Commit Graph

737 Commits

Author SHA1 Message Date
Bernardo Damele
5b65d2e133 more consistency of boolean blind payloads - issue #1169 2015-02-20 11:34:16 +00:00
Bernardo Damele
f547a776d8 consolidating blind based payloads - issue #1169 2015-02-19 16:42:26 +00:00
Bernardo Damele
4195f770a3 removing one unnecessary character from stacked payloads 2015-02-19 16:41:55 +00:00
Bernardo Damele
1e9586c90b minor layout fix 2015-02-19 16:18:16 +00:00
Bernardo Damele
6cc092b926 split payloads in different files 2015-02-18 10:13:44 +00:00
Bernardo Damele
560bc7cc28 minor fixes 2015-02-18 09:51:07 +00:00
Bernardo Damele
c51ecf33f3 ported the recent MySQL time-based payload (introduced with 66c2a79397) to other techniques and conditions 2015-02-18 09:45:44 +00:00
Bernardo Damele
84349a370a minor code cleanup 2015-02-15 19:51:07 +00:00
Bernardo Damele
32ab52b8ca code refactoring: split boundaries and payloads XML files 2015-02-15 16:31:35 +00:00
Bernardo Damele
66c2a79397 added a time-based payload for MySQL when the simpler AND SLEEP(X) does not work 2015-02-03 15:14:41 +00:00
Miroslav Stampar
ae95fd91c2 Implementation for an Issue #1135 2015-01-24 23:49:33 +01:00
Miroslav Stampar
4f122ee008 Bug fix regarding a problem reported by user @blink2014 2014-12-20 00:23:31 +01:00
Miroslav Stampar
0b91a6098f Patch for an Issue #1050 2014-12-18 15:13:44 +01:00
Miroslav Stampar
0c99b79c60 Minor fix 2014-11-28 00:54:03 +01:00
Miroslav Stampar
80b9fc4821 Minor fix 2014-11-19 09:21:52 +01:00
Miroslav Stampar
b7aeb670e1 Implementation of a new MySQL error-based payload (found at RDot) 2014-10-29 10:14:01 +01:00
Miroslav Stampar
90869244fd Minor update 2014-09-09 16:19:38 +02:00
Miroslav Stampar
af21fc513d Bug fix for HSQLDB (some queries were runnable on MySQL) 2014-09-03 21:39:38 +02:00
Miroslav Stampar
1478c206f1 Trivial update 2014-09-03 21:27:02 +02:00
Miroslav Stampar
ff8bfff87a Bug fix (FreeBSD != Linux) 2014-08-20 14:45:58 +02:00
Miroslav Stampar
5436635acb Minor update 2014-08-13 13:32:22 +02:00
Bernardo Damele
a09e590fe8 updated regression tests 2014-07-17 17:13:09 +01:00
Markus Wulftange
cf4e0c755b
Add boundary checks for derived tables in FROM clause 2014-05-24 17:25:11 +02:00
Bernardo Damele
78ab525966 minor fix to Oracle payloads 2014-04-09 12:31:52 +00:00
Bernardo Damele
42bde5328d minor fix 2014-04-09 12:29:52 +00:00
Bernardo Damele
9b0662d1a9 added new Oracle time-based payloads 2014-04-09 12:14:16 +00:00
Miroslav Stampar
97f603af4a Fix for an Issue #641 2014-03-17 20:20:25 +01:00
Miroslav Stampar
ae36c08f12 Updating server signatures 2014-03-13 10:05:56 +01:00
Bernardo Damele
07a22070d8 updated signatures for test environment 2014-02-27 15:02:33 +00:00
Miroslav Stampar
b83d531ab3 Minor fix (Reference: https://en.wikipedia.org/wiki/Internet_Information_Services) 2014-02-05 08:32:55 +01:00
Miroslav Stampar
f28b8dbda8 Minor update 2014-02-01 22:24:56 +01:00
Bernardo Damele
4e8ab48145 fixed match 2014-01-13 23:48:00 +00:00
Bernardo Damele
b86353b485 minor fix to DB2 test case 2014-01-13 23:34:25 +00:00
Bernardo Damele
85f60d0c09 leftovers 2014-01-13 17:41:33 +00:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Bernardo Damele
9a1be29b45 updated test cases for regression test 2014-01-13 17:12:59 +00:00
Bernardo Damele
4975aafa65 updated live tests 2014-01-10 17:38:04 +00:00
Bernardo Damele
148767941b new host 2014-01-10 17:23:27 +00:00
Miroslav Stampar
178056968f Cleaning a leftover (deleted) made for Issue #564 2013-12-27 10:49:15 +01:00
Miroslav Stampar
cadbddd607 Adding a boundary proposed in Issue #564 2013-12-27 10:46:18 +01:00
Miroslav Stampar
9ead80d707 Minor patch for Issue #585 2013-12-17 09:39:43 +01:00
Miroslav Stampar
663b1e711b Bug fix 2013-12-01 21:22:29 +01:00
Miroslav Stampar
07bd22fa80 Minor fix 2013-12-01 21:03:30 +01:00
Bernardo Damele
378ce46061 NVARCHAR is not supported on Sybase Adaptive Server 2013-10-18 12:23:50 +01:00
Miroslav Stampar
4c39235c2f Minor revert (5->3) 2013-10-11 00:39:44 +02:00
Miroslav Stampar
6305c1e703 Making a comma-less RLIKE payload 2013-10-11 00:39:11 +02:00
Miroslav Stampar
dbaa35f9fe Minor fix 2013-10-10 23:53:43 +02:00
Miroslav Stampar
2dc570d7a8 Minor patch (for ORDER BY 'col' cases) 2013-10-10 23:08:20 +02:00
Miroslav Stampar
6f2c89bd7c Fix for an Issue #529 2013-09-25 10:22:23 +02:00
Miroslav Stampar
31684dbc89 Fix for an Issue #524 2013-09-13 16:16:46 +02:00
Miroslav Stampar
96ccdb7c83 Adding new regular expressions for error messages 2013-09-06 19:41:40 +02:00
Miroslav Stampar
a711c9ed36 Minor cleanup and initial work for #58 2013-08-09 14:13:48 +02:00
Miroslav Stampar
de31688c4f Update for an Issue #481 2013-07-29 18:25:27 +02:00
Miroslav Stampar
df5a6beb6e Queries for Issue #481 2013-07-27 11:11:11 +02:00
stamparm
dbb0d7f700 Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used) 2013-07-19 13:24:35 +02:00
stamparm
27bf37e741 Updating to higher levels for HSQLDB specific payloads (like for e.g. Firebird) 2013-07-04 15:41:08 +02:00
stamparm
f97b35dcc1 Patch for an Issue #475 2013-07-01 13:43:38 +02:00
Bernardo Damele
9a8bec760f added fingerprint for HSQLDB based on Tomcat stacktrace message 2013-07-01 12:17:52 +01:00
stamparm
925098686d Minor fix 2013-07-01 13:05:57 +02:00
stamparm
e3124b9176 Replacing tabs with spaces (Issue #475) 2013-07-01 12:56:34 +02:00
Bernardo Damele
2ca5df2802 minor fix 2013-07-01 11:31:28 +01:00
stamparm
b5e644694a Minor cleanup 2013-07-01 12:05:02 +02:00
Miroslav Stampar
aeb83ba651 Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
Meatballs
604694c0e5 Cleanup queries.xml 2013-06-24 23:22:52 +01:00
Meatballs
55a37183d4 Cleanup payloads file 2013-06-24 15:04:52 +01:00
Meatballs
355d3f86be hsql payloads and queries xml 2013-06-24 14:34:54 +01:00
Miroslav Stampar
4336a8fa7c Fix for overnight (previously removed : from prefix/suffix was important for XMLType payload) 2013-06-24 14:18:42 +02:00
Miroslav Stampar
fca6772df6 Implementation for an Issue #468 2013-06-22 00:13:46 +02:00
stamparm
20b8186fcc Fix for an Issue #467 2013-06-19 10:41:58 +02:00
Miroslav Stampar
ad07add549 Fixing MySQL/stacked payloads (also removing stacked conditional-error version as it's syntatically incorrect) 2013-06-05 14:32:06 +02:00
stamparm
f456b5a28d Bug fix (this payload was also doable on MySQL - with CAST it's strictly being bound to Oracle only) 2013-05-29 17:41:42 +02:00
Miroslav Stampar
19b87074c6 Minor fix 2013-05-22 23:30:33 +04:00
Miroslav Stampar
d34286fe44 Temporary disabling 2013-05-12 13:45:32 +02:00
Miroslav Stampar
427d88b194 Minor overnight fix 2013-05-04 11:39:23 +02:00
stamparm
ff62b0d3ea Replacing a substring query for PgSQL with a non-comma version (there are no compatibility issues while skipping problems with possible comma filtering) 2013-04-25 10:14:03 +02:00
stamparm
9c264e6426 Revert back of SQLite3 time-based payload as of regression test failing 2013-04-10 11:10:19 +02:00
stamparm
acc650d3dc Minor fine tuning 2013-04-03 15:14:25 +02:00
stamparm
125168c515 Reverting back to 8002531b63 (that last 76dcbbda0f resulted in 'too big blob') 2013-04-03 14:38:13 +02:00
stamparm
76dcbbda0f Reverting last commit and making heavy query on SQLite heavier 2013-04-03 14:23:28 +02:00
stamparm
8002531b63 Heavy queries should not have --time-sec set to some small value in live tests as their responses are machine dependent (on fast machines --time-sec=2 will result in fast responses making sqlmap life harder) 2013-04-03 14:17:13 +02:00
stamparm
64ba88096f Adding a new test case (Issue #423) 2013-03-21 12:13:13 +01:00
Bernardo Damele
30cf933445 added one more test case 2013-03-05 18:21:45 +00:00
stamparm
46b9a602ba Minor style update (because of consistency with other payloads; also, Oracle is uppercase oriented) 2013-03-01 12:43:08 +01:00
Miroslav Stampar
f593e1d30f Reverting last commit as there is bunch of similar 2013-02-20 17:35:36 +01:00
stamparm
e2b7384921 Adding a new test case (--sql-query) 2013-02-20 14:10:39 +01:00
Miroslav Stampar
6c8e8e2a0f Minor fix 2013-02-18 15:23:55 +01:00
Miroslav Stampar
75a9404cb5 Bug fix (unenclosed 'SELECT * FROM user' returns result for a system function user <- previous results were illegal) 2013-02-18 14:15:48 +01:00
Bernardo Damele
5abca52924 added one more test case 2013-02-15 17:11:40 +00:00
Miroslav Stampar
b3b3899dab Fix for an Issue #273 (must for MsSQL 2000; works on MsSQL > 2000) 2013-02-14 10:08:29 +01:00
Miroslav Stampar
3483fd4347 MAX not supported by MSSQL < 2005 2013-02-13 18:33:28 +01:00
Bernardo Damele
1384b8794f add parsed error messages to console_output for better debugging of failed regression test cases 2013-02-12 13:48:11 +00:00
Bernardo Damele
70230f3513 minor fix 2013-02-12 09:28:15 +00:00
Bernardo Damele
c8d1020a13 re-enabled brute-force test cases 2013-02-07 14:19:58 +00:00
Miroslav Stampar
c0888e92c8 Minor update 2013-02-05 12:02:48 +01:00
Miroslav Stampar
7ba0da66b1 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 11:10:31 +01:00
Miroslav Stampar
9434cc26d8 Minor fix 2013-02-05 11:10:21 +01:00
Bernardo Damele
9da6f8e08a more verbose parsing rule 2013-02-05 09:58:11 +00:00
Bernardo Damele
6a83eea587 added SQLite 3 test cases 2013-02-05 09:11:20 +00:00
Bernardo Damele
0f4f808be4 minor improvement 2013-02-04 23:26:17 +00:00
Bernardo Damele
5a8f94a1e1 temporary patch 2013-02-04 09:15:05 +00:00
Miroslav Stampar
231ea51fe6 Removing leftover 2013-02-01 17:10:40 +01:00
Miroslav Stampar
68e507ea9f Update for an SQLite3 time-based (heavy query) payloads (better timedelay) 2013-01-31 18:59:18 +01:00
Miroslav Stampar
410f6ad476 Fix for an Issue #380 2013-01-31 13:26:38 +01:00
Miroslav Stampar
6b6e36b2ec Continuation of work on fixing DISTINCT/--search issues (Oracle) 2013-01-30 18:08:34 +01:00
Miroslav Stampar
838e98192e Consistency update (we are not using DISTINCT in inband counterparts too) 2013-01-30 17:25:36 +01:00
Miroslav Stampar
112ff952d4 Continuation of cleaning up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 17:08:17 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Miroslav Stampar
742c66fad2 Adding one more test (switch --hex) 2013-01-30 11:40:12 +01:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f2512d06db Removing unneeded whitespace in inference queries 2013-01-29 16:13:49 +01:00
Bernardo Damele
2a9fe62c3f bind payload is preferred if filtering does not allow reverse connection 2013-01-26 15:51:47 +00:00
Miroslav Stampar
f9b44d6ff7 Adding test cases for using custom injection marks 2013-01-25 16:07:27 +01:00
Bernardo Damele
aed833c1d2 fixed test case 2013-01-24 14:59:55 +00:00
Bernardo Damele
7d01eb79b4 minor fix 2013-01-24 00:55:45 +00:00
Bernardo Damele
3c0c7f776f minor fix 2013-01-23 16:57:51 +00:00
Bernardo Damele
f1534a178a regexp fixes 2013-01-23 16:22:01 +00:00
Bernardo Damele
9ceb4839ac added test cases for --common-tables across all DBMSes and supported techniques 2013-01-23 15:54:58 +00:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
35d76f3da5 Adding missing stuff related to the last commit 2013-01-23 14:48:31 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
599ad74a32 typo fix 2013-01-23 13:05:10 +00:00
Bernardo Damele
7ee07d031a added PostgreSQL stacked queries test case 2013-01-23 12:15:20 +00:00
Bernardo Damele
314ed22fc3 added preventive cleanup test case 2013-01-23 12:12:30 +00:00
Bernardo Damele
f3ff239e62 minor fix 2013-01-23 00:21:11 +00:00
Bernardo Damele
aafc5b5623 added one just in case test case to check if all params are tested as they should be 2013-01-23 00:18:54 +00:00
Bernardo Damele
91c00939f7 added one more test case 2013-01-22 18:28:59 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
5ea45af1c4 Warming up for Issue #366 and #367 2013-01-22 14:14:20 +01:00
Bernardo Damele
4f081a6a9b typo fixes 2013-01-22 13:00:15 +00:00
Bernardo Damele
afa9046e74 added Firebird custom enumeration test cases and stricten a few cases to make sure query length calculation function works properly with multi-threading/boolean technique 2013-01-22 12:34:11 +00:00
Bernardo Damele
29a65b5cdc added Firebird search test cases 2013-01-22 11:23:48 +00:00
Miroslav Stampar
b8318efecc Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 11:29:15 +01:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
d2ff9bccbb minor adjustment 2013-01-21 21:00:03 +00:00
Bernardo Damele
bc5a7e49e9 done with DB2 test cases (issue #312) 2013-01-21 20:53:11 +00:00
Bernardo Damele
3cfa6cd191 minor adjustments 2013-01-21 16:41:47 +00:00
Bernardo Damele
d5de5306d6 minor fixes following recent enhancements 2013-01-21 16:38:31 +00:00
Miroslav Stampar
472f5e35c2 Removing that space char 2013-01-21 17:35:23 +01:00
Miroslav Stampar
5d318b4980 Fix for a ISNULL mechanism in Firebird 2013-01-21 17:33:09 +01:00
Miroslav Stampar
99bc4a9005 Generic approach for dealing with that nasty Firebird habit of appending spaces to (tec=EU) varchar casted values 2013-01-21 17:17:20 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
aebf2c1350 Slightly better payload for Firebird delay-based SQLi (adding sligtly more delay) 2013-01-20 23:10:58 +01:00
Bernardo Damele
845ec006d7 fixed again 2013-01-20 01:33:22 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Bernardo Damele
a24eaffacc fixed --columns on DB2, inline with Oracle and other DBMSes now 2013-01-19 16:14:25 +00:00
Bernardo Damele
b05c6cbd13 leftover 2013-01-19 00:29:42 +00:00
Bernardo Damele
30273e03fe leftover 2013-01-19 00:28:48 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
89ddd54a75 added Firebird inline query payload, requires some work though engine-side for the vector to be usable 2013-01-19 00:05:15 +00:00