sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-12 13:14:20 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • bc448211c5 Minor layout adjustment Bernardo Damele 2009-01-13 23:15:23 +0000
  • 73e713c5ba Minor adjustments Bernardo Damele 2009-01-12 23:59:07 +0000
  • 26cb082fc3 Added a README for dbgtool Bernardo Damele 2009-01-12 23:17:15 +0000
  • de393628d0 Added dbgtool to extras, a port in python of toolcrypt.org dbgtool. Inspired by sqlninja perl script makescr.pl. Bernardo Damele 2009-01-12 23:02:02 +0000
  • 5560f0b68a Updated the copyright Bernardo Damele 2009-01-12 21:35:38 +0000
  • 92645dd264 Minor adjustment Bernardo Damele 2009-01-10 14:51:12 +0000
  • 9b0f11f879 Added an ASP uploader Bernardo Damele 2009-01-10 14:40:04 +0000
  • e10ab5aa0e Major bug fixes Bernardo Damele 2009-01-10 14:39:27 +0000
  • 9c125a2b57 Minor improvement to use Python ConfigParser library when --save if specified. Minor update to the user's manual Bernardo Damele 2009-01-03 22:59:22 +0000
  • 6ff8feb5cf Updated documentation Bernardo Damele 2009-01-03 01:25:43 +0000
  • d0604ef513 Major bug fix to correctly handle custom SQL "limited" queries on Oracle Bernardo Damele 2009-01-03 01:19:04 +0000
  • 2d87a3349f Fixed custom MSSQL "limited" query support also for Partial UNION query technique Bernardo Damele 2009-01-03 00:27:04 +0000
  • 9c42a883be Major bug fix to make it work properly with MSSQL custom limited (SELECT TOP ...) queries with both inferential blind and Full UNION query injection Bernardo Damele 2009-01-02 23:26:45 +0000
  • 2cc3bb2f6a Minor improvement to PostgreSQL signatures file to identify Windows. Minor improvement to Microsoft SQL Server "limit" queries. Bernardo Damele 2009-01-02 23:23:55 +0000
  • 9e0d890171 Fixed MySQL 5.1 extensive fingerprint Bernardo Damele 2009-01-02 23:21:31 +0000
  • c1010c20d8 Minor adjustments Bernardo Damele 2008-12-30 21:24:01 +0000
  • a4d62af2ea Minor layout adjustments to --union-tech Bernardo Damele 2008-12-29 18:48:23 +0000
  • 9340bf59fb Updated Microsoft SQL Server signature XML file. Minor layout adjustments to --update output messages/diff Bernardo Damele 2008-12-29 18:46:43 +0000
  • 0e9873fd4f Preparing documentation for 0.6.4 Bernardo Damele 2008-12-29 18:44:20 +0000
  • c83593c044 Limited custom query now works also on Oracle in inferential blind SQL injection technique Bernardo Damele 2008-12-23 23:34:50 +0000
  • 24ddbdc89d Minor layout adjustment Bernardo Damele 2008-12-22 23:34:22 +0000
  • b0ad102efb Better fingerprint technique for Microsoft SQL Server Bernardo Damele 2008-12-22 23:32:43 +0000
  • 79c8d63b88 Major speed increase in DBMS basic fingerprint Bernardo Damele 2008-12-22 23:26:44 +0000
  • 64bb57d786 Minor bug fix to make the Partial UNION query SQL injection technique work properly also on Oracle and Microsoft SQL Server. Bernardo Damele 2008-12-22 22:48:44 +0000
  • 1f7810e46a Major bug fix to make partial UNION query sql injection work properly also on Microsoft SQL Server Bernardo Damele 2008-12-22 19:36:01 +0000
  • 064029cb2d Addd one more MS Access signature Bernardo Damele 2008-12-22 19:35:13 +0000
  • 04c187c66a Working on a bug (fix for Partial UNION query SQL injection technique both Oracle and Microsoft SQL Server). Bernardo Damele 2008-12-22 00:51:09 +0000
  • 2f406b3e56 Minor adjustments Bernardo Damele 2008-12-22 00:04:28 +0000
  • c05f600e90 Minor fix Bernardo Damele 2008-12-21 21:40:09 +0000
  • 4ae464c80d Minor enhancement to support an option (--union-tech) to specify the technique to use to detect the number of columns used in the web application SELECT statement: NULL bruteforcing (default) or ORDER BY clause. Bernardo Damele 2008-12-21 21:39:53 +0000
  • f92b76a8b0 Minor bug fix Bernardo Damele 2008-12-21 16:39:40 +0000
  • 374b9ba878 Updated documentation based upon recent developments Bernardo Damele 2008-12-21 16:35:45 +0000
  • 35708a0b97 Minor adjustment to UNION query SQL injection detection function. Updated command line help message based upon recent developments. Updated copyright note of lib/contrib/multipartpost.py. Bernardo Damele 2008-12-21 16:35:03 +0000
  • 996a872e51 We are already on sqlmap 0.6.4 release candidate 1.. Bernardo Damele 2008-12-20 13:23:26 +0000
  • c18efe5084 Minor adjustments Bernardo Damele 2008-12-20 13:21:47 +0000
  • 8d06975142 Major enhancement to make the comparison algorithm work properly also on url not stables automatically by using the difflib SequenceMatcher object: this changed a lot into the structure of the code, has to be extensively beta-tested! Please, do report bugs on sqlmap-users mailing list if you scout them. Cheers, Bernardo Bernardo Damele 2008-12-20 01:54:08 +0000
  • 7e8ac16245 Added preventive check for stacked queries support when executing DDL, DML & co. statements in SQL query and SQL shell. Minor improvements on this new feature. Increased default connection timeout to 30 seconds (needed for vmware machine not correctly synched). Bernardo Damele 2008-12-19 20:48:33 +0000
  • ad228e6947 Ahead with the improvements to the comparison algorithm. Added support internally to forge CASE statements, used only by --is-dba query at the moment. Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and SQL shell. Minor code adjustments. Bernardo Damele 2008-12-19 20:09:46 +0000
  • 68354be45a Ahead with enhancements on comparison algorithm: implemented content-length technique 0.6.3 Bernardo Damele 2008-12-18 22:49:35 +0000
  • afbd66f6d9 Added some comments Bernardo Damele 2008-12-18 21:58:05 +0000
  • d0d6632c22 Initial support to automatically work around the dynamic page at each refresh (Major refactor to the comparison algorithm (True/False response)) Bernardo Damele 2008-12-18 20:48:23 +0000
  • 3fe493b63d Minor enhancement to support an option (--is-dba) to show if the current user is a database management system administrator. Bernardo Damele 2008-12-18 20:41:11 +0000
  • c32ef9d751 Major bug fix to avoid tracebacks when multiple targets are specified and one of them is not reachable. Minor bug fix to make the --postfix work even if --prefix is not provided. Bernardo Damele 2008-12-18 20:38:57 +0000
  • 2efb3ae2ba Documentation updated, now ready for 0.6.3 release Bernardo Damele 2008-12-17 23:26:14 +0000
  • 6dec56d616 Major bug fix Bernardo Damele 2008-12-17 21:35:04 +0000
  • bb9079aa9d Minor documentation adjustments Bernardo Damele 2008-12-17 20:58:19 +0000
  • 94c79e3209 Updated documentation Bernardo Damele 2008-12-17 20:17:34 +0000
  • dda62ba463 Minor adjustments and bug fixes Bernardo Damele 2008-12-17 20:11:18 +0000
  • 7b55840b35 cleanup configuration INI file Bernardo Damele 2008-12-17 00:22:27 +0000
  • ec11f502df Site and documentation updated, ready to release 0.6.3 in two days Bernardo Damele 2008-12-17 00:19:01 +0000
  • 36d9ede001 Updated documentation, ready for sqlmap 0.6.3 release Bernardo Damele 2008-12-16 23:52:16 +0000
  • b7f2602b50 A bit more entropy in the sql injection detection Bernardo Damele 2008-12-16 23:51:56 +0000
  • 2b0ec1868d Updated documentation Bernardo Damele 2008-12-16 21:31:15 +0000
  • 4156181367 Minor fix Bernardo Damele 2008-12-16 21:31:01 +0000
  • 05a8c8d3bf Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option Bernardo Damele 2008-12-16 21:30:24 +0000
  • bf2a857b9a Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3. Bernardo Damele 2008-12-12 19:06:31 +0000
  • 072eb7154c Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup. Bernardo Damele 2008-12-10 17:23:07 +0000
  • 9dbad512f1 sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation. Bernardo Damele 2008-12-08 21:24:24 +0000
  • 15542d2772 Minor layout adjustment Bernardo Damele 2008-12-05 16:00:18 +0000
  • 38c9627700 Minor enhancemet to support also --regexp, --excl-str and --excl-reg options rather than only --string when comparing HTTP responses page content Bernardo Damele 2008-12-05 15:34:13 +0000
  • 78e8a83c11 Minor improvement to be able to provide CU as user value (-U) when enumerating users privileges or users passwords. Bernardo Damele 2008-12-05 15:32:59 +0000
  • 7f055924a7 sqlmap 0.6.3-rc4: Minor enhancement to be able to specify the number of seconds before timeout the connection, default is set to 10 seconds. Minor improvement to retry the HTTP request up to three times in case an exception is raised during the connection to the target url. Minor bug fix to correctly catch connection exceptions and notify to the user also if they occur within a thread. Minor code restyling. Updated documentation. Bernardo Damele 2008-12-04 17:40:03 +0000
  • 0f07e33e1a Removed REVISION, makes no sense. Import and use python psyco library to speed up if it's installed: it's optional. Bernardo Damele 2008-12-03 17:32:16 +0000
  • e3ddbe751f Minor code refactoring Bernardo Damele 2008-12-02 23:49:38 +0000
  • 4cb161ce4f Minor signatures adjustments Bernardo Damele 2008-12-02 23:48:07 +0000
  • b700485a1b Minor adjustment, still to work on the cookie urlencoding/decoding Bernardo Damele 2008-12-02 21:57:12 +0000
  • 578bcb9140 Initial support for partial UNION query sql injection Bernardo Damele 2008-12-02 21:56:23 +0000
  • f97585c593 Show also SVN revision in error message when a traceback raises. Fix typo. Bernardo Damele 2008-12-01 23:49:14 +0000
  • e75487a26c Reverted last commit, cleaner this way Bernardo Damele 2008-12-01 23:33:15 +0000
  • e2a805ef6a Minor workaround because of latest bug fix Bernardo Damele 2008-12-01 23:32:14 +0000
  • a777f1ca35 Minor bug fix Bernardo Damele 2008-12-01 23:27:51 +0000
  • 034a3f387a Minor improvement when testing for UNION query SQL injection to check only without comment and with DBMS specific comment (not anymore "random" unspecific comment characters) Bernardo Damele 2008-12-01 23:09:07 +0000
  • 3cf1658532 Increased default output level from 0 to 1 Bernardo Damele 2008-12-01 23:07:41 +0000
  • 428612b431 Comment and layout adjustments Bernardo Damele 2008-12-01 23:04:01 +0000
  • beea58f2e9 Updated MySQL versions Bernardo Damele 2008-12-01 23:02:52 +0000
  • e967b13378 Minor adjustment to command line usage message Bernardo Damele 2008-11-27 23:06:02 +0000
  • 6e548eb2ec Completed support to get the list of targets from WebScarab/Burp proxies log file and updated the documentation Bernardo Damele 2008-11-27 22:33:33 +0000
  • 785352d700 Minor adjustments to signatures Bernardo Damele 2008-11-27 22:31:43 +0000
  • dc1f2deb74 Minor bug fix to correctly enumerate columns on Microsoft SQL Server. Minor adjustments to XML signatures. Updated documentation. Bernardo Damele 2008-11-25 11:33:44 +0000
  • f2737ad0a3 Updated work on multiple targets support (works for WebScarab conversations/ folder, still to work out for Burp log file). Major bug fix in the controller library. Bernardo Damele 2008-11-22 01:57:22 +0000
  • 9be844cf3e Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l. Bernardo Damele 2008-11-20 17:56:09 +0000
  • 80425c9ccd Minor adjustment to ETA feature Bernardo Damele 2008-11-20 11:13:04 +0000
  • 8f74fe2ce9 Added new HTTP response headers on which fingerprint web app technology and web server OS. Updated documentation. Bernardo Damele 2008-11-19 15:33:39 +0000
  • 736b2e7323 Minor adjustments to the operating system fingerprint. Bernardo Damele 2008-11-19 00:36:44 +0000
  • 727664aea7 Minor enhancement to fingerprint the web server operating system and the web application technology by parsing also HTTP response Server header. Refactor libraries and plugins that parses XML to fingerprint and show on standard output the information. Updated changelog. Bernardo Damele 2008-11-18 17:42:46 +0000
  • 7d0724843f Major enhancement to the engine to parse XML files and matches on DBMS banner and HTTP response headers. Initial web application technology fingerprint (for the moment based only on X-Powered-By HTTP response header and not shown yet to the user). Minor layout adjustments. Bernardo Damele 2008-11-17 17:41:02 +0000
  • 66fb3c3033 Minor enhancement to show the DBMS operating system (if fingerprinted) also when only -b option is provided since it's an information that sqlmap get parsing the DBMS banner. Got rid completely of useless passive fuzzing. Bernardo Damele 2008-11-17 11:22:03 +0000
  • 7d7170fc97 Minor code adjustments Bernardo Damele 2008-11-17 00:13:49 +0000
  • 654aecedfe Minor layout adjustments, minor fixes and updated changelog Bernardo Damele 2008-11-17 00:00:54 +0000
  • fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type, version, release, distribution, codename and service pack) by parsing the DBMS banner value when both -f and -b are provided: adapted the code and added XML files defining regular expressions for matching. Bernardo Damele 2008-11-15 23:41:31 +0000
  • 84cbc60659 Major bug fix to correctly handle httplib.BadStatusLine exception. Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.) Updated user's manual. Bernardo Damele 2008-11-15 12:25:19 +0000
  • 4bf1fcb8ec Minor layout adjustment Bernardo Damele 2008-11-15 01:10:29 +0000
  • 0bd5b52d95 Minor fixes Bernardo Damele 2008-11-13 00:03:04 +0000
  • ecc4a98071 Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. Bernardo Damele 2008-11-12 23:44:09 +0000
  • 9329f8c9c4 Minor enhancement to be able to enumerate table columns and dump table entries also if the database name is not provided by using the current database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the 'USERS' TABLESPACE_NAME on Oracle. Minor bug fix so that when the user provide as SELECT statement to be processed an asterisk, now it also work if in the FROM there is no database name specified. Minor layout adjustments. Bernardo Damele 2008-11-12 22:53:25 +0000
  • 81ed7c2086 Initial implementation of support for stacked queries. Added method to test for Time based blind SQL injection query stacking on the affected parameter a SLEEP() or similar DBMS specific function. Adapted libraries, plugins and XML with the above changes. Minor layout adjustments. Bernardo Damele 2008-11-12 00:36:50 +0000
  • 13f76cfe3b Adjusted unhandled exception error message Bernardo Damele 2008-11-11 14:08:40 +0000
  • e1385eb2bf Removed useless W3C reference for CSS/HTML validation Bernardo Damele 2008-11-09 19:00:54 +0000
  • 0c5d3df546 sqlmap 0.6.3-rc1: * Minor enhancement to be able to specify the number of seconds to wait between each HTTP request. * Minor bug fix to handle session.error and session.timeout in HTTP requests. * Updated documentation. Bernardo Damele 2008-11-09 16:57:47 +0000
  • 544ced52b5 Name adjustment Bernardo Damele 2008-11-04 19:56:07 +0000