sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,106 Commits 4 Branches 117 Tags 97 MiB
f8850e3f41
Commit Graph

76 Commits

Author SHA1 Message Date
Miroslav Stampar
f8850e3f41 update (xml fix and refactoring) 2010-10-23 07:44:34 +00:00
Miroslav Stampar
a7a53af924 update for Sybase 2010-10-23 07:37:43 +00:00
Miroslav Stampar
a8e42a4f2b bug fix 2010-10-23 06:42:21 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Bernardo Damele
e73e06069b Minor code refactoring 2010-10-20 22:09:03 +00:00
Miroslav Stampar
1b376c99a6 removed temp dictionary and replaced with kb.misc 2010-10-19 23:00:19 +00:00
Miroslav Stampar
6a8b1046d4 first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py) 2010-10-19 12:02:04 +00:00
Bernardo Damele
e7c8be1d45 Minor layout adjustments 2010-10-15 15:37:15 +00:00
Miroslav Stampar
4f7f20b94f sorry, cosmetics 2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136 large commit with copyright header modifications 2010-10-14 14:41:14 +00:00
Miroslav Stampar
8abcdae1b5 some update 2010-09-30 19:45:23 +00:00
Miroslav Stampar
cf8e92699c changes regarding EXISTS feature 2010-09-30 12:35:45 +00:00
Miroslav Stampar
e176b36a7f update 2010-09-24 22:09:33 +00:00
Miroslav Stampar
18db96c45f fix for bug reported by David Guimaraes (colEntry = entry[index] - IndexError: list index out of range) 2010-09-01 09:25:21 +00:00
Miroslav Stampar
b0ba559af5 minor update 2010-08-31 14:31:17 +00:00
Miroslav Stampar
c4040ab297 fix for Feature #136 2010-08-31 14:25:37 +00:00
Miroslav Stampar
12a5ec9f3d more unicode refactoring 2010-06-02 12:45:40 +00:00
Bernardo Damele
b798222dd7 Minor fixes 2010-05-30 14:53:13 +00:00
Bernardo Damele
06af405efd Adapted and merged in patch to support XML output (-x switch) - still in beta. 
Minor bug fixes and adjustments.
 2010-05-28 16:43:04 +00:00
Miroslav Stampar
f24187f251 few fixes here and there 2010-05-28 12:47:03 +00:00
Miroslav Stampar
dc83f794ea fix regarding proper string isinstance checking (including unicode) 2010-05-25 10:09:35 +00:00
Bernardo Damele
e0e2349529 Refactor to --search -C and minor bug fix - See #190. 2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4 Added support to search for tables (--search with -T). See #190. 2010-05-16 20:46:17 +00:00
Bernardo Damele
65a05452f7 Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190: 
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
 2010-05-07 13:40:57 +00:00
Bernardo Damele
90d9900371 Minor bug fix to consider --start and --stop also in partial UNION query SQL injection 2010-04-30 15:48:40 +00:00
Miroslav Stampar
17554759b7 implemented feature request from Ole Rasmussen regarding table name retrieval speedup 2010-04-15 09:36:13 +00:00
Bernardo Damele
b19de015c5 Minor bugs fixes 2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b Added support to directly connect also to Microsoft SQL Server database. 
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
 2010-03-31 10:50:47 +00:00
Bernardo Damele
1416cd0d86 Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module). 
Minor layout adjustments.
 2010-03-26 23:23:25 +00:00
Bernardo Damele
eaa9dd07bc Minor bug fix for --roles 2010-03-26 20:45:22 +00:00
Bernardo Damele
2aadc5c939 Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180. 
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
 2010-03-25 15:46:06 +00:00
Bernardo Damele
09768a7b62 Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized. 
Todo for firebird, sqlite, access.
 2010-03-22 22:57:57 +00:00
Bernardo Damele
0d559d14df Initial support for SQLite (90% approx). 
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
 2010-03-18 17:20:54 +00:00
Bernardo Damele
5bd8504f21 Newline adjustment 2010-03-04 14:23:52 +00:00
Miroslav Stampar
58d54b6515 added new option --flush-session 2010-03-04 13:01:18 +00:00
Bernardo Damele
156fdd96ef Updated copyright 2010-03-03 15:26:27 +00:00
Bernardo Damele
950dba5139 Minor bug fix for --start and --stop 2010-02-02 14:17:39 +00:00
Bernardo Damele
4512ef56d1 Minor bug fixes 2010-01-11 13:06:16 +00:00
Bernardo Damele
80bd146696 Added support for --dump with -C also on MSSQL 2010-01-10 19:12:54 +00:00
Bernardo Damele
e5dc3f51c8 Display a better message for the moment while working on support for --dump -C on MSSQL 2010-01-10 00:30:45 +00:00
Bernardo Damele
6c1b31d93c Adjusted --columns with -C also for Microsoft SQL Server 2010-01-10 00:21:03 +00:00
Bernardo Damele
ef1180c3c2 Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment 2010-01-09 21:39:10 +00:00
Bernardo Damele
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns. 
--columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'.
Minor enhancements.
Minor bug fixes.
 2010-01-09 00:05:00 +00:00
Bernardo Damele
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT 2010-01-05 16:15:31 +00:00
Bernardo Damele
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 2010-01-02 02:02:12 +00:00
Bernardo Damele
ba2e009fd9 Now it's fixed 2009-06-29 10:15:10 +00:00
Bernardo Damele
bc31bd1dd9 Minor bug fix 2009-06-29 10:13:39 +00:00
Bernardo Damele
440a52b84d Major bug fix to sql-query/sql-shell functionalities 2009-05-20 10:19:19 +00:00