Miroslav Stampar
|
97f66a87c5
|
minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message
|
2011-01-23 10:51:57 +00:00 |
|
Miroslav Stampar
|
3a5f0760f6
|
minor optimization (only way to prematurely stop SAX parser)
|
2011-01-23 10:12:01 +00:00 |
|
Miroslav Stampar
|
30cd877c4a
|
fix for URI based injections
|
2011-01-22 16:23:33 +00:00 |
|
Miroslav Stampar
|
7bf05bf2cb
|
minor update
|
2011-01-22 00:12:03 +00:00 |
|
Miroslav Stampar
|
d6d8d54eda
|
implemented Johannes Dahse / Reiners' technique
|
2011-01-22 00:06:27 +00:00 |
|
Miroslav Stampar
|
0743202879
|
minor update
|
2011-01-21 23:54:25 +00:00 |
|
Miroslav Stampar
|
cb0e7080c5
|
more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked)
|
2011-01-21 23:47:45 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Miroslav Stampar
|
79e4b1efd5
|
added new signature for SQLite error messages
|
2011-01-20 22:47:03 +00:00 |
|
Bernardo Damele
|
03a880c6f1
|
Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors
|
2011-01-20 22:02:20 +00:00 |
|
Bernardo Damele
|
0f2634c4b0
|
Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)
|
2011-01-20 22:01:21 +00:00 |
|
Miroslav Stampar
|
bd2e036412
|
minor fix
|
2011-01-20 22:00:16 +00:00 |
|
Bernardo Damele
|
97573693be
|
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
|
2011-01-20 21:59:47 +00:00 |
|
Bernardo Damele
|
f1b402b103
|
Proper handling of CASE in Oracle, finally
|
2011-01-20 21:58:50 +00:00 |
|
Bernardo Damele
|
4128b2c87f
|
Enforce that when --prefix is provided, --suffix is too and viceversa.
|
2011-01-20 21:57:54 +00:00 |
|
Bernardo Damele
|
1d06c64149
|
Indentation fix
|
2011-01-20 21:56:38 +00:00 |
|
Bernardo Damele
|
7d1c704575
|
Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
|
2011-01-20 21:56:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Bernardo Damele
|
e734efcda7
|
Removed deprecated code
|
2011-01-20 21:50:58 +00:00 |
|
Bernardo Damele
|
aa8a20d241
|
Minor bug fix for a traceback
|
2011-01-20 21:50:21 +00:00 |
|
Bernardo Damele
|
1d5050d577
|
Aligned comment
|
2011-01-20 21:49:34 +00:00 |
|
Bernardo Damele
|
77999fb39d
|
Allow in --sql-shell to always ('a') retrieve query output.
Minor bug fix in case with --columns it is not possible to retrieve a column datatype.
|
2011-01-20 21:49:06 +00:00 |
|
Bernardo Damele
|
b1d6040a48
|
Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside)
|
2011-01-20 21:46:56 +00:00 |
|
Bernardo Damele
|
6c490bfc8f
|
Avoid a traceback elsewhere
|
2011-01-20 21:43:41 +00:00 |
|
Bernardo Damele
|
7ce49bcf0d
|
Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this!
Adjusted comments accordingly to new UNION-specific tags.
|
2011-01-20 21:42:55 +00:00 |
|
Miroslav Stampar
|
f6d79f58bc
|
another fix (LIMIT is not a good idea to have in inband queries)
|
2011-01-20 21:13:28 +00:00 |
|
Miroslav Stampar
|
ff1a44c335
|
probably a fix for that SQLite bug reported by Ahmed Shawky
|
2011-01-20 20:30:18 +00:00 |
|
Miroslav Stampar
|
a1d77737f5
|
minor grammar update (this should be a better form)
|
2011-01-20 18:35:21 +00:00 |
|
Miroslav Stampar
|
496a84c356
|
minor update
|
2011-01-20 18:32:04 +00:00 |
|
Miroslav Stampar
|
dd7262d9e6
|
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
|
2011-01-20 17:53:49 +00:00 |
|
Miroslav Stampar
|
ad12242151
|
LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)
|
2011-01-20 16:27:59 +00:00 |
|
Miroslav Stampar
|
e8c037de1a
|
minor update
|
2011-01-20 16:17:38 +00:00 |
|
Miroslav Stampar
|
4e5f0da1ae
|
minor update
|
2011-01-20 16:07:08 +00:00 |
|
Miroslav Stampar
|
2fa066f892
|
added support for WebScarab logs
|
2011-01-20 15:55:50 +00:00 |
|
Miroslav Stampar
|
345e2288e1
|
important fix regarding encoding stuff
|
2011-01-20 13:54:18 +00:00 |
|
Miroslav Stampar
|
f6f4b5e9dd
|
bug fix for charset used in inference for pages retrieved with --null-connection
|
2011-01-20 11:01:01 +00:00 |
|
Miroslav Stampar
|
a4a0f10950
|
minor minor minor
|
2011-01-20 09:25:34 +00:00 |
|
Bernardo Damele
|
50c02fbb37
|
Done with previous refactoring
|
2011-01-20 00:01:06 +00:00 |
|
Bernardo Damele
|
701947490b
|
Two major bug fixes related to UNION technique query forging
|
2011-01-19 23:46:39 +00:00 |
|
Miroslav Stampar
|
7a060e756d
|
dummy fix for SQLite schema retrieval (lots of spaces inside)
|
2011-01-19 23:16:22 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
4bdc19d879
|
minor cosmetics
|
2011-01-19 22:48:06 +00:00 |
|
Miroslav Stampar
|
c106dc829a
|
more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)
|
2011-01-19 22:08:56 +00:00 |
|
Miroslav Stampar
|
7ad41f9b19
|
bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)
|
2011-01-19 21:46:43 +00:00 |
|
Miroslav Stampar
|
aea43a1e43
|
minor refactoring
|
2011-01-19 15:26:57 +00:00 |
|
Miroslav Stampar
|
eadaf680de
|
fuck yea
|
2011-01-19 15:25:48 +00:00 |
|
Miroslav Stampar
|
89e0fd0709
|
back to roots
|
2011-01-19 14:06:26 +00:00 |
|
Bernardo Damele
|
c1f6bf2eda
|
Updated
|
2011-01-18 23:14:35 +00:00 |
|
Bernardo Damele
|
33485198e1
|
Code cleanup
|
2011-01-18 23:05:32 +00:00 |
|
Bernardo Damele
|
eda0b41859
|
Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
|
2011-01-18 23:03:50 +00:00 |
|