sqlmapproject/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-04-14 19:04:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 10b723f196 minor fix for a bug reported by yonnym@googlemail.com Miroslav Stampar 2011-01-25 22:26:28 +00:00
  • 430fd5cd63 minor fixes Miroslav Stampar 2011-01-25 16:05:06 +00:00
  • 20df2bbd10 minor fix Miroslav Stampar 2011-01-25 15:44:45 +00:00
  • d3ddaba7be minor refactoring Miroslav Stampar 2011-01-25 13:04:13 +00:00
  • c7f260a8bc minor update Miroslav Stampar 2011-01-25 12:54:49 +00:00
  • 98e48bd682 new script Miroslav Stampar 2011-01-25 12:48:50 +00:00
  • cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) Miroslav Stampar 2011-01-25 11:02:41 +00:00
  • 5692506131 this was bad thing to have Miroslav Stampar 2011-01-25 01:08:38 +00:00
  • 5aa958a146 ASCII & CHR is quite common, so removing this one Miroslav Stampar 2011-01-24 22:51:15 +00:00
  • a1619f84b6 changing level of last payload Miroslav Stampar 2011-01-24 22:31:26 +00:00
  • 8155f95b82 new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted") Miroslav Stampar 2011-01-24 22:28:54 +00:00
  • 9f76468005 another premiere, yeeej. IDSes, watch yourself :) Miroslav Stampar 2011-01-24 21:30:46 +00:00
  • 2fb0c946d2 minor update Miroslav Stampar 2011-01-24 21:21:47 +00:00
  • 15645f50d4 world premiere :) Miroslav Stampar 2011-01-24 21:21:11 +00:00
  • 50969d238b minor update Miroslav Stampar 2011-01-24 17:51:56 +00:00
  • 440264341c minor update Miroslav Stampar 2011-01-24 17:43:25 +00:00
  • 0eea5665b2 minor update Miroslav Stampar 2011-01-24 17:41:36 +00:00
  • b0dc6c24eb Moved Bernardo Damele 2011-01-24 17:04:49 +00:00
  • 6cc69f5e16 now --technique is appliable also after the injections have been identified Miroslav Stampar 2011-01-24 16:47:24 +00:00
  • c188996627 patch for possible query optimization (avoid precalculation of 1/0) Miroslav Stampar 2011-01-24 16:21:27 +00:00
  • 81011be0d7 minor update of parseTargetUrl method Miroslav Stampar 2011-01-24 14:52:50 +00:00
  • ceca64193b Updated Bernardo Damele 2011-01-24 14:46:41 +00:00
  • 4093599f38 added parseTargetUrl to redirect choice Miroslav Stampar 2011-01-24 14:45:35 +00:00
  • e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads Bernardo Damele 2011-01-24 12:25:45 +00:00
  • 8d0c2efbe2 unescaping of char marked payloads Miroslav Stampar 2011-01-24 12:00:16 +00:00
  • 4441e11f68 fix for case -r with no params and cookie available Miroslav Stampar 2011-01-24 11:26:51 +00:00
  • 47fa600c04 Minor fix and cosmetics Bernardo Damele 2011-01-24 11:12:33 +00:00
  • a3e3387113 fix for proper Firebird resume of version Miroslav Stampar 2011-01-24 11:04:32 +00:00
  • eb33612736 fix Miroslav Stampar 2011-01-24 10:20:17 +00:00
  • c1145c244e fix for user-agent injections Miroslav Stampar 2011-01-23 23:23:30 +00:00
  • 818c9787b2 minor update Miroslav Stampar 2011-01-23 21:20:16 +00:00
  • b18397fbc7 major revisit of --os-shell methods Miroslav Stampar 2011-01-23 20:47:06 +00:00
  • ff7707579f minor improvement Miroslav Stampar 2011-01-23 11:35:24 +00:00
  • f5ff78d40c revert Miroslav Stampar 2011-01-23 11:21:27 +00:00
  • db76bcb327 fix for cases when mixing ingres dbms with spanish word "ingresa" Miroslav Stampar 2011-01-23 11:19:10 +00:00
  • 97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message Miroslav Stampar 2011-01-23 10:51:57 +00:00
  • 3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) Miroslav Stampar 2011-01-23 10:12:01 +00:00
  • 30cd877c4a fix for URI based injections Miroslav Stampar 2011-01-22 16:23:33 +00:00
  • 7bf05bf2cb minor update Miroslav Stampar 2011-01-22 00:12:03 +00:00
  • d6d8d54eda implemented Johannes Dahse / Reiners' technique Miroslav Stampar 2011-01-22 00:06:27 +00:00
  • 0743202879 minor update Miroslav Stampar 2011-01-21 23:54:25 +00:00
  • cb0e7080c5 more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked) Miroslav Stampar 2011-01-21 23:47:45 +00:00
  • 7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) Miroslav Stampar 2011-01-21 18:32:10 +00:00
  • 79e4b1efd5 added new signature for SQLite error messages Miroslav Stampar 2011-01-20 22:47:03 +00:00
  • 03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors Bernardo Damele 2011-01-20 22:02:20 +00:00
  • 0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) Bernardo Damele 2011-01-20 22:01:21 +00:00
  • bd2e036412 minor fix Miroslav Stampar 2011-01-20 22:00:16 +00:00
  • 97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT Bernardo Damele 2011-01-20 21:59:47 +00:00
  • f1b402b103 Proper handling of CASE in Oracle, finally Bernardo Damele 2011-01-20 21:58:50 +00:00
  • 4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. Bernardo Damele 2011-01-20 21:57:54 +00:00
  • 1d06c64149 Indentation fix Bernardo Damele 2011-01-20 21:56:38 +00:00
  • 7d1c704575 Moved little precaution from checks.py to common.py. Initial refactoring of kb.os* get/set. Bernardo Damele 2011-01-20 21:56:10 +00:00
  • 9770db597e Centralization of unescape() Bernardo Damele 2011-01-20 21:55:13 +00:00
  • e734efcda7 Removed deprecated code Bernardo Damele 2011-01-20 21:50:58 +00:00
  • aa8a20d241 Minor bug fix for a traceback Bernardo Damele 2011-01-20 21:50:21 +00:00
  • 1d5050d577 Aligned comment Bernardo Damele 2011-01-20 21:49:34 +00:00
  • 77999fb39d Allow in --sql-shell to always ('a') retrieve query output. Minor bug fix in case with --columns it is not possible to retrieve a column datatype. Bernardo Damele 2011-01-20 21:49:06 +00:00
  • b1d6040a48 Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside) Bernardo Damele 2011-01-20 21:46:56 +00:00
  • 6c490bfc8f Avoid a traceback elsewhere Bernardo Damele 2011-01-20 21:43:41 +00:00
  • 7ce49bcf0d Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this! Adjusted comments accordingly to new UNION-specific tags. Bernardo Damele 2011-01-20 21:42:55 +00:00
  • f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) Miroslav Stampar 2011-01-20 21:13:28 +00:00
  • ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky Miroslav Stampar 2011-01-20 20:30:18 +00:00
  • a1d77737f5 minor grammar update (this should be a better form) Miroslav Stampar 2011-01-20 18:35:21 +00:00
  • 496a84c356 minor update Miroslav Stampar 2011-01-20 18:32:04 +00:00
  • dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode Miroslav Stampar 2011-01-20 17:53:49 +00:00
  • ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) Miroslav Stampar 2011-01-20 16:27:59 +00:00
  • e8c037de1a minor update Miroslav Stampar 2011-01-20 16:17:38 +00:00
  • 4e5f0da1ae minor update Miroslav Stampar 2011-01-20 16:07:08 +00:00
  • 2fa066f892 added support for WebScarab logs Miroslav Stampar 2011-01-20 15:55:50 +00:00
  • 345e2288e1 important fix regarding encoding stuff Miroslav Stampar 2011-01-20 13:54:18 +00:00
  • f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection Miroslav Stampar 2011-01-20 11:01:01 +00:00
  • a4a0f10950 minor minor minor Miroslav Stampar 2011-01-20 09:25:34 +00:00
  • 50c02fbb37 Done with previous refactoring Bernardo Damele 2011-01-20 00:01:06 +00:00
  • 701947490b Two major bug fixes related to UNION technique query forging Bernardo Damele 2011-01-19 23:46:39 +00:00
  • 7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) Miroslav Stampar 2011-01-19 23:16:22 +00:00
  • bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. Bernardo Damele 2011-01-19 23:06:15 +00:00
  • 4bdc19d879 minor cosmetics Miroslav Stampar 2011-01-19 22:48:06 +00:00
  • c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) Miroslav Stampar 2011-01-19 22:08:56 +00:00
  • 7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) Miroslav Stampar 2011-01-19 21:46:43 +00:00
  • aea43a1e43 minor refactoring Miroslav Stampar 2011-01-19 15:26:57 +00:00
  • eadaf680de fuck yea Miroslav Stampar 2011-01-19 15:25:48 +00:00
  • 89e0fd0709 back to roots Miroslav Stampar 2011-01-19 14:06:26 +00:00
  • c1f6bf2eda Updated Bernardo Damele 2011-01-18 23:14:35 +00:00
  • 33485198e1 Code cleanup Bernardo Damele 2011-01-18 23:05:32 +00:00
  • eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. Adapted UNION tests' titles when --union-char is provided. Lots of comment adjustments. Code cleanup Bernardo Damele 2011-01-18 23:03:50 +00:00
  • cffa17f5a6 Major bug fix - before it raised a traceback, now works. Bernardo Damele 2011-01-18 23:02:47 +00:00
  • daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup. Bernardo Damele 2011-01-18 23:02:11 +00:00
  • 81be23976e Confirmed HAVING payloads work as WHERE ones. Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS. Proper handling of title for UNION tests when --union-char is provided. Bernardo Damele 2011-01-18 22:55:20 +00:00
  • f7d9b22510 because other major DBMSes have at least one level 1 time based payload Miroslav Stampar 2011-01-18 20:32:49 +00:00
  • 38d0958781 minor fix (for numeric columns with all 0) Miroslav Stampar 2011-01-18 11:42:36 +00:00
  • bdcb10cdab added MSSQL time based vector Miroslav Stampar 2011-01-18 02:05:18 +00:00
  • 3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. Bernardo Damele 2011-01-17 23:43:37 +00:00
  • c2a358561f Proper support for --union-cols Bernardo Damele 2011-01-17 22:57:33 +00:00
  • 35fb50a6ee Major bug fix Bernardo Damele 2011-01-17 22:56:04 +00:00
  • 47565f9459 Minor code refactoring Bernardo Damele 2011-01-17 21:13:59 +00:00
  • 041abb56e2 you can't believe how much man can learn when having good testing points Miroslav Stampar 2011-01-17 13:59:22 +00:00
  • d225c5c9aa was wrong about this one (just now tested on a real site) Miroslav Stampar 2011-01-17 11:00:09 +00:00
  • ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) Miroslav Stampar 2011-01-17 10:27:36 +00:00
  • 34d13be0d3 minor update regarding default page encoding Miroslav Stampar 2011-01-17 10:23:37 +00:00
  • 5c857779c1 important fix for unicode based character inference Miroslav Stampar 2011-01-17 10:15:19 +00:00