stamparm
|
a7787e83b8
|
Minor fix for case-insensitive union duplicates
|
2013-06-18 12:52:36 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
7304971544
|
Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator'
|
2012-11-29 11:43:49 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
54d086f409
|
Minor fix
|
2012-10-23 10:02:10 +02:00 |
|
Miroslav Stampar
|
cea5127ffd
|
Update for an Issue #6
|
2012-09-06 15:51:38 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
0f64e1e6c1
|
Minor update for Issue #94 (not fixing it)
|
2012-07-16 15:43:02 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
295a7a8e5e
|
Another update for Issue #80
|
2012-07-11 16:14:20 +02:00 |
|
Miroslav Stampar
|
9a4f8d5f45
|
Fix for Issue #80
|
2012-07-11 16:01:25 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
e2a60b302f
|
minor fix
|
2012-06-17 21:21:45 +00:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
e419177871
|
minor update
|
2012-05-08 17:28:19 +00:00 |
|
Miroslav Stampar
|
eccd4da00f
|
minor fix
|
2012-05-08 15:03:33 +00:00 |
|
Miroslav Stampar
|
938d9ff23e
|
doing all the work for the users so they wouldn't strain their little hands
|
2012-05-08 15:00:23 +00:00 |
|
Miroslav Stampar
|
524dd75ff2
|
that query variable hasn't been used anywhere (obsolete for some time)
|
2012-05-08 14:34:40 +00:00 |
|
Miroslav Stampar
|
3532d23933
|
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
|
2012-04-23 13:41:36 +00:00 |
|
Miroslav Stampar
|
71b0acc16f
|
minor fix (checking for full inband should be done with ORIGINAL - more concise)
|
2012-04-15 16:43:18 +00:00 |
|
Miroslav Stampar
|
5772c52f46
|
minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)
|
2012-04-15 16:33:47 +00:00 |
|
Miroslav Stampar
|
ae8c70e895
|
another cosmetics
|
2012-04-13 15:11:44 +00:00 |
|
Miroslav Stampar
|
d765cdc3a3
|
minor cosmetics
|
2012-04-13 15:10:40 +00:00 |
|
Miroslav Stampar
|
831f79b851
|
minor generalization
|
2012-04-12 09:30:19 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
386e98a0e3
|
using UNION SELECT for where=..NEGATIVE
|
2012-02-22 09:41:58 +00:00 |
|
Miroslav Stampar
|
e50d64546f
|
minor fix
|
2012-02-07 14:57:48 +00:00 |
|
Miroslav Stampar
|
2b05ded9c3
|
just a makeup
|
2012-02-07 12:05:23 +00:00 |
|
Miroslav Stampar
|
8405ef59ac
|
some estetic updates
|
2012-02-01 14:49:42 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
316e27a809
|
minor update
|
2011-12-15 10:19:31 +00:00 |
|
Miroslav Stampar
|
2ed3efba12
|
speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)
|
2011-11-22 08:39:13 +00:00 |
|
Miroslav Stampar
|
6d64f87190
|
minor update
|
2011-10-24 00:46:54 +00:00 |
|
Miroslav Stampar
|
7c626f1dbe
|
minor fix
|
2011-10-23 23:18:39 +00:00 |
|
Miroslav Stampar
|
d77a5f5928
|
update (generalizing ORDER BY approach)
|
2011-10-23 23:02:01 +00:00 |
|
Miroslav Stampar
|
1c3f4e9e54
|
minor update
|
2011-10-23 08:44:21 +00:00 |
|
Miroslav Stampar
|
25f0ec3597
|
some minor range to xrange conversion (where safe to do)
|
2011-10-21 22:34:27 +00:00 |
|
Miroslav Stampar
|
7a3096ce25
|
some refactoring
|
2011-10-21 21:12:48 +00:00 |
|
Miroslav Stampar
|
9356f8005c
|
important bug fix
|
2011-10-21 21:07:06 +00:00 |
|
Miroslav Stampar
|
0a8e45955c
|
minor update
|
2011-10-21 20:44:18 +00:00 |
|
Miroslav Stampar
|
7e80274fac
|
refactoring
|
2011-09-25 21:10:45 +00:00 |
|
Miroslav Stampar
|
8fe069b495
|
minor fix
|
2011-08-23 21:48:39 +00:00 |
|
Miroslav Stampar
|
cfc1f2b70b
|
minor update
|
2011-08-22 22:43:14 +00:00 |
|
Miroslav Stampar
|
f4127a80d7
|
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
|
2011-08-22 21:43:46 +00:00 |
|
Miroslav Stampar
|
cb32d46f2a
|
minor minor update
|
2011-08-18 06:09:12 +00:00 |
|
Miroslav Stampar
|
9d31322f3d
|
update regarding special case when conf.uChar appears only in testable pages
|
2011-08-17 21:40:42 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Miroslav Stampar
|
e849b71027
|
minor typo
|
2011-08-03 14:31:42 +00:00 |
|
Miroslav Stampar
|
538b49bcc5
|
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
|
2011-08-03 13:26:38 +00:00 |
|
Miroslav Stampar
|
9423d15fb3
|
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
|
2011-08-03 09:08:16 +00:00 |
|
Miroslav Stampar
|
3a3561fdaa
|
doing proper big table support for partial union too
|
2011-07-24 20:36:44 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
9e1a6beb7a
|
Major bug fix in UNION detection, it was a leftover
|
2011-07-07 00:06:20 +00:00 |
|
Bernardo Damele
|
f8c32cf6b9
|
Moved folder
|
2011-06-18 12:34:41 +00:00 |
|