Miroslav Stampar
|
f31c028232
|
Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436)
|
2011-01-16 10:07:56 +00:00 |
|
Bernardo Damele
|
0fc4ebdc1b
|
Major bug fix.
Minor code refactoring.
|
2011-01-16 01:17:09 +00:00 |
|
Bernardo Damele
|
c0d5daee99
|
More refactoring and cleanup
|
2011-01-16 00:15:30 +00:00 |
|
Bernardo Damele
|
02b333e30b
|
Minor improvement
|
2011-01-15 23:54:03 +00:00 |
|
Miroslav Stampar
|
29ea0950b6
|
now False is also affected (along with None and "")
|
2011-01-15 23:43:26 +00:00 |
|
Bernardo Damele
|
6e4b65a822
|
Minor refactoring
|
2011-01-15 23:28:31 +00:00 |
|
Bernardo Damele
|
558f3894f4
|
Minor improvement
|
2011-01-15 23:20:52 +00:00 |
|
Bernardo Damele
|
d3a28124b1
|
More code cleanup
|
2011-01-15 23:11:36 +00:00 |
|
Bernardo Damele
|
4a35f598b8
|
Minor refactoring
|
2011-01-15 22:09:53 +00:00 |
|
Miroslav Stampar
|
d2ce647113
|
one of my stupidest commits (just in case)
|
2011-01-15 18:17:46 +00:00 |
|
Miroslav Stampar
|
0f565c941e
|
bug fix and proper warning message
|
2011-01-15 16:59:53 +00:00 |
|
Miroslav Stampar
|
e105e1ea32
|
bug fix (some sites raise 404 during union tests)
|
2011-01-15 16:42:33 +00:00 |
|
Miroslav Stampar
|
3873d204bb
|
important update for dictionary attack
|
2011-01-15 15:56:11 +00:00 |
|
Miroslav Stampar
|
e17ac5fdca
|
update
|
2011-01-15 15:14:22 +00:00 |
|
Miroslav Stampar
|
44504746cf
|
minor update
|
2011-01-15 13:43:08 +00:00 |
|
Miroslav Stampar
|
5bdb50c224
|
code review part 3
|
2011-01-15 13:15:10 +00:00 |
|
Miroslav Stampar
|
1fa8f0cba7
|
code reviewing part 2
|
2011-01-15 12:53:40 +00:00 |
|
Miroslav Stampar
|
6a0e0cde3c
|
code review of modules in lib/core directory
|
2011-01-15 12:13:45 +00:00 |
|
Bernardo Damele
|
2d9b151883
|
Minor bug fix
|
2011-01-15 10:14:05 +00:00 |
|
Miroslav Stampar
|
05b2a338fe
|
cosmetics
|
2011-01-14 16:12:44 +00:00 |
|
Miroslav Stampar
|
bff989d348
|
minor update
|
2011-01-14 15:43:53 +00:00 |
|
Miroslav Stampar
|
daf5662eab
|
update
|
2011-01-14 15:33:49 +00:00 |
|
Bernardo Damele
|
1cfd6a6b9d
|
Code cleanup
|
2011-01-14 15:16:34 +00:00 |
|
Miroslav Stampar
|
08f7e20c51
|
minor code refactoring
|
2011-01-14 14:55:59 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Bernardo Damele
|
534f51f9fc
|
Minor bug fix
|
2011-01-14 14:20:28 +00:00 |
|
Bernardo Damele
|
e4e9b11b79
|
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
|
2011-01-14 12:47:07 +00:00 |
|
Bernardo Damele
|
3c95d71ea5
|
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
|
2011-01-14 11:55:20 +00:00 |
|
Bernardo Damele
|
f209b7a65e
|
Updated
|
2011-01-14 09:56:55 +00:00 |
|
Bernardo Damele
|
7d9fd5a7b7
|
Minor bug fix
|
2011-01-14 09:49:14 +00:00 |
|
Miroslav Stampar
|
b2c7ae77d4
|
minor update
|
2011-01-14 09:45:47 +00:00 |
|
Miroslav Stampar
|
676b95b30a
|
minor code refactoring
|
2011-01-14 09:44:56 +00:00 |
|
Bernardo Damele
|
f8c04ce020
|
Minor bug fix
|
2011-01-13 20:59:13 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Miroslav Stampar
|
a1d1f69c3f
|
revert
|
2011-01-13 15:28:08 +00:00 |
|
Miroslav Stampar
|
d937e27b19
|
minor fix
|
2011-01-13 15:19:37 +00:00 |
|
Miroslav Stampar
|
b0fdbdb13b
|
minor update
|
2011-01-13 15:15:56 +00:00 |
|
Bernardo Damele
|
877ea31521
|
Verbose docstring
|
2011-01-13 12:05:14 +00:00 |
|
Miroslav Stampar
|
ac5b49f555
|
update
|
2011-01-13 11:24:03 +00:00 |
|
Bernardo Damele
|
af4ee81e62
|
Cosmetics
|
2011-01-13 11:23:07 +00:00 |
|
Miroslav Stampar
|
ece2eb31ca
|
minor update
|
2011-01-13 11:08:29 +00:00 |
|
Bernardo Damele
|
ee4727850c
|
Minor bug fix
|
2011-01-13 10:29:47 +00:00 |
|
Bernardo Damele
|
ca33728fbc
|
Minor fix to avoid query splitting/unpacking when the statement is EXISTS()
|
2011-01-13 10:00:40 +00:00 |
|
Bernardo Damele
|
be6e2d6a31
|
Important bug fix.
Minor code restyling.
|
2011-01-13 09:41:55 +00:00 |
|
Bernardo Damele
|
1b3717c79c
|
Improvement to make time-based blind to work also against login forms
|
2011-01-12 16:20:29 +00:00 |
|
Bernardo Damele
|
b3a0f38f3f
|
Minor code refactoring and added internal debug prints
|
2011-01-12 12:03:23 +00:00 |
|
Bernardo Damele
|
af9725214a
|
Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
|
2011-01-12 12:01:32 +00:00 |
|
Bernardo Damele
|
d7a7993e0d
|
Minor comment fix
|
2011-01-12 11:57:36 +00:00 |
|
Bernardo Damele
|
3cff42986f
|
Code cleanup
|
2011-01-12 01:17:04 +00:00 |
|
Bernardo Damele
|
8a67aea754
|
One more step to fully working UNION exploitation after merge into detection phase
|
2011-01-12 01:13:32 +00:00 |
|