Miroslav Stampar
|
b7aeb670e1
|
Implementation of a new MySQL error-based payload (found at RDot)
|
2014-10-29 10:14:01 +01:00 |
|
Miroslav Stampar
|
af21fc513d
|
Bug fix for HSQLDB (some queries were runnable on MySQL)
|
2014-09-03 21:39:38 +02:00 |
|
Miroslav Stampar
|
1478c206f1
|
Trivial update
|
2014-09-03 21:27:02 +02:00 |
|
Markus Wulftange
|
cf4e0c755b
|
Add boundary checks for derived tables in FROM clause
|
2014-05-24 17:25:11 +02:00 |
|
Bernardo Damele
|
78ab525966
|
minor fix to Oracle payloads
|
2014-04-09 12:31:52 +00:00 |
|
Bernardo Damele
|
42bde5328d
|
minor fix
|
2014-04-09 12:29:52 +00:00 |
|
Bernardo Damele
|
9b0662d1a9
|
added new Oracle time-based payloads
|
2014-04-09 12:14:16 +00:00 |
|
Miroslav Stampar
|
97f603af4a
|
Fix for an Issue #641
|
2014-03-17 20:20:25 +01:00 |
|
Miroslav Stampar
|
178056968f
|
Cleaning a leftover (deleted) made for Issue #564
|
2013-12-27 10:49:15 +01:00 |
|
Miroslav Stampar
|
cadbddd607
|
Adding a boundary proposed in Issue #564
|
2013-12-27 10:46:18 +01:00 |
|
Miroslav Stampar
|
07bd22fa80
|
Minor fix
|
2013-12-01 21:03:30 +01:00 |
|
Miroslav Stampar
|
4c39235c2f
|
Minor revert (5->3)
|
2013-10-11 00:39:44 +02:00 |
|
Miroslav Stampar
|
6305c1e703
|
Making a comma-less RLIKE payload
|
2013-10-11 00:39:11 +02:00 |
|
Miroslav Stampar
|
dbaa35f9fe
|
Minor fix
|
2013-10-10 23:53:43 +02:00 |
|
Miroslav Stampar
|
2dc570d7a8
|
Minor patch (for ORDER BY 'col' cases)
|
2013-10-10 23:08:20 +02:00 |
|
stamparm
|
27bf37e741
|
Updating to higher levels for HSQLDB specific payloads (like for e.g. Firebird)
|
2013-07-04 15:41:08 +02:00 |
|
stamparm
|
e3124b9176
|
Replacing tabs with spaces (Issue #475)
|
2013-07-01 12:56:34 +02:00 |
|
Bernardo Damele
|
2ca5df2802
|
minor fix
|
2013-07-01 11:31:28 +01:00 |
|
Miroslav Stampar
|
aeb83ba651
|
Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
|
2013-07-01 02:38:04 -07:00 |
|
Meatballs
|
55a37183d4
|
Cleanup payloads file
|
2013-06-24 15:04:52 +01:00 |
|
Meatballs
|
355d3f86be
|
hsql payloads and queries xml
|
2013-06-24 14:34:54 +01:00 |
|
Miroslav Stampar
|
4336a8fa7c
|
Fix for overnight (previously removed : from prefix/suffix was important for XMLType payload)
|
2013-06-24 14:18:42 +02:00 |
|
stamparm
|
20b8186fcc
|
Fix for an Issue #467
|
2013-06-19 10:41:58 +02:00 |
|
Miroslav Stampar
|
ad07add549
|
Fixing MySQL/stacked payloads (also removing stacked conditional-error version as it's syntatically incorrect)
|
2013-06-05 14:32:06 +02:00 |
|
stamparm
|
f456b5a28d
|
Bug fix (this payload was also doable on MySQL - with CAST it's strictly being bound to Oracle only)
|
2013-05-29 17:41:42 +02:00 |
|
stamparm
|
9c264e6426
|
Revert back of SQLite3 time-based payload as of regression test failing
|
2013-04-10 11:10:19 +02:00 |
|
stamparm
|
acc650d3dc
|
Minor fine tuning
|
2013-04-03 15:14:25 +02:00 |
|
stamparm
|
125168c515
|
Reverting back to 8002531b63 (that last 76dcbbda0f resulted in 'too big blob')
|
2013-04-03 14:38:13 +02:00 |
|
stamparm
|
76dcbbda0f
|
Reverting last commit and making heavy query on SQLite heavier
|
2013-04-03 14:23:28 +02:00 |
|
stamparm
|
46b9a602ba
|
Minor style update (because of consistency with other payloads; also, Oracle is uppercase oriented)
|
2013-03-01 12:43:08 +01:00 |
|
Miroslav Stampar
|
68e507ea9f
|
Update for an SQLite3 time-based (heavy query) payloads (better timedelay)
|
2013-01-31 18:59:18 +01:00 |
|
Miroslav Stampar
|
d6a361f859
|
Proper implementation for --technique=Q --dbms=Firebird
|
2013-01-22 16:31:26 +01:00 |
|
Miroslav Stampar
|
aebf2c1350
|
Slightly better payload for Firebird delay-based SQLi (adding sligtly more delay)
|
2013-01-20 23:10:58 +01:00 |
|
Bernardo Damele
|
30273e03fe
|
leftover
|
2013-01-19 00:28:48 +00:00 |
|
Bernardo Damele
|
0e78fbef56
|
correctly format SQLi payload for inline query technique
|
2013-01-19 00:28:03 +00:00 |
|
Bernardo Damele
|
89ddd54a75
|
added Firebird inline query payload, requires some work though engine-side for the vector to be usable
|
2013-01-19 00:05:15 +00:00 |
|
Bernardo Damele
|
48e0154fc3
|
added SQLite inline queries payload
|
2013-01-14 15:30:01 +00:00 |
|
Bernardo Damele
|
a2c58847e6
|
fixed title
|
2012-12-19 18:29:00 +00:00 |
|
Miroslav Stampar
|
9b716eb805
|
Implementation for an Issue #135
|
2012-12-18 10:13:42 +01:00 |
|
Miroslav Stampar
|
bc72180a3b
|
Lowering --limit for inline query technique
|
2012-12-05 10:58:41 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
c0796b4742
|
Minor bug fix (RLIKE boolean case was using wrong comparison payload)
|
2012-11-27 12:03:38 +01:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
67cfc3b492
|
Removing boundaries (it were meant to be used as 'parameter replace' logic but it's not doable for boundaries)
|
2012-09-17 22:36:40 +02:00 |
|
Miroslav Stampar
|
acad7a34a2
|
Minor update
|
2012-09-17 22:23:44 +02:00 |
|
Miroslav Stampar
|
d7cf0de090
|
Fixing INSERT/UPDATE generic boundaries (those previous few were junkies)
|
2012-08-22 14:12:51 +02:00 |
|
Miroslav Stampar
|
8ee9feafb9
|
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
|
2012-08-20 21:57:25 +02:00 |
|
Miroslav Stampar
|
6fdbe4eb89
|
Fix by zhouhx@knownsec.com (better LIKE boundaries)
|
2012-08-06 19:04:23 +02:00 |
|
Miroslav Stampar
|
57f2fccc24
|
Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :)
|
2012-07-26 11:40:47 +02:00 |
|
Miroslav Stampar
|
ec96689556
|
Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db
|
2012-07-26 11:39:51 +02:00 |
|