Bernardo Damele
f1b402b103
Proper handling of CASE in Oracle, finally
2011-01-20 21:58:50 +00:00
Bernardo Damele
701947490b
Two major bug fixes related to UNION technique query forging
2011-01-19 23:46:39 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Bernardo Damele
35fb50a6ee
Major bug fix
2011-01-17 22:56:04 +00:00
Miroslav Stampar
a6516798c0
proper fix for that previous "stacked" fix (that one screwed other injection types)
2011-01-16 19:25:10 +00:00
Miroslav Stampar
19dcaeaabf
fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)
2011-01-16 18:25:18 +00:00
Bernardo Damele
0fc4ebdc1b
Major bug fix.
...
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Miroslav Stampar
e17ac5fdca
update
2011-01-15 15:14:22 +00:00
Bernardo Damele
534f51f9fc
Minor bug fix
2011-01-14 14:20:28 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
b0fdbdb13b
minor update
2011-01-13 15:15:56 +00:00
Bernardo Damele
ca33728fbc
Minor fix to avoid query splitting/unpacking when the statement is EXISTS()
2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31
Important bug fix.
...
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f
Minor code refactoring and added internal debug prints
2011-01-12 12:03:23 +00:00
Bernardo Damele
3cff42986f
Code cleanup
2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
c1f2534e9a
More bug fixes to properly distinguish between full inband and single-entry inband sql injections
2010-12-22 15:47:52 +00:00
Miroslav Stampar
8212b7b745
bug fix
2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44
update regarding Sybase syntax
2010-12-22 10:39:56 +00:00
Miroslav Stampar
de54219571
code refactoring
2010-12-15 12:50:56 +00:00
Bernardo Damele
698f30e65e
Cosmetics
2010-12-13 21:34:35 +00:00
Miroslav Stampar
fe2039f5ba
coollyy little commits
2010-12-10 11:32:46 +00:00
Miroslav Stampar
af22679605
minor update
2010-12-08 13:09:27 +00:00
Bernardo Damele
5f97312f29
Minor fix
2010-12-07 17:17:38 +00:00
Bernardo Damele
effd2ca0e3
Cosmetics
2010-12-07 12:32:58 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Miroslav Stampar
a43d252ae9
minor update
2010-12-06 00:14:08 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Bernardo Damele
41e1b95c6c
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
2010-12-05 11:25:44 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
9d55c4da87
Done with support for injection in ORDER BY and GROUP BY (hopefully)
2010-12-03 16:12:47 +00:00
Bernardo Damele
126a1479d8
Bug fix for --union-test
2010-12-03 14:57:30 +00:00
Bernardo Damele
b824826a89
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
2010-12-03 14:39:51 +00:00
Bernardo Damele
827a0aea05
Minor bug fix
2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce
Added a comment needed to understand this hack when looking at the code in a month or so ;)
2010-12-03 11:00:41 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
e8c6c01e27
precaution
2010-11-29 09:54:30 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
ad17e9ed2a
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
2010-11-19 14:56:20 +00:00
Bernardo Damele
4a9bd3a240
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 17:55:43 +00:00
Bernardo Damele
f6a17cb1a8
Revert wrong fix
2010-11-18 10:41:06 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
9f53048ff4
Put a space always between the user's provided prefix and sqlmap payload
2010-11-12 11:48:26 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715
minor update
2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Bernardo Damele
0ffffef088
Implemented --tamper for direct connection too (-d)
2010-10-31 14:22:32 +00:00
Bernardo Damele
617edf7fc2
Minor bug fix
2010-10-31 12:24:19 +00:00
Bernardo Damele
fcada4df0f
Removed debug print
2010-10-31 12:21:22 +00:00
Bernardo Damele
2a2f949275
Minor bug fix
2010-10-31 12:20:38 +00:00
Bernardo Damele
264247d318
revert of a stupid commit
2010-10-31 12:09:55 +00:00
Bernardo Damele
2fb059a644
Bug fix
2010-10-31 12:02:20 +00:00
Bernardo Damele
9d08cb3a6f
Revert r2209 and minor code refactoring
2010-10-31 11:51:45 +00:00
Bernardo Damele
3869ccebe8
Minor code refactoring
2010-10-31 11:17:51 +00:00
Bernardo Damele
6afc9bffaa
Minor bug fix: there will always be only one pair of delimiters as we add it for each place
2010-10-31 11:09:29 +00:00
Miroslav Stampar
0125198210
minor fix
2010-10-29 21:19:28 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Miroslav Stampar
c9f0c75030
removed --space (usage of tampering modules is now a prefered way to do it)
2010-10-15 12:52:33 +00:00
Miroslav Stampar
d0514d18ec
removed that spaces from URI payloads
2010-10-15 12:49:03 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
18d27cabc5
more changes
2010-10-07 15:34:17 +00:00
Miroslav Stampar
440ff639bb
more refactoring
2010-10-07 14:05:34 +00:00
Miroslav Stampar
1e9ae40397
major refactoring
2010-10-07 12:12:26 +00:00
Miroslav Stampar
9cd5d3bde7
added new option --space
2010-09-24 21:59:03 +00:00
Miroslav Stampar
ff419f7384
more changes regarding path (URI) injection
2010-09-24 09:19:14 +00:00
Miroslav Stampar
e4925eb3dd
update
2010-09-23 21:57:11 +00:00
Miroslav Stampar
13bb3a6212
minor update
2010-09-23 14:07:23 +00:00
Miroslav Stampar
927ad7bf13
update
2010-09-22 12:21:21 +00:00
Miroslav Stampar
da8ae5578b
first commit regarding Feature #144
2010-09-22 11:56:35 +00:00
Bernardo Damele
8576817a2b
Added support for SOAP requests: fixed, extended and tested a user's patch - closes #196 .
2010-06-29 21:07:23 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00
Miroslav Stampar
4129cb22a7
update regarding bug reported by Ole Rasmussen
2010-04-03 19:41:47 +00:00
Miroslav Stampar
a02ec29c15
too
2010-03-30 11:52:45 +00:00
Miroslav Stampar
c9c9c1fb2f
replace only first occurrence
2010-03-30 11:52:01 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Bernardo Damele
d13ad8b2d7
fixes #181 - proper save/resume information about single entry UNION SQL injection
2010-03-22 15:39:29 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
2825ab5e4e
Major bug fix in url-encoding
2010-01-16 21:56:40 +00:00
Bernardo Damele
505647b00f
Minor bug fix to --cookie-urlencode
2010-01-15 11:24:30 +00:00
Miroslav Stampar
26c7b74e65
changes regarding Data (GET/POST/Cookie) encoding (Bug #129 )
2010-01-14 18:05:03 +00:00