Commit Graph

1120 Commits

Author SHA1 Message Date
stamparm
991cafc4e4 Minor refactoring 2013-06-26 13:53:42 +02:00
stamparm
c83cca4cd4 Minor patch 2013-06-26 13:49:34 +02:00
Meatballs
eb2012c599 Fix escaper 2013-06-24 23:50:33 +01:00
Meatballs
5b6c01d739 Escaper 2013-06-24 23:41:45 +01:00
Meatballs
a393b17513 modify fingerprint value 2013-06-24 15:12:37 +01:00
Meatballs
550693032b Remote whitespace in databases.py 2013-06-24 15:03:08 +01:00
Meatballs
b886e47b6d Add unimplemented files 2013-06-24 14:53:41 +01:00
Meatballs
62000c6406 Remaining files 2013-06-24 14:42:58 +01:00
Meatballs
d739d5062d hsql plugin folder 2013-06-24 14:34:25 +01:00
Miroslav Stampar
95ed6b7203 Minor patch (Issue #470) 2013-06-24 14:37:45 +02:00
Miroslav Stampar
92dfb0f817 Minor patch 2013-06-16 12:35:20 +02:00
Miroslav Stampar
c2dce66a46 Fix for an user reported bug (tbl can be None) 2013-06-16 12:35:05 +02:00
Miroslav Stampar
540493a69f Fix for empty strings (previously '' was just removed) 2013-06-11 12:56:20 +02:00
Miroslav Stampar
ca53dfad84 Minor fix 2013-06-01 13:44:50 +02:00
stamparm
1c2197e8de Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends) 2013-04-15 16:18:40 +02:00
stamparm
1c47b33020 Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple) 2013-04-15 15:23:45 +02:00
stamparm
f936746423 Code restyling 2013-04-15 14:31:27 +02:00
stamparm
aed738d6e6 Update for an Issue #361 2013-04-15 14:20:21 +02:00
stamparm
3e65037a05 Introducing lib/utils/sqlalchemy.py (Issue #361) 2013-04-15 10:33:25 +02:00
stamparm
ae6ce7db30 Removal of unused imports 2013-03-20 10:44:15 +01:00
Miroslav Stampar
db0a1e58b9 Update for an Issue #352 2013-03-11 14:58:05 +01:00
Bernardo Damele
34ce8742f1 removed leftover 2013-02-26 10:12:18 +00:00
stamparm
9d81be7af5 Removing redundant piece of code 2013-02-25 14:12:57 +01:00
stamparm
dc9dc233b6 Adding a comment 2013-02-25 14:07:20 +01:00
stamparm
0d2138a4a0 Minor fix for escaping unicode strings in SQLite escaper 2013-02-25 14:06:46 +01:00
Miroslav Stampar
f817105db3 Minor bug fix 2013-02-18 14:40:39 +01:00
Miroslav Stampar
046f347f5d Minor fix 2013-02-15 17:36:58 +01:00
Miroslav Stampar
834ae6aac0 Another minor update 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Miroslav Stampar
67157fa2ba Some more minor fixes 2013-02-15 14:28:05 +01:00
Miroslav Stampar
b1c0cabde5 Minor fixes 2013-02-15 14:21:51 +01:00
Miroslav Stampar
2fb599619a Bug fix 2013-02-15 13:55:09 +01:00
Miroslav Stampar
5d068896a9 Minor bug fix 2013-02-15 09:54:51 +01:00
Bernardo Damele
d8942d2ae0 fixes #396 - adapted the engine to properly verify all steps of takeover were successul, minor code refactoring too 2013-02-14 18:32:22 +00:00
Bernardo Damele
d42d28392a avoid tracebacks because the parameter does not exist 2013-02-14 13:18:33 +00:00
Bernardo Damele
c9c520a325 no need to repeat the debug message each time this function is called 2013-02-14 13:18:15 +00:00
Bernardo Damele
1de109747f minor bug fix introduced in 2267dd8f47 2013-02-14 12:39:17 +00:00
Miroslav Stampar
0b8de94ace Putting cases with INTO here too 2013-02-14 12:35:17 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
2267dd8f47 working on #392 to fix --os-cmd and --os-shell output parsing 2013-02-14 11:31:20 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Bernardo Damele
cbb5c79d29 typo fix 2013-02-13 13:07:47 +00:00
Bernardo Damele
d9e716b95d added two debug messages for clarity 2013-02-13 12:46:45 +00:00
Miroslav Stampar
dd6f50a00e Removing unused imports 2013-02-13 11:15:24 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
c9447fbbe7 Minor patch to return False if --is-dba returns None 2013-02-12 13:04:42 +01:00
Miroslav Stampar
093a93938c Bug fix (making non-query statements available for stacked conditional-error blind cases too) 2013-02-11 20:43:12 +01:00
Bernardo Damele
3786541681 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-11 18:08:04 +00:00
Bernardo Damele
8bfee3b802 started to work on #373 to improve usability when user is not DBA 2013-02-11 18:07:58 +00:00
Miroslav Stampar
6d802867fc Bug fix (in some cases if random values are parsable as MMDD they will result as valid non-NULL TIMESTAMPADD value back - e.g. values 1224,0101,0212) 2013-02-11 12:02:03 +01:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Miroslav Stampar
2f69a94bcf Bug fix for --search -C 2013-02-05 12:24:57 +01:00
Miroslav Stampar
353c1cb63b Bug fix for escaping in SQLite 3 2013-02-05 11:58:11 +01:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Miroslav Stampar
31230c5a42 Minor fix 2013-02-05 11:23:22 +01:00
Miroslav Stampar
87ad96bf01 Minor cosmetic fix 2013-02-05 11:18:46 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Miroslav Stampar
0cc6e68be2 Refactoring MySQL fingeprint.py (those payloads are now stored into session file too) 2013-02-04 15:12:03 +01:00
Miroslav Stampar
81d4f9f7d1 Bug fix for last regression test (--search related) 2013-01-31 16:41:23 +01:00
Miroslav Stampar
6b6e36b2ec Continuation of work on fixing DISTINCT/--search issues (Oracle) 2013-01-30 18:08:34 +01:00
Miroslav Stampar
838e98192e Consistency update (we are not using DISTINCT in inband counterparts too) 2013-01-30 17:25:36 +01:00
Miroslav Stampar
93c59c7277 Fix for a --privileges --technique=B --dbms=Oracle (when one user has no privileges everything is foobared) 2013-01-30 16:41:57 +01:00
Miroslav Stampar
95998e3989 Implementing undocumented way how to retrieve w+ temporary directory name on MsSQL (suggested by Vlado Velichkovski) 2013-01-30 14:38:21 +01:00
Miroslav Stampar
6005046280 Bug fix (--dbms=mysql --tables -D testdb --exclude-sysdbs --technique=E was not working) 2013-01-30 11:36:04 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Miroslav Stampar
adfb862cd5 Trivial style update 2013-01-24 15:12:52 +01:00
Miroslav Stampar
c83f468a37 Trivial changes 2013-01-23 15:34:20 +01:00
Miroslav Stampar
9825e247db Refactoring search module 2013-01-23 14:22:35 +01:00
Bernardo Damele
ff160abf10 minor bug fix 2013-01-23 13:02:02 +00:00
Bernardo Damele
45af22872a fixes #370 (the bug was introduced with commit edb977a74e)# 2013-01-23 13:00:58 +00:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
bd7fd862b0 forgot import 2013-01-22 10:16:18 +00:00
Bernardo Damele
edb977a74e bug fix so that if search fails with union/error and blind techniques are available, it falls back to them (like any other enumeration switch) and minor bug fix so that in search mode, the provided table name to search is upped 2013-01-22 10:14:35 +00:00
Bernardo Damele
11413a0f03 added Firebird search test cases 2013-01-22 10:04:17 +00:00
Bernardo Damele
e23340f002 added support for search for tables on Firebird (issue #365) 2013-01-22 09:53:05 +00:00
Bernardo Damele
e9dea8d394 no need to raise an exception if one enumeration fails 2013-01-21 17:11:46 +00:00
Miroslav Stampar
f9d330ec98 Fix for that Firebird column data types issue (tec=EU) 2013-01-21 17:20:46 +01:00
Miroslav Stampar
457217f2d3 Fix for an Issue #356 2013-01-21 16:46:48 +01:00
Miroslav Stampar
65c55a6a49 Fix for escaping single quote character(s) 2013-01-21 11:21:41 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
a7028af2e9 Patch for an Issue #362 (more work required) 2013-01-20 22:16:34 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
6f61fc04f1 minor bug fix 2013-01-20 01:22:25 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Bernardo Damele
32a12c7e2b handle exception reported in issue #359 2013-01-19 00:24:15 +00:00
Bernardo Damele
d1acdee9c4 fixed --count for DBMSes that are single-database 2013-01-18 23:07:16 +00:00
Bernardo Damele
8748cceff3 no point enumerating current database for --count on some DBMSes 2013-01-18 23:04:28 +00:00
Bernardo Damele
a390c48692 code refactoring 2013-01-18 23:04:01 +00:00
Bernardo Damele
a4b0b98f8f aligned Firebird to recent DB2 string escaping syntax fix 2013-01-18 22:57:57 +00:00
Bernardo Damele
4526e31485 bug fix for Firebird fingerprint (issue #357) 2013-01-18 22:32:58 +00:00
Bernardo Damele
b80e195c78 bug fix for #355 2013-01-18 22:10:10 +00:00
Bernardo Damele
f3d7be9200 more adjustments for #353 2013-01-18 20:44:56 +00:00
Bernardo Damele
2550bbc05e fix for #353 2013-01-18 20:40:38 +00:00
Bernardo Damele
f49657eacc minor fix to previous commit 2013-01-18 15:10:34 +00:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
aa467cb54c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-18 11:31:25 +01:00
Miroslav Stampar
e7576a3b11 Better naming 2013-01-18 11:21:23 +01:00
Miroslav Stampar
caae773b2d Minor removal of redundant code 2013-01-18 10:44:57 +01:00
Bernardo Damele
a92ae93847 minor bug fix to properly identify if user is admin on Oracle across all techniques 2013-01-18 09:22:53 +00:00
Bernardo Damele
d1b91790f5 fixed --count on DB2 2013-01-17 22:13:59 +00:00
Bernardo Damele
5225375048 proper fix 2013-01-17 22:04:21 +00:00
Bernardo Damele
d2d3878de1 typo fix 2013-01-17 21:58:53 +00:00
Bernardo Damele
a5e9168993 minor fix because boolean-based blind on DB2 is a little bit different from other DBMSes 2013-01-17 21:58:15 +00:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Bernardo Damele
404ecbcaec typo fix 2013-01-15 17:14:58 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
413b5e7ab4 fixed error message 2013-01-14 16:49:05 +00:00
Bernardo Damele
e555c2be30 added support for --search -T for SQLite 2013-01-14 16:26:11 +00:00
Bernardo Damele
e835a2af9a minor bug fix 2013-01-14 13:43:03 +00:00
Bernardo Damele
279f6cb9ce minor bug fix for PostgreSQL --file-read 2013-01-14 12:22:15 +00:00
Bernardo Damele
146d9fedf0 fix for bug #337 2013-01-14 10:24:45 +00:00
Bernardo Damele
675e4a026b Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-11 13:31:49 +00:00
Bernardo Damele
2a2d7e886d align to MSSQL connector 2013-01-11 10:52:03 +00:00
Miroslav Stampar
bc4d8d3e02 Implementation for an Issue #332 2013-01-11 11:17:41 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
da7f63f125 cx_Oracle.DatabaseError is an ancestor of cx_Oracle.InternalError 2013-01-10 15:33:32 +01:00
Miroslav Stampar
934d41dac2 Minor style update (PEP8) 2013-01-10 15:02:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
6cfa9cb0b3 Removing unused imports 2013-01-10 12:15:12 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Miroslav Stampar
ebde4b190e Minor update 2013-01-10 11:42:37 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Miroslav Stampar
55a552ddc4 Update for an Issue #24 2013-01-08 10:55:25 +01:00
Miroslav Stampar
ad85c4c964 Minor refactoring for an Issue #295 2013-01-08 10:23:02 +01:00
Bernardo Damele
8ee840bc8e maintained release is on Google code 2013-01-07 17:11:14 +00:00
Miroslav Stampar
46e2ad53cd Fix for an Issue #331 2013-01-07 16:36:29 +01:00
Miroslav Stampar
ac407ae4a1 Implementation for an Issue #295 2013-01-07 15:55:40 +01:00
Miroslav Stampar
6270e9337b Minor cosmetics 2013-01-07 14:34:20 +01:00
Miroslav Stampar
5b77b20e2e Removing trailing whitespaces (PEP8) 2013-01-03 23:57:07 +01:00
Miroslav Stampar
1712603dce Replacing deprecated has_key() with operator in (PEP8) 2013-01-03 23:28:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
8b7cbe03b0 Replacing CRLF with LF in rest of files 2012-12-26 17:12:17 +01:00
Miroslav Stampar
a77b7f00d9 Fix for an Issue #323 2012-12-23 19:34:35 +01:00
Miroslav Stampar
2fc187489b Removing leftover 2012-12-21 14:01:59 +01:00
Miroslav Stampar
35728fa443 Fix (and some hidden bug fixes/improvements) regarding an Issue #317 2012-12-21 10:51:35 +01:00
Miroslav Stampar
0f62e677b5 Minor just in case commit (plural/singular unArrayize()) 2012-12-21 10:15:42 +01:00
Miroslav Stampar
18f4a916ea Minor fix 2012-12-20 14:58:26 +01:00
Bernardo Damele
cefb03c835 fixed bug related to issue #223 2012-12-19 14:12:09 +00:00
Bernardo Damele
4f0f729982 be more specific in standard output message as to whether or not the read file is same as remote file 2012-12-19 13:42:56 +00:00
Bernardo Damele
9b422e1e94 minor fix for issue #309 2012-12-19 09:37:29 +00:00
Bernardo Damele
738dbde16c avoid displaying "do you want to dump" message if no searched columns have been found 2012-12-18 18:07:34 +00:00
Bernardo Damele
326ed33f31 added support for comma separated list of files for --file-read - fixes issue #223 2012-12-18 17:55:21 +00:00
Bernardo Damele
8d9aa2c384 minor refactoring, added possibility to compare the remote file and downloaded file (--file-read), prepping for #223 2012-12-18 17:49:18 +00:00
Bernardo Damele
9a1eca20b5 lowered gravity 2012-12-18 16:42:03 +00:00
Bernardo Damele
d1d99d930b proper fix for #306 2012-12-18 15:31:30 +00:00
Bernardo Damele
6b1dd05e62 reverted 2012-12-18 14:51:04 +00:00
Bernardo Damele
e1b7a6350e consistency between --tables and --columns when -T and -C are respectively provided - there was a leftover from when --search called getColumns() as --columns: this is no longer the case (closes issue #306) 2012-12-18 14:37:04 +00:00
Bernardo Damele
57412f8475 default to --search shall stay LIKE 2012-12-18 13:55:26 +00:00
Miroslav Stampar
eb23b1b1a5 Minor commit related to the last one (uniq roles/privileges) 2012-12-18 12:47:06 +01:00
Miroslav Stampar
699a0f756a Minor fix 2012-12-18 12:43:23 +01:00
Miroslav Stampar
f56b846864 Patch for an Issue #300 2012-12-18 09:55:33 +01:00
Bernardo Damele
a00cd9b3ea syntax fix 2012-12-17 14:13:34 +00:00
Bernardo Damele
d2bd275652 refactoring 2012-12-17 14:07:28 +00:00
Bernardo Damele
3c1cead406 WHERE condition for error-based technique for --tables with --exclude-sysdbs was logically wrong, fixed now 2012-12-17 14:06:12 +00:00
Bernardo Damele
eb44f30d63 minor layout output fix 2012-12-17 13:51:46 +00:00
Miroslav Stampar
cb13735788 Fix for an Issue #294 2012-12-11 12:14:33 +01:00
Miroslav Stampar
9e38ccbc3d Removing unused imports 2012-12-10 17:47:42 +01:00
Miroslav Stampar
ed1b5d0ada Minor fix 2012-12-07 10:57:57 +01:00
Miroslav Stampar
b5c8707323 Infinite loop fix when 'SELECT DB_NAME(...)' method used for --dbs in MsSQL 2012-12-06 15:55:33 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
0f191f624c Taking some goodies from Pull request #284 2012-12-06 10:21:53 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
d4b5133df7 Update for an Issue #272 2012-12-04 17:04:32 +01:00
Miroslav Stampar
b250b68231 Bug fix (--users was returning only 1 value because of this bug; probably introduced by mistake months ago) 2012-11-29 12:02:59 +01:00
Miroslav Stampar
ed40f18796 Minor fix 2012-11-26 14:59:44 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
a435ba6863 Minor fix 2012-10-28 00:19:00 +02:00
Miroslav Stampar
0aeb9dbe8b Bug fix (in --dump mode if error/inband failed with None other techniques were ignored) 2012-10-27 23:42:52 +02:00
Miroslav Stampar
06805b27f2 Bug fix (time was also meant to be disabled in case of error/inband getvalues) 2012-10-27 23:16:25 +02:00
Miroslav Stampar
ba55bed008 More general approach for PostgreSQL concatenation operator precedence problem (Issue #219) 2012-10-25 10:41:16 +02:00
Miroslav Stampar
54fbb22ab8 Minor refactoring 2012-10-25 09:56:36 +02:00
Miroslav Stampar
c2058dfc8f Fix for an Issue #220 2012-10-25 09:42:43 +02:00
Miroslav Stampar
b7429dc6bb Minor fix for an Issue #219 2012-10-25 00:15:59 +02:00
Miroslav Stampar
c0f57f4e90 Minor fix for an Issue #217 2012-10-24 23:43:28 +02:00
Miroslav Stampar
344ef9af7d Language fix (in lots of cases wrong statement 'unable to retrieve columns for any table in database' was reported) 2012-10-24 23:38:35 +02:00
Miroslav Stampar
5477c9f7ba Fix for an Issue #216 2012-10-24 22:59:46 +02:00
Miroslav Stampar
6e2fce66aa Patch for an Issue #212 2012-10-23 15:34:59 +02:00
Miroslav Stampar
f25f5c9eeb Minor fix 2012-10-23 10:33:30 +02:00
Miroslav Stampar
3f596cda85 Minor fix for --dump --technique=B when empty strings are returned 2012-10-22 11:49:23 +02:00
Miroslav Stampar
fb1497aa89 Minor update for Issue #209 2012-10-21 18:53:31 +02:00
Miroslav Stampar
ebe3f4c34c Minor fix 2012-10-15 18:51:42 +02:00
Miroslav Stampar
91ea8e52b7 Minor patch for an Issue #201 2012-10-15 18:01:52 +02:00
Miroslav Stampar
e440b096c5 Fix for an Issue #202 2012-10-15 12:24:30 +02:00
Miroslav Stampar
ed2d163269 Fix for an Issue #201 2012-10-14 17:53:55 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
75990b715d Fix for an Issue #184 2012-09-13 10:20:24 +02:00
Miroslav Stampar
959225af55 Minor fix 2012-09-10 19:28:15 +02:00
Miroslav Stampar
5c21395fe2 Minor update for an Issue #179 2012-09-10 19:26:51 +02:00
Miroslav Stampar
1f49e4ae36 Fix for an Issue #179 2012-09-10 19:23:24 +02:00
Miroslav Stampar
9a631331a5 Fix for an Issue #177 2012-09-08 20:22:13 +02:00
Miroslav Stampar
f26ea04e38 Fix for an Issue #175 2012-09-07 17:06:38 +02:00
Miroslav Stampar
1bcf5a6b88 Some more dict refactorings 2012-08-21 11:30:01 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
4649450603 Fix for an Issue #137 2012-08-16 22:20:24 +02:00
Miroslav Stampar
74ee0ce78a Fix for an Issue #148 2012-08-14 23:25:12 +02:00