sqlmap

sqlmapproject/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-27 16:39:54 +03:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5649

#5658

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5849

#5849

#5852

#5859

#5860

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5890

#5893

#5910

#5913

#5923

#5923

#5930

#5931

#5932

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

35b6d7278a minor update Miroslav Stampar 2011-01-31 22:50:54 +0000
25c175a9a5 minor bug fix Miroslav Stampar 2011-01-31 22:34:57 +0000
b04e1a0313 More detailed message for unhandled exception Bernardo Damele 2011-01-31 21:23:40 +0000
2fd9621499 Minor adjustments Cosmetics Bernardo Damele 2011-01-31 21:22:39 +0000
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o Bernardo Damele 2011-01-31 21:21:13 +0000
8397c526d8 Minor adjustment Bernardo Damele 2011-01-31 21:20:23 +0000
e3a3ae11cc Proper return from error-based technique enumeration Bernardo Damele 2011-01-31 21:13:29 +0000
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) Miroslav Stampar 2011-01-31 20:36:01 +0000
777a19cfa9 LOL. removing that debug 'True' Miroslav Stampar 2011-01-31 16:22:55 +0000
a80fe28631 one more thing ;) Miroslav Stampar 2011-01-31 16:21:28 +0000
933d701667 cosmetics Miroslav Stampar 2011-01-31 16:14:44 +0000
b1dc928e68 implemented validation for time-based inference Miroslav Stampar 2011-01-31 16:07:23 +0000
25463bc67c fix for a bug (--predict-output) noticed by Bernardo Miroslav Stampar 2011-01-31 15:00:41 +0000
60a2364f2b now union technique parses headers too Miroslav Stampar 2011-01-31 12:41:39 +0000
8ef47307db added checking of header values for GREP (error); still UNION to do Miroslav Stampar 2011-01-31 12:21:17 +0000
a6f2cd56ff removed junky import Miroslav Stampar 2011-01-31 11:59:58 +0000
6393495eb0 comment added Miroslav Stampar 2011-01-31 11:58:35 +0000
1b4d68c844 minor update Miroslav Stampar 2011-01-31 11:56:20 +0000
fb3513650d adding ID properties Miroslav Stampar 2011-01-31 11:41:28 +0000
f9eac97fe8 refactoring of MSSQL XML banner parsing Miroslav Stampar 2011-01-31 11:38:00 +0000
14de5809ea update Miroslav Stampar 2011-01-31 11:08:58 +0000
7175efcae1 another minor cosmetic update Miroslav Stampar 2011-01-31 10:59:51 +0000
97328c3104 minor fix Miroslav Stampar 2011-01-31 10:54:13 +0000
5e768be509 minor bug fix Miroslav Stampar 2011-01-31 09:34:54 +0000
f7feebe0df fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) Miroslav Stampar 2011-01-31 09:28:16 +0000
9fc0bedea8 Minor bug fixes Bernardo Damele 2011-01-30 21:01:57 +0000
2a0b03e5c6 Unused import Bernardo Damele 2011-01-30 17:07:27 +0000
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) Miroslav Stampar 2011-01-30 17:03:06 +0000
21e7223779 perhaps this is better english Bernardo Damele 2011-01-30 16:34:13 +0000
8278d821ac Another layout adjustment Bernardo Damele 2011-01-30 16:23:19 +0000
71d82e6f57 Minor layout adjustment Bernardo Damele 2011-01-30 16:19:58 +0000
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique Bernardo Damele 2011-01-30 14:19:50 +0000
bc8f1142c9 minor revert Miroslav Stampar 2011-01-30 11:41:58 +0000
ddf23ba7cc refactoring Miroslav Stampar 2011-01-30 11:36:03 +0000
3060c369a5 minor fix for previous commit Miroslav Stampar 2011-01-30 07:44:47 +0000
1abf354630 minor update Miroslav Stampar 2011-01-30 07:41:09 +0000
d63339ca26 minor bug fix Miroslav Stampar 2011-01-30 07:34:07 +0000
e8883de2c6 minor update regarding unicode decoding of supplied arguments Miroslav Stampar 2011-01-29 23:01:39 +0000
367d0639f0 refactoring (class names should always be Capital cased) Miroslav Stampar 2011-01-28 16:36:09 +0000
ddd296030d added some more info to unhandled exception message(s) Miroslav Stampar 2011-01-28 16:15:45 +0000
a184a4c772 major of majors bug fix Miroslav Stampar 2011-01-28 14:31:25 +0000
0f4fb156d3 major bug fix Miroslav Stampar 2011-01-28 14:09:28 +0000
b1c7a17163 fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str)) Miroslav Stampar 2011-01-28 13:26:20 +0000
b98cbeee04 page for handling binary files Miroslav Stampar 2011-01-27 22:00:34 +0000
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels Miroslav Stampar 2011-01-27 19:44:24 +0000
49aeb41be8 quick bug fix for FALSE positives with UNION based technique Miroslav Stampar 2011-01-27 18:49:44 +0000
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) Miroslav Stampar 2011-01-27 18:36:28 +0000
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) Miroslav Stampar 2011-01-27 16:55:58 +0000
539168dcca sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there) Miroslav Stampar 2011-01-27 13:40:42 +0000
bb6e36fb02 minor updates Miroslav Stampar 2011-01-27 12:38:39 +0000
3bb4ea2c7a THANKS update Miroslav Stampar 2011-01-25 22:29:36 +0000
10b723f196 minor fix for a bug reported by yonnym@googlemail.com Miroslav Stampar 2011-01-25 22:26:28 +0000
430fd5cd63 minor fixes Miroslav Stampar 2011-01-25 16:05:06 +0000
20df2bbd10 minor fix Miroslav Stampar 2011-01-25 15:44:45 +0000
d3ddaba7be minor refactoring Miroslav Stampar 2011-01-25 13:04:13 +0000
c7f260a8bc minor update Miroslav Stampar 2011-01-25 12:54:49 +0000
98e48bd682 new script Miroslav Stampar 2011-01-25 12:48:50 +0000
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) Miroslav Stampar 2011-01-25 11:02:41 +0000
5692506131 this was bad thing to have Miroslav Stampar 2011-01-25 01:08:38 +0000
5aa958a146 ASCII & CHR is quite common, so removing this one Miroslav Stampar 2011-01-24 22:51:15 +0000
a1619f84b6 changing level of last payload Miroslav Stampar 2011-01-24 22:31:26 +0000
8155f95b82 new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted") Miroslav Stampar 2011-01-24 22:28:54 +0000
9f76468005 another premiere, yeeej. IDSes, watch yourself :) Miroslav Stampar 2011-01-24 21:30:46 +0000
2fb0c946d2 minor update Miroslav Stampar 2011-01-24 21:21:47 +0000
15645f50d4 world premiere :) Miroslav Stampar 2011-01-24 21:21:11 +0000
50969d238b minor update Miroslav Stampar 2011-01-24 17:51:56 +0000
440264341c minor update Miroslav Stampar 2011-01-24 17:43:25 +0000
0eea5665b2 minor update Miroslav Stampar 2011-01-24 17:41:36 +0000
b0dc6c24eb Moved Bernardo Damele 2011-01-24 17:04:49 +0000
6cc69f5e16 now --technique is appliable also after the injections have been identified Miroslav Stampar 2011-01-24 16:47:24 +0000
c188996627 patch for possible query optimization (avoid precalculation of 1/0) Miroslav Stampar 2011-01-24 16:21:27 +0000
81011be0d7 minor update of parseTargetUrl method Miroslav Stampar 2011-01-24 14:52:50 +0000
ceca64193b Updated Bernardo Damele 2011-01-24 14:46:41 +0000
4093599f38 added parseTargetUrl to redirect choice Miroslav Stampar 2011-01-24 14:45:35 +0000
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads Bernardo Damele 2011-01-24 12:25:45 +0000
8d0c2efbe2 unescaping of char marked payloads Miroslav Stampar 2011-01-24 12:00:16 +0000
4441e11f68 fix for case -r with no params and cookie available Miroslav Stampar 2011-01-24 11:26:51 +0000
47fa600c04 Minor fix and cosmetics Bernardo Damele 2011-01-24 11:12:33 +0000
a3e3387113 fix for proper Firebird resume of version Miroslav Stampar 2011-01-24 11:04:32 +0000
eb33612736 fix Miroslav Stampar 2011-01-24 10:20:17 +0000
c1145c244e fix for user-agent injections Miroslav Stampar 2011-01-23 23:23:30 +0000
818c9787b2 minor update Miroslav Stampar 2011-01-23 21:20:16 +0000
b18397fbc7 major revisit of --os-shell methods Miroslav Stampar 2011-01-23 20:47:06 +0000
ff7707579f minor improvement Miroslav Stampar 2011-01-23 11:35:24 +0000
f5ff78d40c revert Miroslav Stampar 2011-01-23 11:21:27 +0000
db76bcb327 fix for cases when mixing ingres dbms with spanish word "ingresa" Miroslav Stampar 2011-01-23 11:19:10 +0000
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message Miroslav Stampar 2011-01-23 10:51:57 +0000
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) Miroslav Stampar 2011-01-23 10:12:01 +0000
30cd877c4a fix for URI based injections Miroslav Stampar 2011-01-22 16:23:33 +0000
7bf05bf2cb minor update Miroslav Stampar 2011-01-22 00:12:03 +0000
d6d8d54eda implemented Johannes Dahse / Reiners' technique Miroslav Stampar 2011-01-22 00:06:27 +0000
0743202879 minor update Miroslav Stampar 2011-01-21 23:54:25 +0000
cb0e7080c5 more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked) Miroslav Stampar 2011-01-21 23:47:45 +0000
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) Miroslav Stampar 2011-01-21 18:32:10 +0000
79e4b1efd5 added new signature for SQLite error messages Miroslav Stampar 2011-01-20 22:47:03 +0000
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors Bernardo Damele 2011-01-20 22:02:20 +0000
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) Bernardo Damele 2011-01-20 22:01:21 +0000
bd2e036412 minor fix Miroslav Stampar 2011-01-20 22:00:16 +0000
97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT Bernardo Damele 2011-01-20 21:59:47 +0000
f1b402b103 Proper handling of CASE in Oracle, finally Bernardo Damele 2011-01-20 21:58:50 +0000