Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
d3ddaba7be
|
minor refactoring
|
2011-01-25 13:04:13 +00:00 |
|
Miroslav Stampar
|
cab86871fe
|
fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)
|
2011-01-25 11:02:41 +00:00 |
|
Miroslav Stampar
|
5692506131
|
this was bad thing to have
|
2011-01-25 01:08:38 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Miroslav Stampar
|
4093599f38
|
added parseTargetUrl to redirect choice
|
2011-01-24 14:45:35 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|
Miroslav Stampar
|
8d0c2efbe2
|
unescaping of char marked payloads
|
2011-01-24 12:00:16 +00:00 |
|
Miroslav Stampar
|
4441e11f68
|
fix for case -r with no params and cookie available
|
2011-01-24 11:26:51 +00:00 |
|
Bernardo Damele
|
47fa600c04
|
Minor fix and cosmetics
|
2011-01-24 11:12:33 +00:00 |
|
Miroslav Stampar
|
a3e3387113
|
fix for proper Firebird resume of version
|
2011-01-24 11:04:32 +00:00 |
|
Miroslav Stampar
|
c1145c244e
|
fix for user-agent injections
|
2011-01-23 23:23:30 +00:00 |
|
Miroslav Stampar
|
818c9787b2
|
minor update
|
2011-01-23 21:20:16 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Miroslav Stampar
|
ff7707579f
|
minor improvement
|
2011-01-23 11:35:24 +00:00 |
|
Miroslav Stampar
|
f5ff78d40c
|
revert
|
2011-01-23 11:21:27 +00:00 |
|
Miroslav Stampar
|
97f66a87c5
|
minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message
|
2011-01-23 10:51:57 +00:00 |
|
Miroslav Stampar
|
3a5f0760f6
|
minor optimization (only way to prematurely stop SAX parser)
|
2011-01-23 10:12:01 +00:00 |
|
Miroslav Stampar
|
30cd877c4a
|
fix for URI based injections
|
2011-01-22 16:23:33 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Bernardo Damele
|
03a880c6f1
|
Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors
|
2011-01-20 22:02:20 +00:00 |
|
Bernardo Damele
|
0f2634c4b0
|
Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)
|
2011-01-20 22:01:21 +00:00 |
|
Bernardo Damele
|
97573693be
|
Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT
|
2011-01-20 21:59:47 +00:00 |
|
Bernardo Damele
|
f1b402b103
|
Proper handling of CASE in Oracle, finally
|
2011-01-20 21:58:50 +00:00 |
|
Bernardo Damele
|
4128b2c87f
|
Enforce that when --prefix is provided, --suffix is too and viceversa.
|
2011-01-20 21:57:54 +00:00 |
|
Bernardo Damele
|
7d1c704575
|
Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
|
2011-01-20 21:56:10 +00:00 |
|
Bernardo Damele
|
9770db597e
|
Centralization of unescape()
|
2011-01-20 21:55:13 +00:00 |
|
Bernardo Damele
|
e734efcda7
|
Removed deprecated code
|
2011-01-20 21:50:58 +00:00 |
|
Miroslav Stampar
|
496a84c356
|
minor update
|
2011-01-20 18:32:04 +00:00 |
|
Miroslav Stampar
|
dd7262d9e6
|
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
|
2011-01-20 17:53:49 +00:00 |
|
Miroslav Stampar
|
ad12242151
|
LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)
|
2011-01-20 16:27:59 +00:00 |
|
Miroslav Stampar
|
e8c037de1a
|
minor update
|
2011-01-20 16:17:38 +00:00 |
|
Miroslav Stampar
|
4e5f0da1ae
|
minor update
|
2011-01-20 16:07:08 +00:00 |
|
Miroslav Stampar
|
2fa066f892
|
added support for WebScarab logs
|
2011-01-20 15:55:50 +00:00 |
|
Miroslav Stampar
|
345e2288e1
|
important fix regarding encoding stuff
|
2011-01-20 13:54:18 +00:00 |
|
Miroslav Stampar
|
f6f4b5e9dd
|
bug fix for charset used in inference for pages retrieved with --null-connection
|
2011-01-20 11:01:01 +00:00 |
|
Miroslav Stampar
|
a4a0f10950
|
minor minor minor
|
2011-01-20 09:25:34 +00:00 |
|
Bernardo Damele
|
701947490b
|
Two major bug fixes related to UNION technique query forging
|
2011-01-19 23:46:39 +00:00 |
|
Miroslav Stampar
|
7a060e756d
|
dummy fix for SQLite schema retrieval (lots of spaces inside)
|
2011-01-19 23:16:22 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
4bdc19d879
|
minor cosmetics
|
2011-01-19 22:48:06 +00:00 |
|
Miroslav Stampar
|
c106dc829a
|
more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)
|
2011-01-19 22:08:56 +00:00 |
|
Miroslav Stampar
|
7ad41f9b19
|
bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)
|
2011-01-19 21:46:43 +00:00 |
|
Miroslav Stampar
|
aea43a1e43
|
minor refactoring
|
2011-01-19 15:26:57 +00:00 |
|
Miroslav Stampar
|
eadaf680de
|
fuck yea
|
2011-01-19 15:25:48 +00:00 |
|
Miroslav Stampar
|
89e0fd0709
|
back to roots
|
2011-01-19 14:06:26 +00:00 |
|
Bernardo Damele
|
33485198e1
|
Code cleanup
|
2011-01-18 23:05:32 +00:00 |
|
Bernardo Damele
|
eda0b41859
|
Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
|
2011-01-18 23:03:50 +00:00 |
|