194 Commits

Author	SHA1	Message	Date
Miroslav Stampar	68e507ea9f	Update for an SQLite3 time-based (heavy query) payloads (better timedelay)	2013-01-31 18:59:18 +01:00
Miroslav Stampar	d6a361f859	Proper implementation for --technique=Q --dbms=Firebird	2013-01-22 16:31:26 +01:00
Miroslav Stampar	aebf2c1350	Slightly better payload for Firebird delay-based SQLi (adding sligtly more delay)	2013-01-20 23:10:58 +01:00
Bernardo Damele	30273e03fe	leftover	2013-01-19 00:28:48 +00:00
Bernardo Damele	0e78fbef56	correctly format SQLi payload for inline query technique	2013-01-19 00:28:03 +00:00
Bernardo Damele	89ddd54a75	added Firebird inline query payload, requires some work though engine-side for the vector to be usable	2013-01-19 00:05:15 +00:00
Bernardo Damele	48e0154fc3	added SQLite inline queries payload	2013-01-14 15:30:01 +00:00
Bernardo Damele	a2c58847e6	fixed title	2012-12-19 18:29:00 +00:00
Miroslav Stampar	9b716eb805	Implementation for an Issue #135	2012-12-18 10:13:42 +01:00
Miroslav Stampar	bc72180a3b	Lowering --limit for inline query technique	2012-12-05 10:58:41 +01:00
Miroslav Stampar	775e0df04b	Update for an Issue #278	2012-12-05 10:45:17 +01:00
Miroslav Stampar	c0796b4742	Minor bug fix (RLIKE boolean case was using wrong comparison payload)	2012-11-27 12:03:38 +01:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	67cfc3b492	Removing boundaries (it were meant to be used as 'parameter replace' logic but it's not doable for boundaries)	2012-09-17 22:36:40 +02:00
Miroslav Stampar	acad7a34a2	Minor update	2012-09-17 22:23:44 +02:00
Miroslav Stampar	d7cf0de090	Fixing INSERT/UPDATE generic boundaries (those previous few were junkies)	2012-08-22 14:12:51 +02:00
Miroslav Stampar	8ee9feafb9	Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)	2012-08-20 21:57:25 +02:00
Miroslav Stampar	6fdbe4eb89	Fix by zhouhx@knownsec.com (better LIKE boundaries)	2012-08-06 19:04:23 +02:00
Miroslav Stampar	57f2fccc24	Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :)	2012-07-26 11:40:47 +02:00
Miroslav Stampar	ec96689556	Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db	2012-07-26 11:39:51 +02:00
Miroslav Stampar	6878ef92b2	Style update	2012-07-26 11:22:00 +02:00
Miroslav Stampar	ab3160316f	Implementation of payloads for Issue #122	2012-07-26 11:17:09 +02:00
Bernardo Damele	1928d5464d	fixes issue #97	2012-07-20 15:56:14 +01:00
Bernardo Damele	243a905788	more on issue #97	2012-07-17 23:07:16 +01:00
Bernardo Damele	c483e91445	added payloads for ORDER BY/GROUP BY time-based injections - issue #97	2012-07-17 22:52:28 +01:00
Bernardo Damele	771e7a9fc3	Initial commit for issue #97	2012-07-17 10:13:09 +01:00
Miroslav Stampar	5d35d255ba	minor refactoring	2012-06-11 22:27:33 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	3a9e266d78	adding revisited wildcard LIKE payloads	2012-05-21 21:49:54 +00:00
Miroslav Stampar	602369c762	reverting last changes on boundaries	2012-05-21 09:20:46 +00:00
Miroslav Stampar	1500b3fccd	adding a new payload boundaries by smcintyre@securestate.com	2012-05-21 08:31:37 +00:00
Miroslav Stampar	37f2709197	making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)	2012-05-09 09:08:23 +00:00
Miroslav Stampar	1e45ee9ab6	reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago	2012-04-25 20:37:39 +00:00
Bernardo Damele	eb73cab636	increased UNION test ranges	2012-04-23 11:54:52 +00:00
Miroslav Stampar	414c74b8aa	new payload	2012-04-13 08:16:33 +00:00
Bernardo Damele	1f82d29a36	switch two conditional payloads for proper detection	2012-04-04 10:11:48 +00:00
Bernardo Damele	d5b4b7996a	minor revert	2012-04-04 00:09:47 +00:00
Bernardo Damele	049c27c739	improved detection for INSERT and UPDATE statements	2012-04-03 23:29:06 +00:00
Bernardo Damele	40a7232de6	Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings)	2012-03-30 16:27:08 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	772ead8d03	fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values	2012-03-29 12:44:20 +00:00
Miroslav Stampar	84479eebe9	minor fix	2012-03-15 08:55:42 +00:00
Bernardo Damele	890bf708bc	Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)	2012-03-15 00:19:57 +00:00
Miroslav Stampar	ac5a752b12	Oracle's XMLType doesn't like '#' char too	2012-03-01 11:59:37 +00:00
Miroslav Stampar	f1147035cf	minor concision/beautification update	2012-01-10 11:50:26 +00:00
Miroslav Stampar	94790bf08a	minor update (removing reference to Microsoft Access for Generic payload)	2011-12-01 13:25:27 +00:00
Miroslav Stampar	df4e3be191	using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)	2011-11-23 22:57:02 +00:00
Miroslav Stampar	d8047c79f3	reverting back last two commits	2011-11-22 15:28:31 +00:00
Miroslav Stampar	73276c0785	even better (added long before plugins table)	2011-11-22 15:23:31 +00:00
Miroslav Stampar	ff07031170	better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)	2011-11-22 15:20:12 +00:00