sqlmap

sqlmapproject/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-24 18:43:47 +03:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

revert-5260-master

revert-5598-master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5625

#5649

#5658

#5665

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#583

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.10

1.8.11

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

954a927cee Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 Bernardo Damele 2010-01-05 11:43:16 +0000
71547a3496 getDocRoot changes Miroslav Stampar 2010-01-05 11:30:33 +0000
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. Bernardo Damele 2010-01-04 15:02:56 +0000
473024bd6e Newline Bernardo Damele 2010-01-04 14:03:31 +0000
6319eb6e5c just added PGP Key ID Miroslav Stampar 2010-01-04 13:08:40 +0000
232f927dd0 Slightly updated the documentation Bernardo Damele 2010-01-04 12:53:58 +0000
d71e47ce56 fix regarding dirnames in Feature #110 Miroslav Stampar 2010-01-04 12:39:07 +0000
2eb24c6368 Avoid useless queries Bernardo Damele 2010-01-04 12:35:53 +0000
236ca9b952 Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). Bernardo Damele 2010-01-04 10:47:09 +0000
96a033b51d found and fixed few bugs regarding my "fix" of Bug #110 Miroslav Stampar 2010-01-03 15:56:29 +0000
d5b1863dec Updated documentation and svn properties Bernardo Damele 2010-01-02 02:07:28 +0000
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 0.8-rc3 Bernardo Damele 2010-01-02 02:02:12 +0000
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. Bernardo Damele 2010-01-02 01:35:13 +0000
9c620da0a5 Minor fix Bernardo Damele 2009-12-31 12:34:18 +0000
c1c14dabd9 Minor bug fix Bernardo Damele 2009-12-21 11:21:18 +0000
e6c4154cac Fixed minor bug in --reg-del Bernardo Damele 2009-12-21 11:04:54 +0000
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 0.8-rc2 Bernardo Damele 2009-12-17 22:04:01 +0000
a605980d66 Minor adjustments to configuration file Bernardo Damele 2009-12-15 14:16:25 +0000
b363f1c5ab Added support for NTLM authentication Bernardo Damele 2009-12-02 22:54:39 +0000
e28b98a366 Minor layout adjustments Bernardo Damele 2009-12-02 22:52:17 +0000
c332c72808 Minor update to user's manual to reflect new Metasploit release Bernardo Damele 2009-11-17 23:36:18 +0000
6e36a6f8ed Major enhancement to MSSQL MS09-004 exploit Bernardo Damele 2009-11-17 23:33:20 +0000
4779a5fe0f Minor layout adjustment Bernardo Damele 2009-11-16 16:39:31 +0000
1bf6a7cadc Adapted sqlmap to latest changes in Metasploit trunk Bernardo Damele 2009-11-03 16:49:19 +0000
aa14bea051 Test again Bernardo Damele 2009-11-01 12:30:30 +0000
e518ae82e4 Testing post-commit hook on redmine Bernardo Damele 2009-11-01 12:28:33 +0000
bfd8128693 Updated name Bernardo Damele 2009-11-01 12:10:29 +0000
de68a499f5 Typo fix Bernardo Damele 2009-11-01 12:08:46 +0000
bb123b2769 Updated changelog Bernardo Damele 2009-10-23 10:20:47 +0000
f1a7d095aa Minor patch to make the PHP web backdoor work also on Windows Bernardo Damele 2009-10-22 16:25:19 +0000
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. Bernardo Damele 2009-09-25 23:03:45 +0000
458d59416c Minor bug fix in MSSQL version fingerprint Bernardo Damele 2009-08-11 09:16:20 +0000
14578a7a4d Updated THANKS file Bernardo Damele 2009-07-30 12:02:34 +0000
17289c5ff2 Minor bug fix Bernardo Damele 2009-07-30 12:01:23 +0000
e608a5ca55 Updated THANKS file Bernardo Damele 2009-07-29 10:44:56 +0000
19c6804ded Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks! Bernardo Damele 2009-07-29 10:44:24 +0000
2c98c11e80 user's manual PDF recreated 0.7 Bernardo Damele 2009-07-25 16:46:30 +0000
45e3ce798f Updated documentation with all new features introduced since sqlmap 0.7-rc1 Bernardo Damele 2009-07-25 14:31:44 +0000
d905e5ef9f Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server Bernardo Damele 2009-07-25 11:45:23 +0000
576cc97742 Minor update to the user's manual, almost there to release 0.7 stable! Bernardo Damele 2009-07-25 00:25:59 +0000
b2b2ec8a26 Preparing to release sqlmap 0.7 stable Bernardo Damele 2009-07-24 23:20:57 +0000
3d4bfb3263 More appropriate warning message, got rid of a TODO Bernardo Damele 2009-07-24 23:20:22 +0000
b4fd71e8b9 Minor adjustment to reflect Metasploit r6849 (http://trac.metasploit.com/changeset/6849) and minor code refactoring. Bernardo Damele 2009-07-20 14:36:33 +0000
8096a37940 Major bug fix in --read-file option and minor code refactoring. Bernardo Damele 2009-07-09 11:50:15 +0000
cb3d2bac16 Minor improvement so that sqlmap tests also all parameters with no value (ig. par=). Bernardo Damele 2009-07-09 11:25:35 +0000
516fdb9356 Avoid to upload the web backdoor to unexisting empty-name directory Bernardo Damele 2009-07-09 11:11:25 +0000
24a3a23159 Minor bug fix to --dbms, updated user's manual Bernardo Damele 2009-07-09 11:05:24 +0000
4b622ed860 Minor bug fix. Adapted Metasploit wrapping functions to work with latest msf3 development version too. Bernardo Damele 2009-07-06 14:40:33 +0000
0fc4587f02 Added support for reflective meterpreter by default when the target OS is Windows and minor layout fix Bernardo Damele 2009-07-03 17:59:20 +0000
ba2e009fd9 Now it's fixed Bernardo Damele 2009-06-29 10:15:10 +0000
bc31bd1dd9 Minor bug fix Bernardo Damele 2009-06-29 10:13:39 +0000
fd7de4bbb8 Updated THANKS file Bernardo Damele 2009-06-24 13:57:50 +0000
3b9303186e Fixed minor bug with --eta Bernardo Damele 2009-06-24 13:44:14 +0000
e5a01d500e Minor bug fix in --update option, updated also Microsoft XML versions file Bernardo Damele 2009-06-16 15:12:02 +0000
32067cb676 Added ASPX shell and stager Bernardo Damele 2009-06-15 14:54:36 +0000
03a6739fbf Minor layout adjustments Bernardo Damele 2009-06-11 15:34:31 +0000
150abc0f1e sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring. Bernardo Damele 2009-06-11 15:01:48 +0000
3bca0d4b28 Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance. Bernardo Damele 2009-06-05 10:15:55 +0000
5ac2b0658c Fixed regular expression to parse burp log file hosts' scheme/port Bernardo Damele 2009-06-04 14:42:53 +0000
cfd8a83655 Minor adjustment to get also the port when parsing burp logs Bernardo Damele 2009-06-04 14:36:31 +0000
966f34f381 Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions Bernardo Damele 2009-06-03 15:26:18 +0000
c7b72abc0e Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls Bernardo Damele 2009-06-03 15:04:40 +0000
02f6425db8 Work-around to avoid a TypeError traceback when reading a file content on MySQL/MSSQL Bernardo Damele 2009-06-02 14:24:48 +0000
93ee4a01e5 HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+ Bernardo Damele 2009-05-20 14:27:25 +0000
81d1a767ac Minor bug fix in output manager (dumper) object Bernardo Damele 2009-05-20 13:56:23 +0000
8e7282f7c7 Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6. Bernardo Damele 2009-05-20 13:51:25 +0000
440a52b84d Major bug fix to sql-query/sql-shell functionalities Bernardo Damele 2009-05-20 10:19:19 +0000
37d3b3adda Updated THANKS Bernardo Damele 2009-05-20 09:58:22 +0000
13de8366d0 Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting! Bernardo Damele 2009-05-20 09:34:13 +0000
f7ee4d578e Updated THANKS file Bernardo Damele 2009-05-19 15:56:30 +0000
ef3846e0de Minor fix in Host header value by Oliver Gruskovnjak Bernardo Damele 2009-05-19 14:40:04 +0000
45dff4a00a Added new function to search a file within the PATH environment variable paths: it will be used when sqlmap will be packaged as DEB and RPM Bernardo Damele 2009-05-12 20:24:47 +0000
b463205544 Minor fixes for MacOSX Bernardo Damele 2009-05-12 20:24:00 +0000
06cc2a6d70 Minor bug fixes and code refactoring Bernardo Damele 2009-05-11 15:37:48 +0000
a727427299 Minor fix for Python <= 2.5.2 (os.path.normpath function) Bernardo Damele 2009-05-06 13:37:51 +0000
c5d20b8a86 Initial support for ASP web backdoor functionality Bernardo Damele 2009-05-06 12:14:38 +0000
f3e8d6db70 Fixed MySQL comment injection Bernardo Damele 2009-05-01 16:29:45 +0000
ccedadd780 Finished Mac OS X Bernardo Damele 2009-04-30 21:42:54 +0000
e8c115500d Now it works also on Mac OS X Bernardo Damele 2009-04-30 10:46:50 +0000
722ca8bf2f Minor "fix" Bernardo Damele 2009-04-29 19:45:12 +0000
57b8bb4c8e Minor syntax adjustment for web backdoor functionality Bernardo Damele 2009-04-28 21:51:22 +0000
58f3eee390 Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library Bernardo Damele 2009-04-28 11:11:35 +0000
1d7de719b9 Almost done with web backdoor functionality Bernardo Damele 2009-04-28 11:05:07 +0000
16b4530bbe Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed). Minor common library code refactoring. Code cleanup. Set back the default User-Agent to sqlmap for comparison algorithm reasons. Updated THANKS. Bernardo Damele 2009-04-27 23:05:11 +0000
5121a4dcba Send IE7.0 as default User-Agent Bernardo Damele 2009-04-24 20:13:21 +0000
406d5df195 Minor layout adjustments Bernardo Damele 2009-04-24 20:12:52 +0000
546a6c32e3 Avoid deprecation warning on sha and md5 libraries on Python >= 2.6 Bernardo Damele 2009-04-24 20:10:30 +0000
6f4035938b Let the user choose also the local address in reverse OOB connection Bernardo Damele 2009-04-24 10:27:52 +0000
06e8546177 Finally fixed MSSQL 2000 fingerprint Bernardo Damele 2009-04-24 10:26:01 +0000
eeb34eb028 Again, minor fix to MSSQL 2000 fingerprint Bernardo Damele 2009-04-23 21:13:34 +0000
4ce74764b7 More verbose when reporting failure to create shellcode/payload stager (via Metasploit) Bernardo Damele 2009-04-23 20:39:32 +0000
aec2419410 Fixed character escaping in SQL shell/query functionalities. Bernardo Damele 2009-04-23 15:37:12 +0000
1af6898618 Fixed POST parsing when -l option is provided (burp/webscarab log file) Bernardo Damele 2009-04-23 15:04:28 +0000
69259c5984 Updated THANKS Bernardo Damele 2009-04-23 08:42:57 +0000
8e88b32274 Minor fix in MSSQL 2000 fingerprint Bernardo Damele 2009-04-23 08:36:39 +0000
aefa7ef988 Avoid libmagic traceback on Windows. WARNING: this release is a candidate, it only works on Linux/Unices for the moment! 0.7-rc1 Bernardo Damele 2009-04-22 12:44:16 +0000
8c0ac767f4 Updated to sqlmap 0.7 release candidate 1 Bernardo Damele 2009-04-22 11:48:07 +0000
b997df740a Minor bug fix Bernardo Damele 2009-02-25 20:11:14 +0000
0c1a6b3edf Minor typo fix Bernardo Damele 2009-02-19 00:38:54 +0000
2efee058ea Major enhancement in comparison algorithm Bernardo Damele 2009-02-12 00:17:44 +0000