| 
							
							
								 Miroslav Stampar | e8883de2c6 | minor update regarding unicode decoding of supplied arguments | 2011-01-29 23:01:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 367d0639f0 | refactoring (class names should always be Capital cased) | 2011-01-28 16:36:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ddd296030d | added some more info to unhandled exception message(s) | 2011-01-28 16:15:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a184a4c772 | major of majors bug fix | 2011-01-28 14:31:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0f4fb156d3 | major bug fix | 2011-01-28 14:09:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b1c7a17163 | fix for a bug reported by malice.anon@gmail.com (UnicodeEncodeError..self.sock.sendall(str)) | 2011-01-28 13:26:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b98cbeee04 | page for handling binary files | 2011-01-27 22:00:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8e74c571bc | centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels | 2011-01-27 19:44:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 49aeb41be8 | quick bug fix for FALSE positives with UNION based technique | 2011-01-27 18:49:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 81722b6881 | major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) | 2011-01-27 18:36:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 03413bd5e0 | minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) | 2011-01-27 16:55:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 539168dcca | sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there) | 2011-01-27 13:40:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bb6e36fb02 | minor updates | 2011-01-27 12:38:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3bb4ea2c7a | THANKS update | 2011-01-25 22:29:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 10b723f196 | minor fix for a bug reported by yonnym@googlemail.com | 2011-01-25 22:26:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 430fd5cd63 | minor fixes | 2011-01-25 16:05:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 20df2bbd10 | minor fix | 2011-01-25 15:44:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d3ddaba7be | minor refactoring | 2011-01-25 13:04:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c7f260a8bc | minor update | 2011-01-25 12:54:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 98e48bd682 | new script | 2011-01-25 12:48:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cab86871fe | fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) | 2011-01-25 11:02:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5692506131 | this was bad thing to have | 2011-01-25 01:08:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5aa958a146 | ASCII & CHR is quite common, so removing this one | 2011-01-24 22:51:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a1619f84b6 | changing level of last payload | 2011-01-24 22:31:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8155f95b82 | new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted") | 2011-01-24 22:28:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9f76468005 | another premiere, yeeej. IDSes, watch yourself :) | 2011-01-24 21:30:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2fb0c946d2 | minor update | 2011-01-24 21:21:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 15645f50d4 | world premiere :) | 2011-01-24 21:21:11 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 50969d238b | minor update | 2011-01-24 17:51:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 440264341c | minor update | 2011-01-24 17:43:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0eea5665b2 | minor update | 2011-01-24 17:41:36 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b0dc6c24eb | Moved | 2011-01-24 17:04:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6cc69f5e16 | now --technique is appliable also after the injections have been identified | 2011-01-24 16:47:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c188996627 | patch for possible query optimization (avoid precalculation of 1/0) | 2011-01-24 16:21:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 81011be0d7 | minor update of parseTargetUrl method | 2011-01-24 14:52:50 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ceca64193b | Updated | 2011-01-24 14:46:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4093599f38 | added parseTargetUrl to redirect choice | 2011-01-24 14:45:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | e1db2700f0 | Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads | 2011-01-24 12:25:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8d0c2efbe2 | unescaping of char marked payloads | 2011-01-24 12:00:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4441e11f68 | fix for case -r with no params and cookie available | 2011-01-24 11:26:51 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 47fa600c04 | Minor fix and cosmetics | 2011-01-24 11:12:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a3e3387113 | fix for proper Firebird resume of version | 2011-01-24 11:04:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eb33612736 | fix | 2011-01-24 10:20:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c1145c244e | fix for user-agent injections | 2011-01-23 23:23:30 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 818c9787b2 | minor update | 2011-01-23 21:20:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b18397fbc7 | major revisit of --os-shell methods | 2011-01-23 20:47:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ff7707579f | minor improvement | 2011-01-23 11:35:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f5ff78d40c | revert | 2011-01-23 11:21:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | db76bcb327 | fix for cases when mixing ingres dbms with spanish word "ingresa" | 2011-01-23 11:19:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 97f66a87c5 | minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message | 2011-01-23 10:51:57 +00:00 |  |