Bernardo Damele
c735d846ee
The default temporary directory as to stay as is, do not touch this code snippet anymore please
2012-03-14 22:39:46 +00:00
Miroslav Stampar
ca0d068575
distinguishing NULL from BLANK
2012-03-14 13:52:23 +00:00
Miroslav Stampar
1d0c8a7f44
minor update
2012-03-12 15:19:02 +00:00
Bernardo Damele
48592f2515
minor adjustments
2012-03-09 18:34:18 +00:00
Bernardo Damele
be9b103b51
minor bug fix
2012-03-09 18:02:50 +00:00
Bernardo Damele
012fc21b49
Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based.
...
Adapted the queries.xml file accordingly
2012-03-09 17:47:50 +00:00
Miroslav Stampar
c878dd3e5a
doing a dummy test for --os-shell in case of xp_cmdshell
2012-03-09 14:21:41 +00:00
Bernardo Damele
d9e499af9f
Set Id property
2012-03-09 12:05:21 +00:00
Bernardo Damele
7330dff255
Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries
2012-03-08 16:57:53 +00:00
Miroslav Stampar
e678219a8c
minor update
2012-03-08 15:51:30 +00:00
Bernardo Damele
ae87df5670
leftover
2012-03-08 15:45:33 +00:00
Bernardo Damele
4bc6f3f6c9
Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore
2012-03-08 15:32:05 +00:00
Miroslav Stampar
68b9d48d0a
minor update
2012-03-08 15:30:23 +00:00
Miroslav Stampar
2ab80bfb2c
minor bug fix
2012-03-08 15:24:05 +00:00
Bernardo Damele
c79807f5fb
Minor layout adjustments
2012-03-08 15:11:24 +00:00
Miroslav Stampar
761ec7529a
minor appereance fix
2012-03-01 11:52:30 +00:00
Miroslav Stampar
8b9c5c66cc
code refactoring regarding charsetType inside inference/bisection
2012-02-29 14:36:23 +00:00
Miroslav Stampar
10dd9096f7
one more just in case fix for safeSQLIdentificator naming on MSSQL --tables
2012-02-29 14:05:53 +00:00
Miroslav Stampar
d06182347f
fixing few potential problems
2012-02-29 13:56:40 +00:00
Miroslav Stampar
74b19a0386
minor update
2012-02-25 10:43:10 +00:00
Miroslav Stampar
26b33154ab
optimal fix related to the last commit
2012-02-24 14:28:41 +00:00
Miroslav Stampar
9d6fd2e507
bug fix for --schema --technique=BST
2012-02-24 14:12:19 +00:00
Miroslav Stampar
f9d2971474
minor just in case fix
2012-02-23 16:37:06 +00:00
Miroslav Stampar
6e54cb171f
minor code restyling
2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9
minor update
2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Bernardo Damele
f55ad46119
Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently
2012-02-20 11:06:55 +00:00
Miroslav Stampar
08bf8c201f
few minor fixes
2012-02-20 10:24:55 +00:00
Bernardo Damele
121148f27f
There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests.
...
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
2012-02-17 15:54:49 +00:00
Bernardo Damele
ebd40b3933
Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection)
2012-02-17 15:16:05 +00:00
Miroslav Stampar
dcf7277a0f
some more refactorings
2012-02-16 14:42:28 +00:00
Miroslav Stampar
e1f86c97c4
minor refactoring
2012-02-16 09:46:41 +00:00
Miroslav Stampar
7bca926a0b
fixes, updates, patches
2012-02-09 10:16:58 +00:00
Miroslav Stampar
948cf25de4
more consistent
2012-02-09 09:53:40 +00:00
Miroslav Stampar
980367b7b2
minor update
2012-02-09 09:48:47 +00:00
Miroslav Stampar
1d4b10dbd1
bug fix
2012-02-08 13:55:50 +00:00
Miroslav Stampar
2662fe84f7
minor update
2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593
minor update
2012-02-08 12:00:03 +00:00
Miroslav Stampar
f7bf1fbe94
upgrade/fixes for direct DBMS access
2012-02-07 10:46:55 +00:00
Miroslav Stampar
e94f86a1ad
minor update
2012-02-03 15:46:28 +00:00
Miroslav Stampar
22f4d5650f
fix for retrieving version of backend OS on MSSQL
2012-02-03 15:42:36 +00:00
Miroslav Stampar
a48fc4efec
minor update
2012-02-03 15:32:23 +00:00
Miroslav Stampar
e3466fa5d8
minor update
2012-02-03 15:28:11 +00:00
Miroslav Stampar
2136b3447d
better solution
2012-02-03 15:22:21 +00:00
Miroslav Stampar
f86c365694
added one more failsafe for MSSQL --tables
2012-02-03 10:56:39 +00:00
Miroslav Stampar
a6c2fc7ecc
some refactoring on MSSQL support
2012-02-01 12:53:07 +00:00
Miroslav Stampar
f79d01183d
minor update
2012-02-01 09:23:52 +00:00
Miroslav Stampar
2face9799a
minor fix
2012-02-01 09:17:38 +00:00
Miroslav Stampar
7d37a650d0
minor fix
2012-01-30 14:41:17 +00:00
Miroslav Stampar
91ebadff75
minor update
2012-01-30 13:32:52 +00:00
Miroslav Stampar
d8c343a88a
minor update
2012-01-30 13:29:43 +00:00
Miroslav Stampar
f8ae0e5272
minor update
2012-01-30 13:20:33 +00:00
Miroslav Stampar
de94bee7b5
minor fix
2012-01-20 00:11:19 +00:00
Miroslav Stampar
b2dad63000
some more refactoring
2012-01-13 22:00:34 +00:00
Miroslav Stampar
8e4b8d345f
refactoring
2012-01-13 21:55:39 +00:00
Bernardo Damele
ec9cc19951
Minor bug fixes for -d
2012-01-13 21:46:21 +00:00
Bernardo Damele
5e853cae64
Minor bug fix so now when the back-end DBMS operating system is Windows 2000, it sets the temporary folder automatically to C:\WINNT\Temp - the user does not need to provide it anymore with --tmp-path C:\\WINNT\\Temp
2012-01-13 18:08:44 +00:00
Bernardo Damele
0043336620
Minor fix and removed leftover debug message
2012-01-13 17:04:59 +00:00
Bernardo Damele
b03f91437b
Minor code refactoring
2012-01-13 16:49:52 +00:00
Miroslav Stampar
accac776fe
some fixes
2012-01-13 14:10:53 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
fecdce5801
implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too
2012-01-09 21:09:05 +00:00
Miroslav Stampar
ff52931140
some refactoring (skipping duplicate messages in case that UNION/ERROR techniques failed and BOOLEAN/TIMED/STACKED are not available)
2012-01-07 19:30:35 +00:00
Miroslav Stampar
138b8039b3
better language
2012-01-07 17:35:53 +00:00
Miroslav Stampar
f85c5b3f4d
minor update
2012-01-06 00:23:49 +00:00
Miroslav Stampar
f412706fee
minor update for MSSQL --tables (fallback to other method)
2012-01-03 18:01:14 +00:00
Miroslav Stampar
6f5ef23f28
minor update/patch
2012-01-01 22:55:32 +00:00
Miroslav Stampar
300abc2ba2
minor update regarding unicode unescaping
2012-01-01 22:31:09 +00:00
Miroslav Stampar
6c49af090c
minor language patch
2011-12-28 14:18:17 +00:00
Miroslav Stampar
8750532c3d
minor fix
2011-12-28 14:13:36 +00:00
Miroslav Stampar
1ae413a206
some refactoring/speedup around UNION technique
2011-12-22 10:32:21 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
41ccf88990
some more refactoring
2011-12-21 22:09:21 +00:00
Miroslav Stampar
0a039d84e0
some more refactoring
2011-12-21 19:40:42 +00:00
Miroslav Stampar
d9d4e3ea9b
minor fix
2011-12-21 17:43:50 +00:00
Miroslav Stampar
41b60b26fc
minor refactoring
2011-12-21 14:25:39 +00:00
Miroslav Stampar
81bd9a201b
minor refactoring
2011-12-21 11:50:49 +00:00
Miroslav Stampar
d1bfdc6a48
minor fix for --start/--stop mechanism in pivot dumping mode
2011-12-20 13:04:57 +00:00
Miroslav Stampar
641055144a
minor beautification
2011-12-16 11:49:20 +00:00
Miroslav Stampar
ebc04a3d5f
minor fix
2011-12-16 11:44:33 +00:00
Miroslav Stampar
7d2fce16dc
minor fix
2011-12-16 11:40:23 +00:00
Miroslav Stampar
cff21814bb
minor patch for MSSQL 2008
2011-12-16 11:23:41 +00:00
Miroslav Stampar
8793fbc9f5
minor update
2011-12-14 12:59:25 +00:00
Miroslav Stampar
39b406c5c1
fix for --search on Oracle
2011-12-02 18:13:27 +00:00
Miroslav Stampar
96aacbf945
upgrade of --search mechanism (lowest common denominator is now searched for - e.g. if -D -T and -C are given then -C is searched for in -D and -T)
2011-12-02 13:32:30 +00:00
Miroslav Stampar
9697e80013
some more optimizations
2011-11-22 10:54:29 +00:00
Miroslav Stampar
b117c40aa5
major improvement of HashDB speed in multi-threaded mode
2011-11-22 10:09:35 +00:00
Miroslav Stampar
0ce885e6e6
adding base64encode tampering script
2011-11-21 12:47:23 +00:00
Miroslav Stampar
440b7efe55
minor optimization
2011-11-20 20:14:47 +00:00
Miroslav Stampar
f574760c12
minor update
2011-10-28 13:16:22 +00:00
Miroslav Stampar
bd7da45546
minor update
2011-10-28 13:07:23 +00:00
Miroslav Stampar
f7be0ca4e2
minor fix
2011-10-28 12:49:35 +00:00
Miroslav Stampar
6c0e8b0ea8
returning alphabetically sorted database and table names
2011-10-28 12:40:59 +00:00
Miroslav Stampar
9523da7663
minor optimization
2011-10-25 13:21:01 +00:00
Miroslav Stampar
23bf52e496
minor refactoring
2011-10-24 09:55:50 +00:00
Miroslav Stampar
77e630d89e
replaced longer CHAR form of escaped MySQL strings with more compact hex form
2011-10-23 20:19:42 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
b6ccc0cc43
minor update
2011-10-18 14:35:42 +00:00
Miroslav Stampar
7f9f744b87
update regarding last commit
2011-10-12 12:37:05 +00:00
Miroslav Stampar
39e33bea99
important fix (LIMIT m,n should not be considered deterministic in column by column table dumping)
2011-10-12 12:31:47 +00:00
Miroslav Stampar
2d7d84e16b
minor fix
2011-09-25 19:42:24 +00:00
Miroslav Stampar
af94ac7f02
minor fix
2011-09-20 22:16:56 +00:00
Miroslav Stampar
9a1ac96756
bug fix
2011-09-11 17:22:27 +00:00
Miroslav Stampar
8a174248dc
fix for a bug reported by blueBoy
2011-08-20 20:08:11 +00:00
Miroslav Stampar
fb6a84b10b
minor update (when columns are missing from information_schema too)
2011-08-18 07:03:53 +00:00
Miroslav Stampar
262996fc5b
bug fix
2011-08-16 06:14:40 +00:00
Miroslav Stampar
10bdd90e60
minor speed optimizations (as a result of profiling)
2011-08-12 13:40:37 +00:00
Miroslav Stampar
41ae9bc7ff
minor bug fix
2011-08-09 14:20:25 +00:00
Miroslav Stampar
9423d15fb3
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
2011-08-03 09:08:16 +00:00
Bernardo Damele
c15439ab7f
Minor improvement to --passwords output
2011-08-02 09:04:34 +00:00
Bernardo Damele
ad4584da70
Minor bug fix when dumping tables with UNION query technique on Access, Firebird and MaxDB
2011-08-01 23:44:14 +00:00
Miroslav Stampar
4ca81dd345
quick fix
2011-08-01 23:25:58 +00:00
Miroslav Stampar
e0fda9f985
minor fix
2011-08-01 10:13:25 +00:00
Miroslav Stampar
79b4e26e23
bug fix
2011-08-01 00:17:26 +00:00
Miroslav Stampar
0627bb02cb
minor beautification
2011-07-31 10:21:47 +00:00
Miroslav Stampar
4d923ec375
change in invalid logic regarding --sql-shell (retrieving output for non-query commands did nothing at all)
2011-07-30 21:46:59 +00:00
Miroslav Stampar
a6ade08c28
just in case commit to prevent join string iteration over 'None' values
2011-07-30 13:01:37 +00:00
Miroslav Stampar
4ce93221d1
minor update
2011-07-28 09:24:37 +00:00
Miroslav Stampar
684ddc43e6
minor patch
2011-07-28 08:53:09 +00:00
Bernardo Damele
37de709df2
leftover
2011-07-26 11:20:07 +00:00
Bernardo Damele
a2483b3bc4
Aligned OS takeover functionalities to recent Metasploit improvements
2011-07-26 10:29:14 +00:00
Miroslav Stampar
ec1bc0219c
hello big tables, this is sqlmap, sqlmap this is big tables
2011-07-24 09:19:33 +00:00
Bernardo Damele
5a1c9a42a3
Minor bug fix
2011-07-20 13:45:34 +00:00
Bernardo Damele
29b5115906
Minor bug fix
2011-07-20 13:28:10 +00:00
Miroslav Stampar
9c694ce3ec
bug fix (--tables --columns)
2011-07-12 23:27:47 +00:00
Miroslav Stampar
c517e97a44
few fixes and minor cosmetics
2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
b8ffcf9495
few fixes here and there and multi-core processing for dictionary based hash attack
2011-07-04 19:58:41 +00:00
Bernardo Damele
da049110df
Minor revert
2011-07-04 15:23:05 +00:00
Miroslav Stampar
a1fe9d07ca
minor revert
2011-07-02 23:00:22 +00:00
Miroslav Stampar
34d9a91af1
bulk of fixes
2011-07-02 22:48:56 +00:00
Miroslav Stampar
d063ae91eb
propset update
2011-06-30 07:55:07 +00:00
Miroslav Stampar
8a36f7fc03
fix for a bug reported by aboynes@gmail.com (UnboundLocalError: local variable 'infoMsg' referenced before assignment)
2011-06-29 18:04:58 +00:00
Bernardo Damele
d3b44a5f58
Added copyright
2011-06-28 10:59:20 +00:00
Bernardo Damele
fe686feefa
Added support for direct connection (-d switch) to IBM DB2
2011-06-28 10:52:07 +00:00
Bernardo Damele
36c96ef796
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Bernardo Damele
f7196007ca
--search on Oracle is now consistent with other plugins
2011-06-24 14:33:30 +00:00
Bernardo Damele
ddfae39d9e
Minor bug fixes for --search with -C
2011-06-24 09:27:54 +00:00
Bernardo Damele
1cb12ea659
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
2011-06-22 13:31:07 +00:00
Bernardo Damele
f8c32cf6b9
Moved folder
2011-06-18 12:34:41 +00:00
Miroslav Stampar
ca6f9acf30
minor fix for resuming in multi threading mode
2011-06-18 12:23:18 +00:00
Miroslav Stampar
d27afaed7e
some fixes
2011-06-16 14:27:44 +00:00
Miroslav Stampar
0eeb48f8f5
some fixes
2011-06-16 13:41:02 +00:00
Miroslav Stampar
afe0579487
minor fixes for pivot dumping
2011-06-15 19:03:37 +00:00
Miroslav Stampar
4188df0501
fixes for Sybase
2011-06-15 18:49:35 +00:00
Miroslav Stampar
60ecf95383
fix for a bug reported by seyi.akin@gmail.com
2011-06-14 08:40:25 +00:00
Bernardo Damele
9126c84442
Refactoring (standardized with --search -C ...)
2011-06-08 16:39:41 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Bernardo Damele
cce3208b35
Cleanup
2011-06-08 14:15:34 +00:00
Bernardo Damele
161ece5587
Rephrase
2011-06-08 11:33:45 +00:00
Miroslav Stampar
26062ec71e
minor update
2011-06-07 15:13:51 +00:00
Miroslav Stampar
f34b395c65
fixing typo
2011-06-07 14:58:22 +00:00
Miroslav Stampar
89a7516c35
bug fix
2011-06-06 09:55:22 +00:00
Miroslav Stampar
0b875b160f
cosmetics
2011-05-31 20:57:29 +00:00
Miroslav Stampar
3fa8e1db72
better language
2011-05-31 15:45:54 +00:00
Miroslav Stampar
4bb9754dfe
using --dump for msaccess with -C switch was for some reason pain in the ass (you had to do the brute forcing again and again). now -C forces the result in those cases
2011-05-30 23:34:48 +00:00
Miroslav Stampar
bf2b58ba82
minor update
2011-05-26 15:23:28 +00:00
Miroslav Stampar
79f0b3a92a
adding support for --start and --stop for __pivotDumpTable
2011-05-26 15:16:57 +00:00
Miroslav Stampar
b6fe5b12a4
adding --schema to the wizard/Basic as it looks like a cool thingy to put there
2011-05-26 14:30:05 +00:00
Miroslav Stampar
a397baa89a
fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches
2011-05-26 08:17:21 +00:00
Miroslav Stampar
1067d43f14
minor update
2011-05-23 19:16:29 +00:00
Miroslav Stampar
0ed03d474f
now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate
2011-05-23 11:09:44 +00:00
Miroslav Stampar
7b52bbe3fb
reverting that ignoreTimeout for --tables (because of this and that)
2011-05-22 09:59:19 +00:00
Miroslav Stampar
9b2623514a
one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables
2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170
type correction and adding global flag kb.ignoreTimeout which could be useful
2011-05-22 08:24:13 +00:00
Miroslav Stampar
126cdf9e19
minor info update
2011-05-19 23:28:27 +00:00
Miroslav Stampar
a034462c31
fixing annoying timeouts for basic DBMS check (reference: http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_timestampadd )
2011-05-19 23:03:00 +00:00
Miroslav Stampar
5a979f7667
minor bug fix for empty colList; also added "do you want to use LIKE" (LIKE is default) question when -C used
2011-05-19 17:35:33 +00:00
Miroslav Stampar
4efc284b83
adding more info for --passwords
2011-05-11 12:35:32 +00:00
Bernardo Damele
b5f090cc4f
Minor bug fix
2011-05-10 15:48:48 +00:00
Miroslav Stampar
b713b18fd2
minor fix for a bug spotted on Sybase
2011-05-09 16:09:18 +00:00
Bernardo Damele
ac74557614
Minor adjustment for --dump-all
2011-05-08 10:25:40 +00:00
Bernardo Damele
356037ca22
cosmetics
2011-05-08 02:11:34 +00:00
Bernardo Damele
9955483052
Major improvement for --dump.
...
Minor improvement for --dump-all.
Minor bug fix for infinite loop
2011-05-08 02:08:18 +00:00
Bernardo Damele
d3589493d1
Temporary fix for bug reported by ultramegaman (infinite loop)
2011-05-07 23:28:59 +00:00
Bernardo Damele
6e784e766b
Minor bug fix
2011-05-07 21:20:47 +00:00
Bernardo Damele
aae140080e
SVN roll back, DB2 patch will be recommitted after testing:
...
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968
removing blank lines and adding newline at the end of files
2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054
applying contributed patch for DB2
2011-05-06 09:30:39 +00:00
Bernardo Damele
dac59a55bc
leftover
2011-05-03 14:14:39 +00:00
Bernardo Damele
c58dc4a6d8
isDbmsWithin() must stay like this, no getIdentifiedDbms() in there
2011-05-03 14:13:45 +00:00
Miroslav Stampar
eceb5eca7b
fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla)
2011-05-02 21:55:06 +00:00
Miroslav Stampar
b327a78522
minor minor update of the last commit
2011-05-02 19:24:49 +00:00
Miroslav Stampar
0bb7d715a7
more user friendliness/handiness for users which mix Linux and Windows paths where they shouldn't do that
2011-05-02 19:18:28 +00:00
Miroslav Stampar
8e8886cd20
minor improvement for --sql-shell/--sql-query (when non-SELECT default is N for retrieve data output which automatically does STACKED injection)
2011-05-01 21:41:14 +00:00
Bernardo Damele
64bb480414
Do not raise otherwise it won't work with --schema
2011-04-30 23:20:16 +00:00
Bernardo Damele
d5eeb91b35
Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns
2011-04-30 22:11:36 +00:00
Bernardo Damele
b31b861d7b
Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc.
2011-04-30 22:10:27 +00:00
Bernardo Damele
284c69a686
Improved --tables for MSSQL too, like r3798
2011-04-30 22:05:02 +00:00
Bernardo Damele
aeb149db22
Proper ordering of enumeration methods, consistent with the others enumeration classes
2011-04-30 22:04:08 +00:00
Bernardo Damele
955dbc85e7
Minor variable rename
2011-04-30 15:29:59 +00:00
Bernardo Damele
cb9b9c4204
Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too
2011-04-30 15:29:19 +00:00
Bernardo Damele
b3a0424269
More Backend class method usage refactoring
2011-04-30 15:24:15 +00:00
Bernardo Damele
9a4ae7d9e2
More code refactoring of Backend class methods used
2011-04-30 14:54:29 +00:00
Bernardo Damele
36a9ddaacc
Minor bug fixes and code restyling for --privileges and --passwords
2011-04-30 14:50:27 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
1a052245a6
duplicate code
2011-04-30 00:25:15 +00:00
Bernardo Damele
a5968fff3e
Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided
2011-04-30 00:22:22 +00:00
Bernardo Damele
529595fd85
Moved method below
2011-04-29 22:37:43 +00:00
Bernardo Damele
14bf6abb7e
Minor layout adjustment
2011-04-29 21:40:48 +00:00
Bernardo Damele
f449688f93
Proper resume of --schema data when calling with --columns switch, minor fixes too
2011-04-29 21:17:59 +00:00
Miroslav Stampar
a6015b59df
fix for a bug reported by jaccovantuijl@gmail.com (entries = zip(*[entries[colName] for colName in colList]))
2011-04-29 14:33:47 +00:00
Bernardo Damele
9927f5a7db
Let --schema work also for Sybase and MaxDB
2011-04-29 00:02:28 +00:00
Bernardo Damele
edac0b2558
Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema
2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb
Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
...
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec .
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0a534dee5
Do not even prompt for ICMP tunnel if the target OS is not Windows
2011-04-23 21:57:07 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
148fb26301
quick fix
2011-04-21 17:34:26 +00:00
Miroslav Stampar
e181d5412e
fix for a bug reported by aboynes@gmail.com (@@datadir not available on MySQL 4)
2011-04-21 17:33:07 +00:00
Miroslav Stampar
bd4fbb3251
fix for a bug reported by l0rda@l0rda.biz (TypeError: cannot concatenate 'str' and 'NoneType' objects)
2011-04-21 14:53:02 +00:00
Miroslav Stampar
5052013ffa
minor update
2011-04-20 14:48:23 +00:00
Miroslav Stampar
f909ecb369
bug fix for mssqlserver escape
2011-04-20 13:41:01 +00:00
Miroslav Stampar
88c76147e1
removed few trailing whitespace lines
2011-04-15 20:52:08 +00:00
Miroslav Stampar
c16b74ce1a
covering __pivotDumpTable for keyboard and connection exceptions too
2011-04-15 14:21:13 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
aed994192e
disabling safecharencode for --banner
2011-04-15 08:15:21 +00:00
Miroslav Stampar
8ddac7fe5a
minor fix and speedup when pivoting empty table
2011-04-14 21:11:20 +00:00
Miroslav Stampar
384ca98ded
don't let sqlmapNoneDataException for one table to break whole dumpAll()
2011-04-14 20:56:12 +00:00
Miroslav Stampar
dbbaefa79d
minor update (pivot value should be safechardecoded)
2011-04-14 20:38:03 +00:00
Miroslav Stampar
d06ae9cd47
implemented retrieved items info for partial union too
2011-04-13 14:33:15 +00:00
Bernardo Damele
1c51e11c5c
Minor adjustments to PgSQL fingerprint
2011-04-12 10:35:33 +00:00
Miroslav Stampar
7324d53997
reference ( http://www.enterprisedb.com/docs/en/9.0/pg/release-9-0.html )
2011-04-12 10:30:33 +00:00
Miroslav Stampar
bc4c2f320c
cosmetics
2011-04-12 10:24:09 +00:00
Miroslav Stampar
2f1786e65f
added active fingerprint for pgsql >= 9.0.3 (reference: http://www.postgresql.org/docs/9.0/static/release-9-0.html )
2011-04-12 10:22:54 +00:00
Bernardo Damele
fdbd8bfe37
initial support for PostgreSQL 9.0 - #223
2011-04-11 22:02:00 +00:00
Bernardo Damele
f4745a95ea
Possible fix for bug reported by David
2011-04-11 21:45:25 +00:00
Miroslav Stampar
941daa1645
just in case to prevent "object of type 'NoneType' has no len()" error reports
2011-04-11 11:59:02 +00:00
Miroslav Stampar
e20848c711
first commit toward v1.0 (it's smarter to start testing for pivot point from shorter column names as they tend to be some kind of identifiers)
2011-04-11 09:40:52 +00:00
Bernardo Damele
ea3ebafba1
Removed outdated sentence
2011-04-10 23:59:49 +00:00
Bernardo Damele
572708f184
More version adjustment
2011-04-10 23:28:24 +00:00
Bernardo Damele
fbf8e7f32d
Minor bug fix to --file-read
2011-04-10 19:53:42 +00:00
Bernardo Damele
7dd5bd9d59
Minor fix for --cleanup on MSSQL
2011-04-10 13:48:29 +00:00
Bernardo Damele
6d165861c8
Minor version increase
2011-04-10 13:30:27 +00:00
Miroslav Stampar
c714ac6421
added support for handling binary data values (no more garbish chars)
2011-04-09 23:13:16 +00:00
Miroslav Stampar
6fa2fd139c
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
2011-04-08 15:17:57 +00:00
Bernardo Damele
d5fb1378cc
Gone unnoticed for way too long
2011-04-08 11:15:19 +00:00
Miroslav Stampar
e8259a7665
minor update (now --dump also supports only -D parameter)
2011-04-07 22:38:13 +00:00
Bernardo Damele
bac53eeef1
Allow --dump-all to accept -D switch in order to dump all tables' entries for only one (or more, comma-separated) specified database(s)
2011-04-07 22:08:10 +00:00
Miroslav Stampar
60102209f6
quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split')
2011-04-01 11:14:24 +00:00
Miroslav Stampar
b6af80bab3
refactoring, cleanup and improvement
2011-03-29 21:54:15 +00:00
Miroslav Stampar
4312a42b5d
another minor fix
2011-03-28 12:04:39 +00:00
Miroslav Stampar
3173adbf6b
minor update
2011-03-28 12:02:31 +00:00
Miroslav Stampar
73e5d20ade
bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)
2011-03-28 11:01:55 +00:00
Miroslav Stampar
76b7e3517d
minor update
2011-03-27 07:58:15 +00:00
Miroslav Stampar
04c4578df7
minor fix
2011-03-26 05:55:49 +00:00
Miroslav Stampar
58f8703ecd
minor update before bedtime
2011-03-25 22:59:18 +00:00
Miroslav Stampar
ae12dee990
minor update
2011-03-25 22:08:54 +00:00
Miroslav Stampar
c9baa0094b
going global for protection of non-standard identificator naming
2011-03-25 22:02:28 +00:00
Miroslav Stampar
5a1f733a43
minor update (_ is part of normal identificator naming)
2011-03-25 21:49:20 +00:00
Miroslav Stampar
1a98095a93
minor improvement for that MySQL identification naming
2011-03-25 21:46:49 +00:00
Miroslav Stampar
48c4460e2c
bug fixed (there was a huge problem with space containing identifiers - fixed and tested for MySQL)
2011-03-25 21:22:06 +00:00
Miroslav Stampar
af39a441fa
minor improvement when --dbs returns no database names (like in many cases with MySQL 4)
2011-03-25 19:50:06 +00:00
Miroslav Stampar
f3858a5fcf
another fix related to the bug reported by Alone Shell
2011-03-24 17:08:14 +00:00
Miroslav Stampar
02379c01a2
minor update (will do "schema update" for sybase some other time; that COUNT(*) blew my mind)
2011-03-23 11:42:36 +00:00
Miroslav Stampar
0f7bce5c66
fixing a huge mess going on because of counting on error and union techniques
2011-03-23 11:36:40 +00:00
Miroslav Stampar
7ea45e9032
minor update for Sybase regarding last commit
2011-03-23 11:04:15 +00:00
Miroslav Stampar
b72cdfe9e6
fix for mssql regarding usage of schema names reported by jabra@spl0it.org
2011-03-23 10:40:34 +00:00
Miroslav Stampar
4889764114
minor update regarding last commit
2011-03-21 11:40:27 +00:00
Miroslav Stampar
5291fe35c9
proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)
2011-03-21 11:29:43 +00:00
Bernardo Damele
74ef1e53c7
Minor bug fixes to --privileges for PostgreSQL query (corner case)
2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065
minor refactoring (more consistent)
2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387
minor refactoring
2011-03-09 11:37:37 +00:00
Miroslav Stampar
68c7247ee4
bug fix (pgsql drop function requires input arguments - at cleanup() in plugins/generic/misc.py it's already fixed before)
2011-03-08 10:46:23 +00:00
Miroslav Stampar
16b286982d
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
2011-03-07 09:50:43 +00:00
Bernardo Damele
7524a0c0cf
Proper error message
2011-03-04 11:59:09 +00:00
Bernardo Damele
60605b6e7c
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
2011-02-27 12:14:13 +00:00
Miroslav Stampar
13f0d5ce00
minor bug fix
2011-02-22 14:51:42 +00:00
Miroslav Stampar
640ba5d744
minor refactoring
2011-02-22 14:19:39 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Miroslav Stampar
68a95fd1b1
minor update
2011-02-20 22:45:23 +00:00
Miroslav Stampar
aac817935a
further improvement of MaxDB support
2011-02-20 22:41:42 +00:00
Miroslav Stampar
a3ba8b6928
--dump now works on MaxDB too
2011-02-20 22:07:12 +00:00
Miroslav Stampar
0e512d3c09
minor update for MaxDB
2011-02-20 21:17:16 +00:00
Miroslav Stampar
59e666d16e
--is-dba (related) update for Sybase
2011-02-20 17:28:06 +00:00
Miroslav Stampar
4d52f7fc6e
minor fix regarding --dump-table on Sybase for --technique=23
2011-02-20 16:58:01 +00:00
Miroslav Stampar
67ec691eb1
more updates regarding Sybase
2011-02-20 16:28:48 +00:00
Miroslav Stampar
cc47737c44
minor update
2011-02-20 16:00:13 +00:00
Miroslav Stampar
2f9227bcce
Sybase update (--passwords)
2011-02-20 12:07:32 +00:00
Miroslav Stampar
f30dea74f3
more Sybase updates
2011-02-19 18:36:26 +00:00
Miroslav Stampar
b71bb321dd
some more Sybase updates
2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac
some progress regarding SYBASE
2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
Miroslav Stampar
de7ca5a27c
minor update
2011-02-19 09:40:41 +00:00
Miroslav Stampar
72fc0a0565
minor refactoring
2011-02-19 09:36:57 +00:00
Miroslav Stampar
5f4ffc9287
update regarding Sybase dumping
2011-02-19 00:36:47 +00:00
Miroslav Stampar
199f14df46
implementation of MySQL GROUP_CONCAT technique
2011-02-15 00:28:27 +00:00
Bernardo Damele
7253362114
Minor bug fix so that --file-write on MySQL via UNION query now works again
2011-02-11 23:35:45 +00:00
Bernardo Damele
c078de894f
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
2011-02-10 14:24:04 +00:00
Bernardo Damele
a2c20acf94
Minor fixes once more
2011-02-10 11:34:16 +00:00
Bernardo Damele
d0ddaee3c8
Minor bug fix
2011-02-10 11:28:24 +00:00
Miroslav Stampar
7539881ffa
fix for dump on Oracle but we still need to discuss some things around
2011-02-09 14:52:07 +00:00
Miroslav Stampar
caf6220c53
done with implementation for retrieving table names via access system table(s)
2011-02-09 10:50:38 +00:00
Miroslav Stampar
5050a76b59
update regarding reading of table names from access system tables
2011-02-09 10:33:29 +00:00
Bernardo Damele
b48213783a
Removed senseless debug messsage
2011-02-08 17:09:35 +00:00
Bernardo Damele
e16bab7117
re-enabled --read-file for MySQL with all techniques
2011-02-08 17:03:57 +00:00
Bernardo Damele
008d434325
Important fix now that the file writing is unescaped too
2011-02-07 00:56:15 +00:00
Bernardo Damele
db77f8b055
Code cleanup
2011-02-06 22:33:08 +00:00
Miroslav Stampar
ecaf5729fd
revert
2011-02-06 22:14:18 +00:00
Miroslav Stampar
caaac72029
minor update regarding last commit
2011-02-06 20:15:03 +00:00
Bernardo Damele
8980227d30
Minor bug fix
2011-02-06 15:32:16 +00:00
Bernardo Damele
2afc1e5021
Layout adjustments
2011-02-06 15:28:23 +00:00
Bernardo Damele
a5a648f4fe
Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.
...
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
2011-02-06 15:23:27 +00:00
Miroslav Stampar
14c87ec80d
minor fix
2011-02-04 13:29:02 +00:00
Bernardo Damele
a37f5e05b9
Refactoring
2011-02-01 22:27:36 +00:00
Bernardo Damele
e3a3ae11cc
Proper return from error-based technique enumeration
2011-01-31 21:13:29 +00:00
Bernardo Damele
9fc0bedea8
Minor bug fixes
2011-01-30 21:01:57 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
50969d238b
minor update
2011-01-24 17:51:56 +00:00
Miroslav Stampar
0eea5665b2
minor update
2011-01-24 17:41:36 +00:00
Miroslav Stampar
a3e3387113
fix for proper Firebird resume of version
2011-01-24 11:04:32 +00:00
Miroslav Stampar
eb33612736
fix
2011-01-24 10:20:17 +00:00
Bernardo Damele
77999fb39d
Allow in --sql-shell to always ('a') retrieve query output.
...
Minor bug fix in case with --columns it is not possible to retrieve a column datatype.
2011-01-20 21:49:06 +00:00
Bernardo Damele
b1d6040a48
Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside)
2011-01-20 21:46:56 +00:00
Bernardo Damele
50c02fbb37
Done with previous refactoring
2011-01-20 00:01:06 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
47565f9459
Minor code refactoring
2011-01-17 21:13:59 +00:00
Bernardo Damele
02b333e30b
Minor improvement
2011-01-15 23:54:03 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Bernardo Damele
2d9b151883
Minor bug fix
2011-01-15 10:14:05 +00:00
Bernardo Damele
e4e9b11b79
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
8e83a26acf
minor fix
2011-01-07 17:53:17 +00:00
Bernardo Damele
cc46940159
Minor refactoring
2011-01-07 17:10:32 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7
Mere cosmetics
2011-01-07 16:36:32 +00:00
Miroslav Stampar
8a48baf789
update for a "problem" reported by nightman@email.de where he lost all of large dumped table because in the middle of dumping 401 was raised
2011-01-04 13:23:59 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
8e1927fe31
minor fix
2011-01-02 18:12:18 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
b763feafd9
bug fix (TypeError: object of type 'NoneType' has no len())
2011-01-02 12:26:31 +00:00
Miroslav Stampar
f0dad2a1e4
minor bug fix (in multiple item search only last item was shown)
2011-01-02 12:23:36 +00:00
Miroslav Stampar
7b9d978cf9
minor fix (database and/or table names with - sign inside needs to be escaped by ` character or will lead to a "SQL syntax")
2011-01-02 11:01:20 +00:00
Miroslav Stampar
73e8a10527
minor fix
2011-01-02 09:12:20 +00:00
Miroslav Stampar
e28b9f26fc
minor fix
2011-01-02 08:01:01 +00:00
Miroslav Stampar
26b06bfcfb
update ( http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html )
2011-01-01 19:38:51 +00:00
Miroslav Stampar
7ea3d060f6
some fixes/updates here and there
2011-01-01 12:41:51 +00:00
Miroslav Stampar
076560f59f
bug fix
2010-12-31 12:58:27 +00:00
Miroslav Stampar
5db8ebbfa9
update of mysql comment versions
2010-12-31 12:42:12 +00:00
Miroslav Stampar
40e3489099
minor update
2010-12-31 12:27:57 +00:00
Miroslav Stampar
ce19b0c431
optimization of comment checking in MySQL
2010-12-31 12:21:02 +00:00
Miroslav Stampar
42e7b1b3a7
bug fix
2010-12-30 22:40:37 +00:00
Miroslav Stampar
20e3a6d72f
fix/refactor/cosmetics (references: http://www.postgresql.org/docs/6.4/static/release.htm,http://www.postgresql.org/docs/8.2/static/functions-datetime.html#FUNCTIONS-DATETIME-TABLE,http://www.postgresql.org/docs/8.3/static/release-8-3.html )
2010-12-30 21:53:34 +00:00
Miroslav Stampar
7f4acaf6f9
now comment injection fingerprint works with all techniques
2010-12-30 21:24:26 +00:00
Miroslav Stampar
6f17e84e19
minor fix
2010-12-30 08:29:20 +00:00
Miroslav Stampar
a77b186aca
minor fix
2010-12-27 16:55:27 +00:00
Miroslav Stampar
5015f04826
minor update
2010-12-27 16:36:05 +00:00
Miroslav Stampar
9c1676bdfa
minor cosmetics
2010-12-27 14:44:00 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
3d23f226ae
minor update
2010-12-27 11:47:50 +00:00
Miroslav Stampar
68462466f2
minor fix for a bug reported by shaohua pan (argument of type 'NoneType' is not iterable)
2010-12-27 11:36:36 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
c8d5a6b980
update
2010-12-27 00:41:16 +00:00
Miroslav Stampar
89c2640d23
basic --search now works with MS Access
2010-12-26 23:50:16 +00:00
Miroslav Stampar
c4d6a367e9
this way order given in -C is preserved
2010-12-26 14:11:42 +00:00
Miroslav Stampar
c93f2a703d
minor update
2010-12-26 14:02:16 +00:00
Miroslav Stampar
e41acb6fc2
further ms access improvements
2010-12-26 02:13:56 +00:00
Miroslav Stampar
2c8115eed9
further improvement for ms access table dumping
2010-12-26 01:04:30 +00:00
Miroslav Stampar
5249762794
update
2010-12-25 16:46:33 +00:00
Miroslav Stampar
fb099615e2
minor update
2010-12-25 11:16:35 +00:00
Miroslav Stampar
9853c1ec7f
fix for a bug reported by alessio.dallapiazza@gmail.com (AttributeError: users)
2010-12-25 09:13:57 +00:00
Miroslav Stampar
6845d402fa
well, here and there, merry Christmas to all :)
2010-12-24 20:17:53 +00:00
Miroslav Stampar
706d8e0b88
development update (basic ms access dumping implemented)
2010-12-24 19:53:11 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
7c06dbffc3
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
2010-12-22 18:55:50 +00:00
Bernardo Damele
b3da473840
Minor bug fix when --dbs has only one DB name
2010-12-22 14:29:57 +00:00
Bernardo Damele
c9ab8ae60e
Bug fix to properly identify if current user is DBA (--is-dba) on MySQL
2010-12-22 14:06:01 +00:00
Miroslav Stampar
c89021f0bb
some fixes
2010-12-22 11:46:18 +00:00
Miroslav Stampar
5d25da5135
better way to handle this one
2010-12-22 00:51:20 +00:00
Miroslav Stampar
306501363c
fuck, sorry, 0 was OK (STRCMP() returns 0 if the strings are the same)
2010-12-22 00:41:38 +00:00
Miroslav Stampar
d6e6afd6f2
minor fix ("To clarify a bit: STRCMP() is case-insensitive as of MySQL 4.0." - http://bugs.mysql.com/bug.php?id=2102 )
2010-12-22 00:38:54 +00:00
Miroslav Stampar
6f2ce15478
minor refactoring
2010-12-22 00:27:21 +00:00
Miroslav Stampar
cb61401c18
bug fix ( http://dev.mysql.com/doc/refman/5.0/es/news-5-0-11.html - "Added support of where clause for queries with FROM DUAL")
2010-12-22 00:20:56 +00:00
Miroslav Stampar
f905adb7c1
way better as there is no official release version for FOUND_ROWS() (it appears somewhere in alphas/betas of 4.0.x - i've stumbled upon one site with 4.0.22 and it didn't recognized FOUND_ROWS).
2010-12-21 22:18:27 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe
Cosmetics
2010-12-21 09:23:00 +00:00
Miroslav Stampar
03b275ce33
update
2010-12-20 23:27:04 +00:00
Miroslav Stampar
518b3e094c
bug fix ( http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows )
2010-12-20 23:00:03 +00:00
Miroslav Stampar
8fd3e7ba1f
thread based data added
2010-12-20 22:45:01 +00:00
Miroslav Stampar
364bc8e7d4
minor update
2010-12-20 11:25:18 +00:00
Miroslav Stampar
28da1141cf
some fixes (for MySQL < 4.0)
2010-12-20 11:23:57 +00:00
Miroslav Stampar
76024c455f
minor fix (using older commands for basic MySQL check)
2010-12-20 11:15:43 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
71cf0bd2a5
minor update
2010-12-18 13:08:37 +00:00
Miroslav Stampar
a067e805fa
minor update
2010-12-17 22:23:01 +00:00
Miroslav Stampar
108a96c6b4
some fixes
2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
3ee44584d4
i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string')
2010-12-14 12:57:59 +00:00
Miroslav Stampar
4c6e902471
removed obsolete comment
2010-12-14 07:49:30 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
e98d9c08e1
dumping table is now possible on Firebird too
2010-12-12 14:38:07 +00:00
Miroslav Stampar
f9bc6fc78f
minor fix
2010-12-11 22:14:35 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5
update regarding dumping of tables with blind on Sqlite
2010-12-11 22:00:16 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
1beb1dd2cc
minor update
2010-12-11 09:30:38 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Bernardo Damele
7c87ad4065
Minor speedup in -f mysql
2010-12-10 13:05:46 +00:00
Miroslav Stampar
b02bd55edc
minor refactoring
2010-12-10 13:04:36 +00:00
Bernardo Damele
d71e51e765
Minor improvement
2010-12-10 11:31:27 +00:00
Bernardo Damele
4741874e9e
Enhancement to speedup MySQL fingerprint
2010-12-10 11:27:36 +00:00
Miroslav Stampar
e98b81fe32
another update
2010-12-10 10:56:55 +00:00
Miroslav Stampar
d5e7a8d305
update
2010-12-10 10:54:17 +00:00
Miroslav Stampar
bbffea2cbc
bug fix
2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Miroslav Stampar
cdff29ada7
update
2010-12-09 11:23:44 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Miroslav Stampar
2cc167a42e
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
2010-12-02 18:57:43 +00:00
Miroslav Stampar
bf09b8a6d9
added Firebird error based (WHERE) attack vector
2010-12-02 15:09:21 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
ba4ea32603
first working version of dictionary attack
2010-11-23 13:24:02 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
2010-11-17 17:20:32 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Bernardo Damele
a34c1b287c
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
2010-11-12 11:33:11 +00:00
Bernardo Damele
64b5de44a0
Converted to new XML object format
2010-11-12 10:11:13 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c
minor update
2010-11-11 22:26:36 +00:00
Miroslav Stampar
be992b4471
update regarding common columns existance check
2010-11-11 17:09:31 +00:00
Miroslav Stampar
4be0631161
refactoring of brute force techniques
2010-11-09 09:42:43 +00:00
Bernardo Damele
dac7436edf
Fix inconsistence with -b --error-test
2010-11-08 15:36:07 +00:00
Bernardo Damele
0c8918bf07
Minor bug fix, thanks Alex
2010-11-08 12:45:23 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Bernardo Damele
27ce4b0cf0
Set proper verbose level for dbms direct error messages
2010-11-07 22:14:06 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
c8fe2fa8d8
minor fix
2010-11-04 22:00:14 +00:00
Miroslav Stampar
d7dbf814a0
fix/update for Access
2010-11-04 21:47:21 +00:00
Miroslav Stampar
f74b69cc29
fix (AttributeError: class ICMPsh has no attribute '__init__')
2010-11-04 12:45:33 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
4b56fa4f8f
now --tables work for MaxDB
2010-11-02 22:11:45 +00:00
Miroslav Stampar
b761523f3f
now --users works for MaxDB too
2010-11-02 21:52:48 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Bernardo Damele
c7c84c3089
Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL).
2010-11-02 15:31:51 +00:00
Bernardo Damele
3596f81e6a
Typo
2010-11-02 15:24:02 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
9d2c81baa9
more update for ms access
2010-11-02 11:06:47 +00:00
Miroslav Stampar
6ad8bbfc8e
one more ms access update
2010-11-02 10:50:57 +00:00
Miroslav Stampar
c98d8fed83
minor ms access update
2010-11-02 10:13:36 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Bernardo Damele
eab331ebd7
Minor bug fix
2010-10-31 13:46:08 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
17e8abe841
Removed useless call to urlencode()
2010-10-31 12:47:22 +00:00
Miroslav Stampar
a921fe0d5d
fix for using --banner --stacked-test together
2010-10-29 15:31:24 +00:00
Bernardo Damele
a0df231aa4
Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data
2010-10-29 13:09:53 +00:00
Miroslav Stampar
d75578c81f
some update regarding common tables
2010-10-29 09:00:51 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471
Minor bug fixes and enhancements to ICMPsh tunnel
2010-10-27 23:01:17 +00:00
Bernardo Damele
26cf6c2136
Adjusted impacket import check
2010-10-27 21:10:56 +00:00
Bernardo Damele
a391be833b
Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work.
2010-10-27 21:02:22 +00:00
Bernardo Damele
d554ffc0ae
yes, I am quite paranoid with cosmetics
2010-10-27 10:37:54 +00:00
Miroslav Stampar
749e25a217
Implementation of --passwords for Sybase
2010-10-26 21:35:30 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Miroslav Stampar
8a9a57c709
update for Sybase and major bug fix for --passwords on MSSQL
2010-10-25 22:11:38 +00:00
Miroslav Stampar
9b56fbafbe
that Sybase is going to be pain in the ass
2010-10-25 21:43:13 +00:00
Bernardo Damele
debaf2215f
Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch
2010-10-25 15:54:45 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
f8850e3f41
update (xml fix and refactoring)
2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924
update for Sybase
2010-10-23 07:37:43 +00:00
Miroslav Stampar
a8e42a4f2b
bug fix
2010-10-23 06:42:21 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Miroslav Stampar
24e4429bf6
or better yet, there is no need for _ or *args on getPrivileges (tried with SQLite and MSSql which crashed)
2010-10-21 13:31:06 +00:00
Miroslav Stampar
fe3967bdec
fix for --privileges (on MSSql --privileges returned exception)
2010-10-21 13:28:29 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Bernardo Damele
526694c80c
Minor fix
2010-10-20 22:24:06 +00:00
Bernardo Damele
e73e06069b
Minor code refactoring
2010-10-20 22:09:03 +00:00
Miroslav Stampar
82f44989ce
update of error based injection and bug fix for --roles on MSSQL server
2010-10-20 06:40:33 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Bernardo Damele
60a1b48194
Major bug fix for --os-pwn
2010-10-17 20:44:16 +00:00
Bernardo Damele
e7c8be1d45
Minor layout adjustments
2010-10-15 15:37:15 +00:00
Miroslav Stampar
8883918ef9
cosmetics
2010-10-15 10:03:51 +00:00
Miroslav Stampar
743e6d2655
cosmetics
2010-10-15 10:02:09 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
a63c2c9f7c
just a test
2010-10-14 14:16:45 +00:00
Miroslav Stampar
f700692c74
added missing files for Sybase
2010-10-13 18:55:17 +00:00
Miroslav Stampar
47022071cb
removed pdb
2010-10-12 19:17:48 +00:00
Miroslav Stampar
b4685aa77c
quick fix
2010-10-12 19:16:58 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00