sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
4,547 Commits 4 Branches 117 Tags 97 MiB
fdcdd11cb9
Commit Graph

796 Commits

Author SHA1 Message Date
Miroslav Stampar
3fd5119f3f Redesigning for Issue #75 2012-07-12 13:42:22 +02:00
Bernardo Damele
fed178646a minor refactoring 2012-07-12 01:48:07 +01:00
Bernardo Damele
01474f6272 proper debug message added - issue #75 2012-07-12 01:19:36 +01:00
Bernardo Damele
ee3aeb8dcf actual implementation of issue #75, still some work to do 2012-07-12 01:16:00 +01:00
Bernardo Damele
caeddf6822 avoid unescaping user provided queries (--sql-query, --sql-shell, --sql-file). Before it was only applied to --sql-file 2012-07-12 00:17:07 +01:00
Bernardo Damele
66d854c7d8 leftover space 2012-07-12 00:04:56 +01:00
Bernardo Damele
53c0336b48 added --hostname switch to retrieve DBMS server hostname - closes issue #69 2012-07-12 00:01:57 +01:00
Bernardo Damele
6f6cd676b7 clean up the file system from sqlmap created web files 2012-07-11 14:07:20 +01:00
Bernardo Damele
0c5f259481 var renaming 2012-07-11 13:39:33 +01:00
Miroslav Stampar
9c4a62f725 Some work on Issue #68 2012-07-11 11:58:47 +02:00
Miroslav Stampar
8caffac4bc conf.unescape->kb.unescape 2012-07-10 10:55:04 +02:00
Bernardo Damele
4656d23d82 increased verbosity level of some messages and removed a leftover 2012-07-10 01:43:19 +01:00
Bernardo Damele
00b7411a87 more adjustments for issue #33, of particular importance the fact that the user's provided statement from a file is never unescaped, should be ok 2012-07-10 01:39:03 +01:00
Bernardo Damele
2527554f8e more work on #33 2012-07-10 00:53:07 +01:00
Bernardo Damele
c4af7b9aa0 initial work for issue #33 2012-07-10 00:27:08 +01:00
Bernardo Damele
25eca9d671 finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 2012-07-09 14:26:23 +01:00
Miroslav Stampar
86c27cc4f2 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2012-07-06 17:28:13 +02:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Bernardo Damele
e673033ac1 minor layout adjustment 2012-07-06 15:26:45 +01:00
Bernardo Damele
fb7fe552b7 proper naming 2012-07-06 15:13:50 +01:00
Miroslav Stampar
6a05e3fd79 Fix for Issue #61 2012-07-06 14:24:44 +02:00
Miroslav Stampar
27fdccc858 Update for Issue #55 (falling back to SELECT DB_NAME(N)) 2012-07-03 20:15:17 +02:00
Bernardo Damele
ab412da27f I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes 2012-07-01 23:25:05 +01:00
Miroslav Stampar
e51d3a02f1 Update for Issue #43 (renamed --disable-cracking to --disable-hash) 2012-06-28 18:53:47 +02:00
Miroslav Stampar
c8bac658f3 Fix for Issue #43 2012-06-28 18:47:55 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
303aa10507 only a small update 2012-06-27 14:43:18 +02:00
Miroslav Stampar
06be7bbb18 few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test) 2012-06-15 20:41:53 +00:00
Miroslav Stampar
d5e80089ff minor summer cleanup 2012-06-14 13:44:16 +00:00
Miroslav Stampar
3a90105fbb minor refactoring 2012-06-14 13:38:53 +00:00
Miroslav Stampar
96177393e1 minor update regarding --exact switch 2012-06-10 13:38:12 +00:00
Miroslav Stampar
10b0639a96 making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE) 2012-06-04 09:24:46 +00:00
Miroslav Stampar
3f6bc1f3c2 minor fix 2012-05-24 18:05:33 +00:00
Miroslav Stampar
1e18168cc8 fix for one silent bug and small language update 2012-05-23 16:35:40 +00:00
Miroslav Stampar
0e8d8577a7 adding a DB2 patch from smcintyre@securestate.com 2012-05-21 08:26:19 +00:00
Miroslav Stampar
079e0e1434 minor bug fix 2012-05-18 08:51:50 +00:00
Miroslav Stampar
96299d3d5d minor refactoring 2012-05-03 22:34:18 +00:00
Miroslav Stampar
8013a64f8c minor refactoring 2012-05-01 19:57:30 +00:00
Miroslav Stampar
c71d435d9f making "id"-like columns prioritized for ORDER BY in MySQL 2012-05-01 19:52:02 +00:00
Miroslav Stampar
458a73c9b4 few consistency fixes 2012-04-29 23:09:00 +00:00
Miroslav Stampar
c7a606637f switching few readInput defaults for brute forcing when no table/column found 2012-04-27 12:59:22 +00:00
Bernardo Damele
4da03d898e Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236 2012-04-25 07:40:42 +00:00
Bernardo Damele
6116853025 Minor layout adjustments 2012-04-24 17:01:24 +00:00
Bernardo Damele
072e08836f Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE 2012-04-19 14:05:45 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
645fc8a21c minor refactoring 2012-03-27 08:31:48 +00:00
Miroslav Stampar
72c5b034bf minor update 2012-03-19 11:50:38 +00:00
Miroslav Stampar
cb8caf7e0f i am not very bright today :) 2012-03-19 11:23:23 +00:00
Miroslav Stampar
d5915e5d44 one other fix 2012-03-19 11:19:26 +00:00
Miroslav Stampar
7abfa2e6d4 minor fix 2012-03-19 11:18:00 +00:00
Miroslav Stampar
cce5c3c009 minor changes for version numbers 2012-03-19 11:07:03 +00:00
Bernardo Damele
48e8c978fb Minor fix, way more to do for --search -C for MSSQL 2012-03-15 17:55:49 +00:00
Bernardo Damele
0013b0970f Minor layout adjustments - foundDb is misleading at that stage 2012-03-15 16:07:16 +00:00
Miroslav Stampar
8cf5d260fd Application Data is not a temporary directory writable by everybody 2012-03-14 23:44:29 +00:00
Bernardo Damele
c735d846ee The default temporary directory as to stay as is, do not touch this code snippet anymore please 2012-03-14 22:39:46 +00:00
Miroslav Stampar
ca0d068575 distinguishing NULL from BLANK 2012-03-14 13:52:23 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00
Bernardo Damele
48592f2515 minor adjustments 2012-03-09 18:34:18 +00:00
Bernardo Damele
be9b103b51 minor bug fix 2012-03-09 18:02:50 +00:00
Bernardo Damele
012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based. 
Adapted the queries.xml file accordingly
 2012-03-09 17:47:50 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Bernardo Damele
d9e499af9f Set Id property 2012-03-09 12:05:21 +00:00
Bernardo Damele
7330dff255 Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries 2012-03-08 16:57:53 +00:00
Miroslav Stampar
e678219a8c minor update 2012-03-08 15:51:30 +00:00
Bernardo Damele
ae87df5670 leftover 2012-03-08 15:45:33 +00:00
Bernardo Damele
4bc6f3f6c9 Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore 2012-03-08 15:32:05 +00:00
Miroslav Stampar
68b9d48d0a minor update 2012-03-08 15:30:23 +00:00
Miroslav Stampar
2ab80bfb2c minor bug fix 2012-03-08 15:24:05 +00:00
Bernardo Damele
c79807f5fb Minor layout adjustments 2012-03-08 15:11:24 +00:00
Miroslav Stampar
761ec7529a minor appereance fix 2012-03-01 11:52:30 +00:00
Miroslav Stampar
8b9c5c66cc code refactoring regarding charsetType inside inference/bisection 2012-02-29 14:36:23 +00:00
Miroslav Stampar
10dd9096f7 one more just in case fix for safeSQLIdentificator naming on MSSQL --tables 2012-02-29 14:05:53 +00:00
Miroslav Stampar
d06182347f fixing few potential problems 2012-02-29 13:56:40 +00:00
Miroslav Stampar
74b19a0386 minor update 2012-02-25 10:43:10 +00:00
Miroslav Stampar
26b33154ab optimal fix related to the last commit 2012-02-24 14:28:41 +00:00
Miroslav Stampar
9d6fd2e507 bug fix for --schema --technique=BST 2012-02-24 14:12:19 +00:00
Miroslav Stampar
f9d2971474 minor just in case fix 2012-02-23 16:37:06 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
61a25418a9 minor update 2012-02-22 10:45:10 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Bernardo Damele
f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently 2012-02-20 11:06:55 +00:00
Miroslav Stampar
08bf8c201f few minor fixes 2012-02-20 10:24:55 +00:00
Bernardo Damele
121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests. 
Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table.
Minor fix also to threat MSSQL's EXEC statements as SELECT ones
 2012-02-17 15:54:49 +00:00
Bernardo Damele
ebd40b3933 Minor bug fix to make --file-read and --os-bof syntactically work also with -d (direct connection) 2012-02-17 15:16:05 +00:00
Miroslav Stampar
dcf7277a0f some more refactorings 2012-02-16 14:42:28 +00:00
Miroslav Stampar
e1f86c97c4 minor refactoring 2012-02-16 09:46:41 +00:00
Miroslav Stampar
7bca926a0b fixes, updates, patches 2012-02-09 10:16:58 +00:00
Miroslav Stampar
948cf25de4 more consistent 2012-02-09 09:53:40 +00:00
Miroslav Stampar
980367b7b2 minor update 2012-02-09 09:48:47 +00:00
Miroslav Stampar
1d4b10dbd1 bug fix 2012-02-08 13:55:50 +00:00
Miroslav Stampar
2662fe84f7 minor update 2012-02-08 12:02:50 +00:00
Miroslav Stampar
85a4ef6593 minor update 2012-02-08 12:00:03 +00:00
Miroslav Stampar
f7bf1fbe94 upgrade/fixes for direct DBMS access 2012-02-07 10:46:55 +00:00
Miroslav Stampar
e94f86a1ad minor update 2012-02-03 15:46:28 +00:00
Miroslav Stampar
22f4d5650f fix for retrieving version of backend OS on MSSQL 2012-02-03 15:42:36 +00:00
Miroslav Stampar
a48fc4efec minor update 2012-02-03 15:32:23 +00:00
Miroslav Stampar
e3466fa5d8 minor update 2012-02-03 15:28:11 +00:00