sqlmap

sqlmapproject/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-27 00:20:07 +03:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5649

#5658

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5849

#5849

#5852

#5859

#5860

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5890

#5893

#5910

#5913

#5923

#5923

#5930

#5931

#5932

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. Bernardo Damele 2011-01-20 21:57:54 +0000
1d06c64149 Indentation fix Bernardo Damele 2011-01-20 21:56:38 +0000
7d1c704575 Moved little precaution from checks.py to common.py. Initial refactoring of kb.os* get/set. Bernardo Damele 2011-01-20 21:56:10 +0000
9770db597e Centralization of unescape() Bernardo Damele 2011-01-20 21:55:13 +0000
e734efcda7 Removed deprecated code Bernardo Damele 2011-01-20 21:50:58 +0000
aa8a20d241 Minor bug fix for a traceback Bernardo Damele 2011-01-20 21:50:21 +0000
1d5050d577 Aligned comment Bernardo Damele 2011-01-20 21:49:34 +0000
77999fb39d Allow in --sql-shell to always ('a') retrieve query output. Minor bug fix in case with --columns it is not possible to retrieve a column datatype. Bernardo Damele 2011-01-20 21:49:06 +0000
b1d6040a48 Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside) Bernardo Damele 2011-01-20 21:46:56 +0000
6c490bfc8f Avoid a traceback elsewhere Bernardo Damele 2011-01-20 21:43:41 +0000
7ce49bcf0d Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this! Adjusted comments accordingly to new UNION-specific tags. Bernardo Damele 2011-01-20 21:42:55 +0000
f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) Miroslav Stampar 2011-01-20 21:13:28 +0000
ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky Miroslav Stampar 2011-01-20 20:30:18 +0000
a1d77737f5 minor grammar update (this should be a better form) Miroslav Stampar 2011-01-20 18:35:21 +0000
496a84c356 minor update Miroslav Stampar 2011-01-20 18:32:04 +0000
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode Miroslav Stampar 2011-01-20 17:53:49 +0000
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) Miroslav Stampar 2011-01-20 16:27:59 +0000
e8c037de1a minor update Miroslav Stampar 2011-01-20 16:17:38 +0000
4e5f0da1ae minor update Miroslav Stampar 2011-01-20 16:07:08 +0000
2fa066f892 added support for WebScarab logs Miroslav Stampar 2011-01-20 15:55:50 +0000
345e2288e1 important fix regarding encoding stuff Miroslav Stampar 2011-01-20 13:54:18 +0000
f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection Miroslav Stampar 2011-01-20 11:01:01 +0000
a4a0f10950 minor minor minor Miroslav Stampar 2011-01-20 09:25:34 +0000
50c02fbb37 Done with previous refactoring Bernardo Damele 2011-01-20 00:01:06 +0000
701947490b Two major bug fixes related to UNION technique query forging Bernardo Damele 2011-01-19 23:46:39 +0000
7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) Miroslav Stampar 2011-01-19 23:16:22 +0000
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. Bernardo Damele 2011-01-19 23:06:15 +0000
4bdc19d879 minor cosmetics Miroslav Stampar 2011-01-19 22:48:06 +0000
c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) Miroslav Stampar 2011-01-19 22:08:56 +0000
7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) Miroslav Stampar 2011-01-19 21:46:43 +0000
aea43a1e43 minor refactoring Miroslav Stampar 2011-01-19 15:26:57 +0000
eadaf680de fuck yea Miroslav Stampar 2011-01-19 15:25:48 +0000
89e0fd0709 back to roots Miroslav Stampar 2011-01-19 14:06:26 +0000
c1f6bf2eda Updated Bernardo Damele 2011-01-18 23:14:35 +0000
33485198e1 Code cleanup Bernardo Damele 2011-01-18 23:05:32 +0000
eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. Adapted UNION tests' titles when --union-char is provided. Lots of comment adjustments. Code cleanup Bernardo Damele 2011-01-18 23:03:50 +0000
cffa17f5a6 Major bug fix - before it raised a traceback, now works. Bernardo Damele 2011-01-18 23:02:47 +0000
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup. Bernardo Damele 2011-01-18 23:02:11 +0000
81be23976e Confirmed HAVING payloads work as WHERE ones. Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS. Proper handling of title for UNION tests when --union-char is provided. Bernardo Damele 2011-01-18 22:55:20 +0000
f7d9b22510 because other major DBMSes have at least one level 1 time based payload Miroslav Stampar 2011-01-18 20:32:49 +0000
38d0958781 minor fix (for numeric columns with all 0) Miroslav Stampar 2011-01-18 11:42:36 +0000
bdcb10cdab added MSSQL time based vector Miroslav Stampar 2011-01-18 02:05:18 +0000
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. Bernardo Damele 2011-01-17 23:43:37 +0000
c2a358561f Proper support for --union-cols Bernardo Damele 2011-01-17 22:57:33 +0000
35fb50a6ee Major bug fix Bernardo Damele 2011-01-17 22:56:04 +0000
47565f9459 Minor code refactoring Bernardo Damele 2011-01-17 21:13:59 +0000
041abb56e2 you can't believe how much man can learn when having good testing points Miroslav Stampar 2011-01-17 13:59:22 +0000
d225c5c9aa was wrong about this one (just now tested on a real site) Miroslav Stampar 2011-01-17 11:00:09 +0000
ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) Miroslav Stampar 2011-01-17 10:27:36 +0000
34d13be0d3 minor update regarding default page encoding Miroslav Stampar 2011-01-17 10:23:37 +0000
5c857779c1 important fix for unicode based character inference Miroslav Stampar 2011-01-17 10:15:19 +0000
99a3a3b89c minor fix (break if all found) Miroslav Stampar 2011-01-17 09:41:25 +0000
0fcca671bd information update regarding common password suffixes Miroslav Stampar 2011-01-17 09:28:25 +0000
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') Miroslav Stampar 2011-01-17 00:17:31 +0000
2041361695 minor cosmetics Miroslav Stampar 2011-01-16 23:20:52 +0000
e2c821eb81 minor cosmetics Miroslav Stampar 2011-01-16 22:35:54 +0000
e881465a9f minor improvement Miroslav Stampar 2011-01-16 20:55:07 +0000
f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency Miroslav Stampar 2011-01-16 19:29:06 +0000
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) Miroslav Stampar 2011-01-16 19:25:10 +0000
5476a8a27e russian sites are great for testing :) Miroslav Stampar 2011-01-16 19:00:19 +0000
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) Miroslav Stampar 2011-01-16 18:25:18 +0000
718eef8753 minor fix Miroslav Stampar 2011-01-16 18:11:35 +0000
30d6791968 update regarding time based data retrieval Miroslav Stampar 2011-01-16 17:52:42 +0000
ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" Miroslav Stampar 2011-01-16 12:12:01 +0000
2001bad7e1 automatic adjustment of timeSec for delayed queries Miroslav Stampar 2011-01-16 12:04:32 +0000
71391874eb slightly faster and thread safer inference Miroslav Stampar 2011-01-16 10:52:42 +0000
fb166e9445 adding USER_LOCK stacked query support for ORACLE (older versions) Miroslav Stampar 2011-01-16 10:31:16 +0000
f31c028232 Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436) Miroslav Stampar 2011-01-16 10:07:56 +0000
0fc4ebdc1b Major bug fix. Minor code refactoring. Bernardo Damele 2011-01-16 01:17:09 +0000
c0d5daee99 More refactoring and cleanup Bernardo Damele 2011-01-16 00:15:30 +0000
02b333e30b Minor improvement Bernardo Damele 2011-01-15 23:54:03 +0000
29ea0950b6 now False is also affected (along with None and "") Miroslav Stampar 2011-01-15 23:43:26 +0000
6e4b65a822 Minor refactoring Bernardo Damele 2011-01-15 23:28:31 +0000
558f3894f4 Minor improvement Bernardo Damele 2011-01-15 23:20:52 +0000
d3a28124b1 More code cleanup Bernardo Damele 2011-01-15 23:11:36 +0000
4a35f598b8 Minor refactoring Bernardo Damele 2011-01-15 22:09:53 +0000
d2ce647113 one of my stupidest commits (just in case) Miroslav Stampar 2011-01-15 18:17:46 +0000
0f565c941e bug fix and proper warning message Miroslav Stampar 2011-01-15 16:59:53 +0000
e105e1ea32 bug fix (some sites raise 404 during union tests) Miroslav Stampar 2011-01-15 16:42:33 +0000
3873d204bb important update for dictionary attack Miroslav Stampar 2011-01-15 15:56:11 +0000
e17ac5fdca update Miroslav Stampar 2011-01-15 15:14:22 +0000
44504746cf minor update Miroslav Stampar 2011-01-15 13:43:08 +0000
5bdb50c224 code review part 3 Miroslav Stampar 2011-01-15 13:15:10 +0000
1fa8f0cba7 code reviewing part 2 Miroslav Stampar 2011-01-15 12:53:40 +0000
6a0e0cde3c code review of modules in lib/core directory Miroslav Stampar 2011-01-15 12:13:45 +0000
2d9b151883 Minor bug fix Bernardo Damele 2011-01-15 10:14:05 +0000
05b2a338fe cosmetics Miroslav Stampar 2011-01-14 16:12:44 +0000
bff989d348 minor update Miroslav Stampar 2011-01-14 15:43:53 +0000
daf5662eab update Miroslav Stampar 2011-01-14 15:33:49 +0000
1cfd6a6b9d Code cleanup Bernardo Damele 2011-01-14 15:16:34 +0000
08f7e20c51 minor code refactoring Miroslav Stampar 2011-01-14 14:55:59 +0000
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common Miroslav Stampar 2011-01-14 14:37:03 +0000
534f51f9fc Minor bug fix Bernardo Damele 2011-01-14 14:20:28 +0000
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. Bernardo Damele 2011-01-14 12:47:07 +0000
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase Bernardo Damele 2011-01-14 11:55:20 +0000
f209b7a65e Updated Bernardo Damele 2011-01-14 09:56:55 +0000
7d9fd5a7b7 Minor bug fix Bernardo Damele 2011-01-14 09:49:14 +0000
b2c7ae77d4 minor update Miroslav Stampar 2011-01-14 09:45:47 +0000
676b95b30a minor code refactoring Miroslav Stampar 2011-01-14 09:44:56 +0000
f8c04ce020 Minor bug fix Bernardo Damele 2011-01-13 20:59:13 +0000