sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	6295a59a30	minor update/fix	2010-11-05 11:39:35 +00:00
Miroslav Stampar	f3e3420677	fix for a bug reported by Marcos Mateos Garcia (ValueError)	2010-11-05 11:34:09 +00:00
Miroslav Stampar	5f7f4bf15b	minor debug update (probably temporary)	2010-11-05 11:04:00 +00:00
Miroslav Stampar	3f0a443b83	some updates	2010-11-04 23:08:59 +00:00
Miroslav Stampar	29b7c5366c	cosmetics	2010-11-04 17:22:33 +00:00
Miroslav Stampar	ad6b2e9c21	minor fix	2010-11-04 16:47:18 +00:00
Miroslav Stampar	e1cec8c02b	fix for all that stable, dynamic mambo jambo :)	2010-11-04 16:44:34 +00:00
Miroslav Stampar	f1f7e0bfe0	fix for "unknown charset 'en_us'" (reported by ToR)	2010-11-04 13:56:01 +00:00
Miroslav Stampar	3aba0b1bec	minor update	2010-11-04 12:51:04 +00:00
Miroslav Stampar	63af5444fd	fix (NameError: global name 'DBMS' is not defined)	2010-11-04 12:47:34 +00:00
Bernardo Damele	91a3a582e8	Minor bug fix to avoid crash when running sqlmap behind a proxy server	2010-11-04 12:22:04 +00:00
Bernardo Damele	0e9515c540	Cosmetics	2010-11-04 12:21:06 +00:00
Miroslav Stampar	18aea251b3	added concept of tamper script priority	2010-11-04 10:29:40 +00:00
Miroslav Stampar	303359e8b1	refix	2010-11-04 09:34:04 +00:00
Miroslav Stampar	efe75aa8a3	added some debug messages	2010-11-04 09:18:32 +00:00
Bernardo Damele	b152b1a04d	Cosmetics	2010-11-03 22:07:13 +00:00
Miroslav Stampar	71d0b1bcd7	several bug fixes	2010-11-03 21:51:36 +00:00
Miroslav Stampar	44678fa320	fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')	2010-11-03 12:40:11 +00:00
Miroslav Stampar	6adee3792a	removed all trailing spaces from blank lines	2010-11-03 10:08:27 +00:00
Miroslav Stampar	cd0d4135ac	implemented --banner for MaxDB and some minor fixes	2010-11-02 20:51:55 +00:00
Miroslav Stampar	861706fb31	fix for bug reported by ToR (unknown charset 'utf-8, text/html')	2010-11-02 18:01:10 +00:00
Bernardo Damele	c7c84c3089	Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).	2010-11-02 15:31:51 +00:00
Miroslav Stampar	70f6eab715	minor update	2010-11-02 12:08:28 +00:00
Miroslav Stampar	685a8e7d2c	refactoring of hard coded dbms names	2010-11-02 11:59:24 +00:00
Miroslav Stampar	5269cb8c08	some code refactoring and beautification	2010-11-02 09:06:38 +00:00
Miroslav Stampar	13e93f564a	one bug fix in dynamic content engine and some code refactoring	2010-11-02 07:32:08 +00:00
Miroslav Stampar	73b33ed765	fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic	2010-11-01 20:56:13 +00:00
Bernardo Damele	486a113560	Consolidate logger messages for --*-test switches	2010-10-31 16:58:38 +00:00
Bernardo Damele	46be570463	Proper HTTP version display	2010-10-31 15:41:28 +00:00
Bernardo Damele	f3cc41601c	Added check on --first and --last values	2010-10-31 14:42:13 +00:00
Bernardo Damele	0ffffef088	Implemented --tamper for direct connection too (-d)	2010-10-31 14:22:32 +00:00
Bernardo Damele	65a0a8d285	Delegate urlencoding to agent.py only	2010-10-31 13:28:05 +00:00
Bernardo Damele	c7b374534b	Minor cosmetics	2010-10-31 12:29:00 +00:00
Bernardo Damele	617edf7fc2	Minor bug fix	2010-10-31 12:24:19 +00:00
Bernardo Damele	fcada4df0f	Removed debug print	2010-10-31 12:21:22 +00:00
Bernardo Damele	2a2f949275	Minor bug fix	2010-10-31 12:20:38 +00:00
Bernardo Damele	264247d318	revert of a stupid commit	2010-10-31 12:09:55 +00:00
Bernardo Damele	2fb059a644	Bug fix	2010-10-31 12:02:20 +00:00
Bernardo Damele	9d08cb3a6f	Revert r2209 and minor code refactoring	2010-10-31 11:51:45 +00:00
Bernardo Damele	3eda4510e2	Properly encode the cookie	2010-10-31 11:26:33 +00:00
Bernardo Damele	3869ccebe8	Minor code refactoring	2010-10-31 11:17:51 +00:00
Bernardo Damele	6afc9bffaa	Minor bug fix: there will always be only one pair of delimiters as we add it for each place	2010-10-31 11:09:29 +00:00
Bernardo Damele	3a48bee9b0	Minor code refactoring	2010-10-31 11:03:59 +00:00
Bernardo Damele	8cf0ebde1e	Cosmetics	2010-10-29 23:00:48 +00:00
Miroslav Stampar	0125198210	minor fix	2010-10-29 21:19:28 +00:00
Miroslav Stampar	cbf38436f2	minor update	2010-10-29 16:15:23 +00:00
Miroslav Stampar	5a38ac7ea9	important update regarding (Bug #209 ) - probably more will be needed	2010-10-29 16:11:50 +00:00
Bernardo Damele	a0df231aa4	Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data	2010-10-29 13:09:53 +00:00
Miroslav Stampar	f7d42af046	some fixes regarding --check-payload	2010-10-29 11:00:23 +00:00
Bernardo Damele	b3b2c3864a	Minor code refactoring	2010-10-29 10:51:09 +00:00
Miroslav Stampar	d75578c81f	some update regarding common tables	2010-10-29 09:00:51 +00:00
Miroslav Stampar	895efd28a6	one more update regarding Bug #205	2010-10-28 23:22:13 +00:00
Miroslav Stampar	788eb8fb50	update regarding Bug #205	2010-10-28 22:59:51 +00:00
Bernardo Damele	4f8e9da1b6	Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown. Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only. Got rid of useless doubleslash param in delRemoteFile() method. Major code refactoring to xp_cmdshell.py methods and parent calls.	2010-10-28 00:19:40 +00:00
Bernardo Damele	56c16cb471	Minor bug fixes and enhancements to ICMPsh tunnel	2010-10-27 23:01:17 +00:00
Bernardo Damele	a391be833b	Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.	2010-10-27 21:02:22 +00:00
Bernardo Damele	43de8247ac	Code refactoring	2010-10-27 20:39:50 +00:00
Bernardo Damele	d554ffc0ae	yes, I am quite paranoid with cosmetics	2010-10-27 10:37:54 +00:00
Miroslav Stampar	5cc1bd8a12	major fix for heuristic check	2010-10-27 08:27:31 +00:00
Miroslav Stampar	4d70f2c210	reverting back to 100	2010-10-26 15:42:54 +00:00
Miroslav Stampar	8211e6a2bd	possible	2010-10-26 11:29:09 +00:00
Bernardo Damele	9b127e58d2	Adjusted for MySQL weirdness	2010-10-26 09:33:18 +00:00
Miroslav Stampar	8803096343	some update regarding beep()	2010-10-26 08:32:58 +00:00
Miroslav Stampar	b9ff91b6e9	update of beep	2010-10-26 06:30:27 +00:00
Miroslav Stampar	9ec9d223e1	minor	2010-10-26 06:08:40 +00:00
Bernardo Damele	f5904d0bc0	Major bug fix to --union-test	2010-10-25 23:39:55 +00:00
Bernardo Damele	7effd0c301	Cosmetics	2010-10-25 22:54:56 +00:00
Miroslav Stampar	73eea81b3a	minor cosmetics	2010-10-25 19:45:53 +00:00
Miroslav Stampar	d7bf94d4d6	fix for --beep	2010-10-25 19:16:42 +00:00
Miroslav Stampar	228ac0cde5	refactoring regarding --check-payload	2010-10-25 18:38:54 +00:00
Bernardo Damele	7c343c2d67	Forgot	2010-10-25 16:34:43 +00:00
Bernardo Damele	debaf2215f	Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch	2010-10-25 15:54:45 +00:00
Miroslav Stampar	378653a1ec	added IDS payload testing	2010-10-25 15:37:43 +00:00
Bernardo Damele	bdb9c37a7e	Cosmetics	2010-10-25 15:17:59 +00:00
Bernardo Damele	215175e3b7	Minor code adjustments	2010-10-25 14:11:47 +00:00
Miroslav Stampar	24c5d7b313	code refactoring	2010-10-25 14:06:56 +00:00
Miroslav Stampar	9c94a233a1	conf.md5hash thrown out	2010-10-25 13:52:21 +00:00
Miroslav Stampar	9a3879feba	keeping things neat and tidy	2010-10-25 12:33:49 +00:00
Miroslav Stampar	32728d14b7	fix for --union-use with --error-test	2010-10-25 12:25:29 +00:00
Miroslav Stampar	71543092b7	update regarding comparison engine	2010-10-25 12:00:59 +00:00
Miroslav Stampar	8df7c88174	implementation of a new dynamic content removal engine	2010-10-25 10:41:37 +00:00
Miroslav Stampar	db260c44d3	minor update	2010-10-24 22:25:05 +00:00
Miroslav Stampar	aa931efd4d	several MySQL fixes/enhancements pointed out by Anton Mogilin	2010-10-24 22:05:14 +00:00
Miroslav Stampar	52f910f752	added --beep (tested on Windows and Linux; for now turned off) switch	2010-10-23 09:38:46 +00:00
Miroslav Stampar	98f5586b87	minor update	2010-10-23 08:05:24 +00:00
Miroslav Stampar	f1e2c1867f	Cosmetics	2010-10-22 21:13:12 +00:00
Miroslav Stampar	2194d47782	setting conf.threads when -o switch is used	2010-10-22 19:10:45 +00:00
Miroslav Stampar	e6e48c5556	fix for Bug #204	2010-10-22 18:23:46 +00:00
Bernardo Damele	1288def3b7	Cosmetics	2010-10-22 14:23:14 +00:00
Miroslav Stampar	dec4d858b3	fix for Bug #207	2010-10-22 14:01:48 +00:00
Miroslav Stampar	1b2ec826bf	misc fixes regarding new query retrieval format	2010-10-21 23:17:06 +00:00
Miroslav Stampar	a9b50a1e82	minor fix	2010-10-21 23:09:57 +00:00
Miroslav Stampar	bc79eec702	removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)	2010-10-21 13:13:12 +00:00
Miroslav Stampar	be443c6947	refactoring regarding __START__,...	2010-10-21 09:51:07 +00:00
Miroslav Stampar	2668c95ef4	added default HTTP version used by httplib and urllib2	2010-10-21 09:10:07 +00:00
Bernardo Damele	7f1aa3b94f	Removed unused imports	2010-10-20 22:48:51 +00:00
Bernardo Damele	c60edf7c17	Minor cosmetics	2010-10-20 22:43:02 +00:00
Bernardo Damele	d8bfa76dca	Minor possible bug fix	2010-10-20 22:12:53 +00:00
Bernardo Damele	e73e06069b	Minor code refactoring	2010-10-20 22:09:03 +00:00
Bernardo Damele	862cc9ac53	Minor cosmetic fixes	2010-10-20 21:58:33 +00:00
Bernardo Damele	3b5c5cc457	Minor possible bug fix	2010-10-20 21:49:05 +00:00
Bernardo Damele	f95098693f	Removed unused functions	2010-10-20 21:16:28 +00:00
Bernardo Damele	430bb7478f	Minor bug fix	2010-10-20 21:15:06 +00:00
Miroslav Stampar	34f70657ee	fix for NULL values	2010-10-20 10:29:18 +00:00
Miroslav Stampar	00449f1402	fix/upgrade/chicken soup	2010-10-20 09:54:17 +00:00
Miroslav Stampar	e24bff0497	nice refactoring	2010-10-20 09:46:57 +00:00
Miroslav Stampar	5d3cbec457	no more regex. web server independent.	2010-10-20 09:35:46 +00:00
Miroslav Stampar	934adb5e8d	code refactoring	2010-10-20 09:09:04 +00:00
Miroslav Stampar	b032fdbf74	added randInt to error injection vectors	2010-10-20 08:56:58 +00:00
Miroslav Stampar	dabbcf9e23	fix for that 'Subquery returns more than 1 row'	2010-10-20 08:50:05 +00:00
Miroslav Stampar	82f44989ce	update of error based injection and bug fix for --roles on MSSQL server	2010-10-20 06:40:33 +00:00
Bernardo Damele	0817d1b78d	Cosmetics	2010-10-19 23:09:30 +00:00
Miroslav Stampar	8776db872c	minor refactoring	2010-10-19 23:05:24 +00:00
Miroslav Stampar	1b376c99a6	removed temp dictionary and replaced with kb.misc	2010-10-19 23:00:19 +00:00
Bernardo Damele	813f44da16	Minor bug fix for MSSQL connector --tables option	2010-10-19 22:11:17 +00:00
Miroslav Stampar	7927e97007	update	2010-10-19 18:34:57 +00:00
Miroslav Stampar	415524bd5a	remove --error, now it's only --error-test (it needs to return True to be able to use it)	2010-10-19 18:34:14 +00:00
Miroslav Stampar	8d9201a3dc	minor update	2010-10-19 18:23:21 +00:00
Miroslav Stampar	4009ef385e	more update regarding error based injection support	2010-10-19 18:17:34 +00:00
Miroslav Stampar	b2e0b615f8	fix for that MySQL checking	2010-10-19 17:38:39 +00:00
Miroslav Stampar	34d7de1d46	cosmetics	2010-10-19 15:28:54 +00:00
Miroslav Stampar	d7622bb9cf	major fix for MySQL error based injections	2010-10-19 15:17:16 +00:00
Miroslav Stampar	80505de15b	now --users work on Oracle and Postgre (tested)	2010-10-19 14:56:57 +00:00
Miroslav Stampar	4bc541ec3c	error based update	2010-10-19 14:47:13 +00:00
Miroslav Stampar	d0ebe428da	i've left error flag	2010-10-19 14:12:34 +00:00
Miroslav Stampar	bf850af2d8	fix for Oracle error based query "space" problem	2010-10-19 14:10:09 +00:00
Miroslav Stampar	6a8b1046d4	first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)	2010-10-19 12:02:04 +00:00
Miroslav Stampar	ccda92536f	added header	2010-10-19 09:13:30 +00:00
Miroslav Stampar	264e0a6fda	added support for displaying revision number at unhandled exception message	2010-10-19 08:55:14 +00:00
Miroslav Stampar	9a7fd29d4f	using pushValue and popValue	2010-10-18 22:22:41 +00:00
Miroslav Stampar	a97319656c	optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing	2010-10-18 21:47:11 +00:00
Miroslav Stampar	729156e91c	proper fix	2010-10-18 21:39:46 +00:00
Miroslav Stampar	3d5494845c	minor bug fix	2010-10-18 21:32:50 +00:00
Miroslav Stampar	8b8fff41fe	cosmetics (adding html parsed DBMS) regarding heuristic check	2010-10-18 12:11:16 +00:00
Bernardo Damele	1d74036ee3	Minor cosmetic fixes	2010-10-18 11:34:53 +00:00
Bernardo Damele	36bc410333	Minor bug fix	2010-10-18 09:50:23 +00:00
Miroslav Stampar	6b70dadfb2	minor cosmetics	2010-10-18 09:09:22 +00:00
Miroslav Stampar	149837ebf5	added the same for proxy authorization header	2010-10-18 09:02:56 +00:00
Miroslav Stampar	aaebb4336e	fix for Bug #202	2010-10-18 08:54:08 +00:00
Bernardo Damele	683184cc8f	Minor refactoring	2010-10-17 21:06:52 +00:00
Bernardo Damele	cd0fe8dde0	Updated sample configuration file and cmdline help	2010-10-17 00:07:53 +00:00
Bernardo Damele	64b9f94fcf	Renamed --common-prediction switch to --predict-output	2010-10-16 23:50:13 +00:00
Bernardo Damele	f54c134d22	Minor adjustment	2010-10-16 22:43:05 +00:00
Bernardo Damele	6211915da5	Cosmetic fix	2010-10-16 22:31:16 +00:00
Bernardo Damele	7b71262de6	Cosmetic fix	2010-10-16 22:07:29 +00:00
Bernardo Damele	a2997a6dce	Minor bug fix to --tamper	2010-10-16 21:55:34 +00:00
Bernardo Damele	2129935e06	Split character for tamper scripts (--tamper option) is now comma, not semi-colon. Minor enhancement	2010-10-16 21:52:16 +00:00
Bernardo Damele	2dae934a2b	Minor bug fixes, code refactoring and enhanced --tamper functionality	2010-10-16 21:33:15 +00:00
Bernardo Damele	84ed7f192a	Cosmetic fixes	2010-10-16 15:10:48 +00:00
Miroslav Stampar	1336b97c2c	removed --useBetween switch and added new tampering module ./tamper/between.py	2010-10-15 23:48:07 +00:00
Miroslav Stampar	1ae4d0fc2a	added optimization group	2010-10-15 23:26:48 +00:00
Bernardo Damele	e7c8be1d45	Minor layout adjustments	2010-10-15 15:37:15 +00:00
Miroslav Stampar	c9f0c75030	removed --space (usage of tampering modules is now a prefered way to do it)	2010-10-15 12:52:33 +00:00
Miroslav Stampar	d0514d18ec	removed that spaces from URI payloads	2010-10-15 12:49:03 +00:00
Bernardo Damele	bf56f8c63c	Cosmetic fix	2010-10-15 12:46:41 +00:00
Miroslav Stampar	dcb9c2103a	just in case update	2010-10-15 11:20:19 +00:00
Bernardo Damele	5f6d88a418	Minor comment	2010-10-15 11:17:17 +00:00
Miroslav Stampar	2fa8836c01	bug fix	2010-10-15 11:14:59 +00:00
Miroslav Stampar	d50684a057	added one more check	2010-10-15 11:05:50 +00:00
Miroslav Stampar	2b476e078c	minor cosmetics	2010-10-15 10:36:29 +00:00
Bernardo Damele	a80f6110cd	don't call variables 'file', it's a reserved word :)	2010-10-15 10:29:24 +00:00
Bernardo Damele	c5e385f77a	More layout adjustments	2010-10-15 10:28:34 +00:00
Bernardo Damele	9fcab68700	Minor adjustments	2010-10-15 10:28:06 +00:00
Bernardo Damele	48cc8a308d	More verbose messages on successful --null-connection	2010-10-15 10:24:54 +00:00
Miroslav Stampar	0f48dd6f73	fix for skipping non-GET urls	2010-10-15 09:54:29 +00:00
Miroslav Stampar	207bef7f19	fix for that SQLite3 vs SQLite2 issue	2010-10-15 09:39:41 +00:00
Miroslav Stampar	d0df8cdac9	fix for that duplicates	2010-10-15 00:34:16 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Bernardo Damele	1674142d82	Minor cosmetic fixes	2010-10-14 15:28:54 +00:00
Miroslav Stampar	2bbe0c9ba6	bug fix for Ctrl+C	2010-10-14 15:23:42 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00
Miroslav Stampar	f07608ef4d	show static words in a sorted manner	2010-10-14 12:38:06 +00:00
Miroslav Stampar	162d01abed	commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)	2010-10-14 11:06:28 +00:00
Miroslav Stampar	7e1f784eaa	cosmetic update	2010-10-14 06:00:10 +00:00
Miroslav Stampar	dc50543ea4	major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)	2010-10-13 23:01:23 +00:00
Miroslav Stampar	36ef8ca575	bug fix	2010-10-13 22:42:48 +00:00
Miroslav Stampar	02a14d4c45	added Referer (part of Feature #37 )	2010-10-13 22:08:09 +00:00
Miroslav Stampar	43a3ac2c3a	some bug fixes	2010-10-13 20:54:18 +00:00
Miroslav Stampar	f700692c74	added missing files for Sybase	2010-10-13 18:55:17 +00:00
Miroslav Stampar	562df9c107	temporary fix (files left at home)	2010-10-13 07:39:48 +00:00
Miroslav Stampar	34580f56fc	added --tamper option	2010-10-12 22:45:25 +00:00
Miroslav Stampar	9a08f7feb8	minor update	2010-10-12 20:01:59 +00:00
Miroslav Stampar	d2ec132469	added --text-only switch	2010-10-12 19:41:29 +00:00
Miroslav Stampar	f9f79ffbaf	basic stuff for sybase	2010-10-12 19:05:12 +00:00
Miroslav Stampar	9ffa928783	added some user interaction when page is dynamic	2010-10-12 15:49:04 +00:00
Miroslav Stampar	b748e6ea44	minor update	2010-10-12 12:52:06 +00:00
Miroslav Stampar	73b77255e3	minor cosmetic update	2010-10-12 12:32:02 +00:00
Miroslav Stampar	6dcd05c39c	minor update	2010-10-11 14:38:04 +00:00
Miroslav Stampar	e2bbfbe650	bug fix	2010-10-11 14:32:02 +00:00
Miroslav Stampar	1369529103	minor cosmetic update	2010-10-11 13:52:32 +00:00
Miroslav Stampar	43892cddbb	some updates	2010-10-11 12:26:35 +00:00
Miroslav Stampar	8b0a132fa9	minor update	2010-10-11 11:47:07 +00:00
Miroslav Stampar	2198a60684	bug fix (reported by james@ev6.net)	2010-10-10 20:51:11 +00:00
Miroslav Stampar	7a5bb2b0d6	update	2010-10-10 19:50:10 +00:00
Miroslav Stampar	8fcad29bbf	new feature --forms (still unfinished)	2010-10-10 18:56:43 +00:00
Miroslav Stampar	18d27cabc5	more changes	2010-10-07 15:34:17 +00:00
Miroslav Stampar	440ff639bb	more refactoring	2010-10-07 14:05:34 +00:00
Miroslav Stampar	e80a66acc5	minor update	2010-10-07 12:21:59 +00:00
Miroslav Stampar	1e9ae40397	major refactoring	2010-10-07 12:12:26 +00:00
Miroslav Stampar	1bf8939e2f	further updates	2010-10-06 22:43:04 +00:00

... 2 3 4 5 6 ...

972 Commits