sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	efd27d7ade	minor renaming	2012-04-17 08:41:19 +00:00
Miroslav Stampar	601d118c68	reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)	2012-04-15 16:59:03 +00:00
Miroslav Stampar	8c6eb4faa9	adding support for PgSQL DNS data exfiltration	2012-04-07 14:06:11 +00:00
Miroslav Stampar	2223c884e5	minor refactoring	2012-04-05 12:55:26 +00:00
Miroslav Stampar	b0787f193c	getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)	2012-04-03 14:34:15 +00:00
Miroslav Stampar	2c28423cb8	minor update	2012-04-02 14:57:15 +00:00
Miroslav Stampar	1cd3c3f7af	further update of DNS data retrieval mechanism through SQLi	2012-04-02 14:05:30 +00:00
Miroslav Stampar	d908d078dd	minor fix	2012-04-02 12:27:30 +00:00
Miroslav Stampar	abffc39929	minor update regarding DNS data retrieval task	2012-04-02 12:22:40 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	772ead8d03	fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values	2012-03-29 12:44:20 +00:00
Miroslav Stampar	cbdcbdd786	minor minor update	2012-03-16 11:18:18 +00:00
Miroslav Stampar	775e424bf2	bug fix for using --no-cast and --hex switches together	2012-03-08 15:04:52 +00:00
Miroslav Stampar	ac5a752b12	Oracle's XMLType doesn't like '#' char too	2012-03-01 11:59:37 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Miroslav Stampar	386e98a0e3	using UNION SELECT for where=..NEGATIVE	2012-02-22 09:41:58 +00:00
Miroslav Stampar	686eacda9a	minor update regarding --hex	2012-02-21 13:38:18 +00:00
Miroslav Stampar	bcf3255fe1	implementation of switch --hex for 4 major DBMSes	2012-02-21 11:44:48 +00:00
Miroslav Stampar	e50d64546f	minor fix	2012-02-07 14:57:48 +00:00
Miroslav Stampar	2b05ded9c3	just a makeup	2012-02-07 12:05:23 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	1f085a0241	now [SLEEPTIME] is changeable properly in vivo	2012-01-05 14:45:05 +00:00
Miroslav Stampar	526aacb640	code cleanup	2011-12-21 22:59:23 +00:00
Miroslav Stampar	0a039d84e0	some more refactoring	2011-12-21 19:40:42 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	440b7efe55	minor optimization	2011-11-20 20:14:47 +00:00
Miroslav Stampar	cd00c0d084	minor patch	2011-10-24 09:43:59 +00:00
Miroslav Stampar	20ae1c2187	added switch --logic-negative	2011-10-24 00:40:06 +00:00
Miroslav Stampar	0c29311eb2	minor update	2011-10-23 22:24:57 +00:00
Miroslav Stampar	25f0ec3597	some minor range to xrange conversion (where safe to do)	2011-10-21 22:34:27 +00:00
Miroslav Stampar	7e80274fac	refactoring	2011-09-25 21:10:45 +00:00
Miroslav Stampar	2f4e34f5a0	minor improvement for URI injections	2011-09-08 11:13:12 +00:00
Miroslav Stampar	01014eca17	by request	2011-08-23 21:45:01 +00:00
Miroslav Stampar	8a174248dc	fix for a bug reported by blueBoy	2011-08-20 20:08:11 +00:00
Miroslav Stampar	018d7ed646	improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)	2011-07-31 23:40:09 +00:00
Miroslav Stampar	a89140e1ce	revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)	2011-07-23 06:07:00 +00:00
Bernardo Damele	b5dd4d4a63	Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection	2011-07-08 10:19:01 +00:00
Miroslav Stampar	c517e97a44	few fixes and minor cosmetics	2011-07-08 06:02:31 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	067354b97f	Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access	2011-07-07 13:20:40 +00:00
Miroslav Stampar	5b4eaf48d9	minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")	2011-06-27 21:34:49 +00:00
Bernardo Damele	36c96ef796	Added DB2 support - patch provided by Sebastian Bittig	2011-06-25 09:44:24 +00:00
Miroslav Stampar	08d6bb4f23	minor fix	2011-06-02 22:13:31 +00:00
Miroslav Stampar	128a012121	this was causing that --suffix trouble	2011-05-23 19:59:07 +00:00
Miroslav Stampar	fb23beef6f	most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)	2011-05-22 19:14:36 +00:00
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Bernardo Damele	ac2550535c	Proper fix for --technique=U bug	2011-05-01 23:42:41 +00:00
Miroslav Stampar	900ee0ff93	fix for a major bug reported by k1971@live.co.uk (1..9 99..)	2011-05-01 15:47:00 +00:00

1 2 3 4 5

224 Commits