Miroslav Stampar
|
05a0e1d3b0
|
fix for a bug reported by m4l1c3 (TypeError: not all arguments converted during string formatting)
|
2011-04-15 11:34:14 +00:00 |
|
Miroslav Stampar
|
136e85abf3
|
little refresh of PHPIDS rules for --check-payload
|
2011-04-11 15:37:49 +00:00 |
|
Miroslav Stampar
|
75f286cf6d
|
minor update conformant to http://dev.mysql.com/doc/refman/4.1/en/comments.html
|
2011-04-10 23:41:00 +00:00 |
|
Miroslav Stampar
|
3177c6023d
|
lol. re-revert
|
2011-04-10 23:30:56 +00:00 |
|
Bernardo Damele
|
9ea4010508
|
Leave it as is :)
|
2011-04-10 23:20:35 +00:00 |
|
Miroslav Stampar
|
3e680978a9
|
revert of that last commit (waiting for some better days)
|
2011-04-10 23:18:38 +00:00 |
|
Miroslav Stampar
|
f532478a34
|
update of MySQL comments
|
2011-04-10 23:08:18 +00:00 |
|
Bernardo Damele
|
af096b2c83
|
Leave it as is!!!
|
2011-04-10 21:47:23 +00:00 |
|
Miroslav Stampar
|
d0cef21d9c
|
fix
|
2011-04-10 21:19:34 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Bernardo Damele
|
02eeeccd33
|
Added UNION query SQL injection tests also with a random number for columns (not only NULL)
|
2011-04-07 13:39:36 +00:00 |
|
Miroslav Stampar
|
ca009e9fe2
|
minor update
|
2011-04-07 10:43:19 +00:00 |
|
Miroslav Stampar
|
672abc27fd
|
minor adjustment of livetests for new flavor of --technique
|
2011-04-07 10:41:12 +00:00 |
|
Miroslav Stampar
|
e27afef6be
|
minor update regarding --current-db on Oracle
|
2011-04-01 15:56:11 +00:00 |
|
Miroslav Stampar
|
60102209f6
|
quick fix for a bug reported by Kirill (AttributeError: 'NoneType' object has no attribute 'split')
|
2011-04-01 11:14:24 +00:00 |
|
Miroslav Stampar
|
b7813f9e68
|
incrementing level for MySQL stacked payloads
|
2011-03-29 07:31:56 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
73e5d20ade
|
bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)
|
2011-03-28 11:01:55 +00:00 |
|
Miroslav Stampar
|
5eb7787fc9
|
adding partial union cases to the live tests
|
2011-03-25 15:56:15 +00:00 |
|
Miroslav Stampar
|
670aa7f99b
|
update for live tests (added dumping of columns and table values)
|
2011-03-25 15:37:11 +00:00 |
|
Miroslav Stampar
|
e80c9e08d8
|
minor update regarding --live-test
|
2011-03-25 09:03:08 +00:00 |
|
Miroslav Stampar
|
82ab4c8dc2
|
minor fix (ORDER BY 1 screws things up in blind mode)
|
2011-03-24 14:19:32 +00:00 |
|
Miroslav Stampar
|
06a5c39efe
|
fix related to the bug reported by Alone Shell
|
2011-03-24 14:03:40 +00:00 |
|
Miroslav Stampar
|
cef2c0879d
|
adding live test cases for --technique=1 too
|
2011-03-24 12:19:40 +00:00 |
|
Miroslav Stampar
|
33c01726dd
|
adding basic live tests for MSSQL too
|
2011-03-24 12:01:53 +00:00 |
|
Miroslav Stampar
|
2b15ad57c2
|
basic live tests against 3 major DBMSes
|
2011-03-24 11:47:01 +00:00 |
|
Miroslav Stampar
|
b72cdfe9e6
|
fix for mssql regarding usage of schema names reported by jabra@spl0it.org
|
2011-03-23 10:40:34 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
4889764114
|
minor update regarding last commit
|
2011-03-21 11:40:27 +00:00 |
|
Miroslav Stampar
|
5291fe35c9
|
proper implementation of --dbs on Oracle (we are using now schema names as a counterpart to dbs in other DBMSes)
|
2011-03-21 11:29:43 +00:00 |
|
Miroslav Stampar
|
0535225fe7
|
throwing out obsolete ORDER BY 1 from inband queries
|
2011-03-16 14:18:12 +00:00 |
|
Miroslav Stampar
|
eedd6a990d
|
removing space after , for our payloads
|
2011-03-08 14:29:22 +00:00 |
|
Miroslav Stampar
|
3dc31f6273
|
removing spaces after , in our queries
|
2011-03-08 14:07:26 +00:00 |
|
Miroslav Stampar
|
ff9080de48
|
MaxDB always precalculates values for both TRUE and FALSE, hence we can't trick him to run any "faulty" command (e.g. 1/0). This payload is fairly ok because in case of FALSE --> something=NULL is always NULL
|
2011-02-21 20:59:34 +00:00 |
|
Miroslav Stampar
|
08697e60a9
|
added some Microsoft Access payloads
|
2011-02-21 20:04:50 +00:00 |
|
Bernardo Damele
|
3e8c204121
|
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
|
2011-02-21 16:00:56 +00:00 |
|
Miroslav Stampar
|
68a95fd1b1
|
minor update
|
2011-02-20 22:45:23 +00:00 |
|
Miroslav Stampar
|
aac817935a
|
further improvement of MaxDB support
|
2011-02-20 22:41:42 +00:00 |
|
Miroslav Stampar
|
a3ba8b6928
|
--dump now works on MaxDB too
|
2011-02-20 22:07:12 +00:00 |
|
Miroslav Stampar
|
59e666d16e
|
--is-dba (related) update for Sybase
|
2011-02-20 17:28:06 +00:00 |
|
Miroslav Stampar
|
67ec691eb1
|
more updates regarding Sybase
|
2011-02-20 16:28:48 +00:00 |
|
Miroslav Stampar
|
823e4351b5
|
minor change
|
2011-02-20 12:34:09 +00:00 |
|
Miroslav Stampar
|
f30dea74f3
|
more Sybase updates
|
2011-02-19 18:36:26 +00:00 |
|
Miroslav Stampar
|
b71bb321dd
|
some more Sybase updates
|
2011-02-19 18:04:27 +00:00 |
|
Miroslav Stampar
|
e0efe453ab
|
minor update regarding Sybase support
|
2011-02-19 14:07:08 +00:00 |
|
Miroslav Stampar
|
5f4ffc9287
|
update regarding Sybase dumping
|
2011-02-19 00:36:47 +00:00 |
|
Miroslav Stampar
|
5fb11fd173
|
update regarding multiple DBMS payloads
|
2011-02-13 21:20:21 +00:00 |
|
Bernardo Damele
|
394ccb5cc5
|
Added query for MSSQL/--privileges
|
2011-02-10 15:52:55 +00:00 |
|
Miroslav Stampar
|
5050a76b59
|
update regarding reading of table names from access system tables
|
2011-02-09 10:33:29 +00:00 |
|
Miroslav Stampar
|
1a5a66870e
|
problem fixed
|
2011-02-07 11:57:41 +00:00 |
|