Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5edba2ffbc 
							
						 
					 
					
						
						
							
							minor change (conf.updateAll to conf.update)  
						
						
						
					 
					
						2011-02-03 11:13:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f49e20cc8 
							
						 
					 
					
						
						
							
							adding --random-agent and removing -a  
						
						
						
					 
					
						2011-02-02 14:51:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6f2cd56ff 
							
						 
					 
					
						
						
							
							removed junky import  
						
						
						
					 
					
						2011-01-31 11:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3060c369a5 
							
						 
					 
					
						
						
							
							minor fix for previous commit  
						
						
						
					 
					
						2011-01-30 07:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1abf354630 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-30 07:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d63339ca26 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-30 07:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8883de2c6 
							
						 
					 
					
						
						
							
							minor update regarding unicode decoding of supplied arguments  
						
						
						
					 
					
						2011-01-29 23:01:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cc69f5e16 
							
						 
					 
					
						
						
							
							now --technique is appliable also after the injections have been identified  
						
						
						
					 
					
						2011-01-24 16:47:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19d8733e9a 
							
						 
					 
					
						
						
							
							this is strictly for educational purposes  
						
						
						
					 
					
						2010-12-20 17:30:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10a7a2dfb2 
							
						 
					 
					
						
						
							
							kids, don't use this at home  
						
						
						
					 
					
						2010-12-20 10:13:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9706656e 
							
						 
					 
					
						
						
							
							Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.  
						
						... 
						
						
						
						Minor code refactoring too. 
						
					 
					
						2010-11-29 17:18:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c22338ce90 
							
						 
					 
					
						
						
							
							Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).  
						
						
						
					 
					
						2010-11-29 11:47:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c23126547e 
							
						 
					 
					
						
						
							
							Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.  
						
						
						
					 
					
						2010-11-19 15:48:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad17e9ed2a 
							
						 
					 
					
						
						
							
							Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)  
						
						
						
					 
					
						2010-11-19 14:56:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76c3f5768b 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-17 09:12:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cccb565859 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-16 14:11:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9d9f18939 
							
						 
					 
					
						
						
							
							added General cmdline group  
						
						
						
					 
					
						2010-11-16 14:09:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6ef3846400 
							
						 
					 
					
						
						
							
							update regarding error parsing (and reporting)  
						
						
						
					 
					
						2010-11-16 10:42:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d07272c82 
							
						 
					 
					
						
						
							
							Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.  
						
						... 
						
						
						
						Now stores/resumes also the exact UNION payload to session file. 
						
					 
					
						2010-11-13 23:24:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24238ccd0b 
							
						 
					 
					
						
						
							
							re-renaming of brute force switches. this way is better.  
						
						
						
					 
					
						2010-11-11 07:57:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a7fa8d4975 
							
						 
					 
					
						
						
							
							update regarding brute force retrieval of table names and table column names  
						
						
						
					 
					
						2010-11-09 16:15:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							78d7b17483 
							
						 
					 
					
						
						
							
							More replacements for refactoring.  
						
						... 
						
						
						
						Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters. 
						
					 
					
						2010-11-08 12:36:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3de10e3a2 
							
						 
					 
					
						
						
							
							new option -t  
						
						
						
					 
					
						2010-11-08 11:22:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4e6d1b5118 
							
						 
					 
					
						
						
							
							added "Detection" part in help listing  
						
						
						
					 
					
						2010-11-08 10:11:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b6da946883 
							
						 
					 
					
						
						
							
							Added one new verbose level, -v 3 now shows the full injected payload.  
						
						... 
						
						
						
						Fixed also -d verbose output. 
						
					 
					
						2010-11-07 22:34:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00dfd55830 
							
						 
					 
					
						
						
							
							added powerful switch --longest-common for dealing with heavy dynamicity  
						
						
						
					 
					
						2010-11-07 08:52:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							debaf2215f 
							
						 
					 
					
						
						
							
							Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch  
						
						
						
					 
					
						2010-10-25 15:54:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							378653a1ec 
							
						 
					 
					
						
						
							
							added IDS payload testing  
						
						
						
					 
					
						2010-10-25 15:37:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bdb9c37a7e 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-10-25 15:17:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa931efd4d 
							
						 
					 
					
						
						
							
							several MySQL fixes/enhancements pointed out by Anton Mogilin  
						
						
						
					 
					
						2010-10-24 22:05:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52f910f752 
							
						 
					 
					
						
						
							
							added --beep (tested on Windows and Linux; for now turned off) switch  
						
						
						
					 
					
						2010-10-23 09:38:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f1e2c1867f 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-10-22 21:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							415524bd5a 
							
						 
					 
					
						
						
							
							remove --error, now it's only --error-test (it needs to return True to be able to use it)  
						
						
						
					 
					
						2010-10-19 18:34:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4009ef385e 
							
						 
					 
					
						
						
							
							more update regarding error based injection support  
						
						
						
					 
					
						2010-10-19 18:17:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4bc541ec3c 
							
						 
					 
					
						
						
							
							error based update  
						
						
						
					 
					
						2010-10-19 14:47:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cd0fe8dde0 
							
						 
					 
					
						
						
							
							Updated sample configuration file and cmdline help  
						
						
						
					 
					
						2010-10-17 00:07:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							64b9f94fcf 
							
						 
					 
					
						
						
							
							Renamed --common-prediction switch to --predict-output  
						
						
						
					 
					
						2010-10-16 23:50:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6211915da5 
							
						 
					 
					
						
						
							
							Cosmetic fix  
						
						
						
					 
					
						2010-10-16 22:31:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2129935e06 
							
						 
					 
					
						
						
							
							Split character for tamper scripts (--tamper option) is now comma, not semi-colon.  
						
						... 
						
						
						
						Minor enhancement 
						
					 
					
						2010-10-16 21:52:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1336b97c2c 
							
						 
					 
					
						
						
							
							removed --useBetween switch and added new tampering module ./tamper/between.py  
						
						
						
					 
					
						2010-10-15 23:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae4d0fc2a 
							
						 
					 
					
						
						
							
							added optimization group  
						
						
						
					 
					
						2010-10-15 23:26:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c9f0c75030 
							
						 
					 
					
						
						
							
							removed --space (usage of tampering modules is now a prefered way to do it)  
						
						
						
					 
					
						2010-10-15 12:52:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c5e385f77a 
							
						 
					 
					
						
						
							
							More layout adjustments  
						
						
						
					 
					
						2010-10-15 10:28:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f7f20b94f 
							
						 
					 
					
						
						
							
							sorry, cosmetics  
						
						
						
					 
					
						2010-10-14 23:18:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b48833136 
							
						 
					 
					
						
						
							
							large commit with copyright header modifications  
						
						
						
					 
					
						2010-10-14 14:41:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							43a3ac2c3a 
							
						 
					 
					
						
						
							
							some bug fixes  
						
						
						
					 
					
						2010-10-13 20:54:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34580f56fc 
							
						 
					 
					
						
						
							
							added --tamper option  
						
						
						
					 
					
						2010-10-12 22:45:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2ec132469 
							
						 
					 
					
						
						
							
							added --text-only switch  
						
						
						
					 
					
						2010-10-12 19:41:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fcad29bbf 
							
						 
					 
					
						
						
							
							new feature --forms (still unfinished)  
						
						
						
					 
					
						2010-10-10 18:56:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cf8e92699c 
							
						 
					 
					
						
						
							
							changes regarding EXISTS feature  
						
						
						
					 
					
						2010-09-30 12:35:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1da672e3c5 
							
						 
					 
					
						
						
							
							added default="False" to "store_true" parameters as it's a prefered way by  http://docs.python.org/library/optparse.html  
						
						
						
					 
					
						2010-09-27 13:23:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2e5f269650 
							
						 
					 
					
						
						
							
							update regarding --space option  
						
						
						
					 
					
						2010-09-24 22:35:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9cd5d3bde7 
							
						 
					 
					
						
						
							
							added new option --space  
						
						
						
					 
					
						2010-09-24 21:59:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							abe1289016 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-09-24 13:20:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							48e0261e68 
							
						 
					 
					
						
						
							
							update for Feature  #61  
						
						
						
					 
					
						2010-09-24 13:19:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4fd7db52dd 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-09-16 10:23:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6259114c02 
							
						 
					 
					
						
						
							
							added optimization switch (-o)  
						
						
						
					 
					
						2010-09-16 10:12:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bfffd5e333 
							
						 
					 
					
						
						
							
							added --null-connection as an experimental option  
						
						
						
					 
					
						2010-09-16 10:01:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a72a25704 
							
						 
					 
					
						
						
							
							again minor update  
						
						
						
					 
					
						2010-09-15 13:59:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							798ab4989b 
							
						 
					 
					
						
						
							
							fix for a Bug  #200  
						
						
						
					 
					
						2010-09-14 10:35:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8aa12db425 
							
						 
					 
					
						
						
							
							added option --proxy-cred for setting proxy credentials (Feature  #195 )  
						
						
						
					 
					
						2010-08-18 22:45:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							057ec8a6b2 
							
						 
					 
					
						
						
							
							added --ratio option for direct manipulation of conf.matchRatio parameter  
						
						
						
					 
					
						2010-08-10 19:53:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							092829c189 
							
						 
					 
					
						
						
							
							implemented basic smoke testing mechanism  
						
						
						
					 
					
						2010-07-30 12:49:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d40a238335 
							
						 
					 
					
						
						
							
							Make --keep-alive public  
						
						
						
					 
					
						2010-06-30 11:29:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb94edc48c 
							
						 
					 
					
						
						
							
							added keepalive module  
						
						
						
					 
					
						2010-06-01 12:21:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06af405efd 
							
						 
					 
					
						
						
							
							Adapted and merged in patch to support XML output (-x switch) - still in beta.  
						
						... 
						
						
						
						Minor bug fixes and adjustments. 
						
					 
					
						2010-05-28 16:43:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							37b8d0c480 
							
						 
					 
					
						
						
							
							utf8 decoding of program arguments  
						
						
						
					 
					
						2010-05-28 11:48:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68e13c3872 
							
						 
					 
					
						
						
							
							periodical commit  
						
						
						
					 
					
						2010-05-21 09:35:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							893bc04fe4 
							
						 
					 
					
						
						
							
							changes regarding Feature  #157  (Evaluate BETWEEN for inference algorithm)  
						
						
						
					 
					
						2010-05-12 11:30:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							65a05452f7 
							
						 
					 
					
						
						
							
							Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See  #190 :  
						
						... 
						
						
						
						* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C 
						
					 
					
						2010-05-07 13:40:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1aeaa5db47 
							
						 
					 
					
						
						
							
							implementation of Feature  #176  (Safe URL: avoid being kicked out after N unsuccessful requests)  
						
						
						
					 
					
						2010-04-16 12:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1416cd0d86 
							
						 
					 
					
						
						
							
							Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see  #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).  
						
						... 
						
						
						
						Minor layout adjustments. 
						
					 
					
						2010-03-26 23:23:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2aadc5c939 
							
						 
					 
					
						
						
							
							Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket  #180 .  
						
						... 
						
						
						
						Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring. 
						
					 
					
						2010-03-25 15:46:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d8cc1a482 
							
						 
					 
					
						
						
							
							Get rid of Churrasco (Token kidnapping technique to --priv-esc). Reasons why:  
						
						... 
						
						
						
						1. there's kitrap0d (MS10-015) which is far more reliable, just recently fixed
2. works only to priv esc basically on MSSQL when it runs as NETWORK SERVICE and the machine is not patched against MS09-012 which is "rare" (hopefully) nowadays.
Now sqlmap relies on kitrap0d and incognito to privilege escalate the database process' user privileges to SYSTEM, both via Meterpreter.
Minor layout adjustments. 
						
					 
					
						2010-03-12 22:43:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f6adb431e6 
							
						 
					 
					
						
						
							
							Minor layout adjustment and typo fix  
						
						
						
					 
					
						2010-03-12 12:23:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b50a2288f4 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2010-03-11 23:54:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							58d54b6515 
							
						 
					 
					
						
						
							
							added new option --flush-session  
						
						
						
					 
					
						2010-03-04 13:01:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9adeaa6191 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2010-03-03 18:57:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a654a426ef 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2010-03-03 16:19:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							156fdd96ef 
							
						 
					 
					
						
						
							
							Updated copyright  
						
						
						
					 
					
						2010-03-03 15:26:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							759b720425 
							
						 
					 
					
						
						
							
							documentation update  
						
						
						
					 
					
						2010-03-03 13:59:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							415d5f2b44 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-03-03 13:49:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dd3f65f0fb 
							
						 
					 
					
						
						
							
							Updated ChangeLog  
						
						
						
					 
					
						2010-02-26 15:37:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ebf572cae 
							
						 
					 
					
						
						
							
							added option --ignore-proxy  
						
						
						
					 
					
						2010-02-25 20:55:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c4215ce8d2 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2010-01-14 20:42:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							26c7b74e65 
							
						 
					 
					
						
						
							
							changes regarding Data (GET/POST/Cookie) encoding (Bug  #129 )  
						
						
						
					 
					
						2010-01-14 18:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							50bbb0cf8a 
							
						 
					 
					
						
						
							
							Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository.  
						
						
						
					 
					
						2010-01-13 14:52:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a193205323 
							
						 
					 
					
						
						
							
							minor update regarding requestFile option  
						
						
						
					 
					
						2010-01-12 14:01:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a58b36fe07 
							
						 
					 
					
						
						
							
							code commit regarding Feature  #119  
						
						
						
					 
					
						2010-01-12 13:11:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dc04fa7f06 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2010-01-09 21:08:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d58ba7ee6d 
							
						 
					 
					
						
						
							
							added --scope feature regarding Feature  #105  
						
						
						
					 
					
						2010-01-09 20:44:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							82222fcd3a 
							
						 
					 
					
						
						
							
							minor update of help text  
						
						
						
					 
					
						2010-01-07 13:09:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d07f60578c 
							
						 
					 
					
						
						
							
							implementation of Feature  #17  
						
						
						
					 
					
						2010-01-07 12:59:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ce022a3b6e 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.  
						
						
						
					 
					
						2010-01-02 02:02:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b363f1c5ab 
							
						 
					 
					
						
						
							
							Added support for NTLM authentication  
						
						
						
					 
					
						2009-12-02 22:54:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89c43893d4 
							
						 
					 
					
						
						
							
							Merged back from personal branch to trunk (svn merge -r846:940 ...)  
						
						... 
						
						
						
						Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring. 
						
					 
					
						2009-09-25 23:03:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							406d5df195 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2009-04-24 20:12:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8c0ac767f4 
							
						 
					 
					
						
						
							
							Updated to sqlmap 0.7 release candidate 1  
						
						
						
					 
					
						2009-04-22 11:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8f973ce574 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2009-01-18 22:36:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5560f0b68a 
							
						 
					 
					
						
						
							
							Updated the copyright  
						
						
						
					 
					
						2009-01-12 21:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4ae464c80d 
							
						 
					 
					
						
						
							
							Minor enhancement to support an option (--union-tech) to specify the  
						
						... 
						
						
						
						technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause. 
						
					 
					
						2008-12-21 21:39:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							35708a0b97 
							
						 
					 
					
						
						
							
							Minor adjustment to UNION query SQL injection detection function.  
						
						... 
						
						
						
						Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py. 
						
					 
					
						2008-12-21 16:35:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e8ac16245 
							
						 
					 
					
						
						
							
							Added preventive check for stacked queries support when executing DDL,  
						
						... 
						
						
						
						DML & co. statements in SQL query and SQL shell. Minor improvements on    
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched). 
						
					 
					
						2008-12-19 20:48:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3fe493b63d 
							
						 
					 
					
						
						
							
							Minor enhancement to support an option (--is-dba) to show if the  
						
						... 
						
						
						
						current user is a database management system administrator. 
						
					 
					
						2008-12-18 20:41:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6dec56d616 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2008-12-17 21:35:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05a8c8d3bf 
							
						 
					 
					
						
						
							
							Added support to test for stacked queries support and improved check for time based blind sql injection.  
						
						... 
						
						
						
						Minor bug fix in --save option 
						
					 
					
						2008-12-16 21:30:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bf2a857b9a 
							
						 
					 
					
						
						
							
							Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.  
						
						
						
					 
					
						2008-12-12 19:06:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9dbad512f1 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers  
						
						... 
						
						
						
						by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation. 
						
					 
					
						2008-12-08 21:24:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							38c9627700 
							
						 
					 
					
						
						
							
							Minor enhancemet to support also --regexp, --excl-str and --excl-reg  
						
						... 
						
						
						
						options rather than only --string when comparing HTTP responses page
content 
						
					 
					
						2008-12-05 15:34:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7f055924a7 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4:  
						
						... 
						
						
						
						Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation. 
						
					 
					
						2008-12-04 17:40:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cf1658532 
							
						 
					 
					
						
						
							
							Increased default output level from 0 to 1  
						
						
						
					 
					
						2008-12-01 23:07:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e967b13378 
							
						 
					 
					
						
						
							
							Minor adjustment to command line usage message  
						
						
						
					 
					
						2008-11-27 23:06:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e548eb2ec 
							
						 
					 
					
						
						
							
							Completed support to get the list of targets from WebScarab/Burp proxies  
						
						... 
						
						
						
						log file and updated the documentation 
						
					 
					
						2008-11-27 22:33:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9be844cf3e 
							
						 
					 
					
						
						
							
							Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.  
						
						
						
					 
					
						2008-11-20 17:56:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fa0507ab39 
							
						 
					 
					
						
						
							
							Minor enhancement to fingerprint the back-end DBMS operating system (type,  
						
						... 
						
						
						
						version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.
Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<-- 
						
					 
					
						2008-11-15 23:41:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9329f8c9c4 
							
						 
					 
					
						
						
							
							Minor enhancement to be able to enumerate table columns and dump table  
						
						... 
						
						
						
						entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments. 
						
					 
					
						2008-11-12 22:53:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81ed7c2086 
							
						 
					 
					
						
						
							
							Initial implementation of support for stacked queries.  
						
						... 
						
						
						
						Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments. 
						
					 
					
						2008-11-12 00:36:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c5d3df546 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc1:  
						
						... 
						
						
						
						* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation. 
						
					 
					
						2008-11-09 16:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6ddb5afef9 
							
						 
					 
					
						
						
							
							Adapted to latest enhancements  
						
						
						
					 
					
						2008-10-20 10:13:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							892a7b2f8a 
							
						 
					 
					
						
						
							
							propsets..  
						
						
						
					 
					
						2008-10-15 15:56:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e3eb45510 
							
						 
					 
					
						
						
							
							After the storm, a restore..  
						
						
						
					 
					
						2008-10-15 15:38:22 +00:00