Commit Graph

241 Commits

Author SHA1 Message Date
Miroslav Stampar
01014eca17 by request 2011-08-23 21:45:01 +00:00
Miroslav Stampar
8a174248dc fix for a bug reported by blueBoy 2011-08-20 20:08:11 +00:00
Miroslav Stampar
018d7ed646 improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery) 2011-07-31 23:40:09 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Miroslav Stampar
5b4eaf48d9 minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ") 2011-06-27 21:34:49 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
08d6bb4f23 minor fix 2011-06-02 22:13:31 +00:00
Miroslav Stampar
128a012121 this was causing that --suffix trouble 2011-05-23 19:59:07 +00:00
Miroslav Stampar
fb23beef6f most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) 2011-05-22 19:14:36 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
ac2550535c Proper fix for --technique=U bug 2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93 fix for a major bug reported by k1971@live.co.uk (1..9 99..) 2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334 proper way to deal with generic cases 2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7 fix for a --technique=U 2011-05-01 07:37:22 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
14219a3dac Minor bug fix 2011-04-10 22:44:08 +00:00
Miroslav Stampar
be11e2535e one more minor update 2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9 minor update regarding the last commit 2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0]) 2011-04-07 23:32:07 +00:00
Miroslav Stampar
ee15988878 another minor update related to previous commit 2011-03-31 17:34:07 +00:00
Miroslav Stampar
af5342c495 fix for partial inband queries on MSSQL 2011-03-25 11:19:15 +00:00
Miroslav Stampar
f3858a5fcf another fix related to the bug reported by Alone Shell 2011-03-24 17:08:14 +00:00
Miroslav Stampar
5a1aaecf16 minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION') 2011-03-22 13:07:37 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
3ca5cddca7 massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL) 2011-03-20 23:54:56 +00:00
Bernardo Damele
d7d47b6257 Minor bug fix (revert) 2011-03-11 21:56:45 +00:00
Bernardo Damele
3cb0ca4b63 Minor bug fix for --privileges on PgSQL with error-based SQL inj technique 2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1 Another bug fix for --privileges on PgSQL with UNION query technique 2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7 Minor bug fixes to --privileges for PostgreSQL query (corner case) 2011-03-11 14:54:41 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Bernardo Damele
2ea828e416 Proper fix for r3307 (file-write on MySQL via UNION query tech) 2011-02-13 22:48:01 +00:00
Bernardo Damele
7253362114 Minor bug fix so that --file-write on MySQL via UNION query now works again 2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Miroslav Stampar
7d9be18789 added one comment 2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f another update 2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139 fix for a bug reported by skysbsb@gmail.com (double ORDER BY) 2011-02-09 12:43:09 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
771020abd6 one more related commit 2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Bernardo Damele
bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') 2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58 can't stay as it is right now. temporary disabling. 2011-02-06 21:17:41 +00:00
Bernardo Damele
6191a7f26f Major fix for a silent bug 2011-02-06 15:53:43 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Bernardo Damele
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads 2011-01-24 12:25:45 +00:00
Miroslav Stampar
c1145c244e fix for user-agent injections 2011-01-23 23:23:30 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
701947490b Two major bug fixes related to UNION technique query forging 2011-01-19 23:46:39 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00
Miroslav Stampar
8212b7b745 bug fix 2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Bernardo Damele
698f30e65e Cosmetics 2010-12-13 21:34:35 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
af22679605 minor update 2010-12-08 13:09:27 +00:00
Bernardo Damele
5f97312f29 Minor fix 2010-12-07 17:17:38 +00:00
Bernardo Damele
effd2ca0e3 Cosmetics 2010-12-07 12:32:58 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Miroslav Stampar
a43d252ae9 minor update 2010-12-06 00:14:08 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Bernardo Damele
41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections 2010-12-05 11:25:44 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) 2010-12-03 16:12:47 +00:00
Bernardo Damele
126a1479d8 Bug fix for --union-test 2010-12-03 14:57:30 +00:00
Bernardo Damele
b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses 2010-12-03 14:39:51 +00:00