Bernardo Damele
|
f890b29f81
|
Proper reference to Metasploit Framework as now it's version 4, not 3 anymore
|
2011-09-12 17:26:22 +00:00 |
|
Miroslav Stampar
|
4fb6dab1a2
|
minor bug fix
|
2011-09-12 14:15:57 +00:00 |
|
Miroslav Stampar
|
9a1ac96756
|
bug fix
|
2011-09-11 17:22:27 +00:00 |
|
Miroslav Stampar
|
1bdde51d0e
|
minor just in case update
|
2011-09-11 16:41:07 +00:00 |
|
Miroslav Stampar
|
02f993583b
|
minor bug fix
|
2011-09-09 11:36:09 +00:00 |
|
Miroslav Stampar
|
2f4e34f5a0
|
minor improvement for URI injections
|
2011-09-08 11:13:12 +00:00 |
|
Miroslav Stampar
|
d434047482
|
minor bug fix
|
2011-09-05 09:28:40 +00:00 |
|
Miroslav Stampar
|
382db1b67a
|
degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)
|
2011-08-31 20:35:57 +00:00 |
|
Miroslav Stampar
|
793f1d7774
|
new tampering script
|
2011-08-29 15:42:01 +00:00 |
|
Miroslav Stampar
|
08e0eb9b61
|
minor lower/upper case fix
|
2011-08-29 13:47:32 +00:00 |
|
Miroslav Stampar
|
9be89422da
|
implemented parameter --skip
|
2011-08-29 13:29:42 +00:00 |
|
Miroslav Stampar
|
e0f521cf9d
|
minor update regarding --randomize
|
2011-08-29 13:08:25 +00:00 |
|
Miroslav Stampar
|
ac00014c4a
|
implemented --randomize switch by request
|
2011-08-29 12:50:52 +00:00 |
|
Miroslav Stampar
|
d283e3eb3c
|
adding support for pre-WHERE injections
|
2011-08-24 09:04:18 +00:00 |
|
Miroslav Stampar
|
8fe069b495
|
minor fix
|
2011-08-23 21:48:39 +00:00 |
|
Miroslav Stampar
|
01014eca17
|
by request
|
2011-08-23 21:45:01 +00:00 |
|
Miroslav Stampar
|
606debe55c
|
better language
|
2011-08-23 21:42:34 +00:00 |
|
Miroslav Stampar
|
699cb89711
|
minor corrections to the definition and minor typos
|
2011-08-23 16:56:13 +00:00 |
|
Miroslav Stampar
|
cfc1f2b70b
|
minor update
|
2011-08-22 22:43:14 +00:00 |
|
Miroslav Stampar
|
f4127a80d7
|
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
|
2011-08-22 21:43:46 +00:00 |
|
Miroslav Stampar
|
dafc4d93bd
|
typo
|
2011-08-22 15:05:54 +00:00 |
|
Miroslav Stampar
|
8a174248dc
|
fix for a bug reported by blueBoy
|
2011-08-20 20:08:11 +00:00 |
|
Miroslav Stampar
|
fb6a84b10b
|
minor update (when columns are missing from information_schema too)
|
2011-08-18 07:03:53 +00:00 |
|
Miroslav Stampar
|
cb32d46f2a
|
minor minor update
|
2011-08-18 06:09:12 +00:00 |
|
Miroslav Stampar
|
54bcc35ba7
|
important bug fix (connection exception was causing losing of already retrieved data)
|
2011-08-17 22:31:33 +00:00 |
|
Miroslav Stampar
|
9d31322f3d
|
update regarding special case when conf.uChar appears only in testable pages
|
2011-08-17 21:40:42 +00:00 |
|
Miroslav Stampar
|
75ec146224
|
minor beautification
|
2011-08-17 21:17:02 +00:00 |
|
Miroslav Stampar
|
f46baac70b
|
bug fix (when comment is None this was errornous)
|
2011-08-17 10:58:29 +00:00 |
|
Bernardo Damele
|
9361e633f4
|
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
|
2011-08-16 09:21:01 +00:00 |
|
Miroslav Stampar
|
e1dbb4443b
|
minor update related to the last commit
|
2011-08-16 07:01:14 +00:00 |
|
Miroslav Stampar
|
7cc5743c5d
|
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
|
2011-08-16 06:50:20 +00:00 |
|
Miroslav Stampar
|
600ef3eace
|
minor patch
|
2011-08-16 06:22:04 +00:00 |
|
Miroslav Stampar
|
262996fc5b
|
bug fix
|
2011-08-16 06:14:40 +00:00 |
|
Miroslav Stampar
|
df4abf1af1
|
lowering constant value from 10 to 7 for da peace in da houz
|
2011-08-12 17:19:19 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
e34787db99
|
update
|
2011-08-12 16:06:41 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Bernardo Damele
|
6d22d09a61
|
doc updated
|
2011-08-12 15:03:39 +00:00 |
|
Bernardo Damele
|
5e5133b8e7
|
Should be fixed now
|
2011-08-12 15:00:11 +00:00 |
|
Bernardo Damele
|
1505cb2a80
|
typo
|
2011-08-12 14:51:39 +00:00 |
|
Bernardo Damele
|
702ca22d54
|
Minor bug fix for URI injections
|
2011-08-12 14:48:44 +00:00 |
|
Bernardo Damele
|
28bba9f5e6
|
More verbose warning message
|
2011-08-12 13:47:38 +00:00 |
|
Miroslav Stampar
|
10bdd90e60
|
minor speed optimizations (as a result of profiling)
|
2011-08-12 13:40:37 +00:00 |
|
Bernardo Damele
|
36280b33fa
|
Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site
|
2011-08-12 13:06:40 +00:00 |
|
Bernardo Damele
|
997c9ba1e8
|
Minor adjustments to user's manual
|
2011-08-12 12:56:55 +00:00 |
|
Miroslav Stampar
|
41ae9bc7ff
|
minor bug fix
|
2011-08-09 14:20:25 +00:00 |
|
Miroslav Stampar
|
2ad267132a
|
minor update for empty normal responses (like AJAX requests)
|
2011-08-05 10:55:21 +00:00 |
|
Miroslav Stampar
|
e849b71027
|
minor typo
|
2011-08-03 14:31:42 +00:00 |
|
Miroslav Stampar
|
538b49bcc5
|
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
|
2011-08-03 13:26:38 +00:00 |
|
Miroslav Stampar
|
f7562da754
|
from now on proper union column count should be displayed in injection info output
|
2011-08-03 10:34:50 +00:00 |
|