Commit Graph

770 Commits

Author SHA1 Message Date
Miroslav Stampar
f336afa913 Implementation for Issue #108 2012-07-20 09:48:09 +02:00
Miroslav Stampar
81d15e5051 Fix for an Issue #101 2012-07-17 00:19:33 +02:00
Miroslav Stampar
0e21cb54de Minor fix related to Issue #94 2012-07-16 16:06:39 +02:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Miroslav Stampar
ddb9caeef1 Revert of the previous commit 2012-07-13 15:05:19 +02:00
Miroslav Stampar
d165d5d5fe To not be confused with heuristic method in SQLi 2012-07-13 15:03:43 +02:00
Miroslav Stampar
3c81f74823 Minor style update 2012-07-13 12:22:37 +02:00
Miroslav Stampar
d834e8debf Minor update 2012-07-13 10:28:03 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
ea9c66108e cleanup for issue #68 2012-07-12 15:38:43 +01:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Bernardo Damele
33cbbed4a8 I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided 2012-07-12 01:39:15 +01:00
Bernardo Damele
3a94953ae2 leftover from previous commit 2012-07-12 01:15:34 +01:00
Bernardo Damele
31571e6e2d minor refactoring 2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
2669528b24 Language typo 2012-07-07 11:16:33 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Bernardo Damele
6697927098 initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap 2012-07-02 02:04:19 +01:00
Bernardo Damele
7b4ecd9df0 added skeleton code for issue #34, still not usable 2012-07-02 00:22:34 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
01be9381d5 minor update 2012-06-25 16:24:33 +00:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
4ac3794e80 minor update 2012-06-12 14:22:14 +00:00
Miroslav Stampar
738073105e minor updates 2012-06-04 19:52:51 +00:00
Miroslav Stampar
7b282b1d6c adding support for newer SSL protocols 2012-06-04 19:46:28 +00:00
Miroslav Stampar
76a4aa19ac some more fine tunning 2012-05-28 19:50:12 +00:00
Miroslav Stampar
efb406fbfc minor revert 2012-05-28 19:13:50 +00:00
Miroslav Stampar
f7cba8d2cb minor update 2012-05-28 18:05:15 +00:00
Miroslav Stampar
a72cb29c1f taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server 2012-05-28 16:57:10 +00:00
Miroslav Stampar
89e90c3d84 revert of last commit 2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b minor update 2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
226547b7dc minor fix for --skip-urlencode and custom post 2012-05-28 09:04:25 +00:00
Miroslav Stampar
e967bbd70f minor patch 2012-05-27 21:44:42 +00:00
Miroslav Stampar
fed0212631 now working with recursive queries too 2012-05-27 10:03:02 +00:00
Miroslav Stampar
09f2144485 full page read is not needed in DNS exfiltration mode 2012-05-26 21:28:43 +00:00
Miroslav Stampar
c394610740 adding switch --skip-urlencode to skip URL encoding of POST data 2012-05-24 23:30:33 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
333f8057a5 minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces 2012-05-14 14:06:43 +00:00
Miroslav Stampar
12d32f58f2 fix for that SOAP reported bug 2012-05-10 13:39:54 +00:00
Miroslav Stampar
fdf61015ad minor patch 2012-05-09 08:41:05 +00:00
Miroslav Stampar
6af110d631 avoiding --no-cast/--hex warning message before a DBMS is fingerprinted 2012-05-08 14:06:41 +00:00
Miroslav Stampar
775134639d minor update 2012-04-20 20:33:15 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00