Commit Graph

2451 Commits

Author SHA1 Message Date
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
13f0d5ce00 minor bug fix 2011-02-22 14:51:42 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Miroslav Stampar
640ba5d744 minor refactoring 2011-02-22 14:19:39 +00:00
Miroslav Stampar
12ede1e5de minor JIC (just-in-case) update 2011-02-22 13:18:47 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe minor refactoring 2011-02-22 12:54:22 +00:00
Miroslav Stampar
17c39fe231 fix for that non-HTML stuff 2011-02-22 11:32:55 +00:00
Miroslav Stampar
ff9080de48 MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL 2011-02-21 20:59:34 +00:00
Miroslav Stampar
08697e60a9 added some Microsoft Access payloads 2011-02-21 20:04:50 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
90582ed7dc minor change 2011-02-21 11:35:21 +00:00
Miroslav Stampar
68a95fd1b1 minor update 2011-02-20 22:45:23 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
a3ba8b6928 --dump now works on MaxDB too 2011-02-20 22:07:12 +00:00
Miroslav Stampar
70449eb01b minor bug fix 2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d minor update 2011-02-20 21:27:38 +00:00
Miroslav Stampar
0e512d3c09 minor update for MaxDB 2011-02-20 21:17:16 +00:00
Miroslav Stampar
59e666d16e --is-dba (related) update for Sybase 2011-02-20 17:28:06 +00:00
Miroslav Stampar
4d52f7fc6e minor fix regarding --dump-table on Sybase for --technique=23 2011-02-20 16:58:01 +00:00
Miroslav Stampar
67ec691eb1 more updates regarding Sybase 2011-02-20 16:28:48 +00:00
Miroslav Stampar
cc47737c44 minor update 2011-02-20 16:00:13 +00:00
Miroslav Stampar
823e4351b5 minor change 2011-02-20 12:34:09 +00:00
Miroslav Stampar
0c57f2af0f minor fix 2011-02-20 12:20:44 +00:00
Miroslav Stampar
2f9227bcce Sybase update (--passwords) 2011-02-20 12:07:32 +00:00
Bernardo Damele
6e1a08a805 Documentation update 2011-02-19 21:08:18 +00:00
Bernardo Damele
023a80c31c Section explanation change to reflect recent enhancements 2011-02-19 21:06:24 +00:00
Bernardo Damele
60b05ff49f Reflect new switch name 2011-02-19 21:05:15 +00:00
Bernardo Damele
8e60acae5d Added support for --scope also in WebScarab logs (-l) 2011-02-19 21:03:55 +00:00
Miroslav Stampar
f30dea74f3 more Sybase updates 2011-02-19 18:36:26 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac some progress regarding SYBASE 2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab minor update regarding Sybase support 2011-02-19 14:07:08 +00:00
Miroslav Stampar
de7ca5a27c minor update 2011-02-19 09:40:41 +00:00
Miroslav Stampar
72fc0a0565 minor refactoring 2011-02-19 09:36:57 +00:00
Miroslav Stampar
5f4ffc9287 update regarding Sybase dumping 2011-02-19 00:36:47 +00:00
Miroslav Stampar
df58bcaf95 minor improvement 2011-02-18 14:27:02 +00:00
Miroslav Stampar
3badf92ceb not doing "basic" filtering in default cases because of a bug reported by Kazim 2011-02-18 07:38:13 +00:00
Miroslav Stampar
6cdf08b81c minor fix 2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00
Miroslav Stampar
7ebc1ab90a minor cosmetics 2011-02-17 08:59:14 +00:00
Bernardo Damele
dcb398f916 Test 2 2011-02-16 11:12:15 +00:00
Bernardo Damele
fc7414db7a Test 2011-02-16 11:09:58 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Bernardo Damele
808b03fc3e Minor reordering 2011-02-14 02:08:11 +00:00
Bernardo Damele
2ea828e416 Proper fix for r3307 (file-write on MySQL via UNION query tech) 2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475 minor update 2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d update regarding explicit testing of ua and referer when using -p 2011-02-13 21:58:48 +00:00
Bernardo Damele
429ab631fe Minor refactoring 2011-02-13 21:25:01 +00:00