Miroslav Stampar
|
1bcf5a6b88
|
Some more dict refactorings
|
2012-08-21 11:30:01 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
4649450603
|
Fix for an Issue #137
|
2012-08-16 22:20:24 +02:00 |
|
Miroslav Stampar
|
74ee0ce78a
|
Fix for an Issue #148
|
2012-08-14 23:25:12 +02:00 |
|
Miroslav Stampar
|
b78163f99b
|
Update for Issue #138
|
2012-08-08 19:06:47 +02:00 |
|
Miroslav Stampar
|
20a66567a3
|
Minor refactoring
|
2012-07-30 10:06:14 +02:00 |
|
Miroslav Stampar
|
ffc520b35f
|
Minor refactoring
|
2012-07-24 14:35:56 +02:00 |
|
Bernardo Damele
|
60242f92c5
|
made --search -D on MSSQL consistent with other DBMSes - issue #81
|
2012-07-20 23:37:56 +01:00 |
|
Bernardo Damele
|
7f10b01265
|
same fix as previous commit for blind techniques
|
2012-07-20 22:35:20 +01:00 |
|
Bernardo Damele
|
b54ae107cc
|
major bug fix in --search with multiple -C provided
|
2012-07-20 22:29:48 +01:00 |
|
Bernardo Damele
|
45177cf93d
|
minor restyling
|
2012-07-20 22:29:30 +01:00 |
|
Bernardo Damele
|
16668e1b8d
|
leftover debug message
|
2012-07-20 21:48:29 +01:00 |
|
Bernardo Damele
|
b0ab837832
|
minor code refactoring and implemented issue #95
|
2012-07-20 21:46:36 +01:00 |
|
Bernardo Damele
|
9cb1c4c0d9
|
plugin refactoring - issue #22
|
2012-07-20 19:17:35 +01:00 |
|
Bernardo Damele
|
52431402dd
|
minor fix to avoid cleanup() if web backdoor upload failed
|
2012-07-16 17:58:30 +01:00 |
|
Miroslav Stampar
|
c1a14257a4
|
Removing --disable... switches and making changes in default choice(s) for respectable sections
|
2012-07-16 11:31:51 +02:00 |
|
Miroslav Stampar
|
3f4186ce2c
|
Removing duplicate user password hashes
|
2012-07-14 10:57:46 +02:00 |
|
Miroslav Stampar
|
6677da63cd
|
Fix for an Issue #88
|
2012-07-13 14:25:39 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
cba2a26b68
|
Finishing Issue #75 (inference dumping)
|
2012-07-12 14:46:57 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Miroslav Stampar
|
3fd5119f3f
|
Redesigning for Issue #75
|
2012-07-12 13:42:22 +02:00 |
|
Bernardo Damele
|
fed178646a
|
minor refactoring
|
2012-07-12 01:48:07 +01:00 |
|
Bernardo Damele
|
01474f6272
|
proper debug message added - issue #75
|
2012-07-12 01:19:36 +01:00 |
|
Bernardo Damele
|
ee3aeb8dcf
|
actual implementation of issue #75, still some work to do
|
2012-07-12 01:16:00 +01:00 |
|
Bernardo Damele
|
caeddf6822
|
avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file
|
2012-07-12 00:17:07 +01:00 |
|
Bernardo Damele
|
66d854c7d8
|
leftover space
|
2012-07-12 00:04:56 +01:00 |
|
Bernardo Damele
|
53c0336b48
|
added --hostname switch to retrieve DBMS server hostname - closes issue #69
|
2012-07-12 00:01:57 +01:00 |
|
Bernardo Damele
|
6f6cd676b7
|
clean up the file system from sqlmap created web files
|
2012-07-11 14:07:20 +01:00 |
|
Bernardo Damele
|
0c5f259481
|
var renaming
|
2012-07-11 13:39:33 +01:00 |
|
Miroslav Stampar
|
9c4a62f725
|
Some work on Issue #68
|
2012-07-11 11:58:47 +02:00 |
|
Miroslav Stampar
|
8caffac4bc
|
conf.unescape->kb.unescape
|
2012-07-10 10:55:04 +02:00 |
|
Bernardo Damele
|
4656d23d82
|
increased verbosity level of some messages and removed a leftover
|
2012-07-10 01:43:19 +01:00 |
|
Bernardo Damele
|
00b7411a87
|
more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok
|
2012-07-10 01:39:03 +01:00 |
|
Bernardo Damele
|
2527554f8e
|
more work on #33
|
2012-07-10 00:53:07 +01:00 |
|
Bernardo Damele
|
c4af7b9aa0
|
initial work for issue #33
|
2012-07-10 00:27:08 +01:00 |
|
Bernardo Damele
|
25eca9d671
|
finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34
|
2012-07-09 14:26:23 +01:00 |
|
Bernardo Damele
|
e673033ac1
|
minor layout adjustment
|
2012-07-06 15:26:45 +01:00 |
|
Bernardo Damele
|
fb7fe552b7
|
proper naming
|
2012-07-06 15:13:50 +01:00 |
|
Miroslav Stampar
|
6a05e3fd79
|
Fix for Issue #61
|
2012-07-06 14:24:44 +02:00 |
|
Miroslav Stampar
|
27fdccc858
|
Update for Issue #55 (falling back to SELECT DB_NAME(N))
|
2012-07-03 20:15:17 +02:00 |
|
Bernardo Damele
|
ab412da27f
|
I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes
|
2012-07-01 23:25:05 +01:00 |
|
Miroslav Stampar
|
e51d3a02f1
|
Update for Issue #43 (renamed --disable-cracking to --disable-hash)
|
2012-06-28 18:53:47 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
303aa10507
|
only a small update
|
2012-06-27 14:43:18 +02:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
d5e80089ff
|
minor summer cleanup
|
2012-06-14 13:44:16 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
96177393e1
|
minor update regarding --exact switch
|
2012-06-10 13:38:12 +00:00 |
|
Miroslav Stampar
|
10b0639a96
|
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
|
2012-06-04 09:24:46 +00:00 |
|
Miroslav Stampar
|
1e18168cc8
|
fix for one silent bug and small language update
|
2012-05-23 16:35:40 +00:00 |
|
Miroslav Stampar
|
96299d3d5d
|
minor refactoring
|
2012-05-03 22:34:18 +00:00 |
|
Miroslav Stampar
|
8013a64f8c
|
minor refactoring
|
2012-05-01 19:57:30 +00:00 |
|
Miroslav Stampar
|
c71d435d9f
|
making "id"-like columns prioritized for ORDER BY in MySQL
|
2012-05-01 19:52:02 +00:00 |
|
Miroslav Stampar
|
458a73c9b4
|
few consistency fixes
|
2012-04-29 23:09:00 +00:00 |
|
Miroslav Stampar
|
c7a606637f
|
switching few readInput defaults for brute forcing when no table/column found
|
2012-04-27 12:59:22 +00:00 |
|
Bernardo Damele
|
4da03d898e
|
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
|
2012-04-25 07:40:42 +00:00 |
|
Miroslav Stampar
|
5e358b51f9
|
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
|
2012-04-04 09:25:05 +00:00 |
|
Miroslav Stampar
|
b0787f193c
|
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
|
2012-04-03 14:34:15 +00:00 |
|
Miroslav Stampar
|
886aa22efc
|
minor update
|
2012-04-03 12:19:37 +00:00 |
|
Miroslav Stampar
|
f7a664b120
|
enablind DNS server for DNS data exfiltration
|
2012-03-31 12:08:27 +00:00 |
|
Bernardo Damele
|
0013b0970f
|
Minor layout adjustments - foundDb is misleading at that stage
|
2012-03-15 16:07:16 +00:00 |
|
Miroslav Stampar
|
8cf5d260fd
|
Application Data is not a temporary directory writable by everybody
|
2012-03-14 23:44:29 +00:00 |
|
Bernardo Damele
|
c735d846ee
|
The default temporary directory as to stay as is, do not touch this code snippet anymore please
|
2012-03-14 22:39:46 +00:00 |
|
Miroslav Stampar
|
ca0d068575
|
distinguishing NULL from BLANK
|
2012-03-14 13:52:23 +00:00 |
|
Miroslav Stampar
|
1d0c8a7f44
|
minor update
|
2012-03-12 15:19:02 +00:00 |
|
Bernardo Damele
|
48592f2515
|
minor adjustments
|
2012-03-09 18:34:18 +00:00 |
|
Bernardo Damele
|
be9b103b51
|
minor bug fix
|
2012-03-09 18:02:50 +00:00 |
|
Bernardo Damele
|
012fc21b49
|
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
Adapted the queries.xml file accordingly
|
2012-03-09 17:47:50 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Bernardo Damele
|
7330dff255
|
Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries
|
2012-03-08 16:57:53 +00:00 |
|
Bernardo Damele
|
ae87df5670
|
leftover
|
2012-03-08 15:45:33 +00:00 |
|
Bernardo Damele
|
4bc6f3f6c9
|
Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore
|
2012-03-08 15:32:05 +00:00 |
|
Miroslav Stampar
|
68b9d48d0a
|
minor update
|
2012-03-08 15:30:23 +00:00 |
|
Miroslav Stampar
|
2ab80bfb2c
|
minor bug fix
|
2012-03-08 15:24:05 +00:00 |
|
Bernardo Damele
|
c79807f5fb
|
Minor layout adjustments
|
2012-03-08 15:11:24 +00:00 |
|
Miroslav Stampar
|
761ec7529a
|
minor appereance fix
|
2012-03-01 11:52:30 +00:00 |
|
Miroslav Stampar
|
8b9c5c66cc
|
code refactoring regarding charsetType inside inference/bisection
|
2012-02-29 14:36:23 +00:00 |
|
Miroslav Stampar
|
10dd9096f7
|
one more just in case fix for safeSQLIdentificator naming on MSSQL --tables
|
2012-02-29 14:05:53 +00:00 |
|
Miroslav Stampar
|
d06182347f
|
fixing few potential problems
|
2012-02-29 13:56:40 +00:00 |
|
Miroslav Stampar
|
74b19a0386
|
minor update
|
2012-02-25 10:43:10 +00:00 |
|
Miroslav Stampar
|
26b33154ab
|
optimal fix related to the last commit
|
2012-02-24 14:28:41 +00:00 |
|
Miroslav Stampar
|
9d6fd2e507
|
bug fix for --schema --technique=BST
|
2012-02-24 14:12:19 +00:00 |
|
Miroslav Stampar
|
f9d2971474
|
minor just in case fix
|
2012-02-23 16:37:06 +00:00 |
|
Miroslav Stampar
|
6e54cb171f
|
minor code restyling
|
2012-02-22 15:53:36 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Bernardo Damele
|
f55ad46119
|
Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently
|
2012-02-20 11:06:55 +00:00 |
|
Miroslav Stampar
|
08bf8c201f
|
few minor fixes
|
2012-02-20 10:24:55 +00:00 |
|
Miroslav Stampar
|
dcf7277a0f
|
some more refactorings
|
2012-02-16 14:42:28 +00:00 |
|
Miroslav Stampar
|
e1f86c97c4
|
minor refactoring
|
2012-02-16 09:46:41 +00:00 |
|
Miroslav Stampar
|
948cf25de4
|
more consistent
|
2012-02-09 09:53:40 +00:00 |
|
Miroslav Stampar
|
980367b7b2
|
minor update
|
2012-02-09 09:48:47 +00:00 |
|
Miroslav Stampar
|
1d4b10dbd1
|
bug fix
|
2012-02-08 13:55:50 +00:00 |
|
Miroslav Stampar
|
2662fe84f7
|
minor update
|
2012-02-08 12:02:50 +00:00 |
|
Miroslav Stampar
|
85a4ef6593
|
minor update
|
2012-02-08 12:00:03 +00:00 |
|
Miroslav Stampar
|
f7bf1fbe94
|
upgrade/fixes for direct DBMS access
|
2012-02-07 10:46:55 +00:00 |
|
Miroslav Stampar
|
e94f86a1ad
|
minor update
|
2012-02-03 15:46:28 +00:00 |
|
Miroslav Stampar
|
a48fc4efec
|
minor update
|
2012-02-03 15:32:23 +00:00 |
|
Miroslav Stampar
|
e3466fa5d8
|
minor update
|
2012-02-03 15:28:11 +00:00 |
|