PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-14 10:29:04 +00:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • 5aafd19957 added vector for SQLite's stacked query payload Miroslav Stampar 2010-12-09 15:06:40 +00:00
  • df5f6bc1b7 Little precaution Bernardo Damele 2010-12-09 14:06:43 +00:00
  • 9230877d98 cosmetics Bernardo Damele 2010-12-09 13:57:38 +00:00
  • 5114c887ea minor minor update Miroslav Stampar 2010-12-09 13:51:44 +00:00
  • 5fb04515d3 Added hidden (for the moment) switch --technique Bernardo Damele 2010-12-09 13:47:17 +00:00
  • b80a86a669 that's it for common stuff today Miroslav Stampar 2010-12-09 12:59:22 +00:00
  • b26e09fc71 another minor update Miroslav Stampar 2010-12-09 12:49:29 +00:00
  • f712d2477e removed duplicate entries inside common wordlists (tables & columns) and added a script which does that automatically Miroslav Stampar 2010-12-09 12:41:16 +00:00
  • c5b1f336ee another update Miroslav Stampar 2010-12-09 12:07:06 +00:00
  • 06395b5408 update Miroslav Stampar 2010-12-09 12:03:10 +00:00
  • cdff29ada7 update Miroslav Stampar 2010-12-09 11:23:44 +00:00
  • 196131bbca minor cosmetics Miroslav Stampar 2010-12-09 10:42:00 +00:00
  • 71761ba9a5 another fix for another beautiful heavy query payload which took a few 100 megs and 5 mins to run Miroslav Stampar 2010-12-09 10:35:18 +00:00
  • 094baadc5b bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay) Miroslav Stampar 2010-12-09 10:17:04 +00:00
  • ec5c08ca7a cosmetics Miroslav Stampar 2010-12-09 09:24:20 +00:00
  • 3fd1c37d53 update Miroslav Stampar 2010-12-09 07:49:18 +00:00
  • db39dc32fc minor update Miroslav Stampar 2010-12-09 00:59:39 +00:00
  • 0c01be0eeb Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work). Bernardo Damele 2010-12-09 00:34:02 +00:00
  • 9c61adb21d Cosmetics Bernardo Damele 2010-12-09 00:26:06 +00:00
  • b5c6527c72 Minor fix Bernardo Damele 2010-12-09 00:25:48 +00:00
  • 3b293c4ea7 Added possible stacked queries time-based blind vector for MSSQL Bernardo Damele 2010-12-08 23:55:42 +00:00
  • f5ce739bdf Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. Bernardo Damele 2010-12-08 23:52:31 +00:00
  • 10ef2b5de8 Minor bug fix Bernardo Damele 2010-12-08 23:09:42 +00:00
  • 54f6673609 update Miroslav Stampar 2010-12-08 22:38:26 +00:00
  • d6077273e0 update Miroslav Stampar 2010-12-08 22:14:42 +00:00
  • 5aee1fd8e0 updated THANKS file Miroslav Stampar 2010-12-08 21:19:46 +00:00
  • 258e9fb50e fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) Miroslav Stampar 2010-12-08 21:16:18 +00:00
  • 69c4f94980 update Miroslav Stampar 2010-12-08 15:40:01 +00:00
  • 81c16926c1 code refactoring some more Miroslav Stampar 2010-12-08 14:46:07 +00:00
  • 40fadf2f35 minor update Miroslav Stampar 2010-12-08 14:33:10 +00:00
  • 95b48746a6 cosmetics Miroslav Stampar 2010-12-08 14:29:09 +00:00
  • ed09c53ee4 minor minor update Miroslav Stampar 2010-12-08 14:27:37 +00:00
  • 01cf1394a4 code refactoring Miroslav Stampar 2010-12-08 14:26:40 +00:00
  • af22679605 minor update Miroslav Stampar 2010-12-08 13:09:27 +00:00
  • 6223f25dd9 code beautification Miroslav Stampar 2010-12-08 13:04:48 +00:00
  • 64cc2588f1 now resume is available for time-based blinds too Miroslav Stampar 2010-12-08 12:49:26 +00:00
  • 537b619165 removing junk Miroslav Stampar 2010-12-08 12:30:25 +00:00
  • b5e45939e3 sqlmap premiere of blind time based query/bisection Miroslav Stampar 2010-12-08 12:28:54 +00:00
  • ad00fe13c1 another fix for MySQL time based payloads Miroslav Stampar 2010-12-08 12:00:27 +00:00
  • 8227e6d3cf bug fix for BENCHMARK time-based vectors Miroslav Stampar 2010-12-08 11:49:55 +00:00
  • 47bb31fb47 code refactoring Miroslav Stampar 2010-12-08 11:30:25 +00:00
  • 1ae2fa7f1a update regarding time based payloads Miroslav Stampar 2010-12-08 11:26:54 +00:00
  • bdff4aba6a switching to quick_ratio Miroslav Stampar 2010-12-07 23:57:43 +00:00
  • c1b82cf09c ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results Miroslav Stampar 2010-12-07 23:53:44 +00:00
  • a4a63f5b1e minor update Miroslav Stampar 2010-12-07 23:49:00 +00:00
  • 293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) Miroslav Stampar 2010-12-07 23:32:33 +00:00
  • b21eb88905 minor update Miroslav Stampar 2010-12-07 22:45:38 +00:00
  • 575e50673b minor update Miroslav Stampar 2010-12-07 19:27:01 +00:00
  • 398b82644a little explanation Miroslav Stampar 2010-12-07 19:25:26 +00:00
  • dc651d59ec little mathematics here and there (used "Rules for normally distributed data") Miroslav Stampar 2010-12-07 19:19:12 +00:00
  • ee72838231 Removed debug print Bernardo Damele 2010-12-07 17:19:29 +00:00
  • 5f97312f29 Minor fix Bernardo Damele 2010-12-07 17:17:38 +00:00
  • 8ff7c9a5a1 Works on Oracle's GROUP BY too Bernardo Damele 2010-12-07 17:17:01 +00:00
  • 81e7465ed2 Cosmetics Bernardo Damele 2010-12-07 17:16:21 +00:00
  • ecd4a5a532 added standard deviation check in time based tests Miroslav Stampar 2010-12-07 16:39:31 +00:00
  • 294119d2ec more advanced time technique(s) Miroslav Stampar 2010-12-07 16:04:53 +00:00
  • 4959da3ce6 it's a must to double check time based payloads Miroslav Stampar 2010-12-07 14:59:11 +00:00
  • e53fef546e update regarding session page templates Miroslav Stampar 2010-12-07 14:35:31 +00:00
  • add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session Miroslav Stampar 2010-12-07 14:06:54 +00:00
  • 0dc630203f code refactoring Miroslav Stampar 2010-12-07 13:34:06 +00:00
  • 4f01d4c109 number crunching based time payloads are now affected by conf.timeSec Miroslav Stampar 2010-12-07 13:24:18 +00:00
  • d0936bc8ed adding vectors for SQLite time-based payloads Miroslav Stampar 2010-12-07 13:14:56 +00:00
  • 54b8cb76a1 Messed up with my last merge, all fixed now Bernardo Damele 2010-12-07 12:59:53 +00:00
  • b38a634d95 bug fix Miroslav Stampar 2010-12-07 12:55:31 +00:00
  • 7c32db6e9d Forgot when merged with my last commit Bernardo Damele 2010-12-07 12:52:09 +00:00
  • acac0d346f Minor bug fixes and adjustments Bernardo Damele 2010-12-07 12:45:45 +00:00
  • 8e78057ac8 Added counter of total HTTP(s) requests done during detection phase Bernardo Damele 2010-12-07 12:33:47 +00:00
  • effd2ca0e3 Cosmetics Bernardo Damele 2010-12-07 12:32:58 +00:00
  • 2b2b7dc3a6 added vectors for time-based Firebird payloads Miroslav Stampar 2010-12-07 12:20:48 +00:00
  • 36a7fca8d5 added time-based payload vector for MSSQL Miroslav Stampar 2010-12-07 12:06:25 +00:00
  • 485981c619 added vectors for PostgresSQL time-based payloads Miroslav Stampar 2010-12-07 11:57:33 +00:00
  • f9085e01e7 added vectors for Oracle time-based payloads Miroslav Stampar 2010-12-07 11:47:29 +00:00
  • 2af8835a94 fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter) Miroslav Stampar 2010-12-07 10:57:32 +00:00
  • 3d87489de5 minor update Miroslav Stampar 2010-12-07 08:05:03 +00:00
  • 90b776c1a2 update Miroslav Stampar 2010-12-07 00:58:54 +00:00
  • 0da1ebde7d introducing PostgreSQL time based blind Miroslav Stampar 2010-12-07 00:51:14 +00:00
  • 1ba98dc9ec found a fix for a OR time-based MySQL payload :) Miroslav Stampar 2010-12-07 00:31:46 +00:00
  • 61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic Miroslav Stampar 2010-12-07 00:27:26 +00:00
  • 32f1909131 Some more "advanced" boundaries Bernardo Damele 2010-12-06 23:15:41 +00:00
  • 84a038d0a3 added one more subtag Miroslav Stampar 2010-12-06 23:10:38 +00:00
  • 1031723c89 added one more time based blind for Oracle Miroslav Stampar 2010-12-06 23:05:53 +00:00
  • 7697d19292 space replace is not needed in other two Oracle error based payloads; removing incorrect dbms_version for ctxsys.drithsx.sn as it also works on 10g Miroslav Stampar 2010-12-06 22:52:18 +00:00
  • 2735848ab6 removed ERROR_SPACE Miroslav Stampar 2010-12-06 22:40:07 +00:00
  • f516c18a2a minor update Miroslav Stampar 2010-12-06 21:39:57 +00:00
  • 0c5c2aa807 adding one more error based payload for Oracle Miroslav Stampar 2010-12-06 21:20:26 +00:00
  • 956a155377 adding one more error based payload for Oracle Miroslav Stampar 2010-12-06 20:43:23 +00:00
  • ff43a4a955 minor update to preserve consistency of payload naming Miroslav Stampar 2010-12-06 20:28:26 +00:00
  • c0e05d6869 update Miroslav Stampar 2010-12-06 19:11:05 +00:00
  • 9ccc8f90a3 minor cosmetic update ("heuristics shows" is not grammatically correct) Miroslav Stampar 2010-12-06 18:47:22 +00:00
  • d336f1df23 minor update Miroslav Stampar 2010-12-06 18:44:42 +00:00
  • d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) Miroslav Stampar 2010-12-06 18:20:57 +00:00
  • e4b51dd549 proper way of handling OR based injections (completely compatible with current AND based inference engine) Miroslav Stampar 2010-12-06 17:23:21 +00:00
  • 27ee9a5ccf minor refactoring Miroslav Stampar 2010-12-06 15:50:19 +00:00
  • e8be14e00a minor refactoring Miroslav Stampar 2010-12-06 07:48:14 +00:00
  • a43d252ae9 minor update Miroslav Stampar 2010-12-06 00:14:08 +00:00
  • 5189f138d7 increasing socket timeout in case of time based checks Miroslav Stampar 2010-12-05 23:18:16 +00:00
  • 17449754fe Got rid of UNION false cond Bernardo Damele 2010-12-05 16:16:15 +00:00
  • a1e89d3e94 Minor tweak Bernardo Damele 2010-12-05 13:12:12 +00:00
  • da3fd17fc3 Adjustment to make it work also in OR based injection Bernardo Damele 2010-12-05 12:24:23 +00:00
  • bf425d90bc More tweaking Bernardo Damele 2010-12-05 12:23:18 +00:00