sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Bernardo Damele	d0d6632c22	Initial support to automatically work around the dynamic page at each refresh (Major refactor to the comparison algorithm (True/False response))	2008-12-18 20:48:23 +00:00
Bernardo Damele	3fe493b63d	Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator.	2008-12-18 20:41:11 +00:00
Bernardo Damele	c32ef9d751	Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable. Minor bug fix to make the --postfix work even if --prefix is not provided.	2008-12-18 20:38:57 +00:00
Bernardo Damele	2efb3ae2ba	Documentation updated, now ready for 0.6.3 release	2008-12-17 23:26:14 +00:00
Bernardo Damele	6dec56d616	Major bug fix	2008-12-17 21:35:04 +00:00
Bernardo Damele	bb9079aa9d	Minor documentation adjustments	2008-12-17 20:58:19 +00:00
Bernardo Damele	94c79e3209	Updated documentation	2008-12-17 20:17:34 +00:00
Bernardo Damele	dda62ba463	Minor adjustments and bug fixes	2008-12-17 20:11:18 +00:00
Bernardo Damele	7b55840b35	cleanup configuration INI file	2008-12-17 00:22:27 +00:00
Bernardo Damele	ec11f502df	Site and documentation updated, ready to release 0.6.3 in two days	2008-12-17 00:19:01 +00:00
Bernardo Damele	36d9ede001	Updated documentation, ready for sqlmap 0.6.3 release	2008-12-16 23:52:16 +00:00
Bernardo Damele	b7f2602b50	A bit more entropy in the sql injection detection	2008-12-16 23:51:56 +00:00
Bernardo Damele	2b0ec1868d	Updated documentation	2008-12-16 21:31:15 +00:00
Bernardo Damele	4156181367	Minor fix	2008-12-16 21:31:01 +00:00
Bernardo Damele	05a8c8d3bf	Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option	2008-12-16 21:30:24 +00:00
Bernardo Damele	bf2a857b9a	Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.	2008-12-12 19:06:31 +00:00
Bernardo Damele	072eb7154c	Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.	2008-12-10 17:23:07 +00:00
Bernardo Damele	9dbad512f1	sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.	2008-12-08 21:24:24 +00:00
Bernardo Damele	15542d2772	Minor layout adjustment	2008-12-05 16:00:18 +00:00
Bernardo Damele	38c9627700	Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content	2008-12-05 15:34:13 +00:00
Bernardo Damele	78e8a83c11	Minor improvement to be able to provide CU as user value (-U) when enumerating users privileges or users passwords.	2008-12-05 15:32:59 +00:00
Bernardo Damele	7f055924a7	sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation.	2008-12-04 17:40:03 +00:00
Bernardo Damele	0f07e33e1a	Removed REVISION, makes no sense. Import and use python psyco library to speed up if it's installed: it's optional.	2008-12-03 17:32:16 +00:00
Bernardo Damele	e3ddbe751f	Minor code refactoring	2008-12-02 23:49:38 +00:00
Bernardo Damele	4cb161ce4f	Minor signatures adjustments	2008-12-02 23:48:07 +00:00
Bernardo Damele	b700485a1b	Minor adjustment, still to work on the cookie urlencoding/decoding	2008-12-02 21:57:12 +00:00
Bernardo Damele	578bcb9140	Initial support for partial UNION query sql injection	2008-12-02 21:56:23 +00:00
Bernardo Damele	f97585c593	Show also SVN revision in error message when a traceback raises. Fix typo.	2008-12-01 23:49:14 +00:00
Bernardo Damele	e75487a26c	Reverted last commit, cleaner this way	2008-12-01 23:33:15 +00:00
Bernardo Damele	e2a805ef6a	Minor workaround because of latest bug fix	2008-12-01 23:32:14 +00:00
Bernardo Damele	a777f1ca35	Minor bug fix	2008-12-01 23:27:51 +00:00
Bernardo Damele	034a3f387a	Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters)	2008-12-01 23:09:07 +00:00
Bernardo Damele	3cf1658532	Increased default output level from 0 to 1	2008-12-01 23:07:41 +00:00
Bernardo Damele	428612b431	Comment and layout adjustments	2008-12-01 23:04:01 +00:00
Bernardo Damele	beea58f2e9	Updated MySQL versions	2008-12-01 23:02:52 +00:00
Bernardo Damele	e967b13378	Minor adjustment to command line usage message	2008-11-27 23:06:02 +00:00
Bernardo Damele	6e548eb2ec	Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation	2008-11-27 22:33:33 +00:00
Bernardo Damele	785352d700	Minor adjustments to signatures	2008-11-27 22:31:43 +00:00
Bernardo Damele	dc1f2deb74	Minor bug fix to correctly enumerate columns on Microsoft SQL Server. Minor adjustments to XML signatures. Updated documentation.	2008-11-25 11:33:44 +00:00
Bernardo Damele	f2737ad0a3	Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file). Major bug fix in the controller library.	2008-11-22 01:57:22 +00:00
Bernardo Damele	9be844cf3e	Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.	2008-11-20 17:56:09 +00:00
Bernardo Damele	80425c9ccd	Minor adjustment to ETA feature	2008-11-20 11:13:04 +00:00
Bernardo Damele	8f74fe2ce9	Added new HTTP response headers on which fingerprint web app technology and web server OS. Updated documentation.	2008-11-19 15:33:39 +00:00
Bernardo Damele	736b2e7323	Minor adjustments to the operating system fingerprint.	2008-11-19 00:36:44 +00:00
Bernardo Damele	727664aea7	Minor enhancement to fingerprint the web server operating system and the web application technology by parsing also HTTP response Server header. Refactor libraries and plugins that parses XML to fingerprint and show on standard output the information. Updated changelog.	2008-11-18 17:42:46 +00:00
Bernardo Damele	7d0724843f	Major enhancement to the engine to parse XML files and matches on DBMS banner and HTTP response headers. Initial web application technology fingerprint (for the moment based only on X-Powered-By HTTP response header and not shown yet to the user). Minor layout adjustments.	2008-11-17 17:41:02 +00:00
Bernardo Damele	66fb3c3033	Minor enhancement to show the DBMS operating system (if fingerprinted) also when only -b option is provided since it's an information that sqlmap get parsing the DBMS banner. Got rid completely of useless passive fuzzing.	2008-11-17 11:22:03 +00:00
Bernardo Damele	7d7170fc97	Minor code adjustments	2008-11-17 00:13:49 +00:00
Bernardo Damele	654aecedfe	Minor layout adjustments, minor fixes and updated changelog	2008-11-17 00:00:54 +00:00
Bernardo Damele	fa0507ab39	Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu: --8<-- back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2 comment injection fingerprint: MySQL 5.0.67 banner parsing fingerprint: MySQL 5.0.67 html error message fingerprint: MySQL back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid) --8<--	2008-11-15 23:41:31 +00:00

1 2 3

111 Commits