sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-29 17:39:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 072e08836f Falling back to unionReadFile() when --file-read does not work against MySQL. This happens when the session user does not have INSERT privilege, required to run LOAD DATA INFILE Bernardo Damele 2012-04-19 14:05:45 +0000
  • 2b1b4c0742 minor fix Miroslav Stampar 2012-04-18 10:01:04 +0000
  • 6ebb621228 adding support for (custom) POST injection (marking injection point with '*' in conf.data) Miroslav Stampar 2012-04-17 14:23:00 +0000
  • efd27d7ade minor renaming Miroslav Stampar 2012-04-17 08:41:19 +0000
  • ccd6fb70a8 minor refactoring Miroslav Stampar 2012-04-15 17:17:30 +0000
  • 965c1511a6 adding new tamper script Miroslav Stampar 2012-04-15 17:10:43 +0000
  • 601d118c68 reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types) Miroslav Stampar 2012-04-15 16:59:03 +0000
  • 71b0acc16f minor fix (checking for full inband should be done with ORIGINAL - more concise) Miroslav Stampar 2012-04-15 16:43:18 +0000
  • 5772c52f46 minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....) Miroslav Stampar 2012-04-15 16:33:47 +0000
  • ae8c70e895 another cosmetics Miroslav Stampar 2012-04-13 15:11:44 +0000
  • d765cdc3a3 minor cosmetics Miroslav Stampar 2012-04-13 15:10:40 +0000
  • 54576ab3a6 making a random choice from candidates Miroslav Stampar 2012-04-13 10:54:30 +0000
  • bbbcc95fe5 use it only if page is stable Miroslav Stampar 2012-04-13 10:19:26 +0000
  • 414c74b8aa new payload Miroslav Stampar 2012-04-13 08:16:33 +0000
  • 052d9455fe warning user in cases of "User xyz already has more than 'max_user_connections' active connections" Miroslav Stampar 2012-04-12 09:44:54 +0000
  • 831f79b851 minor generalization Miroslav Stampar 2012-04-12 09:30:19 +0000
  • c7422546e1 tiny update Miroslav Stampar 2012-04-11 23:01:38 +0000
  • 2bad73a981 minor update Miroslav Stampar 2012-04-11 21:48:44 +0000
  • e195de2093 correcting comment on reflective removal function Miroslav Stampar 2012-04-11 21:41:48 +0000
  • b45ae10da4 minor fixes Miroslav Stampar 2012-04-11 21:36:37 +0000
  • 627bfc589f some more updates in reflective removal mechanism Miroslav Stampar 2012-04-11 21:26:00 +0000
  • 8b130f6497 minor improvement for reflective values (when missing first part of payload like in error reports) Miroslav Stampar 2012-04-11 15:01:28 +0000
  • 01bd5d0ab2 some more updates for reflective mechanism Miroslav Stampar 2012-04-11 10:41:33 +0000
  • 2e92d8636e improvement of reflective mechanism Miroslav Stampar 2012-04-11 08:58:03 +0000
  • 60ca44e0cf minor adjustment Miroslav Stampar 2012-04-11 08:35:09 +0000
  • e33ea7c33a minor fix Miroslav Stampar 2012-04-10 22:29:39 +0000
  • 8541222080 minor update Miroslav Stampar 2012-04-10 22:26:42 +0000
  • 9c2f244d47 minor fix Miroslav Stampar 2012-04-10 22:20:53 +0000
  • a82206cec4 minor cosmetics Miroslav Stampar 2012-04-10 21:57:00 +0000
  • 119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate Miroslav Stampar 2012-04-10 21:48:34 +0000
  • 698b7a15d9 minor update Miroslav Stampar 2012-04-07 14:14:26 +0000
  • 8c6eb4faa9 adding support for PgSQL DNS data exfiltration Miroslav Stampar 2012-04-07 14:06:11 +0000
  • b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) Miroslav Stampar 2012-04-06 08:42:36 +0000
  • 2223c884e5 minor refactoring Miroslav Stampar 2012-04-05 12:55:26 +0000
  • 02924eb345 minor update Miroslav Stampar 2012-04-04 23:47:06 +0000
  • e0994947e2 minor update Miroslav Stampar 2012-04-04 23:37:50 +0000
  • b1dd03731a minor cosmetics Miroslav Stampar 2012-04-04 23:34:08 +0000
  • 83387d92bb minor bug fix Miroslav Stampar 2012-04-04 23:32:20 +0000
  • c89a4162e2 bug fix for --dns-domain with --technique=TS Miroslav Stampar 2012-04-04 18:01:39 +0000
  • 80228f67f6 removed newline Bernardo Damele 2012-04-04 13:49:03 +0000
  • e23efabf86 removed unuseful spaces Bernardo Damele 2012-04-04 13:36:18 +0000
  • c051d7fecc Prefer xp_dirtree Bernardo Damele 2012-04-04 13:29:25 +0000
  • 098c7c06dd added few comments Miroslav Stampar 2012-04-04 13:24:58 +0000
  • a5b69eaea4 removing unused imports Miroslav Stampar 2012-04-04 13:18:14 +0000
  • 52796bb4da revert Bernardo Damele 2012-04-04 13:02:50 +0000
  • a4b95ab7dd works against MySQL/Windows Miroslav Stampar 2012-04-04 12:49:45 +0000
  • a1d97e9d7b Add a space after a comment Bernardo Damele 2012-04-04 12:48:21 +0000
  • 025c531d22 leftover Bernardo Damele 2012-04-04 12:44:25 +0000
  • c0946ce2c9 Minor refactoring Bernardo Damele 2012-04-04 12:42:58 +0000
  • 75d1dab895 more cosmetics Bernardo Damele 2012-04-04 12:33:16 +0000
  • d106fb5184 layout adjustments Bernardo Damele 2012-04-04 12:27:24 +0000
  • 1b2cd44255 proper fix Miroslav Stampar 2012-04-04 10:35:52 +0000
  • 7031ef8e00 removing default values for referer and host from higher level/risk options Miroslav Stampar 2012-04-04 10:34:27 +0000
  • 1f82d29a36 switch two conditional payloads for proper detection Bernardo Damele 2012-04-04 10:11:48 +0000
  • 5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') Miroslav Stampar 2012-04-04 09:25:05 +0000
  • d5b4b7996a minor revert Bernardo Damele 2012-04-04 00:09:47 +0000
  • 049c27c739 improved detection for INSERT and UPDATE statements Bernardo Damele 2012-04-03 23:29:06 +0000
  • 11546cdb6e minor refactoring Miroslav Stampar 2012-04-03 19:09:35 +0000
  • 5851badff1 minor refactoring Miroslav Stampar 2012-04-03 14:46:09 +0000
  • b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) Miroslav Stampar 2012-04-03 14:34:15 +0000
  • 556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode Miroslav Stampar 2012-04-03 14:04:07 +0000
  • 33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique Miroslav Stampar 2012-04-03 13:56:11 +0000
  • 7fb190f3b1 minor fix Miroslav Stampar 2012-04-03 12:35:19 +0000
  • 886aa22efc minor update Miroslav Stampar 2012-04-03 12:19:37 +0000
  • 503988887c minor update Miroslav Stampar 2012-04-03 10:43:46 +0000
  • 78f51fd2e5 minor fix Miroslav Stampar 2012-04-03 10:18:03 +0000
  • 2504f4edb8 minor fixes Miroslav Stampar 2012-04-03 10:10:33 +0000
  • e05109812f minor improvements regarding data retrieval through DNS channel Miroslav Stampar 2012-04-03 09:18:30 +0000
  • 46cfa64d81 minor update Miroslav Stampar 2012-04-02 21:06:57 +0000
  • 5f94987b0f fix for DNS method for MSSQL Miroslav Stampar 2012-04-02 17:28:18 +0000
  • 2c28423cb8 minor update Miroslav Stampar 2012-04-02 14:57:15 +0000
  • 8a9d09f79b minor fixes Miroslav Stampar 2012-04-02 14:11:23 +0000
  • 1cd3c3f7af further update of DNS data retrieval mechanism through SQLi Miroslav Stampar 2012-04-02 14:05:30 +0000
  • 1e01203562 few just in case "patches" Miroslav Stampar 2012-04-02 12:58:10 +0000
  • d908d078dd minor fix Miroslav Stampar 2012-04-02 12:27:30 +0000
  • abffc39929 minor update regarding DNS data retrieval task Miroslav Stampar 2012-04-02 12:22:40 +0000
  • f7a664b120 enablind DNS server for DNS data exfiltration Miroslav Stampar 2012-03-31 12:08:27 +0000
  • 8be9cd4ac4 bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value) Miroslav Stampar 2012-03-31 10:22:50 +0000
  • 40a7232de6 Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings) Bernardo Damele 2012-03-30 16:27:08 +0000
  • 429b8396e9 minor update for DNSServer support Miroslav Stampar 2012-03-30 13:20:29 +0000
  • 56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection Miroslav Stampar 2012-03-30 10:50:01 +0000
  • 79c3d6f2aa minor update Miroslav Stampar 2012-03-30 10:37:46 +0000
  • 6acf6b193a minor update regarding boolean logic comparison mechanism Miroslav Stampar 2012-03-30 09:42:58 +0000
  • 5469186540 minor comment update Miroslav Stampar 2012-03-29 14:35:47 +0000
  • 637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism Miroslav Stampar 2012-03-29 14:33:27 +0000
  • ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code Miroslav Stampar 2012-03-29 13:39:12 +0000
  • 772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values Miroslav Stampar 2012-03-29 12:44:20 +0000
  • c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) Miroslav Stampar 2012-03-29 09:56:09 +0000
  • 60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) Miroslav Stampar 2012-03-28 19:33:00 +0000
  • 9433bbe26d memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed) Miroslav Stampar 2012-03-28 19:27:12 +0000
  • 7d131d1fb1 minor update Miroslav Stampar 2012-03-28 13:46:31 +0000
  • 7fd64df167 minor code cleaning Miroslav Stampar 2012-03-28 13:31:07 +0000
  • 769b0d0ae7 more minor updates regarding data retrieval through DNS channel Miroslav Stampar 2012-03-27 19:29:24 +0000
  • 9199ce5054 minor update Miroslav Stampar 2012-03-27 19:07:17 +0000
  • 1b072f6415 laying foundation for DNS based data retrieval Miroslav Stampar 2012-03-27 18:59:12 +0000
  • 645fc8a21c minor refactoring Miroslav Stampar 2012-03-27 08:31:48 +0000
  • 3abcd6910a strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test Miroslav Stampar 2012-03-22 00:06:50 +0000
  • e88687b1f0 revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection) Miroslav Stampar 2012-03-21 23:15:59 +0000
  • 524c1d38ad making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message) Miroslav Stampar 2012-03-21 23:03:57 +0000
  • 11132ba993 fix for a bug in reflection removal mechanism Miroslav Stampar 2012-03-19 14:28:18 +0000