Commit Graph

3445 Commits

Author SHA1 Message Date
Miroslav Stampar
f31c028232 Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436) 2011-01-16 10:07:56 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Bernardo Damele
02b333e30b Minor improvement 2011-01-15 23:54:03 +00:00
Miroslav Stampar
29ea0950b6 now False is also affected (along with None and "") 2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4 Minor improvement 2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8 Minor refactoring 2011-01-15 22:09:53 +00:00
Miroslav Stampar
d2ce647113 one of my stupidest commits (just in case) 2011-01-15 18:17:46 +00:00
Miroslav Stampar
0f565c941e bug fix and proper warning message 2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
44504746cf minor update 2011-01-15 13:43:08 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c code review of modules in lib/core directory 2011-01-15 12:13:45 +00:00
Bernardo Damele
2d9b151883 Minor bug fix 2011-01-15 10:14:05 +00:00
Miroslav Stampar
05b2a338fe cosmetics 2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348 minor update 2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d Code cleanup 2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
f209b7a65e Updated 2011-01-14 09:56:55 +00:00
Bernardo Damele
7d9fd5a7b7 Minor bug fix 2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020 Minor bug fix 2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f revert 2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19 minor fix 2011-01-13 15:19:37 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521 Verbose docstring 2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555 update 2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62 Cosmetics 2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca minor update 2011-01-13 11:08:29 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
1b3717c79c Improvement to make time-based blind to work also against login forms 2011-01-12 16:20:29 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
d7a7993e0d Minor comment fix 2011-01-12 11:57:36 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00