Bernardo Damele
|
c5d20b8a86
|
Initial support for ASP web backdoor functionality
|
2009-05-06 12:14:38 +00:00 |
|
Bernardo Damele
|
ccedadd780
|
Finished Mac OS X
|
2009-04-30 21:42:54 +00:00 |
|
Bernardo Damele
|
e8c115500d
|
Now it works also on Mac OS X
|
2009-04-30 10:46:50 +00:00 |
|
Bernardo Damele
|
722ca8bf2f
|
Minor "fix"
|
2009-04-29 19:45:12 +00:00 |
|
Bernardo Damele
|
57b8bb4c8e
|
Minor syntax adjustment for web backdoor functionality
|
2009-04-28 21:51:22 +00:00 |
|
Bernardo Damele
|
58f3eee390
|
Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library
|
2009-04-28 11:11:35 +00:00 |
|
Bernardo Damele
|
1d7de719b9
|
Almost done with web backdoor functionality
|
2009-04-28 11:05:07 +00:00 |
|
Bernardo Damele
|
16b4530bbe
|
Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).
Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS.
|
2009-04-27 23:05:11 +00:00 |
|
Bernardo Damele
|
5121a4dcba
|
Send IE7.0 as default User-Agent
|
2009-04-24 20:13:21 +00:00 |
|
Bernardo Damele
|
406d5df195
|
Minor layout adjustments
|
2009-04-24 20:12:52 +00:00 |
|
Bernardo Damele
|
546a6c32e3
|
Avoid deprecation warning on sha and md5 libraries on Python >= 2.6
|
2009-04-24 20:10:30 +00:00 |
|
Bernardo Damele
|
6f4035938b
|
Let the user choose also the local address in reverse OOB connection
|
2009-04-24 10:27:52 +00:00 |
|
Bernardo Damele
|
4ce74764b7
|
More verbose when reporting failure to create shellcode/payload stager (via Metasploit)
|
2009-04-23 20:39:32 +00:00 |
|
Bernardo Damele
|
1af6898618
|
Fixed POST parsing when -l option is provided (burp/webscarab log file)
|
2009-04-23 15:04:28 +00:00 |
|
Bernardo Damele
|
aefa7ef988
|
Avoid libmagic traceback on Windows.
WARNING: this release is a candidate, it only works on Linux/Unices for the moment!
|
2009-04-22 12:44:16 +00:00 |
|
Bernardo Damele
|
8c0ac767f4
|
Updated to sqlmap 0.7 release candidate 1
|
2009-04-22 11:48:07 +00:00 |
|
Bernardo Damele
|
0c1a6b3edf
|
Minor typo fix
|
2009-02-19 00:38:54 +00:00 |
|
Bernardo Damele
|
2efee058ea
|
Major enhancement in comparison algorithm
|
2009-02-12 00:17:44 +00:00 |
|
Bernardo Damele
|
ba00a17205
|
Minor layout adjustment
|
2009-02-09 10:58:44 +00:00 |
|
Bernardo Damele
|
2355885712
|
Minor adjustment
|
2009-02-09 10:29:07 +00:00 |
|
Bernardo Damele
|
207e96e2b2
|
Major bug fix in the comparison algorithm to correctly handle also the
case that the url is stable and the False response changes the page
content very little.
|
2009-02-09 10:28:03 +00:00 |
|
Bernardo Damele
|
b12d955274
|
Updated packaging scripts, site and finalized the documentation to release version 0.6.4
|
2009-02-03 15:38:40 +00:00 |
|
Bernardo Damele
|
770e000cb4
|
Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs
|
2009-02-02 23:44:19 +00:00 |
|
Bernardo Damele
|
dded57f1cd
|
Minor bug fix to correctly unpack user's custom queries on Microsoft SQL Server
|
2009-01-30 23:58:48 +00:00 |
|
Bernardo Damele
|
6054090191
|
sqlmap 0.6-rc5: major bug fix to make --sql-shell and --sql-query work properly also with mixed case statements (i.e oRDeR bY). Thanks Konrads Smelkovs to notifying.
|
2009-01-28 14:53:11 +00:00 |
|
Bernardo Damele
|
a8d57bb031
|
Avoid DeprecationWarning with Python 2.6+
|
2009-01-22 23:53:01 +00:00 |
|
Bernardo Damele
|
793c323b2a
|
Major bug fixes
|
2009-01-22 22:28:27 +00:00 |
|
Bernardo Damele
|
c25b49e80e
|
Major bugfix to avoid "IFNULL and CAST" on CASE
|
2009-01-19 21:27:51 +00:00 |
|
Bernardo Damele
|
8f973ce574
|
Minor layout adjustments
|
2009-01-18 22:36:48 +00:00 |
|
Bernardo Damele
|
fd7cb9101c
|
Major bug fix to forge SQL injection payload on Oracle
|
2009-01-13 23:15:57 +00:00 |
|
Bernardo Damele
|
bc448211c5
|
Minor layout adjustment
|
2009-01-13 23:15:23 +00:00 |
|
Bernardo Damele
|
5560f0b68a
|
Updated the copyright
|
2009-01-12 21:35:38 +00:00 |
|
Bernardo Damele
|
92645dd264
|
Minor adjustment
|
2009-01-10 14:51:12 +00:00 |
|
Bernardo Damele
|
e10ab5aa0e
|
Major bug fixes
|
2009-01-10 14:39:27 +00:00 |
|
Bernardo Damele
|
9c125a2b57
|
Minor improvement to use Python ConfigParser library when --save if specified.
Minor update to the user's manual
|
2009-01-03 22:59:22 +00:00 |
|
Bernardo Damele
|
d0604ef513
|
Major bug fix to correctly handle custom SQL "limited" queries on Oracle
|
2009-01-03 01:19:04 +00:00 |
|
Bernardo Damele
|
2d87a3349f
|
Fixed custom MSSQL "limited" query support also for Partial UNION query technique
|
2009-01-03 00:27:04 +00:00 |
|
Bernardo Damele
|
9c42a883be
|
Major bug fix to make it work properly with MSSQL custom limited (SELECT
TOP ...) queries with both inferential blind and Full UNION query
injection
|
2009-01-02 23:26:45 +00:00 |
|
Bernardo Damele
|
c1010c20d8
|
Minor adjustments
|
2008-12-30 21:24:01 +00:00 |
|
Bernardo Damele
|
a4d62af2ea
|
Minor layout adjustments to --union-tech
|
2008-12-29 18:48:23 +00:00 |
|
Bernardo Damele
|
9340bf59fb
|
Updated Microsoft SQL Server signature XML file.
Minor layout adjustments to --update output messages/diff
|
2008-12-29 18:46:43 +00:00 |
|
Bernardo Damele
|
c83593c044
|
Limited custom query now works also on Oracle in inferential blind SQL
injection technique
|
2008-12-23 23:34:50 +00:00 |
|
Bernardo Damele
|
64bb57d786
|
Minor bug fix to make the Partial UNION query SQL injection technique
work properly also on Oracle and Microsoft SQL Server.
|
2008-12-22 22:48:44 +00:00 |
|
Bernardo Damele
|
1f7810e46a
|
Major bug fix to make partial UNION query sql injection work properly
also on Microsoft SQL Server
|
2008-12-22 19:36:01 +00:00 |
|
Bernardo Damele
|
04c187c66a
|
Working on a bug (fix for Partial UNION query SQL injection technique
both Oracle and Microsoft SQL Server).
|
2008-12-22 00:51:09 +00:00 |
|
Bernardo Damele
|
2f406b3e56
|
Minor adjustments
|
2008-12-22 00:04:28 +00:00 |
|
Bernardo Damele
|
4ae464c80d
|
Minor enhancement to support an option (--union-tech) to specify the
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
|
2008-12-21 21:39:53 +00:00 |
|
Bernardo Damele
|
35708a0b97
|
Minor adjustment to UNION query SQL injection detection function.
Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py.
|
2008-12-21 16:35:03 +00:00 |
|
Bernardo Damele
|
996a872e51
|
We are already on sqlmap 0.6.4 release candidate 1..
|
2008-12-20 13:23:26 +00:00 |
|
Bernardo Damele
|
c18efe5084
|
Minor adjustments
|
2008-12-20 13:21:47 +00:00 |
|