Morph MORPH
SIGN IN SIGN UP
sqlmapproject / sqlmap UNCLAIMED

Automatic SQL injection and database takeover tool

0 0 0 Python

COMMITS

/ xml/payloads.xml
a6671ebb576536e659392bdaf0a8347275d18e5b
December 19, 2012
B
fixed title
Bernardo Damele committed
a2c5884
December 18, 2012
M
Implementation for an Issue #135
Miroslav Stampar committed
9b716eb
December 5, 2012
M
Lowering --limit for inline query technique
Miroslav Stampar committed
bc72180
M
Update for an Issue #278
Miroslav Stampar committed
775e0df
November 27, 2012
M
Minor bug fix (RLIKE boolean case was using wrong comparison payload)
Miroslav Stampar committed
c0796b4
September 26, 2012
M
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
Miroslav Stampar committed
687f399
September 17, 2012
M
Removing boundaries (it were meant to be used as 'parameter replace' logic but it's not doable for boundaries)
Miroslav Stampar committed
67cfc3b
M
Minor update
Miroslav Stampar committed
acad7a3
August 22, 2012
M
Fixing INSERT/UPDATE generic boundaries (those previous few were junkies)
Miroslav Stampar committed
d7cf0de
August 20, 2012
M
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
Miroslav Stampar committed
8ee9fea
August 6, 2012
M
Fix by zhouhx@knownsec.com (better LIKE boundaries)
Miroslav Stampar committed
6fdbe4e
July 26, 2012
M
Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :)
Miroslav Stampar committed
57f2fcc
M
Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db
Miroslav Stampar committed
ec96689
M
Style update
Miroslav Stampar committed
6878ef9
M
Implementation of payloads for Issue #122
Miroslav Stampar committed
ab31603
July 20, 2012
B
fixes issue #97
Bernardo Damele committed
1928d54
July 17, 2012
B
more on issue #97
Bernardo Damele committed
243a905
B
added payloads for ORDER BY/GROUP BY time-based injections - issue #97
Bernardo Damele committed
c483e91
B
Initial commit for issue #97
Bernardo Damele committed
771e7a9
June 11, 2012
M
minor refactoring
Miroslav Stampar committed
5d35d25
May 22, 2012
M
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
Miroslav Stampar committed
2538e2d
May 21, 2012
M
adding revisited wildcard LIKE payloads
Miroslav Stampar committed
3a9e266
M
reverting last changes on boundaries
Miroslav Stampar committed
602369c
M
adding a new payload boundaries by smcintyre@securestate.com
Miroslav Stampar committed
1500b3f
May 9, 2012
M
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
Miroslav Stampar committed
37f2709
April 25, 2012
M
reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago
Miroslav Stampar committed
1e45ee9
April 23, 2012
B
increased UNION test ranges
Bernardo Damele committed
eb73cab
April 13, 2012
M
new payload
Miroslav Stampar committed
414c74b
April 4, 2012
B
switch two conditional payloads for proper detection
Bernardo Damele committed
1f82d29
B
minor revert
Bernardo Damele committed
d5b4b79
April 3, 2012
B
improved detection for INSERT and UPDATE statements
Bernardo Damele committed
049c27c
March 30, 2012
B
Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings)
Bernardo Damele committed
40a7232
March 29, 2012
M
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
Miroslav Stampar committed
637a8d8
M
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
Miroslav Stampar committed
772ead8
March 15, 2012
M
minor fix
Miroslav Stampar committed
84479ee
B
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
Bernardo Damele committed
890bf70
March 1, 2012
M
Oracle's XMLType doesn't like '#' char too
Miroslav Stampar committed
ac5a752
January 10, 2012
M
minor concision/beautification update
Miroslav Stampar committed
f114703
December 1, 2011
M
minor update (removing reference to Microsoft Access for Generic payload)
Miroslav Stampar committed
94790bf
November 23, 2011
M
using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)
Miroslav Stampar committed
df4e3be
November 22, 2011
M
reverting back last two commits
Miroslav Stampar committed
d8047c7
M
even better (added long before plugins table)
Miroslav Stampar committed
73276c0
M
better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)
Miroslav Stampar committed
ff07031
November 12, 2011
M
adding AGAINST full-text search boundaries
Miroslav Stampar committed
bbb7e15
October 28, 2011
M
adding INSERT/UPDATE generic boundaries
Miroslav Stampar committed
2e5222b
August 31, 2011
M
degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)
Miroslav Stampar committed
382db1b
August 24, 2011
M
adding support for pre-WHERE injections
Miroslav Stampar committed
d283e3e
August 3, 2011
M
minor beautification
Miroslav Stampar committed
13eb20c
B
Minor fix
Bernardo Damele committed
2e20eb1
July 24, 2011
B
Minor adjustments
Bernardo Damele committed
99a0b62