Commit Graph

157 Commits

Author SHA1 Message Date
Miroslav Stampar
dcb9c93328 minor cleanup 2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
9eac2339ca 2011-02-06 22:55:26 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Bernardo Damele
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique 2011-01-30 14:19:50 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
a184a4c772 major of majors bug fix 2011-01-28 14:31:25 +00:00
Bernardo Damele
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) 2011-01-20 22:01:21 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
7f7fb93155 cosmetics 2010-12-23 18:44:18 +00:00
Miroslav Stampar
466d61ee85 minor fix 2010-12-21 14:29:47 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
f8a01ddaf8 minor update 2010-12-15 11:21:47 +00:00
Bernardo Damele
db844c1785 No point in showing the error-based inject payload, it's same as the one showed in -v3 2010-12-13 21:35:20 +00:00
Miroslav Stampar
ac9080c07b update 2010-12-11 08:24:29 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
e8be14e00a minor refactoring 2010-12-06 07:48:14 +00:00
Bernardo Damele
11058667e4 Better naming 2010-12-03 14:45:13 +00:00
Bernardo Damele
a9d4b37987 Code cleanup and minor refactoring 2010-12-03 10:51:27 +00:00
Bernardo Damele
283a04e29a On my way to properly parse test's <where> tag in exploitation phase 2010-12-01 23:32:58 +00:00
Bernardo Damele
47f2d22181 Minor bug fix 2010-12-01 17:18:31 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
2708aad504 Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests. 2010-12-01 10:31:50 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
45ec8c169a Consistency between --*-test switches/output 2010-11-08 16:46:25 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
486a113560 Consolidate logger messages for --*-test switches 2010-10-31 16:58:38 +00:00
Miroslav Stampar
5a38ac7ea9 important update regarding (Bug #209) - probably more will be needed 2010-10-29 16:11:50 +00:00
Miroslav Stampar
4d70f2c210 reverting back to 100 2010-10-26 15:42:54 +00:00
Miroslav Stampar
8211e6a2bd possible 2010-10-26 11:29:09 +00:00
Bernardo Damele
9b127e58d2 Adjusted for MySQL weirdness 2010-10-26 09:33:18 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Bernardo Damele
c60edf7c17 Minor cosmetics 2010-10-20 22:43:02 +00:00
Bernardo Damele
430bb7478f Minor bug fix 2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee fix for NULL values 2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402 fix/upgrade/chicken soup 2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497 nice refactoring 2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457 no more regex. web server independent. 2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d code refactoring 2010-10-20 09:09:04 +00:00