Miroslav Stampar
|
4959da3ce6
|
it's a must to double check time based payloads
|
2010-12-07 14:59:11 +00:00 |
|
Miroslav Stampar
|
e53fef546e
|
update regarding session page templates
|
2010-12-07 14:35:31 +00:00 |
|
Miroslav Stampar
|
add6235b16
|
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
|
2010-12-07 14:06:54 +00:00 |
|
Miroslav Stampar
|
0dc630203f
|
code refactoring
|
2010-12-07 13:34:06 +00:00 |
|
Miroslav Stampar
|
4f01d4c109
|
number crunching based time payloads are now affected by conf.timeSec
|
2010-12-07 13:24:18 +00:00 |
|
Miroslav Stampar
|
d0936bc8ed
|
adding vectors for SQLite time-based payloads
|
2010-12-07 13:14:56 +00:00 |
|
Bernardo Damele
|
54b8cb76a1
|
Messed up with my last merge, all fixed now
|
2010-12-07 12:59:53 +00:00 |
|
Miroslav Stampar
|
b38a634d95
|
bug fix
|
2010-12-07 12:55:31 +00:00 |
|
Bernardo Damele
|
7c32db6e9d
|
Forgot when merged with my last commit
|
2010-12-07 12:52:09 +00:00 |
|
Bernardo Damele
|
acac0d346f
|
Minor bug fixes and adjustments
|
2010-12-07 12:45:45 +00:00 |
|
Bernardo Damele
|
8e78057ac8
|
Added counter of total HTTP(s) requests done during detection phase
|
2010-12-07 12:33:47 +00:00 |
|
Bernardo Damele
|
effd2ca0e3
|
Cosmetics
|
2010-12-07 12:32:58 +00:00 |
|
Miroslav Stampar
|
2b2b7dc3a6
|
added vectors for time-based Firebird payloads
|
2010-12-07 12:20:48 +00:00 |
|
Miroslav Stampar
|
36a7fca8d5
|
added time-based payload vector for MSSQL
|
2010-12-07 12:06:25 +00:00 |
|
Miroslav Stampar
|
485981c619
|
added vectors for PostgresSQL time-based payloads
|
2010-12-07 11:57:33 +00:00 |
|
Miroslav Stampar
|
f9085e01e7
|
added vectors for Oracle time-based payloads
|
2010-12-07 11:47:29 +00:00 |
|
Miroslav Stampar
|
2af8835a94
|
fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter)
|
2010-12-07 10:57:32 +00:00 |
|
Miroslav Stampar
|
3d87489de5
|
minor update
|
2010-12-07 08:05:03 +00:00 |
|
Miroslav Stampar
|
90b776c1a2
|
update
|
2010-12-07 00:58:54 +00:00 |
|
Miroslav Stampar
|
0da1ebde7d
|
introducing PostgreSQL time based blind
|
2010-12-07 00:51:14 +00:00 |
|
Miroslav Stampar
|
1ba98dc9ec
|
found a fix for a OR time-based MySQL payload :)
|
2010-12-07 00:31:46 +00:00 |
|
Miroslav Stampar
|
61f82fd274
|
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
|
2010-12-07 00:27:26 +00:00 |
|
Bernardo Damele
|
32f1909131
|
Some more "advanced" boundaries
|
2010-12-06 23:15:41 +00:00 |
|
Miroslav Stampar
|
84a038d0a3
|
added one more subtag
|
2010-12-06 23:10:38 +00:00 |
|
Miroslav Stampar
|
1031723c89
|
added one more time based blind for Oracle
|
2010-12-06 23:05:53 +00:00 |
|
Miroslav Stampar
|
7697d19292
|
space replace is not needed in other two Oracle error based payloads; removing incorrect dbms_version for ctxsys.drithsx.sn as it also works on 10g
|
2010-12-06 22:52:18 +00:00 |
|
Miroslav Stampar
|
2735848ab6
|
removed ERROR_SPACE
|
2010-12-06 22:40:07 +00:00 |
|
Miroslav Stampar
|
f516c18a2a
|
minor update
|
2010-12-06 21:39:57 +00:00 |
|
Miroslav Stampar
|
0c5c2aa807
|
adding one more error based payload for Oracle
|
2010-12-06 21:20:26 +00:00 |
|
Miroslav Stampar
|
956a155377
|
adding one more error based payload for Oracle
|
2010-12-06 20:43:23 +00:00 |
|
Miroslav Stampar
|
ff43a4a955
|
minor update to preserve consistency of payload naming
|
2010-12-06 20:28:26 +00:00 |
|
Miroslav Stampar
|
c0e05d6869
|
update
|
2010-12-06 19:11:05 +00:00 |
|
Miroslav Stampar
|
9ccc8f90a3
|
minor cosmetic update ("heuristics shows" is not grammatically correct)
|
2010-12-06 18:47:22 +00:00 |
|
Miroslav Stampar
|
d336f1df23
|
minor update
|
2010-12-06 18:44:42 +00:00 |
|
Miroslav Stampar
|
d77ddbee47
|
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
|
2010-12-06 18:20:57 +00:00 |
|
Miroslav Stampar
|
e4b51dd549
|
proper way of handling OR based injections (completely compatible with current AND based inference engine)
|
2010-12-06 17:23:21 +00:00 |
|
Miroslav Stampar
|
27ee9a5ccf
|
minor refactoring
|
2010-12-06 15:50:19 +00:00 |
|
Miroslav Stampar
|
e8be14e00a
|
minor refactoring
|
2010-12-06 07:48:14 +00:00 |
|
Miroslav Stampar
|
a43d252ae9
|
minor update
|
2010-12-06 00:14:08 +00:00 |
|
Miroslav Stampar
|
5189f138d7
|
increasing socket timeout in case of time based checks
|
2010-12-05 23:18:16 +00:00 |
|
Bernardo Damele
|
17449754fe
|
Got rid of UNION false cond
|
2010-12-05 16:16:15 +00:00 |
|
Bernardo Damele
|
a1e89d3e94
|
Minor tweak
|
2010-12-05 13:12:12 +00:00 |
|
Bernardo Damele
|
da3fd17fc3
|
Adjustment to make it work also in OR based injection
|
2010-12-05 12:24:23 +00:00 |
|
Bernardo Damele
|
bf425d90bc
|
More tweaking
|
2010-12-05 12:23:18 +00:00 |
|
Bernardo Damele
|
41e1b95c6c
|
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
|
2010-12-05 11:25:44 +00:00 |
|
Miroslav Stampar
|
7a5cd3b35f
|
minor comment update
|
2010-12-05 11:15:09 +00:00 |
|
Bernardo Damele
|
191ba3118f
|
Cosmetics
|
2010-12-05 11:08:52 +00:00 |
|
Bernardo Damele
|
1b17bac494
|
Sorted out
|
2010-12-05 11:06:37 +00:00 |
|
Bernardo Damele
|
618b3b0211
|
Cosmetics
|
2010-12-05 11:05:57 +00:00 |
|
Bernardo Damele
|
8066610217
|
Minor improvements to OR based injections
|
2010-12-05 10:55:19 +00:00 |
|