Miroslav Stampar
|
ff9080de48
|
MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL
|
2011-02-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
08697e60a9
|
added some Microsoft Access payloads
|
2011-02-21 20:04:50 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
68a95fd1b1
|
minor update
|
2011-02-20 22:45:23 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
a3ba8b6928
|
--dump now works on MaxDB too
|
2011-02-20 22:07:12 +00:00 |
|
Miroslav Stampar
|
59e666d16e
|
--is-dba (related) update for Sybase
|
2011-02-20 17:28:06 +00:00 |
|
Miroslav Stampar
|
67ec691eb1
|
more updates regarding Sybase
|
2011-02-20 16:28:48 +00:00 |
|
Miroslav Stampar
|
823e4351b5
|
minor change
|
2011-02-20 12:34:09 +00:00 |
|
Miroslav Stampar
|
f30dea74f3
|
more Sybase updates
|
2011-02-19 18:36:26 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
5f4ffc9287
|
update regarding Sybase dumping
|
2011-02-19 00:36:47 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
394ccb5cc5
|
Added query for MSSQL/--privileges
|
2011-02-10 15:52:55 +00:00 |
|
Miroslav Stampar
|
5050a76b59
|
update regarding reading of table names from access system tables
|
2011-02-09 10:33:29 +00:00 |
|
Miroslav Stampar
|
1a5a66870e
|
problem fixed
|
2011-02-07 11:57:41 +00:00 |
|
Bernardo Damele
|
7dcfcca87f
|
Tests' titles adjustments
|
2011-02-06 23:17:39 +00:00 |
|
Miroslav Stampar
|
5ecb75cc56
|
minor update
|
2011-02-06 15:14:07 +00:00 |
|
Miroslav Stampar
|
f754953c4f
|
reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded.
|
2011-02-06 12:33:58 +00:00 |
|
Miroslav Stampar
|
97f9c9d119
|
bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values
|
2011-02-06 12:24:50 +00:00 |
|
Bernardo Damele
|
27601babb4
|
Minor adjustments to levels of boundaries
|
2011-02-04 11:57:47 +00:00 |
|
Miroslav Stampar
|
76ab14f20f
|
revert of r3203
|
2011-02-04 09:30:20 +00:00 |
|
Miroslav Stampar
|
78d696fd4f
|
i believe that this one should be the first level 1 boundary
|
2011-02-03 21:27:03 +00:00 |
|
Miroslav Stampar
|
64f18724ad
|
new default UNION test(s) ranges
|
2011-02-03 16:26:35 +00:00 |
|
Miroslav Stampar
|
4bb7ffcb3a
|
minor update
|
2011-02-03 13:18:43 +00:00 |
|
Bernardo Damele
|
8397c526d8
|
Minor adjustment
|
2011-01-31 21:20:23 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
14de5809ea
|
update
|
2011-01-31 11:08:58 +00:00 |
|
Miroslav Stampar
|
5aa958a146
|
ASCII & CHR is quite common, so removing this one
|
2011-01-24 22:51:15 +00:00 |
|
Miroslav Stampar
|
a1619f84b6
|
changing level of last payload
|
2011-01-24 22:31:26 +00:00 |
|
Miroslav Stampar
|
8155f95b82
|
new payload - PostgreSQL boolean-based blind - Parameter replace (based on CHR(0) - "SQL error: ERROR: null character not permitted")
|
2011-01-24 22:28:54 +00:00 |
|
Miroslav Stampar
|
9f76468005
|
another premiere, yeeej. IDSes, watch yourself :)
|
2011-01-24 21:30:46 +00:00 |
|
Miroslav Stampar
|
2fb0c946d2
|
minor update
|
2011-01-24 21:21:47 +00:00 |
|
Miroslav Stampar
|
15645f50d4
|
world premiere :)
|
2011-01-24 21:21:11 +00:00 |
|
Miroslav Stampar
|
440264341c
|
minor update
|
2011-01-24 17:43:25 +00:00 |
|
Miroslav Stampar
|
0eea5665b2
|
minor update
|
2011-01-24 17:41:36 +00:00 |
|
Bernardo Damele
|
b0dc6c24eb
|
Moved
|
2011-01-24 17:04:49 +00:00 |
|
Miroslav Stampar
|
c188996627
|
patch for possible query optimization (avoid precalculation of 1/0)
|
2011-01-24 16:21:27 +00:00 |
|
Bernardo Damele
|
47fa600c04
|
Minor fix and cosmetics
|
2011-01-24 11:12:33 +00:00 |
|
Miroslav Stampar
|
db76bcb327
|
fix for cases when mixing ingres dbms with spanish word "ingresa"
|
2011-01-23 11:19:10 +00:00 |
|
Miroslav Stampar
|
7bf05bf2cb
|
minor update
|
2011-01-22 00:12:03 +00:00 |
|
Miroslav Stampar
|
d6d8d54eda
|
implemented Johannes Dahse / Reiners' technique
|
2011-01-22 00:06:27 +00:00 |
|
Miroslav Stampar
|
0743202879
|
minor update
|
2011-01-21 23:54:25 +00:00 |
|
Miroslav Stampar
|
cb0e7080c5
|
more appropriate name (on http://websec.wordpress.com/ they use term "conditional" for something very similar, although not stacked)
|
2011-01-21 23:47:45 +00:00 |
|
Miroslav Stampar
|
7c4c79477d
|
world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
|
2011-01-21 18:32:10 +00:00 |
|
Miroslav Stampar
|
79e4b1efd5
|
added new signature for SQLite error messages
|
2011-01-20 22:47:03 +00:00 |
|
Bernardo Damele
|
6c490bfc8f
|
Avoid a traceback elsewhere
|
2011-01-20 21:43:41 +00:00 |
|
Bernardo Damele
|
7ce49bcf0d
|
Sorted boundaries so that the ones with parenthesis are tested first - it has to be like this!
Adjusted comments accordingly to new UNION-specific tags.
|
2011-01-20 21:42:55 +00:00 |
|
Miroslav Stampar
|
f6d79f58bc
|
another fix (LIMIT is not a good idea to have in inband queries)
|
2011-01-20 21:13:28 +00:00 |
|