Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							915d3441e9 
							
						 
					 
					
						
						
							
							some code refactoring  
						
						
						
					 
					
						2010-04-16 19:57:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							938a3ab0b9 
							
						 
					 
					
						
						
							
							fix for Bug  #183  (--threads dot output)  
						
						
						
					 
					
						2010-04-16 13:40:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1ab78ce60e 
							
						 
					 
					
						
						
							
							Added support to directly connect also to SQLite 2 db file  
						
						
						
					 
					
						2010-04-13 22:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fee062781f 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2010-04-13 11:13:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da1ea48947 
							
						 
					 
					
						
						
							
							added some nagging for connection details  
						
						
						
					 
					
						2010-04-13 11:00:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fcceceed45 
							
						 
					 
					
						
						
							
							fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version  
						
						
						
					 
					
						2010-04-09 10:40:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cad8f61d55 
							
						 
					 
					
						
						
							
							Force pymssql to version >= 1.0.2  
						
						
						
					 
					
						2010-03-31 15:31:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fdebb5d5b 
							
						 
					 
					
						
						
							
							Added support to directly connect also to Microsoft SQL Server database.  
						
						... 
						
						
						
						Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods. 
						
					 
					
						2010-03-31 10:50:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ae3455a0c2 
							
						 
					 
					
						
						
							
							more update  
						
						
						
					 
					
						2010-03-30 11:28:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							738c210075 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-03-30 11:21:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							87d8c6719e 
							
						 
					 
					
						
						
							
							updates, fixes and stuff  
						
						
						
					 
					
						2010-03-30 11:06:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a0290a257b 
							
						 
					 
					
						
						
							
							Added support to connect directly also to Oracle - see  #158  
						
						
						
					 
					
						2010-03-27 21:50:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1416cd0d86 
							
						 
					 
					
						
						
							
							Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see  #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).  
						
						... 
						
						
						
						Minor layout adjustments. 
						
					 
					
						2010-03-26 23:23:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8bab94de64 
							
						 
					 
					
						
						
							
							added two new functions: isBase64EncodedString and isHexEncodedString for Feature  #71  
						
						
						
					 
					
						2010-03-26 17:18:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f9a135e232 
							
						 
					 
					
						
						
							
							Minor bug fix and layout adjustment regarding --threading and standard output  
						
						
						
					 
					
						2010-03-22 17:38:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d00e4a458a 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2010-03-21 00:39:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0d559d14df 
							
						 
					 
					
						
						
							
							Initial support for SQLite (90% approx).  
						
						... 
						
						
						
						Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments. 
						
					 
					
						2010-03-18 17:20:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3b3353e05b 
							
						 
					 
					
						
						
							
							Revert last commit  
						
						
						
					 
					
						2010-03-16 13:56:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1dfe558d3d 
							
						 
					 
					
						
						
							
							Fix for Issue  #177  
						
						
						
					 
					
						2010-03-16 13:11:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5063401130 
							
						 
					 
					
						
						
							
							Minor bug fix,  fixes   #170  
						
						
						
					 
					
						2010-03-15 11:00:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b544405878 
							
						 
					 
					
						
						
							
							fixed some issue involving banner parsing  
						
						
						
					 
					
						2010-03-04 09:15:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a654a426ef 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2010-03-03 16:19:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							156fdd96ef 
							
						 
					 
					
						
						
							
							Updated copyright  
						
						
						
					 
					
						2010-03-03 15:26:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							694356821d 
							
						 
					 
					
						
						
							
							sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious  
						
						
						
					 
					
						2010-02-26 13:13:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8c68d25b39 
							
						 
					 
					
						
						
							
							Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all  
						
						
						
					 
					
						2010-02-26 12:00:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							98496fd173 
							
						 
					 
					
						
						
							
							Show also site in the banner  
						
						
						
					 
					
						2010-02-25 17:37:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							404927d04a 
							
						 
					 
					
						
						
							
							Adjusted banner, increased release candidate to rc7  
						
						
						
					 
					
						2010-02-25 17:34:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d95a8850c8 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-02-25 16:38:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0913d700a8 
							
						 
					 
					
						
						
							
							important update regarding default directories  
						
						
						
					 
					
						2010-02-25 15:22:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a10adcfe08 
							
						 
					 
					
						
						
							
							Minor code cleanup  
						
						
						
					 
					
						2010-02-25 15:16:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3721451cd6 
							
						 
					 
					
						
						
							
							default dirs update  
						
						
						
					 
					
						2010-02-25 14:51:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c014c0fd0 
							
						 
					 
					
						
						
							
							minor change  
						
						
						
					 
					
						2010-02-20 23:11:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cef248a5ea 
							
						 
					 
					
						
						
							
							update for that invalid target url Otavio Augusto reported  
						
						
						
					 
					
						2010-02-10 12:06:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00a23ace9a 
							
						 
					 
					
						
						
							
							some changes regarding web takeover  
						
						
						
					 
					
						2010-02-09 14:27:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec63fc4036 
							
						 
					 
					
						
						
							
							code refactoring - added functions posixToNtSlashes and ntToPosixSlashes  
						
						
						
					 
					
						2010-02-04 14:37:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4699f389d 
							
						 
					 
					
						
						
							
							some bug fixes regarding --os-shell usage against windows servers  
						
						
						
					 
					
						2010-02-04 09:49:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ea045eaa2f 
							
						 
					 
					
						
						
							
							fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)  
						
						... 
						
						
						
						also, fixed some issues with Windows paths 
						
					 
					
						2010-02-03 16:40:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							494e014a4a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-02-03 16:04:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							894b9f0f80 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-02-03 15:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25f1a9c7d0 
							
						 
					 
					
						
						
							
							upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)  
						
						
						
					 
					
						2010-02-03 15:06:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c74b920f54 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-02-03 14:49:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92817159dc 
							
						 
					 
					
						
						
							
							cloaked upx for windows (used mkstemp because of execution and file access rights problem)  
						
						
						
					 
					
						2010-01-29 10:12:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6f5d2ed171 
							
						 
					 
					
						
						
							
							Minor cosmetic adjustments  
						
						
						
					 
					
						2010-01-28 17:07:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							732ed48e2b 
							
						 
					 
					
						
						
							
							some refactoring regarding decloaking  
						
						
						
					 
					
						2010-01-28 16:50:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							645afee359 
							
						 
					 
					
						
						
							
							some changes  
						
						
						
					 
					
						2010-01-28 00:25:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4d8234875 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-01-24 14:23:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							98205cc488 
							
						 
					 
					
						
						
							
							another fix for Bug  #148  
						
						
						
					 
					
						2010-01-23 23:29:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4ce3abc56d 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2010-01-15 17:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f171340f5 
							
						 
					 
					
						
						
							
							introduced safe string formatting  
						
						
						
					 
					
						2010-01-15 16:06:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dcf0b2a3c1 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-01-15 11:45:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5c422efb4 
							
						 
					 
					
						
						
							
							updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before  
						
						
						
					 
					
						2010-01-15 11:44:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6a62a78b0a 
							
						 
					 
					
						
						
							
							More generic  
						
						
						
					 
					
						2010-01-08 23:50:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							80df1fdcf9 
							
						 
					 
					
						
						
							
							Minor bug fix with --sql-query/shell when providing a statement with DISTINCT  
						
						
						
					 
					
						2010-01-05 16:15:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							954a927cee 
							
						 
					 
					
						
						
							
							Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12  
						
						
						
					 
					
						2010-01-05 11:43:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71547a3496 
							
						 
					 
					
						
						
							
							getDocRoot changes  
						
						
						
					 
					
						2010-01-05 11:30:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ce022a3b6e 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.  
						
						
						
					 
					
						2010-01-02 02:02:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e081cdc6 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.  
						
						
						
					 
					
						2009-12-17 22:04:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89c43893d4 
							
						 
					 
					
						
						
							
							Merged back from personal branch to trunk (svn merge -r846:940 ...)  
						
						... 
						
						
						
						Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring. 
						
					 
					
						2009-09-25 23:03:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b4fd71e8b9 
							
						 
					 
					
						
						
							
							Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.  
						
						
						
					 
					
						2009-07-20 14:36:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cb3d2bac16 
							
						 
					 
					
						
						
							
							Minor improvement so that sqlmap tests also all parameters with no value (ig. par=).  
						
						
						
					 
					
						2009-07-09 11:25:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							516fdb9356 
							
						 
					 
					
						
						
							
							Avoid to upload the web backdoor to unexisting empty-name directory  
						
						
						
					 
					
						2009-07-09 11:11:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							150abc0f1e 
							
						 
					 
					
						
						
							
							sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.  
						
						
						
					 
					
						2009-06-11 15:01:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							45dff4a00a 
							
						 
					 
					
						
						
							
							Added new function to search a file within the PATH environment variable paths:  
						
						... 
						
						
						
						it will be used when sqlmap will be packaged as DEB and RPM 
						
					 
					
						2009-05-12 20:24:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							57b8bb4c8e 
							
						 
					 
					
						
						
							
							Minor syntax adjustment for web backdoor functionality  
						
						
						
					 
					
						2009-04-28 21:51:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d7de719b9 
							
						 
					 
					
						
						
							
							Almost done with web backdoor functionality  
						
						
						
					 
					
						2009-04-28 11:05:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16b4530bbe 
							
						 
					 
					
						
						
							
							Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).  
						
						... 
						
						
						
						Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS. 
						
					 
					
						2009-04-27 23:05:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aefa7ef988 
							
						 
					 
					
						
						
							
							Avoid libmagic traceback on Windows.  
						
						... 
						
						
						
						WARNING: this release is a candidate, it only works on Linux/Unices for the moment! 
						
					 
					
						2009-04-22 12:44:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8c0ac767f4 
							
						 
					 
					
						
						
							
							Updated to sqlmap 0.7 release candidate 1  
						
						
						
					 
					
						2009-04-22 11:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6054090191 
							
						 
					 
					
						
						
							
							sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.  
						
						
						
					 
					
						2009-01-28 14:53:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bc448211c5 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2009-01-13 23:15:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5560f0b68a 
							
						 
					 
					
						
						
							
							Updated the copyright  
						
						
						
					 
					
						2009-01-12 21:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad228e6947 
							
						 
					 
					
						
						
							
							Ahead with the improvements to the comparison algorithm.  
						
						... 
						
						
						
						Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments. 
						
					 
					
						2008-12-19 20:09:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c32ef9d751 
							
						 
					 
					
						
						
							
							Major bug fix to avoid tracebacks when multiple targets are specified and one  
						
						... 
						
						
						
						of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided. 
						
					 
					
						2008-12-18 20:38:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							072eb7154c 
							
						 
					 
					
						
						
							
							Major enhancement to support Partial UNION query SQL injection technique too.  
						
						... 
						
						
						
						Minor code cleanup. 
						
					 
					
						2008-12-10 17:23:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a777f1ca35 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2008-12-01 23:27:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e548eb2ec 
							
						 
					 
					
						
						
							
							Completed support to get the list of targets from WebScarab/Burp proxies  
						
						... 
						
						
						
						log file and updated the documentation 
						
					 
					
						2008-11-27 22:33:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dc1f2deb74 
							
						 
					 
					
						
						
							
							Minor bug fix to correctly enumerate columns on Microsoft SQL Server.  
						
						... 
						
						
						
						Minor adjustments to XML signatures.
Updated documentation. 
						
					 
					
						2008-11-25 11:33:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9be844cf3e 
							
						 
					 
					
						
						
							
							Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.  
						
						
						
					 
					
						2008-11-20 17:56:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							736b2e7323 
							
						 
					 
					
						
						
							
							Minor adjustments to the operating system fingerprint.  
						
						
						
					 
					
						2008-11-19 00:36:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							727664aea7 
							
						 
					 
					
						
						
							
							Minor enhancement to fingerprint the web server operating system and  
						
						... 
						
						
						
						the web application technology by parsing also HTTP response Server
header.
Refactor libraries and plugins that parses XML to fingerprint and show
on standard output the information.
Updated changelog. 
						
					 
					
						2008-11-18 17:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d0724843f 
							
						 
					 
					
						
						
							
							Major enhancement to the engine to parse XML files and matches on DBMS banner  
						
						... 
						
						
						
						and HTTP response headers.
Initial web application technology fingerprint (for the moment based only on
X-Powered-By HTTP response header and not shown yet to the user).
Minor layout adjustments. 
						
					 
					
						2008-11-17 17:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							654aecedfe 
							
						 
					 
					
						
						
							
							Minor layout adjustments, minor fixes and updated changelog  
						
						
						
					 
					
						2008-11-17 00:00:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fa0507ab39 
							
						 
					 
					
						
						
							
							Minor enhancement to fingerprint the back-end DBMS operating system (type,  
						
						... 
						
						
						
						version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<-- 
						
					 
					
						2008-11-15 23:41:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9329f8c9c4 
							
						 
					 
					
						
						
							
							Minor enhancement to be able to enumerate table columns and dump table  
						
						... 
						
						
						
						entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments. 
						
					 
					
						2008-11-12 22:53:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							91a47246f8 
							
						 
					 
					
						
						
							
							Minor bug fix to correctly handle --start and --stop  
						
						
						
					 
					
						2008-11-02 14:39:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f90a7cce28 
							
						 
					 
					
						
						
							
							Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie  
						
						
						
					 
					
						2008-10-16 16:31:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a5b2366033 
							
						 
					 
					
						
						
							
							Implemented a better way to deal with % characters in parameters' value. Minor code restyle.  
						
						
						
					 
					
						2008-10-16 15:31:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							892a7b2f8a 
							
						 
					 
					
						
						
							
							propsets..  
						
						
						
					 
					
						2008-10-15 15:56:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e3eb45510 
							
						 
					 
					
						
						
							
							After the storm, a restore..  
						
						
						
					 
					
						2008-10-15 15:38:22 +00:00