Miroslav Stampar
|
7f371c499d
|
Commit related to the last one
|
2014-04-10 21:29:59 +02:00 |
|
Miroslav Stampar
|
096ce7881e
|
Minor beauty patch
|
2014-04-10 21:18:24 +02:00 |
|
Miroslav Stampar
|
0d1690de61
|
Minor fix
|
2014-04-10 21:18:24 +02:00 |
|
Miroslav Stampar
|
1e8349eeaa
|
Minor fix
|
2014-04-10 21:18:24 +02:00 |
|
Miroslav Stampar
|
1632bec10b
|
Another fix related to the last commit
|
2014-04-03 09:05:12 +02:00 |
|
Miroslav Stampar
|
3e024ac8e6
|
Minor update (consistency patch)
|
2014-03-30 16:51:31 +02:00 |
|
Miroslav Stampar
|
97f603af4a
|
Fix for an Issue #641
|
2014-03-17 20:20:25 +01:00 |
|
Miroslav Stampar
|
6369a38ebc
|
Adding support for JSON-like data with single quote
|
2014-02-26 08:56:17 +01:00 |
|
Miroslav Stampar
|
f97fcb7bb3
|
Adding a switch --invalid-string
|
2014-01-23 21:56:06 +01:00 |
|
Miroslav Stampar
|
f88f6dcd7e
|
Changing --invalid-bignum from float producing to int producing
|
2014-01-23 09:07:25 +01:00 |
|
Bernardo Damele
|
43a4e85749
|
updated copyright
|
2014-01-13 17:24:49 +00:00 |
|
Miroslav Stampar
|
6c80f2903b
|
Patch for an Issue #564
|
2013-12-27 11:02:59 +01:00 |
|
Miroslav Stampar
|
cadbddd607
|
Adding a boundary proposed in Issue #564
|
2013-12-27 10:46:18 +01:00 |
|
Miroslav Stampar
|
02de2aee6d
|
Patch for an Issue #582
|
2013-12-26 22:27:04 +01:00 |
|
Miroslav Stampar
|
dd2ddec79a
|
Minor fix (better extraction of original value in case of replacement and custom POST injection mark)
|
2013-12-03 13:37:04 +01:00 |
|
Miroslav Stampar
|
fabbe63f00
|
Proper fix for re.sub() call with repl value containing backslash
|
2013-10-23 18:07:38 +02:00 |
|
Miroslav Stampar
|
28529a92a7
|
Minor fix (for parameters with \ in value)
|
2013-10-23 10:49:50 +02:00 |
|
Miroslav Stampar
|
304c9822bd
|
Patch for an Issue #545
|
2013-10-17 16:38:07 +02:00 |
|
Miroslav Stampar
|
a944028114
|
Revert of last commit
|
2013-10-02 22:14:50 +02:00 |
|
Miroslav Stampar
|
9ceb518a50
|
Minor patch
|
2013-10-02 22:03:53 +02:00 |
|
Miroslav Stampar
|
2fbd7e8929
|
Minor fix
|
2013-09-24 21:56:40 +02:00 |
|
stamparm
|
28cd50b2f1
|
Patch for an Issue #490
|
2013-07-16 14:08:32 +02:00 |
|
stamparm
|
ac2d40e259
|
Revert of last commit (there is a chance that that big integer value is really valid :)
|
2013-07-15 13:34:38 +02:00 |
|
stamparm
|
a097ee1505
|
Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)
|
2013-07-15 13:31:56 +02:00 |
|
stamparm
|
dc1623a40f
|
Fix for a bug reported over ML (error: unbalanced parenthesis)
|
2013-07-11 10:20:58 +02:00 |
|
stamparm
|
aad102378a
|
Fix for an Issue #487
|
2013-07-09 11:00:43 +02:00 |
|
stamparm
|
f97b35dcc1
|
Patch for an Issue #475
|
2013-07-01 13:43:38 +02:00 |
|
stamparm
|
f7d15cb465
|
Official naming is HSQLDB (and/or HyperSQL)
|
2013-07-01 11:57:47 +02:00 |
|
Miroslav Stampar
|
aeb83ba651
|
Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
|
2013-07-01 02:38:04 -07:00 |
|
Meatballs
|
09e1dc814d
|
Fix concat
|
2013-06-24 23:20:34 +01:00 |
|
Miroslav Stampar
|
fca6772df6
|
Implementation for an Issue #468
|
2013-06-22 00:13:46 +02:00 |
|
stamparm
|
1c47b33020
|
Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple)
|
2013-04-15 15:23:45 +02:00 |
|
Miroslav Stampar
|
b67f342975
|
Minor patch
|
2013-04-01 17:32:16 +02:00 |
|
stamparm
|
473a39b820
|
Minor language fix
|
2013-03-26 14:11:17 +01:00 |
|
stamparm
|
ad039c335d
|
Implementation for an Issue #423
|
2013-03-21 11:28:44 +01:00 |
|
stamparm
|
10e6c70c22
|
Trivial style update (undoing last dummy commit)
|
2013-03-19 10:43:29 +01:00 |
|
stamparm
|
70265fd3b5
|
Trivial style update
|
2013-03-19 10:43:03 +01:00 |
|
stamparm
|
5adac57ca9
|
Trivial style update
|
2013-03-19 10:42:50 +01:00 |
|
Miroslav Stampar
|
5df1f5528e
|
More general update for an Issue #421
|
2013-03-15 22:49:09 +01:00 |
|
Miroslav Stampar
|
f0a419bdec
|
Patch for an Issue #421
|
2013-03-15 22:08:15 +01:00 |
|
Miroslav Stampar
|
8e6692d793
|
Minor fix (for JSON values with :)
|
2013-03-05 20:12:24 +01:00 |
|
stamparm
|
55f33da85a
|
Fix for invalid logical test cases
|
2013-03-01 12:04:49 +01:00 |
|
Miroslav Stampar
|
515be4ee0b
|
Minor just in case commit related to the last one
|
2013-02-14 19:58:10 +01:00 |
|
Miroslav Stampar
|
fef60b73f4
|
Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases
|
2013-02-14 19:53:26 +01:00 |
|
Miroslav Stampar
|
c72353321d
|
Minor update for an Issue #392
|
2013-02-14 13:36:33 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
d78a3e977b
|
Update (allowing regular char * to be inside SOAP/JSON/XML)
|
2013-02-13 12:24:42 +01:00 |
|
Miroslav Stampar
|
6314d64a70
|
Renaming --binary to --binary-fields
|
2013-02-13 11:27:03 +01:00 |
|
Miroslav Stampar
|
8b4f72322a
|
Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format)
|
2013-02-13 09:56:44 +01:00 |
|
Miroslav Stampar
|
cfcf8a3abb
|
Another update for an Issue #380 (--common-... switches)
|
2013-01-31 13:49:19 +01:00 |
|
Miroslav Stampar
|
2420a4b626
|
Update for an Issue #342 and #372
|
2013-01-31 10:01:52 +01:00 |
|
Miroslav Stampar
|
9b4eaa9272
|
Minor fix
|
2013-01-30 18:21:15 +01:00 |
|
Miroslav Stampar
|
fdea8ddea6
|
Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372)
|
2013-01-30 16:55:09 +01:00 |
|
Miroslav Stampar
|
719c7f622b
|
Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions)
|
2013-01-22 15:51:06 +01:00 |
|
Miroslav Stampar
|
2ec828f1cb
|
Fix for an Issue #367
|
2013-01-22 14:27:17 +01:00 |
|
Miroslav Stampar
|
b35a0810ef
|
Fix for an Issue #364
|
2013-01-21 17:01:52 +01:00 |
|
Miroslav Stampar
|
1e3f68c7ff
|
Rewriting some query crafting parts (especially those .find(' FROM '))
|
2013-01-21 16:15:38 +01:00 |
|
Miroslav Stampar
|
832d95984c
|
IFNULL-like mechanism now works on SQLite 2 too
|
2013-01-21 15:04:27 +01:00 |
|
Miroslav Stampar
|
3200134b3b
|
Fix for a regression test #30 test case fail (Firebird inline)
|
2013-01-21 10:12:54 +01:00 |
|
Bernardo Damele
|
3373e30808
|
minor fix for a bug introduced with commit 1ad9e26a21
|
2013-01-20 02:40:40 +00:00 |
|
Bernardo Damele
|
0e78fbef56
|
correctly format SQLi payload for inline query technique
|
2013-01-19 00:28:03 +00:00 |
|
Bernardo Damele
|
1ad9e26a21
|
bug fix for ORDER BY users provided statements (issue #354)
|
2013-01-18 21:40:50 +00:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Bernardo Damele
|
3464a70ac2
|
bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected
|
2013-01-16 01:53:33 +00:00 |
|
Bernardo Damele
|
2a751e075d
|
more work on #342
|
2013-01-15 17:14:44 +00:00 |
|
Miroslav Stampar
|
7a1d484115
|
Implementation for an Issue #340
|
2013-01-15 16:05:33 +01:00 |
|
Miroslav Stampar
|
fc560f2b75
|
Minor revert and proper fix
|
2013-01-14 00:47:29 +01:00 |
|
Bernardo Damele
|
fdd6075859
|
temporary patch to fix UNION query enumeration
|
2013-01-13 23:08:23 +00:00 |
|
Miroslav Stampar
|
03dd958d96
|
Implementation for an Issue #48
|
2013-01-13 16:22:43 +01:00 |
|
Miroslav Stampar
|
bc4d8d3e02
|
Implementation for an Issue #332
|
2013-01-11 11:17:41 +01:00 |
|
Miroslav Stampar
|
934d41dac2
|
Minor style update (PEP8)
|
2013-01-10 15:02:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
ca1c0c2a1d
|
Minor style update
|
2013-01-10 11:54:07 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Miroslav Stampar
|
55a552ddc4
|
Update for an Issue #24
|
2013-01-08 10:55:25 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
6ae4590edc
|
Removing problematic per-MySQL LIMIT prefix
|
2012-12-26 19:48:01 +01:00 |
|
Miroslav Stampar
|
77625e5af7
|
Minor revert
|
2012-12-21 19:31:05 +01:00 |
|
Miroslav Stampar
|
8b3e17ed4d
|
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
|
2012-12-21 14:52:47 +01:00 |
|
Bernardo Damele
|
86872956d5
|
minor bug fix (for PostgreSQL)
|
2012-12-19 22:55:31 +00:00 |
|
Bernardo Damele
|
77843f44fb
|
minor bug fix (issue #314)
|
2012-12-19 22:49:02 +00:00 |
|
Bernardo Damele
|
b91c829103
|
minor bug fix (issue #310)
|
2012-12-19 12:42:31 +00:00 |
|
Bernardo Damele
|
9149d77cc8
|
removed duplicate code - fixes issue #310
|
2012-12-19 12:17:56 +00:00 |
|
Miroslav Stampar
|
9e2f0131b9
|
Update lib/core/agent.py
|
2012-12-18 20:25:00 +01:00 |
|
Bernardo Damele
|
58656bbeb5
|
minor bug fix, union query has to be limited 0, 0
|
2012-12-18 16:36:30 +00:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
b6650add46
|
Introducing 'new style classes' (idea from Pull request #284)
|
2012-12-06 10:42:53 +01:00 |
|
Miroslav Stampar
|
a7e1e856d4
|
Fix for an Issue #260
|
2012-11-28 17:00:26 +01:00 |
|
Miroslav Stampar
|
d490ffb163
|
Fix for an Issue #259
|
2012-11-27 11:45:22 +01:00 |
|
Miroslav Stampar
|
d37be5f97b
|
Fix for an Issue #248
|
2012-11-14 15:54:24 +01:00 |
|
Miroslav Stampar
|
c1eb803ef5
|
Bug fix for MsSQL --hex --technique=E (NOT IN based queries were not working properly)
|
2012-10-28 21:16:51 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
12fc9442b9
|
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)
|
2012-10-25 10:10:23 +02:00 |
|
Miroslav Stampar
|
b82eb3a1ae
|
Fix for an Issue #210
|
2012-10-23 13:58:25 +02:00 |
|
Miroslav Stampar
|
f11a640e99
|
Undo of a previous commit (pdb left inside)
|
2012-10-22 14:39:35 +02:00 |
|
Miroslav Stampar
|
b913e2123d
|
Displaying hex-decoded resulting output in --hex mode
|
2012-10-22 14:39:11 +02:00 |
|
Miroslav Stampar
|
e440b096c5
|
Fix for an Issue #202
|
2012-10-15 12:24:30 +02:00 |
|
Miroslav Stampar
|
d464678e10
|
Minor update for an Issue #49
|
2012-10-04 18:01:42 +02:00 |
|
Miroslav Stampar
|
84b05e2d18
|
Better treating of numeric values (Issue #49)
|
2012-10-04 16:08:37 +02:00 |
|
Miroslav Stampar
|
9129dac77b
|
Minor fix for an Issue #134
|
2012-10-04 15:33:26 +02:00 |
|
Miroslav Stampar
|
461e5ebc5f
|
Work for Issue #197 and Issue #49
|
2012-10-04 11:25:44 +02:00 |
|
Miroslav Stampar
|
bcbf0571a5
|
Implementation for an Issue #49
|
2012-10-02 14:23:58 +02:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
efe4c13ed1
|
Update regarding suffixQuery (user supplied --suffix should nullify any eventual payload comments)
|
2012-09-25 14:36:15 +02:00 |
|
Miroslav Stampar
|
f26ea04e38
|
Fix for an Issue #175
|
2012-09-07 17:06:38 +02:00 |
|
Miroslav Stampar
|
cea5127ffd
|
Update for an Issue #6
|
2012-09-06 15:51:38 +02:00 |
|
Miroslav Stampar
|
2c66ca39f1
|
Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0)
|
2012-08-22 09:53:53 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
8ee9feafb9
|
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
|
2012-08-20 21:57:25 +02:00 |
|
Bernardo Damele
|
92c2b3bd4c
|
Merge branch 'master' of github.com:sqlmapproject/sqlmap
|
2012-07-26 23:11:11 +01:00 |
|
Bernardo Damele
|
d492291744
|
working on issue #12
|
2012-07-26 23:11:07 +01:00 |
|
Miroslav Stampar
|
b3552494c4
|
Minor preparation for an Issue #48
|
2012-07-26 12:26:57 +02:00 |
|
Miroslav Stampar
|
f8c9868cb6
|
Implementation for an Issue #118
|
2012-07-24 15:34:50 +02:00 |
|
Miroslav Stampar
|
95e0d46e3e
|
Fix for an Issue #110
|
2012-07-21 09:15:54 +02:00 |
|
Miroslav Stampar
|
08244c7ebf
|
Fix for an Issue #104
|
2012-07-17 15:05:50 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
3fd5119f3f
|
Redesigning for Issue #75
|
2012-07-12 13:42:22 +02:00 |
|
Bernardo Damele
|
ee3aeb8dcf
|
actual implementation of issue #75, still some work to do
|
2012-07-12 01:16:00 +01:00 |
|
Bernardo Damele
|
a5924739f6
|
minor code refactoring in preparation of ticket #75
|
2012-07-12 01:12:30 +01:00 |
|
Bernardo Damele
|
d3da3f5c52
|
refactoring for issue #51
|
2012-07-10 00:19:32 +01:00 |
|
Bernardo Damele
|
99c5ea54f7
|
cleanup for #34
|
2012-07-09 12:39:43 +01:00 |
|
Bernardo Damele
|
04d803c7fd
|
more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)
|
2012-07-02 15:02:00 +01:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
76c873a222
|
minor fix
|
2012-06-15 06:22:44 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
6367f59b98
|
minor code refactoring
|
2012-05-10 14:15:17 +00:00 |
|
Miroslav Stampar
|
37f2709197
|
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
|
2012-05-09 09:08:23 +00:00 |
|
Miroslav Stampar
|
64c241fe92
|
limiting original UNION query results to only 1 result (potentially speeding things up in some cases)
|
2012-05-08 13:45:53 +00:00 |
|
Miroslav Stampar
|
694b14111f
|
skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)
|
2012-04-27 13:16:51 +00:00 |
|
Miroslav Stampar
|
6f67dc85ee
|
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
|
2012-04-25 20:29:07 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
efd27d7ade
|
minor renaming
|
2012-04-17 08:41:19 +00:00 |
|
Miroslav Stampar
|
601d118c68
|
reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)
|
2012-04-15 16:59:03 +00:00 |
|
Miroslav Stampar
|
8c6eb4faa9
|
adding support for PgSQL DNS data exfiltration
|
2012-04-07 14:06:11 +00:00 |
|
Miroslav Stampar
|
2223c884e5
|
minor refactoring
|
2012-04-05 12:55:26 +00:00 |
|
Miroslav Stampar
|
b0787f193c
|
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
|
2012-04-03 14:34:15 +00:00 |
|
Miroslav Stampar
|
2c28423cb8
|
minor update
|
2012-04-02 14:57:15 +00:00 |
|
Miroslav Stampar
|
1cd3c3f7af
|
further update of DNS data retrieval mechanism through SQLi
|
2012-04-02 14:05:30 +00:00 |
|
Miroslav Stampar
|
d908d078dd
|
minor fix
|
2012-04-02 12:27:30 +00:00 |
|
Miroslav Stampar
|
abffc39929
|
minor update regarding DNS data retrieval task
|
2012-04-02 12:22:40 +00:00 |
|
Miroslav Stampar
|
56638f9e95
|
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
|
2012-03-30 10:50:01 +00:00 |
|
Miroslav Stampar
|
772ead8d03
|
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
|
2012-03-29 12:44:20 +00:00 |
|
Miroslav Stampar
|
cbdcbdd786
|
minor minor update
|
2012-03-16 11:18:18 +00:00 |
|
Miroslav Stampar
|
775e424bf2
|
bug fix for using --no-cast and --hex switches together
|
2012-03-08 15:04:52 +00:00 |
|
Miroslav Stampar
|
ac5a752b12
|
Oracle's XMLType doesn't like '#' char too
|
2012-03-01 11:59:37 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
386e98a0e3
|
using UNION SELECT for where=..NEGATIVE
|
2012-02-22 09:41:58 +00:00 |
|