Miroslav Stampar
|
bd99470a4a
|
Minor update to cleanup properly new xp_cmdshell
|
2014-12-05 22:01:59 +01:00 |
|
Miroslav Stampar
|
821e4bf507
|
Patch for an Issue #987
|
2014-12-03 08:46:02 +01:00 |
|
Miroslav Stampar
|
636e0588d5
|
Patch for an Issue #981
|
2014-12-02 10:29:09 +01:00 |
|
Miroslav Stampar
|
a827453eb7
|
Update for an Issue #907
|
2014-11-16 08:31:01 +01:00 |
|
Miroslav Stampar
|
c98bd521c5
|
Patch for an Issue #923
|
2014-11-11 11:53:51 +01:00 |
|
Miroslav Stampar
|
d400dc27f2
|
Patch for an Issue #907
|
2014-11-08 21:54:34 +01:00 |
|
Miroslav Stampar
|
d087565051
|
Fix for Issues #905 and #906
|
2014-11-06 11:41:10 +01:00 |
|
Miroslav Stampar
|
3b3b8d4ef2
|
Potential bug fix (escaping formatted regular expressions)
|
2014-10-28 14:02:55 +01:00 |
|
Miroslav Stampar
|
be213bc657
|
Bug fix for crashes caused by '--search --exclude-sysdbs --current-db'
|
2014-10-12 22:41:53 +02:00 |
|
Miroslav Stampar
|
57eb19377e
|
Minor code refactoring
|
2014-09-16 09:07:31 +02:00 |
|
Miroslav Stampar
|
1069399668
|
Minor style update
|
2014-08-21 00:32:15 +02:00 |
|
Miroslav Stampar
|
77ba63b060
|
Minor language update
|
2014-08-19 23:56:04 +02:00 |
|
Miroslav Stampar
|
30fb8e8a50
|
Patch regarding Issue #774 (SELECT is redundant in case of LOAD_FILE)
|
2014-08-16 14:23:07 +02:00 |
|
Miroslav Stampar
|
5436635acb
|
Minor update
|
2014-08-13 13:32:22 +02:00 |
|
Miroslav Stampar
|
ac43051df2
|
Patch for an Issue #553
|
2014-06-23 21:24:45 +02:00 |
|
Miroslav Stampar
|
11dee4c8cd
|
Patch for an Issue #731
|
2014-06-22 00:19:10 +02:00 |
|
Miroslav Stampar
|
401f896175
|
Patch related to the Issue #696
|
2014-05-20 13:44:10 +02:00 |
|
Miroslav Stampar
|
67115ed558
|
Minor fix (for a bug reported via ML)
|
2014-05-17 15:00:09 +02:00 |
|
Miroslav Stampar
|
fc3c321b01
|
Minor update
|
2014-05-15 19:08:41 +02:00 |
|
Miroslav Stampar
|
e7bc57b00b
|
Fix for an Issue #683
|
2014-05-04 20:44:11 +02:00 |
|
Miroslav Stampar
|
3beb1ae2a1
|
Trivial fix (backslashes should be escaped)
|
2014-04-06 18:15:06 +02:00 |
|
Miroslav Stampar
|
fca57da1cf
|
Fix for --tables on HSQLDB
|
2014-03-07 15:57:41 +01:00 |
|
Miroslav Stampar
|
d05bfdd7dd
|
Implementing option '--where' (Issue #605)
|
2014-02-11 16:20:45 +01:00 |
|
Miroslav Stampar
|
de8cb15350
|
Fix for an Issue #601
|
2014-02-05 15:11:39 +01:00 |
|
Miroslav Stampar
|
ab36e5a2f0
|
Fix for an Issue #597
|
2014-01-15 10:29:58 +01:00 |
|
Bernardo Damele
|
43a4e85749
|
updated copyright
|
2014-01-13 17:24:49 +00:00 |
|
Miroslav Stampar
|
6863436d4e
|
Implementation for an Issue #596
|
2014-01-13 10:05:56 +01:00 |
|
Miroslav Stampar
|
ebccba922b
|
Fix for an Issue #543
|
2013-10-16 11:25:55 +02:00 |
|
Miroslav Stampar
|
6a3d804af5
|
Minor update (display NULL instead of FALSE when non-query statement is sqlQueried)
|
2013-09-02 11:32:32 +02:00 |
|
Miroslav Stampar
|
de31688c4f
|
Update for an Issue #481
|
2013-07-29 18:25:27 +02:00 |
|
stamparm
|
dbb0d7f700
|
Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used)
|
2013-07-19 13:24:35 +02:00 |
|
stamparm
|
e498694928
|
Fix for a NoneType/--columns issue reported over ML
|
2013-07-02 15:02:07 +02:00 |
|
Bernardo Damele
|
5882ab59d8
|
fixed #478
|
2013-07-01 22:30:59 +01:00 |
|
Bernardo Damele
|
6468211f65
|
tables and databases names on MSQLDB are capitalized
|
2013-07-01 11:54:31 +01:00 |
|
stamparm
|
f7d15cb465
|
Official naming is HSQLDB (and/or HyperSQL)
|
2013-07-01 11:57:47 +02:00 |
|
Meatballs
|
550693032b
|
Remote whitespace in databases.py
|
2013-06-24 15:03:08 +01:00 |
|
Meatballs
|
62000c6406
|
Remaining files
|
2013-06-24 14:42:58 +01:00 |
|
Miroslav Stampar
|
c2dce66a46
|
Fix for an user reported bug (tbl can be None)
|
2013-06-16 12:35:05 +02:00 |
|
Miroslav Stampar
|
540493a69f
|
Fix for empty strings (previously '' was just removed)
|
2013-06-11 12:56:20 +02:00 |
|
Miroslav Stampar
|
ca53dfad84
|
Minor fix
|
2013-06-01 13:44:50 +02:00 |
|
stamparm
|
1c2197e8de
|
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
|
2013-04-15 16:18:40 +02:00 |
|
stamparm
|
f936746423
|
Code restyling
|
2013-04-15 14:31:27 +02:00 |
|
stamparm
|
aed738d6e6
|
Update for an Issue #361
|
2013-04-15 14:20:21 +02:00 |
|
stamparm
|
3e65037a05
|
Introducing lib/utils/sqlalchemy.py (Issue #361)
|
2013-04-15 10:33:25 +02:00 |
|
Bernardo Damele
|
34ce8742f1
|
removed leftover
|
2013-02-26 10:12:18 +00:00 |
|
Miroslav Stampar
|
f817105db3
|
Minor bug fix
|
2013-02-18 14:40:39 +01:00 |
|
Miroslav Stampar
|
046f347f5d
|
Minor fix
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
834ae6aac0
|
Another minor update
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
97c06854a4
|
Minor fixes
|
2013-02-15 17:36:58 +01:00 |
|
Miroslav Stampar
|
67157fa2ba
|
Some more minor fixes
|
2013-02-15 14:28:05 +01:00 |
|
Miroslav Stampar
|
b1c0cabde5
|
Minor fixes
|
2013-02-15 14:21:51 +01:00 |
|
Miroslav Stampar
|
2fb599619a
|
Bug fix
|
2013-02-15 13:55:09 +01:00 |
|
Bernardo Damele
|
d8942d2ae0
|
fixes #396 - adapted the engine to properly verify all steps of takeover were successul, minor code refactoring too
|
2013-02-14 18:32:22 +00:00 |
|
Bernardo Damele
|
d42d28392a
|
avoid tracebacks because the parameter does not exist
|
2013-02-14 13:18:33 +00:00 |
|
Bernardo Damele
|
c9c520a325
|
no need to repeat the debug message each time this function is called
|
2013-02-14 13:18:15 +00:00 |
|
Bernardo Damele
|
1de109747f
|
minor bug fix introduced in 2267dd8f47
|
2013-02-14 12:39:17 +00:00 |
|
Miroslav Stampar
|
0b8de94ace
|
Putting cases with INTO here too
|
2013-02-14 12:35:17 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
2267dd8f47
|
working on #392 to fix --os-cmd and --os-shell output parsing
|
2013-02-14 11:31:20 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Bernardo Damele
|
cbb5c79d29
|
typo fix
|
2013-02-13 13:07:47 +00:00 |
|
Bernardo Damele
|
d9e716b95d
|
added two debug messages for clarity
|
2013-02-13 12:46:45 +00:00 |
|
Miroslav Stampar
|
dd6f50a00e
|
Removing unused imports
|
2013-02-13 11:15:24 +01:00 |
|
Miroslav Stampar
|
dc41484b3f
|
Refactoring of funcionality for finding out if stacking is available
|
2013-02-13 09:57:16 +01:00 |
|
Miroslav Stampar
|
c9447fbbe7
|
Minor patch to return False if --is-dba returns None
|
2013-02-12 13:04:42 +01:00 |
|
Miroslav Stampar
|
093a93938c
|
Bug fix (making non-query statements available for stacked conditional-error blind cases too)
|
2013-02-11 20:43:12 +01:00 |
|
Bernardo Damele
|
8bfee3b802
|
started to work on #373 to improve usability when user is not DBA
|
2013-02-11 18:07:58 +00:00 |
|
Miroslav Stampar
|
2f69a94bcf
|
Bug fix for --search -C
|
2013-02-05 12:24:57 +01:00 |
|
Miroslav Stampar
|
e836629215
|
Bug fixes for search (safeStringFormat should not replace all if given scalar values)
|
2013-02-05 11:37:49 +01:00 |
|
Miroslav Stampar
|
31230c5a42
|
Minor fix
|
2013-02-05 11:23:22 +01:00 |
|
Miroslav Stampar
|
87ad96bf01
|
Minor cosmetic fix
|
2013-02-05 11:18:46 +01:00 |
|
Miroslav Stampar
|
81d4f9f7d1
|
Bug fix for last regression test (--search related)
|
2013-01-31 16:41:23 +01:00 |
|
Miroslav Stampar
|
6b6e36b2ec
|
Continuation of work on fixing DISTINCT/--search issues (Oracle)
|
2013-01-30 18:08:34 +01:00 |
|
Miroslav Stampar
|
838e98192e
|
Consistency update (we are not using DISTINCT in inband counterparts too)
|
2013-01-30 17:25:36 +01:00 |
|
Miroslav Stampar
|
93c59c7277
|
Fix for a --privileges --technique=B --dbms=Oracle (when one user has no privileges everything is foobared)
|
2013-01-30 16:41:57 +01:00 |
|
Miroslav Stampar
|
95998e3989
|
Implementing undocumented way how to retrieve w+ temporary directory name on MsSQL (suggested by Vlado Velichkovski)
|
2013-01-30 14:38:21 +01:00 |
|
Miroslav Stampar
|
6005046280
|
Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working)
|
2013-01-30 11:36:04 +01:00 |
|
Miroslav Stampar
|
7e73825ece
|
Minor cosmetics
|
2013-01-29 15:34:41 +01:00 |
|
Miroslav Stampar
|
c83f468a37
|
Trivial changes
|
2013-01-23 15:34:20 +01:00 |
|
Miroslav Stampar
|
9825e247db
|
Refactoring search module
|
2013-01-23 14:22:35 +01:00 |
|
Bernardo Damele
|
ff160abf10
|
minor bug fix
|
2013-01-23 13:02:02 +00:00 |
|
Bernardo Damele
|
45af22872a
|
fixes #370 (the bug was introduced with commit edb977a74e )#
|
2013-01-23 13:00:58 +00:00 |
|
Bernardo Damele
|
f4028bd7d2
|
minor adjustment
|
2013-01-23 02:10:38 +00:00 |
|
Bernardo Damele
|
d8a0e7eacb
|
fixes #187
|
2013-01-23 01:27:01 +00:00 |
|
Bernardo Damele
|
bd7fd862b0
|
forgot import
|
2013-01-22 10:16:18 +00:00 |
|
Bernardo Damele
|
edb977a74e
|
bug fix so that if search fails with union/error and blind techniques are available, it falls back to them (like any other enumeration switch) and minor bug fix so that in search mode, the provided table name to search is upped
|
2013-01-22 10:14:35 +00:00 |
|
Bernardo Damele
|
e23340f002
|
added support for search for tables on Firebird (issue #365)
|
2013-01-22 09:53:05 +00:00 |
|
Bernardo Damele
|
e9dea8d394
|
no need to raise an exception if one enumeration fails
|
2013-01-21 17:11:46 +00:00 |
|
Miroslav Stampar
|
f9d330ec98
|
Fix for that Firebird column data types issue (tec=EU)
|
2013-01-21 17:20:46 +01:00 |
|
Miroslav Stampar
|
457217f2d3
|
Fix for an Issue #356
|
2013-01-21 16:46:48 +01:00 |
|
Miroslav Stampar
|
65c55a6a49
|
Fix for escaping single quote character(s)
|
2013-01-21 11:21:41 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Bernardo Damele
|
6f61fc04f1
|
minor bug fix
|
2013-01-20 01:22:25 +00:00 |
|
Bernardo Damele
|
d1acdee9c4
|
fixed --count for DBMSes that are single-database
|
2013-01-18 23:07:16 +00:00 |
|
Bernardo Damele
|
8748cceff3
|
no point enumerating current database for --count on some DBMSes
|
2013-01-18 23:04:28 +00:00 |
|
Bernardo Damele
|
a390c48692
|
code refactoring
|
2013-01-18 23:04:01 +00:00 |
|
Bernardo Damele
|
b80e195c78
|
bug fix for #355
|
2013-01-18 22:10:10 +00:00 |
|
Bernardo Damele
|
f3d7be9200
|
more adjustments for #353
|
2013-01-18 20:44:56 +00:00 |
|
Bernardo Damele
|
2550bbc05e
|
fix for #353
|
2013-01-18 20:40:38 +00:00 |
|
Bernardo Damele
|
f49657eacc
|
minor fix to previous commit
|
2013-01-18 15:10:34 +00:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
e7576a3b11
|
Better naming
|
2013-01-18 11:21:23 +01:00 |
|
Miroslav Stampar
|
caae773b2d
|
Minor removal of redundant code
|
2013-01-18 10:44:57 +01:00 |
|
Bernardo Damele
|
d1b91790f5
|
fixed --count on DB2
|
2013-01-17 22:13:59 +00:00 |
|
Miroslav Stampar
|
14b7e655a9
|
Minor refactoring
|
2013-01-16 16:33:04 +01:00 |
|
Bernardo Damele
|
404ecbcaec
|
typo fix
|
2013-01-15 17:14:58 +00:00 |
|
Miroslav Stampar
|
7a1d484115
|
Implementation for an Issue #340
|
2013-01-15 16:05:33 +01:00 |
|
Bernardo Damele
|
e555c2be30
|
added support for --search -T for SQLite
|
2013-01-14 16:26:11 +00:00 |
|
Bernardo Damele
|
e835a2af9a
|
minor bug fix
|
2013-01-14 13:43:03 +00:00 |
|
Bernardo Damele
|
279f6cb9ce
|
minor bug fix for PostgreSQL --file-read
|
2013-01-14 12:22:15 +00:00 |
|
Bernardo Damele
|
146d9fedf0
|
fix for bug #337
|
2013-01-14 10:24:45 +00:00 |
|
Miroslav Stampar
|
bc4d8d3e02
|
Implementation for an Issue #332
|
2013-01-11 11:17:41 +01:00 |
|
Miroslav Stampar
|
ec4e49d771
|
Minor refactoring
|
2013-01-10 16:09:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
6cfa9cb0b3
|
Removing unused imports
|
2013-01-10 12:15:12 +01:00 |
|
Miroslav Stampar
|
ca1c0c2a1d
|
Minor style update
|
2013-01-10 11:54:07 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Miroslav Stampar
|
55a552ddc4
|
Update for an Issue #24
|
2013-01-08 10:55:25 +01:00 |
|
Miroslav Stampar
|
ad85c4c964
|
Minor refactoring for an Issue #295
|
2013-01-08 10:23:02 +01:00 |
|
Bernardo Damele
|
8ee840bc8e
|
maintained release is on Google code
|
2013-01-07 17:11:14 +00:00 |
|
Miroslav Stampar
|
46e2ad53cd
|
Fix for an Issue #331
|
2013-01-07 16:36:29 +01:00 |
|
Miroslav Stampar
|
ac407ae4a1
|
Implementation for an Issue #295
|
2013-01-07 15:55:40 +01:00 |
|
Miroslav Stampar
|
6270e9337b
|
Minor cosmetics
|
2013-01-07 14:34:20 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
a77b7f00d9
|
Fix for an Issue #323
|
2012-12-23 19:34:35 +01:00 |
|
Miroslav Stampar
|
2fc187489b
|
Removing leftover
|
2012-12-21 14:01:59 +01:00 |
|
Miroslav Stampar
|
35728fa443
|
Fix (and some hidden bug fixes/improvements) regarding an Issue #317
|
2012-12-21 10:51:35 +01:00 |
|
Miroslav Stampar
|
0f62e677b5
|
Minor just in case commit (plural/singular unArrayize())
|
2012-12-21 10:15:42 +01:00 |
|
Miroslav Stampar
|
18f4a916ea
|
Minor fix
|
2012-12-20 14:58:26 +01:00 |
|
Bernardo Damele
|
cefb03c835
|
fixed bug related to issue #223
|
2012-12-19 14:12:09 +00:00 |
|
Bernardo Damele
|
4f0f729982
|
be more specific in standard output message as to whether or not the read file is same as remote file
|
2012-12-19 13:42:56 +00:00 |
|
Bernardo Damele
|
9b422e1e94
|
minor fix for issue #309
|
2012-12-19 09:37:29 +00:00 |
|
Bernardo Damele
|
738dbde16c
|
avoid displaying "do you want to dump" message if no searched columns have been found
|
2012-12-18 18:07:34 +00:00 |
|
Bernardo Damele
|
326ed33f31
|
added support for comma separated list of files for --file-read - fixes issue #223
|
2012-12-18 17:55:21 +00:00 |
|
Bernardo Damele
|
8d9aa2c384
|
minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223
|
2012-12-18 17:49:18 +00:00 |
|
Bernardo Damele
|
9a1eca20b5
|
lowered gravity
|
2012-12-18 16:42:03 +00:00 |
|
Bernardo Damele
|
d1d99d930b
|
proper fix for #306
|
2012-12-18 15:31:30 +00:00 |
|
Bernardo Damele
|
6b1dd05e62
|
reverted
|
2012-12-18 14:51:04 +00:00 |
|
Bernardo Damele
|
e1b7a6350e
|
consistency between --tables and --columns when -T and -C are respectively provided - there was a leftover from when --search called getColumns() as --columns: this is no longer the case (closes issue #306)
|
2012-12-18 14:37:04 +00:00 |
|
Bernardo Damele
|
57412f8475
|
default to --search shall stay LIKE
|
2012-12-18 13:55:26 +00:00 |
|
Miroslav Stampar
|
699a0f756a
|
Minor fix
|
2012-12-18 12:43:23 +01:00 |
|
Miroslav Stampar
|
f56b846864
|
Patch for an Issue #300
|
2012-12-18 09:55:33 +01:00 |
|
Bernardo Damele
|
a00cd9b3ea
|
syntax fix
|
2012-12-17 14:13:34 +00:00 |
|
Bernardo Damele
|
d2bd275652
|
refactoring
|
2012-12-17 14:07:28 +00:00 |
|
Bernardo Damele
|
3c1cead406
|
WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now
|
2012-12-17 14:06:12 +00:00 |
|
Bernardo Damele
|
eb44f30d63
|
minor layout output fix
|
2012-12-17 13:51:46 +00:00 |
|
Miroslav Stampar
|
9e38ccbc3d
|
Removing unused imports
|
2012-12-10 17:47:42 +01:00 |
|
Miroslav Stampar
|
ed1b5d0ada
|
Minor fix
|
2012-12-07 10:57:57 +01:00 |
|
Miroslav Stampar
|
b5c8707323
|
Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL
|
2012-12-06 15:55:33 +01:00 |
|