sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-25 15:39:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • c54c9ee5d1 minor update Miroslav Stampar 2010-11-23 22:33:00 +0000
  • 57ad59206b cosmetics as it's best Miroslav Stampar 2010-11-23 22:09:10 +0000
  • 7a147041c4 cosmetics Miroslav Stampar 2010-11-23 21:44:58 +0000
  • f4f0bc9db3 minor fix Miroslav Stampar 2010-11-23 21:17:01 +0000
  • f9f076ba97 code refactoring Miroslav Stampar 2010-11-23 21:00:42 +0000
  • 7877a931d5 more cosmetics regarding dictionary attack Miroslav Stampar 2010-11-23 20:54:40 +0000
  • e3b3e05748 minor update Miroslav Stampar 2010-11-23 19:21:30 +0000
  • 0d24a15182 more cosmetics Miroslav Stampar 2010-11-23 19:10:34 +0000
  • 836a1c214a los cosmeticados (of hash dictionary attack) Miroslav Stampar 2010-11-23 18:57:00 +0000
  • c4414df594 minor update Miroslav Stampar 2010-11-23 15:33:13 +0000
  • 78024eafe0 little precaution Miroslav Stampar 2010-11-23 15:31:23 +0000
  • 4af000e699 minor language update (in testing phase "used" is more preferable than "provided") Miroslav Stampar 2010-11-23 15:11:15 +0000
  • e32be2b4e7 Minor adjustment Bernardo Damele 2010-11-23 15:06:40 +0000
  • b41ee8d0d0 minor refactoring Miroslav Stampar 2010-11-23 14:57:36 +0000
  • aa5d038f18 more code refactoring Miroslav Stampar 2010-11-23 14:50:47 +0000
  • 3cae76627c code refactoring regarding dictionary attack Miroslav Stampar 2010-11-23 13:58:01 +0000
  • ba4ea32603 first working version of dictionary attack Miroslav Stampar 2010-11-23 13:24:02 +0000
  • c471b815cc fix for a bug reported by BugTrace (IndexError: list index out of range) Miroslav Stampar 2010-11-22 10:58:08 +0000
  • bfc9378542 sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s)) Miroslav Stampar 2010-11-20 13:22:59 +0000
  • db59faedb9 more proper naming Miroslav Stampar 2010-11-20 13:20:28 +0000
  • 52c722dab5 renaming of dicts.zip to wordlists.zip (more proper name) Miroslav Stampar 2010-11-20 13:17:13 +0000
  • 1f8a9fe033 foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch) Miroslav Stampar 2010-11-20 13:14:13 +0000
  • 71107e4e9e quick fix for google searches Miroslav Stampar 2010-11-19 21:38:20 +0000
  • 99a23e23cf Extra check on --union-cols value Bernardo Damele 2010-11-19 16:39:26 +0000
  • da7eb329bb removing file Miroslav Stampar 2010-11-19 16:04:07 +0000
  • 1fa567e14d new file added (dictionary attack on password hashes - MySQL, MSSQL, Oracle and Posgres - is soon going to be a part of sqlmap) Miroslav Stampar 2010-11-19 15:51:56 +0000
  • c23126547e Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20. Bernardo Damele 2010-11-19 15:48:24 +0000
  • ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) Bernardo Damele 2010-11-19 14:56:20 +0000
  • c6545f5c9f we had a bug (nooooooooo!!!! :)) Miroslav Stampar 2010-11-19 10:36:47 +0000
  • df88280681 minor update of google regex (that * was a junky one) Miroslav Stampar 2010-11-19 10:04:29 +0000
  • e8bef28337 updating google parsing regex (for the better, of course) Miroslav Stampar 2010-11-19 10:00:29 +0000
  • d97e97d884 minor update :) Miroslav Stampar 2010-11-19 09:02:44 +0000
  • 4a9bd3a240 Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well! Bernardo Damele 2010-11-18 17:55:43 +0000
  • 544327379f Little precaution Bernardo Damele 2010-11-18 14:32:52 +0000
  • f6a17cb1a8 Revert wrong fix Bernardo Damele 2010-11-18 10:41:06 +0000
  • 17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! Bernardo Damele 2010-11-17 22:00:09 +0000
  • ca5125bbe0 minor update related to r2401 Miroslav Stampar 2010-11-17 20:50:31 +0000
  • 360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle Bernardo Damele 2010-11-17 17:20:32 +0000
  • a0df36beda when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared) Miroslav Stampar 2010-11-17 15:33:07 +0000
  • 17f0609263 minor bug fix Miroslav Stampar 2010-11-17 13:29:57 +0000
  • 3d25071d06 another minor improvement regarding logging of http traffic Miroslav Stampar 2010-11-17 12:16:48 +0000
  • 3e569a1693 minor update Miroslav Stampar 2010-11-17 12:04:33 +0000
  • 2802923dbe some improvements regarding --os-shell web server application choice Miroslav Stampar 2010-11-17 11:45:52 +0000
  • 5abbea4a9f fix for a bug reported by nightman (unknown charset 'null') Miroslav Stampar 2010-11-17 09:57:32 +0000
  • d757e4ae1c bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs) Miroslav Stampar 2010-11-17 09:46:04 +0000
  • bec152609a minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \) Miroslav Stampar 2010-11-17 09:33:05 +0000
  • af92c05930 removing 'MD5' referings Miroslav Stampar 2010-11-17 09:15:40 +0000
  • 76c3f5768b cosmetics Miroslav Stampar 2010-11-17 09:12:48 +0000
  • 2a8e270bef proper handling of carriage return character from Windows target machines Miroslav Stampar 2010-11-16 15:11:03 +0000
  • ab33651f96 minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior) Miroslav Stampar 2010-11-16 15:02:22 +0000
  • 3487429eac minor cosmetics Miroslav Stampar 2010-11-16 14:41:46 +0000
  • 3640dbf745 fix for --parse-errors (on IIS HTTP error is raised which need to be processed) Miroslav Stampar 2010-11-16 14:33:30 +0000
  • cccb565859 cosmetics Miroslav Stampar 2010-11-16 14:11:32 +0000
  • b9d9f18939 added General cmdline group Miroslav Stampar 2010-11-16 14:09:09 +0000
  • e7a66371f8 update regarding os shell-ing regarding JSP and ASPX Miroslav Stampar 2010-11-16 13:46:46 +0000
  • 6232397129 minor update Miroslav Stampar 2010-11-16 10:52:49 +0000
  • 6ef3846400 update regarding error parsing (and reporting) Miroslav Stampar 2010-11-16 10:42:42 +0000
  • 71cb982039 Another bug fix to --union-test Bernardo Damele 2010-11-15 21:42:56 +0000
  • b3ad63b71e major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page) Miroslav Stampar 2010-11-15 14:59:37 +0000
  • ff310475c8 some reporting update for --forms Miroslav Stampar 2010-11-15 14:17:51 +0000
  • 20d6b9a5c1 minor fix Miroslav Stampar 2010-11-15 12:24:32 +0000
  • 39c6c9f386 minor update Miroslav Stampar 2010-11-15 12:19:22 +0000
  • 819085155e minor update/fix Miroslav Stampar 2010-11-15 12:07:13 +0000
  • c25c017c08 cosmetics regarding --forms Miroslav Stampar 2010-11-15 11:50:33 +0000
  • 36c544f440 update (--forms acts now more like -g switch) Miroslav Stampar 2010-11-15 11:34:57 +0000
  • 42d09d604e minor fix Miroslav Stampar 2010-11-15 09:48:58 +0000
  • a9152c6723 Updated doc Bernardo Damele 2010-11-14 22:36:54 +0000
  • 5f46a549ba Cosmetics for --forms Bernardo Damele 2010-11-14 21:59:35 +0000
  • 0bfc1b411a Another bug fix for --union-test Bernardo Damele 2010-11-14 15:39:57 +0000
  • a0fb96816f fix for a bug reported by ToR (value += actVer) Miroslav Stampar 2010-11-14 08:31:29 +0000
  • 5e41cd07a3 Updated doc Bernardo Damele 2010-11-13 23:31:18 +0000
  • 7da079fa32 More verbose comment for direct connection Bernardo Damele 2010-11-13 23:30:38 +0000
  • 8d07272c82 Added --union-cols switch to specify the max number of columns to test for UNION query sql injection. Now stores/resumes also the exact UNION payload to session file. Bernardo Damele 2010-11-13 23:24:41 +0000
  • df5dc10111 Major enhancement to --union-test check Bernardo Damele 2010-11-13 22:47:37 +0000
  • 84849316b3 improvement of heuristic check (now original value is included too) Miroslav Stampar 2010-11-12 23:06:01 +0000
  • 06a872fc99 update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read)) Miroslav Stampar 2010-11-12 22:57:33 +0000
  • 27735b14df update (--string and --regex should be done regardless of wasLastRequestError) Miroslav Stampar 2010-11-12 22:44:15 +0000
  • 0d66f101da fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages) Miroslav Stampar 2010-11-12 22:29:33 +0000
  • a777d59870 Minor bug fix Bernardo Damele 2010-11-12 15:17:12 +0000
  • 0a83a830d9 Properly handle both HTTPS and HTTP requests through proxy Bernardo Damele 2010-11-12 14:21:46 +0000
  • e1ef27f592 work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https Bernardo Damele 2010-11-12 12:25:02 +0000
  • 9f53048ff4 Put a space always between the user's provided prefix and sqlmap payload Bernardo Damele 2010-11-12 11:48:26 +0000
  • 697b32554c fix for a bug "ordinal not in range(128)" reported by bugtrace Miroslav Stampar 2010-11-12 11:48:25 +0000
  • f83dd2251b Properly save error-based enumerated data in session file, able to be resumed like with other techniques Bernardo Damele 2010-11-12 11:40:37 +0000
  • a34c1b287c Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) Bernardo Damele 2010-11-12 11:33:11 +0000
  • 8cec75656c Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp) Bernardo Damele 2010-11-12 10:31:42 +0000
  • a14e4d9668 Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually. Bernardo Damele 2010-11-12 10:16:39 +0000
  • 64b5de44a0 Converted to new XML object format Bernardo Damele 2010-11-12 10:11:13 +0000
  • 66c82d72e4 Typo fix Bernardo Damele 2010-11-12 10:02:02 +0000
  • 306e96331d Updated doc Bernardo Damele 2010-11-12 10:00:49 +0000
  • 42272ca78c minor update Miroslav Stampar 2010-11-11 22:26:36 +0000
  • 8aefd0bbf7 improvement of --common-tables and --common-columns Miroslav Stampar 2010-11-11 20:37:25 +0000
  • 2d872f850a quick fix Miroslav Stampar 2010-11-11 19:54:54 +0000
  • be992b4471 update regarding common columns existance check Miroslav Stampar 2010-11-11 17:09:31 +0000
  • 3b996c3ed8 adding JSP stager Miroslav Stampar 2010-11-11 16:42:01 +0000
  • 2d361cb359 some minor updates of stager.asp and backdoor.asp, and completely rewritten stager.aspx Miroslav Stampar 2010-11-11 10:33:29 +0000
  • 24238ccd0b re-renaming of brute force switches. this way is better. Miroslav Stampar 2010-11-11 07:57:44 +0000
  • ca06db8f28 now, this is the real deal Miroslav Stampar 2010-11-11 00:20:47 +0000
  • 5034868b36 cleaning up of common tables and new common columns Miroslav Stampar 2010-11-10 23:31:23 +0000
  • 96d88877ba bug fix (reported by ToR) Miroslav Stampar 2010-11-10 19:44:51 +0000