Bernardo Damele
12f371cd65
Minor bug fix and improvement in displaying of enumerated columns in --dump -C
2010-01-09 21:37:44 +00:00
Bernardo Damele
dc04fa7f06
Minor layout adjustments
2010-01-09 21:08:47 +00:00
Miroslav Stampar
d58ba7ee6d
added --scope feature regarding Feature #105
2010-01-09 20:44:50 +00:00
Bernardo Damele
f316e722c1
sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns.
...
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
2010-01-09 00:05:00 +00:00
Bernardo Damele
6a62a78b0a
More generic
2010-01-08 23:50:06 +00:00
Bernardo Damele
067cc07fb9
Make 'field' parameter in limitQuery() method to be option
2010-01-08 23:23:15 +00:00
Miroslav Stampar
82222fcd3a
minor update of help text
2010-01-07 13:09:14 +00:00
Miroslav Stampar
d07f60578c
implementation of Feature #17
2010-01-07 12:59:09 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00
Bernardo Damele
954a927cee
Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12
2010-01-05 11:43:16 +00:00
Miroslav Stampar
71547a3496
getDocRoot changes
2010-01-05 11:30:33 +00:00
Bernardo Damele
bb61010a45
Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling.
2010-01-04 15:02:56 +00:00
Miroslav Stampar
d71e47ce56
fix regarding dirnames in Feature #110
2010-01-04 12:39:07 +00:00
Miroslav Stampar
96a033b51d
found and fixed few bugs regarding my "fix" of Bug #110
2010-01-03 15:56:29 +00:00
Bernardo Damele
d5b1863dec
Updated documentation and svn properties
2010-01-02 02:07:28 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
d55175a340
Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection.
2010-01-02 01:35:13 +00:00
Bernardo Damele
9c620da0a5
Minor fix
2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9
Minor bug fix
2009-12-21 11:21:18 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
b363f1c5ab
Added support for NTLM authentication
2009-12-02 22:54:39 +00:00
Bernardo Damele
e28b98a366
Minor layout adjustments
2009-12-02 22:52:17 +00:00
Bernardo Damele
4779a5fe0f
Minor layout adjustment
2009-11-16 16:39:31 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
19c6804ded
Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks!
2009-07-29 10:44:24 +00:00
Bernardo Damele
d905e5ef9f
Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server
2009-07-25 11:45:23 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16
Minor improvement so that sqlmap tests also all parameters with no value (ig. par=).
2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356
Avoid to upload the web backdoor to unexisting empty-name directory
2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00
Bernardo Damele
4b622ed860
Minor bug fix.
...
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02
Added support for reflective meterpreter by default when the target OS
...
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
3b9303186e
Fixed minor bug with --eta
2009-06-24 13:44:14 +00:00
Bernardo Damele
e5a01d500e
Minor bug fix in --update option, updated also Microsoft XML versions file
2009-06-16 15:12:02 +00:00
Bernardo Damele
03a6739fbf
Minor layout adjustments
2009-06-11 15:34:31 +00:00
Bernardo Damele
150abc0f1e
sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.
2009-06-11 15:01:48 +00:00
Bernardo Damele
3bca0d4b28
Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance.
2009-06-05 10:15:55 +00:00
Bernardo Damele
5ac2b0658c
Fixed regular expression to parse burp log file hosts' scheme/port
2009-06-04 14:42:53 +00:00
Bernardo Damele
cfd8a83655
Minor adjustment to get also the port when parsing burp logs
2009-06-04 14:36:31 +00:00
Bernardo Damele
966f34f381
Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions
2009-06-03 15:26:18 +00:00
Bernardo Damele
c7b72abc0e
Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls
2009-06-03 15:04:40 +00:00
Bernardo Damele
93ee4a01e5
HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+
2009-05-20 14:27:25 +00:00
Bernardo Damele
81d1a767ac
Minor bug fix in output manager (dumper) object
2009-05-20 13:56:23 +00:00
Bernardo Damele
8e7282f7c7
Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6.
2009-05-20 13:51:25 +00:00
Bernardo Damele
13de8366d0
Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting!
2009-05-20 09:34:13 +00:00
Bernardo Damele
ef3846e0de
Minor fix in Host header value by Oliver Gruskovnjak
2009-05-19 14:40:04 +00:00
Bernardo Damele
45dff4a00a
Added new function to search a file within the PATH environment variable paths:
...
it will be used when sqlmap will be packaged as DEB and RPM
2009-05-12 20:24:47 +00:00
Bernardo Damele
b463205544
Minor fixes for MacOSX
2009-05-12 20:24:00 +00:00
Bernardo Damele
06cc2a6d70
Minor bug fixes and code refactoring
2009-05-11 15:37:48 +00:00