sqlmap

sqlmapproject/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-25 15:39:48 +03:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5649

#5658

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5849

#5849

#5852

#5859

#5860

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5890

#5893

#5910

#5913

#5923

#5923

#5930

#5931

#5932

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

3434a22872 HTTP header HOST is now mandatory in a HTTP request file Miroslav Stampar 2010-01-12 14:07:58 +0000
a193205323 minor update regarding requestFile option Miroslav Stampar 2010-01-12 14:01:58 +0000
8817b2884f minor update Miroslav Stampar 2010-01-12 13:16:30 +0000
a58b36fe07 code commit regarding Feature #119 Miroslav Stampar 2010-01-12 13:11:26 +0000
4a72ad113a Enhancements to PostgreSQL active fingerprint, now it covers also PostgreSQL 8.4 and minor speedups. Bernardo Damele 2010-01-12 11:44:47 +0000
c7e1649655 Minor speedup Bernardo Damele 2010-01-12 11:43:32 +0000
3a9f685e18 Enhancements to MySQL active fingerprint and comment injection fingerprint, now it covers also MySQL 5.5.x and improved on MySQL 5.1.x. Bernardo Damele 2010-01-12 11:21:28 +0000
df36eb6d11 Minor bug fix in --resume functionality Bernardo Damele 2010-01-11 14:16:37 +0000
4512ef56d1 Minor bug fixes Bernardo Damele 2010-01-11 13:06:16 +0000
80bd146696 Added support for --dump with -C also on MSSQL Bernardo Damele 2010-01-10 19:12:54 +0000
e5dc3f51c8 Display a better message for the moment while working on support for --dump -C on MSSQL Bernardo Damele 2010-01-10 00:30:45 +0000
6c1b31d93c Adjusted --columns with -C also for Microsoft SQL Server Bernardo Damele 2010-01-10 00:21:03 +0000
ef1180c3c2 Ask also which table(s) to enumerate from when --dump and -C are provided (but not -T) and minor layout adjustment Bernardo Damele 2010-01-09 21:39:10 +0000
12f371cd65 Minor bug fix and improvement in displaying of enumerated columns in --dump -C Bernardo Damele 2010-01-09 21:37:44 +0000
dc04fa7f06 Minor layout adjustments Bernardo Damele 2010-01-09 21:08:47 +0000
d58ba7ee6d added --scope feature regarding Feature #105 Miroslav Stampar 2010-01-09 20:44:50 +0000
f316e722c1 sqlmap 0.8-rc4: --dump option now can also accept only -C: user can provide a string column and sqlmap will enumerate all databases, tables and columns that contain the 'provided_string' or '%provided_string%' then ask the user to dump the entries of only those columns. --columns now accepts also -C option: user can provide a string column and sqlmap will enumerate all columns of a specific table like '%provided_string%'. Minor enhancements. Minor bug fixes. 0.8-rc4 Bernardo Damele 2010-01-09 00:05:00 +0000
6a62a78b0a More generic Bernardo Damele 2010-01-08 23:50:06 +0000
067cc07fb9 Make 'field' parameter in limitQuery() method to be option Bernardo Damele 2010-01-08 23:23:15 +0000
5c20462155 minor update Miroslav Stampar 2010-01-07 13:10:26 +0000
82222fcd3a minor update of help text Miroslav Stampar 2010-01-07 13:09:14 +0000
d07f60578c implementation of Feature #17 Miroslav Stampar 2010-01-07 12:59:09 +0000
80df1fdcf9 Minor bug fix with --sql-query/shell when providing a statement with DISTINCT Bernardo Damele 2010-01-05 16:15:31 +0000
954a927cee Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 Bernardo Damele 2010-01-05 11:43:16 +0000
71547a3496 getDocRoot changes Miroslav Stampar 2010-01-05 11:30:33 +0000
bb61010a45 Avoid useless checks for --os-bof (no need to check for DBA or for xp_cmdshell). Minor code restyling. Bernardo Damele 2010-01-04 15:02:56 +0000
473024bd6e Newline Bernardo Damele 2010-01-04 14:03:31 +0000
6319eb6e5c just added PGP Key ID Miroslav Stampar 2010-01-04 13:08:40 +0000
232f927dd0 Slightly updated the documentation Bernardo Damele 2010-01-04 12:53:58 +0000
d71e47ce56 fix regarding dirnames in Feature #110 Miroslav Stampar 2010-01-04 12:39:07 +0000
2eb24c6368 Avoid useless queries Bernardo Damele 2010-01-04 12:35:53 +0000
236ca9b952 Major bug fix: --os-shell web backdoor functionality is now fixed (was broken since changeset r859). Bernardo Damele 2010-01-04 10:47:09 +0000
96a033b51d found and fixed few bugs regarding my "fix" of Bug #110 Miroslav Stampar 2010-01-03 15:56:29 +0000
d5b1863dec Updated documentation and svn properties Bernardo Damele 2010-01-02 02:07:28 +0000
ce022a3b6e sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup. 0.8-rc3 Bernardo Damele 2010-01-02 02:02:12 +0000
d55175a340 Fixed resume functionality on --read-file when using MySQL's LOAD_FILE() via blind SQL injection. Bernardo Damele 2010-01-02 01:35:13 +0000
9c620da0a5 Minor fix Bernardo Damele 2009-12-31 12:34:18 +0000
c1c14dabd9 Minor bug fix Bernardo Damele 2009-12-21 11:21:18 +0000
e6c4154cac Fixed minor bug in --reg-del Bernardo Damele 2009-12-21 11:04:54 +0000
e4e081cdc6 sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update. 0.8-rc2 Bernardo Damele 2009-12-17 22:04:01 +0000
a605980d66 Minor adjustments to configuration file Bernardo Damele 2009-12-15 14:16:25 +0000
b363f1c5ab Added support for NTLM authentication Bernardo Damele 2009-12-02 22:54:39 +0000
e28b98a366 Minor layout adjustments Bernardo Damele 2009-12-02 22:52:17 +0000
c332c72808 Minor update to user's manual to reflect new Metasploit release Bernardo Damele 2009-11-17 23:36:18 +0000
6e36a6f8ed Major enhancement to MSSQL MS09-004 exploit Bernardo Damele 2009-11-17 23:33:20 +0000
4779a5fe0f Minor layout adjustment Bernardo Damele 2009-11-16 16:39:31 +0000
1bf6a7cadc Adapted sqlmap to latest changes in Metasploit trunk Bernardo Damele 2009-11-03 16:49:19 +0000
aa14bea051 Test again Bernardo Damele 2009-11-01 12:30:30 +0000
e518ae82e4 Testing post-commit hook on redmine Bernardo Damele 2009-11-01 12:28:33 +0000
bfd8128693 Updated name Bernardo Damele 2009-11-01 12:10:29 +0000
de68a499f5 Typo fix Bernardo Damele 2009-11-01 12:08:46 +0000
bb123b2769 Updated changelog Bernardo Damele 2009-10-23 10:20:47 +0000
f1a7d095aa Minor patch to make the PHP web backdoor work also on Windows Bernardo Damele 2009-10-22 16:25:19 +0000
89c43893d4 Merged back from personal branch to trunk (svn merge -r846:940 ...) Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring. Bernardo Damele 2009-09-25 23:03:45 +0000
458d59416c Minor bug fix in MSSQL version fingerprint Bernardo Damele 2009-08-11 09:16:20 +0000
14578a7a4d Updated THANKS file Bernardo Damele 2009-07-30 12:02:34 +0000
17289c5ff2 Minor bug fix Bernardo Damele 2009-07-30 12:01:23 +0000
e608a5ca55 Updated THANKS file Bernardo Damele 2009-07-29 10:44:56 +0000
19c6804ded Fixed two minor bugs with PostgreSQL reported by Sven Klemm, thanks! Bernardo Damele 2009-07-29 10:44:24 +0000
2c98c11e80 user's manual PDF recreated 0.7 Bernardo Damele 2009-07-25 16:46:30 +0000
45e3ce798f Updated documentation with all new features introduced since sqlmap 0.7-rc1 Bernardo Damele 2009-07-25 14:31:44 +0000
d905e5ef9f Minor bug fix to --os-cmd/--os-shell for Microsoft SQL Server Bernardo Damele 2009-07-25 11:45:23 +0000
576cc97742 Minor update to the user's manual, almost there to release 0.7 stable! Bernardo Damele 2009-07-25 00:25:59 +0000
b2b2ec8a26 Preparing to release sqlmap 0.7 stable Bernardo Damele 2009-07-24 23:20:57 +0000
3d4bfb3263 More appropriate warning message, got rid of a TODO Bernardo Damele 2009-07-24 23:20:22 +0000
b4fd71e8b9 Minor adjustment to reflect Metasploit r6849 (http://trac.metasploit.com/changeset/6849) and minor code refactoring. Bernardo Damele 2009-07-20 14:36:33 +0000
8096a37940 Major bug fix in --read-file option and minor code refactoring. Bernardo Damele 2009-07-09 11:50:15 +0000
cb3d2bac16 Minor improvement so that sqlmap tests also all parameters with no value (ig. par=). Bernardo Damele 2009-07-09 11:25:35 +0000
516fdb9356 Avoid to upload the web backdoor to unexisting empty-name directory Bernardo Damele 2009-07-09 11:11:25 +0000
24a3a23159 Minor bug fix to --dbms, updated user's manual Bernardo Damele 2009-07-09 11:05:24 +0000
4b622ed860 Minor bug fix. Adapted Metasploit wrapping functions to work with latest msf3 development version too. Bernardo Damele 2009-07-06 14:40:33 +0000
0fc4587f02 Added support for reflective meterpreter by default when the target OS is Windows and minor layout fix Bernardo Damele 2009-07-03 17:59:20 +0000
ba2e009fd9 Now it's fixed Bernardo Damele 2009-06-29 10:15:10 +0000
bc31bd1dd9 Minor bug fix Bernardo Damele 2009-06-29 10:13:39 +0000
fd7de4bbb8 Updated THANKS file Bernardo Damele 2009-06-24 13:57:50 +0000
3b9303186e Fixed minor bug with --eta Bernardo Damele 2009-06-24 13:44:14 +0000
e5a01d500e Minor bug fix in --update option, updated also Microsoft XML versions file Bernardo Damele 2009-06-16 15:12:02 +0000
32067cb676 Added ASPX shell and stager Bernardo Damele 2009-06-15 14:54:36 +0000
03a6739fbf Minor layout adjustments Bernardo Damele 2009-06-11 15:34:31 +0000
150abc0f1e sqlmap 0.7-rc3: Reset takeover OOB features (if any of --os-pwn, --os-smbrelay or --os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter. Correctly handle fcntl to be imported only on systems different from Windows. Minor code refactoring. Bernardo Damele 2009-06-11 15:01:48 +0000
3bca0d4b28 Minor improvement so that user's options can also be passed directly as a dictionary/advancedDict rather than only as an optparse instance. Bernardo Damele 2009-06-05 10:15:55 +0000
5ac2b0658c Fixed regular expression to parse burp log file hosts' scheme/port Bernardo Damele 2009-06-04 14:42:53 +0000
cfd8a83655 Minor adjustment to get also the port when parsing burp logs Bernardo Damele 2009-06-04 14:36:31 +0000
966f34f381 Minor parsing syntax adjustment due to sligh differences between Burp 1.2 lite and professional editions Bernardo Damele 2009-06-03 15:26:18 +0000
c7b72abc0e Minor bug fix in parsing Burp (WebScarab too?) log to correctly parse httpS urls Bernardo Damele 2009-06-03 15:04:40 +0000
02f6425db8 Work-around to avoid a TypeError traceback when reading a file content on MySQL/MSSQL Bernardo Damele 2009-06-02 14:24:48 +0000
93ee4a01e5 HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+ Bernardo Damele 2009-05-20 14:27:25 +0000
81d1a767ac Minor bug fix in output manager (dumper) object Bernardo Damele 2009-05-20 13:56:23 +0000
8e7282f7c7 Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6. Bernardo Damele 2009-05-20 13:51:25 +0000
440a52b84d Major bug fix to sql-query/sql-shell functionalities Bernardo Damele 2009-05-20 10:19:19 +0000
37d3b3adda Updated THANKS Bernardo Damele 2009-05-20 09:58:22 +0000
13de8366d0 Major silent bug fix to multi-threading functionality. Thanks Nico Leidecker for reporting! Bernardo Damele 2009-05-20 09:34:13 +0000
f7ee4d578e Updated THANKS file Bernardo Damele 2009-05-19 15:56:30 +0000
ef3846e0de Minor fix in Host header value by Oliver Gruskovnjak Bernardo Damele 2009-05-19 14:40:04 +0000
45dff4a00a Added new function to search a file within the PATH environment variable paths: it will be used when sqlmap will be packaged as DEB and RPM Bernardo Damele 2009-05-12 20:24:47 +0000
b463205544 Minor fixes for MacOSX Bernardo Damele 2009-05-12 20:24:00 +0000
06cc2a6d70 Minor bug fixes and code refactoring Bernardo Damele 2009-05-11 15:37:48 +0000
a727427299 Minor fix for Python <= 2.5.2 (os.path.normpath function) Bernardo Damele 2009-05-06 13:37:51 +0000
c5d20b8a86 Initial support for ASP web backdoor functionality Bernardo Damele 2009-05-06 12:14:38 +0000
f3e8d6db70 Fixed MySQL comment injection Bernardo Damele 2009-05-01 16:29:45 +0000