sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	bbffea2cbc	bug fix	2010-12-09 17:10:22 +00:00
Miroslav Stampar	0eb2c408a9	code refactoring	2010-12-09 16:49:02 +00:00
Miroslav Stampar	cdff29ada7	update	2010-12-09 11:23:44 +00:00
Miroslav Stampar	81c16926c1	code refactoring some more	2010-12-08 14:46:07 +00:00
Miroslav Stampar	d77ddbee47	OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)	2010-12-06 18:20:57 +00:00
Bernardo Damele	17449754fe	Got rid of UNION false cond	2010-12-05 16:16:15 +00:00
Miroslav Stampar	5764816891	minor cosmetics	2010-12-03 22:28:09 +00:00
Miroslav Stampar	2cc167a42e	fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"	2010-12-02 18:57:43 +00:00
Miroslav Stampar	bf09b8a6d9	added Firebird error based (WHERE) attack vector	2010-12-02 15:09:21 +00:00
Bernardo Damele	c8f943f5e4	Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.	2010-11-30 22:40:25 +00:00
Bernardo Damele	c22338ce90	Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).	2010-11-29 11:47:58 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Miroslav Stampar	ba4ea32603	first working version of dictionary attack	2010-11-23 13:24:02 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Bernardo Damele	360aff7a4d	sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle	2010-11-17 17:20:32 +00:00
Miroslav Stampar	6ef3846400	update regarding error parsing (and reporting)	2010-11-16 10:42:42 +00:00
Bernardo Damele	a34c1b287c	Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)	2010-11-12 11:33:11 +00:00
Bernardo Damele	64b5de44a0	Converted to new XML object format	2010-11-12 10:11:13 +00:00
Bernardo Damele	66c82d72e4	Typo fix	2010-11-12 10:02:02 +00:00
Miroslav Stampar	42272ca78c	minor update	2010-11-11 22:26:36 +00:00
Miroslav Stampar	be992b4471	update regarding common columns existance check	2010-11-11 17:09:31 +00:00
Miroslav Stampar	4be0631161	refactoring of brute force techniques	2010-11-09 09:42:43 +00:00
Bernardo Damele	dac7436edf	Fix inconsistence with -b --error-test	2010-11-08 15:36:07 +00:00
Bernardo Damele	0c8918bf07	Minor bug fix, thanks Alex	2010-11-08 12:45:23 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Miroslav Stampar	8e44aa605a	refactoring regarding injection place (more left)	2010-11-08 08:02:36 +00:00
Bernardo Damele	27ce4b0cf0	Set proper verbose level for dbms direct error messages	2010-11-07 22:14:06 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	3f0a443b83	some updates	2010-11-04 23:08:59 +00:00
Miroslav Stampar	c8fe2fa8d8	minor fix	2010-11-04 22:00:14 +00:00
Miroslav Stampar	d7dbf814a0	fix/update for Access	2010-11-04 21:47:21 +00:00
Miroslav Stampar	f74b69cc29	fix (AttributeError: class ICMPsh has no attribute '__init__')	2010-11-04 12:45:33 +00:00
Miroslav Stampar	6adee3792a	removed all trailing spaces from blank lines	2010-11-03 10:08:27 +00:00
Miroslav Stampar	4b56fa4f8f	now --tables work for MaxDB	2010-11-02 22:11:45 +00:00
Miroslav Stampar	b761523f3f	now --users works for MaxDB too	2010-11-02 21:52:48 +00:00
Miroslav Stampar	cd0d4135ac	implemented --banner for MaxDB and some minor fixes	2010-11-02 20:51:55 +00:00
Bernardo Damele	c7c84c3089	Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).	2010-11-02 15:31:51 +00:00
Bernardo Damele	3596f81e6a	Typo	2010-11-02 15:24:02 +00:00
Miroslav Stampar	70f6eab715	minor update	2010-11-02 12:08:28 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Miroslav Stampar	9d2c81baa9	more update for ms access	2010-11-02 11:06:47 +00:00
Miroslav Stampar	6ad8bbfc8e	one more ms access update	2010-11-02 10:50:57 +00:00
Miroslav Stampar	c98d8fed83	minor ms access update	2010-11-02 10:13:36 +00:00
Bernardo Damele	486a113560	Consolidate logger messages for --*-test switches	2010-10-31 16:58:38 +00:00
Bernardo Damele	eab331ebd7	Minor bug fix	2010-10-31 13:46:08 +00:00
Bernardo Damele	65a0a8d285	Delegate urlencoding to agent.py only	2010-10-31 13:28:05 +00:00
Bernardo Damele	17e8abe841	Removed useless call to urlencode()	2010-10-31 12:47:22 +00:00
Miroslav Stampar	a921fe0d5d	fix for using --banner --stacked-test together	2010-10-29 15:31:24 +00:00
Bernardo Damele	a0df231aa4	Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data	2010-10-29 13:09:53 +00:00

1 2 3 4 5 ...

277 Commits