Commit Graph

718 Commits

Author SHA1 Message Date
Miroslav Stampar
5477c9f7ba Fix for an Issue #216 2012-10-24 22:59:46 +02:00
Miroslav Stampar
f25f5c9eeb Minor fix 2012-10-23 10:33:30 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
ebe3f4c34c Minor fix 2012-10-15 18:51:42 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
75990b715d Fix for an Issue #184 2012-09-13 10:20:24 +02:00
Miroslav Stampar
959225af55 Minor fix 2012-09-10 19:28:15 +02:00
Miroslav Stampar
1f49e4ae36 Fix for an Issue #179 2012-09-10 19:23:24 +02:00
Miroslav Stampar
f26ea04e38 Fix for an Issue #175 2012-09-07 17:06:38 +02:00
Miroslav Stampar
1bcf5a6b88 Some more dict refactorings 2012-08-21 11:30:01 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
4649450603 Fix for an Issue #137 2012-08-16 22:20:24 +02:00
Miroslav Stampar
74ee0ce78a Fix for an Issue #148 2012-08-14 23:25:12 +02:00
Miroslav Stampar
b78163f99b Update for Issue #138 2012-08-08 19:06:47 +02:00
Miroslav Stampar
20a66567a3 Minor refactoring 2012-07-30 10:06:14 +02:00
Miroslav Stampar
ffc520b35f Minor refactoring 2012-07-24 14:35:56 +02:00
Bernardo Damele
60242f92c5 made --search -D on MSSQL consistent with other DBMSes - issue #81 2012-07-20 23:37:56 +01:00
Bernardo Damele
7f10b01265 same fix as previous commit for blind techniques 2012-07-20 22:35:20 +01:00
Bernardo Damele
b54ae107cc major bug fix in --search with multiple -C provided 2012-07-20 22:29:48 +01:00
Bernardo Damele
45177cf93d minor restyling 2012-07-20 22:29:30 +01:00
Bernardo Damele
16668e1b8d leftover debug message 2012-07-20 21:48:29 +01:00
Bernardo Damele
b0ab837832 minor code refactoring and implemented issue #95 2012-07-20 21:46:36 +01:00
Bernardo Damele
9cb1c4c0d9 plugin refactoring - issue #22 2012-07-20 19:17:35 +01:00
Bernardo Damele
52431402dd minor fix to avoid cleanup() if web backdoor upload failed 2012-07-16 17:58:30 +01:00
Miroslav Stampar
c1a14257a4 Removing --disable... switches and making changes in default choice(s) for respectable sections 2012-07-16 11:31:51 +02:00
Miroslav Stampar
3f4186ce2c Removing duplicate user password hashes 2012-07-14 10:57:46 +02:00
Miroslav Stampar
6677da63cd Fix for an Issue #88 2012-07-13 14:25:39 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
cba2a26b68 Finishing Issue #75 (inference dumping) 2012-07-12 14:46:57 +02:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Miroslav Stampar
3fd5119f3f Redesigning for Issue #75 2012-07-12 13:42:22 +02:00
Bernardo Damele
fed178646a minor refactoring 2012-07-12 01:48:07 +01:00
Bernardo Damele
01474f6272 proper debug message added - issue #75 2012-07-12 01:19:36 +01:00
Bernardo Damele
ee3aeb8dcf actual implementation of issue #75, still some work to do 2012-07-12 01:16:00 +01:00
Bernardo Damele
caeddf6822 avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file 2012-07-12 00:17:07 +01:00
Bernardo Damele
66d854c7d8 leftover space 2012-07-12 00:04:56 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Bernardo Damele
6f6cd676b7 clean up the file system from sqlmap created web files 2012-07-11 14:07:20 +01:00
Bernardo Damele
0c5f259481 var renaming 2012-07-11 13:39:33 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
8caffac4bc conf.unescape->kb.unescape 2012-07-10 10:55:04 +02:00
Bernardo Damele
4656d23d82 increased verbosity level of some messages and removed a leftover 2012-07-10 01:43:19 +01:00
Bernardo Damele
00b7411a87 more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok 2012-07-10 01:39:03 +01:00
Bernardo Damele
2527554f8e more work on #33 2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0 initial work for issue #33 2012-07-10 00:27:08 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Bernardo Damele
e673033ac1 minor layout adjustment 2012-07-06 15:26:45 +01:00
Bernardo Damele
fb7fe552b7 proper naming 2012-07-06 15:13:50 +01:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
Miroslav Stampar
e51d3a02f1 Update for Issue #43 (renamed --disable-cracking to --disable-hash) 2012-06-28 18:53:47 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
303aa10507 only a small update 2012-06-27 14:43:18 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
d5e80089ff minor summer cleanup 2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
96177393e1 minor update regarding --exact switch 2012-06-10 13:38:12 +00:00
Miroslav Stampar
10b0639a96 making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE) 2012-06-04 09:24:46 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
8013a64f8c minor refactoring 2012-05-01 19:57:30 +00:00
Miroslav Stampar
c71d435d9f making "id"-like columns prioritized for ORDER BY in MySQL 2012-05-01 19:52:02 +00:00
Miroslav Stampar
458a73c9b4 few consistency fixes 2012-04-29 23:09:00 +00:00
Miroslav Stampar
c7a606637f switching few readInput defaults for brute forcing when no table/column found 2012-04-27 12:59:22 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Bernardo Damele
0013b0970f Minor layout adjustments - foundDb is misleading at that stage 2012-03-15 16:07:16 +00:00
Miroslav Stampar
8cf5d260fd Application Data is not a temporary directory writable by everybody 2012-03-14 23:44:29 +00:00
Bernardo Damele
c735d846ee The default temporary directory as to stay as is, do not touch this code snippet anymore please 2012-03-14 22:39:46 +00:00
Miroslav Stampar
ca0d068575 distinguishing NULL from BLANK 2012-03-14 13:52:23 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00
Bernardo Damele
48592f2515 minor adjustments 2012-03-09 18:34:18 +00:00
Bernardo Damele
be9b103b51 minor bug fix 2012-03-09 18:02:50 +00:00
Bernardo Damele
012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
2012-03-09 17:47:50 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Bernardo Damele
7330dff255 Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries 2012-03-08 16:57:53 +00:00
Bernardo Damele
ae87df5670 leftover 2012-03-08 15:45:33 +00:00
Bernardo Damele
4bc6f3f6c9 Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore 2012-03-08 15:32:05 +00:00
Miroslav Stampar
68b9d48d0a minor update 2012-03-08 15:30:23 +00:00
Miroslav Stampar
2ab80bfb2c minor bug fix 2012-03-08 15:24:05 +00:00
Bernardo Damele
c79807f5fb Minor layout adjustments 2012-03-08 15:11:24 +00:00
Miroslav Stampar
761ec7529a minor appereance fix 2012-03-01 11:52:30 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
10dd9096f7 one more just in case fix for safeSQLIdentificator naming on MSSQL --tables 2012-02-29 14:05:53 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
26b33154ab optimal fix related to the last commit 2012-02-24 14:28:41 +00:00
Miroslav Stampar
9d6fd2e507 bug fix for --schema --technique=BST 2012-02-24 14:12:19 +00:00
Miroslav Stampar
f9d2971474 minor just in case fix 2012-02-23 16:37:06 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently 2012-02-20 11:06:55 +00:00
Miroslav Stampar
08bf8c201f few minor fixes 2012-02-20 10:24:55 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
948cf25de4 more consistent 2012-02-09 09:53:40 +00:00
Miroslav Stampar
980367b7b2 minor update 2012-02-09 09:48:47 +00:00
Miroslav Stampar
1d4b10dbd1 bug fix 2012-02-08 13:55:50 +00:00
Miroslav Stampar
2662fe84f7 minor update 2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593 minor update 2012-02-08 12:00:03 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
e94f86a1ad minor update 2012-02-03 15:46:28 +00:00
Miroslav Stampar
a48fc4efec minor update 2012-02-03 15:32:23 +00:00
Miroslav Stampar
e3466fa5d8 minor update 2012-02-03 15:28:11 +00:00
Miroslav Stampar
2136b3447d better solution 2012-02-03 15:22:21 +00:00
Miroslav Stampar
f79d01183d minor update 2012-02-01 09:23:52 +00:00
Miroslav Stampar
2face9799a minor fix 2012-02-01 09:17:38 +00:00
Miroslav Stampar
7d37a650d0 minor fix 2012-01-30 14:41:17 +00:00
Miroslav Stampar
de94bee7b5 minor fix 2012-01-20 00:11:19 +00:00
Miroslav Stampar
b2dad63000 some more refactoring 2012-01-13 22:00:34 +00:00
Miroslav Stampar
8e4b8d345f refactoring 2012-01-13 21:55:39 +00:00
Bernardo Damele
ec9cc19951 Minor bug fixes for -d 2012-01-13 21:46:21 +00:00
Bernardo Damele
5e853cae64 Minor bug fix so now when the back-end DBMS operating system is Windows 2000, it sets the temporary folder automatically to C:\WINNT\Temp - the user does not need to provide it anymore with --tmp-path C:\\WINNT\\Temp 2012-01-13 18:08:44 +00:00
Bernardo Damele
0043336620 Minor fix and removed leftover debug message 2012-01-13 17:04:59 +00:00
Bernardo Damele
b03f91437b Minor code refactoring 2012-01-13 16:49:52 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
ff52931140 some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available) 2012-01-07 19:30:35 +00:00
Miroslav Stampar
138b8039b3 better language 2012-01-07 17:35:53 +00:00
Miroslav Stampar
f85c5b3f4d minor update 2012-01-06 00:23:49 +00:00
Miroslav Stampar
f412706fee minor update for MSSQL --tables (fallback to other method) 2012-01-03 18:01:14 +00:00
Miroslav Stampar
8750532c3d minor fix 2011-12-28 14:13:36 +00:00
Miroslav Stampar
526aacb640 code cleanup 2011-12-21 22:59:23 +00:00
Miroslav Stampar
41ccf88990 some more refactoring 2011-12-21 22:09:21 +00:00
Miroslav Stampar
d9d4e3ea9b minor fix 2011-12-21 17:43:50 +00:00
Miroslav Stampar
41b60b26fc minor refactoring 2011-12-21 14:25:39 +00:00
Miroslav Stampar
81bd9a201b minor refactoring 2011-12-21 11:50:49 +00:00
Miroslav Stampar
d1bfdc6a48 minor fix for --start/--stop mechanism in pivot dumping mode 2011-12-20 13:04:57 +00:00
Miroslav Stampar
39b406c5c1 fix for --search on Oracle 2011-12-02 18:13:27 +00:00
Miroslav Stampar
96aacbf945 upgrade of --search mechanism (lowest common denominator is now searched for - e.g. if -D -T and -C are given then -C is searched for in -D and -T) 2011-12-02 13:32:30 +00:00
Miroslav Stampar
9697e80013 some more optimizations 2011-11-22 10:54:29 +00:00
Miroslav Stampar
b117c40aa5 major improvement of HashDB speed in multi-threaded mode 2011-11-22 10:09:35 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
bd7da45546 minor update 2011-10-28 13:07:23 +00:00
Miroslav Stampar
f7be0ca4e2 minor fix 2011-10-28 12:49:35 +00:00
Miroslav Stampar
6c0e8b0ea8 returning alphabetically sorted database and table names 2011-10-28 12:40:59 +00:00
Miroslav Stampar
9523da7663 minor optimization 2011-10-25 13:21:01 +00:00
Miroslav Stampar
23bf52e496 minor refactoring 2011-10-24 09:55:50 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Miroslav Stampar
b6ccc0cc43 minor update 2011-10-18 14:35:42 +00:00
Miroslav Stampar
7f9f744b87 update regarding last commit 2011-10-12 12:37:05 +00:00
Miroslav Stampar
39e33bea99 important fix (LIMIT m,n should not be considered deterministic in column by column table dumping) 2011-10-12 12:31:47 +00:00
Miroslav Stampar
2d7d84e16b minor fix 2011-09-25 19:42:24 +00:00
Miroslav Stampar
9a1ac96756 bug fix 2011-09-11 17:22:27 +00:00
Miroslav Stampar
8a174248dc fix for a bug reported by blueBoy 2011-08-20 20:08:11 +00:00
Miroslav Stampar
fb6a84b10b minor update (when columns are missing from information_schema too) 2011-08-18 07:03:53 +00:00
Miroslav Stampar
262996fc5b bug fix 2011-08-16 06:14:40 +00:00
Miroslav Stampar
10bdd90e60 minor speed optimizations (as a result of profiling) 2011-08-12 13:40:37 +00:00
Miroslav Stampar
41ae9bc7ff minor bug fix 2011-08-09 14:20:25 +00:00
Miroslav Stampar
9423d15fb3 ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix 2011-08-03 09:08:16 +00:00
Bernardo Damele
c15439ab7f Minor improvement to --passwords output 2011-08-02 09:04:34 +00:00
Bernardo Damele
ad4584da70 Minor bug fix when dumping tables with UNION query technique on Access, Firebird and MaxDB 2011-08-01 23:44:14 +00:00
Miroslav Stampar
4ca81dd345 quick fix 2011-08-01 23:25:58 +00:00
Miroslav Stampar
e0fda9f985 minor fix 2011-08-01 10:13:25 +00:00
Miroslav Stampar
79b4e26e23 bug fix 2011-08-01 00:17:26 +00:00
Miroslav Stampar
0627bb02cb minor beautification 2011-07-31 10:21:47 +00:00
Miroslav Stampar
4d923ec375 change in invalid logic regarding --sql-shell (retrieving output for non-query commands did nothing at all) 2011-07-30 21:46:59 +00:00
Miroslav Stampar
a6ade08c28 just in case commit to prevent join string iteration over 'None' values 2011-07-30 13:01:37 +00:00
Miroslav Stampar
684ddc43e6 minor patch 2011-07-28 08:53:09 +00:00
Bernardo Damele
37de709df2 leftover 2011-07-26 11:20:07 +00:00
Bernardo Damele
a2483b3bc4 Aligned OS takeover functionalities to recent Metasploit improvements 2011-07-26 10:29:14 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Bernardo Damele
5a1c9a42a3 Minor bug fix 2011-07-20 13:45:34 +00:00
Bernardo Damele
29b5115906 Minor bug fix 2011-07-20 13:28:10 +00:00
Miroslav Stampar
9c694ce3ec bug fix (--tables --columns) 2011-07-12 23:27:47 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
da049110df Minor revert 2011-07-04 15:23:05 +00:00
Miroslav Stampar
a1fe9d07ca minor revert 2011-07-02 23:00:22 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Miroslav Stampar
8a36f7fc03 fix for a bug reported by aboynes@gmail.com (UnboundLocalError: local variable 'infoMsg' referenced before assignment) 2011-06-29 18:04:58 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Bernardo Damele
ddfae39d9e Minor bug fixes for --search with -C 2011-06-24 09:27:54 +00:00
Miroslav Stampar
ca6f9acf30 minor fix for resuming in multi threading mode 2011-06-18 12:23:18 +00:00
Miroslav Stampar
d27afaed7e some fixes 2011-06-16 14:27:44 +00:00
Miroslav Stampar
0eeb48f8f5 some fixes 2011-06-16 13:41:02 +00:00
Miroslav Stampar
afe0579487 minor fixes for pivot dumping 2011-06-15 19:03:37 +00:00
Miroslav Stampar
60ecf95383 fix for a bug reported by seyi.akin@gmail.com 2011-06-14 08:40:25 +00:00
Bernardo Damele
9126c84442 Refactoring (standardized with --search -C ...) 2011-06-08 16:39:41 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Bernardo Damele
cce3208b35 Cleanup 2011-06-08 14:15:34 +00:00
Bernardo Damele
161ece5587 Rephrase 2011-06-08 11:33:45 +00:00
Miroslav Stampar
f34b395c65 fixing typo 2011-06-07 14:58:22 +00:00
Miroslav Stampar
89a7516c35 bug fix 2011-06-06 09:55:22 +00:00
Miroslav Stampar
3fa8e1db72 better language 2011-05-31 15:45:54 +00:00
Miroslav Stampar
4bb9754dfe using --dump for msaccess with -C switch was for some reason pain in the ass (you had to do the brute forcing again and again). now -C forces the result in those cases 2011-05-30 23:34:48 +00:00
Miroslav Stampar
bf2b58ba82 minor update 2011-05-26 15:23:28 +00:00
Miroslav Stampar
79f0b3a92a adding support for --start and --stop for __pivotDumpTable 2011-05-26 15:16:57 +00:00
Miroslav Stampar
b6fe5b12a4 adding --schema to the wizard/Basic as it looks like a cool thingy to put there 2011-05-26 14:30:05 +00:00
Miroslav Stampar
a397baa89a fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches 2011-05-26 08:17:21 +00:00
Miroslav Stampar
1067d43f14 minor update 2011-05-23 19:16:29 +00:00
Miroslav Stampar
0ed03d474f now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate 2011-05-23 11:09:44 +00:00
Miroslav Stampar
7b52bbe3fb reverting that ignoreTimeout for --tables (because of this and that) 2011-05-22 09:59:19 +00:00
Miroslav Stampar
9b2623514a one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables 2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170 type correction and adding global flag kb.ignoreTimeout which could be useful 2011-05-22 08:24:13 +00:00
Miroslav Stampar
5a979f7667 minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used 2011-05-19 17:35:33 +00:00
Miroslav Stampar
4efc284b83 adding more info for --passwords 2011-05-11 12:35:32 +00:00
Bernardo Damele
b5f090cc4f Minor bug fix 2011-05-10 15:48:48 +00:00
Bernardo Damele
ac74557614 Minor adjustment for --dump-all 2011-05-08 10:25:40 +00:00
Bernardo Damele
356037ca22 cosmetics 2011-05-08 02:11:34 +00:00
Bernardo Damele
9955483052 Major improvement for --dump.
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
d3589493d1 Temporary fix for bug reported by ultramegaman (infinite loop) 2011-05-07 23:28:59 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Miroslav Stampar
eceb5eca7b fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla) 2011-05-02 21:55:06 +00:00
Miroslav Stampar
b327a78522 minor minor update of the last commit 2011-05-02 19:24:49 +00:00
Miroslav Stampar
0bb7d715a7 more user friendliness/handiness for users which mix Linux and Windows paths where they shouldn't do that 2011-05-02 19:18:28 +00:00
Miroslav Stampar
8e8886cd20 minor improvement for --sql-shell/--sql-query (when non-SELECT default is N for retrieve data output which automatically does STACKED injection) 2011-05-01 21:41:14 +00:00
Bernardo Damele
64bb480414 Do not raise otherwise it won't work with --schema 2011-04-30 23:20:16 +00:00
Bernardo Damele
b31b861d7b Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc. 2011-04-30 22:10:27 +00:00
Bernardo Damele
cb9b9c4204 Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too 2011-04-30 15:29:19 +00:00
Bernardo Damele
b3a0424269 More Backend class method usage refactoring 2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
36a9ddaacc Minor bug fixes and code restyling for --privileges and --passwords 2011-04-30 14:50:27 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
1a052245a6 duplicate code 2011-04-30 00:25:15 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Bernardo Damele
529595fd85 Moved method below 2011-04-29 22:37:43 +00:00
Bernardo Damele
14bf6abb7e Minor layout adjustment 2011-04-29 21:40:48 +00:00
Bernardo Damele
f449688f93 Proper resume of --schema data when calling with --columns switch, minor fixes too 2011-04-29 21:17:59 +00:00
Miroslav Stampar
a6015b59df fix for a bug reported by jaccovantuijl@gmail.​com (entries = zip(*[entries[colName] for colName in colList])) 2011-04-29 14:33:47 +00:00
Bernardo Damele
edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0a534dee5 Do not even prompt for ICMP tunnel if the target OS is not Windows 2011-04-23 21:57:07 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
bd4fbb3251 fix for a bug reported by l0rda@l0rda.biz (TypeError: cannot concatenate 'str' and 'NoneType' objects) 2011-04-21 14:53:02 +00:00
Miroslav Stampar
5052013ffa minor update 2011-04-20 14:48:23 +00:00
Miroslav Stampar
88c76147e1 removed few trailing whitespace lines 2011-04-15 20:52:08 +00:00
Miroslav Stampar
c16b74ce1a covering __pivotDumpTable for keyboard and connection exceptions too 2011-04-15 14:21:13 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
aed994192e disabling safecharencode for --banner 2011-04-15 08:15:21 +00:00
Miroslav Stampar
8ddac7fe5a minor fix and speedup when pivoting empty table 2011-04-14 21:11:20 +00:00
Miroslav Stampar
384ca98ded don't let sqlmapNoneDataException for one table to break whole dumpAll() 2011-04-14 20:56:12 +00:00
Miroslav Stampar
dbbaefa79d minor update (pivot value should be safechardecoded) 2011-04-14 20:38:03 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Bernardo Damele
f4745a95ea Possible fix for bug reported by David 2011-04-11 21:45:25 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
e20848c711 first commit toward v1.0 (it's smarter to start testing for pivot point from shorter column names as they tend to be some kind of identifiers) 2011-04-11 09:40:52 +00:00
Bernardo Damele
fbf8e7f32d Minor bug fix to --file-read 2011-04-10 19:53:42 +00:00
Bernardo Damele
7dd5bd9d59 Minor fix for --cleanup on MSSQL 2011-04-10 13:48:29 +00:00
Miroslav Stampar
c714ac6421 added support for handling binary data values (no more garbish chars) 2011-04-09 23:13:16 +00:00
Miroslav Stampar
6fa2fd139c implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field) 2011-04-08 15:17:57 +00:00
Miroslav Stampar
e8259a7665 minor update (now --dump also supports only -D parameter) 2011-04-07 22:38:13 +00:00