| 
							
							
								 Bernardo Damele | 394ccb5cc5 | Added query for MSSQL/--privileges | 2011-02-10 15:52:55 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c078de894f | Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA | 2011-02-10 14:24:04 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a2c20acf94 | Minor fixes once more | 2011-02-10 11:34:16 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | d0ddaee3c8 | Minor bug fix | 2011-02-10 11:28:24 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 864eade744 | Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase | 2011-02-10 11:14:05 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aa0fb276ba | More fixes for --common-columns to work against MSSQL too | 2011-02-09 17:22:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 917b2b0d6b | one more commit related to the previous one | 2011-02-09 17:07:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c582343fe | .. fix | 2011-02-09 17:05:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d9af01d73d | imporant fix for boolean expression which return [None] | 2011-02-09 16:53:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7539881ffa | fix for dump on Oracle but we still need to discuss some things around | 2011-02-09 14:52:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7d9be18789 | added one comment | 2011-02-09 14:34:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bafc8a1b0f | another update | 2011-02-09 13:29:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 600f729139 | fix for a bug reported by skysbsb@gmail.com (double ORDER BY) | 2011-02-09 12:43:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5b57a69f3e | fix | 2011-02-09 11:20:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | caf6220c53 | done with implementation for retrieving table names via access system table(s) | 2011-02-09 10:50:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5050a76b59 | update regarding reading of table names from access system tables | 2011-02-09 10:33:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3de6117253 | revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) | 2011-02-09 09:53:59 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b48213783a | Removed senseless debug messsage | 2011-02-08 17:09:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | e16bab7117 | re-enabled --read-file for MySQL with all techniques | 2011-02-08 17:03:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 98ca1702ae | los cosmeticado | 2011-02-08 16:30:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 87e36796c6 | just to not cause confusion | 2011-02-08 16:29:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dcb9c93328 | minor cleanup | 2011-02-08 16:27:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 37f7001143 | first commit with mysql/error/substringing | 2011-02-08 16:23:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c3eb82e60b | Proper fix | 2011-02-08 10:08:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dba2f74588 | revert of r3274 | 2011-02-08 09:44:34 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 156d8cd99b | Directory restyling | 2011-02-08 00:15:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | cfe2da0195 | Minor fix | 2011-02-08 00:13:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0a81415f2f | Minor code cleanup | 2011-02-08 00:02:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2c4f6d2e99 | fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too | 2011-02-07 21:53:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a577d0e9a5 | restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) | 2011-02-07 21:18:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 66adf23532 | Unbiased approach for searching appropriate usable column | 2011-02-07 21:00:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f958b21613 | there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) | 2011-02-07 16:55:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 771020abd6 | one more related commit | 2011-02-07 16:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 265e7ca272 | fix for that MSSQL limit/top problem | 2011-02-07 16:24:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 71d1b72e0e | minor adjustment | 2011-02-07 12:51:38 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b33ac19d39 | Minor fix | 2011-02-07 12:36:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 99e9412f74 | minor update | 2011-02-07 12:34:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e023e0d233 | proper fix | 2011-02-07 12:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 39decebe85 | Minor fixes to checking/re-enabling of xp_cmdshell procedure | 2011-02-07 12:17:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1a5a66870e | problem fixed | 2011-02-07 11:57:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c0233dcd4f | preventing crashes for output=[] | 2011-02-07 10:24:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 096efea282 | added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] | 2011-02-07 10:22:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 008d434325 | Important fix now that the file writing is unescaped too | 2011-02-07 00:56:15 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f0f5d3d3e8 | Began with the update of the user's manual for 0.9 | 2011-02-07 00:55:10 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ba3a8a69d4 | More statements to exclude from unescap'ing | 2011-02-07 00:33:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3719f085ae | Added back-end dbms' OS based methods to Backend object - will be used for refactoring | 2011-02-07 00:21:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2e00656235 | Minor fix | 2011-02-07 00:20:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | bf5ca4bd9a | No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') | 2011-02-06 23:30:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 061f56daf9 | More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. | 2011-02-06 23:27:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6a71629575 | Converted from DOS format (\n\r to \n only) | 2011-02-06 23:25:55 +00:00 |  |