Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							df5f6bc1b7 
							
						 
					 
					
						
						
							
							Little precaution  
						
						
						
					 
					
						2010-12-09 14:06:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c01be0eeb 
							
						 
					 
					
						
						
							
							Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).  
						
						
						
					 
					
						2010-12-09 00:34:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c61adb21d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-09 00:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							10ef2b5de8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-08 23:09:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81c16926c1 
							
						 
					 
					
						
						
							
							code refactoring some more  
						
						
						
					 
					
						2010-12-08 14:46:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed09c53ee4 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-08 14:27:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae2fa7f1a 
							
						 
					 
					
						
						
							
							update regarding time based payloads  
						
						
						
					 
					
						2010-12-08 11:26:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a63f5b1e 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 23:49:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							575e50673b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 19:27:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							398b82644a 
							
						 
					 
					
						
						
							
							little explanation  
						
						
						
					 
					
						2010-12-07 19:25:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee72838231 
							
						 
					 
					
						
						
							
							Removed debug print  
						
						
						
					 
					
						2010-12-07 17:19:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f97312f29 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-07 17:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd4a5a532 
							
						 
					 
					
						
						
							
							added standard deviation check in time based tests  
						
						
						
					 
					
						2010-12-07 16:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4959da3ce6 
							
						 
					 
					
						
						
							
							it's a must to double check time based payloads  
						
						
						
					 
					
						2010-12-07 14:59:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e53fef546e 
							
						 
					 
					
						
						
							
							update regarding session page templates  
						
						
						
					 
					
						2010-12-07 14:35:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							add6235b16 
							
						 
					 
					
						
						
							
							removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session  
						
						
						
					 
					
						2010-12-07 14:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc630203f 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-07 13:34:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e78057ac8 
							
						 
					 
					
						
						
							
							Added counter of total HTTP(s) requests done during detection phase  
						
						
						
					 
					
						2010-12-07 12:33:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d87489de5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 08:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0da1ebde7d 
							
						 
					 
					
						
						
							
							introducing PostgreSQL time based blind  
						
						
						
					 
					
						2010-12-07 00:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							61f82fd274 
							
						 
					 
					
						
						
							
							introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic  
						
						
						
					 
					
						2010-12-07 00:27:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2735848ab6 
							
						 
					 
					
						
						
							
							removed ERROR_SPACE  
						
						
						
					 
					
						2010-12-06 22:40:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9ccc8f90a3 
							
						 
					 
					
						
						
							
							minor cosmetic update ("heuristics shows" is not grammatically correct)  
						
						
						
					 
					
						2010-12-06 18:47:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d336f1df23 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-06 18:44:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27ee9a5ccf 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 15:50:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5189f138d7 
							
						 
					 
					
						
						
							
							increasing socket timeout in case of time based checks  
						
						
						
					 
					
						2010-12-05 23:18:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a5cd3b35f 
							
						 
					 
					
						
						
							
							minor comment update  
						
						
						
					 
					
						2010-12-05 11:15:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							618b3b0211 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-05 11:05:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e5f933ace 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-12-04 15:47:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1f795622b3 
							
						 
					 
					
						
						
							
							some fine tuning of dynamicity removing engine  
						
						
						
					 
					
						2010-12-04 13:39:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eeb199375b 
							
						 
					 
					
						
						
							
							usage of compiled regexes in case of dynamic markings and other refactoring  
						
						
						
					 
					
						2010-12-04 13:23:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc7a8f9e8 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-04 10:13:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04714374f9 
							
						 
					 
					
						
						
							
							now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))  
						
						
						
					 
					
						2010-12-04 10:05:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0e6359ab6e 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2010-12-03 16:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e73adec47 
							
						 
					 
					
						
						
							
							Get rid of one useless attribute  
						
						
						
					 
					
						2010-12-03 16:11:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11058667e4 
							
						 
					 
					
						
						
							
							Better naming  
						
						
						
					 
					
						2010-12-03 14:45:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b824826a89 
							
						 
					 
					
						
						
							
							Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses  
						
						
						
					 
					
						2010-12-03 14:39:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bb40ab9fb0 
							
						 
					 
					
						
						
							
							Major bug fix for default boolean-based vector still work and minor adjustments  
						
						
						
					 
					
						2010-12-03 14:31:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							612ee08a0b 
							
						 
					 
					
						
						
							
							added response time kb attribute  
						
						
						
					 
					
						2010-12-03 13:19:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4dec049c22 
							
						 
					 
					
						
						
							
							Major bug fix for test on ORDER BY and GROUP BY clauses.  
						
						... 
						
						
						
						Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value). 
						
					 
					
						2010-12-03 12:00:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d6f51f758 
							
						 
					 
					
						
						
							
							Avoid blank space between prefix and test's payload if it's a stacked queries test  
						
						
						
					 
					
						2010-12-03 10:42:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							283a04e29a 
							
						 
					 
					
						
						
							
							On my way to properly parse test's <where> tag in exploitation phase  
						
						
						
					 
					
						2010-12-01 23:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							089c16a1b8 
							
						 
					 
					
						
						
							
							Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.  
						
						... 
						
						
						
						Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders. 
						
					 
					
						2010-12-01 17:09:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							56d2b2f322 
							
						 
					 
					
						
						
							
							Avoid storing to session file also payload delimiters  
						
						
						
					 
					
						2010-12-01 10:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d84dcc5dc 
							
						 
					 
					
						
						
							
							More sense  
						
						
						
					 
					
						2010-12-01 09:17:17 +00:00