sqlmap

sqlmapproject/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-21 17:16:35 +03:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

revert-5260-master

revert-5598-master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5625

#5649

#5658

#5665

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#583

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.10

1.8.11

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

e2a805ef6a Minor workaround because of latest bug fix Bernardo Damele 2008-12-01 23:32:14 +0000
a777f1ca35 Minor bug fix Bernardo Damele 2008-12-01 23:27:51 +0000
034a3f387a Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters) Bernardo Damele 2008-12-01 23:09:07 +0000
3cf1658532 Increased default output level from 0 to 1 Bernardo Damele 2008-12-01 23:07:41 +0000
428612b431 Comment and layout adjustments Bernardo Damele 2008-12-01 23:04:01 +0000
beea58f2e9 Updated MySQL versions Bernardo Damele 2008-12-01 23:02:52 +0000
e967b13378 Minor adjustment to command line usage message Bernardo Damele 2008-11-27 23:06:02 +0000
6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation Bernardo Damele 2008-11-27 22:33:33 +0000
785352d700 Minor adjustments to signatures Bernardo Damele 2008-11-27 22:31:43 +0000
dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server. Minor adjustments to XML signatures. Updated documentation. Bernardo Damele 2008-11-25 11:33:44 +0000
f2737ad0a3 Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file). Major bug fix in the controller library. Bernardo Damele 2008-11-22 01:57:22 +0000
9be844cf3e Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. Bernardo Damele 2008-11-20 17:56:09 +0000
80425c9ccd Minor adjustment to ETA feature Bernardo Damele 2008-11-20 11:13:04 +0000
8f74fe2ce9 Added new HTTP response headers on which fingerprint web app technology and web server OS. Updated documentation. Bernardo Damele 2008-11-19 15:33:39 +0000
736b2e7323 Minor adjustments to the operating system fingerprint. Bernardo Damele 2008-11-19 00:36:44 +0000
727664aea7 Minor enhancement to fingerprint the web server operating system and the web application technology by parsing also HTTP response Server header. Refactor libraries and plugins that parses XML to fingerprint and show on standard output the information. Updated changelog. Bernardo Damele 2008-11-18 17:42:46 +0000
7d0724843f Major enhancement to the engine to parse XML files and matches on DBMS banner and HTTP response headers. Initial web application technology fingerprint (for the moment based only on X-Powered-By HTTP response header and not shown yet to the user). Minor layout adjustments. Bernardo Damele 2008-11-17 17:41:02 +0000
66fb3c3033 Minor enhancement to show the DBMS operating system (if fingerprinted) also when only -b option is provided since it's an information that sqlmap get parsing the DBMS banner. Got rid completely of useless passive fuzzing. Bernardo Damele 2008-11-17 11:22:03 +0000
7d7170fc97 Minor code adjustments Bernardo Damele 2008-11-17 00:13:49 +0000
654aecedfe Minor layout adjustments, minor fixes and updated changelog Bernardo Damele 2008-11-17 00:00:54 +0000
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Bernardo Damele 2008-11-15 23:41:31 +0000
84cbc60659 Major bug fix to correctly handle httplib.BadStatusLine exception. Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.) Updated user's manual. Bernardo Damele 2008-11-15 12:25:19 +0000
4bf1fcb8ec Minor layout adjustment Bernardo Damele 2008-11-15 01:10:29 +0000
0bd5b52d95 Minor fixes Bernardo Damele 2008-11-13 00:03:04 +0000
ecc4a98071 Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. Bernardo Damele 2008-11-12 23:44:09 +0000
9329f8c9c4 Minor enhancement to be able to enumerate table columns and dump table entries also if the database name is not provided by using the current database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle. Minor bug fix so that when the user provide as SELECT statement to be processed an asterisk, now it also work if in the FROM there is no database name specified. Minor layout adjustments. Bernardo Damele 2008-11-12 22:53:25 +0000
81ed7c2086 Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments. Bernardo Damele 2008-11-12 00:36:50 +0000
13f76cfe3b Adjusted unhandled exception error message Bernardo Damele 2008-11-11 14:08:40 +0000
e1385eb2bf Removed useless W3C reference for CSS/HTML validation Bernardo Damele 2008-11-09 19:00:54 +0000
0c5d3df546 sqlmap 0.6.3-rc1: * Minor enhancement to be able to specify the number of seconds to wait between each HTTP request. * Minor bug fix to handle session.error and session.timeout in HTTP requests. * Updated documentation. Bernardo Damele 2008-11-09 16:57:47 +0000
544ced52b5 Name adjustment Bernardo Damele 2008-11-04 19:56:07 +0000
2a01de3f0b Minor bug fix to correctly dump table entries when the column is provided Bernardo Damele 2008-11-04 19:54:44 +0000
be599d5a33 Updated documentation and minor fix in update functionality Bernardo Damele 2008-11-04 16:33:13 +0000
359b28bbaf Updated documentation Bernardo Damele 2008-11-04 16:09:12 +0000
0f79ec0088 Minor bug fix in MySQL comment injection fingerprint technique Bernardo Damele 2008-11-04 16:05:43 +0000
278f0aad7c Documentation updated Bernardo Damele 2008-11-03 01:23:55 +0000
95d2a0fcd1 Updated documentation 0.6.2 Bernardo Damele 2008-11-02 22:25:48 +0000
04474e3232 Updated ChangeLog Bernardo Damele 2008-11-02 22:20:02 +0000
8d130f12a0 Major bug fix to correctly update sqlmap to the latest stable release with command line --update Bernardo Damele 2008-11-02 22:16:54 +0000
bfe1863731 Updated Microsoft SQL Server XML versions file Bernardo Damele 2008-11-02 22:11:35 +0000
de980ae79f Updated site and doc to 0.6.2 Bernardo Damele 2008-11-02 20:23:06 +0000
56a5e8d390 Updated sqlmap packaging scripts, site and documentation, almost ready for sqlmap 0.6.2 Bernardo Damele 2008-11-02 20:12:50 +0000
67e1be07a4 Added a JSP backdoor (GET /.../backdoor.jsp?cmd=<os command>) for long term new features for OS commanding Bernardo Damele 2008-11-02 19:32:04 +0000
3d81f60962 Updated documentation Bernardo Damele 2008-11-02 19:29:50 +0000
206191d164 Major bug fix so that when the expected value of a query (count variable) is an integer and for some reason the resumed value from session file is a string or a binary file, the query is executed again and and its new output saved to the session file Bernardo Damele 2008-11-02 19:21:19 +0000
03b90e0a3f Be more user friendly on messages and minor code layout improvement Bernardo Damele 2008-11-02 18:23:42 +0000
09ca578ca1 Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option; Bernardo Damele 2008-11-02 18:17:12 +0000
91a47246f8 Minor bug fix to correctly handle --start and --stop Bernardo Damele 2008-11-02 14:39:38 +0000
e2a0f7a47b Fix typo Bernardo Damele 2008-10-30 23:20:14 +0000
7ad9639ed0 Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3 Bernardo Damele 2008-10-29 15:32:12 +0000
a19229cbd8 Updated documentation Bernardo Damele 2008-10-29 11:42:04 +0000
5e47518983 Minor layout fix Bernardo Damele 2008-10-28 00:09:03 +0000
4eef34c532 Updated documentation Bernardo Damele 2008-10-28 00:08:00 +0000
9895338630 Major bug fix following the last commit Bernardo Damele 2008-10-27 23:56:02 +0000
eb6e6f4d03 Major bug fix when the request is POST to also send the GET parameters in the request if they've been provided Bernardo Damele 2008-10-27 15:42:32 +0000
5d5bfaf3db Updated changelog Bernardo Damele 2008-10-26 20:07:22 +0000
56383cfaad Updated documentation and removed svn:keyword Bernardo Damele 2008-10-26 19:12:17 +0000
342a5436f4 Minor enhancement to be able to dump entries also on MySQL < 5.0 when DB name, table name and column(s) are provided Bernardo Damele 2008-10-26 17:07:55 +0000
2fcbb57e1c Minor code restyling Bernardo Damele 2008-10-26 17:00:07 +0000
4b02ed45fa Due to last commit.. Bernardo Damele 2008-10-26 16:45:36 +0000
5216fb6e02 Major bug fix so that the users' privileges enumeration now works properly also on MySQL < 5.0 (fix a traceback) Bernardo Damele 2008-10-26 16:45:14 +0000
fce61ff950 Minor if condition adjustment Bernardo Damele 2008-10-26 16:25:28 +0000
8f5fb5657d Major improvement to correctly enumerate tables, columns and dump tables entries on PostgreSQL when the database name is not 'public' or a system database and on Oracle. Minor code restyle. Bernardo Damele 2008-10-26 16:19:15 +0000
e07e48efb2 Major bug fix to correctly dump tables entries Bernardo Damele 2008-10-26 16:10:28 +0000
fc28372596 Added a comment Bernardo Damele 2008-10-26 16:06:43 +0000
fee52bce3e Minor improvements to sqlmap msf3 auxiliary modules based on Efrain Torres' commit on msf3 trunk, http://metasploit.com/dev/trac/changeset/5787 Bernardo Damele 2008-10-25 19:43:13 +0000
fcc16b2346 Updated site, documentation (dev and user) and packaging scripts for 0.6.1 Bernardo Damele 2008-10-20 13:43:18 +0000
6ddb5afef9 Adapted to latest enhancements Bernardo Damele 2008-10-20 10:13:03 +0000
38f13932bc Minor improvements to queries Bernardo Damele 2008-10-20 10:09:37 +0000
fe6e29fbf6 Minor updates to the user's manual, need still to write on new enhancements Bernardo Damele 2008-10-17 15:50:36 +0000
016118ce7a Some more fixes and adjustments before 0.6.1 release. Bernardo Damele 2008-10-17 15:26:43 +0000
1f3ffc8ef7 Minor layout adjustment Bernardo Damele 2008-10-17 13:23:24 +0000
66136b48c0 Minor fixes.. should work also for Cookie now the % parsing Bernardo Damele 2008-10-17 11:51:12 +0000
e2fedd3b46 Minor layout adjustment Bernardo Damele 2008-10-16 16:39:24 +0000
f90a7cce28 Minor fix to urldecode %3d and any other urlencoded values in target url, posted data and cookie Bernardo Damele 2008-10-16 16:31:20 +0000
41f8acf0fd Updated documentation Bernardo Damele 2008-10-16 15:41:26 +0000
e5aa557bd4 Minor fix Bernardo Damele 2008-10-16 15:39:25 +0000
a5b2366033 Implemented a better way to deal with % characters in parameters' value. Minor code restyle. Bernardo Damele 2008-10-16 15:31:02 +0000
d664f0387e Fixed a bug reported by Bedirhan Urgun <bedirhanurgun@gmail.com> Bernardo Damele 2008-10-16 14:01:14 +0000
962d63eff5 Improved the message to display in case of unhandled exception Bernardo Damele 2008-10-16 14:00:39 +0000
892a7b2f8a propsets.. Bernardo Damele 2008-10-15 15:56:32 +0000
8e3eb45510 After the storm, a restore.. Bernardo Damele 2008-10-15 15:38:22 +0000