sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,168 Commits 4 Branches 117 Tags 97 MiB
963fcb57b6
Commit Graph

131 Commits

Author SHA1 Message Date
Miroslav Stampar
d75578c81f some update regarding common tables 2010-10-29 09:00:51 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. 
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
 2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471 Minor bug fixes and enhancements to ICMPsh tunnel 2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136 Adjusted impacket import check 2010-10-27 21:10:56 +00:00
Bernardo Damele
a391be833b Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work. 2010-10-27 21:02:22 +00:00
Miroslav Stampar
749e25a217 Implementation of --passwords for Sybase 2010-10-26 21:35:30 +00:00
Bernardo Damele
f5904d0bc0 Major bug fix to --union-test 2010-10-25 23:39:55 +00:00
Miroslav Stampar
8a9a57c709 update for Sybase and major bug fix for --passwords on MSSQL 2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe that Sybase is going to be pain in the ass 2010-10-25 21:43:13 +00:00
Bernardo Damele
debaf2215f Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch 2010-10-25 15:54:45 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
f8850e3f41 update (xml fix and refactoring) 2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924 update for Sybase 2010-10-23 07:37:43 +00:00
Miroslav Stampar
a8e42a4f2b bug fix 2010-10-23 06:42:21 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Bernardo Damele
e73e06069b Minor code refactoring 2010-10-20 22:09:03 +00:00
Miroslav Stampar
1b376c99a6 removed temp dictionary and replaced with kb.misc 2010-10-19 23:00:19 +00:00
Miroslav Stampar
6a8b1046d4 first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py) 2010-10-19 12:02:04 +00:00
Bernardo Damele
e7c8be1d45 Minor layout adjustments 2010-10-15 15:37:15 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
8abcdae1b5 some update 2010-09-30 19:45:23 +00:00
Miroslav Stampar
cf8e92699c changes regarding EXISTS feature 2010-09-30 12:35:45 +00:00
Miroslav Stampar
e176b36a7f update 2010-09-24 22:09:33 +00:00
Miroslav Stampar
18db96c45f fix for bug reported by David Guimaraes (colEntry = entry[index] - IndexError: list index out of range) 2010-09-01 09:25:21 +00:00
Miroslav Stampar
b0ba559af5 minor update 2010-08-31 14:31:17 +00:00
Miroslav Stampar
c4040ab297 fix for Feature #136 2010-08-31 14:25:37 +00:00
Bernardo Damele
7c3773a5d7 Minor bug fix to -d 2010-06-30 14:00:49 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
1387ed0c25 This %TEMP% is a mere cause of problems (e.g. --os-cmd in MSSQL the BULK INSERT with '%TEMP%\foo' does not work), stick with C:/WINDOWS/Temp 2010-05-29 15:27:49 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta. 
Minor bug fixes and adjustments.
 2010-05-28 16:43:04 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Miroslav Stampar
20d05cc404 way to handle re.I (ignore case) while using getCompiledRegex 2010-05-21 15:03:40 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4 Added support to search for tables (--search with -T). See #190. 2010-05-16 20:46:17 +00:00
Bernardo Damele
762781e94d Minor bug fix, %TEMP% is expanded only in xp_cmdshell (MSSQL), so disabled for MySQL/PGSQL 2010-05-13 10:40:15 +00:00
Bernardo Damele
091e0b2e05 Layout adjustment 2010-05-13 09:51:15 +00:00
Miroslav Stampar
2323d858a9 modification of temporary directory from C:/Windows/Temp to %TEMP% 2010-05-13 09:32:27 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190: 
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
 2010-05-07 13:40:57 +00:00
Bernardo Damele
90d9900371 Minor bug fix to consider --start and --stop also in partial UNION query SQL injection 2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database. 
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
 2010-03-31 10:50:47 +00:00