Commit Graph

762 Commits

Author SHA1 Message Date
Miroslav Stampar
fca57da1cf Fix for --tables on HSQLDB 2014-03-07 15:57:41 +01:00
Miroslav Stampar
d05bfdd7dd Implementing option '--where' (Issue #605) 2014-02-11 16:20:45 +01:00
Miroslav Stampar
de8cb15350 Fix for an Issue #601 2014-02-05 15:11:39 +01:00
Miroslav Stampar
ab36e5a2f0 Fix for an Issue #597 2014-01-15 10:29:58 +01:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
6863436d4e Implementation for an Issue #596 2014-01-13 10:05:56 +01:00
Miroslav Stampar
ebccba922b Fix for an Issue #543 2013-10-16 11:25:55 +02:00
Miroslav Stampar
6a3d804af5 Minor update (display NULL instead of FALSE when non-query statement is sqlQueried) 2013-09-02 11:32:32 +02:00
Miroslav Stampar
de31688c4f Update for an Issue #481 2013-07-29 18:25:27 +02:00
stamparm
dbb0d7f700 Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used) 2013-07-19 13:24:35 +02:00
stamparm
e498694928 Fix for a NoneType/--columns issue reported over ML 2013-07-02 15:02:07 +02:00
Bernardo Damele
5882ab59d8 fixed #478 2013-07-01 22:30:59 +01:00
Bernardo Damele
6468211f65 tables and databases names on MSQLDB are capitalized 2013-07-01 11:54:31 +01:00
stamparm
f7d15cb465 Official naming is HSQLDB (and/or HyperSQL) 2013-07-01 11:57:47 +02:00
Meatballs
550693032b Remote whitespace in databases.py 2013-06-24 15:03:08 +01:00
Meatballs
62000c6406 Remaining files 2013-06-24 14:42:58 +01:00
Miroslav Stampar
c2dce66a46 Fix for an user reported bug (tbl can be None) 2013-06-16 12:35:05 +02:00
Miroslav Stampar
540493a69f Fix for empty strings (previously '' was just removed) 2013-06-11 12:56:20 +02:00
Miroslav Stampar
ca53dfad84 Minor fix 2013-06-01 13:44:50 +02:00
stamparm
1c2197e8de Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends) 2013-04-15 16:18:40 +02:00
stamparm
f936746423 Code restyling 2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6 Update for an Issue #361 2013-04-15 14:20:21 +02:00
stamparm
3e65037a05 Introducing lib/utils/sqlalchemy.py (Issue #361) 2013-04-15 10:33:25 +02:00
Bernardo Damele
34ce8742f1 removed leftover 2013-02-26 10:12:18 +00:00
Miroslav Stampar
f817105db3 Minor bug fix 2013-02-18 14:40:39 +01:00
Miroslav Stampar
046f347f5d Minor fix 2013-02-15 17:36:58 +01:00
Miroslav Stampar
834ae6aac0 Another minor update 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Miroslav Stampar
67157fa2ba Some more minor fixes 2013-02-15 14:28:05 +01:00
Miroslav Stampar
b1c0cabde5 Minor fixes 2013-02-15 14:21:51 +01:00
Miroslav Stampar
2fb599619a Bug fix 2013-02-15 13:55:09 +01:00
Bernardo Damele
d8942d2ae0 fixes #396 - adapted the engine to properly verify all steps of takeover were successul, minor code refactoring too 2013-02-14 18:32:22 +00:00
Bernardo Damele
d42d28392a avoid tracebacks because the parameter does not exist 2013-02-14 13:18:33 +00:00
Bernardo Damele
c9c520a325 no need to repeat the debug message each time this function is called 2013-02-14 13:18:15 +00:00
Bernardo Damele
1de109747f minor bug fix introduced in 2267dd8f47 2013-02-14 12:39:17 +00:00
Miroslav Stampar
0b8de94ace Putting cases with INTO here too 2013-02-14 12:35:17 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Bernardo Damele
cbb5c79d29 typo fix 2013-02-13 13:07:47 +00:00
Bernardo Damele
d9e716b95d added two debug messages for clarity 2013-02-13 12:46:45 +00:00
Miroslav Stampar
dd6f50a00e Removing unused imports 2013-02-13 11:15:24 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
c9447fbbe7 Minor patch to return False if --is-dba returns None 2013-02-12 13:04:42 +01:00
Miroslav Stampar
093a93938c Bug fix (making non-query statements available for stacked conditional-error blind cases too) 2013-02-11 20:43:12 +01:00
Bernardo Damele
8bfee3b802 started to work on #373 to improve usability when user is not DBA 2013-02-11 18:07:58 +00:00
Miroslav Stampar
2f69a94bcf Bug fix for --search -C 2013-02-05 12:24:57 +01:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Miroslav Stampar
31230c5a42 Minor fix 2013-02-05 11:23:22 +01:00
Miroslav Stampar
87ad96bf01 Minor cosmetic fix 2013-02-05 11:18:46 +01:00
Miroslav Stampar
81d4f9f7d1 Bug fix for last regression test (--search related) 2013-01-31 16:41:23 +01:00
Miroslav Stampar
6b6e36b2ec Continuation of work on fixing DISTINCT/--search issues (Oracle) 2013-01-30 18:08:34 +01:00
Miroslav Stampar
838e98192e Consistency update (we are not using DISTINCT in inband counterparts too) 2013-01-30 17:25:36 +01:00
Miroslav Stampar
93c59c7277 Fix for a --privileges --technique=B --dbms=Oracle (when one user has no privileges everything is foobared) 2013-01-30 16:41:57 +01:00
Miroslav Stampar
95998e3989 Implementing undocumented way how to retrieve w+ temporary directory name on MsSQL (suggested by Vlado Velichkovski) 2013-01-30 14:38:21 +01:00
Miroslav Stampar
6005046280 Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working) 2013-01-30 11:36:04 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
ff160abf10 minor bug fix 2013-01-23 13:02:02 +00:00
Bernardo Damele
45af22872a fixes #370 (the bug was introduced with commit edb977a74e)# 2013-01-23 13:00:58 +00:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
bd7fd862b0 forgot import 2013-01-22 10:16:18 +00:00
Bernardo Damele
edb977a74e bug fix so that if search fails with union/error and blind techniques are available, it falls back to them (like any other enumeration switch) and minor bug fix so that in search mode, the provided table name to search is upped 2013-01-22 10:14:35 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
e9dea8d394 no need to raise an exception if one enumeration fails 2013-01-21 17:11:46 +00:00
Miroslav Stampar
f9d330ec98 Fix for that Firebird column data types issue (tec=EU) 2013-01-21 17:20:46 +01:00
Miroslav Stampar
457217f2d3 Fix for an Issue #356 2013-01-21 16:46:48 +01:00
Miroslav Stampar
65c55a6a49 Fix for escaping single quote character(s) 2013-01-21 11:21:41 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
6f61fc04f1 minor bug fix 2013-01-20 01:22:25 +00:00
Bernardo Damele
d1acdee9c4 fixed --count for DBMSes that are single-database 2013-01-18 23:07:16 +00:00
Bernardo Damele
8748cceff3 no point enumerating current database for --count on some DBMSes 2013-01-18 23:04:28 +00:00
Bernardo Damele
a390c48692 code refactoring 2013-01-18 23:04:01 +00:00
Bernardo Damele
b80e195c78 bug fix for #355 2013-01-18 22:10:10 +00:00
Bernardo Damele
f3d7be9200 more adjustments for #353 2013-01-18 20:44:56 +00:00
Bernardo Damele
2550bbc05e fix for #353 2013-01-18 20:40:38 +00:00
Bernardo Damele
f49657eacc minor fix to previous commit 2013-01-18 15:10:34 +00:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
e7576a3b11 Better naming 2013-01-18 11:21:23 +01:00
Miroslav Stampar
caae773b2d Minor removal of redundant code 2013-01-18 10:44:57 +01:00
Bernardo Damele
d1b91790f5 fixed --count on DB2 2013-01-17 22:13:59 +00:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Bernardo Damele
404ecbcaec typo fix 2013-01-15 17:14:58 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
e555c2be30 added support for --search -T for SQLite 2013-01-14 16:26:11 +00:00
Bernardo Damele
e835a2af9a minor bug fix 2013-01-14 13:43:03 +00:00
Bernardo Damele
279f6cb9ce minor bug fix for PostgreSQL --file-read 2013-01-14 12:22:15 +00:00
Bernardo Damele
146d9fedf0 fix for bug #337 2013-01-14 10:24:45 +00:00
Miroslav Stampar
bc4d8d3e02 Implementation for an Issue #332 2013-01-11 11:17:41 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3 Removing unused imports 2013-01-10 12:15:12 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964 Minor refactoring for an Issue #295 2013-01-08 10:23:02 +01:00
Bernardo Damele
8ee840bc8e maintained release is on Google code 2013-01-07 17:11:14 +00:00
Miroslav Stampar
46e2ad53cd Fix for an Issue #331 2013-01-07 16:36:29 +01:00
Miroslav Stampar
ac407ae4a1 Implementation for an Issue #295 2013-01-07 15:55:40 +01:00
Miroslav Stampar
6270e9337b Minor cosmetics 2013-01-07 14:34:20 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Miroslav Stampar
2fc187489b Removing leftover 2012-12-21 14:01:59 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Miroslav Stampar
0f62e677b5 Minor just in case commit (plural/singular unArrayize()) 2012-12-21 10:15:42 +01:00
Miroslav Stampar
18f4a916ea Minor fix 2012-12-20 14:58:26 +01:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Bernardo Damele
9b422e1e94 minor fix for issue #309 2012-12-19 09:37:29 +00:00
Bernardo Damele
738dbde16c avoid displaying "do you want to dump" message if no searched columns have been found 2012-12-18 18:07:34 +00:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
8d9aa2c384 minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223 2012-12-18 17:49:18 +00:00
Bernardo Damele
9a1eca20b5 lowered gravity 2012-12-18 16:42:03 +00:00
Bernardo Damele
d1d99d930b proper fix for #306 2012-12-18 15:31:30 +00:00
Bernardo Damele
6b1dd05e62 reverted 2012-12-18 14:51:04 +00:00
Bernardo Damele
e1b7a6350e consistency between --tables and --columns when -T and -C are respectively provided - there was a leftover from when --search called getColumns() as --columns: this is no longer the case (closes issue #306) 2012-12-18 14:37:04 +00:00
Bernardo Damele
57412f8475 default to --search shall stay LIKE 2012-12-18 13:55:26 +00:00
Miroslav Stampar
699a0f756a Minor fix 2012-12-18 12:43:23 +01:00
Miroslav Stampar
f56b846864 Patch for an Issue #300 2012-12-18 09:55:33 +01:00
Bernardo Damele
a00cd9b3ea syntax fix 2012-12-17 14:13:34 +00:00
Bernardo Damele
d2bd275652 refactoring 2012-12-17 14:07:28 +00:00
Bernardo Damele
3c1cead406 WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now 2012-12-17 14:06:12 +00:00
Bernardo Damele
eb44f30d63 minor layout output fix 2012-12-17 13:51:46 +00:00
Miroslav Stampar
9e38ccbc3d Removing unused imports 2012-12-10 17:47:42 +01:00
Miroslav Stampar
ed1b5d0ada Minor fix 2012-12-07 10:57:57 +01:00
Miroslav Stampar
b5c8707323 Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL 2012-12-06 15:55:33 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
d4b5133df7 Update for an Issue #272 2012-12-04 17:04:32 +01:00
Miroslav Stampar
b250b68231 Bug fix (--users was returning only 1 value because of this bug; probably introduced by mistake months ago) 2012-11-29 12:02:59 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
ba55bed008 More general approach for PostgreSQL concatenation operator precedence problem (Issue #219) 2012-10-25 10:41:16 +02:00
Miroslav Stampar
54fbb22ab8 Minor refactoring 2012-10-25 09:56:36 +02:00
Miroslav Stampar
c2058dfc8f Fix for an Issue #220 2012-10-25 09:42:43 +02:00
Miroslav Stampar
b7429dc6bb Minor fix for an Issue #219 2012-10-25 00:15:59 +02:00
Miroslav Stampar
344ef9af7d Language fix (in lots of cases wrong statement 'unable to retrieve columns for any table in database' was reported) 2012-10-24 23:38:35 +02:00
Miroslav Stampar
5477c9f7ba Fix for an Issue #216 2012-10-24 22:59:46 +02:00
Miroslav Stampar
f25f5c9eeb Minor fix 2012-10-23 10:33:30 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
ebe3f4c34c Minor fix 2012-10-15 18:51:42 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00