Commit Graph

180 Commits

Author SHA1 Message Date
Miroslav Stampar
b02bd55edc minor refactoring 2010-12-10 13:04:36 +00:00
Bernardo Damele
d71e51e765 Minor improvement 2010-12-10 11:31:27 +00:00
Bernardo Damele
4741874e9e Enhancement to speedup MySQL fingerprint 2010-12-10 11:27:36 +00:00
Miroslav Stampar
e98b81fe32 another update 2010-12-10 10:56:55 +00:00
Miroslav Stampar
d5e7a8d305 update 2010-12-10 10:54:17 +00:00
Miroslav Stampar
bbffea2cbc bug fix 2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9 code refactoring 2010-12-09 16:49:02 +00:00
Miroslav Stampar
cdff29ada7 update 2010-12-09 11:23:44 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Miroslav Stampar
bf09b8a6d9 added Firebird error based (WHERE) attack vector 2010-12-02 15:09:21 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle 2010-11-17 17:20:32 +00:00
Miroslav Stampar
6ef3846400 update regarding error parsing (and reporting) 2010-11-16 10:42:42 +00:00
Bernardo Damele
64b5de44a0 Converted to new XML object format 2010-11-12 10:11:13 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c minor update 2010-11-11 22:26:36 +00:00
Miroslav Stampar
be992b4471 update regarding common columns existance check 2010-11-11 17:09:31 +00:00
Bernardo Damele
0c8918bf07 Minor bug fix, thanks Alex 2010-11-08 12:45:23 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Bernardo Damele
27ce4b0cf0 Set proper verbose level for dbms direct error messages 2010-11-07 22:14:06 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83 some updates 2010-11-04 23:08:59 +00:00
Miroslav Stampar
d7dbf814a0 fix/update for Access 2010-11-04 21:47:21 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Miroslav Stampar
6ad8bbfc8e one more ms access update 2010-11-02 10:50:57 +00:00
Miroslav Stampar
c98d8fed83 minor ms access update 2010-11-02 10:13:36 +00:00
Bernardo Damele
65a0a8d285 Delegate urlencoding to agent.py only 2010-10-31 13:28:05 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
d554ffc0ae yes, I am quite paranoid with cosmetics 2010-10-27 10:37:54 +00:00
Bernardo Damele
f5904d0bc0 Major bug fix to --union-test 2010-10-25 23:39:55 +00:00
Miroslav Stampar
8a9a57c709 update for Sybase and major bug fix for --passwords on MSSQL 2010-10-25 22:11:38 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Miroslav Stampar
24e4429bf6 or better yet, there is no need for _ or *args on getPrivileges (tried with SQLite and MSSql which crashed) 2010-10-21 13:31:06 +00:00
Miroslav Stampar
fe3967bdec fix for --privileges (on MSSql --privileges returned exception) 2010-10-21 13:28:29 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Bernardo Damele
526694c80c Minor fix 2010-10-20 22:24:06 +00:00
Miroslav Stampar
82f44989ce update of error based injection and bug fix for --roles on MSSQL server 2010-10-20 06:40:33 +00:00
Bernardo Damele
60a1b48194 Major bug fix for --os-pwn 2010-10-17 20:44:16 +00:00