| 
							
							
								 Miroslav Stampar | 83d7803ce7 | other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2) | 2011-02-12 20:03:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9f7d666451 | removing --method per request of buawig | 2011-02-12 19:50:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1cd483f42f | one more update | 2011-02-12 10:24:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 25a3a64327 | we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes. | 2011-02-12 10:15:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 521635c84d | quick fix for UA and Referer | 2011-02-11 23:36:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 7253362114 | Minor bug fix so that --file-write on MySQL via UNION query now works again | 2011-02-11 23:35:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 535eb9f3eb | implementation of referer feature | 2011-02-11 23:07:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a6ab24e0b5 | just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed | 2011-02-10 22:47:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5f2fcd1eea | minor adjustment regarding "file" switches | 2011-02-10 19:55:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4295a78c5f | minor update | 2011-02-10 19:51:34 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c078de894f | Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA | 2011-02-10 14:24:04 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 864eade744 | Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase | 2011-02-10 11:14:05 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aa0fb276ba | More fixes for --common-columns to work against MSSQL too | 2011-02-09 17:22:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 917b2b0d6b | one more commit related to the previous one | 2011-02-09 17:07:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c582343fe | .. fix | 2011-02-09 17:05:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d9af01d73d | imporant fix for boolean expression which return [None] | 2011-02-09 16:53:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7d9be18789 | added one comment | 2011-02-09 14:34:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bafc8a1b0f | another update | 2011-02-09 13:29:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 600f729139 | fix for a bug reported by skysbsb@gmail.com (double ORDER BY) | 2011-02-09 12:43:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5b57a69f3e | fix | 2011-02-09 11:20:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3de6117253 | revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) | 2011-02-09 09:53:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 98ca1702ae | los cosmeticado | 2011-02-08 16:30:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 87e36796c6 | just to not cause confusion | 2011-02-08 16:29:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dcb9c93328 | minor cleanup | 2011-02-08 16:27:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 37f7001143 | first commit with mysql/error/substringing | 2011-02-08 16:23:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c3eb82e60b | Proper fix | 2011-02-08 10:08:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dba2f74588 | revert of r3274 | 2011-02-08 09:44:34 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 156d8cd99b | Directory restyling | 2011-02-08 00:15:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | cfe2da0195 | Minor fix | 2011-02-08 00:13:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0a81415f2f | Minor code cleanup | 2011-02-08 00:02:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2c4f6d2e99 | fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too | 2011-02-07 21:53:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a577d0e9a5 | restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) | 2011-02-07 21:18:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 66adf23532 | Unbiased approach for searching appropriate usable column | 2011-02-07 21:00:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f958b21613 | there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) | 2011-02-07 16:55:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 771020abd6 | one more related commit | 2011-02-07 16:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 265e7ca272 | fix for that MSSQL limit/top problem | 2011-02-07 16:24:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 71d1b72e0e | minor adjustment | 2011-02-07 12:51:38 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b33ac19d39 | Minor fix | 2011-02-07 12:36:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 99e9412f74 | minor update | 2011-02-07 12:34:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e023e0d233 | proper fix | 2011-02-07 12:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 39decebe85 | Minor fixes to checking/re-enabling of xp_cmdshell procedure | 2011-02-07 12:17:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c0233dcd4f | preventing crashes for output=[] | 2011-02-07 10:24:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 096efea282 | added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] | 2011-02-07 10:22:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ba3a8a69d4 | More statements to exclude from unescap'ing | 2011-02-07 00:33:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3719f085ae | Added back-end dbms' OS based methods to Backend object - will be used for refactoring | 2011-02-07 00:21:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2e00656235 | Minor fix | 2011-02-07 00:20:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | bf5ca4bd9a | No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') | 2011-02-06 23:30:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 061f56daf9 | More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. | 2011-02-06 23:27:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6a71629575 | Converted from DOS format (\n\r to \n only) | 2011-02-06 23:25:55 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0800d9e49b | Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() | 2011-02-06 22:58:12 +00:00 |  |