Commit Graph

  • 1e71b24dca More info messages to prove xp_cmdshell (and temporary directory choosen) worked Bernardo Damele 2012-03-14 22:41:53 +0000
  • c735d846ee The default temporary directory as to stay as is, do not touch this code snippet anymore please Bernardo Damele 2012-03-14 22:39:46 +0000
  • 52a8b25ff4 minor fix Miroslav Stampar 2012-03-14 14:31:41 +0000
  • ca0d068575 distinguishing NULL from BLANK Miroslav Stampar 2012-03-14 13:52:23 +0000
  • e38b59a2ae minor update Miroslav Stampar 2012-03-14 13:16:49 +0000
  • cee9ff7885 proper parsing of content in partial union technique Miroslav Stampar 2012-03-14 11:23:30 +0000
  • 61ad3b999a fix for a crash with partial union and --hex Miroslav Stampar 2012-03-14 10:31:24 +0000
  • a7fbc55748 grammar fix Miroslav Stampar 2012-03-13 22:03:23 +0000
  • edfcddd3c3 minor fix for logging only cookies used by request (e.g. --load-cookies case) Miroslav Stampar 2012-03-13 10:58:15 +0000
  • 34b0935cb3 refactoring "echo 1" quick test for xp_cmdshell console output Miroslav Stampar 2012-03-13 10:36:49 +0000
  • e827f41cdb using pickle HIGHEST_PROTOCOL just in case Miroslav Stampar 2012-03-13 09:35:37 +0000
  • e6c610abab minor fix Miroslav Stampar 2012-03-13 09:14:56 +0000
  • cda8815634 introducing safe deprecation mechanism for HashDB versioning Miroslav Stampar 2012-03-12 22:55:57 +0000
  • 48bcde478e more general update Miroslav Stampar 2012-03-12 15:29:55 +0000
  • 1d0c8a7f44 minor update Miroslav Stampar 2012-03-12 15:19:02 +0000
  • 6ed1b04bbe minor update Miroslav Stampar 2012-03-12 13:27:07 +0000
  • 48592f2515 minor adjustments Bernardo Damele 2012-03-09 18:34:18 +0000
  • be9b103b51 minor bug fix Bernardo Damele 2012-03-09 18:02:50 +0000
  • 012fc21b49 Improvements to column(s) search: now it's possible to search column(s) in provided table(s) across all databases, search column(s) across all tables in provided database(s) or let sqlmap alone identify the databases' tables - this is now implemented for error-based, union query and direct connection. Work is still required for boolean-based and time-based. Adapted the queries.xml file accordingly Bernardo Damele 2012-03-09 17:47:50 +0000
  • c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell Miroslav Stampar 2012-03-09 14:21:41 +0000
  • 4ac2611a56 Added another tamper script Bernardo Damele 2012-03-09 12:09:19 +0000
  • d9e499af9f Set Id property Bernardo Damele 2012-03-09 12:05:21 +0000
  • a0b46963cb minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup) Miroslav Stampar 2012-03-09 10:28:19 +0000
  • 7330dff255 Minor bug fix for --search -C so that now if not columns are found (with criteria specified, e.g. -D testdb -T testtable), it won't ask to dump for the entries Bernardo Damele 2012-03-08 16:57:53 +0000
  • e678219a8c minor update Miroslav Stampar 2012-03-08 15:51:30 +0000
  • ae87df5670 leftover Bernardo Damele 2012-03-08 15:45:33 +0000
  • 5a83f1c5f7 minor update Miroslav Stampar 2012-03-08 15:43:22 +0000
  • 4bc6f3f6c9 Minor bug fix so that --search -T tablename -D db1,db2 now correctly forges the query concatenating db1 and db2 with a OR, not an AND anymore Bernardo Damele 2012-03-08 15:32:05 +0000
  • 68b9d48d0a minor update Miroslav Stampar 2012-03-08 15:30:23 +0000
  • 2ab80bfb2c minor bug fix Miroslav Stampar 2012-03-08 15:24:05 +0000
  • c79807f5fb Minor layout adjustments Bernardo Damele 2012-03-08 15:11:24 +0000
  • 775e424bf2 bug fix for using --no-cast and --hex switches together Miroslav Stampar 2012-03-08 15:04:52 +0000
  • 11c7cc5224 minor temporary fix Miroslav Stampar 2012-03-08 11:08:43 +0000
  • 98a3e43f53 bug fix for writing raw pickled data into SQLite HashDB Miroslav Stampar 2012-03-08 10:57:47 +0000
  • cd28eb6544 minor update regarding --load-cookies Miroslav Stampar 2012-03-08 10:19:34 +0000
  • 2c87d061e9 minor update Miroslav Stampar 2012-03-08 10:03:59 +0000
  • 9ca8bc4d51 minor bug fix Miroslav Stampar 2012-03-08 09:52:33 +0000
  • b4cf8b05b3 added switch --load-cookies Miroslav Stampar 2012-03-07 14:48:45 +0000
  • 4cfea96471 minor update Miroslav Stampar 2012-03-05 09:56:48 +0000
  • 0ead1fd87e minor update Miroslav Stampar 2012-03-05 09:42:52 +0000
  • ac5a752b12 Oracle's XMLType doesn't like '#' char too Miroslav Stampar 2012-03-01 11:59:37 +0000
  • 761ec7529a minor appereance fix Miroslav Stampar 2012-03-01 11:52:30 +0000
  • f4e410db16 minor fix Miroslav Stampar 2012-03-01 10:17:39 +0000
  • 1ec56f93ec minor update Miroslav Stampar 2012-03-01 10:10:19 +0000
  • 2d3c12d2d0 shorter single line info Miroslav Stampar 2012-03-01 09:10:24 +0000
  • 37db27b720 turning back on automatic adjusting of delays in time based queries Miroslav Stampar 2012-02-29 15:51:23 +0000
  • 0205d96d7b minor fix Miroslav Stampar 2012-02-29 15:38:01 +0000
  • 1bdc07c279 minor update Miroslav Stampar 2012-02-29 15:02:24 +0000
  • 8b9c5c66cc code refactoring regarding charsetType inside inference/bisection Miroslav Stampar 2012-02-29 14:36:23 +0000
  • f6f98f1b41 minor improvement Miroslav Stampar 2012-02-29 14:19:59 +0000
  • 10dd9096f7 one more just in case fix for safeSQLIdentificator naming on MSSQL --tables Miroslav Stampar 2012-02-29 14:05:53 +0000
  • d06182347f fixing few potential problems Miroslav Stampar 2012-02-29 13:56:40 +0000
  • c39d85420a removing PGP Key ID from my info too (used only few times in couple of years) Miroslav Stampar 2012-02-29 09:56:41 +0000
  • f142c0f782 minor update Miroslav Stampar 2012-02-28 14:04:13 +0000
  • 22b3fa0749 minor update Miroslav Stampar 2012-02-27 15:28:36 +0000
  • a9bf0297f6 moving injection data to HashDB Miroslav Stampar 2012-02-27 13:44:07 +0000
  • 68e08d2749 minor fix for not displaying 'None' but None in enumeration when data unavailable Miroslav Stampar 2012-02-27 13:15:10 +0000
  • a424de3102 minor fix Miroslav Stampar 2012-02-27 12:55:28 +0000
  • 1e82405bb9 HashDB is now supported in -d too Miroslav Stampar 2012-02-27 12:14:01 +0000
  • 3909658fc2 few minor just in case updates Miroslav Stampar 2012-02-27 11:15:53 +0000
  • 85125018a1 minor bug fix Miroslav Stampar 2012-02-25 22:54:32 +0000
  • 5d307cf886 minor update Miroslav Stampar 2012-02-25 10:54:39 +0000
  • 06ab3fa134 minor update Miroslav Stampar 2012-02-25 10:53:38 +0000
  • 74b19a0386 minor update Miroslav Stampar 2012-02-25 10:43:10 +0000
  • 5b67af3b20 minor update Miroslav Stampar 2012-02-24 15:03:39 +0000
  • 8a203ef79d making session data strictly dependent on url through HashDB helper functions Miroslav Stampar 2012-02-24 14:58:24 +0000
  • c36cbbb3ae minor fix Miroslav Stampar 2012-02-24 14:54:10 +0000
  • 26b33154ab optimal fix related to the last commit Miroslav Stampar 2012-02-24 14:28:41 +0000
  • 9d6fd2e507 bug fix for --schema --technique=BST Miroslav Stampar 2012-02-24 14:12:19 +0000
  • f94b91ad87 added helper function for HashDB data storing/retrieval Miroslav Stampar 2012-02-24 13:07:20 +0000
  • b481c0352f minor update Miroslav Stampar 2012-02-24 11:25:56 +0000
  • 1f6ce265b9 minor fix Miroslav Stampar 2012-02-24 11:05:04 +0000
  • 5afbd52b61 more update related to last commits Miroslav Stampar 2012-02-24 10:57:23 +0000
  • 570d3a19c2 more general fix Miroslav Stampar 2012-02-24 10:53:28 +0000
  • e8352e504f fixing problems with chars deletition by logging messages in inference mode Miroslav Stampar 2012-02-24 10:48:19 +0000
  • 71028a81f5 fix for proper retrieval of columns in SQLite Miroslav Stampar 2012-02-24 09:55:13 +0000
  • f9d2971474 minor just in case fix Miroslav Stampar 2012-02-23 16:37:06 +0000
  • 7941504c3a minor update Miroslav Stampar 2012-02-23 15:32:36 +0000
  • 0478e4166a minor justin case fix Miroslav Stampar 2012-02-23 15:19:20 +0000
  • 086c3a3662 minor fix Miroslav Stampar 2012-02-23 13:31:50 +0000
  • 82e2f27024 Minor doc update Bernardo Damele 2012-02-23 10:45:52 +0000
  • da22e82309 minor fix Miroslav Stampar 2012-02-23 10:29:55 +0000
  • 2866aaf4cf minor fixes Miroslav Stampar 2012-02-23 10:16:58 +0000
  • 4e44900039 minor update Miroslav Stampar 2012-02-23 10:01:45 +0000
  • 03070d17a6 minor update Miroslav Stampar 2012-02-23 09:40:03 +0000
  • a0106ff7b4 minor update of CHANGES Miroslav Stampar 2012-02-23 09:34:18 +0000
  • 6e54cb171f minor code restyling Miroslav Stampar 2012-02-22 15:53:36 +0000
  • 61a25418a9 minor update Miroslav Stampar 2012-02-22 10:45:10 +0000
  • b3bd4144f5 removing of unused imports together with some general code refactoring Miroslav Stampar 2012-02-22 10:40:11 +0000
  • 386e98a0e3 using UNION SELECT for where=..NEGATIVE Miroslav Stampar 2012-02-22 09:41:58 +0000
  • c9d570c83b minor update Miroslav Stampar 2012-02-21 13:49:30 +0000
  • 686eacda9a minor update regarding --hex Miroslav Stampar 2012-02-21 13:38:18 +0000
  • bcf3255fe1 implementation of switch --hex for 4 major DBMSes Miroslav Stampar 2012-02-21 11:44:48 +0000
  • 77723a7aee minor update Miroslav Stampar 2012-02-21 10:24:04 +0000
  • d70f4b7150 adding hex conversion functions to queries.xml for 4 major DBMSes Miroslav Stampar 2012-02-21 10:10:43 +0000
  • 3e4db6d140 minor fix for Python v2.6 Miroslav Stampar 2012-02-20 19:35:57 +0000
  • f55ad46119 Use %TEMP% environment variable as temporary directory (--tmp-path overwrites this btw) folder with direct connection (-d). Via SQL injection, env variables do not work apparently Bernardo Damele 2012-02-20 11:06:55 +0000
  • 08bf8c201f few minor fixes Miroslav Stampar 2012-02-20 10:24:55 +0000
  • bc4dd7c0dd fix for -g Miroslav Stampar 2012-02-20 10:02:19 +0000
  • 121148f27f There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests. Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table. Minor fix also to threat MSSQL's EXEC statements as SELECT ones Bernardo Damele 2012-02-17 15:54:49 +0000