Bernardo Damele
|
9fc0bedea8
|
Minor bug fixes
|
2011-01-30 21:01:57 +00:00 |
|
Bernardo Damele
|
2a0b03e5c6
|
Unused import
|
2011-01-30 17:07:27 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Bernardo Damele
|
21e7223779
|
perhaps this is better english
|
2011-01-30 16:34:13 +00:00 |
|
Bernardo Damele
|
8278d821ac
|
Another layout adjustment
|
2011-01-30 16:23:19 +00:00 |
|
Bernardo Damele
|
71d82e6f57
|
Minor layout adjustment
|
2011-01-30 16:19:58 +00:00 |
|
Bernardo Damele
|
02e5c4b1e6
|
Minor bug fix for --sql-query/-shell with error-based technique
|
2011-01-30 14:19:50 +00:00 |
|
Miroslav Stampar
|
bc8f1142c9
|
minor revert
|
2011-01-30 11:41:58 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
3060c369a5
|
minor fix for previous commit
|
2011-01-30 07:44:47 +00:00 |
|
Miroslav Stampar
|
1abf354630
|
minor update
|
2011-01-30 07:41:09 +00:00 |
|
Miroslav Stampar
|
d63339ca26
|
minor bug fix
|
2011-01-30 07:34:07 +00:00 |
|
Miroslav Stampar
|
e8883de2c6
|
minor update regarding unicode decoding of supplied arguments
|
2011-01-29 23:01:39 +00:00 |
|
Miroslav Stampar
|
367d0639f0
|
refactoring (class names should always be Capital cased)
|
2011-01-28 16:36:09 +00:00 |
|
Miroslav Stampar
|
ddd296030d
|
added some more info to unhandled exception message(s)
|
2011-01-28 16:15:45 +00:00 |
|
Miroslav Stampar
|
a184a4c772
|
major of majors bug fix
|
2011-01-28 14:31:25 +00:00 |
|
Miroslav Stampar
|
0f4fb156d3
|
major bug fix
|
2011-01-28 14:09:28 +00:00 |
|
Miroslav Stampar
|
b1c7a17163
|
fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str))
|
2011-01-28 13:26:20 +00:00 |
|
Miroslav Stampar
|
b98cbeee04
|
page for handling binary files
|
2011-01-27 22:00:34 +00:00 |
|
Miroslav Stampar
|
8e74c571bc
|
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
|
2011-01-27 19:44:24 +00:00 |
|
Miroslav Stampar
|
49aeb41be8
|
quick bug fix for FALSE positives with UNION based technique
|
2011-01-27 18:49:44 +00:00 |
|
Miroslav Stampar
|
81722b6881
|
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
|
2011-01-27 18:36:28 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
539168dcca
|
sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)
|
2011-01-27 13:40:42 +00:00 |
|
Miroslav Stampar
|
bb6e36fb02
|
minor updates
|
2011-01-27 12:38:39 +00:00 |
|
Miroslav Stampar
|
3bb4ea2c7a
|
THANKS update
|
2011-01-25 22:29:36 +00:00 |
|
Miroslav Stampar
|
10b723f196
|
minor fix for a bug reported by yonnym@googlemail.com
|
2011-01-25 22:26:28 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
20df2bbd10
|
minor fix
|
2011-01-25 15:44:45 +00:00 |
|
Miroslav Stampar
|
d3ddaba7be
|
minor refactoring
|
2011-01-25 13:04:13 +00:00 |
|
Miroslav Stampar
|
c7f260a8bc
|
minor update
|
2011-01-25 12:54:49 +00:00 |
|
Miroslav Stampar
|
98e48bd682
|
new script
|
2011-01-25 12:48:50 +00:00 |
|
Miroslav Stampar
|
cab86871fe
|
fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)
|
2011-01-25 11:02:41 +00:00 |
|
Miroslav Stampar
|
5692506131
|
this was bad thing to have
|
2011-01-25 01:08:38 +00:00 |
|
Miroslav Stampar
|
5aa958a146
|
ASCII & CHR is quite common, so removing this one
|
2011-01-24 22:51:15 +00:00 |
|
Miroslav Stampar
|
a1619f84b6
|
changing level of last payload
|
2011-01-24 22:31:26 +00:00 |
|
Miroslav Stampar
|
8155f95b82
|
new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted")
|
2011-01-24 22:28:54 +00:00 |
|
Miroslav Stampar
|
9f76468005
|
another premiere, yeeej. IDSes, watch yourself :)
|
2011-01-24 21:30:46 +00:00 |
|
Miroslav Stampar
|
2fb0c946d2
|
minor update
|
2011-01-24 21:21:47 +00:00 |
|
Miroslav Stampar
|
15645f50d4
|
world premiere :)
|
2011-01-24 21:21:11 +00:00 |
|
Miroslav Stampar
|
50969d238b
|
minor update
|
2011-01-24 17:51:56 +00:00 |
|
Miroslav Stampar
|
440264341c
|
minor update
|
2011-01-24 17:43:25 +00:00 |
|
Miroslav Stampar
|
0eea5665b2
|
minor update
|
2011-01-24 17:41:36 +00:00 |
|
Bernardo Damele
|
b0dc6c24eb
|
Moved
|
2011-01-24 17:04:49 +00:00 |
|
Miroslav Stampar
|
6cc69f5e16
|
now --technique is appliable also after the injections have been identified
|
2011-01-24 16:47:24 +00:00 |
|
Miroslav Stampar
|
c188996627
|
patch for possible query optimization (avoid precalculation of 1/0)
|
2011-01-24 16:21:27 +00:00 |
|
Miroslav Stampar
|
81011be0d7
|
minor update of parseTargetUrl method
|
2011-01-24 14:52:50 +00:00 |
|
Bernardo Damele
|
ceca64193b
|
Updated
|
2011-01-24 14:46:41 +00:00 |
|
Miroslav Stampar
|
4093599f38
|
added parseTargetUrl to redirect choice
|
2011-01-24 14:45:35 +00:00 |
|
Bernardo Damele
|
e1db2700f0
|
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
|
2011-01-24 12:25:45 +00:00 |
|