Miroslav Stampar
|
bfdc4fa000
|
new error vector for MS SQL (from David Guimaraes' mail)
|
2010-12-17 19:00:20 +00:00 |
|
Miroslav Stampar
|
3ee44584d4
|
i've found a way! thank you hesus! fyea (ASC(MID) was just crashing when MID returned 'empty string')
|
2010-12-14 12:57:59 +00:00 |
|
Bernardo Damele
|
207f63cebc
|
Prepare for UNION query tests at detection phase
|
2010-12-13 21:31:34 +00:00 |
|
Miroslav Stampar
|
33639578ee
|
minor update for MS Access
|
2010-12-12 15:25:19 +00:00 |
|
Miroslav Stampar
|
b1babeefe5
|
update regarding dumping of tables with blind on Sqlite
|
2010-12-11 22:00:16 +00:00 |
|
Miroslav Stampar
|
acc7d6d40c
|
fix
|
2010-12-11 11:03:32 +00:00 |
|
Miroslav Stampar
|
ac9080c07b
|
update
|
2010-12-11 08:24:29 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|
Miroslav Stampar
|
7e2984b4b6
|
added stacked query support for Oracle
|
2010-12-09 15:24:48 +00:00 |
|
Bernardo Damele
|
4bb40c0a06
|
Higher the level for Oracle stacked tests just in case the SQL inj is within a PL/SQL function ('cause of no support for stacked queries by design on Oracle)
|
2010-12-09 15:14:18 +00:00 |
|
Miroslav Stampar
|
d8edc5b244
|
adding stacked-query vector for Firebird
|
2010-12-09 15:11:21 +00:00 |
|
Bernardo Damele
|
13b522efc2
|
Added error-based support for MySQL < 5.0 - closes #14
|
2010-12-09 15:09:03 +00:00 |
|
Miroslav Stampar
|
5aafd19957
|
added vector for SQLite's stacked query payload
|
2010-12-09 15:06:40 +00:00 |
|
Miroslav Stampar
|
71761ba9a5
|
another fix for another beautiful heavy query payload which took a few 100 megs and 5 mins to run
|
2010-12-09 10:35:18 +00:00 |
|
Miroslav Stampar
|
094baadc5b
|
bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay)
|
2010-12-09 10:17:04 +00:00 |
|
Bernardo Damele
|
3b293c4ea7
|
Added possible stacked queries time-based blind vector for MSSQL
|
2010-12-08 23:55:42 +00:00 |
|
Bernardo Damele
|
f5ce739bdf
|
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
|
2010-12-08 23:52:31 +00:00 |
|
Miroslav Stampar
|
69c4f94980
|
update
|
2010-12-08 15:40:01 +00:00 |
|
Miroslav Stampar
|
ad00fe13c1
|
another fix for MySQL time based payloads
|
2010-12-08 12:00:27 +00:00 |
|
Miroslav Stampar
|
8227e6d3cf
|
bug fix for BENCHMARK time-based vectors
|
2010-12-08 11:49:55 +00:00 |
|
Bernardo Damele
|
8ff7c9a5a1
|
Works on Oracle's GROUP BY too
|
2010-12-07 17:17:01 +00:00 |
|
Miroslav Stampar
|
4f01d4c109
|
number crunching based time payloads are now affected by conf.timeSec
|
2010-12-07 13:24:18 +00:00 |
|
Miroslav Stampar
|
d0936bc8ed
|
adding vectors for SQLite time-based payloads
|
2010-12-07 13:14:56 +00:00 |
|
Bernardo Damele
|
54b8cb76a1
|
Messed up with my last merge, all fixed now
|
2010-12-07 12:59:53 +00:00 |
|
Miroslav Stampar
|
b38a634d95
|
bug fix
|
2010-12-07 12:55:31 +00:00 |
|
Bernardo Damele
|
7c32db6e9d
|
Forgot when merged with my last commit
|
2010-12-07 12:52:09 +00:00 |
|
Bernardo Damele
|
acac0d346f
|
Minor bug fixes and adjustments
|
2010-12-07 12:45:45 +00:00 |
|
Miroslav Stampar
|
2b2b7dc3a6
|
added vectors for time-based Firebird payloads
|
2010-12-07 12:20:48 +00:00 |
|
Miroslav Stampar
|
36a7fca8d5
|
added time-based payload vector for MSSQL
|
2010-12-07 12:06:25 +00:00 |
|
Miroslav Stampar
|
485981c619
|
added vectors for PostgresSQL time-based payloads
|
2010-12-07 11:57:33 +00:00 |
|
Miroslav Stampar
|
f9085e01e7
|
added vectors for Oracle time-based payloads
|
2010-12-07 11:47:29 +00:00 |
|
Miroslav Stampar
|
3d87489de5
|
minor update
|
2010-12-07 08:05:03 +00:00 |
|
Miroslav Stampar
|
90b776c1a2
|
update
|
2010-12-07 00:58:54 +00:00 |
|
Miroslav Stampar
|
0da1ebde7d
|
introducing PostgreSQL time based blind
|
2010-12-07 00:51:14 +00:00 |
|
Miroslav Stampar
|
1ba98dc9ec
|
found a fix for a OR time-based MySQL payload :)
|
2010-12-07 00:31:46 +00:00 |
|
Miroslav Stampar
|
61f82fd274
|
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
|
2010-12-07 00:27:26 +00:00 |
|
Bernardo Damele
|
32f1909131
|
Some more "advanced" boundaries
|
2010-12-06 23:15:41 +00:00 |
|
Miroslav Stampar
|
84a038d0a3
|
added one more subtag
|
2010-12-06 23:10:38 +00:00 |
|
Miroslav Stampar
|
1031723c89
|
added one more time based blind for Oracle
|
2010-12-06 23:05:53 +00:00 |
|
Miroslav Stampar
|
7697d19292
|
space replace is not needed in other two Oracle error based payloads; removing incorrect dbms_version for ctxsys.drithsx.sn as it also works on 10g
|
2010-12-06 22:52:18 +00:00 |
|
Miroslav Stampar
|
2735848ab6
|
removed ERROR_SPACE
|
2010-12-06 22:40:07 +00:00 |
|
Miroslav Stampar
|
f516c18a2a
|
minor update
|
2010-12-06 21:39:57 +00:00 |
|
Miroslav Stampar
|
0c5c2aa807
|
adding one more error based payload for Oracle
|
2010-12-06 21:20:26 +00:00 |
|
Miroslav Stampar
|
956a155377
|
adding one more error based payload for Oracle
|
2010-12-06 20:43:23 +00:00 |
|
Miroslav Stampar
|
ff43a4a955
|
minor update to preserve consistency of payload naming
|
2010-12-06 20:28:26 +00:00 |
|
Miroslav Stampar
|
c0e05d6869
|
update
|
2010-12-06 19:11:05 +00:00 |
|
Miroslav Stampar
|
e4b51dd549
|
proper way of handling OR based injections (completely compatible with current AND based inference engine)
|
2010-12-06 17:23:21 +00:00 |
|
Bernardo Damele
|
a1e89d3e94
|
Minor tweak
|
2010-12-05 13:12:12 +00:00 |
|
Bernardo Damele
|
bf425d90bc
|
More tweaking
|
2010-12-05 12:23:18 +00:00 |
|
Bernardo Damele
|
41e1b95c6c
|
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
|
2010-12-05 11:25:44 +00:00 |
|