sqlmap

PenTest/sqlmap

Fork 0

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-14 18:39:05 +00:00

Commit Graph

Select branches

Hide Pull Requests

gh-pages

master

#102

#102

#1029

#1033

#1037

#1053

#1053

#107

#107

#1112

#1186

#1206

#1227

#1227

#1244

#1244

#1246

#1246

#1300

#1300

#1306

#1306

#1323

#1323

#1328

#1330

#1342

#1342

#1351

#1378

#1378

#1402

#1403

#1403

#1414

#1449

#1449

#1469

#1469

#1500

#1535

#1543

#1565

#1565

#1611

#1611

#1614

#1637

#1678

#1681

#1681

#1700

#1700

#1710

#1727

#1727

#1728

#1732

#1733

#1735

#1740

#1762

#1762

#1763

#1763

#1776

#1776

#1795

#1795

#1805

#1805

#1843

#1843

#1856

#1856

#1898

#1922

#1922

#2011

#2086

#2089

#2134

#2138

#2169

#2169

#2170

#2240

#2250

#2289

#2289

#232

#232

#2323

#2347

#2347

#2350

#2350

#2359

#2369

#2369

#2374

#2378

#2389

#2389

#2397

#2397

#2401

#2410

#2411

#2417

#2417

#2418

#2420

#2420

#2439

#2480

#2481

#2481

#2506

#2506

#252

#252

#2537

#2555

#2590

#2597

#2613

#2613

#2616

#2616

#2618

#2620

#2663

#2663

#2666

#2666

#2667

#2667

#269

#269

#2690

#2690

#2692

#2692

#2695

#2728

#2731

#2732

#2732

#2733

#2733

#2734

#2734

#2742

#2742

#2751

#2751

#2752

#2752

#2756

#2756

#2761

#2782

#2791

#2807

#2807

#2817

#2817

#2823

#2823

#284

#284

#2883

#2883

#2903

#2903

#2904

#2904

#2905

#2905

#2906

#2906

#2931

#2933

#2933

#2951

#2967

#2992

#3009

#3009

#3087

#3087

#3116

#3153

#3153

#3174

#3174

#3188

#320

#320

#321

#321

#3231

#3233

#3233

#3236

#3267

#3267

#3274

#3274

#3316

#3322

#3323

#3326

#3349

#3350

#3351

#3352

#3372

#3376

#3383

#3396

#3398

#3407

#3414

#3416

#3418

#3423

#3432

#3437

#3442

#3443

#3445

#3458

#3472

#3479

#3482

#3488

#3527

#3536

#3573

#3574

#3575

#3579

#3590

#3609

#3645

#3684

#375

#375

#3802

#3855

#3856

#3881

#3896

#39

#39

#3917

#3952

#3955

#3958

#3959

#3965

#3966

#3969

#3970

#3992

#3996

#400

#400

#4007

#4022

#4032

#4033

#4034

#4039

#4041

#4058

#4059

#4077

#4092

#4098

#4099

#41

#41

#4121

#413

#413

#4145

#4146

#4184

#4192

#4198

#4205

#4216

#4218

#4219

#4229

#4243

#4266

#4267

#4279

#4291

#4305

#4323

#4326

#4327

#4344

#4347

#4365

#4374

#4378

#4379

#4385

#4387

#4427

#4429

#4431

#4460

#4501

#4506

#4509

#4573

#4586

#4619

#4620

#4632

#4632

#4633

#4635

#4635

#4643

#4644

#4656

#4657

#466

#466

#4663

#4687

#4691

#4692

#47

#47

#4701

#4732

#4740

#475

#475

#4750

#4815

#4832

#4833

#4833

#4852

#4878

#4918

#4937

#4964

#4975

#4983

#4992

#4998

#5006

#5013

#5021

#5032

#5038

#5055

#5059

#506

#506

#507

#507

#5070

#5095

#5109

#5111

#512

#512

#5127

#5128

#5143

#5156

#5172

#5175

#5175

#5176

#5189

#5198

#5206

#5215

#5229

#5235

#5253

#5260

#5266

#5273

#5288

#53

#53

#530

#530

#5300

#5302

#5305

#5311

#5345

#5354

#5354

#5355

#5356

#536

#536

#5361

#5366

#5377

#5384

#539

#539

#5393

#5395

#5410

#5436

#5436

#5439

#5439

#544

#544

#5443

#5443

#5459

#5475

#5478

#5478

#5490

#5497

#5501

#5507

#5551

#5552

#5553

#5554

#5555

#5556

#5569

#5580

#5586

#5588

#5590

#5592

#5597

#5598

#5599

#5603

#5604

#5609

#5617

#5621

#5625

#5649

#5658

#5665

#5667

#5677

#5679

#5685

#5685

#5687

#5688

#5690

#5692

#5693

#5699

#5702

#5706

#5715

#5721

#5736

#5750

#5751

#5760

#5764

#5765

#5777

#578

#5820

#5821

#5824

#5825

#5825

#583

#5840

#5841

#5842

#5842

#5845

#5849

#5849

#5852

#5859

#5860

#5864

#5869

#5871

#5873

#5874

#5877

#5878

#5881

#5883

#5890

#5893

#5910

#5913

#5923

#5923

#5930

#5931

#5932

#5940

#5944

#5945

#5945

#5952

#5953

#5957

#5959

#5963

#5963

#5965

#5967

#5970

#5973

#5973

#5980

#5984

#5985

#5995

#5999

#6000

#6001

#6004

#6004

#63

#672

#672

#682

#682

#684

#686

#701

#713

#713

#714

#73

#73

#74

#74

#744

#749

#756

#766

#766

#779

#803

#835

#848

#848

#855

#855

#86

#86

#952

#973

#977

#977

#98

#98

#99

#99

0.19

0.6.2

0.6.3

0.6.4

0.7

0.7-rc1

0.8

0.8-rc2

0.8-rc3

0.8-rc4

0.9

1.0

1.0.10

1.0.11

1.0.12

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1

1.1.10

1.1.11

1.1.12

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.10

1.2

1.2.10

1.2.11

1.2.12

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3

1.3.10

1.3.11

1.3.12

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4

1.4.10

1.4.11

1.4.12

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.10

1.5.11

1.5.12

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7

1.7.1

1.7.10

1.7.11

1.7.12

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8

1.8.1

1.8.10

1.8.11

1.8.12

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9

1.9.10

1.9.11

1.9.12

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique Bernardo Damele 2011-01-30 14:19:50 +00:00
bc8f1142c9 minor revert Miroslav Stampar 2011-01-30 11:41:58 +00:00
ddf23ba7cc refactoring Miroslav Stampar 2011-01-30 11:36:03 +00:00
3060c369a5 minor fix for previous commit Miroslav Stampar 2011-01-30 07:44:47 +00:00
1abf354630 minor update Miroslav Stampar 2011-01-30 07:41:09 +00:00
d63339ca26 minor bug fix Miroslav Stampar 2011-01-30 07:34:07 +00:00
e8883de2c6 minor update regarding unicode decoding of supplied arguments Miroslav Stampar 2011-01-29 23:01:39 +00:00
367d0639f0 refactoring (class names should always be Capital cased) Miroslav Stampar 2011-01-28 16:36:09 +00:00
ddd296030d added some more info to unhandled exception message(s) Miroslav Stampar 2011-01-28 16:15:45 +00:00
a184a4c772 major of majors bug fix Miroslav Stampar 2011-01-28 14:31:25 +00:00
0f4fb156d3 major bug fix Miroslav Stampar 2011-01-28 14:09:28 +00:00
b1c7a17163 fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str)) Miroslav Stampar 2011-01-28 13:26:20 +00:00
b98cbeee04 page for handling binary files Miroslav Stampar 2011-01-27 22:00:34 +00:00
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels Miroslav Stampar 2011-01-27 19:44:24 +00:00
49aeb41be8 quick bug fix for FALSE positives with UNION based technique Miroslav Stampar 2011-01-27 18:49:44 +00:00
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) Miroslav Stampar 2011-01-27 18:36:28 +00:00
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) Miroslav Stampar 2011-01-27 16:55:58 +00:00
539168dcca sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there) Miroslav Stampar 2011-01-27 13:40:42 +00:00
bb6e36fb02 minor updates Miroslav Stampar 2011-01-27 12:38:39 +00:00
3bb4ea2c7a THANKS update Miroslav Stampar 2011-01-25 22:29:36 +00:00
10b723f196 minor fix for a bug reported by yonnym@googlemail.com Miroslav Stampar 2011-01-25 22:26:28 +00:00
430fd5cd63 minor fixes Miroslav Stampar 2011-01-25 16:05:06 +00:00
20df2bbd10 minor fix Miroslav Stampar 2011-01-25 15:44:45 +00:00
d3ddaba7be minor refactoring Miroslav Stampar 2011-01-25 13:04:13 +00:00
c7f260a8bc minor update Miroslav Stampar 2011-01-25 12:54:49 +00:00
98e48bd682 new script Miroslav Stampar 2011-01-25 12:48:50 +00:00
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) Miroslav Stampar 2011-01-25 11:02:41 +00:00
5692506131 this was bad thing to have Miroslav Stampar 2011-01-25 01:08:38 +00:00
5aa958a146 ASCII & CHR is quite common, so removing this one Miroslav Stampar 2011-01-24 22:51:15 +00:00
a1619f84b6 changing level of last payload Miroslav Stampar 2011-01-24 22:31:26 +00:00
8155f95b82 new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted") Miroslav Stampar 2011-01-24 22:28:54 +00:00
9f76468005 another premiere, yeeej. IDSes, watch yourself :) Miroslav Stampar 2011-01-24 21:30:46 +00:00
2fb0c946d2 minor update Miroslav Stampar 2011-01-24 21:21:47 +00:00
15645f50d4 world premiere :) Miroslav Stampar 2011-01-24 21:21:11 +00:00
50969d238b minor update Miroslav Stampar 2011-01-24 17:51:56 +00:00
440264341c minor update Miroslav Stampar 2011-01-24 17:43:25 +00:00
0eea5665b2 minor update Miroslav Stampar 2011-01-24 17:41:36 +00:00
b0dc6c24eb Moved Bernardo Damele 2011-01-24 17:04:49 +00:00
6cc69f5e16 now --technique is appliable also after the injections have been identified Miroslav Stampar 2011-01-24 16:47:24 +00:00
c188996627 patch for possible query optimization (avoid precalculation of 1/0) Miroslav Stampar 2011-01-24 16:21:27 +00:00
81011be0d7 minor update of parseTargetUrl method Miroslav Stampar 2011-01-24 14:52:50 +00:00
ceca64193b Updated Bernardo Damele 2011-01-24 14:46:41 +00:00
4093599f38 added parseTargetUrl to redirect choice Miroslav Stampar 2011-01-24 14:45:35 +00:00
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads Bernardo Damele 2011-01-24 12:25:45 +00:00
8d0c2efbe2 unescaping of char marked payloads Miroslav Stampar 2011-01-24 12:00:16 +00:00
4441e11f68 fix for case -r with no params and cookie available Miroslav Stampar 2011-01-24 11:26:51 +00:00
47fa600c04 Minor fix and cosmetics Bernardo Damele 2011-01-24 11:12:33 +00:00
a3e3387113 fix for proper Firebird resume of version Miroslav Stampar 2011-01-24 11:04:32 +00:00
eb33612736 fix Miroslav Stampar 2011-01-24 10:20:17 +00:00
c1145c244e fix for user-agent injections Miroslav Stampar 2011-01-23 23:23:30 +00:00
818c9787b2 minor update Miroslav Stampar 2011-01-23 21:20:16 +00:00
b18397fbc7 major revisit of --os-shell methods Miroslav Stampar 2011-01-23 20:47:06 +00:00
ff7707579f minor improvement Miroslav Stampar 2011-01-23 11:35:24 +00:00
f5ff78d40c revert Miroslav Stampar 2011-01-23 11:21:27 +00:00
db76bcb327 fix for cases when mixing ingres dbms with spanish word "ingresa" Miroslav Stampar 2011-01-23 11:19:10 +00:00
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message Miroslav Stampar 2011-01-23 10:51:57 +00:00
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) Miroslav Stampar 2011-01-23 10:12:01 +00:00
30cd877c4a fix for URI based injections Miroslav Stampar 2011-01-22 16:23:33 +00:00
7bf05bf2cb minor update Miroslav Stampar 2011-01-22 00:12:03 +00:00
d6d8d54eda implemented Johannes Dahse / Reiners' technique Miroslav Stampar 2011-01-22 00:06:27 +00:00
0743202879 minor update Miroslav Stampar 2011-01-21 23:54:25 +00:00
cb0e7080c5 more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked) Miroslav Stampar 2011-01-21 23:47:45 +00:00
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) Miroslav Stampar 2011-01-21 18:32:10 +00:00
79e4b1efd5 added new signature for SQLite error messages Miroslav Stampar 2011-01-20 22:47:03 +00:00
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors Bernardo Damele 2011-01-20 22:02:20 +00:00
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) Bernardo Damele 2011-01-20 22:01:21 +00:00
bd2e036412 minor fix Miroslav Stampar 2011-01-20 22:00:16 +00:00
97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT Bernardo Damele 2011-01-20 21:59:47 +00:00
f1b402b103 Proper handling of CASE in Oracle, finally Bernardo Damele 2011-01-20 21:58:50 +00:00
4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. Bernardo Damele 2011-01-20 21:57:54 +00:00
1d06c64149 Indentation fix Bernardo Damele 2011-01-20 21:56:38 +00:00
7d1c704575 Moved little precaution from checks.py to common.py. Initial refactoring of kb.os* get/set. Bernardo Damele 2011-01-20 21:56:10 +00:00
9770db597e Centralization of unescape() Bernardo Damele 2011-01-20 21:55:13 +00:00
e734efcda7 Removed deprecated code Bernardo Damele 2011-01-20 21:50:58 +00:00
aa8a20d241 Minor bug fix for a traceback Bernardo Damele 2011-01-20 21:50:21 +00:00
1d5050d577 Aligned comment Bernardo Damele 2011-01-20 21:49:34 +00:00
77999fb39d Allow in --sql-shell to always ('a') retrieve query output. Minor bug fix in case with --columns it is not possible to retrieve a column datatype. Bernardo Damele 2011-01-20 21:49:06 +00:00
b1d6040a48 Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside) Bernardo Damele 2011-01-20 21:46:56 +00:00
6c490bfc8f Avoid a traceback elsewhere Bernardo Damele 2011-01-20 21:43:41 +00:00
7ce49bcf0d Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this! Adjusted comments accordingly to new UNION-specific tags. Bernardo Damele 2011-01-20 21:42:55 +00:00
f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) Miroslav Stampar 2011-01-20 21:13:28 +00:00
ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky Miroslav Stampar 2011-01-20 20:30:18 +00:00
a1d77737f5 minor grammar update (this should be a better form) Miroslav Stampar 2011-01-20 18:35:21 +00:00
496a84c356 minor update Miroslav Stampar 2011-01-20 18:32:04 +00:00
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode Miroslav Stampar 2011-01-20 17:53:49 +00:00
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) Miroslav Stampar 2011-01-20 16:27:59 +00:00
e8c037de1a minor update Miroslav Stampar 2011-01-20 16:17:38 +00:00
4e5f0da1ae minor update Miroslav Stampar 2011-01-20 16:07:08 +00:00
2fa066f892 added support for WebScarab logs Miroslav Stampar 2011-01-20 15:55:50 +00:00
345e2288e1 important fix regarding encoding stuff Miroslav Stampar 2011-01-20 13:54:18 +00:00
f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection Miroslav Stampar 2011-01-20 11:01:01 +00:00
a4a0f10950 minor minor minor Miroslav Stampar 2011-01-20 09:25:34 +00:00
50c02fbb37 Done with previous refactoring Bernardo Damele 2011-01-20 00:01:06 +00:00
701947490b Two major bug fixes related to UNION technique query forging Bernardo Damele 2011-01-19 23:46:39 +00:00
7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) Miroslav Stampar 2011-01-19 23:16:22 +00:00
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. Bernardo Damele 2011-01-19 23:06:15 +00:00
4bdc19d879 minor cosmetics Miroslav Stampar 2011-01-19 22:48:06 +00:00
c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) Miroslav Stampar 2011-01-19 22:08:56 +00:00
7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) Miroslav Stampar 2011-01-19 21:46:43 +00:00
aea43a1e43 minor refactoring Miroslav Stampar 2011-01-19 15:26:57 +00:00

... 84 85 86 87 88 ...