Miroslav Stampar
|
8aefd0bbf7
|
improvement of --common-tables and --common-columns
|
2010-11-11 20:37:25 +00:00 |
|
Miroslav Stampar
|
2d872f850a
|
quick fix
|
2010-11-11 19:54:54 +00:00 |
|
Miroslav Stampar
|
be992b4471
|
update regarding common columns existance check
|
2010-11-11 17:09:31 +00:00 |
|
Miroslav Stampar
|
3b996c3ed8
|
adding JSP stager
|
2010-11-11 16:42:01 +00:00 |
|
Miroslav Stampar
|
2d361cb359
|
some minor updates of stager.asp and backdoor.asp, and completely rewritten stager.aspx
|
2010-11-11 10:33:29 +00:00 |
|
Miroslav Stampar
|
24238ccd0b
|
re-renaming of brute force switches. this way is better.
|
2010-11-11 07:57:44 +00:00 |
|
Miroslav Stampar
|
ca06db8f28
|
now, this is the real deal
|
2010-11-11 00:20:47 +00:00 |
|
Miroslav Stampar
|
5034868b36
|
cleaning up of common tables and new common columns
|
2010-11-10 23:31:23 +00:00 |
|
Miroslav Stampar
|
96d88877ba
|
bug fix (reported by ToR)
|
2010-11-10 19:44:51 +00:00 |
|
Miroslav Stampar
|
f3fe19c4e5
|
backdoor for ASP revisited
|
2010-11-10 15:40:17 +00:00 |
|
Miroslav Stampar
|
09836dc568
|
backdoor for ASPX revisited
|
2010-11-10 15:35:22 +00:00 |
|
Miroslav Stampar
|
61b6ad64e3
|
JSP backdoor revisited, and in PHP removed trailing spaces from a blank line
|
2010-11-10 15:13:36 +00:00 |
|
Miroslav Stampar
|
19c1bfa368
|
just a precaution (now i really need to go for a sleep)
|
2010-11-09 23:38:29 +00:00 |
|
Miroslav Stampar
|
88c00e61d3
|
another update
|
2010-11-09 23:35:37 +00:00 |
|
Miroslav Stampar
|
47720a43dd
|
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
|
2010-11-09 23:21:21 +00:00 |
|
Miroslav Stampar
|
5ebd5d935c
|
another name change
|
2010-11-09 22:49:31 +00:00 |
|
Miroslav Stampar
|
06f00cf8c1
|
name change
|
2010-11-09 22:48:22 +00:00 |
|
Miroslav Stampar
|
6807fb04cc
|
minor update
|
2010-11-09 22:44:23 +00:00 |
|
Miroslav Stampar
|
fef60d5cb7
|
some fixes :)
|
2010-11-09 22:32:05 +00:00 |
|
Bernardo Damele
|
1cc99e2247
|
Possible quick fix for missing of True/False comparison of stable-but-not-really pages
|
2010-11-09 21:39:58 +00:00 |
|
Bernardo Damele
|
2205099a5e
|
Python stylish
|
2010-11-09 21:39:05 +00:00 |
|
Miroslav Stampar
|
cee888b613
|
tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)
|
2010-11-09 19:14:55 +00:00 |
|
Miroslav Stampar
|
726825ca70
|
minor update
|
2010-11-09 16:59:36 +00:00 |
|
Miroslav Stampar
|
759433f0f1
|
fix of my mistake
|
2010-11-09 16:54:40 +00:00 |
|
Miroslav Stampar
|
b43334165d
|
update regarding brute forcing
|
2010-11-09 16:53:33 +00:00 |
|
Miroslav Stampar
|
a7fa8d4975
|
update regarding brute force retrieval of table names and table column names
|
2010-11-09 16:15:55 +00:00 |
|
Miroslav Stampar
|
45f2d8f5d2
|
trival update
|
2010-11-09 15:46:09 +00:00 |
|
Miroslav Stampar
|
7752b5efe9
|
minor update
|
2010-11-09 09:51:54 +00:00 |
|
Miroslav Stampar
|
4be0631161
|
refactoring of brute force techniques
|
2010-11-09 09:42:43 +00:00 |
|
Miroslav Stampar
|
221f976fbd
|
minor update
|
2010-11-09 01:23:54 +00:00 |
|
Bernardo Damele
|
45ec8c169a
|
Consistency between --*-test switches/output
|
2010-11-08 16:46:25 +00:00 |
|
Bernardo Damele
|
dac7436edf
|
Fix inconsistence with -b --error-test
|
2010-11-08 15:36:07 +00:00 |
|
Miroslav Stampar
|
fda8752dca
|
revert of some HTTP headers handling
|
2010-11-08 13:26:45 +00:00 |
|
Bernardo Damele
|
0c8918bf07
|
Minor bug fix, thanks Alex
|
2010-11-08 12:45:23 +00:00 |
|
Bernardo Damele
|
78d7b17483
|
More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
|
2010-11-08 12:36:48 +00:00 |
|
Miroslav Stampar
|
eb999de0f1
|
added Range handler (dealing with 206 HTTP messages)
|
2010-11-08 12:26:13 +00:00 |
|
Miroslav Stampar
|
875781bf97
|
another minor fix
|
2010-11-08 11:55:56 +00:00 |
|
Miroslav Stampar
|
4a4a3051e5
|
fix
|
2010-11-08 11:39:07 +00:00 |
|
Miroslav Stampar
|
a3de10e3a2
|
new option -t
|
2010-11-08 11:22:47 +00:00 |
|
Miroslav Stampar
|
4e6d1b5118
|
added "Detection" part in help listing
|
2010-11-08 10:11:43 +00:00 |
|
Miroslav Stampar
|
0d0e2a2228
|
minor update
|
2010-11-08 09:49:57 +00:00 |
|
Miroslav Stampar
|
d551423379
|
further enum refactoring
|
2010-11-08 09:44:32 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Miroslav Stampar
|
8e44aa605a
|
refactoring regarding injection place (more left)
|
2010-11-08 08:02:36 +00:00 |
|
Miroslav Stampar
|
0482e02c37
|
minor optimization
|
2010-11-07 23:37:15 +00:00 |
|
Miroslav Stampar
|
4f346eab33
|
fix for resume from session
|
2010-11-07 23:25:53 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Bernardo Damele
|
27ce4b0cf0
|
Set proper verbose level for dbms direct error messages
|
2010-11-07 22:14:06 +00:00 |
|
Bernardo Damele
|
a96467b3e2
|
Refactoring
|
2010-11-07 21:55:24 +00:00 |
|