sqlmap

sqlmapproject/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-04 09:14:17 +03:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

revert-5260-master

revert-5598-master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5625

#5649

#5658

#5665

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5845

#5849

#5849

#5852

#5852

#5859

#5860

#5864

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5883

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.2

1.9.3

1.9.4

3197fada59 update of IDS checking method Miroslav Stampar 2010-01-25 10:06:52 +0000
952c280083 Added svn keyword Bernardo Damele 2010-01-25 09:21:39 +0000
e689c2ec99 another minor fix (svn header comment) Miroslav Stampar 2010-01-25 00:29:19 +0000
44a74ccee8 minor grammar fix Miroslav Stampar 2010-01-25 00:26:51 +0000
b183b9cbb4 contains method for detecting if the generated payload is detectable by the PHPIDS filter rules Miroslav Stampar 2010-01-25 00:25:58 +0000
a4d8234875 minor update Miroslav Stampar 2010-01-24 14:23:19 +0000
98205cc488 another fix for Bug #148 Miroslav Stampar 2010-01-23 23:29:34 +0000
39652bfbf4 update regarding Unicode char logging (Bug #148) Miroslav Stampar 2010-01-23 15:36:55 +0000
97840535c6 fix for situations where proxy is set in environment, but the user tries to test something on localhost Miroslav Stampar 2010-01-19 13:47:35 +0000
49146e573a Added sys_fileread() for PostgreSQL --read-file binary Bernardo Damele 2010-01-19 13:37:04 +0000
574880ba73 Warn user of HTTP error codes in HTTP responses Bernardo Damele 2010-01-19 10:27:54 +0000
b4ce8fe361 Updated ChangeLog file Bernardo Damele 2010-01-18 15:43:06 +0000
e4bd0eb92d Updated MSSQL xml signatures file Bernardo Damele 2010-01-18 15:24:59 +0000
5c58747740 More tweaking on --update Bernardo Damele 2010-01-18 15:20:50 +0000
051db588a5 Minor tweaking to --update Bernardo Damele 2010-01-18 14:59:24 +0000
44adbc5776 changes regarding Feature #125 Miroslav Stampar 2010-01-18 14:05:23 +0000
2825ab5e4e Major bug fix in url-encoding Bernardo Damele 2010-01-16 21:56:40 +0000
c18a5cb92f Fixed a minor bug when displaying requested page in -v >= 3 Bernardo Damele 2010-01-16 21:47:52 +0000
f337cd6e0a Minor speedup to check if sqlmap's UDF have already been created Bernardo Damele 2010-01-16 21:46:35 +0000
6d697d60b2 Minor adjustment Bernardo Damele 2010-01-15 18:00:15 +0000
4ce3abc56d Minor adjustments Bernardo Damele 2010-01-15 17:42:46 +0000
1a764e1f08 minor commit Miroslav Stampar 2010-01-15 16:10:21 +0000
5f171340f5 introduced safe string formatting Miroslav Stampar 2010-01-15 16:06:59 +0000
dcf0b2a3c1 minor update Miroslav Stampar 2010-01-15 11:45:48 +0000
f5c422efb4 updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before Miroslav Stampar 2010-01-15 11:44:05 +0000
505647b00f Minor bug fix to --cookie-urlencode Bernardo Damele 2010-01-15 11:24:30 +0000
c4215ce8d2 Minor code refactoring Bernardo Damele 2010-01-14 20:42:45 +0000
26c7b74e65 changes regarding Data (GET/POST/Cookie) encoding (Bug #129) Miroslav Stampar 2010-01-14 18:05:03 +0000
1d968f51e9 More code refactoring Bernardo Damele 2010-01-14 15:11:32 +0000
c9863bc1d2 Minor code refactoring Bernardo Damele 2010-01-14 14:33:08 +0000
070ccc30e9 Added automatic support in --os-pwn to use the web uploader/backdoor to upload and execute the Metasploit payload stager when stacked queries SQL injection is not supported, for instance on MySQL/PHP and MySQL/ASP. Updated ChangeLog. Major code refactoring. Bernardo Damele 2010-01-14 14:03:16 +0000
1febdcac9b Added support for takeover functionalities on PgSQL 8.4 running on Linux too. Recompilation of MySQL shared object with MySQL 5.1 development libraries on Debian 5.3. Tweaked the UDF compilation/installation files for both MySQL and PgSQL. Bernardo Damele 2010-01-14 10:50:03 +0000
d4d26b59eb Merged UDF Linux and Windows development environments Bernardo Damele 2010-01-14 01:51:20 +0000
746cbdba96 Added support for takeover functionalities on PgSQL 8.4 running on Windows Bernardo Damele 2010-01-14 01:40:11 +0000
1100b37feb Minor adjustments to UDF source code and file system structure Bernardo Damele 2010-01-14 00:46:48 +0000
2915b5d7e9 Partial cleanup of UDF source code path Bernardo Damele 2010-01-13 23:18:17 +0000
625cc5cc0d Slight update to the shared libraries (UDF dlls). Bernardo Damele 2010-01-13 21:28:05 +0000
b4ddfe8333 Minor bug fixed (variable undeclared) Bernardo Damele 2010-01-13 21:26:59 +0000
50bbb0cf8a Deprecate sqlmap update code, will use pysvn to update from latest development version from subversion repository. Bernardo Damele 2010-01-13 14:52:23 +0000
9c9988c375 Updated MSSQL xml signatures file Bernardo Damele 2010-01-13 14:50:13 +0000
055b14a11a Updated Changelog Bernardo Damele 2010-01-13 12:14:29 +0000
0ad43952bd Minor bug fix Bernardo Damele 2010-01-12 23:56:43 +0000
f9f418b479 minor modification of a sample in sqlmap.conf Miroslav Stampar 2010-01-12 14:24:58 +0000
3434a22872 HTTP header HOST is now mandatory in a HTTP request file Miroslav Stampar 2010-01-12 14:07:58 +0000
a193205323 minor update regarding requestFile option Miroslav Stampar 2010-01-12 14:01:58 +0000
8817b2884f minor update Miroslav Stampar 2010-01-12 13:16:30 +0000
a58b36fe07 code commit regarding Feature #119 Miroslav Stampar 2010-01-12 13:11:26 +0000
4a72ad113a Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups. Bernardo Damele 2010-01-12 11:44:47 +0000
c7e1649655 Minor speedup Bernardo Damele 2010-01-12 11:43:32 +0000
3a9f685e18 Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x. Bernardo Damele 2010-01-12 11:21:28 +0000
df36eb6d11 Minor bug fix in --resume functionality Bernardo Damele 2010-01-11 14:16:37 +0000
4512ef56d1 Minor bug fixes Bernardo Damele 2010-01-11 13:06:16 +0000
80bd146696 Added support for --dump with -C also on MSSQL Bernardo Damele 2010-01-10 19:12:54 +0000
e5dc3f51c8 Display a better message for the moment while working on support for --dump -C on MSSQL Bernardo Damele 2010-01-10 00:30:45 +0000
6c1b31d93c Adjusted --columns with -C also for Microsoft SQL Server Bernardo Damele 2010-01-10 00:21:03 +0000
ef1180c3c2 Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment Bernardo Damele 2010-01-09 21:39:10 +0000
12f371cd65 Minor bug fix and improvement in displaying of enumerated columns in --dump -C Bernardo Damele 2010-01-09 21:37:44 +0000
dc04fa7f06 Minor layout adjustments Bernardo Damele 2010-01-09 21:08:47 +0000
d58ba7ee6d added --scope feature regarding Feature #105 Miroslav Stampar 2010-01-09 20:44:50 +0000
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns. --columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'. Minor enhancements. Minor bug fixes. 0.8-rc4 Bernardo Damele 2010-01-09 00:05:00 +0000
6a62a78b0a More generic Bernardo Damele 2010-01-08 23:50:06 +0000
067cc07fb9 Make 'field' parameter in limitQuery() method to be option Bernardo Damele 2010-01-08 23:23:15 +0000
5c20462155 minor update Miroslav Stampar 2010-01-07 13:10:26 +0000
82222fcd3a minor update of help text Miroslav Stampar 2010-01-07 13:09:14 +0000
d07f60578c implementation of Feature #17 Miroslav Stampar 2010-01-07 12:59:09 +0000
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT Bernardo Damele 2010-01-05 16:15:31 +0000
954a927cee Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 Bernardo Damele 2010-01-05 11:43:16 +0000
71547a3496 getDocRoot changes Miroslav Stampar 2010-01-05 11:30:33 +0000
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. Bernardo Damele 2010-01-04 15:02:56 +0000
473024bd6e Newline Bernardo Damele 2010-01-04 14:03:31 +0000
6319eb6e5c just added PGP Key ID Miroslav Stampar 2010-01-04 13:08:40 +0000
232f927dd0 Slightly updated the documentation Bernardo Damele 2010-01-04 12:53:58 +0000
d71e47ce56 fix regarding dirnames in Feature #110 Miroslav Stampar 2010-01-04 12:39:07 +0000
2eb24c6368 Avoid useless queries Bernardo Damele 2010-01-04 12:35:53 +0000
236ca9b952 Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). Bernardo Damele 2010-01-04 10:47:09 +0000
96a033b51d found and fixed few bugs regarding my "fix" of Bug #110 Miroslav Stampar 2010-01-03 15:56:29 +0000
d5b1863dec Updated documentation and svn properties Bernardo Damele 2010-01-02 02:07:28 +0000
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 0.8-rc3 Bernardo Damele 2010-01-02 02:02:12 +0000
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. Bernardo Damele 2010-01-02 01:35:13 +0000
9c620da0a5 Minor fix Bernardo Damele 2009-12-31 12:34:18 +0000
c1c14dabd9 Minor bug fix Bernardo Damele 2009-12-21 11:21:18 +0000
e6c4154cac Fixed minor bug in --reg-del Bernardo Damele 2009-12-21 11:04:54 +0000
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 0.8-rc2 Bernardo Damele 2009-12-17 22:04:01 +0000
a605980d66 Minor adjustments to configuration file Bernardo Damele 2009-12-15 14:16:25 +0000
b363f1c5ab Added support for NTLM authentication Bernardo Damele 2009-12-02 22:54:39 +0000
e28b98a366 Minor layout adjustments Bernardo Damele 2009-12-02 22:52:17 +0000
c332c72808 Minor update to user's manual to reflect new Metasploit release Bernardo Damele 2009-11-17 23:36:18 +0000
6e36a6f8ed Major enhancement to MSSQL MS09-004 exploit Bernardo Damele 2009-11-17 23:33:20 +0000
4779a5fe0f Minor layout adjustment Bernardo Damele 2009-11-16 16:39:31 +0000
1bf6a7cadc Adapted sqlmap to latest changes in Metasploit trunk Bernardo Damele 2009-11-03 16:49:19 +0000
aa14bea051 Test again Bernardo Damele 2009-11-01 12:30:30 +0000
e518ae82e4 Testing post-commit hook on redmine Bernardo Damele 2009-11-01 12:28:33 +0000
bfd8128693 Updated name Bernardo Damele 2009-11-01 12:10:29 +0000
de68a499f5 Typo fix Bernardo Damele 2009-11-01 12:08:46 +0000
bb123b2769 Updated changelog Bernardo Damele 2009-10-23 10:20:47 +0000
f1a7d095aa Minor patch to make the PHP web backdoor work also on Windows Bernardo Damele 2009-10-22 16:25:19 +0000
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. Bernardo Damele 2009-09-25 23:03:45 +0000
458d59416c Minor bug fix in MSSQL version fingerprint Bernardo Damele 2009-08-11 09:16:20 +0000
14578a7a4d Updated THANKS file Bernardo Damele 2009-07-30 12:02:34 +0000
17289c5ff2 Minor bug fix Bernardo Damele 2009-07-30 12:01:23 +0000