Commit Graph

112 Commits

Author SHA1 Message Date
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3 one more thing 2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f more quick fixes 2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2 better way to handle that last commit problem 2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0 added exception handler around block reported by Thierry Zoller 2010-05-04 08:03:48 +00:00
Bernardo Damele
90d9900371 Minor bug fix to consider --start and --stop also in partial UNION query SQL injection 2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Bernardo Damele
5e86087cb1 Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now. 2010-04-15 10:06:38 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00
Miroslav Stampar
6e7be5edb0 another fix 2010-04-06 15:51:36 +00:00
Miroslav Stampar
c303feab17 fix 2010-04-06 15:14:32 +00:00
Miroslav Stampar
e2810003ae more update 2010-04-06 15:12:52 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
bfc12e93c5 ms access returns -1 for True 2010-03-30 11:33:51 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
8e57767c48 Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET 2010-03-23 10:27:39 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
72f3674844 Minor bug fix 2010-03-18 17:36:58 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx).
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
466df89c4a Fixes #178 and #179 - proper handling of custom redirects 2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b Revert last commit 2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d Fix for Issue #177 2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2 Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g) 2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414 Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 14:24:43 +00:00
Miroslav Stampar
91dd609e26 fixed threading bug (difflib :) 2010-03-10 14:14:27 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
a0f5c3d885 minor update 2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20 minor code refactoring 2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04 one more fix regarding localhost/global proxy issue 2010-02-25 13:30:22 +00:00
Miroslav Stampar
542b01993e minor fix regarding exception handling of multi-part post handler 2010-02-09 14:02:47 +00:00
Miroslav Stampar
a6674edf8a regular expressions revisited 2010-02-09 13:01:08 +00:00
Miroslav Stampar
ec63fc4036 code refactoring - added functions posixToNtSlashes and ntToPosixSlashes 2010-02-04 14:37:00 +00:00
Miroslav Stampar
e4699f389d some bug fixes regarding --os-shell usage against windows servers 2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
7c88e32f9d bug fix for 404 program termination during shell upload attempt 2010-02-03 16:16:34 +00:00
Miroslav Stampar
8b0d31a6b7 fix for cases where both posix and nt path versions of windows paths are in parsed web page 2010-02-03 15:34:20 +00:00
Miroslav Stampar
25f1a9c7d0 upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this) 2010-02-03 15:06:41 +00:00
Miroslav Stampar
98205cc488 another fix for Bug #148 2010-01-23 23:29:34 +00:00
Miroslav Stampar
39652bfbf4 update regarding Unicode char logging (Bug #148) 2010-01-23 15:36:55 +00:00
Bernardo Damele
574880ba73 Warn user of HTTP error codes in HTTP responses 2010-01-19 10:27:54 +00:00
Bernardo Damele
c18a5cb92f Fixed a minor bug when displaying requested page in -v >= 3 2010-01-16 21:47:52 +00:00
Miroslav Stampar
f5c422efb4 updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before 2010-01-15 11:44:05 +00:00
Bernardo Damele
505647b00f Minor bug fix to --cookie-urlencode 2010-01-15 11:24:30 +00:00
Miroslav Stampar
26c7b74e65 changes regarding Data (GET/POST/Cookie) encoding (Bug #129) 2010-01-14 18:05:03 +00:00
Miroslav Stampar
d07f60578c implementation of Feature #17 2010-01-07 12:59:09 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00