Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
bfc12e93c5
ms access returns -1 for True
2010-03-30 11:33:51 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
8e57767c48
Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET
2010-03-23 10:27:39 +00:00
Bernardo Damele
466df89c4a
Fixes #178 and #179 - proper handling of custom redirects
2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2
Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g)
2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414
Fixes #59 - proper customizable redirect (302 and 301)
2010-03-15 14:24:43 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
a0f5c3d885
minor update
2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20
minor code refactoring
2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04
one more fix regarding localhost/global proxy issue
2010-02-25 13:30:22 +00:00
Miroslav Stampar
542b01993e
minor fix regarding exception handling of multi-part post handler
2010-02-09 14:02:47 +00:00
Miroslav Stampar
7c88e32f9d
bug fix for 404 program termination during shell upload attempt
2010-02-03 16:16:34 +00:00
Miroslav Stampar
98205cc488
another fix for Bug #148
2010-01-23 23:29:34 +00:00
Miroslav Stampar
39652bfbf4
update regarding Unicode char logging (Bug #148 )
2010-01-23 15:36:55 +00:00
Bernardo Damele
574880ba73
Warn user of HTTP error codes in HTTP responses
2010-01-19 10:27:54 +00:00
Bernardo Damele
c18a5cb92f
Fixed a minor bug when displaying requested page in -v >= 3
2010-01-16 21:47:52 +00:00
Miroslav Stampar
26c7b74e65
changes regarding Data (GET/POST/Cookie) encoding (Bug #129 )
2010-01-14 18:05:03 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
9c620da0a5
Minor fix
2009-12-31 12:34:18 +00:00
Bernardo Damele
c1c14dabd9
Minor bug fix
2009-12-21 11:21:18 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
c5d20b8a86
Initial support for ASP web backdoor functionality
2009-05-06 12:14:38 +00:00
Bernardo Damele
58f3eee390
Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library
2009-04-28 11:11:35 +00:00
Bernardo Damele
1d7de719b9
Almost done with web backdoor functionality
2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
a8d57bb031
Avoid DeprecationWarning with Python 2.6+
2009-01-22 23:53:01 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
8d06975142
Major enhancement to make the comparison algorithm work properly also
...
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
d0d6632c22
Initial support to automatically work around the dynamic page at each refresh
...
(Major refactor to the comparison algorithm (True/False response))
2008-12-18 20:48:23 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
38c9627700
Minor enhancemet to support also --regexp, --excl-str and --excl-reg
...
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7
sqlmap 0.6.3-rc4:
...
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
b700485a1b
Minor adjustment, still to work on the cookie urlencoding/decoding
2008-12-02 21:57:12 +00:00
Bernardo Damele
428612b431
Comment and layout adjustments
2008-12-01 23:04:01 +00:00
Bernardo Damele
9be844cf3e
Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.
2008-11-20 17:56:09 +00:00
Bernardo Damele
654aecedfe
Minor layout adjustments, minor fixes and updated changelog
2008-11-17 00:00:54 +00:00
Bernardo Damele
84cbc60659
Major bug fix to correctly handle httplib.BadStatusLine exception.
...
Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual.
2008-11-15 12:25:19 +00:00
Bernardo Damele
0c5d3df546
sqlmap 0.6.3-rc1:
...
* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation.
2008-11-09 16:57:47 +00:00
Bernardo Damele
9895338630
Major bug fix following the last commit
2008-10-27 23:56:02 +00:00
Bernardo Damele
eb6e6f4d03
Major bug fix when the request is POST to also send the GET parameters in the request if they've been provided
2008-10-27 15:42:32 +00:00
Bernardo Damele
016118ce7a
Some more fixes and adjustments before 0.6.1 release.
2008-10-17 15:26:43 +00:00
Bernardo Damele
1f3ffc8ef7
Minor layout adjustment
2008-10-17 13:23:24 +00:00
Bernardo Damele
66136b48c0
Minor fixes.. should work also for Cookie now the % parsing
2008-10-17 11:51:12 +00:00
Bernardo Damele
a5b2366033
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
2008-10-16 15:31:02 +00:00
Bernardo Damele
892a7b2f8a
propsets..
2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510
After the storm, a restore..
2008-10-15 15:38:22 +00:00