Commit Graph

3967 Commits

Author SHA1 Message Date
Bernardo Damele
a1d97e9d7b Add a space after a comment 2012-04-04 12:48:21 +00:00
Bernardo Damele
025c531d22 leftover 2012-04-04 12:44:25 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895 more cosmetics 2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
1b2cd44255 proper fix 2012-04-04 10:35:52 +00:00
Miroslav Stampar
7031ef8e00 removing default values for referer and host from higher level/risk options 2012-04-04 10:34:27 +00:00
Bernardo Damele
1f82d29a36 switch two conditional payloads for proper detection 2012-04-04 10:11:48 +00:00
Miroslav Stampar
5e358b51f9 few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit') 2012-04-04 09:25:05 +00:00
Bernardo Damele
d5b4b7996a minor revert 2012-04-04 00:09:47 +00:00
Bernardo Damele
049c27c739 improved detection for INSERT and UPDATE statements 2012-04-03 23:29:06 +00:00
Miroslav Stampar
11546cdb6e minor refactoring 2012-04-03 19:09:35 +00:00
Miroslav Stampar
5851badff1 minor refactoring 2012-04-03 14:46:09 +00:00
Miroslav Stampar
b0787f193c getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached) 2012-04-03 14:34:15 +00:00
Miroslav Stampar
556b349be3 minor fix for retrieving non-printable chars in inference and non-multi threading mode 2012-04-03 14:04:07 +00:00
Miroslav Stampar
33bb9c5f19 much cleaner approach in that "flat" representation of retrieved items in union technique 2012-04-03 13:56:11 +00:00
Miroslav Stampar
7fb190f3b1 minor fix 2012-04-03 12:35:19 +00:00
Miroslav Stampar
886aa22efc minor update 2012-04-03 12:19:37 +00:00
Miroslav Stampar
503988887c minor update 2012-04-03 10:43:46 +00:00
Miroslav Stampar
78f51fd2e5 minor fix 2012-04-03 10:18:03 +00:00
Miroslav Stampar
2504f4edb8 minor fixes 2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
46cfa64d81 minor update 2012-04-02 21:06:57 +00:00
Miroslav Stampar
5f94987b0f fix for DNS method for MSSQL 2012-04-02 17:28:18 +00:00
Miroslav Stampar
2c28423cb8 minor update 2012-04-02 14:57:15 +00:00
Miroslav Stampar
8a9d09f79b minor fixes 2012-04-02 14:11:23 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
1e01203562 few just in case "patches" 2012-04-02 12:58:10 +00:00
Miroslav Stampar
d908d078dd minor fix 2012-04-02 12:27:30 +00:00
Miroslav Stampar
abffc39929 minor update regarding DNS data retrieval task 2012-04-02 12:22:40 +00:00
Miroslav Stampar
f7a664b120 enablind DNS server for DNS data exfiltration 2012-03-31 12:08:27 +00:00
Miroslav Stampar
8be9cd4ac4 bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value) 2012-03-31 10:22:50 +00:00
Bernardo Damele
40a7232de6 Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings) 2012-03-30 16:27:08 +00:00
Miroslav Stampar
429b8396e9 minor update for DNSServer support 2012-03-30 13:20:29 +00:00
Miroslav Stampar
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection 2012-03-30 10:50:01 +00:00
Miroslav Stampar
79c3d6f2aa minor update 2012-03-30 10:37:46 +00:00
Miroslav Stampar
6acf6b193a minor update regarding boolean logic comparison mechanism 2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540 minor comment update 2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code 2012-03-29 13:39:12 +00:00
Miroslav Stampar
772ead8d03 fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values 2012-03-29 12:44:20 +00:00
Miroslav Stampar
c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) 2012-03-29 09:56:09 +00:00
Miroslav Stampar
60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) 2012-03-28 19:33:00 +00:00
Miroslav Stampar
9433bbe26d memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed) 2012-03-28 19:27:12 +00:00
Miroslav Stampar
7d131d1fb1 minor update 2012-03-28 13:46:31 +00:00
Miroslav Stampar
7fd64df167 minor code cleaning 2012-03-28 13:31:07 +00:00
Miroslav Stampar
769b0d0ae7 more minor updates regarding data retrieval through DNS channel 2012-03-27 19:29:24 +00:00
Miroslav Stampar
9199ce5054 minor update 2012-03-27 19:07:17 +00:00
Miroslav Stampar
1b072f6415 laying foundation for DNS based data retrieval 2012-03-27 18:59:12 +00:00
Miroslav Stampar
645fc8a21c minor refactoring 2012-03-27 08:31:48 +00:00