sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-09-21 11:32:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • ceca64193b Updated Bernardo Damele 2011-01-24 14:46:41 +0000
  • 4093599f38 added parseTargetUrl to redirect choice Miroslav Stampar 2011-01-24 14:45:35 +0000
  • e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads Bernardo Damele 2011-01-24 12:25:45 +0000
  • 8d0c2efbe2 unescaping of char marked payloads Miroslav Stampar 2011-01-24 12:00:16 +0000
  • 4441e11f68 fix for case -r with no params and cookie available Miroslav Stampar 2011-01-24 11:26:51 +0000
  • 47fa600c04 Minor fix and cosmetics Bernardo Damele 2011-01-24 11:12:33 +0000
  • a3e3387113 fix for proper Firebird resume of version Miroslav Stampar 2011-01-24 11:04:32 +0000
  • eb33612736 fix Miroslav Stampar 2011-01-24 10:20:17 +0000
  • c1145c244e fix for user-agent injections Miroslav Stampar 2011-01-23 23:23:30 +0000
  • 818c9787b2 minor update Miroslav Stampar 2011-01-23 21:20:16 +0000
  • b18397fbc7 major revisit of --os-shell methods Miroslav Stampar 2011-01-23 20:47:06 +0000
  • ff7707579f minor improvement Miroslav Stampar 2011-01-23 11:35:24 +0000
  • f5ff78d40c revert Miroslav Stampar 2011-01-23 11:21:27 +0000
  • db76bcb327 fix for cases when mixing ingres dbms with spanish word "ingresa" Miroslav Stampar 2011-01-23 11:19:10 +0000
  • 97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message Miroslav Stampar 2011-01-23 10:51:57 +0000
  • 3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) Miroslav Stampar 2011-01-23 10:12:01 +0000
  • 30cd877c4a fix for URI based injections Miroslav Stampar 2011-01-22 16:23:33 +0000
  • 7bf05bf2cb minor update Miroslav Stampar 2011-01-22 00:12:03 +0000
  • d6d8d54eda implemented Johannes Dahse / Reiners' technique Miroslav Stampar 2011-01-22 00:06:27 +0000
  • 0743202879 minor update Miroslav Stampar 2011-01-21 23:54:25 +0000
  • cb0e7080c5 more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked) Miroslav Stampar 2011-01-21 23:47:45 +0000
  • 7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) Miroslav Stampar 2011-01-21 18:32:10 +0000
  • 79e4b1efd5 added new signature for SQLite error messages Miroslav Stampar 2011-01-20 22:47:03 +0000
  • 03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors Bernardo Damele 2011-01-20 22:02:20 +0000
  • 0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) Bernardo Damele 2011-01-20 22:01:21 +0000
  • bd2e036412 minor fix Miroslav Stampar 2011-01-20 22:00:16 +0000
  • 97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT Bernardo Damele 2011-01-20 21:59:47 +0000
  • f1b402b103 Proper handling of CASE in Oracle, finally Bernardo Damele 2011-01-20 21:58:50 +0000
  • 4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. Bernardo Damele 2011-01-20 21:57:54 +0000
  • 1d06c64149 Indentation fix Bernardo Damele 2011-01-20 21:56:38 +0000
  • 7d1c704575 Moved little precaution from checks.py to common.py. Initial refactoring of kb.os* get/set. Bernardo Damele 2011-01-20 21:56:10 +0000
  • 9770db597e Centralization of unescape() Bernardo Damele 2011-01-20 21:55:13 +0000
  • e734efcda7 Removed deprecated code Bernardo Damele 2011-01-20 21:50:58 +0000
  • aa8a20d241 Minor bug fix for a traceback Bernardo Damele 2011-01-20 21:50:21 +0000
  • 1d5050d577 Aligned comment Bernardo Damele 2011-01-20 21:49:34 +0000
  • 77999fb39d Allow in --sql-shell to always ('a') retrieve query output. Minor bug fix in case with --columns it is not possible to retrieve a column datatype. Bernardo Damele 2011-01-20 21:49:06 +0000
  • b1d6040a48 Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside) Bernardo Damele 2011-01-20 21:46:56 +0000
  • 6c490bfc8f Avoid a traceback elsewhere Bernardo Damele 2011-01-20 21:43:41 +0000
  • 7ce49bcf0d Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this! Adjusted comments accordingly to new UNION-specific tags. Bernardo Damele 2011-01-20 21:42:55 +0000
  • f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) Miroslav Stampar 2011-01-20 21:13:28 +0000
  • ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky Miroslav Stampar 2011-01-20 20:30:18 +0000
  • a1d77737f5 minor grammar update (this should be a better form) Miroslav Stampar 2011-01-20 18:35:21 +0000
  • 496a84c356 minor update Miroslav Stampar 2011-01-20 18:32:04 +0000
  • dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode Miroslav Stampar 2011-01-20 17:53:49 +0000
  • ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) Miroslav Stampar 2011-01-20 16:27:59 +0000
  • e8c037de1a minor update Miroslav Stampar 2011-01-20 16:17:38 +0000
  • 4e5f0da1ae minor update Miroslav Stampar 2011-01-20 16:07:08 +0000
  • 2fa066f892 added support for WebScarab logs Miroslav Stampar 2011-01-20 15:55:50 +0000
  • 345e2288e1 important fix regarding encoding stuff Miroslav Stampar 2011-01-20 13:54:18 +0000
  • f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection Miroslav Stampar 2011-01-20 11:01:01 +0000
  • a4a0f10950 minor minor minor Miroslav Stampar 2011-01-20 09:25:34 +0000
  • 50c02fbb37 Done with previous refactoring Bernardo Damele 2011-01-20 00:01:06 +0000
  • 701947490b Two major bug fixes related to UNION technique query forging Bernardo Damele 2011-01-19 23:46:39 +0000
  • 7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) Miroslav Stampar 2011-01-19 23:16:22 +0000
  • bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. Bernardo Damele 2011-01-19 23:06:15 +0000
  • 4bdc19d879 minor cosmetics Miroslav Stampar 2011-01-19 22:48:06 +0000
  • c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) Miroslav Stampar 2011-01-19 22:08:56 +0000
  • 7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) Miroslav Stampar 2011-01-19 21:46:43 +0000
  • aea43a1e43 minor refactoring Miroslav Stampar 2011-01-19 15:26:57 +0000
  • eadaf680de fuck yea Miroslav Stampar 2011-01-19 15:25:48 +0000
  • 89e0fd0709 back to roots Miroslav Stampar 2011-01-19 14:06:26 +0000
  • c1f6bf2eda Updated Bernardo Damele 2011-01-18 23:14:35 +0000
  • 33485198e1 Code cleanup Bernardo Damele 2011-01-18 23:05:32 +0000
  • eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. Adapted UNION tests' titles when --union-char is provided. Lots of comment adjustments. Code cleanup Bernardo Damele 2011-01-18 23:03:50 +0000
  • cffa17f5a6 Major bug fix - before it raised a traceback, now works. Bernardo Damele 2011-01-18 23:02:47 +0000
  • daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup. Bernardo Damele 2011-01-18 23:02:11 +0000
  • 81be23976e Confirmed HAVING payloads work as WHERE ones. Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS. Proper handling of title for UNION tests when --union-char is provided. Bernardo Damele 2011-01-18 22:55:20 +0000
  • f7d9b22510 because other major DBMSes have at least one level 1 time based payload Miroslav Stampar 2011-01-18 20:32:49 +0000
  • 38d0958781 minor fix (for numeric columns with all 0) Miroslav Stampar 2011-01-18 11:42:36 +0000
  • bdcb10cdab added MSSQL time based vector Miroslav Stampar 2011-01-18 02:05:18 +0000
  • 3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. Bernardo Damele 2011-01-17 23:43:37 +0000
  • c2a358561f Proper support for --union-cols Bernardo Damele 2011-01-17 22:57:33 +0000
  • 35fb50a6ee Major bug fix Bernardo Damele 2011-01-17 22:56:04 +0000
  • 47565f9459 Minor code refactoring Bernardo Damele 2011-01-17 21:13:59 +0000
  • 041abb56e2 you can't believe how much man can learn when having good testing points Miroslav Stampar 2011-01-17 13:59:22 +0000
  • d225c5c9aa was wrong about this one (just now tested on a real site) Miroslav Stampar 2011-01-17 11:00:09 +0000
  • ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) Miroslav Stampar 2011-01-17 10:27:36 +0000
  • 34d13be0d3 minor update regarding default page encoding Miroslav Stampar 2011-01-17 10:23:37 +0000
  • 5c857779c1 important fix for unicode based character inference Miroslav Stampar 2011-01-17 10:15:19 +0000
  • 99a3a3b89c minor fix (break if all found) Miroslav Stampar 2011-01-17 09:41:25 +0000
  • 0fcca671bd information update regarding common password suffixes Miroslav Stampar 2011-01-17 09:28:25 +0000
  • a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') Miroslav Stampar 2011-01-17 00:17:31 +0000
  • 2041361695 minor cosmetics Miroslav Stampar 2011-01-16 23:20:52 +0000
  • e2c821eb81 minor cosmetics Miroslav Stampar 2011-01-16 22:35:54 +0000
  • e881465a9f minor improvement Miroslav Stampar 2011-01-16 20:55:07 +0000
  • f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency Miroslav Stampar 2011-01-16 19:29:06 +0000
  • a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) Miroslav Stampar 2011-01-16 19:25:10 +0000
  • 5476a8a27e russian sites are great for testing :) Miroslav Stampar 2011-01-16 19:00:19 +0000
  • 19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) Miroslav Stampar 2011-01-16 18:25:18 +0000
  • 718eef8753 minor fix Miroslav Stampar 2011-01-16 18:11:35 +0000
  • 30d6791968 update regarding time based data retrieval Miroslav Stampar 2011-01-16 17:52:42 +0000
  • ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" Miroslav Stampar 2011-01-16 12:12:01 +0000
  • 2001bad7e1 automatic adjustment of timeSec for delayed queries Miroslav Stampar 2011-01-16 12:04:32 +0000
  • 71391874eb slightly faster and thread safer inference Miroslav Stampar 2011-01-16 10:52:42 +0000
  • fb166e9445 adding USER_LOCK stacked query support for ORACLE (older versions) Miroslav Stampar 2011-01-16 10:31:16 +0000
  • f31c028232 Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436) Miroslav Stampar 2011-01-16 10:07:56 +0000
  • 0fc4ebdc1b Major bug fix. Minor code refactoring. Bernardo Damele 2011-01-16 01:17:09 +0000
  • c0d5daee99 More refactoring and cleanup Bernardo Damele 2011-01-16 00:15:30 +0000
  • 02b333e30b Minor improvement Bernardo Damele 2011-01-15 23:54:03 +0000
  • 29ea0950b6 now False is also affected (along with None and "") Miroslav Stampar 2011-01-15 23:43:26 +0000