Merged back from personal branch to trunk (svn merge -r846:940 ...)

Changes: * Major enhancement to the Microsoft SQL Server stored procedure heap-based buffer overflow exploit (--os-bof) to automatically bypass DEP memory protection. * Added support for MySQL and PostgreSQL to execute Metasploit shellcode via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an option instead of uploading the standalone payload stager executable. * Added options for MySQL, PostgreSQL and Microsoft SQL Server to read/add/delete Windows registry keys. * Added options for MySQL and PostgreSQL to inject custom user-defined functions. * Added support for --first and --last so the user now has even more granularity in what to enumerate in the query output. * Minor enhancement to save the session by default in 'output/hostname/session' file if -s option is not specified. * Minor improvement to automatically remove sqlmap created temporary files from the DBMS underlying file system. * Minor bugs fixed. * Major code refactoring.
2026-01-21 21:59:20 +00:00 · 2009-09-25 23:03:45 +00:00
parent 458d59416c
commit 89c43893d4
52 changed files with 1698 additions and 647 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -137,6 +137,7 @@ def start():
            logMsg = "testing url %s" % targetUrl
            logger.info(logMsg)

+        createTargetDirs()
        initTargetEnv()

        if not checkConnection() or not checkString() or not checkRegexp():
@@ -259,7 +260,6 @@ def start():

            if condition:
                checkForParenthesis()
-                createTargetDirs()
                action()

    if conf.loggedToOut: