sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-27 16:39:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 0a81415f2f Minor code cleanup Bernardo Damele 2011-02-08 00:02:54 +0000
  • 2c4f6d2e99 fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too Miroslav Stampar 2011-02-07 21:53:05 +0000
  • a577d0e9a5 restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) Miroslav Stampar 2011-02-07 21:18:01 +0000
  • 66adf23532 Unbiased approach for searching appropriate usable column Miroslav Stampar 2011-02-07 21:00:59 +0000
  • f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) Miroslav Stampar 2011-02-07 16:55:02 +0000
  • 771020abd6 one more related commit Miroslav Stampar 2011-02-07 16:32:08 +0000
  • 265e7ca272 fix for that MSSQL limit/top problem Miroslav Stampar 2011-02-07 16:24:23 +0000
  • 71d1b72e0e minor adjustment Miroslav Stampar 2011-02-07 12:51:38 +0000
  • b33ac19d39 Minor fix Bernardo Damele 2011-02-07 12:36:00 +0000
  • 99e9412f74 minor update Miroslav Stampar 2011-02-07 12:34:23 +0000
  • e023e0d233 proper fix Miroslav Stampar 2011-02-07 12:32:08 +0000
  • 39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure Bernardo Damele 2011-02-07 12:17:19 +0000
  • 1a5a66870e problem fixed Miroslav Stampar 2011-02-07 11:57:41 +0000
  • c0233dcd4f preventing crashes for output=[] Miroslav Stampar 2011-02-07 10:24:15 +0000
  • 096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] Miroslav Stampar 2011-02-07 10:22:43 +0000
  • 008d434325 Important fix now that the file writing is unescaped too Bernardo Damele 2011-02-07 00:56:15 +0000
  • f0f5d3d3e8 Began with the update of the user's manual for 0.9 Bernardo Damele 2011-02-07 00:55:10 +0000
  • ba3a8a69d4 More statements to exclude from unescap'ing Bernardo Damele 2011-02-07 00:33:54 +0000
  • 3719f085ae Added back-end dbms' OS based methods to Backend object - will be used for refactoring Bernardo Damele 2011-02-07 00:21:17 +0000
  • 2e00656235 Minor fix Bernardo Damele 2011-02-07 00:20:23 +0000
  • bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') Bernardo Damele 2011-02-06 23:30:43 +0000
  • 061f56daf9 More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. Bernardo Damele 2011-02-06 23:27:56 +0000
  • 6a71629575 Converted from DOS format (\n\r to \n only) Bernardo Damele 2011-02-06 23:25:55 +0000
  • 7dcfcca87f Tests' titles adjustments Bernardo Damele 2011-02-06 23:17:39 +0000
  • 0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() Bernardo Damele 2011-02-06 22:58:12 +0000
  • 9eac2339ca Bernardo Damele 2011-02-06 22:55:26 +0000
  • db77f8b055 Code cleanup Bernardo Damele 2011-02-06 22:33:08 +0000
  • f3d6be7868 Code cleanup Bernardo Damele 2011-02-06 22:32:44 +0000
  • ecaf5729fd revert Miroslav Stampar 2011-02-06 22:14:18 +0000
  • 078a2207cc few reverts Miroslav Stampar 2011-02-06 22:10:28 +0000
  • b9b2fe0e7c little cleanup Miroslav Stampar 2011-02-06 21:52:39 +0000
  • c4c2cf1d58 can't stay as it is right now. temporary disabling. Miroslav Stampar 2011-02-06 21:17:41 +0000
  • d2b96a66a2 one more update regarding last few "unescape" related commits Miroslav Stampar 2011-02-06 20:23:23 +0000
  • caaac72029 minor update regarding last commit Miroslav Stampar 2011-02-06 20:15:03 +0000
  • 6191a7f26f Major fix for a silent bug Bernardo Damele 2011-02-06 15:53:43 +0000
  • 1bc2ee2fbf Updated Bernardo Damele 2011-02-06 15:44:27 +0000
  • 8980227d30 Minor bug fix Bernardo Damele 2011-02-06 15:32:16 +0000
  • 2afc1e5021 Layout adjustments Bernardo Damele 2011-02-06 15:28:23 +0000
  • a5a648f4fe Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected. Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug Bernardo Damele 2011-02-06 15:23:27 +0000
  • c44978862e Minor reordering of what gets saved into the injection object Bernardo Damele 2011-02-06 15:20:44 +0000
  • 5ecb75cc56 minor update Miroslav Stampar 2011-02-06 15:14:07 +0000
  • f754953c4f reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded. Miroslav Stampar 2011-02-06 12:33:58 +0000
  • 97f9c9d119 bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values Miroslav Stampar 2011-02-06 12:24:50 +0000
  • 412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') Miroslav Stampar 2011-02-05 14:17:28 +0000
  • 4df8a03c04 using OrderedDict to store parameters in order of appearance Miroslav Stampar 2011-02-04 18:07:21 +0000
  • acb986ae80 minor refactoring Miroslav Stampar 2011-02-04 17:40:55 +0000
  • fec88f6a6d Minor fix Bernardo Damele 2011-02-04 15:57:53 +0000
  • 1e8eb27156 update of doc/THANKS Miroslav Stampar 2011-02-04 14:07:54 +0000
  • 09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) Miroslav Stampar 2011-02-04 14:05:47 +0000
  • 14c87ec80d minor fix Miroslav Stampar 2011-02-04 13:29:02 +0000
  • f83f1a1e06 minor just in case update Miroslav Stampar 2011-02-04 13:08:54 +0000
  • c69b76776e minor refactoring Miroslav Stampar 2011-02-04 13:04:19 +0000
  • accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) Miroslav Stampar 2011-02-04 12:43:18 +0000
  • c19d481bb1 little clean up Miroslav Stampar 2011-02-04 12:25:14 +0000
  • 27601babb4 Minor adjustments to levels of boundaries Bernardo Damele 2011-02-04 11:57:47 +0000
  • c229efba05 revert Miroslav Stampar 2011-02-04 11:33:21 +0000
  • d211def899 minor adjustment (accepting strange new looking uri formats) Miroslav Stampar 2011-02-04 10:55:03 +0000
  • 1af418d444 huge bug fix Miroslav Stampar 2011-02-04 10:18:26 +0000
  • 76ab14f20f revert of r3203 Miroslav Stampar 2011-02-04 09:30:20 +0000
  • e4933f0c92 refactoring Miroslav Stampar 2011-02-03 23:25:56 +0000
  • 9a1a28c804 adding comments to filtering function Miroslav Stampar 2011-02-03 23:09:08 +0000
  • 1aecbe6b08 minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection) Miroslav Stampar 2011-02-03 22:59:26 +0000
  • 78d696fd4f i believe that this one should be the first level 1 boundary Miroslav Stampar 2011-02-03 21:27:03 +0000
  • e5f54644f0 minor "statistical" update Miroslav Stampar 2011-02-03 16:59:49 +0000
  • 3bd6e538f8 more appropriate Miroslav Stampar 2011-02-03 16:48:27 +0000
  • 64f18724ad new default UNION test(s) ranges Miroslav Stampar 2011-02-03 16:26:35 +0000
  • 3a13fd87fd new UNION column detection is going into wild Miroslav Stampar 2011-02-03 16:16:38 +0000
  • b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) Miroslav Stampar 2011-02-03 15:55:19 +0000
  • 253a8d0679 Minor bug fix Bernardo Damele 2011-02-03 15:24:36 +0000
  • a8fea8e4a8 fix for a bug noticed when using --keep-alive --threads on IIS/MSSQL Miroslav Stampar 2011-02-03 15:09:53 +0000
  • b3859824d9 Updated MySQL/Linux 64-bit shared object Bernardo Damele 2011-02-03 15:03:00 +0000
  • f8556063c7 Updated MySQL/Linux 32-bit shared object Bernardo Damele 2011-02-03 15:02:30 +0000
  • 06bb369da5 GCC 4.3 makes Linux/MySQL shared objects smaller Bernardo Damele 2011-02-03 14:59:31 +0000
  • 12090a86bc Done with PostgreSQL/Linux 64bit shared objects too Bernardo Damele 2011-02-03 14:53:07 +0000
  • 0edb4ee314 minor fix Miroslav Stampar 2011-02-03 13:28:10 +0000
  • 4bb7ffcb3a minor update Miroslav Stampar 2011-02-03 13:18:43 +0000
  • 8cf88dd0da Ready with PgSQL/Linux/32bit shared object too now Bernardo Damele 2011-02-03 12:28:00 +0000
  • 1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) Miroslav Stampar 2011-02-03 12:21:29 +0000
  • 5edba2ffbc minor change (conf.updateAll to conf.update) Miroslav Stampar 2011-02-03 11:13:39 +0000
  • 402c1b622e removing urlencode from UA Miroslav Stampar 2011-02-02 15:18:06 +0000
  • 5f49e20cc8 adding --random-agent and removing -a Miroslav Stampar 2011-02-02 14:51:12 +0000
  • 2dae57a56d cosmetics Miroslav Stampar 2011-02-02 14:35:21 +0000
  • 6c87bd1c63 added maskSensitiveData function Miroslav Stampar 2011-02-02 14:25:16 +0000
  • 5f0114a2a8 Minor bug fix Bernardo Damele 2011-02-02 14:06:40 +0000
  • 8134c2154a adding WHERE enum for payloads Miroslav Stampar 2011-02-02 13:34:09 +0000
  • d6c9515f78 minor update Miroslav Stampar 2011-02-02 13:03:24 +0000
  • 847b648e4a minor update Miroslav Stampar 2011-02-02 12:42:55 +0000
  • e73a147fb5 minor update Miroslav Stampar 2011-02-02 11:49:59 +0000
  • e33428b833 adding __findUnionCharCount function Miroslav Stampar 2011-02-02 11:22:35 +0000
  • 99aa38b58f minor refactoring Miroslav Stampar 2011-02-02 10:10:28 +0000
  • 23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) Miroslav Stampar 2011-02-02 09:24:37 +0000
  • af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) Miroslav Stampar 2011-02-01 22:45:38 +0000
  • a37f5e05b9 Refactoring Bernardo Damele 2011-02-01 22:27:36 +0000
  • 9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too. Bernardo Damele 2011-02-01 22:07:42 +0000
  • 2619e4895f Properly handle --technique at save/resume phase Bernardo Damele 2011-02-01 22:05:48 +0000
  • 3d966bd569 You never know.. Bernardo Damele 2011-02-01 22:05:12 +0000
  • d875d848ce Better sort Bernardo Damele 2011-02-01 22:04:48 +0000
  • 705d45f4db minor cosmetics Miroslav Stampar 2011-02-01 11:10:23 +0000
  • 196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably Miroslav Stampar 2011-02-01 11:06:56 +0000
  • 6761933f75 Just.. cosmetics ;) Bernardo Damele 2011-01-31 22:51:14 +0000