| 
							
							
								 Miroslav Stampar | 8212b7b745 | bug fix | 2010-12-22 12:16:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5be9c04e44 | update regarding Sybase syntax | 2010-12-22 10:39:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d974a966b8 | minor fix for end phase (Ctrl+C) | 2010-12-21 23:55:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fb75d0636b | minor update | 2010-12-21 23:42:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 09479c85dc | minor bug fix | 2010-12-21 22:35:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7a525f28d4 | cosmetics | 2010-12-21 15:26:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b2e7f9484d | minor tuning (2 techniques MAX per value used) | 2010-12-21 15:24:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c1133c4d4 | some code refactoring | 2010-12-21 15:13:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 385e208f38 | code refactoring regarding standard output suppression and some threading issues | 2010-12-21 14:21:24 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aca074b769 | Removed unused outdated code | 2010-12-21 10:49:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6b37ddada4 | removed some blank trailing spaces (with extra/shutils/blanks.sh) | 2010-12-21 10:31:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1a3f57e5fe | Cosmetics | 2010-12-21 09:23:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 116c141dfa | another fix | 2010-12-21 00:47:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8067365b93 | fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') | 2010-12-20 23:47:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8fd3e7ba1f | thread based data added | 2010-12-20 22:45:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c9e8aae8a2 | we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads) | 2010-12-20 19:34:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e09bc2406c | minor refactoring | 2010-12-20 19:24:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5852bad963 | some refactoring | 2010-12-20 18:56:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 19d8733e9a | this is strictly for educational purposes | 2010-12-20 17:30:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 13d5b2c0ff | code refactoring | 2010-12-20 09:44:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 36862e2efa | update | 2010-12-18 15:57:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e355f92f22 | bug fix | 2010-12-18 10:02:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe67d3827c | code refactoring and some fixes | 2010-12-18 09:51:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a19cb2c13a | code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") | 2010-12-17 21:29:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 07609bfb53 | minor fix | 2010-12-17 19:33:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | de54219571 | code refactoring | 2010-12-15 12:50:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c1c525aaea | quick fix of a fix | 2010-12-15 12:10:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7cfeb5447b | minor update | 2010-12-15 11:46:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4dec24d056 | quick fix for a bug reported by Andreas Constantinides (KeyError: 5) | 2010-12-15 11:30:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f8a01ddaf8 | minor update | 2010-12-15 11:21:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c3d0295d21 | minor update (checking for --time-sec value) | 2010-12-14 12:37:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b75d7fa348 | minor cache based optimization | 2010-12-14 12:22:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 04caef6de0 | Tuning | 2010-12-13 23:04:26 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | cfcee6439e | Cosmetics | 2010-12-13 21:55:30 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 4b79227b5a | Minor bug fix to properly merge options from .conf file (-c) with command line switches | 2010-12-13 21:36:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 698f30e65e | Cosmetics | 2010-12-13 21:34:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d56f47d530 | fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20') | 2010-12-12 23:59:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e98d9c08e1 | dumping table is now possible on Firebird too | 2010-12-12 14:38:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c93634b6c7 | blind dumping of tables in sqlite implemented | 2010-12-11 22:13:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b1babeefe5 | update regarding dumping of tables with blind on Sqlite | 2010-12-11 22:00:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6a24048aa6 | urllib2 doesn't play well with '\n' when non unescaped chars used | 2010-12-11 21:17:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d2a3e8f44f | first time firebird error-based query success | 2010-12-11 11:17:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f021548bd0 | added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use) | 2010-12-11 10:52:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1fc9ed10a8 | minor refactoring | 2010-12-10 12:30:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe2039f5ba | coollyy little commits | 2010-12-10 11:32:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d5e7a8d305 | update | 2010-12-10 10:54:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b6dcbcef5b | Minor fix | 2010-12-10 10:52:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bbffea2cbc | bug fix | 2010-12-09 17:10:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0eb2c408a9 | code refactoring | 2010-12-09 16:49:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5fb04515d3 | Added hidden (for the moment) switch --technique | 2010-12-09 13:47:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ec5c08ca7a | cosmetics | 2010-12-09 09:24:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | db39dc32fc | minor update | 2010-12-09 00:59:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9c61adb21d | Cosmetics | 2010-12-09 00:26:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 258e9fb50e | fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) | 2010-12-08 21:16:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 81c16926c1 | code refactoring some more | 2010-12-08 14:46:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 95b48746a6 | cosmetics | 2010-12-08 14:29:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 01cf1394a4 | code refactoring | 2010-12-08 14:26:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | af22679605 | minor update | 2010-12-08 13:09:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6223f25dd9 | code beautification | 2010-12-08 13:04:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 64cc2588f1 | now resume is available for time-based blinds too | 2010-12-08 12:49:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 293ce18fed | two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) | 2010-12-07 23:32:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b21eb88905 | minor update | 2010-12-07 22:45:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dc651d59ec | little mathematics here and there (used "Rules for normally distributed data") | 2010-12-07 19:19:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5f97312f29 | Minor fix | 2010-12-07 17:17:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ecd4a5a532 | added standard deviation check in time based tests | 2010-12-07 16:39:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 294119d2ec | more advanced time technique(s) | 2010-12-07 16:04:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | add6235b16 | removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session | 2010-12-07 14:06:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0dc630203f | code refactoring | 2010-12-07 13:34:06 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8e78057ac8 | Added counter of total HTTP(s) requests done during detection phase | 2010-12-07 12:33:47 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | effd2ca0e3 | Cosmetics | 2010-12-07 12:32:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2af8835a94 | fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter) | 2010-12-07 10:57:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3d87489de5 | minor update | 2010-12-07 08:05:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 61f82fd274 | introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic | 2010-12-07 00:27:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2735848ab6 | removed ERROR_SPACE | 2010-12-06 22:40:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d77ddbee47 | OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) | 2010-12-06 18:20:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 27ee9a5ccf | minor refactoring | 2010-12-06 15:50:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a43d252ae9 | minor update | 2010-12-06 00:14:08 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 17449754fe | Got rid of UNION false cond | 2010-12-05 16:16:15 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 41e1b95c6c | Minor code refactoring and finally make exploitation work also on OR boolean-based injections | 2010-12-05 11:25:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9e5f933ace | some updates | 2010-12-04 15:47:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3f9450b9dc | minor fix | 2010-12-04 14:43:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1f795622b3 | some fine tuning of dynamicity removing engine | 2010-12-04 13:39:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eeb199375b | usage of compiled regexes in case of dynamic markings and other refactoring | 2010-12-04 13:23:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0fc7a8f9e8 | code refactoring | 2010-12-04 10:13:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 04714374f9 | now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) | 2010-12-04 10:05:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b3a094b9d6 | fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql') | 2010-12-03 22:44:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5764816891 | minor cosmetics | 2010-12-03 22:28:09 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5d37df6104 | Ugly code to set the cookies when got them from a 302 redirect too | 2010-12-03 17:41:10 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9d55c4da87 | Done with support for injection in ORDER BY and GROUP BY (hopefully) | 2010-12-03 16:12:47 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 91c3cf8fd0 | Minor improvement | 2010-12-03 16:11:57 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 126a1479d8 | Bug fix for --union-test | 2010-12-03 14:57:30 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b824826a89 | Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses | 2010-12-03 14:39:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 612ee08a0b | added response time kb attribute | 2010-12-03 13:19:34 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 4dec049c22 | Major bug fix for test on ORDER BY and GROUP BY clauses. Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value). | 2010-12-03 12:00:03 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 827a0aea05 | Minor bug fix | 2010-12-03 11:15:11 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 7690aa85ce | Added a comment needed to understand this hack when looking at the code in a month or so ;) | 2010-12-03 11:00:41 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a9d4b37987 | Code cleanup and minor refactoring | 2010-12-03 10:51:27 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 22de82634a | Important update to parse correctly the <where> tag during exploitation phase. Minor code cleanup. | 2010-12-03 10:44:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2cc167a42e | fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'" | 2010-12-02 18:57:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 283a04e29a | On my way to properly parse test's <where> tag in exploitation phase | 2010-12-01 23:32:58 +00:00 |  |