Bernardo Damele
|
71cb982039
|
Another bug fix to --union-test
|
2010-11-15 21:42:56 +00:00 |
|
Bernardo Damele
|
0bfc1b411a
|
Another bug fix for --union-test
|
2010-11-14 15:39:57 +00:00 |
|
Bernardo Damele
|
8d07272c82
|
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
Now stores/resumes also the exact UNION payload to session file.
|
2010-11-13 23:24:41 +00:00 |
|
Bernardo Damele
|
df5dc10111
|
Major enhancement to --union-test check
|
2010-11-13 22:47:37 +00:00 |
|
Miroslav Stampar
|
42272ca78c
|
minor update
|
2010-11-11 22:26:36 +00:00 |
|
Miroslav Stampar
|
8aefd0bbf7
|
improvement of --common-tables and --common-columns
|
2010-11-11 20:37:25 +00:00 |
|
Miroslav Stampar
|
b43334165d
|
update regarding brute forcing
|
2010-11-09 16:53:33 +00:00 |
|
Miroslav Stampar
|
a7fa8d4975
|
update regarding brute force retrieval of table names and table column names
|
2010-11-09 16:15:55 +00:00 |
|
Miroslav Stampar
|
4be0631161
|
refactoring of brute force techniques
|
2010-11-09 09:42:43 +00:00 |
|
Bernardo Damele
|
45ec8c169a
|
Consistency between --*-test switches/output
|
2010-11-08 16:46:25 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|
Miroslav Stampar
|
3f0a443b83
|
some updates
|
2010-11-04 23:08:59 +00:00 |
|
Miroslav Stampar
|
63af5444fd
|
fix (NameError: global name 'DBMS' is not defined)
|
2010-11-04 12:47:34 +00:00 |
|
Miroslav Stampar
|
cd0d4135ac
|
implemented --banner for MaxDB and some minor fixes
|
2010-11-02 20:51:55 +00:00 |
|
Miroslav Stampar
|
685a8e7d2c
|
refactoring of hard coded dbms names
|
2010-11-02 11:59:24 +00:00 |
|
Miroslav Stampar
|
5269cb8c08
|
some code refactoring and beautification
|
2010-11-02 09:06:38 +00:00 |
|
Miroslav Stampar
|
13e93f564a
|
one bug fix in dynamic content engine and some code refactoring
|
2010-11-02 07:32:08 +00:00 |
|
Miroslav Stampar
|
73b33ed765
|
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
|
2010-11-01 20:56:13 +00:00 |
|
Bernardo Damele
|
486a113560
|
Consolidate logger messages for --*-test switches
|
2010-10-31 16:58:38 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Miroslav Stampar
|
4d70f2c210
|
reverting back to 100
|
2010-10-26 15:42:54 +00:00 |
|
Miroslav Stampar
|
8211e6a2bd
|
possible
|
2010-10-26 11:29:09 +00:00 |
|
Bernardo Damele
|
9b127e58d2
|
Adjusted for MySQL weirdness
|
2010-10-26 09:33:18 +00:00 |
|
Bernardo Damele
|
f5904d0bc0
|
Major bug fix to --union-test
|
2010-10-25 23:39:55 +00:00 |
|
Bernardo Damele
|
215175e3b7
|
Minor code adjustments
|
2010-10-25 14:11:47 +00:00 |
|
Miroslav Stampar
|
db260c44d3
|
minor update
|
2010-10-24 22:25:05 +00:00 |
|
Miroslav Stampar
|
aa931efd4d
|
several MySQL fixes/enhancements pointed out by Anton Mogilin
|
2010-10-24 22:05:14 +00:00 |
|
Miroslav Stampar
|
98f5586b87
|
minor update
|
2010-10-23 08:05:24 +00:00 |
|
Miroslav Stampar
|
bc79eec702
|
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
|
2010-10-21 13:13:12 +00:00 |
|
Bernardo Damele
|
c60edf7c17
|
Minor cosmetics
|
2010-10-20 22:43:02 +00:00 |
|
Bernardo Damele
|
430bb7478f
|
Minor bug fix
|
2010-10-20 21:15:06 +00:00 |
|
Miroslav Stampar
|
34f70657ee
|
fix for NULL values
|
2010-10-20 10:29:18 +00:00 |
|
Miroslav Stampar
|
00449f1402
|
fix/upgrade/chicken soup
|
2010-10-20 09:54:17 +00:00 |
|
Miroslav Stampar
|
e24bff0497
|
nice refactoring
|
2010-10-20 09:46:57 +00:00 |
|
Miroslav Stampar
|
5d3cbec457
|
no more regex. web server independent.
|
2010-10-20 09:35:46 +00:00 |
|
Miroslav Stampar
|
934adb5e8d
|
code refactoring
|
2010-10-20 09:09:04 +00:00 |
|
Bernardo Damele
|
0817d1b78d
|
Cosmetics
|
2010-10-19 23:09:30 +00:00 |
|
Miroslav Stampar
|
1b376c99a6
|
removed temp dictionary and replaced with kb.misc
|
2010-10-19 23:00:19 +00:00 |
|
Miroslav Stampar
|
4009ef385e
|
more update regarding error based injection support
|
2010-10-19 18:17:34 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Miroslav Stampar
|
1336b97c2c
|
removed --useBetween switch and added new tampering module ./tamper/between.py
|
2010-10-15 23:48:07 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Bernardo Damele
|
1674142d82
|
Minor cosmetic fixes
|
2010-10-14 15:28:54 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
cbe7c902c1
|
just a development start of an error based injection support
|
2010-10-04 13:05:51 +00:00 |
|
Miroslav Stampar
|
827cd1d56b
|
minor fix
|
2010-09-13 15:22:29 +00:00 |
|