Bernardo Damele
|
d2bd275652
|
refactoring
|
2012-12-17 14:07:28 +00:00 |
|
Bernardo Damele
|
3c1cead406
|
WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now
|
2012-12-17 14:06:12 +00:00 |
|
Bernardo Damele
|
eb44f30d63
|
minor layout output fix
|
2012-12-17 13:51:46 +00:00 |
|
Miroslav Stampar
|
cb13735788
|
Fix for an Issue #294
|
2012-12-11 12:14:33 +01:00 |
|
Miroslav Stampar
|
9e38ccbc3d
|
Removing unused imports
|
2012-12-10 17:47:42 +01:00 |
|
Miroslav Stampar
|
ed1b5d0ada
|
Minor fix
|
2012-12-07 10:57:57 +01:00 |
|
Miroslav Stampar
|
b5c8707323
|
Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL
|
2012-12-06 15:55:33 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
0f191f624c
|
Taking some goodies from Pull request #284
|
2012-12-06 10:21:53 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
d4b5133df7
|
Update for an Issue #272
|
2012-12-04 17:04:32 +01:00 |
|
Miroslav Stampar
|
b250b68231
|
Bug fix (--users was returning only 1 value because of this bug; probably introduced by mistake months ago)
|
2012-11-29 12:02:59 +01:00 |
|
Miroslav Stampar
|
ed40f18796
|
Minor fix
|
2012-11-26 14:59:44 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
a435ba6863
|
Minor fix
|
2012-10-28 00:19:00 +02:00 |
|
Miroslav Stampar
|
0aeb9dbe8b
|
Bug fix (in --dump mode if error/inband failed with None other techniques were ignored)
|
2012-10-27 23:42:52 +02:00 |
|
Miroslav Stampar
|
06805b27f2
|
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
|
2012-10-27 23:16:25 +02:00 |
|
Miroslav Stampar
|
ba55bed008
|
More general approach for PostgreSQL concatenation operator precedence problem (Issue #219)
|
2012-10-25 10:41:16 +02:00 |
|
Miroslav Stampar
|
54fbb22ab8
|
Minor refactoring
|
2012-10-25 09:56:36 +02:00 |
|
Miroslav Stampar
|
c2058dfc8f
|
Fix for an Issue #220
|
2012-10-25 09:42:43 +02:00 |
|
Miroslav Stampar
|
b7429dc6bb
|
Minor fix for an Issue #219
|
2012-10-25 00:15:59 +02:00 |
|
Miroslav Stampar
|
c0f57f4e90
|
Minor fix for an Issue #217
|
2012-10-24 23:43:28 +02:00 |
|
Miroslav Stampar
|
344ef9af7d
|
Language fix (in lots of cases wrong statement 'unable to retrieve columns for any table in database' was reported)
|
2012-10-24 23:38:35 +02:00 |
|
Miroslav Stampar
|
5477c9f7ba
|
Fix for an Issue #216
|
2012-10-24 22:59:46 +02:00 |
|
Miroslav Stampar
|
6e2fce66aa
|
Patch for an Issue #212
|
2012-10-23 15:34:59 +02:00 |
|
Miroslav Stampar
|
f25f5c9eeb
|
Minor fix
|
2012-10-23 10:33:30 +02:00 |
|
Miroslav Stampar
|
3f596cda85
|
Minor fix for --dump --technique=B when empty strings are returned
|
2012-10-22 11:49:23 +02:00 |
|
Miroslav Stampar
|
fb1497aa89
|
Minor update for Issue #209
|
2012-10-21 18:53:31 +02:00 |
|
Miroslav Stampar
|
ebe3f4c34c
|
Minor fix
|
2012-10-15 18:51:42 +02:00 |
|
Miroslav Stampar
|
91ea8e52b7
|
Minor patch for an Issue #201
|
2012-10-15 18:01:52 +02:00 |
|
Miroslav Stampar
|
e440b096c5
|
Fix for an Issue #202
|
2012-10-15 12:24:30 +02:00 |
|
Miroslav Stampar
|
ed2d163269
|
Fix for an Issue #201
|
2012-10-14 17:53:55 +02:00 |
|
Miroslav Stampar
|
f71b937add
|
Minor language cleanup
|
2012-10-04 18:28:36 +02:00 |
|
Miroslav Stampar
|
75990b715d
|
Fix for an Issue #184
|
2012-09-13 10:20:24 +02:00 |
|
Miroslav Stampar
|
959225af55
|
Minor fix
|
2012-09-10 19:28:15 +02:00 |
|
Miroslav Stampar
|
5c21395fe2
|
Minor update for an Issue #179
|
2012-09-10 19:26:51 +02:00 |
|
Miroslav Stampar
|
1f49e4ae36
|
Fix for an Issue #179
|
2012-09-10 19:23:24 +02:00 |
|
Miroslav Stampar
|
9a631331a5
|
Fix for an Issue #177
|
2012-09-08 20:22:13 +02:00 |
|
Miroslav Stampar
|
f26ea04e38
|
Fix for an Issue #175
|
2012-09-07 17:06:38 +02:00 |
|
Miroslav Stampar
|
1bcf5a6b88
|
Some more dict refactorings
|
2012-08-21 11:30:01 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
4649450603
|
Fix for an Issue #137
|
2012-08-16 22:20:24 +02:00 |
|
Miroslav Stampar
|
74ee0ce78a
|
Fix for an Issue #148
|
2012-08-14 23:25:12 +02:00 |
|
Miroslav Stampar
|
b78163f99b
|
Update for Issue #138
|
2012-08-08 19:06:47 +02:00 |
|
Miroslav Stampar
|
20a66567a3
|
Minor refactoring
|
2012-07-30 10:06:14 +02:00 |
|
Miroslav Stampar
|
ffc520b35f
|
Minor refactoring
|
2012-07-24 14:35:56 +02:00 |
|
Miroslav Stampar
|
95e0d46e3e
|
Fix for an Issue #110
|
2012-07-21 09:15:54 +02:00 |
|
Bernardo Damele
|
34e77a8801
|
ported fix for issue #81 also to blind techniques
|
2012-07-21 00:20:32 +01:00 |
|
Bernardo Damele
|
3e21f3d07a
|
fixed --search -C too on MSSQL - issue #81
|
2012-07-21 00:08:40 +01:00 |
|
Bernardo Damele
|
60242f92c5
|
made --search -D on MSSQL consistent with other DBMSes - issue #81
|
2012-07-20 23:37:56 +01:00 |
|
Bernardo Damele
|
7f10b01265
|
same fix as previous commit for blind techniques
|
2012-07-20 22:35:20 +01:00 |
|
Bernardo Damele
|
b54ae107cc
|
major bug fix in --search with multiple -C provided
|
2012-07-20 22:29:48 +01:00 |
|
Bernardo Damele
|
45177cf93d
|
minor restyling
|
2012-07-20 22:29:30 +01:00 |
|
Bernardo Damele
|
16668e1b8d
|
leftover debug message
|
2012-07-20 21:48:29 +01:00 |
|
Bernardo Damele
|
b0ab837832
|
minor code refactoring and implemented issue #95
|
2012-07-20 21:46:36 +01:00 |
|
Bernardo Damele
|
9cb1c4c0d9
|
plugin refactoring - issue #22
|
2012-07-20 19:17:35 +01:00 |
|
Bernardo Damele
|
86df6037e3
|
reverted previous ugly hack for issue #110, perhaps a better fix is possible
|
2012-07-20 16:01:04 +01:00 |
|
Bernardo Damele
|
1928d5464d
|
fixes issue #97
|
2012-07-20 15:56:14 +01:00 |
|
Bernardo Damele
|
52431402dd
|
minor fix to avoid cleanup() if web backdoor upload failed
|
2012-07-16 17:58:30 +01:00 |
|
Miroslav Stampar
|
c1a14257a4
|
Removing --disable... switches and making changes in default choice(s) for respectable sections
|
2012-07-16 11:31:51 +02:00 |
|
Bernardo Damele
|
bb8cd788e1
|
minor fix
|
2012-07-16 09:56:41 +01:00 |
|
Miroslav Stampar
|
3f4186ce2c
|
Removing duplicate user password hashes
|
2012-07-14 10:57:46 +02:00 |
|
Miroslav Stampar
|
6677da63cd
|
Fix for an Issue #88
|
2012-07-13 14:25:39 +02:00 |
|
Miroslav Stampar
|
3c81f74823
|
Minor style update
|
2012-07-13 12:22:37 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
cba2a26b68
|
Finishing Issue #75 (inference dumping)
|
2012-07-12 14:46:57 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Miroslav Stampar
|
3fd5119f3f
|
Redesigning for Issue #75
|
2012-07-12 13:42:22 +02:00 |
|
Bernardo Damele
|
fed178646a
|
minor refactoring
|
2012-07-12 01:48:07 +01:00 |
|
Bernardo Damele
|
01474f6272
|
proper debug message added - issue #75
|
2012-07-12 01:19:36 +01:00 |
|
Bernardo Damele
|
ee3aeb8dcf
|
actual implementation of issue #75, still some work to do
|
2012-07-12 01:16:00 +01:00 |
|
Bernardo Damele
|
caeddf6822
|
avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file
|
2012-07-12 00:17:07 +01:00 |
|
Bernardo Damele
|
66d854c7d8
|
leftover space
|
2012-07-12 00:04:56 +01:00 |
|
Bernardo Damele
|
53c0336b48
|
added --hostname switch to retrieve DBMS server hostname - closes issue #69
|
2012-07-12 00:01:57 +01:00 |
|
Bernardo Damele
|
6f6cd676b7
|
clean up the file system from sqlmap created web files
|
2012-07-11 14:07:20 +01:00 |
|
Bernardo Damele
|
0c5f259481
|
var renaming
|
2012-07-11 13:39:33 +01:00 |
|
Miroslav Stampar
|
9c4a62f725
|
Some work on Issue #68
|
2012-07-11 11:58:47 +02:00 |
|
Miroslav Stampar
|
8caffac4bc
|
conf.unescape->kb.unescape
|
2012-07-10 10:55:04 +02:00 |
|
Bernardo Damele
|
4656d23d82
|
increased verbosity level of some messages and removed a leftover
|
2012-07-10 01:43:19 +01:00 |
|
Bernardo Damele
|
00b7411a87
|
more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok
|
2012-07-10 01:39:03 +01:00 |
|
Bernardo Damele
|
2527554f8e
|
more work on #33
|
2012-07-10 00:53:07 +01:00 |
|
Bernardo Damele
|
c4af7b9aa0
|
initial work for issue #33
|
2012-07-10 00:27:08 +01:00 |
|
Bernardo Damele
|
25eca9d671
|
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
|
2012-07-09 14:26:23 +01:00 |
|
Miroslav Stampar
|
86c27cc4f2
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2012-07-06 17:28:13 +02:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
Bernardo Damele
|
e673033ac1
|
minor layout adjustment
|
2012-07-06 15:26:45 +01:00 |
|
Bernardo Damele
|
fb7fe552b7
|
proper naming
|
2012-07-06 15:13:50 +01:00 |
|
Miroslav Stampar
|
6a05e3fd79
|
Fix for Issue #61
|
2012-07-06 14:24:44 +02:00 |
|
Miroslav Stampar
|
27fdccc858
|
Update for Issue #55 (falling back to SELECT DB_NAME(N))
|
2012-07-03 20:15:17 +02:00 |
|
Bernardo Damele
|
ab412da27f
|
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
|
2012-07-01 23:25:05 +01:00 |
|
Miroslav Stampar
|
e51d3a02f1
|
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
|
2012-06-28 18:53:47 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
303aa10507
|
only a small update
|
2012-06-27 14:43:18 +02:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
d5e80089ff
|
minor summer cleanup
|
2012-06-14 13:44:16 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
96177393e1
|
minor update regarding --exact switch
|
2012-06-10 13:38:12 +00:00 |
|
Miroslav Stampar
|
10b0639a96
|
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
|
2012-06-04 09:24:46 +00:00 |
|
Miroslav Stampar
|
3f6bc1f3c2
|
minor fix
|
2012-05-24 18:05:33 +00:00 |
|
Miroslav Stampar
|
1e18168cc8
|
fix for one silent bug and small language update
|
2012-05-23 16:35:40 +00:00 |
|
Miroslav Stampar
|
0e8d8577a7
|
adding a DB2 patch from smcintyre@securestate.com
|
2012-05-21 08:26:19 +00:00 |
|
Miroslav Stampar
|
079e0e1434
|
minor bug fix
|
2012-05-18 08:51:50 +00:00 |
|
Miroslav Stampar
|
96299d3d5d
|
minor refactoring
|
2012-05-03 22:34:18 +00:00 |
|
Miroslav Stampar
|
8013a64f8c
|
minor refactoring
|
2012-05-01 19:57:30 +00:00 |
|
Miroslav Stampar
|
c71d435d9f
|
making "id"-like columns prioritized for ORDER BY in MySQL
|
2012-05-01 19:52:02 +00:00 |
|
Miroslav Stampar
|
458a73c9b4
|
few consistency fixes
|
2012-04-29 23:09:00 +00:00 |
|
Miroslav Stampar
|
c7a606637f
|
switching few readInput defaults for brute forcing when no table/column found
|
2012-04-27 12:59:22 +00:00 |
|
Bernardo Damele
|
4da03d898e
|
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
|
2012-04-25 07:40:42 +00:00 |
|
Bernardo Damele
|
6116853025
|
Minor layout adjustments
|
2012-04-24 17:01:24 +00:00 |
|
Bernardo Damele
|
072e08836f
|
Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE
|
2012-04-19 14:05:45 +00:00 |
|
Miroslav Stampar
|
5e358b51f9
|
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
|
2012-04-04 09:25:05 +00:00 |
|
Miroslav Stampar
|
b0787f193c
|
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
|
2012-04-03 14:34:15 +00:00 |
|
Miroslav Stampar
|
886aa22efc
|
minor update
|
2012-04-03 12:19:37 +00:00 |
|
Miroslav Stampar
|
f7a664b120
|
enablind DNS server for DNS data exfiltration
|
2012-03-31 12:08:27 +00:00 |
|
Miroslav Stampar
|
645fc8a21c
|
minor refactoring
|
2012-03-27 08:31:48 +00:00 |
|
Miroslav Stampar
|
72c5b034bf
|
minor update
|
2012-03-19 11:50:38 +00:00 |
|
Miroslav Stampar
|
cb8caf7e0f
|
i am not very bright today :)
|
2012-03-19 11:23:23 +00:00 |
|
Miroslav Stampar
|
d5915e5d44
|
one other fix
|
2012-03-19 11:19:26 +00:00 |
|
Miroslav Stampar
|
7abfa2e6d4
|
minor fix
|
2012-03-19 11:18:00 +00:00 |
|
Miroslav Stampar
|
cce5c3c009
|
minor changes for version numbers
|
2012-03-19 11:07:03 +00:00 |
|
Bernardo Damele
|
48e8c978fb
|
Minor fix, way more to do for --search -C for MSSQL
|
2012-03-15 17:55:49 +00:00 |
|
Bernardo Damele
|
0013b0970f
|
Minor layout adjustments - foundDb is misleading at that stage
|
2012-03-15 16:07:16 +00:00 |
|
Miroslav Stampar
|
8cf5d260fd
|
Application Data is not a temporary directory writable by everybody
|
2012-03-14 23:44:29 +00:00 |
|
Bernardo Damele
|
c735d846ee
|
The default temporary directory as to stay as is, do not touch this code snippet anymore please
|
2012-03-14 22:39:46 +00:00 |
|
Miroslav Stampar
|
ca0d068575
|
distinguishing NULL from BLANK
|
2012-03-14 13:52:23 +00:00 |
|
Miroslav Stampar
|
1d0c8a7f44
|
minor update
|
2012-03-12 15:19:02 +00:00 |
|
Bernardo Damele
|
48592f2515
|
minor adjustments
|
2012-03-09 18:34:18 +00:00 |
|
Bernardo Damele
|
be9b103b51
|
minor bug fix
|
2012-03-09 18:02:50 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Bernardo Damele
|
d9e499af9f
|
Set Id property
|
2012-03-09 12:05:21 +00:00 |
|
Bernardo Damele
|
7330dff255
|
Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries
|
2012-03-08 16:57:53 +00:00 |
|
Miroslav Stampar
|
e678219a8c
|
minor update
|
2012-03-08 15:51:30 +00:00 |
|
Bernardo Damele
|
ae87df5670
|
leftover
|
2012-03-08 15:45:33 +00:00 |
|
Bernardo Damele
|
4bc6f3f6c9
|
Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore
|
2012-03-08 15:32:05 +00:00 |
|
Miroslav Stampar
|
68b9d48d0a
|
minor update
|
2012-03-08 15:30:23 +00:00 |
|
Miroslav Stampar
|
2ab80bfb2c
|
minor bug fix
|
2012-03-08 15:24:05 +00:00 |
|
Bernardo Damele
|
c79807f5fb
|
Minor layout adjustments
|
2012-03-08 15:11:24 +00:00 |
|
Miroslav Stampar
|
761ec7529a
|
minor appereance fix
|
2012-03-01 11:52:30 +00:00 |
|
Miroslav Stampar
|
8b9c5c66cc
|
code refactoring regarding charsetType inside inference/bisection
|
2012-02-29 14:36:23 +00:00 |
|
Miroslav Stampar
|
10dd9096f7
|
one more just in case fix for safeSQLIdentificator naming on MSSQL --tables
|
2012-02-29 14:05:53 +00:00 |
|
Miroslav Stampar
|
d06182347f
|
fixing few potential problems
|
2012-02-29 13:56:40 +00:00 |
|
Miroslav Stampar
|
74b19a0386
|
minor update
|
2012-02-25 10:43:10 +00:00 |
|
Miroslav Stampar
|
26b33154ab
|
optimal fix related to the last commit
|
2012-02-24 14:28:41 +00:00 |
|
Miroslav Stampar
|
9d6fd2e507
|
bug fix for --schema --technique=BST
|
2012-02-24 14:12:19 +00:00 |
|
Miroslav Stampar
|
f9d2971474
|
minor just in case fix
|
2012-02-23 16:37:06 +00:00 |
|
Miroslav Stampar
|
6e54cb171f
|
minor code restyling
|
2012-02-22 15:53:36 +00:00 |
|
Miroslav Stampar
|
61a25418a9
|
minor update
|
2012-02-22 10:45:10 +00:00 |
|