Miroslav Stampar
ec43ceec40
Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;)
2012-09-25 14:29:22 +02:00
Miroslav Stampar
01f481c332
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Miroslav Stampar
47073f4afd
Implementation of an Issue #131
2012-07-30 21:50:46 +02:00
Miroslav Stampar
a5062c1e4f
Adding a warn message when --dns-domain is ignored (because of faster techniques)
2012-07-27 09:48:48 +02:00
Miroslav Stampar
f8c9868cb6
Implementation for an Issue #118
2012-07-24 15:34:50 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Bernardo Damele
ea9c66108e
cleanup for issue #68
2012-07-12 15:38:43 +01:00
Bernardo Damele
33cbbed4a8
I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided
2012-07-12 01:39:15 +01:00
Bernardo Damele
3a94953ae2
leftover from previous commit
2012-07-12 01:15:34 +01:00
Bernardo Damele
31571e6e2d
minor refactoring
2012-07-11 11:55:05 +01:00
Miroslav Stampar
9c4a62f725
Some work on Issue #68
2012-07-11 11:58:47 +02:00
Miroslav Stampar
2669528b24
Language typo
2012-07-07 11:16:33 +02:00
Bernardo Damele
7b4ecd9df0
added skeleton code for issue #34 , still not usable
2012-07-02 00:22:34 +01:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
06be7bbb18
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
2012-06-15 20:41:53 +00:00
Miroslav Stampar
a70a647aeb
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
2012-05-28 14:51:23 +00:00
Miroslav Stampar
b1d82422a0
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
2012-05-28 14:15:04 +00:00
Miroslav Stampar
fdf61015ad
minor patch
2012-05-09 08:41:05 +00:00
Miroslav Stampar
6af110d631
avoiding --no-cast/--hex warning message before a DBMS is fingerprinted
2012-05-08 14:06:41 +00:00
Miroslav Stampar
b1dd03731a
minor cosmetics
2012-04-04 23:34:08 +00:00
Bernardo Damele
c0946ce2c9
Minor refactoring
2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895
more cosmetics
2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184
layout adjustments
2012-04-04 12:27:24 +00:00
Miroslav Stampar
503988887c
minor update
2012-04-03 10:43:46 +00:00
Miroslav Stampar
2504f4edb8
minor fixes
2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f
minor improvements regarding data retrieval through DNS channel
2012-04-03 09:18:30 +00:00
Miroslav Stampar
1cd3c3f7af
further update of DNS data retrieval mechanism through SQLi
2012-04-02 14:05:30 +00:00
Miroslav Stampar
577caac4de
putting kb.negativeLogic setting to the safe place
2012-03-16 09:17:11 +00:00
Miroslav Stampar
19beb912fa
first step toward negative logic support
2012-03-15 15:52:12 +00:00
Miroslav Stampar
34b0935cb3
refactoring "echo 1" quick test for xp_cmdshell console output
2012-03-13 10:36:49 +00:00
Miroslav Stampar
5a83f1c5f7
minor update
2012-03-08 15:43:22 +00:00
Miroslav Stampar
1ec56f93ec
minor update
2012-03-01 10:10:19 +00:00
Miroslav Stampar
1e82405bb9
HashDB is now supported in -d too
2012-02-27 12:14:01 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
0478e4166a
minor justin case fix
2012-02-23 15:19:20 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Bernardo Damele
1c44d6d3c7
Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d
2012-02-14 17:29:00 +00:00
Miroslav Stampar
e50d64546f
minor fix
2012-02-07 14:57:48 +00:00
Miroslav Stampar
2b05ded9c3
just a makeup
2012-02-07 12:05:23 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
18930539cd
more concise language
2012-01-07 17:45:45 +00:00
Miroslav Stampar
9f68e54fff
minor cleanup
2011-12-22 10:59:28 +00:00
Miroslav Stampar
4a1a0773b7
speedup of UNION dumping
2011-12-22 10:44:14 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
73a500833d
minor bug fix
2011-12-12 14:38:06 +00:00
Miroslav Stampar
65b2b0ad87
adding switch --eval
2011-11-21 16:41:02 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
34738129c9
minor update
2011-09-25 21:27:58 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Miroslav Stampar
2033a28ae7
minor update regarding last commit (cleaner code)
2011-07-24 20:44:17 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Miroslav Stampar
9e5856caf8
improvement for recognition of scalar vs multiple-row commands
2011-05-19 16:45:05 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Miroslav Stampar
930872cf3b
fix
2011-04-21 14:20:09 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
04986be4b9
update regarding safe character output together with a small fix for newlines
2011-04-14 09:31:45 +00:00
Miroslav Stampar
723a7447b2
minor refactoring
2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
228cc68747
fix for those ugly DEBUG messages in brute mode
2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656
cosmeticados ;)
2011-04-08 10:39:07 +00:00
Bernardo Damele
60605b6e7c
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
2011-02-27 12:14:13 +00:00
Miroslav Stampar
0c57f2af0f
minor fix
2011-02-20 12:20:44 +00:00
Bernardo Damele
429ab631fe
Minor refactoring
2011-02-13 21:25:01 +00:00
Miroslav Stampar
1cd483f42f
one more update
2011-02-12 10:24:09 +00:00
Miroslav Stampar
25a3a64327
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
2011-02-12 10:15:42 +00:00
Bernardo Damele
864eade744
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
2011-02-10 11:14:05 +00:00
Miroslav Stampar
d9af01d73d
imporant fix for boolean expression which return [None]
2011-02-09 16:53:22 +00:00
Miroslav Stampar
71d1b72e0e
minor adjustment
2011-02-07 12:51:38 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Bernardo Damele
a37f5e05b9
Refactoring
2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
...
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
2fd9621499
Minor adjustments
...
Cosmetics
2011-01-31 21:22:39 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Bernardo Damele
6e4b65a822
Minor refactoring
2011-01-15 23:28:31 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
281d124fa6
minor bug fix
2010-12-31 12:04:39 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
cd337d9f39
minor fix
2010-12-26 09:46:09 +00:00
Miroslav Stampar
8470de7b76
bug fix for boolean proxy when using time based payloads
2010-12-23 23:46:08 +00:00
Miroslav Stampar
5be9c04e44
update regarding Sybase syntax
2010-12-22 10:39:56 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
95b2c0803b
minor fix
2010-12-15 20:51:29 +00:00
Miroslav Stampar
cda00c7501
code refactoring
2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24
minor cosmetics
2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c
minor cosmetics
2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea
quick fix of a fix
2010-12-15 12:10:33 +00:00
Miroslav Stampar
270ae0f080
just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False
2010-12-14 09:05:00 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
6a3c4485e6
minor update (removing extra ())
2010-12-12 14:44:39 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43
further update regarding bugtrace's report
2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2
quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)
2010-12-11 17:20:39 +00:00
Miroslav Stampar
3dc0a51d34
major bug fix with boolean expressions
2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b
update
2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d
fix
2010-12-10 16:03:32 +00:00
Miroslav Stampar
977988c0ab
cosmetics
2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80
another update
2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60
fix
2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55
proper fix
2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040
you won't believe commit
2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8
minor refactoring
2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb
fix for booleans
2010-12-10 12:26:01 +00:00
Miroslav Stampar
471d9ccd65
another fix of my lala
2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2
quick fix
2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9
update regarding boolean based expressions
2010-12-09 21:15:18 +00:00
Miroslav Stampar
1492823de0
it wasn't pretty, now it's pretty
2010-12-09 20:06:20 +00:00
Miroslav Stampar
3fd1c37d53
update
2010-12-09 07:49:18 +00:00
Bernardo Damele
b5c6527c72
Minor fix
2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
2010-12-08 23:52:31 +00:00
Miroslav Stampar
54f6673609
update
2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0
update
2010-12-08 22:14:42 +00:00
Miroslav Stampar
40fadf2f35
minor update
2010-12-08 14:33:10 +00:00
Miroslav Stampar
6223f25dd9
code beautification
2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165
removing junk
2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3
sqlmap premiere of blind time based query/bisection
2010-12-08 12:28:54 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
025361c970
Higher precedence to union query sql inj than error-based
2010-12-01 10:57:17 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
f83dd2251b
Properly save error-based enumerated data in session file, able to be resumed like with other techniques
2010-11-12 11:40:37 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00