sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Bernardo Damele	b5dd4d4a63	Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection	2011-07-08 10:19:01 +00:00
Miroslav Stampar	c517e97a44	few fixes and minor cosmetics	2011-07-08 06:02:31 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	067354b97f	Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access	2011-07-07 13:20:40 +00:00
Miroslav Stampar	5b4eaf48d9	minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")	2011-06-27 21:34:49 +00:00
Bernardo Damele	36c96ef796	Added DB2 support - patch provided by Sebastian Bittig	2011-06-25 09:44:24 +00:00
Miroslav Stampar	08d6bb4f23	minor fix	2011-06-02 22:13:31 +00:00
Miroslav Stampar	128a012121	this was causing that --suffix trouble	2011-05-23 19:59:07 +00:00
Miroslav Stampar	fb23beef6f	most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)	2011-05-22 19:14:36 +00:00
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Bernardo Damele	ac2550535c	Proper fix for --technique=U bug	2011-05-01 23:42:41 +00:00
Miroslav Stampar	900ee0ff93	fix for a major bug reported by k1971@live.co.uk (1..9 99..)	2011-05-01 15:47:00 +00:00
Miroslav Stampar	494503b334	proper way to deal with generic cases	2011-05-01 08:04:08 +00:00
Miroslav Stampar	fcd69ba9c7	fix for a --technique=U	2011-05-01 07:37:22 +00:00
Bernardo Damele	9a4ae7d9e2	More code refactoring of Backend class methods used	2011-04-30 14:54:29 +00:00
Miroslav Stampar	a7366bf710	SOAP refactoring	2011-04-17 21:39:00 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Bernardo Damele	14219a3dac	Minor bug fix	2011-04-10 22:44:08 +00:00
Miroslav Stampar	be11e2535e	one more minor update	2011-04-08 00:05:44 +00:00
Miroslav Stampar	3435d549a9	minor update regarding the last commit	2011-04-07 23:35:51 +00:00
Miroslav Stampar	726155383d	higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])	2011-04-07 23:32:07 +00:00
Miroslav Stampar	ee15988878	another minor update related to previous commit	2011-03-31 17:34:07 +00:00
Miroslav Stampar	af5342c495	fix for partial inband queries on MSSQL	2011-03-25 11:19:15 +00:00
Miroslav Stampar	f3858a5fcf	another fix related to the bug reported by Alone Shell	2011-03-24 17:08:14 +00:00
Miroslav Stampar	5a1aaecf16	minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME\|\|chr(58)\|\|OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')	2011-03-22 13:07:37 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	3ca5cddca7	massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)	2011-03-20 23:54:56 +00:00
Bernardo Damele	d7d47b6257	Minor bug fix (revert)	2011-03-11 21:56:45 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Bernardo Damele	5af7410cb1	Another bug fix for --privileges on PgSQL with UNION query technique	2011-03-11 15:13:09 +00:00
Bernardo Damele	74ef1e53c7	Minor bug fixes to --privileges for PostgreSQL query (corner case)	2011-03-11 14:54:41 +00:00
Bernardo Damele	3e8c204121	Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba	2011-02-21 16:00:56 +00:00
Miroslav Stampar	b71bb321dd	some more Sybase updates	2011-02-19 18:04:27 +00:00
Bernardo Damele	2ea828e416	Proper fix for r3307 (file-write on MySQL via UNION query tech)	2011-02-13 22:48:01 +00:00
Bernardo Damele	7253362114	Minor bug fix so that --file-write on MySQL via UNION query now works again	2011-02-11 23:35:45 +00:00
Miroslav Stampar	535eb9f3eb	implementation of referer feature	2011-02-11 23:07:03 +00:00
Miroslav Stampar	7d9be18789	added one comment	2011-02-09 14:34:18 +00:00
Miroslav Stampar	bafc8a1b0f	another update	2011-02-09 13:29:52 +00:00
Miroslav Stampar	600f729139	fix for a bug reported by skysbsb@gmail.com (double ORDER BY)	2011-02-09 12:43:09 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	771020abd6	one more related commit	2011-02-07 16:32:08 +00:00
Miroslav Stampar	265e7ca272	fix for that MSSQL limit/top problem	2011-02-07 16:24:23 +00:00
Bernardo Damele	bf5ca4bd9a	No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')	2011-02-06 23:30:43 +00:00
Bernardo Damele	061f56daf9	More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload.	2011-02-06 23:27:56 +00:00
Bernardo Damele	0800d9e49b	Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()	2011-02-06 22:58:12 +00:00
Miroslav Stampar	078a2207cc	few reverts	2011-02-06 22:10:28 +00:00
Miroslav Stampar	b9b2fe0e7c	little cleanup	2011-02-06 21:52:39 +00:00
Miroslav Stampar	c4c2cf1d58	can't stay as it is right now. temporary disabling.	2011-02-06 21:17:41 +00:00
Bernardo Damele	6191a7f26f	Major fix for a silent bug	2011-02-06 15:53:43 +00:00

1 2 3 4

187 Commits