Commit Graph

294 Commits

Author SHA1 Message Date
Bernardo Damele
4eaa0d17aa Fix in forging query to calculate query output length - closes issue #342 2013-01-15 15:50:20 +00:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
605d73cc3d Minor refactoring 2012-11-29 12:21:12 +01:00
Miroslav Stampar
25a5073281 Bug fix for --hex/--technique=B (especially MsSQL) 2012-10-28 12:22:33 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
b82eb3a1ae Fix for an Issue #210 2012-10-23 13:58:25 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
21481df239 Minor update for Issue #209 2012-10-21 19:00:37 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
261b286021 Fix for an Issue #209 2012-10-20 13:17:45 +02:00
Miroslav Stampar
688a2db27a Fix for an Issue #208 2012-10-19 10:04:09 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
ec43ceec40 Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;) 2012-09-25 14:29:22 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
47073f4afd Implementation of an Issue #131 2012-07-30 21:50:46 +02:00
Miroslav Stampar
a5062c1e4f Adding a warn message when --dns-domain is ignored (because of faster techniques) 2012-07-27 09:48:48 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
ea9c66108e cleanup for issue #68 2012-07-12 15:38:43 +01:00
Bernardo Damele
33cbbed4a8 I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided 2012-07-12 01:39:15 +01:00
Bernardo Damele
3a94953ae2 leftover from previous commit 2012-07-12 01:15:34 +01:00
Bernardo Damele
31571e6e2d minor refactoring 2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
2669528b24 Language typo 2012-07-07 11:16:33 +02:00
Bernardo Damele
7b4ecd9df0 added skeleton code for issue #34, still not usable 2012-07-02 00:22:34 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
ec44e88db8 lots of refactoring regarding removal of already obsolete session file mechanism 2012-06-21 10:09:10 +00:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
fdf61015ad minor patch 2012-05-09 08:41:05 +00:00
Miroslav Stampar
6af110d631 avoiding --no-cast/--hex warning message before a DBMS is fingerprinted 2012-05-08 14:06:41 +00:00
Miroslav Stampar
b1dd03731a minor cosmetics 2012-04-04 23:34:08 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895 more cosmetics 2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
503988887c minor update 2012-04-03 10:43:46 +00:00
Miroslav Stampar
2504f4edb8 minor fixes 2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
577caac4de putting kb.negativeLogic setting to the safe place 2012-03-16 09:17:11 +00:00
Miroslav Stampar
19beb912fa first step toward negative logic support 2012-03-15 15:52:12 +00:00
Miroslav Stampar
34b0935cb3 refactoring "echo 1" quick test for xp_cmdshell console output 2012-03-13 10:36:49 +00:00
Miroslav Stampar
5a83f1c5f7 minor update 2012-03-08 15:43:22 +00:00
Miroslav Stampar
1ec56f93ec minor update 2012-03-01 10:10:19 +00:00
Miroslav Stampar
1e82405bb9 HashDB is now supported in -d too 2012-02-27 12:14:01 +00:00
Miroslav Stampar
f94b91ad87 added helper function for HashDB data storing/retrieval 2012-02-24 13:07:20 +00:00
Miroslav Stampar
0478e4166a minor justin case fix 2012-02-23 15:19:20 +00:00
Miroslav Stampar
aee269cc14 gazillion changes, nothing will work, muhahaha 2012-02-17 14:22:48 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Bernardo Damele
1c44d6d3c7 Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d 2012-02-14 17:29:00 +00:00
Miroslav Stampar
e50d64546f minor fix 2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3 just a makeup 2012-02-07 12:05:23 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd more concise language 2012-01-07 17:45:45 +00:00
Miroslav Stampar
9f68e54fff minor cleanup 2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7 speedup of UNION dumping 2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206 some refactoring/speedup around UNION technique 2011-12-22 10:32:21 +00:00
Miroslav Stampar
73a500833d minor bug fix 2011-12-12 14:38:06 +00:00
Miroslav Stampar
65b2b0ad87 adding switch --eval 2011-11-21 16:41:02 +00:00
Miroslav Stampar
440b7efe55 minor optimization 2011-11-20 20:14:47 +00:00
Miroslav Stampar
34738129c9 minor update 2011-09-25 21:27:58 +00:00
Miroslav Stampar
6bbb8139a0 update (smaller memory footprint in postprocessing phase because of safecharencode part) 2011-07-25 20:40:31 +00:00
Miroslav Stampar
2033a28ae7 minor update regarding last commit (cleaner code) 2011-07-24 20:44:17 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Miroslav Stampar
9e5856caf8 improvement for recognition of scalar vs multiple-row commands 2011-05-19 16:45:05 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Miroslav Stampar
930872cf3b fix 2011-04-21 14:20:09 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
723a7447b2 minor refactoring 2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421 added support for handling binary data values (no more garbish chars) 2011-04-09 23:13:16 +00:00
Miroslav Stampar
228cc68747 fix for those ugly DEBUG messages in brute mode 2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656 cosmeticados ;) 2011-04-08 10:39:07 +00:00
Bernardo Damele
60605b6e7c Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only) 2011-02-27 12:14:13 +00:00
Miroslav Stampar
0c57f2af0f minor fix 2011-02-20 12:20:44 +00:00
Bernardo Damele
429ab631fe Minor refactoring 2011-02-13 21:25:01 +00:00
Miroslav Stampar
1cd483f42f one more update 2011-02-12 10:24:09 +00:00
Miroslav Stampar
25a3a64327 we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes. 2011-02-12 10:15:42 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Miroslav Stampar
d9af01d73d imporant fix for boolean expression which return [None] 2011-02-09 16:53:22 +00:00
Miroslav Stampar
71d1b72e0e minor adjustment 2011-02-07 12:51:38 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
2fd9621499 Minor adjustments
Cosmetics
2011-01-31 21:22:39 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00