Miroslav Stampar
|
99bc4a9005
|
Generic approach for dealing with that nasty Firebird habit of appending spaces to (tec=EU) varchar casted values
|
2013-01-21 17:17:20 +01:00 |
|
Miroslav Stampar
|
832d95984c
|
IFNULL-like mechanism now works on SQLite 2 too
|
2013-01-21 15:04:27 +01:00 |
|
Bernardo Damele
|
a24eaffacc
|
fixed --columns on DB2, inline with Oracle and other DBMSes now
|
2013-01-19 16:14:25 +00:00 |
|
Bernardo Damele
|
b176cdb578
|
layout adjustment
|
2013-01-18 22:10:52 +00:00 |
|
Bernardo Damele
|
1ad9e26a21
|
bug fix for ORDER BY users provided statements (issue #354)
|
2013-01-18 21:40:50 +00:00 |
|
Bernardo Damele
|
d594978857
|
typo fix again
|
2013-01-18 20:48:37 +00:00 |
|
Bernardo Damele
|
bab9485561
|
typo fix
|
2013-01-18 20:48:08 +00:00 |
|
Bernardo Damele
|
2550bbc05e
|
fix for #353
|
2013-01-18 20:40:38 +00:00 |
|
Bernardo Damele
|
acac8c359b
|
fixed --current-db query for IBM DB2
|
2013-01-17 20:47:35 +00:00 |
|
Miroslav Stampar
|
7a1d484115
|
Implementation for an Issue #340
|
2013-01-15 16:05:33 +01:00 |
|
Miroslav Stampar
|
498a576e39
|
Removing obsolete data
|
2013-01-15 10:59:46 +01:00 |
|
Bernardo Damele
|
e555c2be30
|
added support for --search -T for SQLite
|
2013-01-14 16:26:11 +00:00 |
|
Bernardo Damele
|
c6d4b89869
|
minor bug fix for PostgreSQL (issue #338)
|
2013-01-14 11:41:30 +00:00 |
|
Miroslav Stampar
|
bc4d8d3e02
|
Implementation for an Issue #332
|
2013-01-11 11:17:41 +01:00 |
|
Miroslav Stampar
|
7ea846e111
|
Removing some junk from queries.xml
|
2013-01-10 11:46:51 +01:00 |
|
Miroslav Stampar
|
ebde4b190e
|
Minor update
|
2013-01-10 11:42:37 +01:00 |
|
Miroslav Stampar
|
55a552ddc4
|
Update for an Issue #24
|
2013-01-08 10:55:25 +01:00 |
|
Miroslav Stampar
|
614f4657f1
|
Removing timedelay tags inside queries.xml as we don't use those outside the payloads.xml anymore (Update for an Issue #24)
|
2013-01-08 10:30:01 +01:00 |
|
Miroslav Stampar
|
a3f9741d6e
|
Fixed unneeded trimming in --hex for MsSQL
|
2012-12-21 11:40:18 +01:00 |
|
Miroslav Stampar
|
03215ef209
|
Proper length function used now (fixing issues with international letters in multi threaded mode)
|
2012-12-20 10:43:38 +01:00 |
|
Bernardo Damele
|
dee56b17c3
|
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
|
2012-12-19 10:50:15 +00:00 |
|
Miroslav Stampar
|
2e2a7a34b6
|
Minor consistency update
|
2012-11-29 12:11:53 +01:00 |
|
Miroslav Stampar
|
919f75db9b
|
Improvement and fix for pivotDumpTable mechanism
|
2012-10-28 23:09:35 +01:00 |
|
Miroslav Stampar
|
f26ea04e38
|
Fix for an Issue #175
|
2012-09-07 17:06:38 +02:00 |
|
Miroslav Stampar
|
8ee9feafb9
|
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
|
2012-08-20 21:57:25 +02:00 |
|
Miroslav Stampar
|
95e0d46e3e
|
Fix for an Issue #110
|
2012-07-21 09:15:54 +02:00 |
|
Bernardo Damele
|
53c0336b48
|
added --hostname switch to retrieve DBMS server hostname - closes issue #69
|
2012-07-12 00:01:57 +01:00 |
|
Miroslav Stampar
|
27fdccc858
|
Update for Issue #55 (falling back to SELECT DB_NAME(N))
|
2012-07-03 20:15:17 +02:00 |
|
Miroslav Stampar
|
57234e1ff5
|
fix for proper (international character) inference on MsAccess
|
2012-05-03 23:13:48 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
686eacda9a
|
minor update regarding --hex
|
2012-02-21 13:38:18 +00:00 |
|
Miroslav Stampar
|
77723a7aee
|
minor update
|
2012-02-21 10:24:04 +00:00 |
|
Miroslav Stampar
|
d70f4b7150
|
adding hex conversion functions to queries.xml for 4 major DBMSes
|
2012-02-21 10:10:43 +00:00 |
|
Miroslav Stampar
|
7bca926a0b
|
fixes, updates, patches
|
2012-02-09 10:16:58 +00:00 |
|
Miroslav Stampar
|
f86c365694
|
added one more failsafe for MSSQL --tables
|
2012-02-03 10:56:39 +00:00 |
|
Miroslav Stampar
|
f4e7bf1d51
|
minor update regarding support for Unicode characters in Oracle
|
2012-02-01 14:17:27 +00:00 |
|
Miroslav Stampar
|
704488a4e4
|
proper retrieval of unicode characters in inference mode on MSSQL
|
2012-02-01 13:01:46 +00:00 |
|
Miroslav Stampar
|
a6c2fc7ecc
|
some refactoring on MSSQL support
|
2012-02-01 12:53:07 +00:00 |
|
Miroslav Stampar
|
fecdce5801
|
implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too
|
2012-01-09 21:09:05 +00:00 |
|
Miroslav Stampar
|
f412706fee
|
minor update for MSSQL --tables (fallback to other method)
|
2012-01-03 18:01:14 +00:00 |
|
Miroslav Stampar
|
7d2fce16dc
|
minor fix
|
2011-12-16 11:40:23 +00:00 |
|
Miroslav Stampar
|
cff21814bb
|
minor patch for MSSQL 2008
|
2011-12-16 11:23:41 +00:00 |
|
Miroslav Stampar
|
2adf358524
|
minor update
|
2011-12-03 13:17:43 +00:00 |
|
Miroslav Stampar
|
39b406c5c1
|
fix for --search on Oracle
|
2011-12-02 18:13:27 +00:00 |
|
Miroslav Stampar
|
b6ccc0cc43
|
minor update
|
2011-10-18 14:35:42 +00:00 |
|
Miroslav Stampar
|
4cb9988243
|
quick fix
|
2011-07-12 21:09:33 +00:00 |
|
Miroslav Stampar
|
93219b9e13
|
i've accidentally left table_schema removed while doing some tests. now it should be ok
|
2011-07-08 10:24:46 +00:00 |
|
Bernardo Damele
|
b5dd4d4a63
|
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
|
2011-07-08 10:19:01 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
9eb683531d
|
Minor improvement at blind SQL inj technique for DB2
|
2011-06-27 22:28:12 +00:00 |
|
Bernardo Damele
|
36c96ef796
|
Added DB2 support - patch provided by Sebastian Bittig
|
2011-06-25 09:44:24 +00:00 |
|
Bernardo Damele
|
b2e6cf3ed9
|
Enabled --search -C also for Oracle
|
2011-06-24 14:34:20 +00:00 |
|
Miroslav Stampar
|
4188df0501
|
fixes for Sybase
|
2011-06-15 18:49:35 +00:00 |
|
Bernardo Damele
|
aae140080e
|
SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
|
2011-05-06 10:27:43 +00:00 |
|
Miroslav Stampar
|
6e392b6054
|
applying contributed patch for DB2
|
2011-05-06 09:30:39 +00:00 |
|
Bernardo Damele
|
36a9ddaacc
|
Minor bug fixes and code restyling for --privileges and --passwords
|
2011-04-30 14:50:27 +00:00 |
|
Miroslav Stampar
|
05a0e1d3b0
|
fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting)
|
2011-04-15 11:34:14 +00:00 |
|
Miroslav Stampar
|
75f286cf6d
|
minor update conformant to http://dev.mysql.com/doc/refman/4.1/en/comments.html
|
2011-04-10 23:41:00 +00:00 |
|
Miroslav Stampar
|
3177c6023d
|
lol. re-revert
|
2011-04-10 23:30:56 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Miroslav Stampar
|
e27afef6be
|
minor update regarding --current-db on Oracle
|
2011-04-01 15:56:11 +00:00 |
|
Miroslav Stampar
|
73e5d20ade
|
bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)
|
2011-03-28 11:01:55 +00:00 |
|
Miroslav Stampar
|
82ab4c8dc2
|
minor fix (ORDER BY 1 screws things up in blind mode)
|
2011-03-24 14:19:32 +00:00 |
|
Miroslav Stampar
|
06a5c39efe
|
fix related to the bug reported by Alone Shell
|
2011-03-24 14:03:40 +00:00 |
|
Miroslav Stampar
|
b72cdfe9e6
|
fix for mssql regarding usage of schema names reported by jabra@spl0it.org
|
2011-03-23 10:40:34 +00:00 |
|
Miroslav Stampar
|
4889764114
|
minor update regarding last commit
|
2011-03-21 11:40:27 +00:00 |
|
Miroslav Stampar
|
5291fe35c9
|
proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)
|
2011-03-21 11:29:43 +00:00 |
|
Miroslav Stampar
|
0535225fe7
|
throwing out obsolete ORDER BY 1 from inband queries
|
2011-03-16 14:18:12 +00:00 |
|
Miroslav Stampar
|
3dc31f6273
|
removing spaces after , in our queries
|
2011-03-08 14:07:26 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
68a95fd1b1
|
minor update
|
2011-02-20 22:45:23 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
a3ba8b6928
|
--dump now works on MaxDB too
|
2011-02-20 22:07:12 +00:00 |
|
Miroslav Stampar
|
59e666d16e
|
--is-dba (related) update for Sybase
|
2011-02-20 17:28:06 +00:00 |
|
Miroslav Stampar
|
67ec691eb1
|
more updates regarding Sybase
|
2011-02-20 16:28:48 +00:00 |
|
Miroslav Stampar
|
823e4351b5
|
minor change
|
2011-02-20 12:34:09 +00:00 |
|
Miroslav Stampar
|
f30dea74f3
|
more Sybase updates
|
2011-02-19 18:36:26 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
5f4ffc9287
|
update regarding Sybase dumping
|
2011-02-19 00:36:47 +00:00 |
|
Bernardo Damele
|
394ccb5cc5
|
Added query for MSSQL/--privileges
|
2011-02-10 15:52:55 +00:00 |
|
Miroslav Stampar
|
5050a76b59
|
update regarding reading of table names from access system tables
|
2011-02-09 10:33:29 +00:00 |
|
Miroslav Stampar
|
1a5a66870e
|
problem fixed
|
2011-02-07 11:57:41 +00:00 |
|
Miroslav Stampar
|
4bb7ffcb3a
|
minor update
|
2011-02-03 13:18:43 +00:00 |
|
Bernardo Damele
|
8397c526d8
|
Minor adjustment
|
2011-01-31 21:20:23 +00:00 |
|
Miroslav Stampar
|
440264341c
|
minor update
|
2011-01-24 17:43:25 +00:00 |
|
Miroslav Stampar
|
0eea5665b2
|
minor update
|
2011-01-24 17:41:36 +00:00 |
|
Bernardo Damele
|
6c490bfc8f
|
Avoid a traceback elsewhere
|
2011-01-20 21:43:41 +00:00 |
|
Miroslav Stampar
|
f6d79f58bc
|
another fix (LIMIT is not a good idea to have in inband queries)
|
2011-01-20 21:13:28 +00:00 |
|
Miroslav Stampar
|
ff1a44c335
|
probably a fix for that SQLite bug reported by Ahmed Shawky
|
2011-01-20 20:30:18 +00:00 |
|
Miroslav Stampar
|
2c8115eed9
|
further improvement for ms access table dumping
|
2010-12-26 01:04:30 +00:00 |
|
Miroslav Stampar
|
fb099615e2
|
minor update
|
2010-12-25 11:16:35 +00:00 |
|
Miroslav Stampar
|
272476773f
|
getPageTextWordsSet on tableExists is pretty powerful stuff
|
2010-12-25 09:37:33 +00:00 |
|
Miroslav Stampar
|
706d8e0b88
|
development update (basic ms access dumping implemented)
|
2010-12-24 19:53:11 +00:00 |
|
Miroslav Stampar
|
edcf1a0872
|
few bug fixes
|
2010-12-24 18:40:48 +00:00 |
|
Bernardo Damele
|
c9ab8ae60e
|
Bug fix to properly identify if current user is DBA (--is-dba) on MySQL
|
2010-12-22 14:06:01 +00:00 |
|
Miroslav Stampar
|
3ee44584d4
|
i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string')
|
2010-12-14 12:57:59 +00:00 |
|
Miroslav Stampar
|
33639578ee
|
minor update for MS Access
|
2010-12-12 15:25:19 +00:00 |
|
Miroslav Stampar
|
b1babeefe5
|
update regarding dumping of tables with blind on Sqlite
|
2010-12-11 22:00:16 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|