Miroslav Stampar
|
a3f9741d6e
|
Fixed unneeded trimming in --hex for MsSQL
|
2012-12-21 11:40:18 +01:00 |
|
Bernardo Damele
|
a56e384abb
|
updated VM..
|
2012-12-20 13:18:45 +00:00 |
|
Bernardo Damele
|
e39ac0f092
|
added OR boolean-based test case
|
2012-12-20 12:52:26 +00:00 |
|
Bernardo Damele
|
d019f75e63
|
for this test case verbose has to be set to 2 as we parse a DEBUG message
|
2012-12-20 11:48:34 +00:00 |
|
Bernardo Damele
|
190e317992
|
fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily
|
2012-12-20 11:05:11 +00:00 |
|
Miroslav Stampar
|
19e2f3bb76
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2012-12-20 10:43:54 +01:00 |
|
Miroslav Stampar
|
03215ef209
|
Proper length function used now (fixing issues with international letters in multi threaded mode)
|
2012-12-20 10:43:38 +01:00 |
|
Bernardo Damele
|
076b4063e6
|
these edits got overwritten from last commits
|
2012-12-20 09:42:44 +00:00 |
|
Bernardo Damele
|
602405c171
|
added more test cases
|
2012-12-19 18:30:04 +00:00 |
|
Bernardo Damele
|
a2c58847e6
|
fixed title
|
2012-12-19 18:29:00 +00:00 |
|
Bernardo Damele
|
357da43cea
|
slight improvement of live test engine and added misc test cases to xml
|
2012-12-19 17:28:41 +00:00 |
|
Bernardo Damele
|
3061eec7d8
|
added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn)
|
2012-12-19 16:39:13 +00:00 |
|
Bernardo Damele
|
282aeb734f
|
ORDER BY does not play well with UNION query SQLi (related to issue #313)
|
2012-12-19 13:21:16 +00:00 |
|
Bernardo Damele
|
e583ba6826
|
no point retesting all for time-based too as it uses same engine of boolean-based
|
2012-12-19 12:35:36 +00:00 |
|
Bernardo Damele
|
2bc2c0431c
|
fixed test cases
|
2012-12-19 12:33:37 +00:00 |
|
Bernardo Damele
|
5ceadf02ae
|
fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes
|
2012-12-19 12:22:45 +00:00 |
|
Bernardo Damele
|
54752a9101
|
typo fix
|
2012-12-19 11:44:58 +00:00 |
|
Bernardo Damele
|
dee56b17c3
|
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
|
2012-12-19 10:50:15 +00:00 |
|
Bernardo Damele
|
2c86022aab
|
added test cases for --sql-query and improved tests for --search -C
|
2012-12-18 16:30:46 +00:00 |
|
Bernardo Damele
|
f8267ece0f
|
added more specific --search -T and -C test cases
|
2012-12-18 16:13:38 +00:00 |
|
Bernardo Damele
|
61a838bb35
|
added more test cases
|
2012-12-18 15:59:48 +00:00 |
|
Bernardo Damele
|
3fa05374bd
|
added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP)
|
2012-12-18 12:07:19 +00:00 |
|
Miroslav Stampar
|
9b716eb805
|
Implementation for an Issue #135
|
2012-12-18 10:13:42 +01:00 |
|
Bernardo Damele
|
b957b4790b
|
regexp fix
|
2012-12-17 13:52:00 +00:00 |
|
Bernardo Damele
|
86bca05ab0
|
improved tests
|
2012-12-17 13:30:41 +00:00 |
|
Bernardo Damele
|
bbd2adb5fb
|
improvements to --live-test and added --stop-fail switch
|
2012-12-17 11:41:43 +00:00 |
|
Bernardo Damele
|
2926c815bf
|
improved test switch --live-test and minor refactoring
|
2012-12-17 11:29:33 +00:00 |
|
Miroslav Stampar
|
bc72180a3b
|
Lowering --limit for inline query technique
|
2012-12-05 10:58:41 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
2e2a7a34b6
|
Minor consistency update
|
2012-11-29 12:11:53 +01:00 |
|
Miroslav Stampar
|
c0796b4742
|
Minor bug fix (RLIKE boolean case was using wrong comparison payload)
|
2012-11-27 12:03:38 +01:00 |
|
Miroslav Stampar
|
919f75db9b
|
Improvement and fix for pivotDumpTable mechanism
|
2012-10-28 23:09:35 +01:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
67cfc3b492
|
Removing boundaries (it were meant to be used as 'parameter replace' logic but it's not doable for boundaries)
|
2012-09-17 22:36:40 +02:00 |
|
Miroslav Stampar
|
acad7a34a2
|
Minor update
|
2012-09-17 22:23:44 +02:00 |
|
Miroslav Stampar
|
f26ea04e38
|
Fix for an Issue #175
|
2012-09-07 17:06:38 +02:00 |
|
Miroslav Stampar
|
59ab3c7bdc
|
Updating server.xml with fresh banners
|
2012-08-23 11:01:57 +02:00 |
|
Miroslav Stampar
|
d7cf0de090
|
Fixing INSERT/UPDATE generic boundaries (those previous few were junkies)
|
2012-08-22 14:12:51 +02:00 |
|
Miroslav Stampar
|
8ee9feafb9
|
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
|
2012-08-20 21:57:25 +02:00 |
|
Miroslav Stampar
|
6fdbe4eb89
|
Fix by zhouhx@knownsec.com (better LIKE boundaries)
|
2012-08-06 19:04:23 +02:00 |
|
Miroslav Stampar
|
57f2fccc24
|
Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :)
|
2012-07-26 11:40:47 +02:00 |
|
Miroslav Stampar
|
ec96689556
|
Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db
|
2012-07-26 11:39:51 +02:00 |
|
Miroslav Stampar
|
6878ef92b2
|
Style update
|
2012-07-26 11:22:00 +02:00 |
|
Miroslav Stampar
|
ab3160316f
|
Implementation of payloads for Issue #122
|
2012-07-26 11:17:09 +02:00 |
|
Miroslav Stampar
|
95e0d46e3e
|
Fix for an Issue #110
|
2012-07-21 09:15:54 +02:00 |
|
Bernardo Damele
|
1928d5464d
|
fixes issue #97
|
2012-07-20 15:56:14 +01:00 |
|
Bernardo Damele
|
243a905788
|
more on issue #97
|
2012-07-17 23:07:16 +01:00 |
|
Bernardo Damele
|
c483e91445
|
added payloads for ORDER BY/GROUP BY time-based injections - issue #97
|
2012-07-17 22:52:28 +01:00 |
|
Bernardo Damele
|
771e7a9fc3
|
Initial commit for issue #97
|
2012-07-17 10:13:09 +01:00 |
|
Bernardo Damele
|
53c0336b48
|
added --hostname switch to retrieve DBMS server hostname - closes issue #69
|
2012-07-12 00:01:57 +01:00 |
|
Miroslav Stampar
|
27fdccc858
|
Update for Issue #55 (falling back to SELECT DB_NAME(N))
|
2012-07-03 20:15:17 +02:00 |
|
Miroslav Stampar
|
5d35d255ba
|
minor refactoring
|
2012-06-11 22:27:33 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
3a9e266d78
|
adding revisited wildcard LIKE payloads
|
2012-05-21 21:49:54 +00:00 |
|
Miroslav Stampar
|
602369c762
|
reverting last changes on boundaries
|
2012-05-21 09:20:46 +00:00 |
|
Miroslav Stampar
|
1500b3fccd
|
adding a new payload boundaries by smcintyre@securestate.com
|
2012-05-21 08:31:37 +00:00 |
|
Miroslav Stampar
|
37f2709197
|
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
|
2012-05-09 09:08:23 +00:00 |
|
Miroslav Stampar
|
deec97dfe3
|
adding Frontbase to error message regexes
|
2012-05-08 17:02:58 +00:00 |
|
Miroslav Stampar
|
57234e1ff5
|
fix for proper (international character) inference on MsAccess
|
2012-05-03 23:13:48 +00:00 |
|
Miroslav Stampar
|
1e45ee9ab6
|
reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago
|
2012-04-25 20:37:39 +00:00 |
|
Bernardo Damele
|
eb73cab636
|
increased UNION test ranges
|
2012-04-23 11:54:52 +00:00 |
|
Miroslav Stampar
|
414c74b8aa
|
new payload
|
2012-04-13 08:16:33 +00:00 |
|
Bernardo Damele
|
1f82d29a36
|
switch two conditional payloads for proper detection
|
2012-04-04 10:11:48 +00:00 |
|
Bernardo Damele
|
d5b4b7996a
|
minor revert
|
2012-04-04 00:09:47 +00:00 |
|
Bernardo Damele
|
049c27c739
|
improved detection for INSERT and UPDATE statements
|
2012-04-03 23:29:06 +00:00 |
|
Bernardo Damele
|
40a7232de6
|
Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings)
|
2012-03-30 16:27:08 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
772ead8d03
|
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
|
2012-03-29 12:44:20 +00:00 |
|
Miroslav Stampar
|
84479eebe9
|
minor fix
|
2012-03-15 08:55:42 +00:00 |
|
Bernardo Damele
|
890bf708bc
|
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
|
2012-03-15 00:19:57 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
ac5a752b12
|
Oracle's XMLType doesn't like '#' char too
|
2012-03-01 11:59:37 +00:00 |
|
Miroslav Stampar
|
686eacda9a
|
minor update regarding --hex
|
2012-02-21 13:38:18 +00:00 |
|
Miroslav Stampar
|
77723a7aee
|
minor update
|
2012-02-21 10:24:04 +00:00 |
|
Miroslav Stampar
|
d70f4b7150
|
adding hex conversion functions to queries.xml for 4 major DBMSes
|
2012-02-21 10:10:43 +00:00 |
|
Miroslav Stampar
|
6632aa7308
|
some more refactoring
|
2012-02-16 13:46:01 +00:00 |
|
Miroslav Stampar
|
7bca926a0b
|
fixes, updates, patches
|
2012-02-09 10:16:58 +00:00 |
|
Miroslav Stampar
|
f86c365694
|
added one more failsafe for MSSQL --tables
|
2012-02-03 10:56:39 +00:00 |
|
Miroslav Stampar
|
f4e7bf1d51
|
minor update regarding support for Unicode characters in Oracle
|
2012-02-01 14:17:27 +00:00 |
|
Miroslav Stampar
|
704488a4e4
|
proper retrieval of unicode characters in inference mode on MSSQL
|
2012-02-01 13:01:46 +00:00 |
|
Miroslav Stampar
|
a6c2fc7ecc
|
some refactoring on MSSQL support
|
2012-02-01 12:53:07 +00:00 |
|
Bernardo Damele
|
ec9cc19951
|
Minor bug fixes for -d
|
2012-01-13 21:46:21 +00:00 |
|
Miroslav Stampar
|
f1147035cf
|
minor concision/beautification update
|
2012-01-10 11:50:26 +00:00 |
|
Miroslav Stampar
|
fecdce5801
|
implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too
|
2012-01-09 21:09:05 +00:00 |
|
Miroslav Stampar
|
f412706fee
|
minor update for MSSQL --tables (fallback to other method)
|
2012-01-03 18:01:14 +00:00 |
|
Miroslav Stampar
|
7d2fce16dc
|
minor fix
|
2011-12-16 11:40:23 +00:00 |
|
Miroslav Stampar
|
cff21814bb
|
minor patch for MSSQL 2008
|
2011-12-16 11:23:41 +00:00 |
|
Miroslav Stampar
|
2adf358524
|
minor update
|
2011-12-03 13:17:43 +00:00 |
|
Miroslav Stampar
|
39b406c5c1
|
fix for --search on Oracle
|
2011-12-02 18:13:27 +00:00 |
|
Miroslav Stampar
|
94790bf08a
|
minor update (removing reference to Microsoft Access for Generic payload)
|
2011-12-01 13:25:27 +00:00 |
|
Miroslav Stampar
|
df4e3be191
|
using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)
|
2011-11-23 22:57:02 +00:00 |
|
Miroslav Stampar
|
d8047c79f3
|
reverting back last two commits
|
2011-11-22 15:28:31 +00:00 |
|
Miroslav Stampar
|
73276c0785
|
even better (added long before plugins table)
|
2011-11-22 15:23:31 +00:00 |
|
Miroslav Stampar
|
ff07031170
|
better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)
|
2011-11-22 15:20:12 +00:00 |
|
Miroslav Stampar
|
bbb7e1562d
|
adding AGAINST full-text search boundaries
|
2011-11-12 14:16:43 +00:00 |
|
Miroslav Stampar
|
2e5222bfd8
|
adding INSERT/UPDATE generic boundaries
|
2011-10-28 11:00:09 +00:00 |
|
Miroslav Stampar
|
b6ccc0cc43
|
minor update
|
2011-10-18 14:35:42 +00:00 |
|
Miroslav Stampar
|
597d554153
|
minor update
|
2011-10-18 13:05:49 +00:00 |
|
Miroslav Stampar
|
382db1b67a
|
degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)
|
2011-08-31 20:35:57 +00:00 |
|
Miroslav Stampar
|
d283e3eb3c
|
adding support for pre-WHERE injections
|
2011-08-24 09:04:18 +00:00 |
|