Commit Graph

3374 Commits

Author SHA1 Message Date
Bernardo Damele
cda25cda2f Cosmetics 2011-07-12 20:49:27 +00:00
Miroslav Stampar
3583d6dd1b quick fixes, more work to do 2011-07-12 20:32:19 +00:00
Miroslav Stampar
0126b8eb0e minor revert (it's illegal to use append for updating one array with another array) 2011-07-12 19:34:54 +00:00
Bernardo Damele
48b7245a33 Minor bug fix 2011-07-12 15:47:04 +00:00
Bernardo Damele
0b8c6e4c81 Minor bug fix 2011-07-12 15:30:40 +00:00
Bernardo Damele
eeb4436471 renamed 2011-07-12 12:48:15 +00:00
Bernardo Damele
42c5bab013 renamed 2011-07-11 23:37:10 +00:00
Miroslav Stampar
a46b5230f5 minor "patch" 2011-07-11 20:33:16 +00:00
Miroslav Stampar
1f826684f6 disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator 2011-07-11 13:16:59 +00:00
Miroslav Stampar
7bc6280d53 possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com 2011-07-11 11:40:27 +00:00
Bernardo Damele
4ae71fd5f4 Updated docstring 2011-07-11 10:39:30 +00:00
Bernardo Damele
86d28947aa updated 2011-07-11 10:07:36 +00:00
Bernardo Damele
2b6b80d7f8 Updated docstring 2011-07-11 10:04:19 +00:00
Bernardo Damele
c9e6fc7695 Added new tamper script, tamper/space2mssqlblank.py from RS 2011-07-11 09:49:58 +00:00
Bernardo Damele
e47f873fa4 Renamed space2extrarandomblank.py to space2mysqlblank.py 2011-07-11 09:49:03 +00:00
Bernardo Damele
c9ba58acb6 Moved MS Access UNION query tests after generic as generic test must identify MSSQL 2011-07-11 09:47:52 +00:00
Bernardo Damele
1e1f429668 Minor minor fix 2011-07-11 09:22:47 +00:00
Miroslav Stampar
5014475637 minor update (changing form of payload[i+1] with payload[i+1:i+2] which is much safer for not crashing the script with invalid char index) 2011-07-11 09:22:29 +00:00
Miroslav Stampar
7a6bddf811 minor fixes pointed by RS 2011-07-11 09:08:24 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Miroslav Stampar
98958f8808 minor minor update 2011-07-10 15:41:45 +00:00
Miroslav Stampar
0d6afca7db adding new switch '--smart' by request 2011-07-10 15:16:58 +00:00
Miroslav Stampar
5d31eb5ef7 cosmetics and also tested against testing env - works perfectly 2011-07-10 09:07:07 +00:00
Miroslav Stampar
b3acaf85d8 minor update 2011-07-10 08:58:55 +00:00
Miroslav Stampar
eb42cedf2a adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment 2011-07-10 08:54:22 +00:00
Miroslav Stampar
b7433011f8 new tamper script by request 2011-07-08 22:48:03 +00:00
Miroslav Stampar
1e182e6c72 quick fix 2011-07-08 22:34:44 +00:00
Bernardo Damele
05cb65b106 Added one more tamper script from Roberto Salgado and minor adjustment to others 2011-07-08 13:43:34 +00:00
Bernardo Damele
3985a81cb9 Update email addresses 2011-07-08 13:39:47 +00:00
Bernardo Damele
651349e229 More verbose critical message 2011-07-08 13:12:53 +00:00
Bernardo Damele
062c156fc0 Added another tamper script from Roberto Salgado 2011-07-08 11:03:14 +00:00
Miroslav Stampar
93219b9e13 i've accidentally left table_schema removed while doing some tests. now it should be ok 2011-07-08 10:24:46 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20 more general approach 2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430 cosmetics (in debug mode [0] is used) 2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9 minor update 2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc quick fix 2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
736327c893 Added two tamper scripts contributed by Roberto Salgado 2011-07-07 18:45:07 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
c6a0b84242 Some more common tables and columns 2011-07-07 00:23:54 +00:00
Bernardo Damele
9e1a6beb7a Major bug fix in UNION detection, it was a leftover 2011-07-07 00:06:20 +00:00
Bernardo Damele
fcd4e94c04 Higher chances to detect UNION query SQL injection against Microsoft Access 2011-07-06 23:52:44 +00:00
Bernardo Damele
9d2aadd4a6 missing docstring details 2011-07-06 22:53:22 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Bernardo Damele
0d28c1e9e7 cosmetics 2011-07-06 20:41:13 +00:00
Bernardo Damele
6f6038b534 Quick fix (revert..) 2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00