Commit Graph

148 Commits

Author SHA1 Message Date
Bernardo Damele
2fd9621499 Minor adjustments
Cosmetics
2011-01-31 21:22:39 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Miroslav Stampar
281d124fa6 minor bug fix 2010-12-31 12:04:39 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
cd337d9f39 minor fix 2010-12-26 09:46:09 +00:00
Miroslav Stampar
8470de7b76 bug fix for boolean proxy when using time based payloads 2010-12-23 23:46:08 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00
Miroslav Stampar
7a525f28d4 cosmetics 2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d minor tuning (2 techniques MAX per value used) 2010-12-21 15:24:14 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
b4450c6ddd added one more level of MSSQL version check (if first fails for some reason) 2010-12-17 21:01:14 +00:00
Miroslav Stampar
95b2c0803b minor fix 2010-12-15 20:51:29 +00:00
Miroslav Stampar
cda00c7501 code refactoring 2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24 minor cosmetics 2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c minor cosmetics 2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea quick fix of a fix 2010-12-15 12:10:33 +00:00
Miroslav Stampar
270ae0f080 just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False 2010-12-14 09:05:00 +00:00
Bernardo Damele
a02dd6b55b Minor enhancement to speedup active dbms fingerprint (-f).
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
6a3c4485e6 minor update (removing extra ()) 2010-12-12 14:44:39 +00:00
Miroslav Stampar
e6c66fa37c update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available 2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43 further update regarding bugtrace's report 2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2 quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment) 2010-12-11 17:20:39 +00:00
Miroslav Stampar
3dc0a51d34 major bug fix with boolean expressions 2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b update 2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d fix 2010-12-10 16:03:32 +00:00
Miroslav Stampar
977988c0ab cosmetics 2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80 another update 2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60 fix 2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55 proper fix 2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040 you won't believe commit 2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8 minor refactoring 2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb fix for booleans 2010-12-10 12:26:01 +00:00
Miroslav Stampar
471d9ccd65 another fix of my lala 2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2 quick fix 2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9 update regarding boolean based expressions 2010-12-09 21:15:18 +00:00
Miroslav Stampar
1492823de0 it wasn't pretty, now it's pretty 2010-12-09 20:06:20 +00:00
Miroslav Stampar
3fd1c37d53 update 2010-12-09 07:49:18 +00:00
Bernardo Damele
b5c6527c72 Minor fix 2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. 2010-12-08 23:52:31 +00:00