| 
							
							
								 Miroslav Stampar | 5d35d255ba | minor refactoring | 2012-06-11 22:27:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2538e2d5b4 | fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring | 2012-05-22 09:33:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3a9e266d78 | adding revisited wildcard LIKE payloads | 2012-05-21 21:49:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 602369c762 | reverting last changes on boundaries | 2012-05-21 09:20:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1500b3fccd | adding a new payload boundaries by smcintyre@securestate.com | 2012-05-21 08:31:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 37f2709197 | making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) | 2012-05-09 09:08:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | deec97dfe3 | adding Frontbase to error message regexes | 2012-05-08 17:02:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 57234e1ff5 | fix for proper (international character) inference on MsAccess | 2012-05-03 23:13:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1e45ee9ab6 | reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago | 2012-04-25 20:37:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | eb73cab636 | increased UNION test ranges | 2012-04-23 11:54:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 414c74b8aa | new payload | 2012-04-13 08:16:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1f82d29a36 | switch two conditional payloads for proper detection | 2012-04-04 10:11:48 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | d5b4b7996a | minor revert | 2012-04-04 00:09:47 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 049c27c739 | improved detection for INSERT and UPDATE statements | 2012-04-03 23:29:06 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 40a7232de6 | Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings) | 2012-03-30 16:27:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 637a8d8273 | improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism | 2012-03-29 14:33:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 772ead8d03 | fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values | 2012-03-29 12:44:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 84479eebe9 | minor fix | 2012-03-15 08:55:42 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 890bf708bc | Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported) | 2012-03-15 00:19:57 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 012fc21b49 | Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based. Adapted the queries.xml file accordingly | 2012-03-09 17:47:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ac5a752b12 | Oracle's XMLType doesn't like '#' char too | 2012-03-01 11:59:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 686eacda9a | minor update regarding --hex | 2012-02-21 13:38:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 77723a7aee | minor update | 2012-02-21 10:24:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d70f4b7150 | adding hex conversion functions to queries.xml for 4 major DBMSes | 2012-02-21 10:10:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6632aa7308 | some more refactoring | 2012-02-16 13:46:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7bca926a0b | fixes, updates, patches | 2012-02-09 10:16:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f86c365694 | added one more failsafe for MSSQL --tables | 2012-02-03 10:56:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f4e7bf1d51 | minor update regarding support for Unicode characters in Oracle | 2012-02-01 14:17:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 704488a4e4 | proper retrieval of unicode characters in inference mode on MSSQL | 2012-02-01 13:01:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a6c2fc7ecc | some refactoring on MSSQL support | 2012-02-01 12:53:07 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ec9cc19951 | Minor bug fixes for -d | 2012-01-13 21:46:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f1147035cf | minor concision/beautification update | 2012-01-10 11:50:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fecdce5801 | implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too | 2012-01-09 21:09:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f412706fee | minor update for MSSQL --tables (fallback to other method) | 2012-01-03 18:01:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7d2fce16dc | minor fix | 2011-12-16 11:40:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cff21814bb | minor patch for MSSQL 2008 | 2011-12-16 11:23:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2adf358524 | minor update | 2011-12-03 13:17:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 39b406c5c1 | fix for --search on Oracle | 2011-12-02 18:13:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 94790bf08a | minor update (removing reference to Microsoft Access for Generic payload) | 2011-12-01 13:25:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | df4e3be191 | using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions) | 2011-11-23 22:57:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d8047c79f3 | reverting back last two commits | 2011-11-22 15:28:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 73276c0785 | even better (added long before plugins table) | 2011-11-22 15:23:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ff07031170 | better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based) | 2011-11-22 15:20:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bbb7e1562d | adding AGAINST full-text search boundaries | 2011-11-12 14:16:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2e5222bfd8 | adding INSERT/UPDATE generic boundaries | 2011-10-28 11:00:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b6ccc0cc43 | minor update | 2011-10-18 14:35:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 597d554153 | minor update | 2011-10-18 13:05:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 382db1b67a | degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level) | 2011-08-31 20:35:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d283e3eb3c | adding support for pre-WHERE injections | 2011-08-24 09:04:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 13eb20cea1 | minor beautification | 2011-08-03 10:12:06 +00:00 |  |