Bernardo Damele
b2b2ec8a26
Preparing to release sqlmap 0.7 stable
2009-07-24 23:20:57 +00:00
Bernardo Damele
b4fd71e8b9
Minor adjustment to reflect Metasploit r6849 ( http://trac.metasploit.com/changeset/6849 ) and minor code refactoring.
2009-07-20 14:36:33 +00:00
Bernardo Damele
cb3d2bac16
Minor improvement so that sqlmap tests also all parameters with no value (ig. par=).
2009-07-09 11:25:35 +00:00
Bernardo Damele
516fdb9356
Avoid to upload the web backdoor to unexisting empty-name directory
2009-07-09 11:11:25 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00
Bernardo Damele
4b622ed860
Minor bug fix.
...
Adapted Metasploit wrapping functions to work with latest msf3 development version too.
2009-07-06 14:40:33 +00:00
Bernardo Damele
0fc4587f02
Added support for reflective meterpreter by default when the target OS
...
is Windows and minor layout fix
2009-07-03 17:59:20 +00:00
Bernardo Damele
3b9303186e
Fixed minor bug with --eta
2009-06-24 13:44:14 +00:00
Bernardo Damele
e5a01d500e
Minor bug fix in --update option, updated also Microsoft XML versions file
2009-06-16 15:12:02 +00:00
Bernardo Damele
03a6739fbf
Minor layout adjustments
2009-06-11 15:34:31 +00:00
Bernardo Damele
150abc0f1e
sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring.
2009-06-11 15:01:48 +00:00
Bernardo Damele
3bca0d4b28
Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance.
2009-06-05 10:15:55 +00:00
Bernardo Damele
5ac2b0658c
Fixed regular expression to parse burp log file hosts' scheme/port
2009-06-04 14:42:53 +00:00
Bernardo Damele
cfd8a83655
Minor adjustment to get also the port when parsing burp logs
2009-06-04 14:36:31 +00:00
Bernardo Damele
966f34f381
Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions
2009-06-03 15:26:18 +00:00
Bernardo Damele
c7b72abc0e
Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls
2009-06-03 15:04:40 +00:00
Bernardo Damele
93ee4a01e5
HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+
2009-05-20 14:27:25 +00:00
Bernardo Damele
81d1a767ac
Minor bug fix in output manager (dumper) object
2009-05-20 13:56:23 +00:00
Bernardo Damele
8e7282f7c7
Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6.
2009-05-20 13:51:25 +00:00
Bernardo Damele
13de8366d0
Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting!
2009-05-20 09:34:13 +00:00
Bernardo Damele
ef3846e0de
Minor fix in Host header value by Oliver Gruskovnjak
2009-05-19 14:40:04 +00:00
Bernardo Damele
45dff4a00a
Added new function to search a file within the PATH environment variable paths:
...
it will be used when sqlmap will be packaged as DEB and RPM
2009-05-12 20:24:47 +00:00
Bernardo Damele
b463205544
Minor fixes for MacOSX
2009-05-12 20:24:00 +00:00
Bernardo Damele
06cc2a6d70
Minor bug fixes and code refactoring
2009-05-11 15:37:48 +00:00
Bernardo Damele
c5d20b8a86
Initial support for ASP web backdoor functionality
2009-05-06 12:14:38 +00:00
Bernardo Damele
ccedadd780
Finished Mac OS X
2009-04-30 21:42:54 +00:00
Bernardo Damele
e8c115500d
Now it works also on Mac OS X
2009-04-30 10:46:50 +00:00
Bernardo Damele
722ca8bf2f
Minor "fix"
2009-04-29 19:45:12 +00:00
Bernardo Damele
57b8bb4c8e
Minor syntax adjustment for web backdoor functionality
2009-04-28 21:51:22 +00:00
Bernardo Damele
58f3eee390
Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library
2009-04-28 11:11:35 +00:00
Bernardo Damele
1d7de719b9
Almost done with web backdoor functionality
2009-04-28 11:05:07 +00:00
Bernardo Damele
16b4530bbe
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
...
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
2009-04-27 23:05:11 +00:00
Bernardo Damele
5121a4dcba
Send IE7.0 as default User-Agent
2009-04-24 20:13:21 +00:00
Bernardo Damele
406d5df195
Minor layout adjustments
2009-04-24 20:12:52 +00:00
Bernardo Damele
546a6c32e3
Avoid deprecation warning on sha and md5 libraries on Python >= 2.6
2009-04-24 20:10:30 +00:00
Bernardo Damele
6f4035938b
Let the user choose also the local address in reverse OOB connection
2009-04-24 10:27:52 +00:00
Bernardo Damele
4ce74764b7
More verbose when reporting failure to create shellcode/payload stager (via Metasploit)
2009-04-23 20:39:32 +00:00
Bernardo Damele
1af6898618
Fixed POST parsing when -l option is provided (burp/webscarab log file)
2009-04-23 15:04:28 +00:00
Bernardo Damele
aefa7ef988
Avoid libmagic traceback on Windows.
...
WARNING: this release is a candidate, it only works on Linux/Unices for the moment!
2009-04-22 12:44:16 +00:00
Bernardo Damele
8c0ac767f4
Updated to sqlmap 0.7 release candidate 1
2009-04-22 11:48:07 +00:00
Bernardo Damele
0c1a6b3edf
Minor typo fix
2009-02-19 00:38:54 +00:00
Bernardo Damele
2efee058ea
Major enhancement in comparison algorithm
2009-02-12 00:17:44 +00:00
Bernardo Damele
ba00a17205
Minor layout adjustment
2009-02-09 10:58:44 +00:00
Bernardo Damele
2355885712
Minor adjustment
2009-02-09 10:29:07 +00:00
Bernardo Damele
207e96e2b2
Major bug fix in the comparison algorithm to correctly handle also the
...
case that the url is stable and the False response changes the page
content very little.
2009-02-09 10:28:03 +00:00
Bernardo Damele
b12d955274
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
2009-02-03 15:38:40 +00:00
Bernardo Damele
770e000cb4
Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs
2009-02-02 23:44:19 +00:00
Bernardo Damele
dded57f1cd
Minor bug fix to correctly unpack user's custom queries on Microsoft SQL Server
2009-01-30 23:58:48 +00:00
Bernardo Damele
6054090191
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
2009-01-28 14:53:11 +00:00
Bernardo Damele
a8d57bb031
Avoid DeprecationWarning with Python 2.6+
2009-01-22 23:53:01 +00:00
Bernardo Damele
793c323b2a
Major bug fixes
2009-01-22 22:28:27 +00:00
Bernardo Damele
c25b49e80e
Major bugfix to avoid "IFNULL and CAST" on CASE
2009-01-19 21:27:51 +00:00
Bernardo Damele
8f973ce574
Minor layout adjustments
2009-01-18 22:36:48 +00:00
Bernardo Damele
fd7cb9101c
Major bug fix to forge SQL injection payload on Oracle
2009-01-13 23:15:57 +00:00
Bernardo Damele
bc448211c5
Minor layout adjustment
2009-01-13 23:15:23 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
92645dd264
Minor adjustment
2009-01-10 14:51:12 +00:00
Bernardo Damele
e10ab5aa0e
Major bug fixes
2009-01-10 14:39:27 +00:00
Bernardo Damele
9c125a2b57
Minor improvement to use Python ConfigParser library when --save if specified.
...
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
d0604ef513
Major bug fix to correctly handle custom SQL "limited" queries on Oracle
2009-01-03 01:19:04 +00:00
Bernardo Damele
2d87a3349f
Fixed custom MSSQL "limited" query support also for Partial UNION query technique
2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be
Major bug fix to make it work properly with MSSQL custom limited (SELECT
...
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
a4d62af2ea
Minor layout adjustments to --union-tech
2008-12-29 18:48:23 +00:00
Bernardo Damele
9340bf59fb
Updated Microsoft SQL Server signature XML file.
...
Minor layout adjustments to --update output messages/diff
2008-12-29 18:46:43 +00:00
Bernardo Damele
c83593c044
Limited custom query now works also on Oracle in inferential blind SQL
...
injection technique
2008-12-23 23:34:50 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
1f7810e46a
Major bug fix to make partial UNION query sql injection work properly
...
also on Microsoft SQL Server
2008-12-22 19:36:01 +00:00
Bernardo Damele
04c187c66a
Working on a bug (fix for Partial UNION query SQL injection technique
...
both Oracle and Microsoft SQL Server).
2008-12-22 00:51:09 +00:00
Bernardo Damele
2f406b3e56
Minor adjustments
2008-12-22 00:04:28 +00:00
Bernardo Damele
4ae464c80d
Minor enhancement to support an option (--union-tech) to specify the
...
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
35708a0b97
Minor adjustment to UNION query SQL injection detection function.
...
Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py.
2008-12-21 16:35:03 +00:00
Bernardo Damele
996a872e51
We are already on sqlmap 0.6.4 release candidate 1..
2008-12-20 13:23:26 +00:00
Bernardo Damele
c18efe5084
Minor adjustments
2008-12-20 13:21:47 +00:00
Bernardo Damele
8d06975142
Major enhancement to make the comparison algorithm work properly also
...
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
7e8ac16245
Added preventive check for stacked queries support when executing DDL,
...
DML & co. statements in SQL query and SQL shell. Minor improvements on
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
68354be45a
Ahead with enhancements on comparison algorithm: implemented content-length technique
2008-12-18 22:49:35 +00:00
Bernardo Damele
afbd66f6d9
Added some comments
2008-12-18 21:58:05 +00:00
Bernardo Damele
d0d6632c22
Initial support to automatically work around the dynamic page at each refresh
...
(Major refactor to the comparison algorithm (True/False response))
2008-12-18 20:48:23 +00:00
Bernardo Damele
3fe493b63d
Minor enhancement to support an option (--is-dba) to show if the
...
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
6dec56d616
Major bug fix
2008-12-17 21:35:04 +00:00
Bernardo Damele
dda62ba463
Minor adjustments and bug fixes
2008-12-17 20:11:18 +00:00
Bernardo Damele
b7f2602b50
A bit more entropy in the sql injection detection
2008-12-16 23:51:56 +00:00
Bernardo Damele
05a8c8d3bf
Added support to test for stacked queries support and improved check for time based blind sql injection.
...
Minor bug fix in --save option
2008-12-16 21:30:24 +00:00
Bernardo Damele
bf2a857b9a
Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.
2008-12-12 19:06:31 +00:00
Bernardo Damele
072eb7154c
Major enhancement to support Partial UNION query SQL injection technique too.
...
Minor code cleanup.
2008-12-10 17:23:07 +00:00
Bernardo Damele
9dbad512f1
sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers
...
by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation.
2008-12-08 21:24:24 +00:00
Bernardo Damele
38c9627700
Minor enhancemet to support also --regexp, --excl-str and --excl-reg
...
options rather than only --string when comparing HTTP responses page
content
2008-12-05 15:34:13 +00:00
Bernardo Damele
7f055924a7
sqlmap 0.6.3-rc4:
...
Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation.
2008-12-04 17:40:03 +00:00
Bernardo Damele
0f07e33e1a
Removed REVISION, makes no sense.
...
Import and use python psyco library to speed up if it's installed: it's optional.
2008-12-03 17:32:16 +00:00
Bernardo Damele
e3ddbe751f
Minor code refactoring
2008-12-02 23:49:38 +00:00
Bernardo Damele
b700485a1b
Minor adjustment, still to work on the cookie urlencoding/decoding
2008-12-02 21:57:12 +00:00
Bernardo Damele
578bcb9140
Initial support for partial UNION query sql injection
2008-12-02 21:56:23 +00:00
Bernardo Damele
f97585c593
Show also SVN revision in error message when a traceback raises.
...
Fix typo.
2008-12-01 23:49:14 +00:00
Bernardo Damele
a777f1ca35
Minor bug fix
2008-12-01 23:27:51 +00:00
Bernardo Damele
034a3f387a
Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)
2008-12-01 23:09:07 +00:00
Bernardo Damele
3cf1658532
Increased default output level from 0 to 1
2008-12-01 23:07:41 +00:00
Bernardo Damele
428612b431
Comment and layout adjustments
2008-12-01 23:04:01 +00:00