Commit Graph

252 Commits

Author SHA1 Message Date
Miroslav Stampar
df0f08bc6a Cleaning some (web upload based) garbage 2012-12-13 13:19:47 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
003d21e962 Minor style update (capitalization of leftover class names) 2012-12-06 13:46:24 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
7c7aff12c6 Update for an Issue #225 2012-10-30 01:26:19 +01:00
Miroslav Stampar
726de868e2 Fix for an Issue #225 2012-10-30 00:37:43 +01:00
Miroslav Stampar
5358d85d37 Important refactoring for web-based functionality 2012-10-29 15:09:05 +01:00
Miroslav Stampar
d6e16e8641 Minor update 2012-10-29 11:08:02 +01:00
Miroslav Stampar
359e734954 Minor refactoring 2012-10-29 10:48:49 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
54fbb22ab8 Minor refactoring 2012-10-25 09:56:36 +02:00
Miroslav Stampar
f3aa09c794 Minor language fix 2012-10-23 15:52:43 +02:00
Miroslav Stampar
a6eeebfca8 Fix for an Issue #188 2012-09-20 11:30:07 +02:00
Miroslav Stampar
ebab05cf7c Fix for an Issue #158 2012-08-21 20:20:38 +02:00
Miroslav Stampar
1669c6bdb4 Another update for an Issue #28 2012-07-27 17:05:21 +02:00
Miroslav Stampar
6ffc5665d0 Update for Issue #28 2012-07-27 16:29:33 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Bernardo Damele
0a4b6431a8 minor bug fix - issue #112 2012-07-21 16:51:01 +01:00
Bernardo Damele
dba0a96c2e fall-back to UNION technique if web file stager was not uploaded with LIMIT 2012-07-20 17:11:22 +01:00
Bernardo Damele
cbe8f41746 minor code refactoring preparing for #96 2012-07-20 16:20:17 +01:00
Bernardo Damele
318a01b867 minor typo fixes 2012-07-17 00:25:02 +01:00
Miroslav Stampar
87ecf205cb More work for Issue #66 2012-07-14 17:01:04 +02:00
Miroslav Stampar
9ff9c951bc Language update 2012-07-13 14:33:16 +02:00
Miroslav Stampar
6677da63cd Fix for an Issue #88 2012-07-13 14:25:39 +02:00
Miroslav Stampar
c5ecc8b8db Closing work on Issue #83 2012-07-13 11:23:21 +02:00
Miroslav Stampar
48f68bd076 First commit for Issue #83 2012-07-13 10:35:22 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
0702dd70b5 verify also that the web backdoor has been successfully uploaded 2012-07-11 14:08:51 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Bernardo Damele
d3da3f5c52 refactoring for issue #51 2012-07-10 00:19:32 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Bernardo Damele
99c5ea54f7 cleanup for #34 2012-07-09 12:39:43 +01:00
Bernardo Damele
d08a54e375 properly display the command stdout 2012-07-09 10:52:48 +01:00
Miroslav Stampar
54e0a2d8ee --os-shell now works perfect for inference-like techniques too 2012-07-07 17:57:06 +02:00
Miroslav Stampar
58f6687194 Some refactoring (reusing xpCmdshellForgeCmd) 2012-07-07 10:51:29 +02:00
Miroslav Stampar
8620767b77 Proper fix 2012-07-07 10:38:07 +02:00
Miroslav Stampar
1c69eb5d30 Revert "major fix"
This reverts commit 3a11fc2d9e.
2012-07-07 10:26:13 +02:00
Bernardo Damele
3a11fc2d9e major fix 2012-07-06 22:55:34 +01:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Miroslav Stampar
982fcde1c0 Fix for Issue #62 2012-07-06 12:24:55 +02:00
Bernardo Damele
fd4cfb0cc0 working on #51 2012-07-02 15:28:19 +01:00
Bernardo Damele
7335072ab8 leftover 2012-07-02 15:11:21 +01:00
Bernardo Damele
04d803c7fd more tweaking for issue #34, it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005) 2012-07-02 15:02:00 +01:00
Bernardo Damele
b7d2680e55 minor refactoring, issue #51 2012-07-02 12:50:26 +01:00
Bernardo Damele
add8352804 make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too 2012-07-02 02:14:03 +01:00
Bernardo Damele
6697927098 initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap 2012-07-02 02:04:19 +01:00
Bernardo Damele
18be319d13 hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run 2012-07-01 23:41:10 +01:00
Bernardo Damele
ff9e97a42c minor code refactoring 2012-07-01 23:31:45 +01:00