Bernardo Damele
26cb082fc3
Added a README for dbgtool
2009-01-12 23:17:15 +00:00
Bernardo Damele
de393628d0
Added dbgtool to extras, a port in python of toolcrypt.org dbgtool. Inspired by sqlninja perl script makescr.pl.
2009-01-12 23:02:02 +00:00
Bernardo Damele
5560f0b68a
Updated the copyright
2009-01-12 21:35:38 +00:00
Bernardo Damele
92645dd264
Minor adjustment
2009-01-10 14:51:12 +00:00
Bernardo Damele
9b0f11f879
Added an ASP uploader
2009-01-10 14:40:04 +00:00
Bernardo Damele
e10ab5aa0e
Major bug fixes
2009-01-10 14:39:27 +00:00
Bernardo Damele
9c125a2b57
Minor improvement to use Python ConfigParser library when --save if specified.
...
Minor update to the user's manual
2009-01-03 22:59:22 +00:00
Bernardo Damele
6ff8feb5cf
Updated documentation
2009-01-03 01:25:43 +00:00
Bernardo Damele
d0604ef513
Major bug fix to correctly handle custom SQL "limited" queries on Oracle
2009-01-03 01:19:04 +00:00
Bernardo Damele
2d87a3349f
Fixed custom MSSQL "limited" query support also for Partial UNION query technique
2009-01-03 00:27:04 +00:00
Bernardo Damele
9c42a883be
Major bug fix to make it work properly with MSSQL custom limited (SELECT
...
TOP ...) queries with both inferential blind and Full UNION query
injection
2009-01-02 23:26:45 +00:00
Bernardo Damele
2cc3bb2f6a
Minor improvement to PostgreSQL signatures file to identify Windows.
...
Minor improvement to Microsoft SQL Server "limit" queries.
2009-01-02 23:23:55 +00:00
Bernardo Damele
9e0d890171
Fixed MySQL 5.1 extensive fingerprint
2009-01-02 23:21:31 +00:00
Bernardo Damele
c1010c20d8
Minor adjustments
2008-12-30 21:24:01 +00:00
Bernardo Damele
a4d62af2ea
Minor layout adjustments to --union-tech
2008-12-29 18:48:23 +00:00
Bernardo Damele
9340bf59fb
Updated Microsoft SQL Server signature XML file.
...
Minor layout adjustments to --update output messages/diff
2008-12-29 18:46:43 +00:00
Bernardo Damele
0e9873fd4f
Preparing documentation for 0.6.4
2008-12-29 18:44:20 +00:00
Bernardo Damele
c83593c044
Limited custom query now works also on Oracle in inferential blind SQL
...
injection technique
2008-12-23 23:34:50 +00:00
Bernardo Damele
24ddbdc89d
Minor layout adjustment
2008-12-22 23:34:22 +00:00
Bernardo Damele
b0ad102efb
Better fingerprint technique for Microsoft SQL Server
2008-12-22 23:32:43 +00:00
Bernardo Damele
79c8d63b88
Major speed increase in DBMS basic fingerprint
2008-12-22 23:26:44 +00:00
Bernardo Damele
64bb57d786
Minor bug fix to make the Partial UNION query SQL injection technique
...
work properly also on Oracle and Microsoft SQL Server.
2008-12-22 22:48:44 +00:00
Bernardo Damele
1f7810e46a
Major bug fix to make partial UNION query sql injection work properly
...
also on Microsoft SQL Server
2008-12-22 19:36:01 +00:00
Bernardo Damele
064029cb2d
Addd one more MS Access signature
2008-12-22 19:35:13 +00:00
Bernardo Damele
04c187c66a
Working on a bug (fix for Partial UNION query SQL injection technique
...
both Oracle and Microsoft SQL Server).
2008-12-22 00:51:09 +00:00
Bernardo Damele
2f406b3e56
Minor adjustments
2008-12-22 00:04:28 +00:00
Bernardo Damele
c05f600e90
Minor fix
2008-12-21 21:40:09 +00:00
Bernardo Damele
4ae464c80d
Minor enhancement to support an option (--union-tech) to specify the
...
technique to use to detect the number of columns used in the web
application SELECT statement: NULL bruteforcing (default) or ORDER BY
clause.
2008-12-21 21:39:53 +00:00
Bernardo Damele
f92b76a8b0
Minor bug fix
2008-12-21 16:39:40 +00:00
Bernardo Damele
374b9ba878
Updated documentation based upon recent developments
2008-12-21 16:35:45 +00:00
Bernardo Damele
35708a0b97
Minor adjustment to UNION query SQL injection detection function.
...
Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py.
2008-12-21 16:35:03 +00:00
Bernardo Damele
996a872e51
We are already on sqlmap 0.6.4 release candidate 1..
2008-12-20 13:23:26 +00:00
Bernardo Damele
c18efe5084
Minor adjustments
2008-12-20 13:21:47 +00:00
Bernardo Damele
8d06975142
Major enhancement to make the comparison algorithm work properly also
...
on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo
2008-12-20 01:54:08 +00:00
Bernardo Damele
7e8ac16245
Added preventive check for stacked queries support when executing DDL,
...
DML & co. statements in SQL query and SQL shell. Minor improvements on
this new feature.
Increased default connection timeout to 30 seconds (needed for vmware
machine not correctly synched).
2008-12-19 20:48:33 +00:00
Bernardo Damele
ad228e6947
Ahead with the improvements to the comparison algorithm.
...
Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.
2008-12-19 20:09:46 +00:00
Bernardo Damele
68354be45a
Ahead with enhancements on comparison algorithm: implemented content-length technique
2008-12-18 22:49:35 +00:00
Bernardo Damele
afbd66f6d9
Added some comments
2008-12-18 21:58:05 +00:00
Bernardo Damele
d0d6632c22
Initial support to automatically work around the dynamic page at each refresh
...
(Major refactor to the comparison algorithm (True/False response))
2008-12-18 20:48:23 +00:00
Bernardo Damele
3fe493b63d
Minor enhancement to support an option (--is-dba) to show if the
...
current user is a database management system administrator.
2008-12-18 20:41:11 +00:00
Bernardo Damele
c32ef9d751
Major bug fix to avoid tracebacks when multiple targets are specified and one
...
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
2008-12-18 20:38:57 +00:00
Bernardo Damele
2efb3ae2ba
Documentation updated, now ready for 0.6.3 release
2008-12-17 23:26:14 +00:00
Bernardo Damele
6dec56d616
Major bug fix
2008-12-17 21:35:04 +00:00
Bernardo Damele
bb9079aa9d
Minor documentation adjustments
2008-12-17 20:58:19 +00:00
Bernardo Damele
94c79e3209
Updated documentation
2008-12-17 20:17:34 +00:00
Bernardo Damele
dda62ba463
Minor adjustments and bug fixes
2008-12-17 20:11:18 +00:00
Bernardo Damele
7b55840b35
cleanup configuration INI file
2008-12-17 00:22:27 +00:00
Bernardo Damele
ec11f502df
Site and documentation updated, ready to release 0.6.3 in two days
2008-12-17 00:19:01 +00:00
Bernardo Damele
36d9ede001
Updated documentation, ready for sqlmap 0.6.3 release
2008-12-16 23:52:16 +00:00
Bernardo Damele
b7f2602b50
A bit more entropy in the sql injection detection
2008-12-16 23:51:56 +00:00