98 Commits

Author	SHA1	Message	Date
Miroslav Stampar	83fac3f6d9	fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase)	2011-05-03 21:12:51 +00:00
Miroslav Stampar	e6f010734e	minor fix for cases when the retrieved output is safe encoded (like for --os-shell)	2011-05-03 16:14:03 +00:00
Miroslav Stampar	742b0ef76e	major improvement of ERROR data retrieval on MSSQL	2011-05-03 13:25:20 +00:00
Bernardo Damele	9a4ae7d9e2	More code refactoring of Backend class methods used	2011-04-30 14:54:29 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Miroslav Stampar	f88aa4b165	implemented suppressResumeInfo mechanism (huge slowdown on large tables)	2011-04-22 19:58:10 +00:00
Bernardo Damele	8d8fc2bbd8	cosmetics	2011-04-21 10:17:41 +00:00
Miroslav Stampar	e4d3190f41	reverting back to NVARCHAR because of error technique	2011-04-20 12:59:23 +00:00
Miroslav Stampar	3607f03a9e	fix of a minor typo	2011-04-20 12:42:35 +00:00
Miroslav Stampar	1286cc0913	now showing trimmed output in for of warning message (UNION and ERROR techniques affected)	2011-04-20 12:41:58 +00:00
Miroslav Stampar	3b6f9945ae	minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)	2011-04-15 14:15:29 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Miroslav Stampar	bb99bd2fbe	one more commit related to the issue with displaying of garbled characters	2011-04-14 09:43:36 +00:00
Miroslav Stampar	04986be4b9	update regarding safe character output together with a small fix for newlines	2011-04-14 09:31:45 +00:00
Miroslav Stampar	c193b896be	just in case update to prevent gibberish "retrieved: " outputs	2011-04-12 23:07:50 +00:00
Miroslav Stampar	6fa2fd139c	implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)	2011-04-08 15:17:57 +00:00
Miroslav Stampar	228cc68747	fix for those ugly DEBUG messages in brute mode	2011-04-08 11:02:21 +00:00
Bernardo Damele	8b14a9eaa7	Minor code adjustments	2011-04-06 14:40:45 +00:00
Bernardo Damele	3948cd9e77	Minor layout adjustments	2011-03-31 14:13:53 +00:00
Miroslav Stampar	0f7bce5c66	fixing a huge mess going on because of counting on error and union techniques	2011-03-23 11:36:40 +00:00
Miroslav Stampar	7613134515	it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)	2011-03-22 12:37:05 +00:00
Miroslav Stampar	9479a68eb5	minor fix regarding last commit	2011-03-22 12:21:56 +00:00
Miroslav Stampar	c24ed6e622	minor fix related to a bug reported by warninggp@gmail.com	2011-03-22 09:22:48 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	9b1f2d82d0	minor update (that .strip() was a leftover)	2011-03-20 23:20:47 +00:00
Miroslav Stampar	db992a0a86	mssql likes to htmlescape error reports	2011-03-20 23:16:34 +00:00
Miroslav Stampar	beba69faa9	implementation of request from Santiago (look for error based responses in redirects)	2011-03-17 09:12:28 +00:00
Bernardo Damele	d8a76ebe34	Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs	2011-03-11 16:03:19 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Miroslav Stampar	83d7803ce7	other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)	2011-02-12 20:03:28 +00:00
Miroslav Stampar	3de6117253	revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)	2011-02-09 09:53:59 +00:00
Miroslav Stampar	98ca1702ae	los cosmeticado	2011-02-08 16:30:32 +00:00
Miroslav Stampar	87e36796c6	just to not cause confusion	2011-02-08 16:29:42 +00:00
Miroslav Stampar	dcb9c93328	minor cleanup	2011-02-08 16:27:58 +00:00
Miroslav Stampar	37f7001143	first commit with mysql/error/substringing	2011-02-08 16:23:33 +00:00
Miroslav Stampar	265e7ca272	fix for that MSSQL limit/top problem	2011-02-07 16:24:23 +00:00
Bernardo Damele	061f56daf9	More adjustments related to unescape() and cleanupPayload(). ... Minor code cleanup related to error-based payload.	2011-02-06 23:27:56 +00:00
Bernardo Damele	9eac2339ca		2011-02-06 22:55:26 +00:00
Miroslav Stampar	078a2207cc	few reverts	2011-02-06 22:10:28 +00:00
Miroslav Stampar	b9b2fe0e7c	little cleanup	2011-02-06 21:52:39 +00:00
Miroslav Stampar	acb986ae80	minor refactoring	2011-02-04 17:40:55 +00:00
Bernardo Damele	9b342a4c95	Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. ... Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.	2011-02-01 22:07:42 +00:00
Bernardo Damele	6761933f75	Just.. cosmetics ;)	2011-01-31 22:51:14 +00:00
Bernardo Damele	e3a3ae11cc	Proper return from error-based technique enumeration	2011-01-31 21:13:29 +00:00
Miroslav Stampar	8ef47307db	added checking of header values for GREP (error); still UNION to do	2011-01-31 12:21:17 +00:00
Bernardo Damele	02e5c4b1e6	Minor bug fix for --sql-query/-shell with error-based technique	2011-01-30 14:19:50 +00:00
Miroslav Stampar	367d0639f0	refactoring (class names should always be Capital cased)	2011-01-28 16:36:09 +00:00
Miroslav Stampar	a184a4c772	major of majors bug fix	2011-01-28 14:31:25 +00:00
Bernardo Damele	0f2634c4b0	Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)	2011-01-20 22:01:21 +00:00
Bernardo Damele	bade0e3124	Major code refactoring - centralized all kb.dbms* info for both retrieval and set.	2011-01-19 23:06:15 +00:00