Miroslav Stampar
|
2f8846caec
|
Fix for an Issue #636
|
2014-03-11 21:11:51 +01:00 |
|
Miroslav Stampar
|
d1a6a775f1
|
Patch for an Issue #636
|
2014-03-11 21:00:15 +01:00 |
|
Bernardo Damele
|
43a4e85749
|
updated copyright
|
2014-01-13 17:24:49 +00:00 |
|
Miroslav Stampar
|
7718edac9b
|
Fix for an Issue #570
|
2013-12-27 09:40:33 +01:00 |
|
Miroslav Stampar
|
ab64d385d6
|
Bug fix (stacked queries as in PgSQL and MsSQL DNS tunneling queries MUST end with the comment - not the recognized underlying technique's suffix)
|
2013-12-25 22:18:57 +01:00 |
|
Miroslav Stampar
|
953b5815d8
|
Implementation for an Issue #496
|
2013-07-31 21:15:03 +02:00 |
|
stamparm
|
be5ce760b6
|
Fix for an Issue #485 (failing back to single-thread mode if over some bisection length)
|
2013-07-09 10:24:48 +02:00 |
|
stamparm
|
a7787e83b8
|
Minor fix for case-insensitive union duplicates
|
2013-06-18 12:52:36 +02:00 |
|
stamparm
|
6b280d8da4
|
Putting 2 decimal places for debug messages with performed queries (e.g. to handle a problem with 0 seconds roundup)
|
2013-05-28 14:40:45 +02:00 |
|
stamparm
|
b26ecfe087
|
Patch for an Issue #449
|
2013-05-17 15:14:51 +02:00 |
|
stamparm
|
7ba9e75c97
|
Minor update related to the last commit
|
2013-05-16 15:23:20 +02:00 |
|
stamparm
|
7ea8dd9428
|
MySQL is specific (types are automatically being converted without any warning/error)
|
2013-05-16 15:12:36 +02:00 |
|
stamparm
|
41f0e91662
|
Minor update (related to last commit)
|
2013-05-13 14:50:03 +02:00 |
|
stamparm
|
8b64709c17
|
Completing implementation for an Issue #189 (union)
|
2013-05-09 16:36:03 +02:00 |
|
stamparm
|
3873805dab
|
Partial implementation for an Issue #189 (error-based; still partial union left)
|
2013-05-09 16:23:57 +02:00 |
|
stamparm
|
9fe5a8832f
|
Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box)
|
2013-05-09 15:52:18 +02:00 |
|
stamparm
|
03be419d5d
|
Fix for an Issue #447
|
2013-05-07 13:25:30 +02:00 |
|
Miroslav Stampar
|
73917fc9c8
|
Minor update (same, but safer)
|
2013-04-11 21:25:44 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
stamparm
|
558ef0aaff
|
Minor fix
|
2013-03-19 10:42:20 +01:00 |
|
Miroslav Stampar
|
e9b86350f1
|
Patch for an Issue #403
|
2013-03-05 18:32:31 +01:00 |
|
Bernardo Damele
|
0e7f771be6
|
minor adjustment
|
2013-02-15 16:28:09 +00:00 |
|
Bernardo Damele
|
35aa785870
|
bug fix to make --predict-output work also with time-based technique
|
2013-02-15 16:25:33 +00:00 |
|
Miroslav Stampar
|
014e4e0055
|
Minor represenation fix
|
2013-02-15 14:48:24 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Bernardo Damele
|
e03010f48b
|
got rid of unnecessary output for API - #297
|
2013-02-05 15:00:06 +00:00 |
|
Miroslav Stampar
|
01219219fc
|
Minor bug fix (for --first/--last through problematic DBMSes)
|
2013-02-05 15:03:55 +01:00 |
|
Miroslav Stampar
|
31daefc7c9
|
Minor fix (skipping one uneccesary request in single-threaded --first/--last mode)
|
2013-02-05 13:51:35 +01:00 |
|
Miroslav Stampar
|
4f2981f163
|
Minor fix
|
2013-02-04 16:37:54 +01:00 |
|
Miroslav Stampar
|
f4b8a3c1d8
|
Bug fix for boolean (multithreaded Ctrl+C) resumed values
|
2013-02-04 15:49:29 +01:00 |
|
Miroslav Stampar
|
235153ab39
|
Removal of unused imports
|
2013-02-04 15:29:13 +01:00 |
|
Bernardo Damele
|
9370f96a67
|
step by step getting there to partial output presentation to restful API (issue #297), not quite yet though..
|
2013-02-03 22:09:33 +00:00 |
|
Bernardo Damele
|
dc2bbbeaa7
|
minor revert
|
2013-02-03 20:55:58 +00:00 |
|
Bernardo Damele
|
f8bc74758c
|
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297)
|
2013-02-03 11:31:05 +00:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Miroslav Stampar
|
c06f94e2c8
|
Fix for an Issue #378
|
2013-01-25 16:38:41 +01:00 |
|
Bernardo Damele
|
f848f259a6
|
upper() -D value for certain DBMSes
|
2013-01-23 16:22:28 +00:00 |
|
Bernardo Damele
|
012815333c
|
minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite
|
2013-01-23 15:52:03 +00:00 |
|
Miroslav Stampar
|
d6a361f859
|
Proper implementation for --technique=Q --dbms=Firebird
|
2013-01-22 16:31:26 +01:00 |
|
Miroslav Stampar
|
59b02539ca
|
More general approach regarding that last commit
|
2013-01-22 11:34:34 +01:00 |
|
Miroslav Stampar
|
75bf8528d1
|
Minor just in case update
|
2013-01-21 14:50:43 +01:00 |
|
Miroslav Stampar
|
069c6acabd
|
Another update for an Issue #362
|
2013-01-20 22:47:26 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Bernardo Damele
|
c95119559e
|
minor bug fix
|
2013-01-19 00:41:51 +00:00 |
|
Bernardo Damele
|
0e78fbef56
|
correctly format SQLi payload for inline query technique
|
2013-01-19 00:28:03 +00:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
04aa39f0c6
|
Minor update
|
2013-01-15 13:51:19 +01:00 |
|
Miroslav Stampar
|
a5a309212a
|
Fix for an Issue #339
|
2013-01-14 16:18:03 +01:00 |
|
Miroslav Stampar
|
4b79269608
|
Minor bug fix
|
2013-01-11 11:10:18 +01:00 |
|
Miroslav Stampar
|
ec4e49d771
|
Minor refactoring
|
2013-01-10 16:09:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
ca1c0c2a1d
|
Minor style update
|
2013-01-10 11:54:07 +01:00 |
|
Miroslav Stampar
|
bf5544903b
|
Minor style update
|
2013-01-09 16:10:26 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Bernardo Damele
|
c155c6df84
|
minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi
|
2013-01-07 23:31:11 +00:00 |
|
Miroslav Stampar
|
3abe87ac89
|
Minor fix with status update (Issue #305)
|
2013-01-07 18:53:08 +01:00 |
|
Miroslav Stampar
|
a8f02916a9
|
Minor fix (Issue #305)
|
2013-01-07 18:39:35 +01:00 |
|
Miroslav Stampar
|
e219fad8bf
|
Added a short comment
|
2013-01-07 18:19:48 +01:00 |
|
Miroslav Stampar
|
76839ff9d6
|
Fix for an Issue #305
|
2013-01-07 12:52:55 +01:00 |
|
Miroslav Stampar
|
dc21f3ce67
|
Minor just in case filtering of union results
|
2013-01-04 17:09:07 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
75edb84a71
|
Minor update
|
2012-12-30 11:10:32 +01:00 |
|
Miroslav Stampar
|
58ad2f1c5d
|
Revert of last commit and proper fix
|
2012-12-29 10:35:05 +01:00 |
|
Miroslav Stampar
|
0e18fa9c5f
|
Minor fix
|
2012-12-28 23:43:47 +01:00 |
|
Miroslav Stampar
|
77625e5af7
|
Minor revert
|
2012-12-21 19:31:05 +01:00 |
|
Miroslav Stampar
|
8b3e17ed4d
|
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
|
2012-12-21 14:52:47 +01:00 |
|
Miroslav Stampar
|
0d5d84edc7
|
Minor cleanup
|
2012-12-20 21:03:41 +01:00 |
|
Miroslav Stampar
|
712cf4e4db
|
Fix for an Issue #316
|
2012-12-20 20:55:59 +01:00 |
|
Miroslav Stampar
|
c2c4601d6e
|
Minor restyling
|
2012-12-20 11:06:52 +01:00 |
|
Bernardo Damele
|
282aeb734f
|
ORDER BY does not play well with UNION query SQLi (related to issue #313)
|
2012-12-19 13:21:16 +00:00 |
|
Bernardo Damele
|
259b345f1f
|
catch ImportError exception if libmagic is not installed
|
2012-12-19 13:10:54 +00:00 |
|
Bernardo Damele
|
9149d77cc8
|
removed duplicate code - fixes issue #310
|
2012-12-19 12:17:56 +00:00 |
|
Bernardo Damele
|
d80744d3d5
|
preparation for issue #310
|
2012-12-19 11:40:00 +00:00 |
|
Bernardo Damele
|
dee56b17c3
|
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
|
2012-12-19 10:50:15 +00:00 |
|
Miroslav Stampar
|
92e338251a
|
Finally working inference against MySQL/international letters (even chinese)
|
2012-12-19 10:44:02 +01:00 |
|
Bernardo Damele
|
8e95470415
|
minor refactoring
|
2012-12-19 00:46:23 +00:00 |
|
Miroslav Stampar
|
88d8494b5a
|
Implementation for an Issue #307
|
2012-12-18 16:03:35 +01:00 |
|
Miroslav Stampar
|
7f47623876
|
Minor patch
|
2012-12-18 11:10:06 +01:00 |
|
Bernardo Damele
|
1fdd804e94
|
replaced instances of dataToStdout with logger
|
2012-12-17 13:30:21 +00:00 |
|
Bernardo Damele
|
064d443d60
|
replaced unnecessary dataToStdout() call with appropriate logger.info() call
|
2012-12-17 11:30:08 +00:00 |
|
Miroslav Stampar
|
562044577b
|
Implementation for an Issue #292
|
2012-12-11 12:02:06 +01:00 |
|
Miroslav Stampar
|
996e882e78
|
Minor update
|
2012-12-10 17:13:00 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
7304971544
|
Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator'
|
2012-11-29 11:43:49 +01:00 |
|
Miroslav Stampar
|
7c16bfe025
|
Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN )
|
2012-11-29 10:51:59 +01:00 |
|
Miroslav Stampar
|
621ae587c7
|
Fix for an Issue #263
|
2012-11-28 00:03:17 +01:00 |
|
Miroslav Stampar
|
a40d7a5bca
|
Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed)
|
2012-11-15 15:06:54 +01:00 |
|
Miroslav Stampar
|
b75c52f93c
|
Minor display fix (in --hex mode)
|
2012-10-28 12:30:21 +01:00 |
|
Miroslav Stampar
|
25a5073281
|
Bug fix for --hex/--technique=B (especially MsSQL)
|
2012-10-28 12:22:33 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
99ceea5eae
|
Fix for an Issue #214
|
2012-10-23 17:05:45 +02:00 |
|
Miroslav Stampar
|
54d086f409
|
Minor fix
|
2012-10-23 10:02:10 +02:00 |
|
Miroslav Stampar
|
029143880a
|
Displaying hex-decoded resulting output in --hex mode
|
2012-10-22 14:36:01 +02:00 |
|
Miroslav Stampar
|
e61c4c22c9
|
Implementation for an Issue #200
|
2012-10-09 15:19:47 +02:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
560e0fcb25
|
Minor cleanup
|
2012-09-25 14:21:57 +02:00 |
|
Miroslav Stampar
|
cea5127ffd
|
Update for an Issue #6
|
2012-09-06 15:51:38 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
47073f4afd
|
Implementation of an Issue #131
|
2012-07-30 21:50:46 +02:00 |
|
Miroslav Stampar
|
93d35fe522
|
Minor update regarding Issue #129
|
2012-07-30 21:43:32 +02:00 |
|
Miroslav Stampar
|
cc2a916716
|
Fix for an Issue #126
|
2012-07-29 17:33:08 +02:00 |
|
Miroslav Stampar
|
f8c9868cb6
|
Implementation for an Issue #118
|
2012-07-24 15:34:50 +02:00 |
|
Miroslav Stampar
|
0f64e1e6c1
|
Minor update for Issue #94 (not fixing it)
|
2012-07-16 15:43:02 +02:00 |
|
Miroslav Stampar
|
805120ac52
|
Minor refactoring
|
2012-07-14 11:01:30 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Bernardo Damele
|
ea9c66108e
|
cleanup for issue #68
|
2012-07-12 15:38:43 +01:00 |
|
Miroslav Stampar
|
8e18514e56
|
Minor refactoring for all that stickyness
|
2012-07-12 15:58:45 +02:00 |
|
Miroslav Stampar
|
cba2a26b68
|
Finishing Issue #75 (inference dumping)
|
2012-07-12 14:46:57 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Bernardo Damele
|
f704a46341
|
silly blank line added
|
2012-07-12 01:38:29 +01:00 |
|
Bernardo Damele
|
a5924739f6
|
minor code refactoring in preparation of ticket #75
|
2012-07-12 01:12:30 +01:00 |
|
Miroslav Stampar
|
295a7a8e5e
|
Another update for Issue #80
|
2012-07-11 16:14:20 +02:00 |
|
Miroslav Stampar
|
9a4f8d5f45
|
Fix for Issue #80
|
2012-07-11 16:01:25 +02:00 |
|
Bernardo Damele
|
d3da3f5c52
|
refactoring for issue #51
|
2012-07-10 00:19:32 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
Miroslav Stampar
|
1a8ebbfd43
|
Minor refactoring
|
2012-07-06 17:05:47 +02:00 |
|
Bernardo Damele
|
373fea03a3
|
fixed display of TABs
|
2012-07-06 15:13:23 +01:00 |
|
Miroslav Stampar
|
438a636973
|
Fix for issue Issue #60
|
2012-07-06 15:36:32 +02:00 |
|
Miroslav Stampar
|
76f7f907c6
|
Minor update for Issue #61
|
2012-07-06 14:33:40 +02:00 |
|
Miroslav Stampar
|
6a05e3fd79
|
Fix for Issue #61
|
2012-07-06 14:24:44 +02:00 |
|
Miroslav Stampar
|
21d9ae0a2c
|
some more refactoring
|
2012-07-01 01:19:54 +02:00 |
|
Miroslav Stampar
|
32f52cdd04
|
Another language update for Issue #45
|
2012-06-29 10:33:54 +02:00 |
|
Miroslav Stampar
|
f0e39c3fae
|
Language update for Issue #45
|
2012-06-29 10:33:00 +02:00 |
|
Miroslav Stampar
|
c0f16f0c1a
|
Fix for Issue #45
|
2012-06-29 10:31:03 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
6c4bd84d18
|
minor fix (turning back the functionality of kb.suppressResumeInfo)
|
2012-06-25 16:19:51 +00:00 |
|
Miroslav Stampar
|
ec44e88db8
|
lots of refactoring regarding removal of already obsolete session file mechanism
|
2012-06-21 10:09:10 +00:00 |
|
Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
e2a60b302f
|
minor fix
|
2012-06-17 21:21:45 +00:00 |
|
Miroslav Stampar
|
fe49abd45f
|
minor fix
|
2012-06-15 20:49:28 +00:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
76c873a222
|
minor fix
|
2012-06-15 06:22:44 +00:00 |
|
Miroslav Stampar
|
facce2c0df
|
some more cleanup
|
2012-06-14 13:50:36 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
b85a1fc271
|
minor fix
|
2012-06-05 22:55:42 +00:00 |
|
Miroslav Stampar
|
76a4aa19ac
|
some more fine tunning
|
2012-05-28 19:50:12 +00:00 |
|
Miroslav Stampar
|
73dba249e8
|
one more just in case update
|
2012-05-28 19:34:47 +00:00 |
|
Miroslav Stampar
|
190ae4ca13
|
no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)
|
2012-05-28 15:10:17 +00:00 |
|
Miroslav Stampar
|
a70a647aeb
|
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
|
2012-05-28 14:51:23 +00:00 |
|
Miroslav Stampar
|
b1d82422a0
|
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
|
2012-05-28 14:15:04 +00:00 |
|
Miroslav Stampar
|
4e6fcce9ca
|
minor update
|
2012-05-26 07:04:32 +00:00 |
|
Miroslav Stampar
|
ce077137c9
|
minor language update
|
2012-05-26 07:01:37 +00:00 |
|
Miroslav Stampar
|
d335ec0c34
|
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
|
2012-05-26 07:00:26 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
9fa3619262
|
minor fix
|
2012-05-09 14:00:07 +00:00 |
|