Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
3ca5cddca7
|
massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)
|
2011-03-20 23:54:56 +00:00 |
|
Miroslav Stampar
|
088c815567
|
minor update (exposing --tor switch)
|
2011-03-19 18:28:51 +00:00 |
|
Miroslav Stampar
|
2cc91b8470
|
minor fix
|
2011-03-19 17:44:34 +00:00 |
|
Miroslav Stampar
|
7c2b3afafb
|
minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)
|
2011-03-19 17:37:26 +00:00 |
|
Miroslav Stampar
|
139448eeb9
|
little stabilization regarding POST url(de/en)coding
|
2011-03-19 16:53:14 +00:00 |
|
Miroslav Stampar
|
0fcd999e51
|
fix for a bug reported by malice
|
2011-03-18 16:52:46 +00:00 |
|
Miroslav Stampar
|
58e9a074d3
|
masking some more command line arguments
|
2011-03-18 16:47:18 +00:00 |
|
Miroslav Stampar
|
36233fac42
|
update regarding a feature request from andyroyalbattle@yahoo.it
|
2011-03-18 16:35:30 +00:00 |
|
Miroslav Stampar
|
00b9d85ffc
|
fix regarding bug report from andyroyalbattle@yahoo.it
|
2011-03-18 16:26:39 +00:00 |
|
Miroslav Stampar
|
4e300baaf2
|
minor cosmetics
|
2011-03-18 14:09:18 +00:00 |
|
Miroslav Stampar
|
3628887110
|
los cosmeticados
|
2011-03-18 14:08:36 +00:00 |
|
Miroslav Stampar
|
75c0e09f43
|
little refactoring
|
2011-03-18 13:46:51 +00:00 |
|
Miroslav Stampar
|
c301b245a9
|
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
|
2011-03-18 13:39:51 +00:00 |
|
Miroslav Stampar
|
b53c9a2599
|
minor fix and some refactoring
|
2011-03-18 00:24:02 +00:00 |
|
Miroslav Stampar
|
fbd0cfda29
|
minor update toward the implementation of request from Santiago
|
2011-03-17 06:39:05 +00:00 |
|
Bernardo Damele
|
f00aff5303
|
-v 0 shows both error, critical and raw_input messages
|
2011-03-11 22:02:38 +00:00 |
|
Bernardo Damele
|
d7d47b6257
|
Minor bug fix (revert)
|
2011-03-11 21:56:45 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
6cc745f789
|
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
|
2011-03-11 20:04:15 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Bernardo Damele
|
3cb0ca4b63
|
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
|
2011-03-11 15:24:25 +00:00 |
|
Bernardo Damele
|
5af7410cb1
|
Another bug fix for --privileges on PgSQL with UNION query technique
|
2011-03-11 15:13:09 +00:00 |
|
Bernardo Damele
|
74ef1e53c7
|
Minor bug fixes to --privileges for PostgreSQL query (corner case)
|
2011-03-11 14:54:41 +00:00 |
|
Miroslav Stampar
|
eb1cda7065
|
minor refactoring (more consistent)
|
2011-03-09 12:06:32 +00:00 |
|
Miroslav Stampar
|
62e3510387
|
minor refactoring
|
2011-03-09 11:37:37 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
9b2962ff1c
|
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
|
2011-03-09 08:56:29 +00:00 |
|
Miroslav Stampar
|
30619c599b
|
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
|
2011-03-08 11:53:59 +00:00 |
|
Miroslav Stampar
|
cc0306044c
|
adding SVN revision number support for non SVN client platforms
|
2011-03-07 21:54:30 +00:00 |
|
Miroslav Stampar
|
16b286982d
|
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
|
2011-03-07 09:50:43 +00:00 |
|
Miroslav Stampar
|
8edc3b3302
|
further update regarding last commit
|
2011-03-03 10:39:04 +00:00 |
|
Miroslav Stampar
|
bc50387a17
|
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
|
2011-03-03 09:42:50 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|
Miroslav Stampar
|
ad2e4002ea
|
minor improvement
|
2011-03-01 10:38:27 +00:00 |
|
Miroslav Stampar
|
0f3cc153a3
|
fix for --technique
|
2011-03-01 09:54:06 +00:00 |
|
Miroslav Stampar
|
2bf212ffa9
|
minor minor update
|
2011-02-27 20:43:38 +00:00 |
|
Miroslav Stampar
|
7036190e8e
|
minor improvement of regular expression
|
2011-02-27 17:58:01 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Bernardo Damele
|
6e8ebd35f4
|
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
|
2011-02-27 12:17:41 +00:00 |
|
Miroslav Stampar
|
88faedc0fe
|
fix for a bug reported by -insane-
|
2011-02-26 17:48:19 +00:00 |
|
Miroslav Stampar
|
11996ce12e
|
bug fix for international encoded letters
|
2011-02-25 22:43:01 +00:00 |
|
Miroslav Stampar
|
2bbbc9a41e
|
few updates
|
2011-02-25 09:35:24 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
38dc82e13e
|
If no Accept header field is present, then it is assumed that the client accepts all media types.
|
2011-02-22 22:26:22 +00:00 |
|
Miroslav Stampar
|
d05bd75068
|
adding experimental for --group-concat
|
2011-02-22 14:35:38 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|