Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
2010-11-17 17:20:32 +00:00
Bernardo Damele
a9152c6723
Updated doc
2010-11-14 22:36:54 +00:00
Bernardo Damele
5e41cd07a3
Updated doc
2010-11-13 23:31:18 +00:00
Bernardo Damele
306e96331d
Updated doc
2010-11-12 10:00:49 +00:00
Bernardo Damele
0c8918bf07
Minor bug fix, thanks Alex
2010-11-08 12:45:23 +00:00
Miroslav Stampar
14e9425673
update of doc/THANKS
2010-11-05 16:09:30 +00:00
Miroslav Stampar
7d12dbff41
update of THANKS
2010-11-05 11:36:43 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Miroslav Stampar
861706fb31
fix for bug reported by ToR (unknown charset 'utf-8, text/html')
2010-11-02 18:01:10 +00:00
Miroslav Stampar
73b33ed765
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
2010-11-01 20:56:13 +00:00
Miroslav Stampar
d75578c81f
some update regarding common tables
2010-10-29 09:00:51 +00:00
Bernardo Damele
ed1f2da43f
Updated
2010-10-27 21:05:58 +00:00
Bernardo Damele
7715ba778b
Updated
2010-10-27 14:41:03 +00:00
Bernardo Damele
4ab3edfc94
Updated
2010-10-25 23:40:19 +00:00
Miroslav Stampar
c7578d4ea1
update of THANKS
2010-10-25 16:07:03 +00:00
Miroslav Stampar
aa931efd4d
several MySQL fixes/enhancements pointed out by Anton Mogilin
2010-10-24 22:05:14 +00:00
Miroslav Stampar
c5fb4edf3e
update of THANKS
2010-10-23 09:25:34 +00:00
Miroslav Stampar
a8e42a4f2b
bug fix
2010-10-23 06:42:21 +00:00
Bernardo Damele
e5485a9958
Updated doc
2010-10-20 22:14:52 +00:00
Bernardo Damele
22ed09a358
Updated
2010-10-20 21:52:33 +00:00
Bernardo Damele
cfa5655150
Updated changelog
2010-10-16 22:23:53 +00:00
Miroslav Stampar
5c3d21065a
bug fix (reported by nightman)
2010-10-16 21:29:35 +00:00
Miroslav Stampar
2b60304933
update
2010-10-16 21:19:44 +00:00
Bernardo Damele
bd3a791f23
Updated documentation
2010-10-15 10:29:53 +00:00
Miroslav Stampar
2198a60684
bug fix (reported by james@ev6.net)
2010-10-10 20:51:11 +00:00
Miroslav Stampar
0ad8090ad8
fix for a google bug reported by Brandon E.
2010-10-01 08:03:39 +00:00
Miroslav Stampar
87abec16bd
probable fix for a bug reported by Prashant Jadhav
2010-09-30 18:52:33 +00:00
Miroslav Stampar
7a7938a6da
updated THANKS
2010-08-22 08:53:30 +00:00
Miroslav Stampar
526aebc84c
small fix
2010-08-15 21:10:19 +00:00
Miroslav Stampar
f9752137f0
update of THANKS file
2010-08-08 22:28:01 +00:00
Miroslav Stampar
468eeb6ccf
update of THANKS
2010-08-08 21:49:27 +00:00
Miroslav Stampar
1d8953ebdb
update of THANKS file
2010-08-08 21:25:21 +00:00
Miroslav Stampar
6a6ff09c9a
fix for a bug reported by Marek Sarvas
2010-07-26 08:11:28 +00:00
Miroslav Stampar
c39d819dd2
fix for a resume bug reported by Augusto Urbieta
2010-07-20 08:13:02 +00:00
Miroslav Stampar
6d11f86fdd
update
2010-07-15 08:51:23 +00:00
Bernardo Damele
82bce81e28
Minor improvements
2010-07-02 13:38:52 +00:00
Bernardo Damele
dc8862a140
Updated
2010-07-01 10:46:59 +00:00
Bernardo Damele
3f2db471f5
Updated thanks
2010-06-30 13:27:07 +00:00
Bernardo Damele
d40a238335
Make --keep-alive public
2010-06-30 11:29:35 +00:00
Bernardo Damele
abc3c24d62
Update
2010-06-30 09:48:48 +00:00
Bernardo Damele
4bba59aaf5
Updated doc
2010-06-29 23:52:22 +00:00
Bernardo Damele
8576817a2b
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196 .
2010-06-29 21:07:23 +00:00
Bernardo Damele
7cad3cbda6
Minor code refactoring
2010-06-28 13:47:20 +00:00
Bernardo Damele
887adfcf10
Minor adjustments to extra/ libraries
2010-06-09 21:43:22 +00:00
Miroslav Stampar
01f2dfe33f
update
2010-06-04 17:08:32 +00:00
Bernardo Damele
080c71b903
Updated documentation
2010-06-02 16:19:43 +00:00
Bernardo Damele
06af405efd
Adapted and merged in patch to support XML output (-x switch) - still in beta.
...
Minor bug fixes and adjustments.
2010-05-28 16:43:04 +00:00
Miroslav Stampar
2a1dd492f5
updated THANKS
2010-05-25 10:10:27 +00:00
Miroslav Stampar
d2c03c12fd
updated thanks
2010-05-24 20:25:43 +00:00
Bernardo Damele
03fb84e29f
Minor enhancement to internal --profile function
2010-05-21 15:06:05 +00:00
Miroslav Stampar
4c1ad7d8ce
added Jose Fonseca (gprof2dot) to THANKS
2010-05-21 10:22:56 +00:00
Bernardo Damele
bffa06f2ca
Updated user's manual
2010-05-20 10:08:17 +00:00
Bernardo Damele
b2c5807109
Updated
2010-05-12 22:02:18 +00:00
Bernardo Damele
74860fee2a
Updated
2010-05-10 14:52:02 +00:00
Bernardo Damele
7b6050f3c1
Minor update
2010-05-06 14:18:25 +00:00
Bernardo Damele
8dbf89afe4
Minor update
2010-05-06 11:22:53 +00:00
Bernardo Damele
783c48f6e9
Merged history into user's manual
2010-05-06 11:09:03 +00:00
Bernardo Damele
7bf31f54b8
Updated history SGML file
2010-05-06 10:54:13 +00:00
Bernardo Damele
147e14356d
Major bug fix (reported by Thierry Zoller)
2010-05-06 10:52:40 +00:00
Bernardo Damele
107a900f51
Updated
2010-05-03 12:57:17 +00:00
Miroslav Stampar
d8e5585c66
fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError)
2010-04-29 08:30:29 +00:00
Bernardo Damele
a588b2020b
Added history SGML file
2010-04-26 15:00:53 +00:00
Bernardo Damele
2665066dae
Updated changelog file
2010-04-26 12:35:39 +00:00
Bernardo Damele
3087c27659
Updated doc
2010-04-22 10:37:58 +00:00
Bernardo Damele
e11d511cad
Updated doc
2010-04-15 12:12:53 +00:00
Bernardo Damele
e0d0913fc6
Updated doc
2010-04-12 09:34:20 +00:00
Bernardo Damele
822d22299f
Updated
2010-04-09 13:48:02 +00:00
Bernardo Damele
bd669dd6fa
Updated
2010-04-06 10:32:56 +00:00
Bernardo Damele
2d55ec19a3
Minor code restyling
2010-04-06 10:15:19 +00:00
Bernardo Damele
f0f1176396
Updated THANKS
2010-03-23 21:24:31 +00:00
Bernardo Damele
9e8a108768
Updated
2010-03-22 15:43:38 +00:00
Miroslav Stampar
f1fde2e443
added basic skeleton for FAQ doc
2010-03-17 12:56:26 +00:00
Bernardo Damele
7f5bc5e3fe
Increased version to 0.9-dev
2010-03-15 11:04:57 +00:00
Bernardo Damele
bfbf58b04e
Generated new user's manual html and pdf
2010-03-13 22:07:08 +00:00
Bernardo Damele
ee89709042
Updated manual
2010-03-13 21:56:38 +00:00
Miroslav Stampar
4bef12a2b4
doc update
2010-03-13 14:35:56 +00:00
Bernardo Damele
c42c4982c3
Updated documentation according to r1460
2010-03-12 22:59:03 +00:00
Bernardo Damele
7d8cc1a482
Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:
...
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments.
2010-03-12 22:43:35 +00:00
Bernardo Damele
054a4aaee7
Updated documentation, almost ready for 0.8 release!
2010-03-12 17:43:38 +00:00
Bernardo Damele
b50a2288f4
Minor layout adjustments
2010-03-11 23:54:07 +00:00
Bernardo Damele
b344a70ba1
Updated changelog
2010-03-11 01:10:55 +00:00
Bernardo Damele
4d53b17320
Updated THANKS
2010-03-10 22:08:54 +00:00
Bernardo Damele
6712b19df2
Updated ChangeLog
2010-03-10 01:14:23 +00:00
Bernardo Damele
8593741358
Minor bug fix
2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19
Minor log adjustments
2010-03-05 14:59:33 +00:00
Miroslav Stampar
d618964ab6
more time adjustments
2010-03-05 14:30:50 +00:00
Miroslav Stampar
45fc58d267
update
2010-03-05 14:24:54 +00:00
Miroslav Stampar
071e897f4e
minor time adjustments
2010-03-05 14:09:20 +00:00
Miroslav Stampar
6fd1f7f77c
update
2010-03-05 14:06:03 +00:00
Bernardo Damele
20d8275f0e
Minor doc adjustment
2010-03-05 10:20:45 +00:00
Bernardo Damele
5209b5929f
update
2010-03-04 17:38:00 +00:00
Miroslav Stampar
5334a40451
added description for --flush-session option
2010-03-04 13:17:11 +00:00
Bernardo Damele
a839566bb2
Added a link
2010-03-04 12:44:23 +00:00
Bernardo Damele
63880e3121
update
2010-03-03 22:02:48 +00:00
Bernardo Damele
1c7943f7b1
Update
2010-03-03 18:58:27 +00:00
Bernardo Damele
1704c73892
Update
2010-03-03 16:25:03 +00:00
Bernardo Damele
e774578180
Updated documentation
2010-03-03 15:16:43 +00:00
Miroslav Stampar
759b720425
documentation update
2010-03-03 13:59:29 +00:00
Miroslav Stampar
ddd8b277a6
updates, added #TODO marks for parts which have to be updated
2010-03-02 12:07:54 +00:00
Miroslav Stampar
0acef530ce
update
2010-03-01 10:51:17 +00:00
Bernardo Damele
dd3f65f0fb
Updated ChangeLog
2010-02-26 15:37:24 +00:00
Bernardo Damele
3c34066d19
Added newly compiled PostgreSQL UDFs for Windows
2010-02-20 20:59:13 +00:00
Bernardo Damele
16599cf2cf
typo fix
2010-02-16 22:54:22 +00:00
Bernardo Damele
7e0c411c0e
Updated THANKS file
2010-02-11 23:46:50 +00:00
Miroslav Stampar
bc0eb880df
fix for that -- bug
2010-02-08 11:44:32 +00:00
Miroslav Stampar
4e6af8d6c9
some syntax corrections
2010-02-08 09:10:32 +00:00
Bernardo Damele
22995787d1
Updated THANKS file
2010-02-04 15:24:13 +00:00
Bernardo Damele
9ed0744510
Added some error messages to detect back-end DBMS
2010-01-30 22:24:20 +00:00
Bernardo Damele
267cf5dd1a
Updated documentation
2010-01-30 00:08:10 +00:00
Bernardo Damele
7b8316728c
Major bug fix in takeover functionalities on Microsoft SQL Server
2010-01-29 00:09:05 +00:00
Bernardo Damele
c6cae7da41
Updated changelog
2010-01-28 23:10:54 +00:00
Bernardo Damele
b4ce8fe361
Updated ChangeLog file
2010-01-18 15:43:06 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
055b14a11a
Updated Changelog
2010-01-13 12:14:29 +00:00
Bernardo Damele
473024bd6e
Newline
2010-01-04 14:03:31 +00:00
Miroslav Stampar
6319eb6e5c
just added PGP Key ID
2010-01-04 13:08:40 +00:00
Bernardo Damele
232f927dd0
Slightly updated the documentation
2010-01-04 12:53:58 +00:00
Bernardo Damele
d5b1863dec
Updated documentation and svn properties
2010-01-02 02:07:28 +00:00
Bernardo Damele
c1c14dabd9
Minor bug fix
2009-12-21 11:21:18 +00:00
Bernardo Damele
e6c4154cac
Fixed minor bug in --reg-del
2009-12-21 11:04:54 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
c332c72808
Minor update to user's manual to reflect new Metasploit release
2009-11-17 23:36:18 +00:00
Bernardo Damele
aa14bea051
Test again
2009-11-01 12:30:30 +00:00
Bernardo Damele
e518ae82e4
Testing post-commit hook on redmine
2009-11-01 12:28:33 +00:00
Bernardo Damele
bfd8128693
Updated name
2009-11-01 12:10:29 +00:00
Bernardo Damele
de68a499f5
Typo fix
2009-11-01 12:08:46 +00:00
Bernardo Damele
bb123b2769
Updated changelog
2009-10-23 10:20:47 +00:00
Bernardo Damele
f1a7d095aa
Minor patch to make the PHP web backdoor work also on Windows
2009-10-22 16:25:19 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c
Minor bug fix in MSSQL version fingerprint
2009-08-11 09:16:20 +00:00
Bernardo Damele
14578a7a4d
Updated THANKS file
2009-07-30 12:02:34 +00:00
Bernardo Damele
e608a5ca55
Updated THANKS file
2009-07-29 10:44:56 +00:00
Bernardo Damele
2c98c11e80
user's manual PDF recreated
2009-07-25 16:46:30 +00:00
Bernardo Damele
45e3ce798f
Updated documentation with all new features introduced since sqlmap 0.7-rc1
2009-07-25 14:31:44 +00:00
Bernardo Damele
576cc97742
Minor update to the user's manual, almost there to release 0.7 stable!
2009-07-25 00:25:59 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00
Bernardo Damele
bc31bd1dd9
Minor bug fix
2009-06-29 10:13:39 +00:00
Bernardo Damele
fd7de4bbb8
Updated THANKS file
2009-06-24 13:57:50 +00:00
Bernardo Damele
cfd8a83655
Minor adjustment to get also the port when parsing burp logs
2009-06-04 14:36:31 +00:00
Bernardo Damele
81d1a767ac
Minor bug fix in output manager (dumper) object
2009-05-20 13:56:23 +00:00
Bernardo Damele
37d3b3adda
Updated THANKS
2009-05-20 09:58:22 +00:00
Bernardo Damele
f7ee4d578e
Updated THANKS file
2009-05-19 15:56:30 +00:00
Bernardo Damele
e8c115500d
Now it works also on Mac OS X
2009-04-30 10:46:50 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
69259c5984
Updated THANKS
2009-04-23 08:42:57 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
c405fb51ab
PDF regenerated
2009-02-04 16:32:06 +00:00