Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73e8a10527 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 09:12:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							26b06bfcfb 
							
						 
					 
					
						
						
							
							update ( http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html )  
						
						
						
					 
					
						2011-01-01 19:38:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							076560f59f 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-31 12:58:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5db8ebbfa9 
							
						 
					 
					
						
						
							
							update of mysql comment versions  
						
						
						
					 
					
						2010-12-31 12:42:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							40e3489099 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-31 12:27:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ce19b0c431 
							
						 
					 
					
						
						
							
							optimization of comment checking in MySQL  
						
						
						
					 
					
						2010-12-31 12:21:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7f4acaf6f9 
							
						 
					 
					
						
						
							
							now comment injection fingerprint works with all techniques  
						
						
						
					 
					
						2010-12-30 21:24:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d25da5135 
							
						 
					 
					
						
						
							
							better way to handle this one  
						
						
						
					 
					
						2010-12-22 00:51:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							306501363c 
							
						 
					 
					
						
						
							
							fuck, sorry, 0 was OK (STRCMP() returns 0 if the strings are the same)  
						
						
						
					 
					
						2010-12-22 00:41:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6e6afd6f2 
							
						 
					 
					
						
						
							
							minor fix ("To clarify a bit: STRCMP() is case-insensitive as of MySQL 4.0." -  http://bugs.mysql.com/bug.php?id=2102 )  
						
						
						
					 
					
						2010-12-22 00:38:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6f2ce15478 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-22 00:27:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cb61401c18 
							
						 
					 
					
						
						
							
							bug fix ( http://dev.mysql.com/doc/refman/5.0/es/news-5-0-11.html  - "Added support of where clause for queries with FROM DUAL")  
						
						
						
					 
					
						2010-12-22 00:20:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f905adb7c1 
							
						 
					 
					
						
						
							
							way better as there is no official release version for FOUND_ROWS() (it appears somewhere in alphas/betas of 4.0.x - i've stumbled upon one site with 4.0.22 and it didn't recognized FOUND_ROWS).  
						
						
						
					 
					
						2010-12-21 22:18:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1a3f57e5fe 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-21 09:23:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							518b3e094c 
							
						 
					 
					
						
						
							
							bug fix ( http://dev.mysql.com/doc/refman/5.0/en/information-functions.html#function_found-rows )  
						
						
						
					 
					
						2010-12-20 23:00:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							364bc8e7d4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 11:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							28da1141cf 
							
						 
					 
					
						
						
							
							some fixes (for MySQL < 4.0)  
						
						
						
					 
					
						2010-12-20 11:23:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							76024c455f 
							
						 
					 
					
						
						
							
							minor fix (using older commands for basic MySQL check)  
						
						
						
					 
					
						2010-12-20 11:15:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71cf0bd2a5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-18 13:08:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a19cb2c13a 
							
						 
					 
					
						
						
							
							code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")  
						
						
						
					 
					
						2010-12-17 21:29:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a02dd6b55b 
							
						 
					 
					
						
						
							
							Minor enhancement to speedup active dbms fingerprint (-f).  
						
						... 
						
						
						
						Code cleanup and refactoring. 
						
					 
					
						2010-12-13 21:33:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c66fa37c 
							
						 
					 
					
						
						
							
							update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available  
						
						
						
					 
					
						2010-12-11 17:55:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1beb1dd2cc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-11 09:30:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7c87ad4065 
							
						 
					 
					
						
						
							
							Minor speedup in -f mysql  
						
						
						
					 
					
						2010-12-10 13:05:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d71e51e765 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2010-12-10 11:31:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4741874e9e 
							
						 
					 
					
						
						
							
							Enhancement to speedup MySQL fingerprint  
						
						
						
					 
					
						2010-12-10 11:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c8f943f5e4 
							
						 
					 
					
						
						
							
							Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.  
						
						... 
						
						
						
						Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file. 
						
					 
					
						2010-11-30 22:40:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							66c82d72e4 
							
						 
					 
					
						
						
							
							Typo fix  
						
						
						
					 
					
						2010-11-12 10:02:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d551423379 
							
						 
					 
					
						
						
							
							further enum refactoring  
						
						
						
					 
					
						2010-11-08 09:44:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							862395ced1 
							
						 
					 
					
						
						
							
							further refactoring (all enumerations are now put into enums.py)  
						
						
						
					 
					
						2010-11-08 09:20:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d3e7e89e60 
							
						 
					 
					
						
						
							
							major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces  
						
						
						
					 
					
						2010-11-07 21:18:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6adee3792a 
							
						 
					 
					
						
						
							
							removed all trailing spaces from blank lines  
						
						
						
					 
					
						2010-11-03 10:08:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							685a8e7d2c 
							
						 
					 
					
						
						
							
							refactoring of hard coded dbms names  
						
						
						
					 
					
						2010-11-02 11:59:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							215175e3b7 
							
						 
					 
					
						
						
							
							Minor code adjustments  
						
						
						
					 
					
						2010-10-25 14:11:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f7f20b94f 
							
						 
					 
					
						
						
							
							sorry, cosmetics  
						
						
						
					 
					
						2010-10-14 23:18:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b48833136 
							
						 
					 
					
						
						
							
							large commit with copyright header modifications  
						
						
						
					 
					
						2010-10-14 14:41:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1369529103 
							
						 
					 
					
						
						
							
							minor cosmetic update  
						
						
						
					 
					
						2010-10-11 13:52:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							78ba5da4f7 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-09-23 22:07:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							12a5ec9f3d 
							
						 
					 
					
						
						
							
							more unicode refactoring  
						
						
						
					 
					
						2010-06-02 12:45:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3db3c03c1 
							
						 
					 
					
						
						
							
							str() -> unicode()  
						
						
						
					 
					
						2010-05-28 13:05:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fdebb5d5b 
							
						 
					 
					
						
						
							
							Added support to directly connect also to Microsoft SQL Server database.  
						
						... 
						
						
						
						Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods. 
						
					 
					
						2010-03-31 10:50:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a6f21095 
							
						 
					 
					
						
						
							
							refactoring regarding usage of conf.dbmsConnector.connect()  
						
						
						
					 
					
						2010-03-30 13:03:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1416cd0d86 
							
						 
					 
					
						
						
							
							Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see  #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).  
						
						... 
						
						
						
						Minor layout adjustments. 
						
					 
					
						2010-03-26 23:23:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							09768a7b62 
							
						 
					 
					
						
						
							
							Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.  
						
						... 
						
						
						
						Todo for firebird, sqlite, access. 
						
					 
					
						2010-03-22 22:57:57 +00:00