sqlmap

PenTest/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-15 02:49:03 +00:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5649

#5658

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5849

#5849

#5852

#5859

#5860

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5890

#5893

#5910

#5913

#5923

#5923

#5930

#5931

#5932

#5940

#5944

#5945

#5945

#5952

#5953

#5957

#5959

#5963

#5963

#5965

#5967

#5970

#5973

#5973

#5980

#5984

#5985

#5995

#5999

#6000

#6001

#6004

#6004

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.10

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.10

1.9.11

1.9.12

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

c4c2cf1d58 can't stay as it is right now. temporary disabling. Miroslav Stampar 2011-02-06 21:17:41 +00:00
d2b96a66a2 one more update regarding last few "unescape" related commits Miroslav Stampar 2011-02-06 20:23:23 +00:00
caaac72029 minor update regarding last commit Miroslav Stampar 2011-02-06 20:15:03 +00:00
6191a7f26f Major fix for a silent bug Bernardo Damele 2011-02-06 15:53:43 +00:00
1bc2ee2fbf Updated Bernardo Damele 2011-02-06 15:44:27 +00:00
8980227d30 Minor bug fix Bernardo Damele 2011-02-06 15:32:16 +00:00
2afc1e5021 Layout adjustments Bernardo Damele 2011-02-06 15:28:23 +00:00
a5a648f4fe Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected. Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug Bernardo Damele 2011-02-06 15:23:27 +00:00
c44978862e Minor reordering of what gets saved into the injection object Bernardo Damele 2011-02-06 15:20:44 +00:00
5ecb75cc56 minor update Miroslav Stampar 2011-02-06 15:14:07 +00:00
f754953c4f reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded. Miroslav Stampar 2011-02-06 12:33:58 +00:00
97f9c9d119 bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values Miroslav Stampar 2011-02-06 12:24:50 +00:00
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') Miroslav Stampar 2011-02-05 14:17:28 +00:00
4df8a03c04 using OrderedDict to store parameters in order of appearance Miroslav Stampar 2011-02-04 18:07:21 +00:00
acb986ae80 minor refactoring Miroslav Stampar 2011-02-04 17:40:55 +00:00
fec88f6a6d Minor fix Bernardo Damele 2011-02-04 15:57:53 +00:00
1e8eb27156 update of doc/THANKS Miroslav Stampar 2011-02-04 14:07:54 +00:00
09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) Miroslav Stampar 2011-02-04 14:05:47 +00:00
14c87ec80d minor fix Miroslav Stampar 2011-02-04 13:29:02 +00:00
f83f1a1e06 minor just in case update Miroslav Stampar 2011-02-04 13:08:54 +00:00
c69b76776e minor refactoring Miroslav Stampar 2011-02-04 13:04:19 +00:00
accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) Miroslav Stampar 2011-02-04 12:43:18 +00:00
c19d481bb1 little clean up Miroslav Stampar 2011-02-04 12:25:14 +00:00
27601babb4 Minor adjustments to levels of boundaries Bernardo Damele 2011-02-04 11:57:47 +00:00
c229efba05 revert Miroslav Stampar 2011-02-04 11:33:21 +00:00
d211def899 minor adjustment (accepting strange new looking uri formats) Miroslav Stampar 2011-02-04 10:55:03 +00:00
1af418d444 huge bug fix Miroslav Stampar 2011-02-04 10:18:26 +00:00
76ab14f20f revert of r3203 Miroslav Stampar 2011-02-04 09:30:20 +00:00
e4933f0c92 refactoring Miroslav Stampar 2011-02-03 23:25:56 +00:00
9a1a28c804 adding comments to filtering function Miroslav Stampar 2011-02-03 23:09:08 +00:00
1aecbe6b08 minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection) Miroslav Stampar 2011-02-03 22:59:26 +00:00
78d696fd4f i believe that this one should be the first level 1 boundary Miroslav Stampar 2011-02-03 21:27:03 +00:00
e5f54644f0 minor "statistical" update Miroslav Stampar 2011-02-03 16:59:49 +00:00
3bd6e538f8 more appropriate Miroslav Stampar 2011-02-03 16:48:27 +00:00
64f18724ad new default UNION test(s) ranges Miroslav Stampar 2011-02-03 16:26:35 +00:00
3a13fd87fd new UNION column detection is going into wild Miroslav Stampar 2011-02-03 16:16:38 +00:00
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) Miroslav Stampar 2011-02-03 15:55:19 +00:00
253a8d0679 Minor bug fix Bernardo Damele 2011-02-03 15:24:36 +00:00
a8fea8e4a8 fix for a bug noticed when using --keep-alive --threads on IIS/MSSQL Miroslav Stampar 2011-02-03 15:09:53 +00:00
b3859824d9 Updated MySQL/Linux 64-bit shared object Bernardo Damele 2011-02-03 15:03:00 +00:00
f8556063c7 Updated MySQL/Linux 32-bit shared object Bernardo Damele 2011-02-03 15:02:30 +00:00
06bb369da5 GCC 4.3 makes Linux/MySQL shared objects smaller Bernardo Damele 2011-02-03 14:59:31 +00:00
12090a86bc Done with PostgreSQL/Linux 64bit shared objects too Bernardo Damele 2011-02-03 14:53:07 +00:00
0edb4ee314 minor fix Miroslav Stampar 2011-02-03 13:28:10 +00:00
4bb7ffcb3a minor update Miroslav Stampar 2011-02-03 13:18:43 +00:00
8cf88dd0da Ready with PgSQL/Linux/32bit shared object too now Bernardo Damele 2011-02-03 12:28:00 +00:00
1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) Miroslav Stampar 2011-02-03 12:21:29 +00:00
5edba2ffbc minor change (conf.updateAll to conf.update) Miroslav Stampar 2011-02-03 11:13:39 +00:00
402c1b622e removing urlencode from UA Miroslav Stampar 2011-02-02 15:18:06 +00:00
5f49e20cc8 adding --random-agent and removing -a Miroslav Stampar 2011-02-02 14:51:12 +00:00
2dae57a56d cosmetics Miroslav Stampar 2011-02-02 14:35:21 +00:00
6c87bd1c63 added maskSensitiveData function Miroslav Stampar 2011-02-02 14:25:16 +00:00
5f0114a2a8 Minor bug fix Bernardo Damele 2011-02-02 14:06:40 +00:00
8134c2154a adding WHERE enum for payloads Miroslav Stampar 2011-02-02 13:34:09 +00:00
d6c9515f78 minor update Miroslav Stampar 2011-02-02 13:03:24 +00:00
847b648e4a minor update Miroslav Stampar 2011-02-02 12:42:55 +00:00
e73a147fb5 minor update Miroslav Stampar 2011-02-02 11:49:59 +00:00
e33428b833 adding __findUnionCharCount function Miroslav Stampar 2011-02-02 11:22:35 +00:00
99aa38b58f minor refactoring Miroslav Stampar 2011-02-02 10:10:28 +00:00
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) Miroslav Stampar 2011-02-02 09:24:37 +00:00
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) Miroslav Stampar 2011-02-01 22:45:38 +00:00
a37f5e05b9 Refactoring Bernardo Damele 2011-02-01 22:27:36 +00:00
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too. Bernardo Damele 2011-02-01 22:07:42 +00:00
2619e4895f Properly handle --technique at save/resume phase Bernardo Damele 2011-02-01 22:05:48 +00:00
3d966bd569 You never know.. Bernardo Damele 2011-02-01 22:05:12 +00:00
d875d848ce Better sort Bernardo Damele 2011-02-01 22:04:48 +00:00
705d45f4db minor cosmetics Miroslav Stampar 2011-02-01 11:10:23 +00:00
196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably Miroslav Stampar 2011-02-01 11:06:56 +00:00
6761933f75 Just.. cosmetics ;) Bernardo Damele 2011-01-31 22:51:14 +00:00
35b6d7278a minor update Miroslav Stampar 2011-01-31 22:50:54 +00:00
25c175a9a5 minor bug fix Miroslav Stampar 2011-01-31 22:34:57 +00:00
b04e1a0313 More detailed message for unhandled exception Bernardo Damele 2011-01-31 21:23:40 +00:00
2fd9621499 Minor adjustments Cosmetics Bernardo Damele 2011-01-31 21:22:39 +00:00
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o Bernardo Damele 2011-01-31 21:21:13 +00:00
8397c526d8 Minor adjustment Bernardo Damele 2011-01-31 21:20:23 +00:00
e3a3ae11cc Proper return from error-based technique enumeration Bernardo Damele 2011-01-31 21:13:29 +00:00
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) Miroslav Stampar 2011-01-31 20:36:01 +00:00
777a19cfa9 LOL. removing that debug 'True' Miroslav Stampar 2011-01-31 16:22:55 +00:00
a80fe28631 one more thing ;) Miroslav Stampar 2011-01-31 16:21:28 +00:00
933d701667 cosmetics Miroslav Stampar 2011-01-31 16:14:44 +00:00
b1dc928e68 implemented validation for time-based inference Miroslav Stampar 2011-01-31 16:07:23 +00:00
25463bc67c fix for a bug (--predict-output) noticed by Bernardo Miroslav Stampar 2011-01-31 15:00:41 +00:00
60a2364f2b now union technique parses headers too Miroslav Stampar 2011-01-31 12:41:39 +00:00
8ef47307db added checking of header values for GREP (error); still UNION to do Miroslav Stampar 2011-01-31 12:21:17 +00:00
a6f2cd56ff removed junky import Miroslav Stampar 2011-01-31 11:59:58 +00:00
6393495eb0 comment added Miroslav Stampar 2011-01-31 11:58:35 +00:00
1b4d68c844 minor update Miroslav Stampar 2011-01-31 11:56:20 +00:00
fb3513650d adding ID properties Miroslav Stampar 2011-01-31 11:41:28 +00:00
f9eac97fe8 refactoring of MSSQL XML banner parsing Miroslav Stampar 2011-01-31 11:38:00 +00:00
14de5809ea update Miroslav Stampar 2011-01-31 11:08:58 +00:00
7175efcae1 another minor cosmetic update Miroslav Stampar 2011-01-31 10:59:51 +00:00
97328c3104 minor fix Miroslav Stampar 2011-01-31 10:54:13 +00:00
5e768be509 minor bug fix Miroslav Stampar 2011-01-31 09:34:54 +00:00
f7feebe0df fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) Miroslav Stampar 2011-01-31 09:28:16 +00:00
9fc0bedea8 Minor bug fixes Bernardo Damele 2011-01-30 21:01:57 +00:00
2a0b03e5c6 Unused import Bernardo Damele 2011-01-30 17:07:27 +00:00
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) Miroslav Stampar 2011-01-30 17:03:06 +00:00
21e7223779 perhaps this is better english Bernardo Damele 2011-01-30 16:34:13 +00:00
8278d821ac Another layout adjustment Bernardo Damele 2011-01-30 16:23:19 +00:00
71d82e6f57 Minor layout adjustment Bernardo Damele 2011-01-30 16:19:58 +00:00

... 83 84 85 86 87 ...