Commit Graph

762 Commits

Author SHA1 Message Date
Bernardo Damele
9b0662d1a9 added new Oracle time-based payloads 2014-04-09 12:14:16 +00:00
Miroslav Stampar
97f603af4a Fix for an Issue #641 2014-03-17 20:20:25 +01:00
Miroslav Stampar
ae36c08f12 Updating server signatures 2014-03-13 10:05:56 +01:00
Bernardo Damele
07a22070d8 updated signatures for test environment 2014-02-27 15:02:33 +00:00
Miroslav Stampar
b83d531ab3 Minor fix (Reference: https://en.wikipedia.org/wiki/Internet_Information_Services) 2014-02-05 08:32:55 +01:00
Miroslav Stampar
f28b8dbda8 Minor update 2014-02-01 22:24:56 +01:00
Bernardo Damele
4e8ab48145 fixed match 2014-01-13 23:48:00 +00:00
Bernardo Damele
b86353b485 minor fix to DB2 test case 2014-01-13 23:34:25 +00:00
Bernardo Damele
85f60d0c09 leftovers 2014-01-13 17:41:33 +00:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Bernardo Damele
9a1be29b45 updated test cases for regression test 2014-01-13 17:12:59 +00:00
Bernardo Damele
4975aafa65 updated live tests 2014-01-10 17:38:04 +00:00
Bernardo Damele
148767941b new host 2014-01-10 17:23:27 +00:00
Miroslav Stampar
178056968f Cleaning a leftover (deleted) made for Issue #564 2013-12-27 10:49:15 +01:00
Miroslav Stampar
cadbddd607 Adding a boundary proposed in Issue #564 2013-12-27 10:46:18 +01:00
Miroslav Stampar
9ead80d707 Minor patch for Issue #585 2013-12-17 09:39:43 +01:00
Miroslav Stampar
663b1e711b Bug fix 2013-12-01 21:22:29 +01:00
Miroslav Stampar
07bd22fa80 Minor fix 2013-12-01 21:03:30 +01:00
Bernardo Damele
378ce46061 NVARCHAR is not supported on Sybase Adaptive Server 2013-10-18 12:23:50 +01:00
Miroslav Stampar
4c39235c2f Minor revert (5->3) 2013-10-11 00:39:44 +02:00
Miroslav Stampar
6305c1e703 Making a comma-less RLIKE payload 2013-10-11 00:39:11 +02:00
Miroslav Stampar
dbaa35f9fe Minor fix 2013-10-10 23:53:43 +02:00
Miroslav Stampar
2dc570d7a8 Minor patch (for ORDER BY 'col' cases) 2013-10-10 23:08:20 +02:00
Miroslav Stampar
6f2c89bd7c Fix for an Issue #529 2013-09-25 10:22:23 +02:00
Miroslav Stampar
31684dbc89 Fix for an Issue #524 2013-09-13 16:16:46 +02:00
Miroslav Stampar
96ccdb7c83 Adding new regular expressions for error messages 2013-09-06 19:41:40 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
de31688c4f Update for an Issue #481 2013-07-29 18:25:27 +02:00
Miroslav Stampar
df5a6beb6e Queries for Issue #481 2013-07-27 11:11:11 +02:00
stamparm
dbb0d7f700 Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used) 2013-07-19 13:24:35 +02:00
stamparm
27bf37e741 Updating to higher levels for HSQLDB specific payloads (like for e.g. Firebird) 2013-07-04 15:41:08 +02:00
stamparm
f97b35dcc1 Patch for an Issue #475 2013-07-01 13:43:38 +02:00
Bernardo Damele
9a8bec760f added fingerprint for HSQLDB based on Tomcat stacktrace message 2013-07-01 12:17:52 +01:00
stamparm
925098686d Minor fix 2013-07-01 13:05:57 +02:00
stamparm
e3124b9176 Replacing tabs with spaces (Issue #475) 2013-07-01 12:56:34 +02:00
Bernardo Damele
2ca5df2802 minor fix 2013-07-01 11:31:28 +01:00
stamparm
b5e644694a Minor cleanup 2013-07-01 12:05:02 +02:00
Miroslav Stampar
aeb83ba651 Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
Meatballs
604694c0e5 Cleanup queries.xml 2013-06-24 23:22:52 +01:00
Meatballs
55a37183d4 Cleanup payloads file 2013-06-24 15:04:52 +01:00
Meatballs
355d3f86be hsql payloads and queries xml 2013-06-24 14:34:54 +01:00
Miroslav Stampar
4336a8fa7c Fix for overnight (previously removed : from prefix/suffix was important for XMLType payload) 2013-06-24 14:18:42 +02:00
Miroslav Stampar
fca6772df6 Implementation for an Issue #468 2013-06-22 00:13:46 +02:00
stamparm
20b8186fcc Fix for an Issue #467 2013-06-19 10:41:58 +02:00
Miroslav Stampar
ad07add549 Fixing MySQL/stacked payloads (also removing stacked conditional-error version as it's syntatically incorrect) 2013-06-05 14:32:06 +02:00
stamparm
f456b5a28d Bug fix (this payload was also doable on MySQL - with CAST it's strictly being bound to Oracle only) 2013-05-29 17:41:42 +02:00
Miroslav Stampar
19b87074c6 Minor fix 2013-05-22 23:30:33 +04:00
Miroslav Stampar
d34286fe44 Temporary disabling 2013-05-12 13:45:32 +02:00
Miroslav Stampar
427d88b194 Minor overnight fix 2013-05-04 11:39:23 +02:00
stamparm
ff62b0d3ea Replacing a substring query for PgSQL with a non-comma version (there are no compatibility issues while skipping problems with possible comma filtering) 2013-04-25 10:14:03 +02:00
stamparm
9c264e6426 Revert back of SQLite3 time-based payload as of regression test failing 2013-04-10 11:10:19 +02:00
stamparm
acc650d3dc Minor fine tuning 2013-04-03 15:14:25 +02:00
stamparm
125168c515 Reverting back to 8002531b63 (that last 76dcbbda0f resulted in 'too big blob') 2013-04-03 14:38:13 +02:00
stamparm
76dcbbda0f Reverting last commit and making heavy query on SQLite heavier 2013-04-03 14:23:28 +02:00
stamparm
8002531b63 Heavy queries should not have --time-sec set to some small value in live tests as their responses are machine dependent (on fast machines --time-sec=2 will result in fast responses making sqlmap life harder) 2013-04-03 14:17:13 +02:00
stamparm
64ba88096f Adding a new test case (Issue #423) 2013-03-21 12:13:13 +01:00
Bernardo Damele
30cf933445 added one more test case 2013-03-05 18:21:45 +00:00
stamparm
46b9a602ba Minor style update (because of consistency with other payloads; also, Oracle is uppercase oriented) 2013-03-01 12:43:08 +01:00
Miroslav Stampar
f593e1d30f Reverting last commit as there is bunch of similar 2013-02-20 17:35:36 +01:00
stamparm
e2b7384921 Adding a new test case (--sql-query) 2013-02-20 14:10:39 +01:00
Miroslav Stampar
6c8e8e2a0f Minor fix 2013-02-18 15:23:55 +01:00
Miroslav Stampar
75a9404cb5 Bug fix (unenclosed 'SELECT * FROM user' returns result for a system function user <- previous results were illegal) 2013-02-18 14:15:48 +01:00
Bernardo Damele
5abca52924 added one more test case 2013-02-15 17:11:40 +00:00
Miroslav Stampar
b3b3899dab Fix for an Issue #273 (must for MsSQL 2000; works on MsSQL > 2000) 2013-02-14 10:08:29 +01:00
Miroslav Stampar
3483fd4347 MAX not supported by MSSQL < 2005 2013-02-13 18:33:28 +01:00
Bernardo Damele
1384b8794f add parsed error messages to console_output for better debugging of failed regression test cases 2013-02-12 13:48:11 +00:00
Bernardo Damele
70230f3513 minor fix 2013-02-12 09:28:15 +00:00
Bernardo Damele
c8d1020a13 re-enabled brute-force test cases 2013-02-07 14:19:58 +00:00
Miroslav Stampar
c0888e92c8 Minor update 2013-02-05 12:02:48 +01:00
Miroslav Stampar
7ba0da66b1 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 11:10:31 +01:00
Miroslav Stampar
9434cc26d8 Minor fix 2013-02-05 11:10:21 +01:00
Bernardo Damele
9da6f8e08a more verbose parsing rule 2013-02-05 09:58:11 +00:00
Bernardo Damele
6a83eea587 added SQLite 3 test cases 2013-02-05 09:11:20 +00:00
Bernardo Damele
0f4f808be4 minor improvement 2013-02-04 23:26:17 +00:00
Bernardo Damele
5a8f94a1e1 temporary patch 2013-02-04 09:15:05 +00:00
Miroslav Stampar
231ea51fe6 Removing leftover 2013-02-01 17:10:40 +01:00
Miroslav Stampar
68e507ea9f Update for an SQLite3 time-based (heavy query) payloads (better timedelay) 2013-01-31 18:59:18 +01:00
Miroslav Stampar
410f6ad476 Fix for an Issue #380 2013-01-31 13:26:38 +01:00
Miroslav Stampar
6b6e36b2ec Continuation of work on fixing DISTINCT/--search issues (Oracle) 2013-01-30 18:08:34 +01:00
Miroslav Stampar
838e98192e Consistency update (we are not using DISTINCT in inband counterparts too) 2013-01-30 17:25:36 +01:00
Miroslav Stampar
112ff952d4 Continuation of cleaning up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 17:08:17 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Miroslav Stampar
742c66fad2 Adding one more test (switch --hex) 2013-01-30 11:40:12 +01:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f2512d06db Removing unneeded whitespace in inference queries 2013-01-29 16:13:49 +01:00
Bernardo Damele
2a9fe62c3f bind payload is preferred if filtering does not allow reverse connection 2013-01-26 15:51:47 +00:00
Miroslav Stampar
f9b44d6ff7 Adding test cases for using custom injection marks 2013-01-25 16:07:27 +01:00
Bernardo Damele
aed833c1d2 fixed test case 2013-01-24 14:59:55 +00:00
Bernardo Damele
7d01eb79b4 minor fix 2013-01-24 00:55:45 +00:00
Bernardo Damele
3c0c7f776f minor fix 2013-01-23 16:57:51 +00:00
Bernardo Damele
f1534a178a regexp fixes 2013-01-23 16:22:01 +00:00
Bernardo Damele
9ceb4839ac added test cases for --common-tables across all DBMSes and supported techniques 2013-01-23 15:54:58 +00:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
35d76f3da5 Adding missing stuff related to the last commit 2013-01-23 14:48:31 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
599ad74a32 typo fix 2013-01-23 13:05:10 +00:00
Bernardo Damele
7ee07d031a added PostgreSQL stacked queries test case 2013-01-23 12:15:20 +00:00
Bernardo Damele
314ed22fc3 added preventive cleanup test case 2013-01-23 12:12:30 +00:00
Bernardo Damele
f3ff239e62 minor fix 2013-01-23 00:21:11 +00:00
Bernardo Damele
aafc5b5623 added one just in case test case to check if all params are tested as they should be 2013-01-23 00:18:54 +00:00
Bernardo Damele
91c00939f7 added one more test case 2013-01-22 18:28:59 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
5ea45af1c4 Warming up for Issue #366 and #367 2013-01-22 14:14:20 +01:00
Bernardo Damele
4f081a6a9b typo fixes 2013-01-22 13:00:15 +00:00
Bernardo Damele
afa9046e74 added Firebird custom enumeration test cases and stricten a few cases to make sure query length calculation function works properly with multi-threading/boolean technique 2013-01-22 12:34:11 +00:00
Bernardo Damele
29a65b5cdc added Firebird search test cases 2013-01-22 11:23:48 +00:00
Miroslav Stampar
b8318efecc Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 11:29:15 +01:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
d2ff9bccbb minor adjustment 2013-01-21 21:00:03 +00:00
Bernardo Damele
bc5a7e49e9 done with DB2 test cases (issue #312) 2013-01-21 20:53:11 +00:00
Bernardo Damele
3cfa6cd191 minor adjustments 2013-01-21 16:41:47 +00:00
Bernardo Damele
d5de5306d6 minor fixes following recent enhancements 2013-01-21 16:38:31 +00:00
Miroslav Stampar
472f5e35c2 Removing that space char 2013-01-21 17:35:23 +01:00
Miroslav Stampar
5d318b4980 Fix for a ISNULL mechanism in Firebird 2013-01-21 17:33:09 +01:00
Miroslav Stampar
99bc4a9005 Generic approach for dealing with that nasty Firebird habit of appending spaces to (tec=EU) varchar casted values 2013-01-21 17:17:20 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
aebf2c1350 Slightly better payload for Firebird delay-based SQLi (adding sligtly more delay) 2013-01-20 23:10:58 +01:00
Bernardo Damele
845ec006d7 fixed again 2013-01-20 01:33:22 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Bernardo Damele
a24eaffacc fixed --columns on DB2, inline with Oracle and other DBMSes now 2013-01-19 16:14:25 +00:00
Bernardo Damele
b05c6cbd13 leftover 2013-01-19 00:29:42 +00:00
Bernardo Damele
30273e03fe leftover 2013-01-19 00:28:48 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
89ddd54a75 added Firebird inline query payload, requires some work though engine-side for the vector to be usable 2013-01-19 00:05:15 +00:00
Bernardo Damele
10d86d042c enough.. 2013-01-18 23:46:26 +00:00
Bernardo Damele
e76213ef5d more fixes 2013-01-18 23:37:13 +00:00
Bernardo Damele
6be7eee8d6 more fixes 2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce fixed test cases for Firebird - #312 2013-01-18 23:32:39 +00:00
Bernardo Damele
edeb181c4f added first bunch of test cases for Firebird, issue #312 2013-01-18 23:17:43 +00:00
Bernardo Damele
b176cdb578 layout adjustment 2013-01-18 22:10:52 +00:00
Bernardo Damele
2471f325b2 minor adjustments 2013-01-18 21:47:25 +00:00
Bernardo Damele
1ad9e26a21 bug fix for ORDER BY users provided statements (issue #354) 2013-01-18 21:40:50 +00:00
Bernardo Damele
ebd1d3095b done with test cases for Oracle - issue #312 2013-01-18 21:40:11 +00:00
Bernardo Damele
d594978857 typo fix again 2013-01-18 20:48:37 +00:00
Bernardo Damele
bab9485561 typo fix 2013-01-18 20:48:08 +00:00
Bernardo Damele
2550bbc05e fix for #353 2013-01-18 20:40:38 +00:00
Bernardo Damele
2463e51e73 added one more test case for DB2 and a few search-related cases for Oracle (issue #312) 2013-01-18 20:37:20 +00:00
Bernardo Damele
d66f7e22b1 more fixes to test cases 2013-01-18 09:32:05 +00:00
Bernardo Damele
e4ee4f9557 fixed some test cases 2013-01-17 23:17:33 +00:00
Bernardo Damele
ce263b794f on DB2 there are no users password hashes to dump 2013-01-17 22:17:55 +00:00
Bernardo Damele
d2d3878de1 typo fix 2013-01-17 21:58:53 +00:00
Bernardo Damele
acac8c359b fixed --current-db query for IBM DB2 2013-01-17 20:47:35 +00:00
Bernardo Damele
74286e339f test if boolean also works correctly for --os-cmd 2013-01-16 15:36:35 +00:00
Bernardo Damele
6f08d10d07 leftover 2013-01-16 15:16:18 +00:00
Bernardo Damele
1c8bd95e68 more work on Oracle test cases (#312) 2013-01-16 15:13:47 +00:00
Bernardo Damele
6b0ed1c581 fixed parsing reg exps to work with Oracle XE (#312) 2013-01-16 15:00:45 +00:00
Bernardo Damele
a3493769ca minor fix 2013-01-16 00:45:18 +00:00
Bernardo Damele
983593510c ported Oracle checks to express edition 2013-01-15 23:59:29 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
3f84cefc77 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-15 14:59:22 +00:00
Bernardo Damele
1cafe605af added more Oracle test cases 2013-01-15 14:59:15 +00:00
Miroslav Stampar
02f0e72cc6 Minor update of other/corner case titles 2013-01-15 11:10:03 +01:00
Miroslav Stampar
498a576e39 Removing obsolete data 2013-01-15 10:59:46 +01:00
Bernardo Damele
3fa720e699 added first Oracle test cases 2013-01-14 17:30:42 +00:00
Bernardo Damele
8a2b994b94 added SQLite test cases (issue #312) 2013-01-14 16:50:24 +00:00
Bernardo Damele
e555c2be30 added support for --search -T for SQLite 2013-01-14 16:26:11 +00:00
Bernardo Damele
48e0154fc3 added SQLite inline queries payload 2013-01-14 15:30:01 +00:00
Bernardo Damele
3e2c3851f3 Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312) 2013-01-14 13:42:50 +00:00
Bernardo Damele
bd89ade02f minor bug fix for PostgreSQL --file-read 2013-01-14 12:22:00 +00:00
Bernardo Damele
c6d4b89869 minor bug fix for PostgreSQL (issue #338) 2013-01-14 11:41:30 +00:00
Bernardo Damele
b35b8a4835 fixed regexps for --live-test (issue #312) 2013-01-14 10:24:11 +00:00
Bernardo Damele
4acb281414 added first test cases for PostgreSQL 2013-01-14 01:11:57 +00:00
Bernardo Damele
b74cfbf336 minor enhancements for debug purposes (issue #312) 2013-01-13 23:15:56 +00:00
Miroslav Stampar
bc4d8d3e02 Implementation for an Issue #332 2013-01-11 11:17:41 +01:00
Miroslav Stampar
7ea846e111 Removing some junk from queries.xml 2013-01-10 11:46:51 +01:00
Miroslav Stampar
ebde4b190e Minor update 2013-01-10 11:42:37 +01:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
614f4657f1 Removing timedelay tags inside queries.xml as we don't use those outside the payloads.xml anymore (Update for an Issue #24) 2013-01-08 10:30:01 +01:00
Bernardo Damele
ec7508ec4f test case to reproduce bug introduced at 76839ff 2013-01-07 17:39:13 +00:00
Miroslav Stampar
a3f9741d6e Fixed unneeded trimming in --hex for MsSQL 2012-12-21 11:40:18 +01:00
Bernardo Damele
a56e384abb updated VM.. 2012-12-20 13:18:45 +00:00
Bernardo Damele
e39ac0f092 added OR boolean-based test case 2012-12-20 12:52:26 +00:00
Bernardo Damele
d019f75e63 for this test case verbose has to be set to 2 as we parse a DEBUG message 2012-12-20 11:48:34 +00:00
Bernardo Damele
190e317992 fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily 2012-12-20 11:05:11 +00:00
Miroslav Stampar
19e2f3bb76 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 10:43:54 +01:00
Miroslav Stampar
03215ef209 Proper length function used now (fixing issues with international letters in multi threaded mode) 2012-12-20 10:43:38 +01:00
Bernardo Damele
076b4063e6 these edits got overwritten from last commits 2012-12-20 09:42:44 +00:00
Bernardo Damele
602405c171 added more test cases 2012-12-19 18:30:04 +00:00
Bernardo Damele
a2c58847e6 fixed title 2012-12-19 18:29:00 +00:00
Bernardo Damele
357da43cea slight improvement of live test engine and added misc test cases to xml 2012-12-19 17:28:41 +00:00
Bernardo Damele
3061eec7d8 added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn) 2012-12-19 16:39:13 +00:00
Bernardo Damele
282aeb734f ORDER BY does not play well with UNION query SQLi (related to issue #313) 2012-12-19 13:21:16 +00:00
Bernardo Damele
e583ba6826 no point retesting all for time-based too as it uses same engine of boolean-based 2012-12-19 12:35:36 +00:00
Bernardo Damele
2bc2c0431c fixed test cases 2012-12-19 12:33:37 +00:00
Bernardo Damele
5ceadf02ae fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes 2012-12-19 12:22:45 +00:00
Bernardo Damele
54752a9101 typo fix 2012-12-19 11:44:58 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Bernardo Damele
2c86022aab added test cases for --sql-query and improved tests for --search -C 2012-12-18 16:30:46 +00:00
Bernardo Damele
f8267ece0f added more specific --search -T and -C test cases 2012-12-18 16:13:38 +00:00
Bernardo Damele
61a838bb35 added more test cases 2012-12-18 15:59:48 +00:00
Bernardo Damele
3fa05374bd added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP) 2012-12-18 12:07:19 +00:00
Miroslav Stampar
9b716eb805 Implementation for an Issue #135 2012-12-18 10:13:42 +01:00
Bernardo Damele
b957b4790b regexp fix 2012-12-17 13:52:00 +00:00
Bernardo Damele
86bca05ab0 improved tests 2012-12-17 13:30:41 +00:00
Bernardo Damele
bbd2adb5fb improvements to --live-test and added --stop-fail switch 2012-12-17 11:41:43 +00:00
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Miroslav Stampar
bc72180a3b Lowering --limit for inline query technique 2012-12-05 10:58:41 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
2e2a7a34b6 Minor consistency update 2012-11-29 12:11:53 +01:00