Commit Graph

86 Commits

Author SHA1 Message Date
Bernardo Damele
6c490bfc8f Avoid a traceback elsewhere 2011-01-20 21:43:41 +00:00
Miroslav Stampar
f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) 2011-01-20 21:13:28 +00:00
Miroslav Stampar
ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky 2011-01-20 20:30:18 +00:00
Miroslav Stampar
2c8115eed9 further improvement for ms access table dumping 2010-12-26 01:04:30 +00:00
Miroslav Stampar
fb099615e2 minor update 2010-12-25 11:16:35 +00:00
Miroslav Stampar
272476773f getPageTextWordsSet on tableExists is pretty powerful stuff 2010-12-25 09:37:33 +00:00
Miroslav Stampar
706d8e0b88 development update (basic ms access dumping implemented) 2010-12-24 19:53:11 +00:00
Miroslav Stampar
edcf1a0872 few bug fixes 2010-12-24 18:40:48 +00:00
Bernardo Damele
c9ab8ae60e Bug fix to properly identify if current user is DBA (--is-dba) on MySQL 2010-12-22 14:06:01 +00:00
Miroslav Stampar
3ee44584d4 i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string') 2010-12-14 12:57:59 +00:00
Miroslav Stampar
33639578ee minor update for MS Access 2010-12-12 15:25:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
094baadc5b bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay) 2010-12-09 10:17:04 +00:00
Miroslav Stampar
69c4f94980 update 2010-12-08 15:40:01 +00:00
Bernardo Damele
41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections 2010-12-05 11:25:44 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
e32be2b4e7 Minor adjustment 2010-11-23 15:06:40 +00:00
Miroslav Stampar
c6545f5c9f we had a bug (nooooooooo!!!! :)) 2010-11-19 10:36:47 +00:00
Miroslav Stampar
42272ca78c minor update 2010-11-11 22:26:36 +00:00
Miroslav Stampar
3f0a443b83 some updates 2010-11-04 23:08:59 +00:00
Miroslav Stampar
d5fcc9d8b5 few updates/fixes here and there 2010-11-04 08:03:59 +00:00
Miroslav Stampar
977df7276d minor update 2010-11-03 06:25:24 +00:00
Miroslav Stampar
4b56fa4f8f now --tables work for MaxDB 2010-11-02 22:11:45 +00:00
Miroslav Stampar
b761523f3f now --users works for MaxDB too 2010-11-02 21:52:48 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Miroslav Stampar
749e25a217 Implementation of --passwords for Sybase 2010-10-26 21:35:30 +00:00
Miroslav Stampar
8a9a57c709 update for Sybase and major bug fix for --passwords on MSSQL 2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe that Sybase is going to be pain in the ass 2010-10-25 21:43:13 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
68d39d5976 minor minor fix 2010-10-23 09:12:08 +00:00
Miroslav Stampar
32a4350779 update for MaxDB 2010-10-23 09:03:59 +00:00
Miroslav Stampar
98f5586b87 minor update 2010-10-23 08:05:24 +00:00
Miroslav Stampar
f8850e3f41 update (xml fix and refactoring) 2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924 update for Sybase 2010-10-23 07:37:43 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
e24bff0497 nice refactoring 2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457 no more regex. web server independent. 2010-10-20 09:35:46 +00:00
Miroslav Stampar
b032fdbf74 added randInt to error injection vectors 2010-10-20 08:56:58 +00:00
Miroslav Stampar
f2dae98448 fix for MySQL error queries 2010-10-19 23:30:08 +00:00
Miroslav Stampar
1fce9683f8 now --users work for MSSQL too 2010-10-19 15:05:32 +00:00
Miroslav Stampar
80505de15b now --users work on Oracle and Postgre (tested) 2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c error based update 2010-10-19 14:47:13 +00:00
Miroslav Stampar
bf850af2d8 fix for Oracle error based query "space" problem 2010-10-19 14:10:09 +00:00
Miroslav Stampar
878135fe40 minor fix 2010-10-19 14:00:27 +00:00
Miroslav Stampar
6a8b1046d4 first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py) 2010-10-19 12:02:04 +00:00
Miroslav Stampar
d123bb741a added error based queries for MySQL, Postgre, MS SQL and Oracle 2010-10-18 21:26:13 +00:00
Miroslav Stampar
f9f79ffbaf basic stuff for sybase 2010-10-12 19:05:12 +00:00
Miroslav Stampar
9840d25b55 update of MaxDB queries 2010-10-12 17:04:20 +00:00
Miroslav Stampar
c4040ab297 fix for Feature #136 2010-08-31 14:25:37 +00:00