PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-14 18:39:05 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • eadaf680de fuck yea Miroslav Stampar 2011-01-19 15:25:48 +00:00
  • 89e0fd0709 back to roots Miroslav Stampar 2011-01-19 14:06:26 +00:00
  • c1f6bf2eda Updated Bernardo Damele 2011-01-18 23:14:35 +00:00
  • 33485198e1 Code cleanup Bernardo Damele 2011-01-18 23:05:32 +00:00
  • eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. Adapted UNION tests' titles when --union-char is provided. Lots of comment adjustments. Code cleanup Bernardo Damele 2011-01-18 23:03:50 +00:00
  • cffa17f5a6 Major bug fix - before it raised a traceback, now works. Bernardo Damele 2011-01-18 23:02:47 +00:00
  • daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup. Bernardo Damele 2011-01-18 23:02:11 +00:00
  • 81be23976e Confirmed HAVING payloads work as WHERE ones. Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS. Proper handling of title for UNION tests when --union-char is provided. Bernardo Damele 2011-01-18 22:55:20 +00:00
  • f7d9b22510 because other major DBMSes have at least one level 1 time based payload Miroslav Stampar 2011-01-18 20:32:49 +00:00
  • 38d0958781 minor fix (for numeric columns with all 0) Miroslav Stampar 2011-01-18 11:42:36 +00:00
  • bdcb10cdab added MSSQL time based vector Miroslav Stampar 2011-01-18 02:05:18 +00:00
  • 3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. Bernardo Damele 2011-01-17 23:43:37 +00:00
  • c2a358561f Proper support for --union-cols Bernardo Damele 2011-01-17 22:57:33 +00:00
  • 35fb50a6ee Major bug fix Bernardo Damele 2011-01-17 22:56:04 +00:00
  • 47565f9459 Minor code refactoring Bernardo Damele 2011-01-17 21:13:59 +00:00
  • 041abb56e2 you can't believe how much man can learn when having good testing points Miroslav Stampar 2011-01-17 13:59:22 +00:00
  • d225c5c9aa was wrong about this one (just now tested on a real site) Miroslav Stampar 2011-01-17 11:00:09 +00:00
  • ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) Miroslav Stampar 2011-01-17 10:27:36 +00:00
  • 34d13be0d3 minor update regarding default page encoding Miroslav Stampar 2011-01-17 10:23:37 +00:00
  • 5c857779c1 important fix for unicode based character inference Miroslav Stampar 2011-01-17 10:15:19 +00:00
  • 99a3a3b89c minor fix (break if all found) Miroslav Stampar 2011-01-17 09:41:25 +00:00
  • 0fcca671bd information update regarding common password suffixes Miroslav Stampar 2011-01-17 09:28:25 +00:00
  • a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') Miroslav Stampar 2011-01-17 00:17:31 +00:00
  • 2041361695 minor cosmetics Miroslav Stampar 2011-01-16 23:20:52 +00:00
  • e2c821eb81 minor cosmetics Miroslav Stampar 2011-01-16 22:35:54 +00:00
  • e881465a9f minor improvement Miroslav Stampar 2011-01-16 20:55:07 +00:00
  • f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency Miroslav Stampar 2011-01-16 19:29:06 +00:00
  • a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) Miroslav Stampar 2011-01-16 19:25:10 +00:00
  • 5476a8a27e russian sites are great for testing :) Miroslav Stampar 2011-01-16 19:00:19 +00:00
  • 19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) Miroslav Stampar 2011-01-16 18:25:18 +00:00
  • 718eef8753 minor fix Miroslav Stampar 2011-01-16 18:11:35 +00:00
  • 30d6791968 update regarding time based data retrieval Miroslav Stampar 2011-01-16 17:52:42 +00:00
  • ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" Miroslav Stampar 2011-01-16 12:12:01 +00:00
  • 2001bad7e1 automatic adjustment of timeSec for delayed queries Miroslav Stampar 2011-01-16 12:04:32 +00:00
  • 71391874eb slightly faster and thread safer inference Miroslav Stampar 2011-01-16 10:52:42 +00:00
  • fb166e9445 adding USER_LOCK stacked query support for ORACLE (older versions) Miroslav Stampar 2011-01-16 10:31:16 +00:00
  • f31c028232 Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436) Miroslav Stampar 2011-01-16 10:07:56 +00:00
  • 0fc4ebdc1b Major bug fix. Minor code refactoring. Bernardo Damele 2011-01-16 01:17:09 +00:00
  • c0d5daee99 More refactoring and cleanup Bernardo Damele 2011-01-16 00:15:30 +00:00
  • 02b333e30b Minor improvement Bernardo Damele 2011-01-15 23:54:03 +00:00
  • 29ea0950b6 now False is also affected (along with None and "") Miroslav Stampar 2011-01-15 23:43:26 +00:00
  • 6e4b65a822 Minor refactoring Bernardo Damele 2011-01-15 23:28:31 +00:00
  • 558f3894f4 Minor improvement Bernardo Damele 2011-01-15 23:20:52 +00:00
  • d3a28124b1 More code cleanup Bernardo Damele 2011-01-15 23:11:36 +00:00
  • 4a35f598b8 Minor refactoring Bernardo Damele 2011-01-15 22:09:53 +00:00
  • d2ce647113 one of my stupidest commits (just in case) Miroslav Stampar 2011-01-15 18:17:46 +00:00
  • 0f565c941e bug fix and proper warning message Miroslav Stampar 2011-01-15 16:59:53 +00:00
  • e105e1ea32 bug fix (some sites raise 404 during union tests) Miroslav Stampar 2011-01-15 16:42:33 +00:00
  • 3873d204bb important update for dictionary attack Miroslav Stampar 2011-01-15 15:56:11 +00:00
  • e17ac5fdca update Miroslav Stampar 2011-01-15 15:14:22 +00:00
  • 44504746cf minor update Miroslav Stampar 2011-01-15 13:43:08 +00:00
  • 5bdb50c224 code review part 3 Miroslav Stampar 2011-01-15 13:15:10 +00:00
  • 1fa8f0cba7 code reviewing part 2 Miroslav Stampar 2011-01-15 12:53:40 +00:00
  • 6a0e0cde3c code review of modules in lib/core directory Miroslav Stampar 2011-01-15 12:13:45 +00:00
  • 2d9b151883 Minor bug fix Bernardo Damele 2011-01-15 10:14:05 +00:00
  • 05b2a338fe cosmetics Miroslav Stampar 2011-01-14 16:12:44 +00:00
  • bff989d348 minor update Miroslav Stampar 2011-01-14 15:43:53 +00:00
  • daf5662eab update Miroslav Stampar 2011-01-14 15:33:49 +00:00
  • 1cfd6a6b9d Code cleanup Bernardo Damele 2011-01-14 15:16:34 +00:00
  • 08f7e20c51 minor code refactoring Miroslav Stampar 2011-01-14 14:55:59 +00:00
  • fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common Miroslav Stampar 2011-01-14 14:37:03 +00:00
  • 534f51f9fc Minor bug fix Bernardo Damele 2011-01-14 14:20:28 +00:00
  • e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. Bernardo Damele 2011-01-14 12:47:07 +00:00
  • 3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase Bernardo Damele 2011-01-14 11:55:20 +00:00
  • f209b7a65e Updated Bernardo Damele 2011-01-14 09:56:55 +00:00
  • 7d9fd5a7b7 Minor bug fix Bernardo Damele 2011-01-14 09:49:14 +00:00
  • b2c7ae77d4 minor update Miroslav Stampar 2011-01-14 09:45:47 +00:00
  • 676b95b30a minor code refactoring Miroslav Stampar 2011-01-14 09:44:56 +00:00
  • f8c04ce020 Minor bug fix Bernardo Damele 2011-01-13 20:59:13 +00:00
  • 2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. Minor bug fixes thanks to previous refactoring too. Bernardo Damele 2011-01-13 17:36:54 +00:00
  • a1d1f69c3f revert Miroslav Stampar 2011-01-13 15:28:08 +00:00
  • d937e27b19 minor fix Miroslav Stampar 2011-01-13 15:19:37 +00:00
  • b0fdbdb13b minor update Miroslav Stampar 2011-01-13 15:15:56 +00:00
  • 877ea31521 Verbose docstring Bernardo Damele 2011-01-13 12:05:14 +00:00
  • ac5b49f555 update Miroslav Stampar 2011-01-13 11:24:03 +00:00
  • af4ee81e62 Cosmetics Bernardo Damele 2011-01-13 11:23:07 +00:00
  • ece2eb31ca minor update Miroslav Stampar 2011-01-13 11:08:29 +00:00
  • ee4727850c Minor bug fix Bernardo Damele 2011-01-13 10:29:47 +00:00
  • ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() Bernardo Damele 2011-01-13 10:00:40 +00:00
  • be6e2d6a31 Important bug fix. Minor code restyling. Bernardo Damele 2011-01-13 09:41:55 +00:00
  • 1b3717c79c Improvement to make time-based blind to work also against login forms Bernardo Damele 2011-01-12 16:20:29 +00:00
  • b3a0f38f3f Minor code refactoring and added internal debug prints Bernardo Damele 2011-01-12 12:03:23 +00:00
  • af9725214a Properly deal with partial (single entry) UNION injections. Got rid of kb.union*, now it's all stored/used from kb.injection. Minor bug fix with where=2 detection phase. Bernardo Damele 2011-01-12 12:01:32 +00:00
  • d7a7993e0d Minor comment fix Bernardo Damele 2011-01-12 11:57:36 +00:00
  • 3cff42986f Code cleanup Bernardo Damele 2011-01-12 01:17:04 +00:00
  • 8a67aea754 One more step to fully working UNION exploitation after merge into detection phase Bernardo Damele 2011-01-12 01:13:32 +00:00
  • b5c6f7556f Minor update Bernardo Damele 2011-01-12 00:53:48 +00:00
  • 8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. Bernardo Damele 2011-01-12 00:47:39 +00:00
  • 873951ab92 Proper fix to avoid UNION test false positives Bernardo Damele 2011-01-11 23:59:02 +00:00
  • c2e994e806 Minor adjustment Bernardo Damele 2011-01-11 23:56:04 +00:00
  • 5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase. Added minor support to escape quotes in UNION payloads during detection phase. Bernardo Damele 2011-01-11 23:47:32 +00:00
  • aa49aa579f Major bug fix Bernardo Damele 2011-01-11 23:09:06 +00:00
  • 2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns. Adapted config file and command line removing now outdated --union-test switch. Minor bug fix. Minor code refactoring. Got rid of some debug messages, standardized logging of UNION tests. Bernardo Damele 2011-01-11 22:56:21 +00:00
  • 300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY. Bernardo Damele 2011-01-11 22:18:47 +00:00
  • 06230e4d92 Minor code refactoring and cosmetics Bernardo Damele 2011-01-11 21:46:21 +00:00
  • e3146464da minor fix for a bug reported by nightman Miroslav Stampar 2011-01-11 12:27:22 +00:00
  • 643c464268 minor fix Miroslav Stampar 2011-01-11 12:16:20 +00:00
  • 394b6bc029 reverting some changes Miroslav Stampar 2011-01-11 12:11:33 +00:00
  • 54e0ba935a minor update Miroslav Stampar 2011-01-11 12:08:36 +00:00
  • 690281dce1 didn't know this to be honest Miroslav Stampar 2011-01-11 10:17:22 +00:00