Miroslav Stampar
e9be60e1ac
added support for proper unicode session(s) storage/retrieval
2010-05-24 11:00:49 +00:00
Miroslav Stampar
64f2afe585
in a mood for more changes
2010-05-21 12:44:09 +00:00
Miroslav Stampar
78547bb79e
quick fix
2010-05-21 12:19:20 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Bernardo Damele
9c1d82c9f7
Minor bug fix to --proxy with HTTPS target on Python 2.6 - fixes #191 .
2010-05-20 10:52:14 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Bernardo Damele
fa48d26f95
Minor cosmetic fix
2010-04-26 12:34:21 +00:00
Miroslav Stampar
7eef76f1b0
added basic option validation for start/stop values regarding David Guimaraes mail
2010-04-26 11:23:12 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
938a3ab0b9
fix for Bug #183 (--threads dot output)
2010-04-16 13:40:02 +00:00
Miroslav Stampar
1aeaa5db47
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 12:44:47 +00:00
Miroslav Stampar
17554759b7
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
2010-04-15 09:36:13 +00:00
Bernardo Damele
effc7dc41c
Minor adjustment to notify the user that the --auth-cred format for NTLM authentication is "DOMAIN\user:password"
2010-04-07 09:47:14 +00:00
Bernardo Damele
2d55ec19a3
Minor code restyling
2010-04-06 10:15:19 +00:00
Miroslav Stampar
e29e8f82f9
fix for "Problem with --dbms set" reported by David Guimaraes
2010-04-05 23:09:35 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
f4f68218bc
Minor layout adjustment for --threads and --eta output
2010-03-25 11:47:18 +00:00
Bernardo Damele
d13ad8b2d7
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 15:39:29 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Bernardo Damele
d2f86fb0a5
Fixes #172 - also cookies are parsed from burp/webscarab logs (-l) and request file (-r) now
2010-03-16 15:21:42 +00:00
Bernardo Damele
466df89c4a
Fixes #178 and #179 - proper handling of custom redirects
2010-03-16 14:30:57 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00
Bernardo Damele
6d0ea86414
Fixes #59 - proper customizable redirect (302 and 301)
2010-03-15 14:24:43 +00:00
Miroslav Stampar
7ec04281dd
minor adjustments
2010-03-12 12:46:26 +00:00
Miroslav Stampar
2c053d5cfb
fix for Bug #166 (Keyboard interrupt in Python threading)
2010-03-11 11:14:20 +00:00
Bernardo Damele
fdf417f57e
Minor adjustment and bug fix
2010-03-10 22:08:11 +00:00
Miroslav Stampar
91dd609e26
fixed threading bug (difflib :)
2010-03-10 14:14:27 +00:00
Bernardo Damele
7136c17f19
Minor log adjustments
2010-03-05 14:59:33 +00:00
Miroslav Stampar
6fd1f7f77c
update
2010-03-05 14:06:03 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
5d792feffd
minor update
2010-03-03 10:57:54 +00:00
Miroslav Stampar
89e919f07a
fixing my mistake
2010-02-26 10:01:23 +00:00
Miroslav Stampar
5ebf572cae
added option --ignore-proxy
2010-02-25 20:55:10 +00:00
Miroslav Stampar
cef248a5ea
update for that invalid target url Otavio Augusto reported
2010-02-10 12:06:23 +00:00
Miroslav Stampar
d291464cd4
code refactoring regarding path normalization
2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Miroslav Stampar
97840535c6
fix for situations where proxy is set in environment, but the user tries to test something on localhost
2010-01-19 13:47:35 +00:00
Miroslav Stampar
26c7b74e65
changes regarding Data (GET/POST/Cookie) encoding (Bug #129 )
2010-01-14 18:05:03 +00:00
Miroslav Stampar
3434a22872
HTTP header HOST is now mandatory in a HTTP request file
2010-01-12 14:07:58 +00:00
Miroslav Stampar
8817b2884f
minor update
2010-01-12 13:16:30 +00:00
Miroslav Stampar
a58b36fe07
code commit regarding Feature #119
2010-01-12 13:11:26 +00:00
Miroslav Stampar
d58ba7ee6d
added --scope feature regarding Feature #105
2010-01-09 20:44:50 +00:00
Miroslav Stampar
d07f60578c
implementation of Feature #17
2010-01-07 12:59:09 +00:00
Bernardo Damele
ce022a3b6e
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
2010-01-02 02:02:12 +00:00
Bernardo Damele
e4e081cdc6
sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.
2009-12-17 22:04:01 +00:00
Bernardo Damele
b363f1c5ab
Added support for NTLM authentication
2009-12-02 22:54:39 +00:00
Bernardo Damele
89c43893d4
Merged back from personal branch to trunk (svn merge -r846:940 ...)
...
Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring.
2009-09-25 23:03:45 +00:00
Bernardo Damele
24a3a23159
Minor bug fix to --dbms, updated user's manual
2009-07-09 11:05:24 +00:00