Bernardo Damele
|
99a0b62d0d
|
Minor adjustments
|
2011-07-24 22:26:11 +00:00 |
|
Miroslav Stampar
|
ca83305b58
|
added MySQL updatexml error-based payload
|
2011-07-24 21:08:32 +00:00 |
|
Miroslav Stampar
|
a89140e1ce
|
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
|
2011-07-23 06:07:00 +00:00 |
|
Bernardo Damele
|
c9ba58acb6
|
Moved MS Access UNION query tests after generic as generic test must identify MSSQL
|
2011-07-11 09:47:52 +00:00 |
|
Miroslav Stampar
|
5d31eb5ef7
|
cosmetics and also tested against testing env - works perfectly
|
2011-07-10 09:07:07 +00:00 |
|
Miroslav Stampar
|
eb42cedf2a
|
adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment
|
2011-07-10 08:54:22 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
ed4cfbb6d2
|
Minor fix
|
2011-06-27 08:58:59 +00:00 |
|
Miroslav Stampar
|
bedf16b88b
|
adding payloads for time-based injection on SAP MaxDB (heavy query)
|
2011-06-26 23:46:09 +00:00 |
|
Miroslav Stampar
|
d0490cc4e7
|
adding payloads for time-based injection on DB2 (heavy query)
|
2011-06-26 16:38:22 +00:00 |
|
Miroslav Stampar
|
0baf931669
|
real generic comment is "-- " not "--" (MySQL doesn't support "--")
|
2011-05-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
171a4c389b
|
added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload
|
2011-05-23 06:24:45 +00:00 |
|
Miroslav Stampar
|
939e6541d0
|
far safer way for dealing with error-based payloads on MySQL (no timeouts with .CHARACTER_SETS on testing platforms versus when used .TABLES)
|
2011-05-19 23:36:51 +00:00 |
|
Miroslav Stampar
|
bd1b07fbc2
|
one more parameter replace payload for MySQL and rising level of GENERATE_SERIES for PostgreSQL
|
2011-05-19 06:32:23 +00:00 |
|
Miroslav Stampar
|
7f086916c0
|
decent parameter replace payload for PostgreSQL (GENERATE_SERIES)
|
2011-05-18 23:40:42 +00:00 |
|
Miroslav Stampar
|
e58d6d2e00
|
removing (CBRT(LN(0)) because it's nothing special compared to standard 1/0; also, removing parameter replacement with returned value 1 as it doesn't have much sense in comparison to origvalue one (which is far more stable and usable)
|
2011-05-18 23:20:02 +00:00 |
|
Miroslav Stampar
|
fe50d09cc8
|
added new payload for PostgreSQL (parameter replace)
|
2011-05-18 23:01:41 +00:00 |
|
Bernardo Damele
|
3a8309c4b0
|
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
|
2011-05-10 15:34:54 +00:00 |
|
Bernardo Damele
|
7df954dd9f
|
paranoy
|
2011-04-21 23:41:25 +00:00 |
|
Miroslav Stampar
|
0764c4c752
|
parenthesis were missing; banning OR NOT from payloads
|
2011-04-21 23:32:53 +00:00 |
|
Bernardo Damele
|
1d61611145
|
leftover
|
2011-04-21 22:46:43 +00:00 |
|
Bernardo Damele
|
870f773d70
|
In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this
|
2011-04-21 20:36:50 +00:00 |
|
Miroslav Stampar
|
75f286cf6d
|
minor update conformant to http://dev.mysql.com/doc/refman/4.1/en/comments.html
|
2011-04-10 23:41:00 +00:00 |
|
Miroslav Stampar
|
3177c6023d
|
lol. re-revert
|
2011-04-10 23:30:56 +00:00 |
|
Bernardo Damele
|
9ea4010508
|
Leave it as is :)
|
2011-04-10 23:20:35 +00:00 |
|
Miroslav Stampar
|
3e680978a9
|
revert of that last commit (waiting for some better days)
|
2011-04-10 23:18:38 +00:00 |
|
Miroslav Stampar
|
f532478a34
|
update of MySQL comments
|
2011-04-10 23:08:18 +00:00 |
|
Bernardo Damele
|
af096b2c83
|
Leave it as is!!!
|
2011-04-10 21:47:23 +00:00 |
|
Bernardo Damele
|
02eeeccd33
|
Added UNION query SQL injection tests also with a random number for columns (not only NULL)
|
2011-04-07 13:39:36 +00:00 |
|
Miroslav Stampar
|
b7813f9e68
|
incrementing level for MySQL stacked payloads
|
2011-03-29 07:31:56 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
eedd6a990d
|
removing space after , for our payloads
|
2011-03-08 14:29:22 +00:00 |
|
Miroslav Stampar
|
ff9080de48
|
MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL
|
2011-02-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
08697e60a9
|
added some Microsoft Access payloads
|
2011-02-21 20:04:50 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
7dcfcca87f
|
Tests' titles adjustments
|
2011-02-06 23:17:39 +00:00 |
|
Miroslav Stampar
|
5ecb75cc56
|
minor update
|
2011-02-06 15:14:07 +00:00 |
|
Miroslav Stampar
|
f754953c4f
|
reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded.
|
2011-02-06 12:33:58 +00:00 |
|
Miroslav Stampar
|
97f9c9d119
|
bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values
|
2011-02-06 12:24:50 +00:00 |
|
Bernardo Damele
|
27601babb4
|
Minor adjustments to levels of boundaries
|
2011-02-04 11:57:47 +00:00 |
|
Miroslav Stampar
|
76ab14f20f
|
revert of r3203
|
2011-02-04 09:30:20 +00:00 |
|
Miroslav Stampar
|
78d696fd4f
|
i believe that this one should be the first level 1 boundary
|
2011-02-03 21:27:03 +00:00 |
|
Miroslav Stampar
|
64f18724ad
|
new default UNION test(s) ranges
|
2011-02-03 16:26:35 +00:00 |
|
Miroslav Stampar
|
5aa958a146
|
ASCII & CHR is quite common, so removing this one
|
2011-01-24 22:51:15 +00:00 |
|
Miroslav Stampar
|
a1619f84b6
|
changing level of last payload
|
2011-01-24 22:31:26 +00:00 |
|
Miroslav Stampar
|
8155f95b82
|
new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted")
|
2011-01-24 22:28:54 +00:00 |
|
Miroslav Stampar
|
9f76468005
|
another premiere, yeeej. IDSes, watch yourself :)
|
2011-01-24 21:30:46 +00:00 |
|
Miroslav Stampar
|
2fb0c946d2
|
minor update
|
2011-01-24 21:21:47 +00:00 |
|
Miroslav Stampar
|
15645f50d4
|
world premiere :)
|
2011-01-24 21:21:11 +00:00 |
|
Bernardo Damele
|
b0dc6c24eb
|
Moved
|
2011-01-24 17:04:49 +00:00 |
|