PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-16 19:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • b5f090cc4f Minor bug fix Bernardo Damele 2011-05-10 15:48:48 +00:00
  • 3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches Bernardo Damele 2011-05-10 15:34:54 +00:00
  • 707edc7b1a fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along) Miroslav Stampar 2011-05-10 13:28:07 +00:00
  • 1dea609019 fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query) Miroslav Stampar 2011-05-10 12:51:37 +00:00
  • a64407d9db minor bug fix for multithreading and lots of connection retries Miroslav Stampar 2011-05-10 12:40:01 +00:00
  • 22a1870c2c adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 Miroslav Stampar 2011-05-10 12:32:07 +00:00
  • 49b925772b Minor update Bernardo Damele 2011-05-10 10:56:06 +00:00
  • b713b18fd2 minor fix for a bug spotted on Sybase Miroslav Stampar 2011-05-09 16:09:18 +00:00
  • ac74557614 Minor adjustment for --dump-all Bernardo Damele 2011-05-08 10:25:40 +00:00
  • ec4d9178f8 minor update related to the previous commit Miroslav Stampar 2011-05-08 06:28:58 +00:00
  • 4d6e7c738c minor update Miroslav Stampar 2011-05-08 06:17:43 +00:00
  • 356037ca22 cosmetics Bernardo Damele 2011-05-08 02:11:34 +00:00
  • 9955483052 Major improvement for --dump. Minor improvement for --dump-all. Minor bug fix for infinite loop Bernardo Damele 2011-05-08 02:08:18 +00:00
  • 8179fd63c0 Minor fix Bernardo Damele 2011-05-07 23:48:03 +00:00
  • d3589493d1 Temporary fix for bug reported by ultramegaman (infinite loop) Bernardo Damele 2011-05-07 23:28:59 +00:00
  • 6e784e766b Minor bug fix Bernardo Damele 2011-05-07 21:20:47 +00:00
  • 6653907700 forgot in last commit Bernardo Damele 2011-05-07 21:13:56 +00:00
  • 1151af52bb More fix for save/resume of --technique Bernardo Damele 2011-05-07 21:08:14 +00:00
  • 28a4ae8eaf Minor improvement to cleanup script Bernardo Damele 2011-05-06 13:53:10 +00:00
  • d2a71d647b minor update Miroslav Stampar 2011-05-06 13:38:58 +00:00
  • 9652efa995 minor update Miroslav Stampar 2011-05-06 13:34:03 +00:00
  • 079ddf84b2 updating FAQ Miroslav Stampar 2011-05-06 11:19:49 +00:00
  • aae140080e SVN roll back, DB2 patch will be recommitted after testing: Bernardo Damele 2011-05-06 10:27:43 +00:00
  • 42bca80968 removing blank lines and adding newline at the end of files Miroslav Stampar 2011-05-06 09:35:53 +00:00
  • 6e392b6054 applying contributed patch for DB2 Miroslav Stampar 2011-05-06 09:30:39 +00:00
  • 2d8408c885 More fix for --technique resume Bernardo Damele 2011-05-05 16:38:46 +00:00
  • e96a533a04 Bug fix to resume of --technique Bernardo Damele 2011-05-05 15:18:33 +00:00
  • eea96c5b8d code cleanup Bernardo Damele 2011-05-05 08:50:18 +00:00
  • b12aa8a56f added mime type octet to README.pdf Miroslav Stampar 2011-05-05 08:17:23 +00:00
  • b324b99f6e minor update of warning message Miroslav Stampar 2011-05-04 10:41:08 +00:00
  • 83fac3f6d9 fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase) Miroslav Stampar 2011-05-03 21:12:51 +00:00
  • e6f010734e minor fix for cases when the retrieved output is safe encoded (like for --os-shell) Miroslav Stampar 2011-05-03 16:14:03 +00:00
  • 4d4e3802e4 decoding of chars for --os-shell Miroslav Stampar 2011-05-03 15:31:12 +00:00
  • 2976ed7e90 Updated user's manual, added details about URI injection Bernardo Damele 2011-05-03 14:47:01 +00:00
  • dac59a55bc leftover Bernardo Damele 2011-05-03 14:14:39 +00:00
  • c58dc4a6d8 isDbmsWithin() must stay like this, no getIdentifiedDbms() in there Bernardo Damele 2011-05-03 14:13:45 +00:00
  • 742b0ef76e major improvement of ERROR data retrieval on MSSQL Miroslav Stampar 2011-05-03 13:25:20 +00:00
  • 2a7838928e minor fancier --replicate update Miroslav Stampar 2011-05-03 11:48:04 +00:00
  • b202d73b46 bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally) Miroslav Stampar 2011-05-03 11:09:30 +00:00
  • b2f6ce9716 updated documentation Bernardo Damele 2011-05-03 10:57:55 +00:00
  • 1840b0e43b fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo) Miroslav Stampar 2011-05-03 10:22:38 +00:00
  • 1e6c2fea74 update regarding warning for --random-agent during connection timeout in connection test phase Miroslav Stampar 2011-05-03 10:05:42 +00:00
  • eceb5eca7b fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla) Miroslav Stampar 2011-05-02 21:55:06 +00:00
  • 6cff3e97f4 cosmetics Bernardo Damele 2011-05-02 21:48:08 +00:00
  • 06498796b9 minor cosmetics Miroslav Stampar 2011-05-02 20:51:53 +00:00
  • b327a78522 minor minor update of the last commit Miroslav Stampar 2011-05-02 19:24:49 +00:00
  • 0bb7d715a7 more user friendliness/handiness for users which mix Linux and Windows paths where they shouldn't do that Miroslav Stampar 2011-05-02 19:18:28 +00:00
  • 845618934d update of doc/THANKS Miroslav Stampar 2011-05-02 18:20:37 +00:00
  • 5e9620198c fix for a privately reported bug ("AttributeError: item is disabled") Miroslav Stampar 2011-05-02 18:18:04 +00:00
  • 93dee30895 better fix for the previous commit Miroslav Stampar 2011-05-02 13:34:55 +00:00
  • 20ad1c1f2f minor update to not confuse users when using -o Miroslav Stampar 2011-05-02 13:24:35 +00:00
  • f8c3086d15 minor minor update Miroslav Stampar 2011-05-02 12:37:54 +00:00
  • 098f53d57a patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1') Miroslav Stampar 2011-05-02 12:34:35 +00:00
  • ac2550535c Proper fix for --technique=U bug Bernardo Damele 2011-05-01 23:42:41 +00:00
  • 8e8886cd20 minor improvement for --sql-shell/--sql-query (when non-SELECT default is N for retrieve data output which automatically does STACKED injection) Miroslav Stampar 2011-05-01 21:41:14 +00:00
  • 900ee0ff93 fix for a major bug reported by k1971@live.co.uk (1..9 99..) Miroslav Stampar 2011-05-01 15:47:00 +00:00
  • 494503b334 proper way to deal with generic cases Miroslav Stampar 2011-05-01 08:04:08 +00:00
  • fcd69ba9c7 fix for a --technique=U Miroslav Stampar 2011-05-01 07:37:22 +00:00
  • ebe631ea57 doc update Bernardo Damele 2011-05-01 00:43:42 +00:00
  • 64bb480414 Do not raise otherwise it won't work with --schema Bernardo Damele 2011-04-30 23:20:16 +00:00
  • 41fc9f9d54 fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2') Miroslav Stampar 2011-04-30 22:41:54 +00:00
  • d5eeb91b35 Aligned Sybase and MaxDB to recent enhancements to --dbs, --tables and --columns Bernardo Damele 2011-04-30 22:11:36 +00:00
  • b31b861d7b Major rewrote of --columns: now it accepts -D only (enumerate all tables' columns of a specific database), -D and -T (enumerate all columns of a specific database's table), -T (enumerate all columns of a current database's table), etc. Bernardo Damele 2011-04-30 22:10:27 +00:00
  • 284c69a686 Improved --tables for MSSQL too, like r3798 Bernardo Damele 2011-04-30 22:05:02 +00:00
  • aeb149db22 Proper ordering of enumeration methods, consistent with the others enumeration classes Bernardo Damele 2011-04-30 22:04:08 +00:00
  • 955dbc85e7 Minor variable rename Bernardo Damele 2011-04-30 15:29:59 +00:00
  • cb9b9c4204 Code refactoring and improvements to --dbs and --tables: now --tables accepts also -D CD as an alias for Current Database and as usual multiple database comma-separated are supported too Bernardo Damele 2011-04-30 15:29:19 +00:00
  • b3a0424269 More Backend class method usage refactoring Bernardo Damele 2011-04-30 15:24:15 +00:00
  • 00f14bec5f layout adjustment Bernardo Damele 2011-04-30 15:22:33 +00:00
  • 9a4ae7d9e2 More code refactoring of Backend class methods used Bernardo Damele 2011-04-30 14:54:29 +00:00
  • 2f2758b033 Long form contributor name Bernardo Damele 2011-04-30 14:51:06 +00:00
  • 36a9ddaacc Minor bug fixes and code restyling for --privileges and --passwords Bernardo Damele 2011-04-30 14:50:27 +00:00
  • f56d135438 Minor code restyling Bernardo Damele 2011-04-30 13:20:05 +00:00
  • 983546d6bf proper fix Miroslav Stampar 2011-04-30 07:01:21 +00:00
  • 1a052245a6 duplicate code Bernardo Damele 2011-04-30 00:25:15 +00:00
  • a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided Bernardo Damele 2011-04-30 00:22:22 +00:00
  • 529595fd85 Moved method below Bernardo Damele 2011-04-29 22:37:43 +00:00
  • 956e75e2b5 Minor adjustment to --mobile. Bug fix to --random-agent. Bernardo Damele 2011-04-29 21:50:48 +00:00
  • 14bf6abb7e Minor layout adjustment Bernardo Damele 2011-04-29 21:40:48 +00:00
  • f449688f93 Proper resume of --schema data when calling with --columns switch, minor fixes too Bernardo Damele 2011-04-29 21:17:59 +00:00
  • a23ca952e4 Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason Bernardo Damele 2011-04-29 21:09:07 +00:00
  • 46f96f3c4c removing Kindle from list as it's not really a smartphone Miroslav Stampar 2011-04-29 19:32:30 +00:00
  • 11124b21f9 implemented --mobile switch Miroslav Stampar 2011-04-29 19:27:23 +00:00
  • b299912de4 fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost Miroslav Stampar 2011-04-29 16:56:02 +00:00
  • 6bb4dce3aa minor refactoring Miroslav Stampar 2011-04-29 15:22:32 +00:00
  • a2bb0d72e8 fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer) Miroslav Stampar 2011-04-29 14:40:28 +00:00
  • a6015b59df fix for a bug reported by jaccovantuijl@gmail.​com (entries = zip(*[entries[colName] for colName in colList])) Miroslav Stampar 2011-04-29 14:33:47 +00:00
  • 9927f5a7db Let --schema work also for Sybase and MaxDB Bernardo Damele 2011-04-29 00:02:28 +00:00
  • edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema Bernardo Damele 2011-04-28 23:59:00 +00:00
  • d3ed3268c3 minor adjustments Bernardo Damele 2011-04-28 21:17:06 +00:00
  • 8e63e1b70d more people to thanks Bernardo Damele 2011-04-28 21:15:15 +00:00
  • 3e66dae103 as we don't use UPX anymore.. Bernardo Damele 2011-04-28 20:54:21 +00:00
  • 441c288dd9 cosmeticados Bernardo Damele 2011-04-25 00:36:09 +00:00
  • 98f9f3e774 Minor bug fix in local shellcodeexec for Windows path Bernardo Damele 2011-04-25 00:03:12 +00:00
  • e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that: * It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime. * shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product. * shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX). * UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software. shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec. Minor code refactoring. Bernardo Damele 2011-04-24 23:01:21 +00:00
  • d0a534dee5 Do not even prompt for ICMP tunnel if the target OS is not Windows Bernardo Damele 2011-04-23 21:57:07 +00:00
  • d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch Bernardo Damele 2011-04-23 16:25:09 +00:00
  • 75142b383d huge speed up (4x times faster) Miroslav Stampar 2011-04-22 21:00:42 +00:00
  • f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) Miroslav Stampar 2011-04-22 19:58:10 +00:00
  • 493b9adf8e speed up of resume values (compiled regexes used) Miroslav Stampar 2011-04-22 19:27:41 +00:00