Miroslav Stampar
1ae2fa7f1a
update regarding time based payloads
2010-12-08 11:26:54 +00:00
Miroslav Stampar
a4a63f5b1e
minor update
2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
575e50673b
minor update
2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a
little explanation
2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231
Removed debug print
2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29
Minor fix
2010-12-07 17:17:38 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6
it's a must to double check time based payloads
2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8
Added counter of total HTTP(s) requests done during detection phase
2010-12-07 12:33:47 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d
introducing PostgreSQL time based blind
2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3
minor cosmetic update ("heuristics shows" is not grammatically correct)
2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23
minor update
2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf
minor refactoring
2010-12-06 15:50:19 +00:00
Miroslav Stampar
5189f138d7
increasing socket timeout in case of time based checks
2010-12-05 23:18:16 +00:00
Miroslav Stampar
7a5cd3b35f
minor comment update
2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211
Cosmetics
2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3
some fine tuning of dynamicity removing engine
2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Bernardo Damele
0e6359ab6e
Minor layout adjustment
2010-12-03 16:11:35 +00:00
Bernardo Damele
6e73adec47
Get rid of one useless attribute
2010-12-03 16:11:13 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
b824826a89
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
2010-12-03 14:39:51 +00:00
Bernardo Damele
bb40ab9fb0
Major bug fix for default boolean-based vector still work and minor adjustments
2010-12-03 14:31:11 +00:00
Miroslav Stampar
612ee08a0b
added response time kb attribute
2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22
Major bug fix for test on ORDER BY and GROUP BY clauses.
...
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
7d6f51f758
Avoid blank space between prefix and test's payload if it's a stacked queries test
2010-12-03 10:42:46 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
56d2b2f322
Avoid storing to session file also payload delimiters
2010-12-01 10:55:59 +00:00
Bernardo Damele
8d84dcc5dc
More sense
2010-12-01 09:17:17 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Miroslav Stampar
fcdebbd55f
cosmeticados
2010-11-30 14:48:13 +00:00
Miroslav Stampar
47a7708950
minor improvement of dynamic content detection/removal part
2010-11-30 12:45:42 +00:00
Bernardo Damele
8b9706656e
Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
...
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Bernardo Damele
e9291932e5
Apply --level also to User-Agent (level >= 4) and Cookie (level >= 3).
...
GET and POST parameters are always tested.
2010-11-29 16:33:20 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Bernardo Damele
c76d740a25
just a precaution
2010-11-29 15:21:56 +00:00