sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
4,131 Commits 4 Branches 117 Tags 97 MiB
de33a128cb
Commit Graph

2950 Commits

Author SHA1 Message Date
Miroslav Stampar
a72cb29c1f taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server 2012-05-28 16:57:10 +00:00
Miroslav Stampar
190ae4ca13 no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...) 2012-05-28 15:10:17 +00:00
Miroslav Stampar
89e90c3d84 revert of last commit 2012-05-28 15:01:56 +00:00
Miroslav Stampar
96c84e6e5b minor update 2012-05-28 15:00:06 +00:00
Miroslav Stampar
a70a647aeb few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...) 2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0 changing conf.dnsDomain to conf.dName just because of long text problems in help listing 2012-05-28 14:15:04 +00:00
Miroslav Stampar
d2bbfa4aad minor style update 2012-05-28 14:04:17 +00:00
Miroslav Stampar
226547b7dc minor fix for --skip-urlencode and custom post 2012-05-28 09:04:25 +00:00
Miroslav Stampar
75dd1d6a2b minor fix 2012-05-27 21:54:56 +00:00
Miroslav Stampar
e967bbd70f minor patch 2012-05-27 21:44:42 +00:00
Miroslav Stampar
76eeba10e2 unhiding --dns-domain switch 2012-05-27 18:41:06 +00:00
Miroslav Stampar
fed0212631 now working with recursive queries too 2012-05-27 10:03:02 +00:00
Miroslav Stampar
71ff081fde minor update 2012-05-27 09:11:19 +00:00
Miroslav Stampar
09f2144485 full page read is not needed in DNS exfiltration mode 2012-05-26 21:28:43 +00:00
Miroslav Stampar
4e6fcce9ca minor update 2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9 minor language update 2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34 turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars 2012-05-26 07:00:26 +00:00
Miroslav Stampar
00d22f013f some consistency in variable naming at the file level 2012-05-25 10:08:55 +00:00
Miroslav Stampar
db526bdbc0 minor update (tainted values are not checked any more in multipleTargets mode) 2012-05-25 09:52:17 +00:00
Miroslav Stampar
dc20bff1d0 minor update 2012-05-25 08:30:24 +00:00
Miroslav Stampar
c394610740 adding switch --skip-urlencode to skip URL encoding of POST data 2012-05-24 23:30:33 +00:00
Miroslav Stampar
7657bbeaf9 minor update 2012-05-24 22:32:06 +00:00
Miroslav Stampar
86fdad2bfa minor update 2012-05-24 22:07:50 +00:00
Miroslav Stampar
eed8d7eb5d finalizing support for IPv6 2012-05-24 21:55:57 +00:00
Miroslav Stampar
b6d37d766a minor update regarding IPv6 support 2012-05-24 21:49:20 +00:00
Miroslav Stampar
92286104e3 minor just in case update 2012-05-24 21:39:10 +00:00
Miroslav Stampar
3e9c57d177 minor fix 2012-05-24 21:36:35 +00:00
Miroslav Stampar
be76928293 minor fix 2012-05-24 20:53:01 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
2c057d5b3d minor style update 2012-05-21 22:40:52 +00:00
Miroslav Stampar
bbfa4b6d5d minor update 2012-05-14 14:38:16 +00:00
Miroslav Stampar
333f8057a5 minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces 2012-05-14 14:06:43 +00:00
Miroslav Stampar
595f69fa2c minor language update 2012-05-10 18:30:25 +00:00
Miroslav Stampar
35f400b45b minor language upgrade 2012-05-10 18:25:12 +00:00
Miroslav Stampar
80aedbe284 adding a warning about --tor switch 2012-05-10 18:17:32 +00:00
Miroslav Stampar
b81fe42d4b turning off null connection on -o when --tor used (not compatible) 2012-05-10 17:50:54 +00:00
Miroslav Stampar
efdd86ddcc minor just in case patch 2012-05-10 14:22:34 +00:00
Miroslav Stampar
6367f59b98 minor code refactoring 2012-05-10 14:15:17 +00:00
Miroslav Stampar
12d32f58f2 fix for that SOAP reported bug 2012-05-10 13:39:54 +00:00
Miroslav Stampar
1418ae9767 little refactoring of parseUnionPage together with a patch for some special case 2012-05-09 18:47:40 +00:00
Miroslav Stampar
7fb1f3fc70 minor renaming 2012-05-09 18:26:02 +00:00
Miroslav Stampar
11d9859199 making nice code 2012-05-09 18:25:04 +00:00
Miroslav Stampar
b0a8238774 minor fixes 2012-05-09 14:58:16 +00:00
Miroslav Stampar
9fa3619262 minor fix 2012-05-09 14:00:07 +00:00
Miroslav Stampar
56a3431be6 minor update for empty tables (skipping other techniques) 2012-05-09 10:34:21 +00:00
Miroslav Stampar
6177317a17 minor update 2012-05-09 10:06:23 +00:00
Miroslav Stampar
37f2709197 making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it) 2012-05-09 09:08:23 +00:00
Miroslav Stampar
fdf61015ad minor patch 2012-05-09 08:41:05 +00:00
Miroslav Stampar
e419177871 minor update 2012-05-08 17:28:19 +00:00
Miroslav Stampar
deec97dfe3 adding Frontbase to error message regexes 2012-05-08 17:02:58 +00:00
Miroslav Stampar
eccd4da00f minor fix 2012-05-08 15:03:33 +00:00
Miroslav Stampar
938d9ff23e doing all the work for the users so they wouldn't strain their little hands 2012-05-08 15:00:23 +00:00
Miroslav Stampar
524dd75ff2 that query variable hasn't been used anywhere (obsolete for some time) 2012-05-08 14:34:40 +00:00
Miroslav Stampar
6af110d631 avoiding --no-cast/--hex warning message before a DBMS is fingerprinted 2012-05-08 14:06:41 +00:00
Miroslav Stampar
64c241fe92 limiting original UNION query results to only 1 result (potentially speeding things up in some cases) 2012-05-08 13:45:53 +00:00
Miroslav Stampar
e00f4a8934 minor cosmetics 2012-05-08 10:50:04 +00:00
Miroslav Stampar
a121339395 automatically writing uncracked hashes to a file for eventual further processing 2012-05-08 10:46:05 +00:00
Miroslav Stampar
80ee687b41 minor beauty patch 2012-05-07 13:51:31 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
cc28f6db6b minor update 2012-05-01 20:43:16 +00:00
Miroslav Stampar
17efeaae7f causing too much confusion among dummy users 2012-05-01 09:04:11 +00:00
Miroslav Stampar
694b14111f skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set) 2012-04-27 13:16:51 +00:00
Miroslav Stampar
6f67dc85ee adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical 2012-04-25 20:29:07 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Miroslav Stampar
cec432f94d minor update 2012-04-23 14:43:59 +00:00
Miroslav Stampar
697768c01a adding --purge-output to be one of mandatory switches 2012-04-23 14:42:24 +00:00
Miroslav Stampar
d57d5e4b2c minor update 2012-04-23 14:33:36 +00:00
Miroslav Stampar
1eecfb3dce adding new file related to the last commit 2012-04-23 14:25:16 +00:00
Miroslav Stampar
095b25e1d1 adding option '--purge' 2012-04-23 14:24:23 +00:00
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
be2da77bf8 minor update 2012-04-23 10:15:04 +00:00
Miroslav Stampar
21c6b52198 minor fix 2012-04-23 10:11:00 +00:00
Miroslav Stampar
775134639d minor update 2012-04-20 20:33:15 +00:00
Miroslav Stampar
2b1b4c0742 minor fix 2012-04-18 10:01:04 +00:00
Miroslav Stampar
6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) 2012-04-17 14:23:00 +00:00
Miroslav Stampar
efd27d7ade minor renaming 2012-04-17 08:41:19 +00:00
Miroslav Stampar
601d118c68 reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types) 2012-04-15 16:59:03 +00:00
Miroslav Stampar
71b0acc16f minor fix (checking for full inband should be done with ORIGINAL - more concise) 2012-04-15 16:43:18 +00:00
Miroslav Stampar
5772c52f46 minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....) 2012-04-15 16:33:47 +00:00
Miroslav Stampar
ae8c70e895 another cosmetics 2012-04-13 15:11:44 +00:00
Miroslav Stampar
d765cdc3a3 minor cosmetics 2012-04-13 15:10:40 +00:00
Miroslav Stampar
54576ab3a6 making a random choice from candidates 2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5 use it only if page is stable 2012-04-13 10:19:26 +00:00
Miroslav Stampar
052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" 2012-04-12 09:44:54 +00:00
Miroslav Stampar
831f79b851 minor generalization 2012-04-12 09:30:19 +00:00
Miroslav Stampar
c7422546e1 tiny update 2012-04-11 23:01:38 +00:00
Miroslav Stampar
2bad73a981 minor update 2012-04-11 21:48:44 +00:00
Miroslav Stampar
e195de2093 correcting comment on reflective removal function 2012-04-11 21:41:48 +00:00
Miroslav Stampar
b45ae10da4 minor fixes 2012-04-11 21:36:37 +00:00
Miroslav Stampar
627bfc589f some more updates in reflective removal mechanism 2012-04-11 21:26:00 +00:00
Miroslav Stampar
8b130f6497 minor improvement for reflective values (when missing first part of payload like in error reports) 2012-04-11 15:01:28 +00:00
Miroslav Stampar
01bd5d0ab2 some more updates for reflective mechanism 2012-04-11 10:41:33 +00:00
Miroslav Stampar
2e92d8636e improvement of reflective mechanism 2012-04-11 08:58:03 +00:00
Miroslav Stampar
60ca44e0cf minor adjustment 2012-04-11 08:35:09 +00:00
Miroslav Stampar
e33ea7c33a minor fix 2012-04-10 22:29:39 +00:00
Miroslav Stampar
8541222080 minor update 2012-04-10 22:26:42 +00:00
Miroslav Stampar
9c2f244d47 minor fix 2012-04-10 22:20:53 +00:00
Miroslav Stampar
a82206cec4 minor cosmetics 2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
8c6eb4faa9 adding support for PgSQL DNS data exfiltration 2012-04-07 14:06:11 +00:00
Miroslav Stampar
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) 2012-04-06 08:42:36 +00:00
Miroslav Stampar
2223c884e5 minor refactoring 2012-04-05 12:55:26 +00:00
Miroslav Stampar
02924eb345 minor update 2012-04-04 23:47:06 +00:00
Miroslav Stampar
e0994947e2 minor update 2012-04-04 23:37:50 +00:00
Miroslav Stampar
b1dd03731a minor cosmetics 2012-04-04 23:34:08 +00:00
Miroslav Stampar
83387d92bb minor bug fix 2012-04-04 23:32:20 +00:00
Miroslav Stampar
c89a4162e2 bug fix for --dns-domain with --technique=TS 2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd added few comments 2012-04-04 13:24:58 +00:00
Miroslav Stampar
a5b69eaea4 removing unused imports 2012-04-04 13:18:14 +00:00
Bernardo Damele
52796bb4da revert 2012-04-04 13:02:50 +00:00
Miroslav Stampar
a4b95ab7dd works against MySQL/Windows 2012-04-04 12:49:45 +00:00
Bernardo Damele
a1d97e9d7b Add a space after a comment 2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22 leftover 2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895 more cosmetics 2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255 proper fix 2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00 removing default values for referer and host from higher level/risk options 2012-04-04 10:34:27 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
5851badff1 minor refactoring 2012-04-03 14:46:09 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode 2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1 minor fix 2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
503988887c minor update 2012-04-03 10:43:46 +00:00
Miroslav Stampar
78f51fd2e5 minor fix 2012-04-03 10:18:03 +00:00
Miroslav Stampar
2504f4edb8 minor fixes 2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
5f94987b0f fix for DNS method for MSSQL 2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8 minor update 2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b minor fixes 2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562 few just in case "patches" 2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd minor fix 2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929 minor update regarding DNS data retrieval task 2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4 bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value) 2012-03-31 10:22:50 +00:00
Miroslav Stampar
429b8396e9 minor update for DNSServer support 2012-03-30 13:20:29 +00:00
Miroslav Stampar
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection 2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa minor update 2012-03-30 10:37:46 +00:00
Miroslav Stampar
6acf6b193a minor update regarding boolean logic comparison mechanism 2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540 minor comment update 2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code 2012-03-29 13:39:12 +00:00
Miroslav Stampar
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values 2012-03-29 12:44:20 +00:00
Miroslav Stampar
c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) 2012-03-29 09:56:09 +00:00
Miroslav Stampar
60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) 2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed) 2012-03-28 19:27:12 +00:00