Commit Graph

736 Commits

Author SHA1 Message Date
Miroslav Stampar
68e507ea9f Update for an SQLite3 time-based (heavy query) payloads (better timedelay) 2013-01-31 18:59:18 +01:00
Miroslav Stampar
410f6ad476 Fix for an Issue #380 2013-01-31 13:26:38 +01:00
Miroslav Stampar
6b6e36b2ec Continuation of work on fixing DISTINCT/--search issues (Oracle) 2013-01-30 18:08:34 +01:00
Miroslav Stampar
838e98192e Consistency update (we are not using DISTINCT in inband counterparts too) 2013-01-30 17:25:36 +01:00
Miroslav Stampar
112ff952d4 Continuation of cleaning up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 17:08:17 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Miroslav Stampar
742c66fad2 Adding one more test (switch --hex) 2013-01-30 11:40:12 +01:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f2512d06db Removing unneeded whitespace in inference queries 2013-01-29 16:13:49 +01:00
Bernardo Damele
2a9fe62c3f bind payload is preferred if filtering does not allow reverse connection 2013-01-26 15:51:47 +00:00
Miroslav Stampar
f9b44d6ff7 Adding test cases for using custom injection marks 2013-01-25 16:07:27 +01:00
Bernardo Damele
aed833c1d2 fixed test case 2013-01-24 14:59:55 +00:00
Bernardo Damele
7d01eb79b4 minor fix 2013-01-24 00:55:45 +00:00
Bernardo Damele
3c0c7f776f minor fix 2013-01-23 16:57:51 +00:00
Bernardo Damele
f1534a178a regexp fixes 2013-01-23 16:22:01 +00:00
Bernardo Damele
9ceb4839ac added test cases for --common-tables across all DBMSes and supported techniques 2013-01-23 15:54:58 +00:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
35d76f3da5 Adding missing stuff related to the last commit 2013-01-23 14:48:31 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
599ad74a32 typo fix 2013-01-23 13:05:10 +00:00
Bernardo Damele
7ee07d031a added PostgreSQL stacked queries test case 2013-01-23 12:15:20 +00:00
Bernardo Damele
314ed22fc3 added preventive cleanup test case 2013-01-23 12:12:30 +00:00
Bernardo Damele
f3ff239e62 minor fix 2013-01-23 00:21:11 +00:00
Bernardo Damele
aafc5b5623 added one just in case test case to check if all params are tested as they should be 2013-01-23 00:18:54 +00:00
Bernardo Damele
91c00939f7 added one more test case 2013-01-22 18:28:59 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
5ea45af1c4 Warming up for Issue #366 and #367 2013-01-22 14:14:20 +01:00
Bernardo Damele
4f081a6a9b typo fixes 2013-01-22 13:00:15 +00:00
Bernardo Damele
afa9046e74 added Firebird custom enumeration test cases and stricten a few cases to make sure query length calculation function works properly with multi-threading/boolean technique 2013-01-22 12:34:11 +00:00
Bernardo Damele
29a65b5cdc added Firebird search test cases 2013-01-22 11:23:48 +00:00
Miroslav Stampar
b8318efecc Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 11:29:15 +01:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
d2ff9bccbb minor adjustment 2013-01-21 21:00:03 +00:00
Bernardo Damele
bc5a7e49e9 done with DB2 test cases (issue #312) 2013-01-21 20:53:11 +00:00
Bernardo Damele
3cfa6cd191 minor adjustments 2013-01-21 16:41:47 +00:00
Bernardo Damele
d5de5306d6 minor fixes following recent enhancements 2013-01-21 16:38:31 +00:00
Miroslav Stampar
472f5e35c2 Removing that space char 2013-01-21 17:35:23 +01:00
Miroslav Stampar
5d318b4980 Fix for a ISNULL mechanism in Firebird 2013-01-21 17:33:09 +01:00
Miroslav Stampar
99bc4a9005 Generic approach for dealing with that nasty Firebird habit of appending spaces to (tec=EU) varchar casted values 2013-01-21 17:17:20 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
aebf2c1350 Slightly better payload for Firebird delay-based SQLi (adding sligtly more delay) 2013-01-20 23:10:58 +01:00
Bernardo Damele
845ec006d7 fixed again 2013-01-20 01:33:22 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Bernardo Damele
a24eaffacc fixed --columns on DB2, inline with Oracle and other DBMSes now 2013-01-19 16:14:25 +00:00
Bernardo Damele
b05c6cbd13 leftover 2013-01-19 00:29:42 +00:00
Bernardo Damele
30273e03fe leftover 2013-01-19 00:28:48 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
89ddd54a75 added Firebird inline query payload, requires some work though engine-side for the vector to be usable 2013-01-19 00:05:15 +00:00
Bernardo Damele
10d86d042c enough.. 2013-01-18 23:46:26 +00:00
Bernardo Damele
e76213ef5d more fixes 2013-01-18 23:37:13 +00:00
Bernardo Damele
6be7eee8d6 more fixes 2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce fixed test cases for Firebird - #312 2013-01-18 23:32:39 +00:00
Bernardo Damele
edeb181c4f added first bunch of test cases for Firebird, issue #312 2013-01-18 23:17:43 +00:00
Bernardo Damele
b176cdb578 layout adjustment 2013-01-18 22:10:52 +00:00
Bernardo Damele
2471f325b2 minor adjustments 2013-01-18 21:47:25 +00:00
Bernardo Damele
1ad9e26a21 bug fix for ORDER BY users provided statements (issue #354) 2013-01-18 21:40:50 +00:00
Bernardo Damele
ebd1d3095b done with test cases for Oracle - issue #312 2013-01-18 21:40:11 +00:00
Bernardo Damele
d594978857 typo fix again 2013-01-18 20:48:37 +00:00
Bernardo Damele
bab9485561 typo fix 2013-01-18 20:48:08 +00:00
Bernardo Damele
2550bbc05e fix for #353 2013-01-18 20:40:38 +00:00
Bernardo Damele
2463e51e73 added one more test case for DB2 and a few search-related cases for Oracle (issue #312) 2013-01-18 20:37:20 +00:00
Bernardo Damele
d66f7e22b1 more fixes to test cases 2013-01-18 09:32:05 +00:00
Bernardo Damele
e4ee4f9557 fixed some test cases 2013-01-17 23:17:33 +00:00
Bernardo Damele
ce263b794f on DB2 there are no users password hashes to dump 2013-01-17 22:17:55 +00:00
Bernardo Damele
d2d3878de1 typo fix 2013-01-17 21:58:53 +00:00
Bernardo Damele
acac8c359b fixed --current-db query for IBM DB2 2013-01-17 20:47:35 +00:00
Bernardo Damele
74286e339f test if boolean also works correctly for --os-cmd 2013-01-16 15:36:35 +00:00
Bernardo Damele
6f08d10d07 leftover 2013-01-16 15:16:18 +00:00
Bernardo Damele
1c8bd95e68 more work on Oracle test cases (#312) 2013-01-16 15:13:47 +00:00
Bernardo Damele
6b0ed1c581 fixed parsing reg exps to work with Oracle XE (#312) 2013-01-16 15:00:45 +00:00
Bernardo Damele
a3493769ca minor fix 2013-01-16 00:45:18 +00:00
Bernardo Damele
983593510c ported Oracle checks to express edition 2013-01-15 23:59:29 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
3f84cefc77 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-15 14:59:22 +00:00
Bernardo Damele
1cafe605af added more Oracle test cases 2013-01-15 14:59:15 +00:00
Miroslav Stampar
02f0e72cc6 Minor update of other/corner case titles 2013-01-15 11:10:03 +01:00
Miroslav Stampar
498a576e39 Removing obsolete data 2013-01-15 10:59:46 +01:00
Bernardo Damele
3fa720e699 added first Oracle test cases 2013-01-14 17:30:42 +00:00
Bernardo Damele
8a2b994b94 added SQLite test cases (issue #312) 2013-01-14 16:50:24 +00:00
Bernardo Damele
e555c2be30 added support for --search -T for SQLite 2013-01-14 16:26:11 +00:00
Bernardo Damele
48e0154fc3 added SQLite inline queries payload 2013-01-14 15:30:01 +00:00
Bernardo Damele
3e2c3851f3 Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312) 2013-01-14 13:42:50 +00:00
Bernardo Damele
bd89ade02f minor bug fix for PostgreSQL --file-read 2013-01-14 12:22:00 +00:00
Bernardo Damele
c6d4b89869 minor bug fix for PostgreSQL (issue #338) 2013-01-14 11:41:30 +00:00
Bernardo Damele
b35b8a4835 fixed regexps for --live-test (issue #312) 2013-01-14 10:24:11 +00:00
Bernardo Damele
4acb281414 added first test cases for PostgreSQL 2013-01-14 01:11:57 +00:00
Bernardo Damele
b74cfbf336 minor enhancements for debug purposes (issue #312) 2013-01-13 23:15:56 +00:00
Miroslav Stampar
bc4d8d3e02 Implementation for an Issue #332 2013-01-11 11:17:41 +01:00
Miroslav Stampar
7ea846e111 Removing some junk from queries.xml 2013-01-10 11:46:51 +01:00
Miroslav Stampar
ebde4b190e Minor update 2013-01-10 11:42:37 +01:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
614f4657f1 Removing timedelay tags inside queries.xml as we don't use those outside the payloads.xml anymore (Update for an Issue #24) 2013-01-08 10:30:01 +01:00
Bernardo Damele
ec7508ec4f test case to reproduce bug introduced at 76839ff 2013-01-07 17:39:13 +00:00
Miroslav Stampar
a3f9741d6e Fixed unneeded trimming in --hex for MsSQL 2012-12-21 11:40:18 +01:00
Bernardo Damele
a56e384abb updated VM.. 2012-12-20 13:18:45 +00:00
Bernardo Damele
e39ac0f092 added OR boolean-based test case 2012-12-20 12:52:26 +00:00
Bernardo Damele
d019f75e63 for this test case verbose has to be set to 2 as we parse a DEBUG message 2012-12-20 11:48:34 +00:00
Bernardo Damele
190e317992 fixed test case and added new one, commented out metasploit integration case as it cannot be handled easily 2012-12-20 11:05:11 +00:00
Miroslav Stampar
19e2f3bb76 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-12-20 10:43:54 +01:00
Miroslav Stampar
03215ef209 Proper length function used now (fixing issues with international letters in multi threaded mode) 2012-12-20 10:43:38 +01:00
Bernardo Damele
076b4063e6 these edits got overwritten from last commits 2012-12-20 09:42:44 +00:00
Bernardo Damele
602405c171 added more test cases 2012-12-19 18:30:04 +00:00
Bernardo Damele
a2c58847e6 fixed title 2012-12-19 18:29:00 +00:00
Bernardo Damele
357da43cea slight improvement of live test engine and added misc test cases to xml 2012-12-19 17:28:41 +00:00
Bernardo Damele
3061eec7d8 added test case for web shell command execution and temporary test case for Metasploit integration (--os-pwn) 2012-12-19 16:39:13 +00:00
Bernardo Damele
282aeb734f ORDER BY does not play well with UNION query SQLi (related to issue #313) 2012-12-19 13:21:16 +00:00
Bernardo Damele
e583ba6826 no point retesting all for time-based too as it uses same engine of boolean-based 2012-12-19 12:35:36 +00:00
Bernardo Damele
2bc2c0431c fixed test cases 2012-12-19 12:33:37 +00:00
Bernardo Damele
5ceadf02ae fixed test cases now that MySQL test db has two more tables and removed old test cases, soon to be replaced with new ones for other DBMSes 2012-12-19 12:22:45 +00:00
Bernardo Damele
54752a9101 typo fix 2012-12-19 11:44:58 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Bernardo Damele
2c86022aab added test cases for --sql-query and improved tests for --search -C 2012-12-18 16:30:46 +00:00
Bernardo Damele
f8267ece0f added more specific --search -T and -C test cases 2012-12-18 16:13:38 +00:00
Bernardo Damele
61a838bb35 added more test cases 2012-12-18 15:59:48 +00:00
Bernardo Damele
3fa05374bd added tests for all MySQL techniques now (except stacked queries (S) as it is not supported on MySQL/PHP) 2012-12-18 12:07:19 +00:00
Miroslav Stampar
9b716eb805 Implementation for an Issue #135 2012-12-18 10:13:42 +01:00
Bernardo Damele
b957b4790b regexp fix 2012-12-17 13:52:00 +00:00
Bernardo Damele
86bca05ab0 improved tests 2012-12-17 13:30:41 +00:00
Bernardo Damele
bbd2adb5fb improvements to --live-test and added --stop-fail switch 2012-12-17 11:41:43 +00:00
Bernardo Damele
2926c815bf improved test switch --live-test and minor refactoring 2012-12-17 11:29:33 +00:00
Miroslav Stampar
bc72180a3b Lowering --limit for inline query technique 2012-12-05 10:58:41 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
2e2a7a34b6 Minor consistency update 2012-11-29 12:11:53 +01:00
Miroslav Stampar
c0796b4742 Minor bug fix (RLIKE boolean case was using wrong comparison payload) 2012-11-27 12:03:38 +01:00
Miroslav Stampar
919f75db9b Improvement and fix for pivotDumpTable mechanism 2012-10-28 23:09:35 +01:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
67cfc3b492 Removing boundaries (it were meant to be used as 'parameter replace' logic but it's not doable for boundaries) 2012-09-17 22:36:40 +02:00
Miroslav Stampar
acad7a34a2 Minor update 2012-09-17 22:23:44 +02:00
Miroslav Stampar
f26ea04e38 Fix for an Issue #175 2012-09-07 17:06:38 +02:00
Miroslav Stampar
59ab3c7bdc Updating server.xml with fresh banners 2012-08-23 11:01:57 +02:00
Miroslav Stampar
d7cf0de090 Fixing INSERT/UPDATE generic boundaries (those previous few were junkies) 2012-08-22 14:12:51 +02:00
Miroslav Stampar
8ee9feafb9 Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries) 2012-08-20 21:57:25 +02:00
Miroslav Stampar
6fdbe4eb89 Fix by zhouhx@knownsec.com (better LIKE boundaries) 2012-08-06 19:04:23 +02:00
Miroslav Stampar
57f2fccc24 Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :) 2012-07-26 11:40:47 +02:00
Miroslav Stampar
ec96689556 Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db 2012-07-26 11:39:51 +02:00
Miroslav Stampar
6878ef92b2 Style update 2012-07-26 11:22:00 +02:00
Miroslav Stampar
ab3160316f Implementation of payloads for Issue #122 2012-07-26 11:17:09 +02:00
Miroslav Stampar
95e0d46e3e Fix for an Issue #110 2012-07-21 09:15:54 +02:00
Bernardo Damele
1928d5464d fixes issue #97 2012-07-20 15:56:14 +01:00
Bernardo Damele
243a905788 more on issue #97 2012-07-17 23:07:16 +01:00
Bernardo Damele
c483e91445 added payloads for ORDER BY/GROUP BY time-based injections - issue #97 2012-07-17 22:52:28 +01:00
Bernardo Damele
771e7a9fc3 Initial commit for issue #97 2012-07-17 10:13:09 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Miroslav Stampar
5d35d255ba minor refactoring 2012-06-11 22:27:33 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
3a9e266d78 adding revisited wildcard LIKE payloads 2012-05-21 21:49:54 +00:00
Miroslav Stampar
602369c762 reverting last changes on boundaries 2012-05-21 09:20:46 +00:00
Miroslav Stampar
1500b3fccd adding a new payload boundaries by smcintyre@securestate.com 2012-05-21 08:31:37 +00:00
Miroslav Stampar
37f2709197 making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) 2012-05-09 09:08:23 +00:00
Miroslav Stampar
deec97dfe3 adding Frontbase to error message regexes 2012-05-08 17:02:58 +00:00
Miroslav Stampar
57234e1ff5 fix for proper (international character) inference on MsAccess 2012-05-03 23:13:48 +00:00
Miroslav Stampar
1e45ee9ab6 reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago 2012-04-25 20:37:39 +00:00
Bernardo Damele
eb73cab636 increased UNION test ranges 2012-04-23 11:54:52 +00:00
Miroslav Stampar
414c74b8aa new payload 2012-04-13 08:16:33 +00:00
Bernardo Damele
1f82d29a36 switch two conditional payloads for proper detection 2012-04-04 10:11:48 +00:00
Bernardo Damele
d5b4b7996a minor revert 2012-04-04 00:09:47 +00:00
Bernardo Damele
049c27c739 improved detection for INSERT and UPDATE statements 2012-04-03 23:29:06 +00:00
Bernardo Damele
40a7232de6 Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings) 2012-03-30 16:27:08 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values 2012-03-29 12:44:20 +00:00
Miroslav Stampar
84479eebe9 minor fix 2012-03-15 08:55:42 +00:00
Bernardo Damele
890bf708bc Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported) 2012-03-15 00:19:57 +00:00
Bernardo Damele
012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
2012-03-09 17:47:50 +00:00
Miroslav Stampar
ac5a752b12 Oracle's XMLType doesn't like '#' char too 2012-03-01 11:59:37 +00:00
Miroslav Stampar
686eacda9a minor update regarding --hex 2012-02-21 13:38:18 +00:00
Miroslav Stampar
77723a7aee minor update 2012-02-21 10:24:04 +00:00
Miroslav Stampar
d70f4b7150 adding hex conversion functions to queries.xml for 4 major DBMSes 2012-02-21 10:10:43 +00:00
Miroslav Stampar
6632aa7308 some more refactoring 2012-02-16 13:46:01 +00:00
Miroslav Stampar
7bca926a0b fixes, updates, patches 2012-02-09 10:16:58 +00:00
Miroslav Stampar
f86c365694 added one more failsafe for MSSQL --tables 2012-02-03 10:56:39 +00:00
Miroslav Stampar
f4e7bf1d51 minor update regarding support for Unicode characters in Oracle 2012-02-01 14:17:27 +00:00
Miroslav Stampar
704488a4e4 proper retrieval of unicode characters in inference mode on MSSQL 2012-02-01 13:01:46 +00:00
Miroslav Stampar
a6c2fc7ecc some refactoring on MSSQL support 2012-02-01 12:53:07 +00:00
Bernardo Damele
ec9cc19951 Minor bug fixes for -d 2012-01-13 21:46:21 +00:00
Miroslav Stampar
f1147035cf minor concision/beautification update 2012-01-10 11:50:26 +00:00
Miroslav Stampar
fecdce5801 implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too 2012-01-09 21:09:05 +00:00
Miroslav Stampar
f412706fee minor update for MSSQL --tables (fallback to other method) 2012-01-03 18:01:14 +00:00
Miroslav Stampar
7d2fce16dc minor fix 2011-12-16 11:40:23 +00:00
Miroslav Stampar
cff21814bb minor patch for MSSQL 2008 2011-12-16 11:23:41 +00:00
Miroslav Stampar
2adf358524 minor update 2011-12-03 13:17:43 +00:00
Miroslav Stampar
39b406c5c1 fix for --search on Oracle 2011-12-02 18:13:27 +00:00
Miroslav Stampar
94790bf08a minor update (removing reference to Microsoft Access for Generic payload) 2011-12-01 13:25:27 +00:00
Miroslav Stampar
df4e3be191 using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions) 2011-11-23 22:57:02 +00:00
Miroslav Stampar
d8047c79f3 reverting back last two commits 2011-11-22 15:28:31 +00:00
Miroslav Stampar
73276c0785 even better (added long before plugins table) 2011-11-22 15:23:31 +00:00
Miroslav Stampar
ff07031170 better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based) 2011-11-22 15:20:12 +00:00
Miroslav Stampar
bbb7e1562d adding AGAINST full-text search boundaries 2011-11-12 14:16:43 +00:00
Miroslav Stampar
2e5222bfd8 adding INSERT/UPDATE generic boundaries 2011-10-28 11:00:09 +00:00
Miroslav Stampar
b6ccc0cc43 minor update 2011-10-18 14:35:42 +00:00
Miroslav Stampar
597d554153 minor update 2011-10-18 13:05:49 +00:00
Miroslav Stampar
382db1b67a degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level) 2011-08-31 20:35:57 +00:00
Miroslav Stampar
d283e3eb3c adding support for pre-WHERE injections 2011-08-24 09:04:18 +00:00
Miroslav Stampar
13eb20cea1 minor beautification 2011-08-03 10:12:06 +00:00
Bernardo Damele
2e20eb1a88 Minor fix 2011-08-03 10:08:59 +00:00
Bernardo Damele
b8e2d60bfa Added MSSQL 2008 R2 signatures 2011-07-24 23:42:32 +00:00
Bernardo Damele
48f580fb10 Minor adjustments to MSSQL fingerprint 2011-07-24 23:30:23 +00:00
Bernardo Damele
99a0b62d0d Minor adjustments 2011-07-24 22:26:11 +00:00
Miroslav Stampar
ca83305b58 added MySQL updatexml error-based payload 2011-07-24 21:08:32 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
4cb9988243 quick fix 2011-07-12 21:09:33 +00:00
Bernardo Damele
c9ba58acb6 Moved MS Access UNION query tests after generic as generic test must identify MSSQL 2011-07-11 09:47:52 +00:00
Miroslav Stampar
5d31eb5ef7 cosmetics and also tested against testing env - works perfectly 2011-07-10 09:07:07 +00:00
Miroslav Stampar
eb42cedf2a adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment 2011-07-10 08:54:22 +00:00
Miroslav Stampar
93219b9e13 i've accidentally left table_schema removed while doing some tests. now it should be ok 2011-07-08 10:24:46 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
9eb683531d Minor improvement at blind SQL inj technique for DB2 2011-06-27 22:28:12 +00:00
Bernardo Damele
ed4cfbb6d2 Minor fix 2011-06-27 08:58:59 +00:00
Miroslav Stampar
bedf16b88b adding payloads for time-based injection on SAP MaxDB (heavy query) 2011-06-26 23:46:09 +00:00
Miroslav Stampar
d0490cc4e7 adding payloads for time-based injection on DB2 (heavy query) 2011-06-26 16:38:22 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Bernardo Damele
b2e6cf3ed9 Enabled --search -C also for Oracle 2011-06-24 14:34:20 +00:00
Miroslav Stampar
4188df0501 fixes for Sybase 2011-06-15 18:49:35 +00:00
Miroslav Stampar
9f6b70f3f9 update 2011-05-26 22:45:33 +00:00
Miroslav Stampar
0baf931669 real generic comment is "-- " not "--" (MySQL doesn't support "--") 2011-05-24 09:16:21 +00:00
Miroslav Stampar
171a4c389b added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload 2011-05-23 06:24:45 +00:00
Miroslav Stampar
939e6541d0 far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES) 2011-05-19 23:36:51 +00:00
Miroslav Stampar
bd1b07fbc2 one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL 2011-05-19 06:32:23 +00:00
Miroslav Stampar
7f086916c0 decent parameter replace payload for PostgreSQL (GENERATE_SERIES) 2011-05-18 23:40:42 +00:00
Miroslav Stampar
e58d6d2e00 removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable) 2011-05-18 23:20:02 +00:00
Miroslav Stampar
fe50d09cc8 added new payload for PostgreSQL (parameter replace) 2011-05-18 23:01:41 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
36a9ddaacc Minor bug fixes and code restyling for --privileges and --passwords 2011-04-30 14:50:27 +00:00
Bernardo Damele
7df954dd9f paranoy 2011-04-21 23:41:25 +00:00
Miroslav Stampar
0764c4c752 parenthesis were missing; banning OR NOT from payloads 2011-04-21 23:32:53 +00:00
Bernardo Damele
1d61611145 leftover 2011-04-21 22:46:43 +00:00
Bernardo Damele
870f773d70 In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this 2011-04-21 20:36:50 +00:00
Miroslav Stampar
05a0e1d3b0 fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting) 2011-04-15 11:34:14 +00:00
Miroslav Stampar
136e85abf3 little refresh of PHPIDS rules for --check-payload 2011-04-11 15:37:49 +00:00
Miroslav Stampar
75f286cf6d minor update conformant to http://dev.mysql.com/doc/refman/4.1/en/comments.html 2011-04-10 23:41:00 +00:00
Miroslav Stampar
3177c6023d lol. re-revert 2011-04-10 23:30:56 +00:00
Bernardo Damele
9ea4010508 Leave it as is :) 2011-04-10 23:20:35 +00:00
Miroslav Stampar
3e680978a9 revert of that last commit (waiting for some better days) 2011-04-10 23:18:38 +00:00
Miroslav Stampar
f532478a34 update of MySQL comments 2011-04-10 23:08:18 +00:00
Bernardo Damele
af096b2c83 Leave it as is!!! 2011-04-10 21:47:23 +00:00
Miroslav Stampar
d0cef21d9c fix 2011-04-10 21:19:34 +00:00
Miroslav Stampar
6fa2fd139c implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field) 2011-04-08 15:17:57 +00:00
Bernardo Damele
02eeeccd33 Added UNION query SQL injection tests also with a random number for columns (not only NULL) 2011-04-07 13:39:36 +00:00
Miroslav Stampar
ca009e9fe2 minor update 2011-04-07 10:43:19 +00:00
Miroslav Stampar
672abc27fd minor adjustment of livetests for new flavor of --technique 2011-04-07 10:41:12 +00:00
Miroslav Stampar
e27afef6be minor update regarding --current-db on Oracle 2011-04-01 15:56:11 +00:00
Miroslav Stampar
60102209f6 quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split') 2011-04-01 11:14:24 +00:00
Miroslav Stampar
b7813f9e68 incrementing level for MySQL stacked payloads 2011-03-29 07:31:56 +00:00
Miroslav Stampar
86f93713d3 fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update 2011-03-29 06:25:17 +00:00
Miroslav Stampar
73e5d20ade bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries) 2011-03-28 11:01:55 +00:00