Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c
Minor bug fix in MSSQL version fingerprint
2009-08-11 09:16:20 +00:00
Bernardo Damele
14578a7a4d
Updated THANKS file
2009-07-30 12:02:34 +00:00
Bernardo Damele
e608a5ca55
Updated THANKS file
2009-07-29 10:44:56 +00:00
Bernardo Damele
2c98c11e80
user's manual PDF recreated
2009-07-25 16:46:30 +00:00
Bernardo Damele
45e3ce798f
Updated documentation with all new features introduced since sqlmap 0.7-rc1
2009-07-25 14:31:44 +00:00
Bernardo Damele
576cc97742
Minor update to the user's manual, almost there to release 0.7 stable!
2009-07-25 00:25:59 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00
Bernardo Damele
bc31bd1dd9
Minor bug fix
2009-06-29 10:13:39 +00:00
Bernardo Damele
fd7de4bbb8
Updated THANKS file
2009-06-24 13:57:50 +00:00
Bernardo Damele
cfd8a83655
Minor adjustment to get also the port when parsing burp logs
2009-06-04 14:36:31 +00:00
Bernardo Damele
81d1a767ac
Minor bug fix in output manager (dumper) object
2009-05-20 13:56:23 +00:00
Bernardo Damele
37d3b3adda
Updated THANKS
2009-05-20 09:58:22 +00:00
Bernardo Damele
f7ee4d578e
Updated THANKS file
2009-05-19 15:56:30 +00:00
Bernardo Damele
e8c115500d
Now it works also on Mac OS X
2009-04-30 10:46:50 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
69259c5984
Updated THANKS
2009-04-23 08:42:57 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
c405fb51ab
PDF regenerated
2009-02-04 16:32:06 +00:00
Bernardo Damele
b12d955274
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4
Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs
2009-02-02 23:44:19 +00:00
Bernardo Damele
9ab174a444
Almost ready with the user's manual for 0.6.4 release
2009-02-01 13:44:44 +00:00
Bernardo Damele
77d9d22ceb
Minor update to the user's manual
2009-02-01 00:20:08 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031
Avoid DeprecationWarning with Python 2.6+
2009-01-22 23:53:01 +00:00
Bernardo Damele
193482a62b
Updated user's manual
2009-01-22 23:44:44 +00:00
Bernardo Damele
981c7a4428
Updated Microsoft SQL Server XML signature db
2009-01-22 22:30:45 +00:00
Bernardo Damele
7adbf5892d
Updated user's manual
2009-01-19 23:45:54 +00:00
Bernardo Damele
8f973ce574
Minor layout adjustments
2009-01-18 22:36:48 +00:00
Bernardo Damele
bc3b4c6936
Minor layout adjustments in the user's manual
2009-01-13 23:16:34 +00:00
Bernardo Damele
9c125a2b57
Minor improvement to use Python ConfigParser library when --save if specified.
...
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
6ff8feb5cf
Updated documentation
2009-01-03 01:25:43 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
0e9873fd4f
Preparing documentation for 0.6.4
2008-12-29 18:44:20 +00:00
Bernardo Damele
b0ad102efb
Better fingerprint technique for Microsoft SQL Server
2008-12-22 23:32:43 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
4ae464c80d
Minor enhancement to support an option (--union-tech) to specify the
...
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
374b9ba878
Updated documentation based upon recent developments
2008-12-21 16:35:45 +00:00
Bernardo Damele
7e8ac16245
Added preventive check for stacked queries support when executing DDL,
...
DML & co. statements in SQL query and SQL shell. Minor improvements on
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
3fe493b63d
Minor enhancement to support an option (--is-dba) to show if the
...
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
2efb3ae2ba
Documentation updated, now ready for 0.6.3 release
2008-12-17 23:26:14 +00:00
Bernardo Damele
bb9079aa9d
Minor documentation adjustments
2008-12-17 20:58:19 +00:00
Bernardo Damele
94c79e3209
Updated documentation
2008-12-17 20:17:34 +00:00
Bernardo Damele
ec11f502df
Site and documentation updated, ready to release 0.6.3 in two days
2008-12-17 00:19:01 +00:00
Bernardo Damele
36d9ede001
Updated documentation, ready for sqlmap 0.6.3 release
2008-12-16 23:52:16 +00:00
Bernardo Damele
2b0ec1868d
Updated documentation
2008-12-16 21:31:15 +00:00