sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	4e5f0da1ae	minor update	2011-01-20 16:07:08 +00:00
Miroslav Stampar	2fa066f892	added support for WebScarab logs	2011-01-20 15:55:50 +00:00
Miroslav Stampar	345e2288e1	important fix regarding encoding stuff	2011-01-20 13:54:18 +00:00
Miroslav Stampar	f6f4b5e9dd	bug fix for charset used in inference for pages retrieved with --null-connection	2011-01-20 11:01:01 +00:00
Miroslav Stampar	a4a0f10950	minor minor minor	2011-01-20 09:25:34 +00:00
Bernardo Damele	50c02fbb37	Done with previous refactoring	2011-01-20 00:01:06 +00:00
Bernardo Damele	701947490b	Two major bug fixes related to UNION technique query forging	2011-01-19 23:46:39 +00:00
Miroslav Stampar	7a060e756d	dummy fix for SQLite schema retrieval (lots of spaces inside)	2011-01-19 23:16:22 +00:00
Bernardo Damele	bade0e3124	Major code refactoring - centralized all kb.dbms* info for both retrieval and set.	2011-01-19 23:06:15 +00:00
Miroslav Stampar	4bdc19d879	minor cosmetics	2011-01-19 22:48:06 +00:00
Miroslav Stampar	c106dc829a	more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)	2011-01-19 22:08:56 +00:00
Miroslav Stampar	7ad41f9b19	bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)	2011-01-19 21:46:43 +00:00
Miroslav Stampar	aea43a1e43	minor refactoring	2011-01-19 15:26:57 +00:00
Miroslav Stampar	eadaf680de	fuck yea	2011-01-19 15:25:48 +00:00
Miroslav Stampar	89e0fd0709	back to roots	2011-01-19 14:06:26 +00:00
Bernardo Damele	c1f6bf2eda	Updated	2011-01-18 23:14:35 +00:00
Bernardo Damele	33485198e1	Code cleanup	2011-01-18 23:05:32 +00:00
Bernardo Damele	eda0b41859	Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. Adapted UNION tests' titles when --union-char is provided. Lots of comment adjustments. Code cleanup	2011-01-18 23:03:50 +00:00
Bernardo Damele	cffa17f5a6	Major bug fix - before it raised a traceback, now works.	2011-01-18 23:02:47 +00:00
Bernardo Damele	daebb0010b	Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.	2011-01-18 23:02:11 +00:00
Bernardo Damele	81be23976e	Confirmed HAVING payloads work as WHERE ones. Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS. Proper handling of title for UNION tests when --union-char is provided.	2011-01-18 22:55:20 +00:00
Miroslav Stampar	f7d9b22510	because other major DBMSes have at least one level 1 time based payload	2011-01-18 20:32:49 +00:00
Miroslav Stampar	38d0958781	minor fix (for numeric columns with all 0)	2011-01-18 11:42:36 +00:00
Miroslav Stampar	bdcb10cdab	added MSSQL time based vector	2011-01-18 02:05:18 +00:00
Bernardo Damele	3822b494ea	Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.	2011-01-17 23:43:37 +00:00
Bernardo Damele	c2a358561f	Proper support for --union-cols	2011-01-17 22:57:33 +00:00
Bernardo Damele	35fb50a6ee	Major bug fix	2011-01-17 22:56:04 +00:00
Bernardo Damele	47565f9459	Minor code refactoring	2011-01-17 21:13:59 +00:00
Miroslav Stampar	041abb56e2	you can't believe how much man can learn when having good testing points	2011-01-17 13:59:22 +00:00
Miroslav Stampar	d225c5c9aa	was wrong about this one (just now tested on a real site)	2011-01-17 11:00:09 +00:00
Miroslav Stampar	ac0b5e6dbc	proper way to handle this (console output has totally different encoding than the page one)	2011-01-17 10:27:36 +00:00
Miroslav Stampar	34d13be0d3	minor update regarding default page encoding	2011-01-17 10:23:37 +00:00
Miroslav Stampar	5c857779c1	important fix for unicode based character inference	2011-01-17 10:15:19 +00:00
Miroslav Stampar	99a3a3b89c	minor fix (break if all found)	2011-01-17 09:41:25 +00:00
Miroslav Stampar	0fcca671bd	information update regarding common password suffixes	2011-01-17 09:28:25 +00:00
Miroslav Stampar	a835f233ac	fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')	2011-01-17 00:17:31 +00:00
Miroslav Stampar	2041361695	minor cosmetics	2011-01-16 23:20:52 +00:00
Miroslav Stampar	e2c821eb81	minor cosmetics	2011-01-16 22:35:54 +00:00
Miroslav Stampar	e881465a9f	minor improvement	2011-01-16 20:55:07 +00:00
Miroslav Stampar	f5e36876e7	removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency	2011-01-16 19:29:06 +00:00
Miroslav Stampar	a6516798c0	proper fix for that previous "stacked" fix (that one screwed other injection types)	2011-01-16 19:25:10 +00:00
Miroslav Stampar	5476a8a27e	russian sites are great for testing :)	2011-01-16 19:00:19 +00:00
Miroslav Stampar	19dcaeaabf	fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)	2011-01-16 18:25:18 +00:00
Miroslav Stampar	718eef8753	minor fix	2011-01-16 18:11:35 +00:00
Miroslav Stampar	30d6791968	update regarding time based data retrieval	2011-01-16 17:52:42 +00:00
Miroslav Stampar	ec1ab3cd2a	removing timeSec from injection configuration attributes as it highly depends on current connection "variables"	2011-01-16 12:12:01 +00:00
Miroslav Stampar	2001bad7e1	automatic adjustment of timeSec for delayed queries	2011-01-16 12:04:32 +00:00
Miroslav Stampar	71391874eb	slightly faster and thread safer inference	2011-01-16 10:52:42 +00:00
Miroslav Stampar	fb166e9445	adding USER_LOCK stacked query support for ORACLE (older versions)	2011-01-16 10:31:16 +00:00
Miroslav Stampar	f31c028232	Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436 )	2011-01-16 10:07:56 +00:00

1 2 3 4 5 ...

2094 Commits