Bernardo Damele
77d9d22ceb
Minor update to the user's manual
2009-02-01 00:20:08 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031
Avoid DeprecationWarning with Python 2.6+
2009-01-22 23:53:01 +00:00
Bernardo Damele
193482a62b
Updated user's manual
2009-01-22 23:44:44 +00:00
Bernardo Damele
981c7a4428
Updated Microsoft SQL Server XML signature db
2009-01-22 22:30:45 +00:00
Bernardo Damele
7adbf5892d
Updated user's manual
2009-01-19 23:45:54 +00:00
Bernardo Damele
8f973ce574
Minor layout adjustments
2009-01-18 22:36:48 +00:00
Bernardo Damele
bc3b4c6936
Minor layout adjustments in the user's manual
2009-01-13 23:16:34 +00:00
Bernardo Damele
9c125a2b57
Minor improvement to use Python ConfigParser library when --save if specified.
...
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
6ff8feb5cf
Updated documentation
2009-01-03 01:25:43 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
0e9873fd4f
Preparing documentation for 0.6.4
2008-12-29 18:44:20 +00:00
Bernardo Damele
b0ad102efb
Better fingerprint technique for Microsoft SQL Server
2008-12-22 23:32:43 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
4ae464c80d
Minor enhancement to support an option (--union-tech) to specify the
...
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
374b9ba878
Updated documentation based upon recent developments
2008-12-21 16:35:45 +00:00
Bernardo Damele
7e8ac16245
Added preventive check for stacked queries support when executing DDL,
...
DML & co. statements in SQL query and SQL shell. Minor improvements on
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
3fe493b63d
Minor enhancement to support an option (--is-dba) to show if the
...
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
2efb3ae2ba
Documentation updated, now ready for 0.6.3 release
2008-12-17 23:26:14 +00:00
Bernardo Damele
bb9079aa9d
Minor documentation adjustments
2008-12-17 20:58:19 +00:00
Bernardo Damele
94c79e3209
Updated documentation
2008-12-17 20:17:34 +00:00
Bernardo Damele
ec11f502df
Site and documentation updated, ready to release 0.6.3 in two days
2008-12-17 00:19:01 +00:00
Bernardo Damele
36d9ede001
Updated documentation, ready for sqlmap 0.6.3 release
2008-12-16 23:52:16 +00:00
Bernardo Damele
2b0ec1868d
Updated documentation
2008-12-16 21:31:15 +00:00
Bernardo Damele
bf2a857b9a
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 19:06:31 +00:00
Bernardo Damele
072eb7154c
Major enhancement to support Partial UNION query SQL injection technique too.
...
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
...
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
15542d2772
Minor layout adjustment
2008-12-05 16:00:18 +00:00
Bernardo Damele
38c9627700
Minor enhancemet to support also --regexp, --excl-str and --excl-reg
...
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7
sqlmap 0.6.3-rc4:
...
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
f97585c593
Show also SVN revision in error message when a traceback raises.
...
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
3cf1658532
Increased default output level from 0 to 1
2008-12-01 23:07:41 +00:00
Bernardo Damele
6e548eb2ec
Completed support to get the list of targets from WebScarab/Burp proxies
...
log file and updated the documentation
2008-11-27 22:33:33 +00:00
Bernardo Damele
dc1f2deb74
Minor bug fix to correctly enumerate columns on Microsoft SQL Server.
...
Minor adjustments to XML signatures.
Updated documentation.
2008-11-25 11:33:44 +00:00
Bernardo Damele
8f74fe2ce9
Added new HTTP response headers on which fingerprint web app technology and web server OS.
...
Updated documentation.
2008-11-19 15:33:39 +00:00
Bernardo Damele
727664aea7
Minor enhancement to fingerprint the web server operating system and
...
the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog.
2008-11-18 17:42:46 +00:00
Bernardo Damele
654aecedfe
Minor layout adjustments, minor fixes and updated changelog
2008-11-17 00:00:54 +00:00
Bernardo Damele
fa0507ab39
Minor enhancement to fingerprint the back-end DBMS operating system (type,
...
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
comment injection fingerprint: MySQL 5.0.67
banner parsing fingerprint: MySQL 5.0.67
html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
84cbc60659
Major bug fix to correctly handle httplib.BadStatusLine exception.
...
Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual.
2008-11-15 12:25:19 +00:00
Bernardo Damele
0bd5b52d95
Minor fixes
2008-11-13 00:03:04 +00:00
Bernardo Damele
ecc4a98071
Properly moved and improved inject.goStacked() function and newly
...
implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file.
2008-11-12 23:44:09 +00:00
Bernardo Damele
0c5d3df546
sqlmap 0.6.3-rc1:
...
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
544ced52b5
Name adjustment
2008-11-04 19:56:07 +00:00
Bernardo Damele
2a01de3f0b
Minor bug fix to correctly dump table entries when the column is provided
2008-11-04 19:54:44 +00:00
Bernardo Damele
be599d5a33
Updated documentation and minor fix in update functionality
2008-11-04 16:33:13 +00:00
Bernardo Damele
359b28bbaf
Updated documentation
2008-11-04 16:09:12 +00:00
Bernardo Damele
278f0aad7c
Documentation updated
2008-11-03 01:23:55 +00:00
Bernardo Damele
95d2a0fcd1
Updated documentation
2008-11-02 22:25:48 +00:00
Bernardo Damele
04474e3232
Updated ChangeLog
2008-11-02 22:20:02 +00:00
Bernardo Damele
de980ae79f
Updated site and doc to 0.6.2
2008-11-02 20:23:06 +00:00
Bernardo Damele
3d81f60962
Updated documentation
2008-11-02 19:29:50 +00:00
Bernardo Damele
09ca578ca1
Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option;
2008-11-02 18:17:12 +00:00
Bernardo Damele
7ad9639ed0
Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3
2008-10-29 15:32:12 +00:00
Bernardo Damele
a19229cbd8
Updated documentation
2008-10-29 11:42:04 +00:00
Bernardo Damele
5e47518983
Minor layout fix
2008-10-28 00:09:03 +00:00
Bernardo Damele
4eef34c532
Updated documentation
2008-10-28 00:08:00 +00:00
Bernardo Damele
5d5bfaf3db
Updated changelog
2008-10-26 20:07:22 +00:00
Bernardo Damele
56383cfaad
Updated documentation and removed svn:keyword
2008-10-26 19:12:17 +00:00
Bernardo Damele
fcc16b2346
Updated site, documentation (dev and user) and packaging scripts for 0.6.1
2008-10-20 13:43:18 +00:00
Bernardo Damele
fe6e29fbf6
Minor updates to the user's manual, need still to write on new enhancements
2008-10-17 15:50:36 +00:00
Bernardo Damele
016118ce7a
Some more fixes and adjustments before 0.6.1 release.
2008-10-17 15:26:43 +00:00
Bernardo Damele
66136b48c0
Minor fixes.. should work also for Cookie now the % parsing
2008-10-17 11:51:12 +00:00
Bernardo Damele
41f8acf0fd
Updated documentation
2008-10-16 15:41:26 +00:00
Bernardo Damele
e5aa557bd4
Minor fix
2008-10-16 15:39:25 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00