Miroslav Stampar
|
5c857779c1
|
important fix for unicode based character inference
|
2011-01-17 10:15:19 +00:00 |
|
Miroslav Stampar
|
0fcca671bd
|
information update regarding common password suffixes
|
2011-01-17 09:28:25 +00:00 |
|
Miroslav Stampar
|
5476a8a27e
|
russian sites are great for testing :)
|
2011-01-16 19:00:19 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
3873d204bb
|
important update for dictionary attack
|
2011-01-15 15:56:11 +00:00 |
|
Miroslav Stampar
|
e17ac5fdca
|
update
|
2011-01-15 15:14:22 +00:00 |
|
Bernardo Damele
|
97ae7e330f
|
cosmetics
|
2011-01-07 17:10:58 +00:00 |
|
Miroslav Stampar
|
7ae5192070
|
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
|
2011-01-05 10:25:07 +00:00 |
|
Miroslav Stampar
|
c83e9f6ca5
|
foundation for filtering binary string values (for example, replacement of non readable chars with #)
|
2011-01-04 21:56:37 +00:00 |
|
Miroslav Stampar
|
aa81ed4033
|
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
|
2011-01-04 15:49:20 +00:00 |
|
Miroslav Stampar
|
8625494ff2
|
added one new quick check for multiple target(s) mode
|
2011-01-03 08:32:06 +00:00 |
|
Miroslav Stampar
|
f762f32de8
|
bug fix for proper --parse-errors on .aspx pages
|
2011-01-02 13:00:04 +00:00 |
|
Miroslav Stampar
|
51a492e17d
|
pretty important commit (now dumped tables are prone to dictionary attack)
|
2010-12-27 10:56:28 +00:00 |
|
Miroslav Stampar
|
b472b96f92
|
bug fix, refactoring and improved extractErrorMessage capabilities
|
2010-12-25 10:16:20 +00:00 |
|
Miroslav Stampar
|
aab14fa2d3
|
minor refactoring/cosmetics
|
2010-12-24 11:06:57 +00:00 |
|
Miroslav Stampar
|
d5eebb1cbf
|
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
|
2010-12-24 09:49:19 +00:00 |
|
Miroslav Stampar
|
7a525f28d4
|
cosmetics
|
2010-12-21 15:26:23 +00:00 |
|
Miroslav Stampar
|
b2e7f9484d
|
minor tuning (2 techniques MAX per value used)
|
2010-12-21 15:24:14 +00:00 |
|
Miroslav Stampar
|
6c1133c4d4
|
some code refactoring
|
2010-12-21 15:13:13 +00:00 |
|
Miroslav Stampar
|
fe67d3827c
|
code refactoring and some fixes
|
2010-12-18 09:51:34 +00:00 |
|
Miroslav Stampar
|
a19cb2c13a
|
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
|
2010-12-17 21:29:09 +00:00 |
|
Bernardo Damele
|
04caef6de0
|
Tuning
|
2010-12-13 23:04:26 +00:00 |
|
Miroslav Stampar
|
c93634b6c7
|
blind dumping of tables in sqlite implemented
|
2010-12-11 22:13:19 +00:00 |
|
Miroslav Stampar
|
f021548bd0
|
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
|
2010-12-11 10:52:04 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|
Miroslav Stampar
|
64cc2588f1
|
now resume is available for time-based blinds too
|
2010-12-08 12:49:26 +00:00 |
|
Miroslav Stampar
|
dc651d59ec
|
little mathematics here and there (used "Rules for normally distributed data")
|
2010-12-07 19:19:12 +00:00 |
|
Miroslav Stampar
|
ecd4a5a532
|
added standard deviation check in time based tests
|
2010-12-07 16:39:31 +00:00 |
|
Miroslav Stampar
|
294119d2ec
|
more advanced time technique(s)
|
2010-12-07 16:04:53 +00:00 |
|
Miroslav Stampar
|
3d87489de5
|
minor update
|
2010-12-07 08:05:03 +00:00 |
|
Miroslav Stampar
|
61f82fd274
|
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
|
2010-12-07 00:27:26 +00:00 |
|
Miroslav Stampar
|
2735848ab6
|
removed ERROR_SPACE
|
2010-12-06 22:40:07 +00:00 |
|
Bernardo Damele
|
2708aad504
|
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
|
2010-12-01 10:31:50 +00:00 |
|
Miroslav Stampar
|
2a8e270bef
|
proper handling of carriage return character from Windows target machines
|
2010-11-16 15:11:03 +00:00 |
|
Miroslav Stampar
|
88c00e61d3
|
another update
|
2010-11-09 23:35:37 +00:00 |
|
Miroslav Stampar
|
5ebd5d935c
|
another name change
|
2010-11-09 22:49:31 +00:00 |
|
Miroslav Stampar
|
06f00cf8c1
|
name change
|
2010-11-09 22:48:22 +00:00 |
|
Miroslav Stampar
|
fef60d5cb7
|
some fixes :)
|
2010-11-09 22:32:05 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
685a8e7d2c
|
refactoring of hard coded dbms names
|
2010-11-02 11:59:24 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Miroslav Stampar
|
be443c6947
|
refactoring regarding __START__,...
|
2010-10-21 09:51:07 +00:00 |
|
Miroslav Stampar
|
e24bff0497
|
nice refactoring
|
2010-10-20 09:46:57 +00:00 |
|
Miroslav Stampar
|
5d3cbec457
|
no more regex. web server independent.
|
2010-10-20 09:35:46 +00:00 |
|
Miroslav Stampar
|
8776db872c
|
minor refactoring
|
2010-10-19 23:05:24 +00:00 |
|
Miroslav Stampar
|
264e0a6fda
|
added support for displaying revision number at unhandled exception message
|
2010-10-19 08:55:14 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
f9f79ffbaf
|
basic stuff for sybase
|
2010-10-12 19:05:12 +00:00 |
|