Miroslav Stampar
28da1141cf
some fixes (for MySQL < 4.0)
2010-12-20 11:23:57 +00:00
Miroslav Stampar
76024c455f
minor fix (using older commands for basic MySQL check)
2010-12-20 11:15:43 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
71cf0bd2a5
minor update
2010-12-18 13:08:37 +00:00
Miroslav Stampar
108a96c6b4
some fixes
2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
3ee44584d4
i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string')
2010-12-14 12:57:59 +00:00
Miroslav Stampar
4c6e902471
removed obsolete comment
2010-12-14 07:49:30 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
e98d9c08e1
dumping table is now possible on Firebird too
2010-12-12 14:38:07 +00:00
Miroslav Stampar
f9bc6fc78f
minor fix
2010-12-11 22:14:35 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
1beb1dd2cc
minor update
2010-12-11 09:30:38 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Bernardo Damele
7c87ad4065
Minor speedup in -f mysql
2010-12-10 13:05:46 +00:00
Miroslav Stampar
b02bd55edc
minor refactoring
2010-12-10 13:04:36 +00:00
Bernardo Damele
d71e51e765
Minor improvement
2010-12-10 11:31:27 +00:00
Bernardo Damele
4741874e9e
Enhancement to speedup MySQL fingerprint
2010-12-10 11:27:36 +00:00
Miroslav Stampar
e98b81fe32
another update
2010-12-10 10:56:55 +00:00
Miroslav Stampar
d5e7a8d305
update
2010-12-10 10:54:17 +00:00
Miroslav Stampar
bbffea2cbc
bug fix
2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Miroslav Stampar
cdff29ada7
update
2010-12-09 11:23:44 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Miroslav Stampar
bf09b8a6d9
added Firebird error based (WHERE) attack vector
2010-12-02 15:09:21 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
360aff7a4d
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
2010-11-17 17:20:32 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Bernardo Damele
64b5de44a0
Converted to new XML object format
2010-11-12 10:11:13 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c
minor update
2010-11-11 22:26:36 +00:00
Miroslav Stampar
be992b4471
update regarding common columns existance check
2010-11-11 17:09:31 +00:00
Bernardo Damele
0c8918bf07
Minor bug fix, thanks Alex
2010-11-08 12:45:23 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Bernardo Damele
27ce4b0cf0
Set proper verbose level for dbms direct error messages
2010-11-07 22:14:06 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
d7dbf814a0
fix/update for Access
2010-11-04 21:47:21 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
6ad8bbfc8e
one more ms access update
2010-11-02 10:50:57 +00:00
Miroslav Stampar
c98d8fed83
minor ms access update
2010-11-02 10:13:36 +00:00
Bernardo Damele
65a0a8d285
Delegate urlencoding to agent.py only
2010-10-31 13:28:05 +00:00
Bernardo Damele
4f8e9da1b6
Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
...
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
d554ffc0ae
yes, I am quite paranoid with cosmetics
2010-10-27 10:37:54 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Miroslav Stampar
8a9a57c709
update for Sybase and major bug fix for --passwords on MSSQL
2010-10-25 22:11:38 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
1b2ec826bf
misc fixes regarding new query retrieval format
2010-10-21 23:17:06 +00:00
Miroslav Stampar
24e4429bf6
or better yet, there is no need for _ or *args on getPrivileges (tried with SQLite and MSSql which crashed)
2010-10-21 13:31:06 +00:00
Miroslav Stampar
fe3967bdec
fix for --privileges (on MSSql --privileges returned exception)
2010-10-21 13:28:29 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Bernardo Damele
526694c80c
Minor fix
2010-10-20 22:24:06 +00:00
Miroslav Stampar
82f44989ce
update of error based injection and bug fix for --roles on MSSQL server
2010-10-20 06:40:33 +00:00
Bernardo Damele
60a1b48194
Major bug fix for --os-pwn
2010-10-17 20:44:16 +00:00
Miroslav Stampar
8883918ef9
cosmetics
2010-10-15 10:03:51 +00:00
Miroslav Stampar
743e6d2655
cosmetics
2010-10-15 10:02:09 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
a63c2c9f7c
just a test
2010-10-14 14:16:45 +00:00
Miroslav Stampar
f700692c74
added missing files for Sybase
2010-10-13 18:55:17 +00:00
Miroslav Stampar
47022071cb
removed pdb
2010-10-12 19:17:48 +00:00
Miroslav Stampar
b4685aa77c
quick fix
2010-10-12 19:16:58 +00:00
Miroslav Stampar
f9f79ffbaf
basic stuff for sybase
2010-10-12 19:05:12 +00:00
Miroslav Stampar
1369529103
minor cosmetic update
2010-10-11 13:52:32 +00:00
Miroslav Stampar
78ba5da4f7
fix
2010-09-23 22:07:33 +00:00
Miroslav Stampar
c4040ab297
fix for Feature #136
2010-08-31 14:25:37 +00:00
Miroslav Stampar
e810fe7b0b
no need for obsolete (and hard to find) sqlite module when sqlite3 handles both database versions
2010-08-31 13:37:53 +00:00
Miroslav Stampar
54f9828e06
implemented active fingerprinting for MaxDB
2010-08-30 14:16:23 +00:00
Miroslav Stampar
48cc87f6a9
added support for fingerprinting SAP MaxDB (Issue 143)
2010-08-30 13:29:19 +00:00
Bernardo Damele
26d1a07a1d
Minor code refactoring and bug fix in the *rare case* that MySQL on Linux runs as root or the plugin dir (/usr/lib/.*?/plugin is world-writable
2010-07-01 10:39:04 +00:00
Bernardo Damele
9ea72f9640
Minor bug fixes to -d
2010-06-25 13:24:43 +00:00
Miroslav Stampar
660bf0b077
fix for that struct pack error
2010-06-10 12:14:24 +00:00
Miroslav Stampar
ac55e1b75f
fix for localhost firebird direct db access
2010-06-10 12:02:48 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
b380d34d3c
Added unicode support also to SQLite (2 and 3) connector - see #184 .
2010-05-29 15:35:38 +00:00
Bernardo Damele
0362f4408d
Added unicode support also to MSSQL connector - see #184 .
2010-05-29 15:29:21 +00:00
Bernardo Damele
4ba22b5098
Added unicode support also to Oracle connector - see #184 .
2010-05-29 12:14:51 +00:00
Bernardo Damele
e98b049e7f
Added unicode support also to PostgreSQL connector - see #184 .
2010-05-29 11:46:41 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Bernardo Damele
f8cdde2d51
Layout adjustment
2010-05-17 16:23:44 +00:00
Bernardo Damele
e0e2349529
Refactor to --search -C and minor bug fix - See #190 .
2010-05-17 16:16:49 +00:00
Bernardo Damele
c9ee11e0e4
Added support to search for tables (--search with -T). See #190 .
2010-05-16 20:46:17 +00:00
Miroslav Stampar
2323d858a9
modification of temporary directory from C:/Windows/Temp to %TEMP%
2010-05-13 09:32:27 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
d034bf29ce
Add new "hinted" feature to MSSQL's getTables()
2010-04-15 12:09:26 +00:00
Bernardo Damele
1ab78ce60e
Added support to directly connect also to SQLite 2 db file
2010-04-13 22:43:38 +00:00
Miroslav Stampar
4f299f22bf
removed timeout keyword which is not supported on linux build
2010-04-13 10:11:14 +00:00
Miroslav Stampar
6762f592c1
direct connection supported only on Windows machines
2010-04-13 08:57:47 +00:00
Miroslav Stampar
939fa5d2c4
some fixes
2010-04-13 08:29:15 +00:00
Bernardo Damele
9e29120603
Minor fix to make MS Access direct access to work also from Linux
2010-04-12 15:52:40 +00:00
Bernardo Damele
eecee3b274
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
Bernardo Damele
758a858785
Minor adjustments
2010-04-06 20:40:14 +00:00
Miroslav Stampar
5556db80db
fix for that sqlite thread nagging with undocumented argument check_same_thread
2010-04-06 16:01:37 +00:00
Miroslav Stampar
e2810003ae
more update
2010-04-06 15:12:52 +00:00
Miroslav Stampar
c24f1cc07c
some update
2010-04-06 14:59:31 +00:00
Bernardo Damele
cad8f61d55
Force pymssql to version >= 1.0.2
2010-03-31 15:31:11 +00:00
Bernardo Damele
b19de015c5
Minor bugs fixes
2010-03-31 13:52:51 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
d583cc07e7
ms access update
2010-03-30 15:04:55 +00:00
Miroslav Stampar
1973024ebf
added support for reusing connections
2010-03-30 13:52:47 +00:00
Miroslav Stampar
f0729565a9
fixes for sqlite
2010-03-30 13:36:23 +00:00
Miroslav Stampar
c2a6f21095
refactoring regarding usage of conf.dbmsConnector.connect()
2010-03-30 13:03:19 +00:00
Miroslav Stampar
88d74a00c1
ms access connector update
2010-03-30 12:48:51 +00:00
Miroslav Stampar
87d8c6719e
updates, fixes and stuff
2010-03-30 11:06:30 +00:00
Miroslav Stampar
f04449be03
update
2010-03-29 23:48:21 +00:00
Miroslav Stampar
4dd2cdef47
update
2010-03-27 23:48:12 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
2aadc5c939
Added support for --roles (for Oracle ROLE_PRIVS). Enhanced Oracle --privileges to fall-back to USER_SYS_PRIVS if DBA_SYS_PRIVS is not accessible (so session user is not DBA) - Fixes ticket #180 .
...
Minor enhancement to Firebird to determine if a DB user is a DBA.
Minor code refactoring.
2010-03-25 15:46:06 +00:00
Bernardo Damele
a63e251b25
Ahead with code refactoring, related to r1502.
...
Fixed svn:keywords propset to all .py files.
2010-03-23 21:26:45 +00:00
Bernardo Damele
09768a7b62
Major code refactoring: moved and split plugins (mysql, pgsql, mssql, oracle) more granularly and organized.
...
Todo for firebird, sqlite, access.
2010-03-22 22:57:57 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Miroslav Stampar
8663b5b68b
minor fixes
2010-03-04 09:16:45 +00:00
Miroslav Stampar
b544405878
fixed some issue involving banner parsing
2010-03-04 09:15:26 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Miroslav Stampar
aa62465aad
minor update, also for that banner error
2010-03-01 10:49:07 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Bernardo Damele
42f53f380f
Now can work 'cause isWindowsPath has been fixed, normalizePath called after ntToPosixSlashes
2010-02-26 12:40:23 +00:00
Bernardo Damele
66c9885b96
Minor path fix
2010-02-26 11:34:48 +00:00
Miroslav Stampar
38a37b89f6
fix for those slashes
2010-02-26 11:07:23 +00:00
Bernardo Damele
89dc99188d
--read-file on PostgreSQL now relies on the new sys_fileread() UDF so that also binary files can be read.
...
Fixed a minor bug in custom UDF injection feature --udf-inject.
Major code refactoring.
2010-02-11 22:57:50 +00:00
Bernardo Damele
f728208ff7
Minor cosmetic fix
2010-02-10 15:51:52 +00:00
Bernardo Damele
5c92fad5dc
Avoid to check for existence of not needed UDFs and minor code adjustment for cleanup() method
2010-02-05 23:14:16 +00:00
Miroslav Stampar
d291464cd4
code refactoring regarding path normalization
2010-02-04 14:50:54 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Bernardo Damele
746cbdba96
Added support for takeover functionalities on PgSQL 8.4 running on Windows
2010-01-14 01:40:11 +00:00
Bernardo Damele
b4ddfe8333
Minor bug fixed (variable undeclared)
2010-01-13 21:26:59 +00:00
Bernardo Damele
4a72ad113a
Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups.
2010-01-12 11:44:47 +00:00
Bernardo Damele
c7e1649655
Minor speedup
2010-01-12 11:43:32 +00:00
Bernardo Damele
3a9f685e18
Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x.
2010-01-12 11:21:28 +00:00
Bernardo Damele
80bd146696
Added support for --dump with -C also on MSSQL
2010-01-10 19:12:54 +00:00
Bernardo Damele
e5dc3f51c8
Display a better message for the moment while working on support for --dump -C on MSSQL
2010-01-10 00:30:45 +00:00