45:23 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16
Minor improvement so that sqlmap tests also all parameters with no value (ig. par=).
2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356
Avoid to upload the web backdoor to unexisting empty-name directory
2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00
Bernardo Damele
4b622ed860
Minor bug fix.
...
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02
Added support for reflective meterpreter by default when the target OS
...
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
3b9303186e
Fixed minor bug with --eta
2009-06-24 13:44:14 +00:00
Bernardo Damele
e5a01d500e
Minor bug fix in --update option, updated also Microsoft XML versions file
2009-06-16 15:12:02 +00:00
Bernardo Damele
03a6739fbf
Minor layout adjustments
2009-06-11 15:34:31 +00:00
Bernardo Damele
150abc0f1e
sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.
2009-06-11 15:01:48 +00:00
Bernardo Damele
3bca0d4b28
Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance.
2009-06-05 10:15:55 +00:00
Bernardo Damele
5ac2b0658c
Fixed regular expression to parse burp log file hosts' scheme/port
2009-06-04 14:42:53 +00:00
Bernardo Damele
cfd8a83655
Minor adjustment to get also the port when parsing burp logs
2009-06-04 14:36:31 +00:00
Bernardo Damele
966f34f381
Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions
2009-06-03 15:26:18 +00:00
Bernardo Damele
c7b72abc0e
Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls
2009-06-03 15:04:40 +00:00
Bernardo Damele
93ee4a01e5
HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+
2009-05-20 14:27:25 +00:00
Bernardo Damele
81d1a767ac
Minor bug fix in output manager (dumper) object
2009-05-20 13:56:23 +00:00
Bernardo Damele
8e7282f7c7
Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6.
2009-05-20 13:51:25 +00:00
Bernardo Damele
13de8366d0
Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting!
2009-05-20 09:34:13 +00:00
Bernardo Damele
ef3846e0de
Minor fix in Host header value by Oliver Gruskovnjak
2009-05-19 14:40:04 +00:00
Bernardo Damele
45dff4a00a
Added new function to search a file within the PATH environment variable paths:
...
it will be used when sqlmap will be packaged as DEB and RPM
2009-05-12 20:24:47 +00:00
Bernardo Damele
b463205544
Minor fixes for MacOSX
2009-05-12 20:24:00 +00:00
Bernardo Damele
06cc2a6d70
Minor bug fixes and code refactoring
2009-05-11 15:37:48 +00:00
Bernardo Damele
c5d20b8a86
Initial support for ASP web backdoor functionality
2009-05-06 12:14:38 +00:00
Bernardo Damele
ccedadd780
Finished Mac OS X
2009-04-30 21:42:54 +00:00
Bernardo Damele
e8c115500d
Now it works also on Mac OS X
2009-04-30 10:46:50 +00:00
Bernardo Damele
722ca8bf2f
Minor "fix"
2009-04-29 19:45:12 +00:00
Bernardo Damele
57b8bb4c8e
Minor syntax adjustment for web backdoor functionality
2009-04-28 21:51:22 +00:00
Bernardo Damele
58f3eee390
Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library
2009-04-28 11:11:35 +00:00
Bernardo Damele
1d7de719b9
Almost done with web backdoor functionality
2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
5121a4dcba
Send IE7.0 as default User-Agent
2009-04-24 20:13:21 +00:00
Bernardo Damele
406d5df195
Minor layout adjustments
2009-04-24 20:12:52 +00:00
Bernardo Damele
546a6c32e3
Avoid deprecation warning on sha and md5 libraries on Python >= 2.6
2009-04-24 20:10:30 +00:00
Bernardo Damele
6f4035938b
Let the user choose also the local address in reverse OOB connection
2009-04-24 10:27:52 +00:00
Bernardo Damele
4ce74764b7
More verbose when reporting failure to create shellcode/payload stager (via Metasploit)
2009-04-23 20:39:32 +00:00
Bernardo Damele
1af6898618
Fixed POST parsing when -l option is provided (burp/webscarab log file)
2009-04-23 15:04:28 +00:00
Bernardo Damele
aefa7ef988
Avoid libmagic traceback on Windows.
...
WARNING: this release is a candidate, it only works on Linux/Unices for the moment!
2009-04-22 12:44:16 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
0c1a6b3edf
Minor typo fix
2009-02-19 00:38:54 +00:00
Bernardo Damele
2efee058ea
Major enhancement in comparison algorithm
2009-02-12 00:17:44 +00:00
Bernardo Damele
ba00a17205
Minor layout adjustment
2009-02-09 10:58:44 +00:00
Bernardo Damele
2355885712
Minor adjustment
2009-02-09 10:29:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
b12d955274
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4
Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs
2009-02-02 23:44:19 +00:00
Bernardo Damele
dded57f1cd
Minor bug fix to correctly unpack user's custom queries on Microsoft SQL Server
2009-01-30 23:58:48 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031
Avoid DeprecationWarning with Python 2.6+
2009-01-22 23:53:01 +00:00
Bernardo Damele
793c323b2a
Major bug fixes
2009-01-22 22:28:27 +00:00
Bernardo Damele
c25b49e80e
Major bugfix to avoid "IFNULL and CAST" on CASE
2009-01-19 21:27:51 +00:00
Bernardo Damele
8f973ce574
Minor layout adjustments
2009-01-18 22:36:48 +00:00
Bernardo Damele
fd7cb9101c
Major bug fix to forge SQL injection payload on Oracle
2009-01-13 23:15:57 +00:00
Bernardo Damele
bc448211c5
Minor layout adjustment
2009-01-13 23:15:23 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
92645dd264
Minor adjustment
2009-01-10 14:51:12 +00:00
Bernardo Damele
e10ab5aa0e
Major bug fixes
2009-01-10 14:39:27 +00:00
Bernardo Damele
9c125a2b57
Minor improvement to use Python ConfigParser library when --save if specified.
...
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
d0604ef513
Major bug fix to correctly handle custom SQL "limited" queries on Oracle
2009-01-03 01:19:04 +00:00
Bernardo Damele
2d87a3349f
Fixed custom MSSQL "limited" query support also for Partial UNION query technique
2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be
Major bug fix to make it work properly with MSSQL custom limited (SELECT
...
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
a4d62af2ea
Minor layout adjustments to --union-tech
2008-12-29 18:48:23 +00:00
Bernardo Damele
9340bf59fb
Updated Microsoft SQL Server signature XML file.
...
Minor layout adjustments to --update output messages/diff
2008-12-29 18:46:43 +00:00
Bernardo Damele
c83593c044
Limited custom query now works also on Oracle in inferential blind SQL
...
injection technique
2008-12-23 23:34:50 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00