Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
38dc82e13e
|
If no Accept header field is present, then it is assumed that the client accepts all media types.
|
2011-02-22 22:26:22 +00:00 |
|
Miroslav Stampar
|
13f0d5ce00
|
minor bug fix
|
2011-02-22 14:51:42 +00:00 |
|
Miroslav Stampar
|
d05bd75068
|
adding experimental for --group-concat
|
2011-02-22 14:35:38 +00:00 |
|
Miroslav Stampar
|
640ba5d744
|
minor refactoring
|
2011-02-22 14:19:39 +00:00 |
|
Miroslav Stampar
|
12ede1e5de
|
minor JIC (just-in-case) update
|
2011-02-22 13:18:47 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Miroslav Stampar
|
17c39fe231
|
fix for that non-HTML stuff
|
2011-02-22 11:32:55 +00:00 |
|
Miroslav Stampar
|
ff9080de48
|
MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL
|
2011-02-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
08697e60a9
|
added some Microsoft Access payloads
|
2011-02-21 20:04:50 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
90582ed7dc
|
minor change
|
2011-02-21 11:35:21 +00:00 |
|
Miroslav Stampar
|
68a95fd1b1
|
minor update
|
2011-02-20 22:45:23 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
a3ba8b6928
|
--dump now works on MaxDB too
|
2011-02-20 22:07:12 +00:00 |
|
Miroslav Stampar
|
70449eb01b
|
minor bug fix
|
2011-02-20 21:35:28 +00:00 |
|
Miroslav Stampar
|
345df5968d
|
minor update
|
2011-02-20 21:27:38 +00:00 |
|
Miroslav Stampar
|
0e512d3c09
|
minor update for MaxDB
|
2011-02-20 21:17:16 +00:00 |
|
Miroslav Stampar
|
59e666d16e
|
--is-dba (related) update for Sybase
|
2011-02-20 17:28:06 +00:00 |
|
Miroslav Stampar
|
4d52f7fc6e
|
minor fix regarding --dump-table on Sybase for --technique=23
|
2011-02-20 16:58:01 +00:00 |
|
Miroslav Stampar
|
67ec691eb1
|
more updates regarding Sybase
|
2011-02-20 16:28:48 +00:00 |
|
Miroslav Stampar
|
cc47737c44
|
minor update
|
2011-02-20 16:00:13 +00:00 |
|
Miroslav Stampar
|
823e4351b5
|
minor change
|
2011-02-20 12:34:09 +00:00 |
|
Miroslav Stampar
|
0c57f2af0f
|
minor fix
|
2011-02-20 12:20:44 +00:00 |
|
Miroslav Stampar
|
2f9227bcce
|
Sybase update (--passwords)
|
2011-02-20 12:07:32 +00:00 |
|
Bernardo Damele
|
6e1a08a805
|
Documentation update
|
2011-02-19 21:08:18 +00:00 |
|
Bernardo Damele
|
023a80c31c
|
Section explanation change to reflect recent enhancements
|
2011-02-19 21:06:24 +00:00 |
|
Bernardo Damele
|
60b05ff49f
|
Reflect new switch name
|
2011-02-19 21:05:15 +00:00 |
|
Bernardo Damele
|
8e60acae5d
|
Added support for --scope also in WebScarab logs (-l)
|
2011-02-19 21:03:55 +00:00 |
|
Miroslav Stampar
|
f30dea74f3
|
more Sybase updates
|
2011-02-19 18:36:26 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
cec7694aac
|
some progress regarding SYBASE
|
2011-02-19 14:56:58 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
de7ca5a27c
|
minor update
|
2011-02-19 09:40:41 +00:00 |
|
Miroslav Stampar
|
72fc0a0565
|
minor refactoring
|
2011-02-19 09:36:57 +00:00 |
|
Miroslav Stampar
|
5f4ffc9287
|
update regarding Sybase dumping
|
2011-02-19 00:36:47 +00:00 |
|
Miroslav Stampar
|
df58bcaf95
|
minor improvement
|
2011-02-18 14:27:02 +00:00 |
|
Miroslav Stampar
|
3badf92ceb
|
not doing "basic" filtering in default cases because of a bug reported by Kazim
|
2011-02-18 07:38:13 +00:00 |
|
Miroslav Stampar
|
6cdf08b81c
|
minor fix
|
2011-02-17 21:51:40 +00:00 |
|
Miroslav Stampar
|
22cd49a217
|
--technique can now be something like 123 which includes both techniques 1, 2 and 3
|
2011-02-17 21:39:16 +00:00 |
|
Miroslav Stampar
|
7ebc1ab90a
|
minor cosmetics
|
2011-02-17 08:59:14 +00:00 |
|
Bernardo Damele
|
dcb398f916
|
Test 2
|
2011-02-16 11:12:15 +00:00 |
|
Bernardo Damele
|
fc7414db7a
|
Test
|
2011-02-16 11:09:58 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Bernardo Damele
|
808b03fc3e
|
Minor reordering
|
2011-02-14 02:08:11 +00:00 |
|
Bernardo Damele
|
2ea828e416
|
Proper fix for r3307 (file-write on MySQL via UNION query tech)
|
2011-02-13 22:48:01 +00:00 |
|
Miroslav Stampar
|
417b311475
|
minor update
|
2011-02-13 22:02:47 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Bernardo Damele
|
429ab631fe
|
Minor refactoring
|
2011-02-13 21:25:01 +00:00 |
|