sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
9,307 Commits 4 Branches 117 Tags 97 MiB
d5fab1907d
Commit Graph

9307 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bernardo Damele
f91843540f Major bug fix when the CU alias (current user) is given (with -U option) 
together with --privileges or --password to work properly also on
MySQL >= 5.0.
 2009-01-19 21:25:37 +00:00
Bernardo Damele
8f973ce574 Minor layout adjustments 2009-01-18 22:36:48 +00:00
Bernardo Damele
161590e121 Added MySQL UDF to execute commands on the underlying system: 
* sys_eval() to return the standard output
* sys_exec() to return the exit status

It's a patched version of http://mysqludf.org/lib_mysqludf_sys/index.php
 2009-01-17 00:13:16 +00:00
Bernardo Damele
6690b4c00a Added svn executable property 2009-01-17 00:05:47 +00:00
Bernardo Damele
bc3b4c6936 Minor layout adjustments in the user's manual 2009-01-13 23:16:34 +00:00
Bernardo Damele
fd7cb9101c Major bug fix to forge SQL injection payload on Oracle 2009-01-13 23:15:57 +00:00
Bernardo Damele
bc448211c5 Minor layout adjustment 2009-01-13 23:15:23 +00:00
Bernardo Damele
73e713c5ba Minor adjustments 2009-01-12 23:59:07 +00:00
Bernardo Damele
26cb082fc3 Added a README for dbgtool 2009-01-12 23:17:15 +00:00
Bernardo Damele
de393628d0 Added dbgtool to extras, a port in python of toolcrypt.org dbgtool. Inspired by sqlninja perl script makescr.pl. 2009-01-12 23:02:02 +00:00
Bernardo Damele
5560f0b68a Updated the copyright 2009-01-12 21:35:38 +00:00
Bernardo Damele
92645dd264 Minor adjustment 2009-01-10 14:51:12 +00:00
Bernardo Damele
9b0f11f879 Added an ASP uploader 2009-01-10 14:40:04 +00:00
Bernardo Damele
e10ab5aa0e Major bug fixes 2009-01-10 14:39:27 +00:00
Bernardo Damele
9c125a2b57 Minor improvement to use Python ConfigParser library when --save if specified. 
Minor update to the user's manual
 2009-01-03 22:59:22 +00:00
Bernardo Damele
6ff8feb5cf Updated documentation 2009-01-03 01:25:43 +00:00
Bernardo Damele
d0604ef513 Major bug fix to correctly handle custom SQL "limited" queries on Oracle 2009-01-03 01:19:04 +00:00
Bernardo Damele
2d87a3349f Fixed custom MSSQL "limited" query support also for Partial UNION query technique 2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be Major bug fix to make it work properly with MSSQL custom limited (SELECT 
TOP ...) queries with both inferential blind and Full UNION query
injection
 2009-01-02 23:26:45 +00:00
Bernardo Damele
2cc3bb2f6a Minor improvement to PostgreSQL signatures file to identify Windows. 
Minor improvement to Microsoft SQL Server "limit" queries.
 2009-01-02 23:23:55 +00:00
Bernardo Damele
9e0d890171 Fixed MySQL 5.1 extensive fingerprint 2009-01-02 23:21:31 +00:00
Bernardo Damele
c1010c20d8 Minor adjustments 2008-12-30 21:24:01 +00:00
Bernardo Damele
a4d62af2ea Minor layout adjustments to --union-tech 2008-12-29 18:48:23 +00:00
Bernardo Damele
9340bf59fb Updated Microsoft SQL Server signature XML file. 
Minor layout adjustments to --update output messages/diff
 2008-12-29 18:46:43 +00:00
Bernardo Damele
0e9873fd4f Preparing documentation for 0.6.4 2008-12-29 18:44:20 +00:00
Bernardo Damele
c83593c044 Limited custom query now works also on Oracle in inferential blind SQL 
injection technique
 2008-12-23 23:34:50 +00:00
Bernardo Damele
24ddbdc89d Minor layout adjustment 2008-12-22 23:34:22 +00:00
Bernardo Damele
b0ad102efb Better fingerprint technique for Microsoft SQL Server 2008-12-22 23:32:43 +00:00
Bernardo Damele
79c8d63b88 Major speed increase in DBMS basic fingerprint 2008-12-22 23:26:44 +00:00
Bernardo Damele
64bb57d786 Minor bug fix to make the Partial UNION query SQL injection technique 
work properly also on Oracle and Microsoft SQL Server.
 2008-12-22 22:48:44 +00:00
Bernardo Damele
1f7810e46a Major bug fix to make partial UNION query sql injection work properly 
also on Microsoft SQL Server
 2008-12-22 19:36:01 +00:00
Bernardo Damele
064029cb2d Addd one more MS Access signature 2008-12-22 19:35:13 +00:00
Bernardo Damele
04c187c66a Working on a bug (fix for Partial UNION query SQL injection technique 
both Oracle and Microsoft SQL Server).
 2008-12-22 00:51:09 +00:00
Bernardo Damele
2f406b3e56 Minor adjustments 2008-12-22 00:04:28 +00:00
Bernardo Damele
c05f600e90 Minor fix 2008-12-21 21:40:09 +00:00
Bernardo Damele
4ae464c80d Minor enhancement to support an option (--union-tech) to specify the 
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
 2008-12-21 21:39:53 +00:00
Bernardo Damele
f92b76a8b0 Minor bug fix 2008-12-21 16:39:40 +00:00
Bernardo Damele
374b9ba878 Updated documentation based upon recent developments 2008-12-21 16:35:45 +00:00
Bernardo Damele
35708a0b97 Minor adjustment to UNION query SQL injection detection function. 
Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py.
 2008-12-21 16:35:03 +00:00
Bernardo Damele
996a872e51 We are already on sqlmap 0.6.4 release candidate 1.. 2008-12-20 13:23:26 +00:00
Bernardo Damele
c18efe5084 Minor adjustments 2008-12-20 13:21:47 +00:00
Bernardo Damele
8d06975142 Major enhancement to make the comparison algorithm work properly also 
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
 2008-12-20 01:54:08 +00:00
Bernardo Damele
7e8ac16245 Added preventive check for stacked queries support when executing DDL, 
DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
 2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947 Ahead with the improvements to the comparison algorithm. 
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
 2008-12-19 20:09:46 +00:00
Bernardo Damele
68354be45a Ahead with enhancements on comparison algorithm: implemented content-length technique 2008-12-18 22:49:35 +00:00
Bernardo Damele
afbd66f6d9 Added some comments 2008-12-18 21:58:05 +00:00
Bernardo Damele
d0d6632c22 Initial support to automatically work around the dynamic page at each refresh 
(Major refactor to the comparison algorithm (True/False response))
 2008-12-18 20:48:23 +00:00
Bernardo Damele
3fe493b63d Minor enhancement to support an option (--is-dba) to show if the 
current user is a database management system administrator.
 2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751 Major bug fix to avoid tracebacks when multiple targets are specified and one 
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
 2008-12-18 20:38:57 +00:00
Bernardo Damele
2efb3ae2ba Documentation updated, now ready for 0.6.3 release 2008-12-17 23:26:14 +00:00