Bernardo Damele
|
ad17e9ed2a
|
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
|
2010-11-19 14:56:20 +00:00 |
|
Bernardo Damele
|
8d07272c82
|
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
Now stores/resumes also the exact UNION payload to session file.
|
2010-11-13 23:24:41 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|
Miroslav Stampar
|
685a8e7d2c
|
refactoring of hard coded dbms names
|
2010-11-02 11:59:24 +00:00 |
|
Bernardo Damele
|
215175e3b7
|
Minor code adjustments
|
2010-10-25 14:11:47 +00:00 |
|
Miroslav Stampar
|
bc79eec702
|
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
|
2010-10-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
1b376c99a6
|
removed temp dictionary and replaced with kb.misc
|
2010-10-19 23:00:19 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
12a5ec9f3d
|
more unicode refactoring
|
2010-06-02 12:45:40 +00:00 |
|
Miroslav Stampar
|
a3db3c03c1
|
str() -> unicode()
|
2010-05-28 13:05:02 +00:00 |
|
Miroslav Stampar
|
ca3e12ae73
|
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
|
2010-05-13 11:05:35 +00:00 |
|
Bernardo Damele
|
90d9900371
|
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
|
2010-04-30 15:48:40 +00:00 |
|
Bernardo Damele
|
b72ddb6f1e
|
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
|
2010-04-09 15:48:53 +00:00 |
|
Bernardo Damele
|
d13ad8b2d7
|
fixes #181 - proper save/resume information about single entry UNION SQL injection
|
2010-03-22 15:39:29 +00:00 |
|
Bernardo Damele
|
156fdd96ef
|
Updated copyright
|
2010-03-03 15:26:27 +00:00 |
|
Miroslav Stampar
|
1a764e1f08
|
minor commit
|
2010-01-15 16:10:21 +00:00 |
|
Miroslav Stampar
|
5f171340f5
|
introduced safe string formatting
|
2010-01-15 16:06:59 +00:00 |
|
Bernardo Damele
|
ce022a3b6e
|
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
|
2010-01-02 02:02:12 +00:00 |
|
Bernardo Damele
|
d905e5ef9f
|
Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server
|
2009-07-25 11:45:23 +00:00 |
|
Bernardo Damele
|
16b4530bbe
|
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
|
2009-04-27 23:05:11 +00:00 |
|
Bernardo Damele
|
8c0ac767f4
|
Updated to sqlmap 0.7 release candidate 1
|
2009-04-22 11:48:07 +00:00 |
|
Bernardo Damele
|
5560f0b68a
|
Updated the copyright
|
2009-01-12 21:35:38 +00:00 |
|
Bernardo Damele
|
2d87a3349f
|
Fixed custom MSSQL "limited" query support also for Partial UNION query technique
|
2009-01-03 00:27:04 +00:00 |
|
Bernardo Damele
|
9c42a883be
|
Major bug fix to make it work properly with MSSQL custom limited (SELECT
TOP ...) queries with both inferential blind and Full UNION query
injection
|
2009-01-02 23:26:45 +00:00 |
|
Bernardo Damele
|
64bb57d786
|
Minor bug fix to make the Partial UNION query SQL injection technique
work properly also on Oracle and Microsoft SQL Server.
|
2008-12-22 22:48:44 +00:00 |
|
Bernardo Damele
|
1f7810e46a
|
Major bug fix to make partial UNION query sql injection work properly
also on Microsoft SQL Server
|
2008-12-22 19:36:01 +00:00 |
|
Bernardo Damele
|
d0d6632c22
|
Initial support to automatically work around the dynamic page at each refresh
(Major refactor to the comparison algorithm (True/False response))
|
2008-12-18 20:48:23 +00:00 |
|
Bernardo Damele
|
dda62ba463
|
Minor adjustments and bug fixes
|
2008-12-17 20:11:18 +00:00 |
|
Bernardo Damele
|
072eb7154c
|
Major enhancement to support Partial UNION query SQL injection technique too.
Minor code cleanup.
|
2008-12-10 17:23:07 +00:00 |
|
Bernardo Damele
|
e3ddbe751f
|
Minor code refactoring
|
2008-12-02 23:49:38 +00:00 |
|
Bernardo Damele
|
578bcb9140
|
Initial support for partial UNION query sql injection
|
2008-12-02 21:56:23 +00:00 |
|
Bernardo Damele
|
7d7170fc97
|
Minor code adjustments
|
2008-11-17 00:13:49 +00:00 |
|
Bernardo Damele
|
892a7b2f8a
|
propsets..
|
2008-10-15 15:56:32 +00:00 |
|
Bernardo Damele
|
8e3eb45510
|
After the storm, a restore..
|
2008-10-15 15:38:22 +00:00 |
|