Miroslav Stampar
|
d7cf0de090
|
Fixing INSERT/UPDATE generic boundaries (those previous few were junkies)
|
2012-08-22 14:12:51 +02:00 |
|
Miroslav Stampar
|
8ee9feafb9
|
Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)
|
2012-08-20 21:57:25 +02:00 |
|
Miroslav Stampar
|
6fdbe4eb89
|
Fix by zhouhx@knownsec.com (better LIKE boundaries)
|
2012-08-06 19:04:23 +02:00 |
|
Miroslav Stampar
|
57f2fccc24
|
Revert of a previous commit (actually missing mysql.db is a bonus in this kind of attack :)
|
2012-07-26 11:40:47 +02:00 |
|
Miroslav Stampar
|
ec96689556
|
Safer for provoking 'Subquery returns more than 1 row' state than potentially missing mysql.db
|
2012-07-26 11:39:51 +02:00 |
|
Miroslav Stampar
|
6878ef92b2
|
Style update
|
2012-07-26 11:22:00 +02:00 |
|
Miroslav Stampar
|
ab3160316f
|
Implementation of payloads for Issue #122
|
2012-07-26 11:17:09 +02:00 |
|
Bernardo Damele
|
1928d5464d
|
fixes issue #97
|
2012-07-20 15:56:14 +01:00 |
|
Bernardo Damele
|
243a905788
|
more on issue #97
|
2012-07-17 23:07:16 +01:00 |
|
Bernardo Damele
|
c483e91445
|
added payloads for ORDER BY/GROUP BY time-based injections - issue #97
|
2012-07-17 22:52:28 +01:00 |
|
Bernardo Damele
|
771e7a9fc3
|
Initial commit for issue #97
|
2012-07-17 10:13:09 +01:00 |
|
Miroslav Stampar
|
5d35d255ba
|
minor refactoring
|
2012-06-11 22:27:33 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
3a9e266d78
|
adding revisited wildcard LIKE payloads
|
2012-05-21 21:49:54 +00:00 |
|
Miroslav Stampar
|
602369c762
|
reverting last changes on boundaries
|
2012-05-21 09:20:46 +00:00 |
|
Miroslav Stampar
|
1500b3fccd
|
adding a new payload boundaries by smcintyre@securestate.com
|
2012-05-21 08:31:37 +00:00 |
|
Miroslav Stampar
|
37f2709197
|
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
|
2012-05-09 09:08:23 +00:00 |
|
Miroslav Stampar
|
1e45ee9ab6
|
reverting back to smaller UNION ranges as that mechanism for automatic extending was implemented few days ago
|
2012-04-25 20:37:39 +00:00 |
|
Bernardo Damele
|
eb73cab636
|
increased UNION test ranges
|
2012-04-23 11:54:52 +00:00 |
|
Miroslav Stampar
|
414c74b8aa
|
new payload
|
2012-04-13 08:16:33 +00:00 |
|
Bernardo Damele
|
1f82d29a36
|
switch two conditional payloads for proper detection
|
2012-04-04 10:11:48 +00:00 |
|
Bernardo Damele
|
d5b4b7996a
|
minor revert
|
2012-04-04 00:09:47 +00:00 |
|
Bernardo Damele
|
049c27c739
|
improved detection for INSERT and UPDATE statements
|
2012-04-03 23:29:06 +00:00 |
|
Bernardo Damele
|
40a7232de6
|
Minor fix to avoid useless tests (FROM DUAL is Oracle specific so no point using + to concatenate strings)
|
2012-03-30 16:27:08 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
772ead8d03
|
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
|
2012-03-29 12:44:20 +00:00 |
|
Miroslav Stampar
|
84479eebe9
|
minor fix
|
2012-03-15 08:55:42 +00:00 |
|
Bernardo Damele
|
890bf708bc
|
Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)
|
2012-03-15 00:19:57 +00:00 |
|
Miroslav Stampar
|
ac5a752b12
|
Oracle's XMLType doesn't like '#' char too
|
2012-03-01 11:59:37 +00:00 |
|
Miroslav Stampar
|
f1147035cf
|
minor concision/beautification update
|
2012-01-10 11:50:26 +00:00 |
|
Miroslav Stampar
|
94790bf08a
|
minor update (removing reference to Microsoft Access for Generic payload)
|
2011-12-01 13:25:27 +00:00 |
|
Miroslav Stampar
|
df4e3be191
|
using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)
|
2011-11-23 22:57:02 +00:00 |
|
Miroslav Stampar
|
d8047c79f3
|
reverting back last two commits
|
2011-11-22 15:28:31 +00:00 |
|
Miroslav Stampar
|
73276c0785
|
even better (added long before plugins table)
|
2011-11-22 15:23:31 +00:00 |
|
Miroslav Stampar
|
ff07031170
|
better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)
|
2011-11-22 15:20:12 +00:00 |
|
Miroslav Stampar
|
bbb7e1562d
|
adding AGAINST full-text search boundaries
|
2011-11-12 14:16:43 +00:00 |
|
Miroslav Stampar
|
2e5222bfd8
|
adding INSERT/UPDATE generic boundaries
|
2011-10-28 11:00:09 +00:00 |
|
Miroslav Stampar
|
382db1b67a
|
degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)
|
2011-08-31 20:35:57 +00:00 |
|
Miroslav Stampar
|
d283e3eb3c
|
adding support for pre-WHERE injections
|
2011-08-24 09:04:18 +00:00 |
|
Miroslav Stampar
|
13eb20cea1
|
minor beautification
|
2011-08-03 10:12:06 +00:00 |
|
Bernardo Damele
|
2e20eb1a88
|
Minor fix
|
2011-08-03 10:08:59 +00:00 |
|
Bernardo Damele
|
99a0b62d0d
|
Minor adjustments
|
2011-07-24 22:26:11 +00:00 |
|
Miroslav Stampar
|
ca83305b58
|
added MySQL updatexml error-based payload
|
2011-07-24 21:08:32 +00:00 |
|
Miroslav Stampar
|
a89140e1ce
|
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
|
2011-07-23 06:07:00 +00:00 |
|
Bernardo Damele
|
c9ba58acb6
|
Moved MS Access UNION query tests after generic as generic test must identify MSSQL
|
2011-07-11 09:47:52 +00:00 |
|
Miroslav Stampar
|
5d31eb5ef7
|
cosmetics and also tested against testing env - works perfectly
|
2011-07-10 09:07:07 +00:00 |
|
Miroslav Stampar
|
eb42cedf2a
|
adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment
|
2011-07-10 08:54:22 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
ed4cfbb6d2
|
Minor fix
|
2011-06-27 08:58:59 +00:00 |
|
Miroslav Stampar
|
bedf16b88b
|
adding payloads for time-based injection on SAP MaxDB (heavy query)
|
2011-06-26 23:46:09 +00:00 |
|