Miroslav Stampar
|
15645f50d4
|
world premiere :)
|
2011-01-24 21:21:11 +00:00 |
|
Miroslav Stampar
|
50969d238b
|
minor update
|
2011-01-24 17:51:56 +00:00 |
|
Miroslav Stampar
|
440264341c
|
minor update
|
2011-01-24 17:43:25 +00:00 |
|
Miroslav Stampar
|
0eea5665b2
|
minor update
|
2011-01-24 17:41:36 +00:00 |
|
Bernardo Damele
|
b0dc6c24eb
|
Moved
|
2011-01-24 17:04:49 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
c188996627
|
patch for possible query optimization (avoid precalculation of 1/0)
|
2011-01-24 16:21:27 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Bernardo Damele
|
ceca64193b
|
Updated
|
2011-01-24 14:46:41 +00:00 |
|
Miroslav Stampar
|
4093599f38
|
added parseTargetUrl to redirect choice
|
2011-01-24 14:45:35 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
8d0c2efbe2
|
unescaping of char marked payloads
|
2011-01-24 12:00:16 +00:00 |
|
Miroslav Stampar
|
4441e11f68
|
fix for case -r with no params and cookie available
|
2011-01-24 11:26:51 +00:00 |
|
Bernardo Damele
|
47fa600c04
|
Minor fix and cosmetics
|
2011-01-24 11:12:33 +00:00 |
|
Miroslav Stampar
|
a3e3387113
|
fix for proper Firebird resume of version
|
2011-01-24 11:04:32 +00:00 |
|
Miroslav Stampar
|
eb33612736
|
fix
|
2011-01-24 10:20:17 +00:00 |
|
Miroslav Stampar
|
c1145c244e
|
fix for user-agent injections
|
2011-01-23 23:23:30 +00:00 |
|
Miroslav Stampar
|
818c9787b2
|
minor update
|
2011-01-23 21:20:16 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Miroslav Stampar
|
ff7707579f
|
minor improvement
|
2011-01-23 11:35:24 +00:00 |
|
Miroslav Stampar
|
f5ff78d40c
|
revert
|
2011-01-23 11:21:27 +00:00 |
|
Miroslav Stampar
|
db76bcb327
|
fix for cases when mixing ingres dbms with spanish word "ingresa"
|
2011-01-23 11:19:10 +00:00 |
|
Miroslav Stampar
|
97f66a87c5
|
minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message
|
2011-01-23 10:51:57 +00:00 |
|
Miroslav Stampar
|
3a5f0760f6
|
minor optimization (only way to prematurely stop SAX parser)
|
2011-01-23 10:12:01 +00:00 |
|
Miroslav Stampar
|
30cd877c4a
|
fix for URI based injections
|
2011-01-22 16:23:33 +00:00 |
|
Miroslav Stampar
|
7bf05bf2cb
|
minor update
|
2011-01-22 00:12:03 +00:00 |
|
Miroslav Stampar
|
d6d8d54eda
|
implemented Johannes Dahse / Reiners' technique
|
2011-01-22 00:06:27 +00:00 |
|
Miroslav Stampar
|
0743202879
|
minor update
|
2011-01-21 23:54:25 +00:00 |
|
Miroslav Stampar
|
cb0e7080c5
|
more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked)
|
2011-01-21 23:47:45 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Miroslav Stampar
|
79e4b1efd5
|
added new signature for SQLite error messages
|
2011-01-20 22:47:03 +00:00 |
|
Bernardo Damele
|
03a880c6f1
|
Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors
|
2011-01-20 22:02:20 +00:00 |
|
Bernardo Damele
|
0f2634c4b0
|
Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)
|
2011-01-20 22:01:21 +00:00 |
|
Miroslav Stampar
|
bd2e036412
|
minor fix
|
2011-01-20 22:00:16 +00:00 |
|
Bernardo Damele
|
97573693be
|
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
|
2011-01-20 21:59:47 +00:00 |
|
Bernardo Damele
|
f1b402b103
|
Proper handling of CASE in Oracle, finally
|
2011-01-20 21:58:50 +00:00 |
|
Bernardo Damele
|
4128b2c87f
|
Enforce that when --prefix is provided, --suffix is too and viceversa.
|
2011-01-20 21:57:54 +00:00 |
|
Bernardo Damele
|
1d06c64149
|
Indentation fix
|
2011-01-20 21:56:38 +00:00 |
|
Bernardo Damele
|
7d1c704575
|
Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
|
2011-01-20 21:56:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Bernardo Damele
|
e734efcda7
|
Removed deprecated code
|
2011-01-20 21:50:58 +00:00 |
|
Bernardo Damele
|
aa8a20d241
|
Minor bug fix for a traceback
|
2011-01-20 21:50:21 +00:00 |
|
Bernardo Damele
|
1d5050d577
|
Aligned comment
|
2011-01-20 21:49:34 +00:00 |
|
Bernardo Damele
|
77999fb39d
|
Allow in --sql-shell to always ('a') retrieve query output.
Minor bug fix in case with --columns it is not possible to retrieve a column datatype.
|
2011-01-20 21:49:06 +00:00 |
|
Bernardo Damele
|
b1d6040a48
|
Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside)
|
2011-01-20 21:46:56 +00:00 |
|
Bernardo Damele
|
6c490bfc8f
|
Avoid a traceback elsewhere
|
2011-01-20 21:43:41 +00:00 |
|
Bernardo Damele
|
7ce49bcf0d
|
Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this!
Adjusted comments accordingly to new UNION-specific tags.
|
2011-01-20 21:42:55 +00:00 |
|
Miroslav Stampar
|
f6d79f58bc
|
another fix (LIMIT is not a good idea to have in inband queries)
|
2011-01-20 21:13:28 +00:00 |
|
Miroslav Stampar
|
ff1a44c335
|
probably a fix for that SQLite bug reported by Ahmed Shawky
|
2011-01-20 20:30:18 +00:00 |
|
Miroslav Stampar
|
a1d77737f5
|
minor grammar update (this should be a better form)
|
2011-01-20 18:35:21 +00:00 |
|