sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-09-21 19:42:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 4295a78c5f minor update Miroslav Stampar 2011-02-10 19:51:34 +0000
  • 394ccb5cc5 Added query for MSSQL/--privileges Bernardo Damele 2011-02-10 15:52:55 +0000
  • c078de894f Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA Bernardo Damele 2011-02-10 14:24:04 +0000
  • a2c20acf94 Minor fixes once more Bernardo Damele 2011-02-10 11:34:16 +0000
  • d0ddaee3c8 Minor bug fix Bernardo Damele 2011-02-10 11:28:24 +0000
  • 864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase Bernardo Damele 2011-02-10 11:14:05 +0000
  • aa0fb276ba More fixes for --common-columns to work against MSSQL too Bernardo Damele 2011-02-09 17:22:07 +0000
  • 917b2b0d6b one more commit related to the previous one Miroslav Stampar 2011-02-09 17:07:02 +0000
  • 6c582343fe .. fix Miroslav Stampar 2011-02-09 17:05:06 +0000
  • d9af01d73d imporant fix for boolean expression which return [None] Miroslav Stampar 2011-02-09 16:53:22 +0000
  • 7539881ffa fix for dump on Oracle but we still need to discuss some things around Miroslav Stampar 2011-02-09 14:52:07 +0000
  • 7d9be18789 added one comment Miroslav Stampar 2011-02-09 14:34:18 +0000
  • bafc8a1b0f another update Miroslav Stampar 2011-02-09 13:29:52 +0000
  • 600f729139 fix for a bug reported by skysbsb@gmail.com (double ORDER BY) Miroslav Stampar 2011-02-09 12:43:09 +0000
  • 5b57a69f3e fix Miroslav Stampar 2011-02-09 11:20:03 +0000
  • caf6220c53 done with implementation for retrieving table names via access system table(s) Miroslav Stampar 2011-02-09 10:50:38 +0000
  • 5050a76b59 update regarding reading of table names from access system tables Miroslav Stampar 2011-02-09 10:33:29 +0000
  • 3de6117253 revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) Miroslav Stampar 2011-02-09 09:53:59 +0000
  • b48213783a Removed senseless debug messsage Bernardo Damele 2011-02-08 17:09:35 +0000
  • e16bab7117 re-enabled --read-file for MySQL with all techniques Bernardo Damele 2011-02-08 17:03:57 +0000
  • 98ca1702ae los cosmeticado Miroslav Stampar 2011-02-08 16:30:32 +0000
  • 87e36796c6 just to not cause confusion Miroslav Stampar 2011-02-08 16:29:42 +0000
  • dcb9c93328 minor cleanup Miroslav Stampar 2011-02-08 16:27:58 +0000
  • 37f7001143 first commit with mysql/error/substringing Miroslav Stampar 2011-02-08 16:23:33 +0000
  • c3eb82e60b Proper fix Bernardo Damele 2011-02-08 10:08:48 +0000
  • dba2f74588 revert of r3274 Miroslav Stampar 2011-02-08 09:44:34 +0000
  • 156d8cd99b Directory restyling Bernardo Damele 2011-02-08 00:15:02 +0000
  • cfe2da0195 Minor fix Bernardo Damele 2011-02-08 00:13:39 +0000
  • 0a81415f2f Minor code cleanup Bernardo Damele 2011-02-08 00:02:54 +0000
  • 2c4f6d2e99 fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too Miroslav Stampar 2011-02-07 21:53:05 +0000
  • a577d0e9a5 restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) Miroslav Stampar 2011-02-07 21:18:01 +0000
  • 66adf23532 Unbiased approach for searching appropriate usable column Miroslav Stampar 2011-02-07 21:00:59 +0000
  • f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) Miroslav Stampar 2011-02-07 16:55:02 +0000
  • 771020abd6 one more related commit Miroslav Stampar 2011-02-07 16:32:08 +0000
  • 265e7ca272 fix for that MSSQL limit/top problem Miroslav Stampar 2011-02-07 16:24:23 +0000
  • 71d1b72e0e minor adjustment Miroslav Stampar 2011-02-07 12:51:38 +0000
  • b33ac19d39 Minor fix Bernardo Damele 2011-02-07 12:36:00 +0000
  • 99e9412f74 minor update Miroslav Stampar 2011-02-07 12:34:23 +0000
  • e023e0d233 proper fix Miroslav Stampar 2011-02-07 12:32:08 +0000
  • 39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure Bernardo Damele 2011-02-07 12:17:19 +0000
  • 1a5a66870e problem fixed Miroslav Stampar 2011-02-07 11:57:41 +0000
  • c0233dcd4f preventing crashes for output=[] Miroslav Stampar 2011-02-07 10:24:15 +0000
  • 096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] Miroslav Stampar 2011-02-07 10:22:43 +0000
  • 008d434325 Important fix now that the file writing is unescaped too Bernardo Damele 2011-02-07 00:56:15 +0000
  • f0f5d3d3e8 Began with the update of the user's manual for 0.9 Bernardo Damele 2011-02-07 00:55:10 +0000
  • ba3a8a69d4 More statements to exclude from unescap'ing Bernardo Damele 2011-02-07 00:33:54 +0000
  • 3719f085ae Added back-end dbms' OS based methods to Backend object - will be used for refactoring Bernardo Damele 2011-02-07 00:21:17 +0000
  • 2e00656235 Minor fix Bernardo Damele 2011-02-07 00:20:23 +0000
  • bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') Bernardo Damele 2011-02-06 23:30:43 +0000
  • 061f56daf9 More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. Bernardo Damele 2011-02-06 23:27:56 +0000
  • 6a71629575 Converted from DOS format (\n\r to \n only) Bernardo Damele 2011-02-06 23:25:55 +0000
  • 7dcfcca87f Tests' titles adjustments Bernardo Damele 2011-02-06 23:17:39 +0000
  • 0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() Bernardo Damele 2011-02-06 22:58:12 +0000
  • 9eac2339ca Bernardo Damele 2011-02-06 22:55:26 +0000
  • db77f8b055 Code cleanup Bernardo Damele 2011-02-06 22:33:08 +0000
  • f3d6be7868 Code cleanup Bernardo Damele 2011-02-06 22:32:44 +0000
  • ecaf5729fd revert Miroslav Stampar 2011-02-06 22:14:18 +0000
  • 078a2207cc few reverts Miroslav Stampar 2011-02-06 22:10:28 +0000
  • b9b2fe0e7c little cleanup Miroslav Stampar 2011-02-06 21:52:39 +0000
  • c4c2cf1d58 can't stay as it is right now. temporary disabling. Miroslav Stampar 2011-02-06 21:17:41 +0000
  • d2b96a66a2 one more update regarding last few "unescape" related commits Miroslav Stampar 2011-02-06 20:23:23 +0000
  • caaac72029 minor update regarding last commit Miroslav Stampar 2011-02-06 20:15:03 +0000
  • 6191a7f26f Major fix for a silent bug Bernardo Damele 2011-02-06 15:53:43 +0000
  • 1bc2ee2fbf Updated Bernardo Damele 2011-02-06 15:44:27 +0000
  • 8980227d30 Minor bug fix Bernardo Damele 2011-02-06 15:32:16 +0000
  • 2afc1e5021 Layout adjustments Bernardo Damele 2011-02-06 15:28:23 +0000
  • a5a648f4fe Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected. Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug Bernardo Damele 2011-02-06 15:23:27 +0000
  • c44978862e Minor reordering of what gets saved into the injection object Bernardo Damele 2011-02-06 15:20:44 +0000
  • 5ecb75cc56 minor update Miroslav Stampar 2011-02-06 15:14:07 +0000
  • f754953c4f reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded. Miroslav Stampar 2011-02-06 12:33:58 +0000
  • 97f9c9d119 bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values Miroslav Stampar 2011-02-06 12:24:50 +0000
  • 412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') Miroslav Stampar 2011-02-05 14:17:28 +0000
  • 4df8a03c04 using OrderedDict to store parameters in order of appearance Miroslav Stampar 2011-02-04 18:07:21 +0000
  • acb986ae80 minor refactoring Miroslav Stampar 2011-02-04 17:40:55 +0000
  • fec88f6a6d Minor fix Bernardo Damele 2011-02-04 15:57:53 +0000
  • 1e8eb27156 update of doc/THANKS Miroslav Stampar 2011-02-04 14:07:54 +0000
  • 09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) Miroslav Stampar 2011-02-04 14:05:47 +0000
  • 14c87ec80d minor fix Miroslav Stampar 2011-02-04 13:29:02 +0000
  • f83f1a1e06 minor just in case update Miroslav Stampar 2011-02-04 13:08:54 +0000
  • c69b76776e minor refactoring Miroslav Stampar 2011-02-04 13:04:19 +0000
  • accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) Miroslav Stampar 2011-02-04 12:43:18 +0000
  • c19d481bb1 little clean up Miroslav Stampar 2011-02-04 12:25:14 +0000
  • 27601babb4 Minor adjustments to levels of boundaries Bernardo Damele 2011-02-04 11:57:47 +0000
  • c229efba05 revert Miroslav Stampar 2011-02-04 11:33:21 +0000
  • d211def899 minor adjustment (accepting strange new looking uri formats) Miroslav Stampar 2011-02-04 10:55:03 +0000
  • 1af418d444 huge bug fix Miroslav Stampar 2011-02-04 10:18:26 +0000
  • 76ab14f20f revert of r3203 Miroslav Stampar 2011-02-04 09:30:20 +0000
  • e4933f0c92 refactoring Miroslav Stampar 2011-02-03 23:25:56 +0000
  • 9a1a28c804 adding comments to filtering function Miroslav Stampar 2011-02-03 23:09:08 +0000
  • 1aecbe6b08 minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection) Miroslav Stampar 2011-02-03 22:59:26 +0000
  • 78d696fd4f i believe that this one should be the first level 1 boundary Miroslav Stampar 2011-02-03 21:27:03 +0000
  • e5f54644f0 minor "statistical" update Miroslav Stampar 2011-02-03 16:59:49 +0000
  • 3bd6e538f8 more appropriate Miroslav Stampar 2011-02-03 16:48:27 +0000
  • 64f18724ad new default UNION test(s) ranges Miroslav Stampar 2011-02-03 16:26:35 +0000
  • 3a13fd87fd new UNION column detection is going into wild Miroslav Stampar 2011-02-03 16:16:38 +0000
  • b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) Miroslav Stampar 2011-02-03 15:55:19 +0000
  • 253a8d0679 Minor bug fix Bernardo Damele 2011-02-03 15:24:36 +0000
  • a8fea8e4a8 fix for a bug noticed when using --keep-alive --threads on IIS/MSSQL Miroslav Stampar 2011-02-03 15:09:53 +0000
  • b3859824d9 Updated MySQL/Linux 64-bit shared object Bernardo Damele 2011-02-03 15:03:00 +0000
  • f8556063c7 Updated MySQL/Linux 32-bit shared object Bernardo Damele 2011-02-03 15:02:30 +0000