sqlmap

PenTest/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-18 04:19:01 +00:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5649

#5658

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5849

#5849

#5852

#5859

#5860

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5890

#5893

#5910

#5913

#5923

#5923

#5930

#5931

#5932

#5940

#5944

#5945

#5945

#5952

#5953

#5957

#5959

#5963

#5963

#5965

#5967

#5970

#5973

#5973

#5980

#5984

#5985

#5995

#5999

#6000

#6001

#6004

#6004

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.10

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.10

1.9.11

1.9.12

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

8b130f6497 minor improvement for reflective values (when missing first part of payload like in error reports) Miroslav Stampar 2012-04-11 15:01:28 +00:00
01bd5d0ab2 some more updates for reflective mechanism Miroslav Stampar 2012-04-11 10:41:33 +00:00
2e92d8636e improvement of reflective mechanism Miroslav Stampar 2012-04-11 08:58:03 +00:00
60ca44e0cf minor adjustment Miroslav Stampar 2012-04-11 08:35:09 +00:00
e33ea7c33a minor fix Miroslav Stampar 2012-04-10 22:29:39 +00:00
8541222080 minor update Miroslav Stampar 2012-04-10 22:26:42 +00:00
9c2f244d47 minor fix Miroslav Stampar 2012-04-10 22:20:53 +00:00
a82206cec4 minor cosmetics Miroslav Stampar 2012-04-10 21:57:00 +00:00
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate Miroslav Stampar 2012-04-10 21:48:34 +00:00
698b7a15d9 minor update Miroslav Stampar 2012-04-07 14:14:26 +00:00
8c6eb4faa9 adding support for PgSQL DNS data exfiltration Miroslav Stampar 2012-04-07 14:06:11 +00:00
b2afa87e48 reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases) Miroslav Stampar 2012-04-06 08:42:36 +00:00
2223c884e5 minor refactoring Miroslav Stampar 2012-04-05 12:55:26 +00:00
02924eb345 minor update Miroslav Stampar 2012-04-04 23:47:06 +00:00
e0994947e2 minor update Miroslav Stampar 2012-04-04 23:37:50 +00:00
b1dd03731a minor cosmetics Miroslav Stampar 2012-04-04 23:34:08 +00:00
83387d92bb minor bug fix Miroslav Stampar 2012-04-04 23:32:20 +00:00
c89a4162e2 bug fix for --dns-domain with --technique=TS Miroslav Stampar 2012-04-04 18:01:39 +00:00
80228f67f6 removed newline Bernardo Damele 2012-04-04 13:49:03 +00:00
e23efabf86 removed unuseful spaces Bernardo Damele 2012-04-04 13:36:18 +00:00
c051d7fecc Prefer xp_dirtree Bernardo Damele 2012-04-04 13:29:25 +00:00
098c7c06dd added few comments Miroslav Stampar 2012-04-04 13:24:58 +00:00
a5b69eaea4 removing unused imports Miroslav Stampar 2012-04-04 13:18:14 +00:00
52796bb4da revert Bernardo Damele 2012-04-04 13:02:50 +00:00
a4b95ab7dd works against MySQL/Windows Miroslav Stampar 2012-04-04 12:49:45 +00:00
a1d97e9d7b Add a space after a comment Bernardo Damele 2012-04-04 12:48:21 +00:00
025c531d22 leftover Bernardo Damele 2012-04-04 12:44:25 +00:00
c0946ce2c9 Minor refactoring Bernardo Damele 2012-04-04 12:42:58 +00:00
75d1dab895 more cosmetics Bernardo Damele 2012-04-04 12:33:16 +00:00
d106fb5184 layout adjustments Bernardo Damele 2012-04-04 12:27:24 +00:00
1b2cd44255 proper fix Miroslav Stampar 2012-04-04 10:35:52 +00:00
7031ef8e00 removing default values for referer and host from higher level/risk options Miroslav Stampar 2012-04-04 10:34:27 +00:00
1f82d29a36 switch two conditional payloads for proper detection Bernardo Damele 2012-04-04 10:11:48 +00:00
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') Miroslav Stampar 2012-04-04 09:25:05 +00:00
d5b4b7996a minor revert Bernardo Damele 2012-04-04 00:09:47 +00:00
049c27c739 improved detection for INSERT and UPDATE statements Bernardo Damele 2012-04-03 23:29:06 +00:00
11546cdb6e minor refactoring Miroslav Stampar 2012-04-03 19:09:35 +00:00
5851badff1 minor refactoring Miroslav Stampar 2012-04-03 14:46:09 +00:00
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) Miroslav Stampar 2012-04-03 14:34:15 +00:00
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode Miroslav Stampar 2012-04-03 14:04:07 +00:00
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique Miroslav Stampar 2012-04-03 13:56:11 +00:00
7fb190f3b1 minor fix Miroslav Stampar 2012-04-03 12:35:19 +00:00
886aa22efc minor update Miroslav Stampar 2012-04-03 12:19:37 +00:00
503988887c minor update Miroslav Stampar 2012-04-03 10:43:46 +00:00
78f51fd2e5 minor fix Miroslav Stampar 2012-04-03 10:18:03 +00:00
2504f4edb8 minor fixes Miroslav Stampar 2012-04-03 10:10:33 +00:00
e05109812f minor improvements regarding data retrieval through DNS channel Miroslav Stampar 2012-04-03 09:18:30 +00:00
46cfa64d81 minor update Miroslav Stampar 2012-04-02 21:06:57 +00:00
5f94987b0f fix for DNS method for MSSQL Miroslav Stampar 2012-04-02 17:28:18 +00:00
2c28423cb8 minor update Miroslav Stampar 2012-04-02 14:57:15 +00:00
8a9d09f79b minor fixes Miroslav Stampar 2012-04-02 14:11:23 +00:00
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi Miroslav Stampar 2012-04-02 14:05:30 +00:00
1e01203562 few just in case "patches" Miroslav Stampar 2012-04-02 12:58:10 +00:00
d908d078dd minor fix Miroslav Stampar 2012-04-02 12:27:30 +00:00
abffc39929 minor update regarding DNS data retrieval task Miroslav Stampar 2012-04-02 12:22:40 +00:00
f7a664b120 enablind DNS server for DNS data exfiltration Miroslav Stampar 2012-03-31 12:08:27 +00:00
8be9cd4ac4 bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value) Miroslav Stampar 2012-03-31 10:22:50 +00:00
40a7232de6 Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings) Bernardo Damele 2012-03-30 16:27:08 +00:00
429b8396e9 minor update for DNSServer support Miroslav Stampar 2012-03-30 13:20:29 +00:00
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection Miroslav Stampar 2012-03-30 10:50:01 +00:00
79c3d6f2aa minor update Miroslav Stampar 2012-03-30 10:37:46 +00:00
6acf6b193a minor update regarding boolean logic comparison mechanism Miroslav Stampar 2012-03-30 09:42:58 +00:00
5469186540 minor comment update Miroslav Stampar 2012-03-29 14:35:47 +00:00
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism Miroslav Stampar 2012-03-29 14:33:27 +00:00
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code Miroslav Stampar 2012-03-29 13:39:12 +00:00
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values Miroslav Stampar 2012-03-29 12:44:20 +00:00
c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) Miroslav Stampar 2012-03-29 09:56:09 +00:00
60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) Miroslav Stampar 2012-03-28 19:33:00 +00:00
9433bbe26d memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed) Miroslav Stampar 2012-03-28 19:27:12 +00:00
7d131d1fb1 minor update Miroslav Stampar 2012-03-28 13:46:31 +00:00
7fd64df167 minor code cleaning Miroslav Stampar 2012-03-28 13:31:07 +00:00
769b0d0ae7 more minor updates regarding data retrieval through DNS channel Miroslav Stampar 2012-03-27 19:29:24 +00:00
9199ce5054 minor update Miroslav Stampar 2012-03-27 19:07:17 +00:00
1b072f6415 laying foundation for DNS based data retrieval Miroslav Stampar 2012-03-27 18:59:12 +00:00
645fc8a21c minor refactoring Miroslav Stampar 2012-03-27 08:31:48 +00:00
3abcd6910a strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test Miroslav Stampar 2012-03-22 00:06:50 +00:00
e88687b1f0 revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection) Miroslav Stampar 2012-03-21 23:15:59 +00:00
524c1d38ad making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message) Miroslav Stampar 2012-03-21 23:03:57 +00:00
11132ba993 fix for a bug in reflection removal mechanism Miroslav Stampar 2012-03-19 14:28:18 +00:00
8e7d360ea2 cleaner refactoring regarding last commit Miroslav Stampar 2012-03-19 12:03:25 +00:00
401763b6f8 minor fix (it has to be level 1 array like it was with the previous re.findall mechanism) Miroslav Stampar 2012-03-19 12:00:22 +00:00
72c5b034bf minor update Miroslav Stampar 2012-03-19 11:50:38 +00:00
cb8caf7e0f i am not very bright today :) Miroslav Stampar 2012-03-19 11:23:23 +00:00
d5915e5d44 one other fix Miroslav Stampar 2012-03-19 11:19:26 +00:00
7abfa2e6d4 minor fix Miroslav Stampar 2012-03-19 11:18:00 +00:00
cce5c3c009 minor changes for version numbers Miroslav Stampar 2012-03-19 11:07:03 +00:00
037db9b3b8 minor removal of older stuff Miroslav Stampar 2012-03-19 09:38:27 +00:00
da7f4eeffd removing left over Miroslav Stampar 2012-03-18 17:33:14 +00:00
0fc4288a7c modifying redirection code for only two choices Miroslav Stampar 2012-03-18 17:27:08 +00:00
c03d0e24fb it must stay as is Bernardo Damele 2012-03-16 17:42:00 +00:00
3505503a08 no need to return here Bernardo Damele 2012-03-16 17:30:16 +00:00
942d9e4fa8 code cleanup Bernardo Damele 2012-03-16 17:27:24 +00:00
a1c943fc79 Major bug fix to comparison algorithm with OR based boolean-based injections Bernardo Damele 2012-03-16 17:22:55 +00:00
d66056fe39 one more related commit Miroslav Stampar 2012-03-16 13:16:53 +00:00
ac02a2d92c minor fix Miroslav Stampar 2012-03-16 13:14:14 +00:00
cbdcbdd786 minor minor update Miroslav Stampar 2012-03-16 11:18:18 +00:00
b130a9e14e minor fix (writing to HashDB on any interrupt) Miroslav Stampar 2012-03-16 10:15:43 +00:00
577caac4de putting kb.negativeLogic setting to the safe place Miroslav Stampar 2012-03-16 09:17:11 +00:00
209e795369 minor just in case update Miroslav Stampar 2012-03-16 09:02:17 +00:00
adb5fff6b2 one more update related to the redirection mechanism Miroslav Stampar 2012-03-15 20:17:40 +00:00

... 66 67 68 69 70 ...