Bernardo Damele
9ed0744510
Added some error messages to detect back-end DBMS
2010-01-30 22:24:20 +00:00
Bernardo Damele
267cf5dd1a
Updated documentation
2010-01-30 00:08:10 +00:00
Bernardo Damele
7b8316728c
Major bug fix in takeover functionalities on Microsoft SQL Server
2010-01-29 00:09:05 +00:00
Bernardo Damele
c6cae7da41
Updated changelog
2010-01-28 23:10:54 +00:00
Bernardo Damele
b4ce8fe361
Updated ChangeLog file
2010-01-18 15:43:06 +00:00
Bernardo Damele
070ccc30e9
Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP.
...
Updated ChangeLog.
Major code refactoring.
2010-01-14 14:03:16 +00:00
Bernardo Damele
055b14a11a
Updated Changelog
2010-01-13 12:14:29 +00:00
Bernardo Damele
473024bd6e
Newline
2010-01-04 14:03:31 +00:00
Miroslav Stampar
6319eb6e5c
just added PGP Key ID
2010-01-04 13:08:40 +00:00
Bernardo Damele
232f927dd0
Slightly updated the documentation
2010-01-04 12:53:58 +00:00
Bernardo Damele
d5b1863dec
Updated documentation and svn properties
2010-01-02 02:07:28 +00:00
Bernardo Damele
c1c14dabd9
Minor bug fix
2009-12-21 11:21:18 +00:00
Bernardo Damele
e6c4154cac
Fixed minor bug in --reg-del
2009-12-21 11:04:54 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
c332c72808
Minor update to user's manual to reflect new Metasploit release
2009-11-17 23:36:18 +00:00
Bernardo Damele
aa14bea051
Test again
2009-11-01 12:30:30 +00:00
Bernardo Damele
e518ae82e4
Testing post-commit hook on redmine
2009-11-01 12:28:33 +00:00
Bernardo Damele
bfd8128693
Updated name
2009-11-01 12:10:29 +00:00
Bernardo Damele
de68a499f5
Typo fix
2009-11-01 12:08:46 +00:00
Bernardo Damele
bb123b2769
Updated changelog
2009-10-23 10:20:47 +00:00
Bernardo Damele
f1a7d095aa
Minor patch to make the PHP web backdoor work also on Windows
2009-10-22 16:25:19 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
458d59416c
Minor bug fix in MSSQL version fingerprint
2009-08-11 09:16:20 +00:00
Bernardo Damele
14578a7a4d
Updated THANKS file
2009-07-30 12:02:34 +00:00
Bernardo Damele
e608a5ca55
Updated THANKS file
2009-07-29 10:44:56 +00:00
Bernardo Damele
2c98c11e80
user's manual PDF recreated
2009-07-25 16:46:30 +00:00
Bernardo Damele
45e3ce798f
Updated documentation with all new features introduced since sqlmap 0.7-rc1
2009-07-25 14:31:44 +00:00
Bernardo Damele
576cc97742
Minor update to the user's manual, almost there to release 0.7 stable!
2009-07-25 00:25:59 +00:00
Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00
Bernardo Damele
bc31bd1dd9
Minor bug fix
2009-06-29 10:13:39 +00:00
Bernardo Damele
fd7de4bbb8
Updated THANKS file
2009-06-24 13:57:50 +00:00
Bernardo Damele
cfd8a83655
Minor adjustment to get also the port when parsing burp logs
2009-06-04 14:36:31 +00:00
Bernardo Damele
81d1a767ac
Minor bug fix in output manager (dumper) object
2009-05-20 13:56:23 +00:00
Bernardo Damele
37d3b3adda
Updated THANKS
2009-05-20 09:58:22 +00:00
Bernardo Damele
f7ee4d578e
Updated THANKS file
2009-05-19 15:56:30 +00:00
Bernardo Damele
e8c115500d
Now it works also on Mac OS X
2009-04-30 10:46:50 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
69259c5984
Updated THANKS
2009-04-23 08:42:57 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
c405fb51ab
PDF regenerated
2009-02-04 16:32:06 +00:00
Bernardo Damele
b12d955274
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4
Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs
2009-02-02 23:44:19 +00:00
Bernardo Damele
9ab174a444
Almost ready with the user's manual for 0.6.4 release
2009-02-01 13:44:44 +00:00
Bernardo Damele
77d9d22ceb
Minor update to the user's manual
2009-02-01 00:20:08 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031
Avoid DeprecationWarning with Python 2.6+
2009-01-22 23:53:01 +00:00
Bernardo Damele
193482a62b
Updated user's manual
2009-01-22 23:44:44 +00:00
Bernardo Damele
981c7a4428
Updated Microsoft SQL Server XML signature db
2009-01-22 22:30:45 +00:00