Commit Graph

243 Commits

Author SHA1 Message Date
Miroslav Stampar
14de5809ea update 2011-01-31 11:08:58 +00:00
Miroslav Stampar
5aa958a146 ASCII & CHR is quite common, so removing this one 2011-01-24 22:51:15 +00:00
Miroslav Stampar
a1619f84b6 changing level of last payload 2011-01-24 22:31:26 +00:00
Miroslav Stampar
8155f95b82 new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted") 2011-01-24 22:28:54 +00:00
Miroslav Stampar
9f76468005 another premiere, yeeej. IDSes, watch yourself :) 2011-01-24 21:30:46 +00:00
Miroslav Stampar
2fb0c946d2 minor update 2011-01-24 21:21:47 +00:00
Miroslav Stampar
15645f50d4 world premiere :) 2011-01-24 21:21:11 +00:00
Miroslav Stampar
440264341c minor update 2011-01-24 17:43:25 +00:00
Miroslav Stampar
0eea5665b2 minor update 2011-01-24 17:41:36 +00:00
Bernardo Damele
b0dc6c24eb Moved 2011-01-24 17:04:49 +00:00
Miroslav Stampar
c188996627 patch for possible query optimization (avoid precalculation of 1/0) 2011-01-24 16:21:27 +00:00
Bernardo Damele
47fa600c04 Minor fix and cosmetics 2011-01-24 11:12:33 +00:00
Miroslav Stampar
db76bcb327 fix for cases when mixing ingres dbms with spanish word "ingresa" 2011-01-23 11:19:10 +00:00
Miroslav Stampar
7bf05bf2cb minor update 2011-01-22 00:12:03 +00:00
Miroslav Stampar
d6d8d54eda implemented Johannes Dahse / Reiners' technique 2011-01-22 00:06:27 +00:00
Miroslav Stampar
0743202879 minor update 2011-01-21 23:54:25 +00:00
Miroslav Stampar
cb0e7080c5 more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked) 2011-01-21 23:47:45 +00:00
Miroslav Stampar
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) 2011-01-21 18:32:10 +00:00
Miroslav Stampar
79e4b1efd5 added new signature for SQLite error messages 2011-01-20 22:47:03 +00:00
Bernardo Damele
6c490bfc8f Avoid a traceback elsewhere 2011-01-20 21:43:41 +00:00
Bernardo Damele
7ce49bcf0d Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this!
Adjusted comments accordingly to new UNION-specific tags.
2011-01-20 21:42:55 +00:00
Miroslav Stampar
f6d79f58bc another fix (LIMIT is not a good idea to have in inband queries) 2011-01-20 21:13:28 +00:00
Miroslav Stampar
ff1a44c335 probably a fix for that SQLite bug reported by Ahmed Shawky 2011-01-20 20:30:18 +00:00
Miroslav Stampar
a1d77737f5 minor grammar update (this should be a better form) 2011-01-20 18:35:21 +00:00
Bernardo Damele
81be23976e Confirmed HAVING payloads work as WHERE ones.
Changed <risk> value of all 'heavy query' tests to 2 as it can potentially lead to a DoS.
Proper handling of title for UNION tests when --union-char is provided.
2011-01-18 22:55:20 +00:00
Miroslav Stampar
f7d9b22510 because other major DBMSes have at least one level 1 time based payload 2011-01-18 20:32:49 +00:00
Miroslav Stampar
bdcb10cdab added MSSQL time based vector 2011-01-18 02:05:18 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Miroslav Stampar
fb166e9445 adding USER_LOCK stacked query support for ORACLE (older versions) 2011-01-16 10:31:16 +00:00
Miroslav Stampar
f31c028232 Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436) 2011-01-16 10:07:56 +00:00
Bernardo Damele
1b3717c79c Improvement to make time-based blind to work also against login forms 2011-01-12 16:20:29 +00:00
Bernardo Damele
d7a7993e0d Minor comment fix 2011-01-12 11:57:36 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns.
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
2efe7928c0 more concise than previously 2011-01-02 17:06:13 +00:00
Miroslav Stampar
a56934e68b one more MSSQL/ASPX error banner regex 2011-01-02 15:36:57 +00:00
Miroslav Stampar
e6f0c4d857 minor update 2011-01-02 15:32:35 +00:00
Miroslav Stampar
c1d0dde769 added support for .NET banners (http://msdn.microsoft.com/en-us/library/system.data.sqlclient.aspx) 2011-01-02 14:46:31 +00:00
Miroslav Stampar
93cb75ff65 added Nginx 2011-01-02 08:50:27 +00:00
Miroslav Stampar
ded9798e3d minor bug fix 2011-01-01 23:07:50 +00:00
Miroslav Stampar
c3065f6ecc minor fix 2010-12-29 20:38:56 +00:00
Miroslav Stampar
96c3ffd3d7 changing risk level to 0 - lots of MySQL databases around have information_schema unreadable, thus disabling first AND based error payload 2010-12-27 19:02:13 +00:00
Miroslav Stampar
2c8115eed9 further improvement for ms access table dumping 2010-12-26 01:04:30 +00:00
Miroslav Stampar
fb099615e2 minor update 2010-12-25 11:16:35 +00:00
Miroslav Stampar
272476773f getPageTextWordsSet on tableExists is pretty powerful stuff 2010-12-25 09:37:33 +00:00
Miroslav Stampar
706d8e0b88 development update (basic ms access dumping implemented) 2010-12-24 19:53:11 +00:00
Miroslav Stampar
edcf1a0872 few bug fixes 2010-12-24 18:40:48 +00:00
Miroslav Stampar
3043ed095a bug fix (those two regexes where too generic making false MS ACCESS positives here and there) 2010-12-24 00:11:10 +00:00
Miroslav Stampar
5a0aef0f33 fix for a case: Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [MySQL][ODBC 3.51 Driver][mysqld-5.1.31-community] - it was wrongly error message recognized as MS SQL Server 2010-12-23 09:53:13 +00:00