Commit Graph

137 Commits

Author SHA1 Message Date
Miroslav Stampar
dc2ee8bfa0 Minor update 2014-08-30 21:53:09 +02:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
3bbe02a714 Bug fix (0 datetime value not liked by direct connector) 2013-08-22 12:05:59 +02:00
Miroslav Stampar
5721f6007e Fix for an Issue #509 2013-08-18 01:24:40 +02:00
stamparm
1c47b33020 Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple) 2013-04-15 15:23:45 +02:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
6d802867fc Bug fix (in some cases if random values are parsable as MMDD they will result as valid non-NULL TIMESTAMPADD value back - e.g. values 1224,0101,0212) 2013-02-11 12:02:03 +01:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Miroslav Stampar
0cc6e68be2 Refactoring MySQL fingeprint.py (those payloads are now stored into session file too) 2013-02-04 15:12:03 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
ebde4b190e Minor update 2013-01-10 11:42:37 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
9a631331a5 Fix for an Issue #177 2012-09-08 20:22:13 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
cce5c3c009 minor changes for version numbers 2012-03-19 11:07:03 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
25f0ec3597 some minor range to xrange conversion (where safe to do) 2011-10-21 22:34:27 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Miroslav Stampar
126cdf9e19 minor info update 2011-05-19 23:28:27 +00:00
Miroslav Stampar
a034462c31 fixing annoying timeouts for basic DBMS check (reference: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_timestampadd) 2011-05-19 23:03:00 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
148fb26301 quick fix 2011-04-21 17:34:26 +00:00
Miroslav Stampar
e181d5412e fix for a bug reported by aboynes@gmail.com (@@datadir not available on MySQL 4) 2011-04-21 17:33:07 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
572708f184 More version adjustment 2011-04-10 23:28:24 +00:00
Bernardo Damele
6d165861c8 Minor version increase 2011-04-10 13:30:27 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
eb33612736 fix 2011-01-24 10:20:17 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
02b333e30b Minor improvement 2011-01-15 23:54:03 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
73e8a10527 minor fix 2011-01-02 09:12:20 +00:00
Miroslav Stampar
26b06bfcfb update (http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html) 2011-01-01 19:38:51 +00:00
Miroslav Stampar
076560f59f bug fix 2010-12-31 12:58:27 +00:00
Miroslav Stampar
5db8ebbfa9 update of mysql comment versions 2010-12-31 12:42:12 +00:00
Miroslav Stampar
40e3489099 minor update 2010-12-31 12:27:57 +00:00
Miroslav Stampar
ce19b0c431 optimization of comment checking in MySQL 2010-12-31 12:21:02 +00:00
Miroslav Stampar
7f4acaf6f9 now comment injection fingerprint works with all techniques 2010-12-30 21:24:26 +00:00
Miroslav Stampar
5d25da5135 better way to handle this one 2010-12-22 00:51:20 +00:00
Miroslav Stampar
306501363c fuck, sorry, 0 was OK (STRCMP() returns 0 if the strings are the same) 2010-12-22 00:41:38 +00:00
Miroslav Stampar
d6e6afd6f2 minor fix ("To clarify a bit: STRCMP() is case-insensitive as of MySQL 4.0." - http://bugs.mysql.com/bug.php?id=2102) 2010-12-22 00:38:54 +00:00
Miroslav Stampar
6f2ce15478 minor refactoring 2010-12-22 00:27:21 +00:00
Miroslav Stampar
cb61401c18 bug fix (http://dev.mysql.com/doc/refman/5.0/es/news-5-0-11.html - "Added support of where clause for queries with FROM DUAL") 2010-12-22 00:20:56 +00:00
Miroslav Stampar
f905adb7c1 way better as there is no official release version for FOUND_ROWS() (it appears somewhere in alphas/betas of 4.0.x - i've stumbled upon one site with 4.0.22 and it didn't recognized FOUND_ROWS). 2010-12-21 22:18:27 +00:00
Bernardo Damele
1a3f57e5fe Cosmetics 2010-12-21 09:23:00 +00:00
Miroslav Stampar
518b3e094c bug fix (http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows) 2010-12-20 23:00:03 +00:00
Miroslav Stampar
364bc8e7d4 minor update 2010-12-20 11:25:18 +00:00
Miroslav Stampar
28da1141cf some fixes (for MySQL < 4.0) 2010-12-20 11:23:57 +00:00
Miroslav Stampar
76024c455f minor fix (using older commands for basic MySQL check) 2010-12-20 11:15:43 +00:00
Miroslav Stampar
71cf0bd2a5 minor update 2010-12-18 13:08:37 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Bernardo Damele
a02dd6b55b Minor enhancement to speedup active dbms fingerprint (-f).
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
e6c66fa37c update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available 2010-12-11 17:55:28 +00:00
Miroslav Stampar
1beb1dd2cc minor update 2010-12-11 09:30:38 +00:00
Bernardo Damele
7c87ad4065 Minor speedup in -f mysql 2010-12-10 13:05:46 +00:00
Bernardo Damele
d71e51e765 Minor improvement 2010-12-10 11:31:27 +00:00
Bernardo Damele
4741874e9e Enhancement to speedup MySQL fingerprint 2010-12-10 11:27:36 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
1369529103 minor cosmetic update 2010-10-11 13:52:32 +00:00
Miroslav Stampar
78ba5da4f7 fix 2010-09-23 22:07:33 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database.
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
c2a6f21095 refactoring regarding usage of conf.dbmsConnector.connect() 2010-03-30 13:03:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
09768a7b62 Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00