sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Bernardo Damele	a02dd6b55b	Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring.	2010-12-13 21:33:42 +00:00
Miroslav Stampar	e98d9c08e1	dumping table is now possible on Firebird too	2010-12-12 14:38:07 +00:00
Miroslav Stampar	f9bc6fc78f	minor fix	2010-12-11 22:14:35 +00:00
Miroslav Stampar	c93634b6c7	blind dumping of tables in sqlite implemented	2010-12-11 22:13:19 +00:00
Miroslav Stampar	e6c66fa37c	update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available	2010-12-11 17:55:28 +00:00
Miroslav Stampar	1beb1dd2cc	minor update	2010-12-11 09:30:38 +00:00
Miroslav Stampar	435f48b8cc	polite cosmetics	2010-12-10 15:28:56 +00:00
Bernardo Damele	7c87ad4065	Minor speedup in -f mysql	2010-12-10 13:05:46 +00:00
Miroslav Stampar	b02bd55edc	minor refactoring	2010-12-10 13:04:36 +00:00
Bernardo Damele	d71e51e765	Minor improvement	2010-12-10 11:31:27 +00:00
Bernardo Damele	4741874e9e	Enhancement to speedup MySQL fingerprint	2010-12-10 11:27:36 +00:00
Miroslav Stampar	e98b81fe32	another update	2010-12-10 10:56:55 +00:00
Miroslav Stampar	d5e7a8d305	update	2010-12-10 10:54:17 +00:00
Miroslav Stampar	bbffea2cbc	bug fix	2010-12-09 17:10:22 +00:00
Miroslav Stampar	0eb2c408a9	code refactoring	2010-12-09 16:49:02 +00:00
Miroslav Stampar	cdff29ada7	update	2010-12-09 11:23:44 +00:00
Miroslav Stampar	81c16926c1	code refactoring some more	2010-12-08 14:46:07 +00:00
Miroslav Stampar	d77ddbee47	OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)	2010-12-06 18:20:57 +00:00
Bernardo Damele	17449754fe	Got rid of UNION false cond	2010-12-05 16:16:15 +00:00
Miroslav Stampar	5764816891	minor cosmetics	2010-12-03 22:28:09 +00:00
Miroslav Stampar	bf09b8a6d9	added Firebird error based (WHERE) attack vector	2010-12-02 15:09:21 +00:00
Bernardo Damele	c8f943f5e4	Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.	2010-11-30 22:40:25 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Bernardo Damele	360aff7a4d	sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle	2010-11-17 17:20:32 +00:00
Miroslav Stampar	6ef3846400	update regarding error parsing (and reporting)	2010-11-16 10:42:42 +00:00
Bernardo Damele	64b5de44a0	Converted to new XML object format	2010-11-12 10:11:13 +00:00
Bernardo Damele	66c82d72e4	Typo fix	2010-11-12 10:02:02 +00:00
Miroslav Stampar	42272ca78c	minor update	2010-11-11 22:26:36 +00:00
Miroslav Stampar	be992b4471	update regarding common columns existance check	2010-11-11 17:09:31 +00:00
Bernardo Damele	0c8918bf07	Minor bug fix, thanks Alex	2010-11-08 12:45:23 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Miroslav Stampar	8e44aa605a	refactoring regarding injection place (more left)	2010-11-08 08:02:36 +00:00
Bernardo Damele	27ce4b0cf0	Set proper verbose level for dbms direct error messages	2010-11-07 22:14:06 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	3f0a443b83	some updates	2010-11-04 23:08:59 +00:00
Miroslav Stampar	d7dbf814a0	fix/update for Access	2010-11-04 21:47:21 +00:00
Miroslav Stampar	6adee3792a	removed all trailing spaces from blank lines	2010-11-03 10:08:27 +00:00
Miroslav Stampar	cd0d4135ac	implemented --banner for MaxDB and some minor fixes	2010-11-02 20:51:55 +00:00
Miroslav Stampar	70f6eab715	minor update	2010-11-02 12:08:28 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Miroslav Stampar	6ad8bbfc8e	one more ms access update	2010-11-02 10:50:57 +00:00
Miroslav Stampar	c98d8fed83	minor ms access update	2010-11-02 10:13:36 +00:00
Bernardo Damele	65a0a8d285	Delegate urlencoding to agent.py only	2010-10-31 13:28:05 +00:00
Bernardo Damele	4f8e9da1b6	Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls.	2010-10-28 00:19:40 +00:00
Bernardo Damele	d554ffc0ae	yes, I am quite paranoid with cosmetics	2010-10-27 10:37:54 +00:00
Bernardo Damele	f5904d0bc0	Major bug fix to --union-test	2010-10-25 23:39:55 +00:00
Miroslav Stampar	8a9a57c709	update for Sybase and major bug fix for --passwords on MSSQL	2010-10-25 22:11:38 +00:00
Bernardo Damele	215175e3b7	Minor code adjustments	2010-10-25 14:11:47 +00:00

1 2 3 4

188 Commits