sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,342 Commits 4 Branches 117 Tags 97 MiB
c25c017c08
Commit Graph

900 Commits

Author SHA1 Message Date
Miroslav Stampar
48e0261e68 update for Feature #61 2010-09-24 13:19:35 +00:00
Miroslav Stampar
ff419f7384 more changes regarding path (URI) injection 2010-09-24 09:19:14 +00:00
Miroslav Stampar
e4925eb3dd update 2010-09-23 21:57:11 +00:00
Miroslav Stampar
13bb3a6212 minor update 2010-09-23 14:07:23 +00:00
Miroslav Stampar
927ad7bf13 update 2010-09-22 12:21:21 +00:00
Miroslav Stampar
da8ae5578b first commit regarding Feature #144 2010-09-22 11:56:35 +00:00
Miroslav Stampar
540a9b391f stripped some trailing spaces 2010-09-16 13:19:13 +00:00
Miroslav Stampar
8cf1aa6abe added keepAlive under -o switch too 2010-09-16 10:41:52 +00:00
Miroslav Stampar
4fd7db52dd minor update 2010-09-16 10:23:51 +00:00
Miroslav Stampar
6259114c02 added optimization switch (-o) 2010-09-16 10:12:53 +00:00
Miroslav Stampar
bfffd5e333 added --null-connection as an experimental option 2010-09-16 10:01:33 +00:00
Miroslav Stampar
975b96ae28 minor refactoring 2010-09-16 09:47:33 +00:00
Miroslav Stampar
1741801ade implementation of HEAD/Range methods 2010-09-16 09:32:09 +00:00
Miroslav Stampar
b745331974 added null connection check 2010-09-16 08:43:10 +00:00
Miroslav Stampar
ecd6b573f7 added method parameter to the queryPage function 2010-09-15 14:17:17 +00:00
Miroslav Stampar
9a72a25704 again minor update 2010-09-15 13:59:55 +00:00
Miroslav Stampar
76233ff5a3 added skeleton for live testing 2010-09-15 13:55:28 +00:00
Miroslav Stampar
53800ef65f more refactoring 2010-09-15 13:32:42 +00:00
Miroslav Stampar
abc12bc361 more refactoring 2010-09-15 13:28:56 +00:00
Miroslav Stampar
682872689a some more refactoring 2010-09-15 12:59:51 +00:00
Miroslav Stampar
91a0b5df3c minor update 2010-09-15 12:52:28 +00:00
Miroslav Stampar
b699f98cbb minor refactoring 2010-09-15 12:51:02 +00:00
Miroslav Stampar
34a8cd75e3 added support for setting HTTP method manualy 2010-09-15 12:45:41 +00:00
Miroslav Stampar
798ab4989b fix for a Bug #200 2010-09-14 10:35:01 +00:00
Miroslav Stampar
77a53228c5 changes regarding dynamic content recognition 2010-09-13 21:01:46 +00:00
Miroslav Stampar
c886659f82 fix 2010-09-13 15:24:56 +00:00
Miroslav Stampar
827cd1d56b minor fix 2010-09-13 15:22:29 +00:00
Miroslav Stampar
2350a3c74d minor change 2010-09-13 15:20:13 +00:00
Miroslav Stampar
cdc6bdcbe8 changes 2010-09-13 15:19:47 +00:00
Miroslav Stampar
19fb2e3dcf fix for Bug #165 2010-09-13 13:31:01 +00:00
Miroslav Stampar
61120b0bac minor comment added 2010-09-09 14:08:53 +00:00
Miroslav Stampar
53289c6a42 fix for bug reported by Marek Sarvas (unicode) 2010-09-09 14:03:45 +00:00
Miroslav Stampar
1b3d287a09 fix for a bug reported by shaohua pan (and one other bug) 2010-09-07 10:21:42 +00:00
Miroslav Stampar
27d76847fe fix for bug reported by Truong Duc Luong 2010-09-01 08:46:21 +00:00
Miroslav Stampar
e810fe7b0b no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions 2010-08-31 13:37:53 +00:00
Miroslav Stampar
f5953bacc0 fix for direct connection parsing (now on windows machines python sqlmap.py -d access://C:\testdb.mdb is valid, while before it wasn't) 2010-08-30 16:35:28 +00:00
Miroslav Stampar
48cc87f6a9 added support for fingerprinting SAP MaxDB (Issue 143) 2010-08-30 13:29:19 +00:00
Miroslav Stampar
436b7d82fb fixed a bug reported by Marek Sarvas 2010-08-22 08:52:15 +00:00
Miroslav Stampar
2cd8f31003 some doc test samples included 2010-08-20 21:27:47 +00:00
Miroslav Stampar
4edf6ebe00 update for smoke tests 2010-08-20 21:01:51 +00:00
Miroslav Stampar
8aa12db425 added option --proxy-cred for setting proxy credentials (Feature #195) 2010-08-18 22:45:00 +00:00
Miroslav Stampar
70197affa0 little update (--ratio has a bigger priority then resumed value) 2010-08-10 19:57:59 +00:00
Miroslav Stampar
057ec8a6b2 added --ratio option for direct manipulation of conf.matchRatio parameter 2010-08-10 19:53:29 +00:00
Miroslav Stampar
02523dbfb5 fix of fix 2010-08-09 22:13:56 +00:00
Miroslav Stampar
6eab7997d1 fix for bug reported by dragoun dash (TypeError: sequence item 0: expected string, NoneType found) 2010-08-08 22:25:33 +00:00
Miroslav Stampar
e0fe5d1504 bug fix for error reported by Marek Sarvas (error data) 2010-08-08 21:48:22 +00:00
Miroslav Stampar
0cab4a5355 fix for bug reported by m4l1c3 (UnicodeEncodeError) 2010-08-08 21:22:37 +00:00
Miroslav Stampar
8cb95583e3 some more adjustments 2010-07-30 12:59:44 +00:00
Miroslav Stampar
7dcc2031ac smoke test adjustments 2010-07-30 12:57:58 +00:00
Miroslav Stampar
092829c189 implemented basic smoke testing mechanism 2010-07-30 12:49:25 +00:00
Miroslav Stampar
28d9115373 fix for Feature #187 (Skip duplicates parameters in -g) 2010-07-29 20:01:04 +00:00
Miroslav Stampar
6a6ff09c9a fix for a bug reported by Marek Sarvas 2010-07-26 08:11:28 +00:00
Miroslav Stampar
c39d819dd2 fix for a resume bug reported by Augusto Urbieta 2010-07-20 08:13:02 +00:00
Miroslav Stampar
d2f88b6ebe detecting infinite redirect loops (Feature #192) 2010-07-19 12:38:30 +00:00
Miroslav Stampar
b37dca1c2c minor adjustment 2010-07-19 09:06:19 +00:00
Miroslav Stampar
9edd468caf multithreading save to session on abort 2010-07-19 08:37:45 +00:00
Miroslav Stampar
48a67d6d51 fix for "unknown charset 'windows-874'" reported by Phat R. 2010-07-15 08:44:42 +00:00
Bernardo Damele
49af0c43a5 Forgot 2010-07-01 15:26:18 +00:00
Bernardo Damele
7349f3a70f Closes #197 2010-07-01 15:25:57 +00:00
Miroslav Stampar
bb9401ba52 minor minor fixup 2010-07-01 14:14:43 +00:00
Miroslav Stampar
9d28ae23ca fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval) 2010-07-01 14:11:45 +00:00
Bernardo Damele
8dfe08a353 Minor bug fix to -d 2010-07-01 10:44:31 +00:00
Miroslav Stampar
0d08903bc3 some charset fix up 2010-06-30 12:09:33 +00:00
Bernardo Damele
24428c1a1b Added warning message if both --proxy and --keep-alive are provided 2010-06-30 11:41:42 +00:00
Bernardo Damele
d40a238335 Make --keep-alive public 2010-06-30 11:29:35 +00:00
Bernardo Damele
8625763c07 Minor code refactoring 2010-06-30 11:22:25 +00:00
Bernardo Damele
c33f3ef844 Minor adjustment to HTTP headers handling 2010-06-29 23:51:44 +00:00
Bernardo Damele
fb9f669544 More verbose comments 2010-06-29 21:10:33 +00:00
Bernardo Damele
8576817a2b Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196. 2010-06-29 21:07:23 +00:00
Bernardo Damele
ea45d75f2d Major bug fix to parse and store all HTTP headers from the request file (-r) 2010-06-29 21:06:03 +00:00
Bernardo Damele
7cad3cbda6 Minor code refactoring 2010-06-28 13:47:20 +00:00
Bernardo Damele
9ea72f9640 Minor bug fixes to -d 2010-06-25 13:24:43 +00:00
Miroslav Stampar
ccfc9b0fec fix for that bug linux man reported (UnicodeEncodeError inside raw_input) 2010-06-23 07:30:15 +00:00
Bernardo Damele
17e228024b Minor enhancements and bug fixes to "good samaritan" feature - see #4 2010-06-21 14:40:12 +00:00
Bernardo Damele
b98f6ac71c Minor layout adjustment 2010-06-17 13:27:43 +00:00
Bernardo Damele
fd76f048b6 Added common pattern value support to bisection algorithm 2010-06-17 11:38:32 +00:00
Bernardo Damele
9bce22683b Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g) 2010-06-11 10:08:19 +00:00
Bernardo Damele
c23ea4c749 --keep-alive is not compatible with --proxy 2010-06-10 21:19:45 +00:00
Bernardo Damele
75dc44deb8 Minor adjustments 2010-06-10 15:34:28 +00:00
Miroslav Stampar
35642a0450 some more adjustments 2010-06-10 15:03:08 +00:00
Miroslav Stampar
1b30c46348 fix for an bug reported by David Guimaraes 2010-06-10 14:52:33 +00:00
Bernardo Damele
fea2414759 Display HTTP request in -v>=3 even if connection failed 2010-06-10 14:42:17 +00:00
Bernardo Damele
5bb8e154eb Minor code improvements 2010-06-10 14:15:32 +00:00
Bernardo Damele
d3c8e461cf Minor layout adjustments 2010-06-10 14:14:56 +00:00
Miroslav Stampar
ac55e1b75f fix for localhost firebird direct db access 2010-06-10 12:02:48 +00:00
Miroslav Stampar
36953221f8 few quick changes 2010-06-10 11:34:17 +00:00
Miroslav Stampar
c398353e06 support for loading 'faulty character set' session files 2010-06-09 16:07:47 +00:00
Miroslav Stampar
eaef068c90 major bug fix (different HTTP content charsets are now properly handled) 2010-06-09 14:40:36 +00:00
Miroslav Stampar
38e5e342f8 added prettyprint module with fixed toprettyxml() method 2010-06-07 09:03:03 +00:00
Miroslav Stampar
9e76b847b3 fix regarding bug discovered by Andreas Constantinides 2010-06-04 17:07:17 +00:00
Miroslav Stampar
7fbeebc4d9 grammar fix 2010-06-03 08:55:13 +00:00
Miroslav Stampar
464f171a8c added reusage of xml output and removed toprettyxml which has lots and lots of problems (output once stored is not usable any more from any xml parser/reader because it adds whitespaces all over the output just to be more 'human' readable) 2010-06-03 07:36:30 +00:00
Miroslav Stampar
bf071d33d2 some comments added 2010-06-02 15:18:33 +00:00
Miroslav Stampar
c470255c18 minor update 2010-06-02 14:56:39 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Miroslav Stampar
2fb8bf3b6a more dump/unicode cleanup 2010-06-02 12:31:36 +00:00
Bernardo Damele
64ad3b03be Minor bug fix 2010-06-02 11:01:41 +00:00
Miroslav Stampar
17e0e83990 minor unimportant update 2010-06-02 08:34:57 +00:00
Miroslav Stampar
32a0ba9296 fixing unicode mess 2010-06-02 08:28:38 +00:00
Miroslav Stampar
eb94edc48c added keepalive module 2010-06-01 12:21:10 +00:00
Miroslav Stampar
af2f184464 some comments regarding inference.py 2010-05-31 15:20:20 +00:00
Bernardo Damele
6df2d98fc9 Minor bug fix in common.py goGoodSamaritan(). 
Minor code cleanup and adjustments.
 2010-05-31 15:05:29 +00:00
Miroslav Stampar
db7ede96fd more updates/fixes 2010-05-31 11:11:53 +00:00
Miroslav Stampar
4bb5885413 some changes regarding --common-outputs feature 2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77 added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session) 2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
8be91a98cc Minor bug fix and adjustment 2010-05-29 15:28:37 +00:00
Bernardo Damele
e98b049e7f Added unicode support also to PostgreSQL connector - see #184. 2010-05-29 11:46:41 +00:00
Bernardo Damele
89c721a451 More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files. 2010-05-29 10:10:28 +00:00
Bernardo Damele
84778f0e6c Minor fix, leave like this 2010-05-29 08:58:55 +00:00
Miroslav Stampar
a4155269c5 bug fix (unicode(unicode) results in “TypeError: decoding Unicode is not supported” (http://www.red-mercury.com/blog/eclectic-tech/python-mystery-of-the-day/) 2010-05-29 07:25:38 +00:00
Miroslav Stampar
d3e527aba3 minor update 2010-05-29 07:13:54 +00:00
Bernardo Damele
e811101dce Minor bug fix 2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb Major bug fix in multipartpost and minor adjustments elsewhere 2010-05-28 23:12:20 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta. 
Minor bug fixes and adjustments.
 2010-05-28 16:43:04 +00:00
Bernardo Damele
a138dbe5f6 Minor bug fixes and code refactoring 2010-05-28 15:57:43 +00:00
Miroslav Stampar
919a8345d6 minor fix 2010-05-28 15:30:02 +00:00
Miroslav Stampar
ad3c425a18 quick fix 2010-05-28 15:26:55 +00:00
Miroslav Stampar
ac6ce478a0 just removing unneded and possible future source of confusion 2010-05-28 14:19:12 +00:00
Miroslav Stampar
accaf0b3bd minor refactoring 2010-05-28 14:07:48 +00:00
Miroslav Stampar
0f5768cddf more and more fixes 2010-05-28 14:04:34 +00:00
Miroslav Stampar
a3db3c03c1 str() -> unicode() 2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Bernardo Damele
7e78876f6a Minor bug fix to parse properly also unicode characters from configuration file 2010-05-28 12:07:30 +00:00
Miroslav Stampar
94354d0862 removing previous fix 2010-05-28 11:53:27 +00:00
Miroslav Stampar
37b8d0c480 utf8 decoding of program arguments 2010-05-28 11:48:44 +00:00
Bernardo Damele
f26de89216 Minor bug fix to correctly deal with unicode queries with -d 2010-05-28 11:32:10 +00:00
Miroslav Stampar
655bd79fc4 some renaming 2010-05-28 10:50:54 +00:00
Miroslav Stampar
838762fb00 previous quick fix removal 2010-05-28 10:38:23 +00:00
Miroslav Stampar
7ef286a76f some speed up 2010-05-28 10:33:09 +00:00
Miroslav Stampar
48c0f4f053 minor fix 2010-05-28 10:17:03 +00:00
Miroslav Stampar
4eccf1a25d quick fix 2010-05-28 10:01:19 +00:00
Miroslav Stampar
f36e093fa7 minor update 2010-05-28 09:13:50 +00:00
Bernardo Damele
7e925bcfe8 Adapted code following last commit 2010-05-27 16:46:17 +00:00
Bernardo Damele
9de1671b8f Code refactoring and minor bug fixes. 2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e minor fix/adjustment regarding getCompiledRegex 2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf some comments added 2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced some more changes 2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f fuck yea, first tests (MySQL/--tables & --common-prediction) are great :) 2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99 more code updates regarding good samaritan (common output) feature 2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024 minor update regarding good samaritan 2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec added singleValue parameter for good samaritan (same thing Bernardo wanted :) 2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e new commit regarding good samaritan feature 2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Miroslav Stampar
1f07db875d fix for that float() report from Shaohua Pan 2010-05-24 20:12:37 +00:00
Bernardo Damele
a43eb64c5d Minor refactoring 2010-05-24 15:46:12 +00:00
Miroslav Stampar
f718425cf4 minor fix 2010-05-24 11:18:47 +00:00
Miroslav Stampar
0197f8db5c code refactoring regarding issue #184 2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac added support for proper unicode session(s) storage/retrieval 2010-05-24 11:00:49 +00:00
Miroslav Stampar
f34e6badfd removed pdb 2010-05-24 09:29:16 +00:00
Miroslav Stampar
f0d3e6c565 fix 2010-05-24 09:28:20 +00:00
Miroslav Stampar
887352746b some speedup (usage of xrange (virtual range) instead of range) 2010-05-23 22:14:57 +00:00
Miroslav Stampar
2c2d6d3623 operator fix 2010-05-23 21:35:42 +00:00
Miroslav Stampar
7dc1bf0324 quick (probably not final) fix for unicode inference (not yet tested) 2010-05-23 21:32:51 +00:00
Bernardo Damele
03fb84e29f Minor enhancement to internal --profile function 2010-05-21 15:06:05 +00:00
Miroslav Stampar
20d05cc404 way to handle re.I (ignore case) while using getCompiledRegex 2010-05-21 15:03:40 +00:00
Miroslav Stampar
5d5ebd49b6 introducing regex caching mechanism 2010-05-21 14:42:59 +00:00
Miroslav Stampar
14cab8527e minor adjustment 2010-05-21 14:25:38 +00:00
Miroslav Stampar
3110bb10fc added test for site existance 2010-05-21 13:36:49 +00:00
Bernardo Damele
7ee20480a4 Added a TODO note 2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4 Minor adjustment 2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb minor adjustments 2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53 minor code adjustment 2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585 in a mood for more changes 2010-05-21 12:44:09 +00:00
Miroslav Stampar
219628aa01 quick fixes 2010-05-21 12:25:49 +00:00
Miroslav Stampar
78547bb79e quick fix 2010-05-21 12:19:20 +00:00
Bernardo Damele
cda8da288c Minor adjustment 2010-05-21 12:18:43 +00:00
Bernardo Damele
a21a7fc56d Minor code refactoring 2010-05-21 12:09:31 +00:00
Miroslav Stampar
f6bffb61d3 minor adjustment 2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872 fix for my imperfect calculations :) 2010-05-21 11:41:49 +00:00
Miroslav Stampar
9b91b30b69 minor refactoring 2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530 changes regarding putting of gprof2dot script inside extras and its usage 2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872 periodical commit 2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7 Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191. 2010-05-20 10:52:14 +00:00
Bernardo Damele
72fda2a3e4 Minor bug fix to correctly resuming --union-test results from session file. 2010-05-19 14:21:59 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Miroslav Stampar
e938331d8e better regex used avoiding garbage google images 2010-05-15 22:02:28 +00:00
Miroslav Stampar
d20b99ed65 fix (google is changing that class r to class "r") 2010-05-15 21:51:31 +00:00
Miroslav Stampar
b8a5a54395 minor update 2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49 some code refactoring and minor speed up (jump prediction rule) 2010-05-14 15:20:34 +00:00
Miroslav Stampar
ed20f1cf33 some more speed up (one time compilation of popular regexes) 2010-05-14 14:48:54 +00:00
Miroslav Stampar
3ead88c364 minor tweak 2010-05-14 14:36:54 +00:00
Miroslav Stampar
131789a6e4 some code refactoring 2010-05-14 14:21:13 +00:00
Miroslav Stampar
19a82e151c minor cleanup 2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a optimization of CPU intensive sanitizeAsciiString 2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab added CPU throttling for lowering sqlmap's CPU intensivity 2010-05-13 15:19:28 +00:00
Miroslav Stampar
d96723a135 fix for Feature #157 2010-05-13 11:17:24 +00:00
Miroslav Stampar
ca3e12ae73 added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 11:05:35 +00:00
Miroslav Stampar
0a4c1f8aec unfix (conf.timeSec is an integer - my fault) 2010-05-13 09:34:08 +00:00
Miroslav Stampar
2fdac83607 minor fix 2010-05-13 08:27:51 +00:00
Bernardo Damele
9efe001515 SQLite does not support BETWEEN 2010-05-12 22:02:47 +00:00
Miroslav Stampar
893bc04fe4 changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm) 2010-05-12 11:30:32 +00:00
Bernardo Damele
8b74c405f5 Minor output bug fix 2010-05-11 14:15:03 +00:00
Bernardo Damele
457d32c73e Proper displaying of debug messages (-v >= 2) 2010-05-11 13:58:53 +00:00
Miroslav Stampar
1a8beebc8c minor fix 2010-05-11 13:55:30 +00:00
Miroslav Stampar
1e5ecbaa97 speedup of initial session file handling 2010-05-11 13:36:30 +00:00
Miroslav Stampar
6752e66164 added charsetType=2 (integer) to queryOutputLength 2010-05-11 12:23:38 +00:00
Miroslav Stampar
430a25407b fixed that thread partial output problem (one character behind) reported by Kasper Fons 2010-05-11 11:06:21 +00:00
Bernardo Damele
4c91b5a896 Minor fix 2010-05-10 14:18:41 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190: 
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
 2010-05-07 13:40:57 +00:00
Bernardo Damele
44ea8f1861 Minor adjustment 2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d Major bug fix (reported by Thierry Zoller) 2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3 one more thing 2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f more quick fixes 2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2 better way to handle that last commit problem 2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0 added exception handler around block reported by Thierry Zoller 2010-05-04 08:03:48 +00:00
Bernardo Damele
90d9900371 Minor bug fix to consider --start and --stop also in partial UNION query SQL injection 2010-04-30 15:48:40 +00:00
Bernardo Damele
4d46f997a7 Minor bug fix 2010-04-29 13:34:03 +00:00
Miroslav Stampar
d8e5585c66 fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError) 2010-04-29 08:30:29 +00:00
Bernardo Damele
fa48d26f95 Minor cosmetic fix 2010-04-26 12:34:21 +00:00
Miroslav Stampar
7eef76f1b0 added basic option validation for start/stop values regarding David Guimaraes mail 2010-04-26 11:23:12 +00:00
Bernardo Damele
a1b1f960cc Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function 2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66 Reverted 2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17 Reimported needed imports! 2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95 fix for that takeover bug Ethan Robish posted (Windows/PHP) 2010-04-22 10:31:33 +00:00
Miroslav Stampar
7d3a200ab8 fix for Bug #183 2010-04-19 15:25:52 +00:00
Bernardo Damele
2840f20605 Minor bug fix 2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9 some code refactoring 2010-04-16 19:57:00 +00:00
Miroslav Stampar
1bdf94f236 fix for Bug #164 (Proper usage of special characters in paths) 2010-04-16 15:46:31 +00:00
Miroslav Stampar
bece99908c fix regarding Bug #164 (Proper usage of special characters in paths) - not clear if that's all 2010-04-16 15:12:42 +00:00
Miroslav Stampar
938a3ab0b9 fix for Bug #183 (--threads dot output) 2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47 implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests) 2010-04-16 12:44:47 +00:00
Bernardo Damele
a0c8adc266 Minor bug fix to add the "hinted" request to the total number of requests performed 
Minor layout adjustments.
 2010-04-15 10:08:27 +00:00
Bernardo Damele
5e86087cb1 Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now. 2010-04-15 10:06:38 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
1ab78ce60e Added support to directly connect also to SQLite 2 db file 2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f Minor adjustment 2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947 added some nagging for connection details 2010-04-13 11:00:15 +00:00
Bernardo Damele
eecee3b274 Added resume functionality to -d and fixed logging with -d 2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e Fixes non-deterministic unsorted results for most of the DBMSes - see #185 2010-04-09 15:48:53 +00:00
Miroslav Stampar
fcceceed45 fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version 2010-04-09 10:40:08 +00:00
Miroslav Stampar
63c70018ca fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com 2010-04-09 10:16:15 +00:00
Bernardo Damele
effc7dc41c Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password" 2010-04-07 09:47:14 +00:00
Bernardo Damele
758a858785 Minor adjustments 2010-04-06 20:40:14 +00:00
Miroslav Stampar
6e7be5edb0 another fix 2010-04-06 15:51:36 +00:00
Miroslav Stampar
3fe9f9cac9 another fix 2010-04-06 15:28:34 +00:00
Miroslav Stampar
a6a2e993cc minor update 2010-04-06 15:24:56 +00:00
Miroslav Stampar
c303feab17 fix 2010-04-06 15:14:32 +00:00
Miroslav Stampar
e2810003ae more update 2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c some update 2010-04-06 14:59:31 +00:00
Miroslav Stampar
60f04f0a41 new module for interruptable threads 2010-04-06 14:33:57 +00:00
Bernardo Damele
2d55ec19a3 Minor code restyling 2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9 fix for "Problem with --dbms set" reported by David Guimaraes 2010-04-05 23:09:35 +00:00
Miroslav Stampar
0a363d3f2b fix for not properly clearing cookies when in multiple targets scanning mode spotted by Kasper Fons 2010-04-04 14:38:48 +00:00
Miroslav Stampar
4129cb22a7 update regarding bug reported by Ole Rasmussen 2010-04-03 19:41:47 +00:00
Bernardo Damele
cad8f61d55 Force pymssql to version >= 1.0.2 2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database. 
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
 2010-03-31 10:50:47 +00:00
Miroslav Stampar
8702cce760 fix 2010-03-30 13:23:20 +00:00
Miroslav Stampar
c2a6f21095 refactoring regarding usage of conf.dbmsConnector.connect() 2010-03-30 13:03:19 +00:00
Miroslav Stampar
a02ec29c15 too 2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f replace only first occurrence 2010-03-30 11:52:01 +00:00
Miroslav Stampar
bfc12e93c5 ms access returns -1 for True 2010-03-30 11:33:51 +00:00
Miroslav Stampar
ae3455a0c2 more update 2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075 update 2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e updates, fixes and stuff 2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b Added support to connect directly also to Oracle - see #158 2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). 
Minor layout adjustments.
 2010-03-26 23:23:25 +00:00
Miroslav Stampar
4ca1adba2c update 2010-03-26 21:30:36 +00:00
Miroslav Stampar
1ec5221d82 minor update 2010-03-26 20:51:55 +00:00
Miroslav Stampar
0aa8f7309b added copyright notice and keywords 2010-03-26 20:23:08 +00:00
Miroslav Stampar
2e05e1c54d new module for Feature #61 2010-03-26 20:19:18 +00:00
Miroslav Stampar
8bab94de64 added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71 2010-03-26 17:18:02 +00:00
Miroslav Stampar
5a6a01f24c added socket timeout exception handling regarding that timeout message from Fahad Al Shunaiber 2010-03-26 11:51:23 +00:00
Bernardo Damele
be81c20298 Minor layout adjustment 2010-03-25 16:26:50 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180. 
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
 2010-03-25 15:46:06 +00:00
Bernardo Damele
f4f68218bc Minor layout adjustment for --threads and --eta output 2010-03-25 11:47:18 +00:00
Bernardo Damele
8e57767c48 Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET 2010-03-23 10:27:39 +00:00
Bernardo Damele
f9a135e232 Minor bug fix and layout adjustment regarding --threading and standard output 2010-03-22 17:38:19 +00:00
Bernardo Damele
d13ad8b2d7 fixes #181 - proper save/resume information about single entry UNION SQL injection 2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a Code cleanup 2010-03-21 00:39:44 +00:00
Bernardo Damele
72f3674844 Minor bug fix 2010-03-18 17:36:58 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx). 
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
 2010-03-18 17:20:54 +00:00
Bernardo Damele
d2f86fb0a5 Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now 2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a Fixes #178 and #179 - proper handling of custom redirects 2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b Revert last commit 2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d Fix for Issue #177 2010-03-16 13:11:44 +00:00
Bernardo Damele
323cf2b7f2 Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g) 2010-03-16 12:14:02 +00:00
Bernardo Damele
6d0ea86414 Fixes #59 - proper customizable redirect (302 and 301) 2010-03-15 14:24:43 +00:00
Miroslav Stampar
417f7fae00 Fix for "bug: -g uses wrong session file" 2010-03-15 12:02:04 +00:00
Miroslav Stampar
8af7d6c58b minor cosmetic update 2010-03-15 11:55:13 +00:00
Miroslav Stampar
a0ec447b7d fix for Issue #170 2010-03-15 11:33:34 +00:00
Bernardo Damele
7f5bc5e3fe Increased version to 0.9-dev 2010-03-15 11:04:57 +00:00
Bernardo Damele
5063401130 Minor bug fix, fixes #170 2010-03-15 11:00:14 +00:00
Bernardo Damele
572b6fd920 sqlmap 0.8 stable! 2010-03-15 01:17:27 +00:00
Miroslav Stampar
a6ab42c873 new file with getch() method which we'll use for good samaritan feature 2010-03-13 17:28:23 +00:00
Miroslav Stampar
4c6c91a80b another --reg-read fix 2010-03-12 23:12:06 +00:00
Bernardo Damele
7d8cc1a482 Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why: 
1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.

Minor layout adjustments.
 2010-03-12 22:43:35 +00:00
Miroslav Stampar
6b1ae62753 final fix for reading registry keys (now both parse and non-parse reads work fine) 2010-03-12 22:26:06 +00:00
Miroslav Stampar
0a2fe651ab some fixes regarding registry reading 2010-03-12 22:09:58 +00:00
Bernardo Damele
25f8a72414 Minor layout adjustment 2010-03-12 14:48:33 +00:00
Miroslav Stampar
17d0b82fee two dots instead of three 2010-03-12 14:31:14 +00:00
Bernardo Damele
e8d76994ba Minor bug fix to avoid resuming data filled into the sqlmap support tables 2010-03-12 14:30:21 +00:00
Miroslav Stampar
15c638ac52 some beautification 2010-03-12 13:07:07 +00:00
Miroslav Stampar
7ec04281dd minor adjustments 2010-03-12 12:46:26 +00:00
Miroslav Stampar
fffda32f76 fix for Bug #167 2010-03-12 12:38:19 +00:00
Bernardo Damele
f6adb431e6 Minor layout adjustment and typo fix 2010-03-12 12:23:05 +00:00
Bernardo Damele
b50a2288f4 Minor layout adjustments 2010-03-11 23:54:07 +00:00
Miroslav Stampar
ec43419ad1 minor makeup fix 2010-03-11 11:20:52 +00:00
Miroslav Stampar
2c053d5cfb fix for Bug #166 (Keyboard interrupt in Python threading) 2010-03-11 11:14:20 +00:00
Bernardo Damele
fdf417f57e Minor adjustment and bug fix 2010-03-10 22:08:11 +00:00
Miroslav Stampar
91dd609e26 fixed threading bug (difflib :) 2010-03-10 14:14:27 +00:00
Bernardo Damele
cc611c0010 Minor layout adjustments 2010-03-09 22:14:26 +00:00
Miroslav Stampar
3f3ddd5437 fix for that SELECT DISTINCT(LENGTH(...)) "misbehavior" 2010-03-09 13:14:43 +00:00
Bernardo Damele
8593741358 Minor bug fix 2010-03-05 15:25:53 +00:00
Bernardo Damele
7136c17f19 Minor log adjustments 2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c update 2010-03-05 14:06:03 +00:00
Miroslav Stampar
58d54b6515 added new option --flush-session 2010-03-04 13:01:18 +00:00
Miroslav Stampar
b544405878 fixed some issue involving banner parsing 2010-03-04 09:15:26 +00:00
Bernardo Damele
ef7666c12b Minor code cleanup 2010-03-03 19:23:43 +00:00
Bernardo Damele
9adeaa6191 Code cleanup 2010-03-03 18:57:09 +00:00
Bernardo Damele
a654a426ef Minor adjustments 2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Miroslav Stampar
759b720425 documentation update 2010-03-03 13:59:29 +00:00
Miroslav Stampar
415d5f2b44 minor update 2010-03-03 13:49:24 +00:00
Miroslav Stampar
5d792feffd minor update 2010-03-03 10:57:54 +00:00
Bernardo Damele
2f452480b3 Minor bug fix in syntax 2010-03-01 14:40:18 +00:00
Miroslav Stampar
c93e265269 fix for that banner fetching issue reported by Daniel Huckmann 2010-03-01 10:33:36 +00:00
Bernardo Damele
dd3f65f0fb Updated ChangeLog 2010-02-26 15:37:24 +00:00
Bernardo Damele
f53ef947f1 Slightly stealthier 2010-02-26 13:14:57 +00:00
Bernardo Damele
694356821d sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious 2010-02-26 13:13:50 +00:00
Miroslav Stampar
1f2a1bb24c removed some redundant code 2010-02-26 12:36:41 +00:00
Bernardo Damele
8c68d25b39 Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all 2010-02-26 12:00:47 +00:00
Miroslav Stampar
89e919f07a fixing my mistake 2010-02-26 10:01:23 +00:00
Miroslav Stampar
5ebf572cae added option --ignore-proxy 2010-02-25 20:55:10 +00:00
Bernardo Damele
98496fd173 Show also site in the banner 2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a Adjusted banner, increased release candidate to rc7 2010-02-25 17:34:54 +00:00
Miroslav Stampar
e4c34ff86c changed default web server language behaviour 2010-02-25 16:55:02 +00:00
Miroslav Stampar
d95a8850c8 fix 2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8 important update regarding default directories 2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08 Minor code cleanup 2010-02-25 15:16:41 +00:00
Miroslav Stampar
4a3fa69f9d minor adjustment 2010-02-25 15:07:54 +00:00
Miroslav Stampar
3721451cd6 default dirs update 2010-02-25 14:51:39 +00:00
Bernardo Damele
0df5b5fed9 Minor bug fix and code adjustments 2010-02-25 14:06:44 +00:00
Miroslav Stampar
a0f5c3d885 minor update 2010-02-25 13:45:28 +00:00
Miroslav Stampar
3e152f8b20 minor code refactoring 2010-02-25 13:33:52 +00:00
Miroslav Stampar
28d5248c04 one more fix regarding localhost/global proxy issue 2010-02-25 13:30:22 +00:00
Miroslav Stampar
24d3e24db0 more updates regarding --os-shell feature 2010-02-25 12:16:49 +00:00
Miroslav Stampar
b558712a47 more feature updates 2010-02-25 11:40:49 +00:00
Miroslav Stampar
15d1fcbb7f now runcmd exe has random name too 2010-02-25 10:47:12 +00:00
Miroslav Stampar
2cafd5697b new changes regarding --os-shell 2010-02-25 10:33:41 +00:00
Miroslav Stampar
858cb25975 update 2010-02-24 23:40:56 +00:00
Miroslav Stampar
4bea0e343a Avoiding md5/sha1 deprecated warning in Python >=2.6 2010-02-23 08:54:33 +00:00
Miroslav Stampar
9c014c0fd0 minor change 2010-02-20 23:11:05 +00:00
Miroslav Stampar
2a07af2294 removed pdb tracing 2010-02-20 22:36:17 +00:00
Miroslav Stampar
0debc95ad4 some fixes 2010-02-20 22:31:54 +00:00
Bernardo Damele
d1e3596382 Minor UPX adjustment 2010-02-20 19:02:55 +00:00
Miroslav Stampar
0ed5ba5559 minor update 2010-02-16 13:24:09 +00:00
Miroslav Stampar
c4951fd631 some updates regarding --os-shell option 2010-02-16 13:20:34 +00:00
Bernardo Damele
8131f9c77c Added and fixed README files 2010-02-12 00:20:53 +00:00