Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
777a19cfa9
|
LOL. removing that debug 'True'
|
2011-01-31 16:22:55 +00:00 |
|
Miroslav Stampar
|
a80fe28631
|
one more thing ;)
|
2011-01-31 16:21:28 +00:00 |
|
Miroslav Stampar
|
933d701667
|
cosmetics
|
2011-01-31 16:14:44 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
8ef47307db
|
added checking of header values for GREP (error); still UNION to do
|
2011-01-31 12:21:17 +00:00 |
|
Miroslav Stampar
|
a6f2cd56ff
|
removed junky import
|
2011-01-31 11:59:58 +00:00 |
|
Miroslav Stampar
|
6393495eb0
|
comment added
|
2011-01-31 11:58:35 +00:00 |
|
Miroslav Stampar
|
1b4d68c844
|
minor update
|
2011-01-31 11:56:20 +00:00 |
|
Miroslav Stampar
|
fb3513650d
|
adding ID properties
|
2011-01-31 11:41:28 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
14de5809ea
|
update
|
2011-01-31 11:08:58 +00:00 |
|
Miroslav Stampar
|
7175efcae1
|
another minor cosmetic update
|
2011-01-31 10:59:51 +00:00 |
|
Miroslav Stampar
|
97328c3104
|
minor fix
|
2011-01-31 10:54:13 +00:00 |
|
Miroslav Stampar
|
5e768be509
|
minor bug fix
|
2011-01-31 09:34:54 +00:00 |
|
Miroslav Stampar
|
f7feebe0df
|
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
|
2011-01-31 09:28:16 +00:00 |
|
Bernardo Damele
|
9fc0bedea8
|
Minor bug fixes
|
2011-01-30 21:01:57 +00:00 |
|
Bernardo Damele
|
2a0b03e5c6
|
Unused import
|
2011-01-30 17:07:27 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Bernardo Damele
|
21e7223779
|
perhaps this is better english
|
2011-01-30 16:34:13 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Bernardo Damele
|
71d82e6f57
|
Minor layout adjustment
|
2011-01-30 16:19:58 +00:00 |
|
Bernardo Damele
|
02e5c4b1e6
|
Minor bug fix for --sql-query/-shell with error-based technique
|
2011-01-30 14:19:50 +00:00 |
|
Miroslav Stampar
|
bc8f1142c9
|
minor revert
|
2011-01-30 11:41:58 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
3060c369a5
|
minor fix for previous commit
|
2011-01-30 07:44:47 +00:00 |
|
Miroslav Stampar
|
1abf354630
|
minor update
|
2011-01-30 07:41:09 +00:00 |
|
Miroslav Stampar
|
d63339ca26
|
minor bug fix
|
2011-01-30 07:34:07 +00:00 |
|
Miroslav Stampar
|
e8883de2c6
|
minor update regarding unicode decoding of supplied arguments
|
2011-01-29 23:01:39 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
a184a4c772
|
major of majors bug fix
|
2011-01-28 14:31:25 +00:00 |
|
Miroslav Stampar
|
0f4fb156d3
|
major bug fix
|
2011-01-28 14:09:28 +00:00 |
|
Miroslav Stampar
|
b1c7a17163
|
fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str))
|
2011-01-28 13:26:20 +00:00 |
|
Miroslav Stampar
|
b98cbeee04
|
page for handling binary files
|
2011-01-27 22:00:34 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
49aeb41be8
|
quick bug fix for FALSE positives with UNION based technique
|
2011-01-27 18:49:44 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
539168dcca
|
sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)
|
2011-01-27 13:40:42 +00:00 |
|
Miroslav Stampar
|
bb6e36fb02
|
minor updates
|
2011-01-27 12:38:39 +00:00 |
|
Miroslav Stampar
|
3bb4ea2c7a
|
THANKS update
|
2011-01-25 22:29:36 +00:00 |
|
Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
20df2bbd10
|
minor fix
|
2011-01-25 15:44:45 +00:00 |
|
Miroslav Stampar
|
d3ddaba7be
|
minor refactoring
|
2011-01-25 13:04:13 +00:00 |
|
Miroslav Stampar
|
c7f260a8bc
|
minor update
|
2011-01-25 12:54:49 +00:00 |
|
Miroslav Stampar
|
98e48bd682
|
new script
|
2011-01-25 12:48:50 +00:00 |
|