sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Bernardo Damele	f3e8d6db70	Fixed MySQL comment injection	2009-05-01 16:29:45 +00:00
Bernardo Damele	16b4530bbe	Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed). Minor common library code refactoring. Code cleanup. Set back the default User-Agent to sqlmap for comparison algorithm reasons. Updated THANKS.	2009-04-27 23:05:11 +00:00
Bernardo Damele	06e8546177	Finally fixed MSSQL 2000 fingerprint	2009-04-24 10:26:01 +00:00
Bernardo Damele	eeb34eb028	Again, minor fix to MSSQL 2000 fingerprint	2009-04-23 21:13:34 +00:00
Bernardo Damele	8e88b32274	Minor fix in MSSQL 2000 fingerprint	2009-04-23 08:36:39 +00:00
Bernardo Damele	8c0ac767f4	Updated to sqlmap 0.7 release candidate 1	2009-04-22 11:48:07 +00:00
Bernardo Damele	b997df740a	Minor bug fix	2009-02-25 20:11:14 +00:00
Bernardo Damele	5560f0b68a	Updated the copyright	2009-01-12 21:35:38 +00:00
Bernardo Damele	e10ab5aa0e	Major bug fixes	2009-01-10 14:39:27 +00:00
Bernardo Damele	9e0d890171	Fixed MySQL 5.1 extensive fingerprint	2009-01-02 23:21:31 +00:00
Bernardo Damele	c1010c20d8	Minor adjustments	2008-12-30 21:24:01 +00:00
Bernardo Damele	24ddbdc89d	Minor layout adjustment	2008-12-22 23:34:22 +00:00
Bernardo Damele	b0ad102efb	Better fingerprint technique for Microsoft SQL Server	2008-12-22 23:32:43 +00:00
Bernardo Damele	79c8d63b88	Major speed increase in DBMS basic fingerprint	2008-12-22 23:26:44 +00:00
Bernardo Damele	8d06975142	Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib SequenceMatcher object: this changed a lot into the structure of the code, has to be extensively beta-tested! Please, do report bugs on sqlmap-users mailing list if you scout them. Cheers, Bernardo	2008-12-20 01:54:08 +00:00
Bernardo Damele	c32ef9d751	Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable. Minor bug fix to make the --postfix work even if --prefix is not provided.	2008-12-18 20:38:57 +00:00
Bernardo Damele	38c9627700	Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content	2008-12-05 15:34:13 +00:00
Bernardo Damele	e75487a26c	Reverted last commit, cleaner this way	2008-12-01 23:33:15 +00:00
Bernardo Damele	e2a805ef6a	Minor workaround because of latest bug fix	2008-12-01 23:32:14 +00:00
Bernardo Damele	beea58f2e9	Updated MySQL versions	2008-12-01 23:02:52 +00:00
Bernardo Damele	727664aea7	Minor enhancement to fingerprint the web server operating system and the web application technology by parsing also HTTP response Server header. Refactor libraries and plugins that parses XML to fingerprint and show on standard output the information. Updated changelog.	2008-11-18 17:42:46 +00:00
Bernardo Damele	7d0724843f	Major enhancement to the engine to parse XML files and matches on DBMS banner and HTTP response headers. Initial web application technology fingerprint (for the moment based only on X-Powered-By HTTP response header and not shown yet to the user). Minor layout adjustments.	2008-11-17 17:41:02 +00:00
Bernardo Damele	66fb3c3033	Minor enhancement to show the DBMS operating system (if fingerprinted) also when only -b option is provided since it's an information that sqlmap get parsing the DBMS banner. Got rid completely of useless passive fuzzing.	2008-11-17 11:22:03 +00:00
Bernardo Damele	654aecedfe	Minor layout adjustments, minor fixes and updated changelog	2008-11-17 00:00:54 +00:00
Bernardo Damele	fa0507ab39	Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<--	2008-11-15 23:41:31 +00:00
Bernardo Damele	4bf1fcb8ec	Minor layout adjustment	2008-11-15 01:10:29 +00:00
Bernardo Damele	81ed7c2086	Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments.	2008-11-12 00:36:50 +00:00
Bernardo Damele	0f79ec0088	Minor bug fix in MySQL comment injection fingerprint technique	2008-11-04 16:05:43 +00:00
Bernardo Damele	03b90e0a3f	Be more user friendly on messages and minor code layout improvement	2008-11-02 18:23:42 +00:00
Bernardo Damele	09ca578ca1	Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option;	2008-11-02 18:17:12 +00:00
Bernardo Damele	e2a0f7a47b	Fix typo	2008-10-30 23:20:14 +00:00
Bernardo Damele	7ad9639ed0	Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3	2008-10-29 15:32:12 +00:00
Bernardo Damele	2fcbb57e1c	Minor code restyling	2008-10-26 17:00:07 +00:00
Bernardo Damele	4b02ed45fa	Due to last commit..	2008-10-26 16:45:36 +00:00
Bernardo Damele	fce61ff950	Minor if condition adjustment	2008-10-26 16:25:28 +00:00
Bernardo Damele	8f5fb5657d	Major improvement to correctly enumerate tables, columns and dump tables entries on PostgreSQL when the database name is not 'public' or a system database and on Oracle. Minor code restyle.	2008-10-26 16:19:15 +00:00
Bernardo Damele	892a7b2f8a	propsets..	2008-10-15 15:56:32 +00:00
Bernardo Damele	8e3eb45510	After the storm, a restore..	2008-10-15 15:38:22 +00:00

... 5 6 7 8 9

438 Commits