Bernardo Damele
|
e47f873fa4
|
Renamed space2extrarandomblank.py to space2mysqlblank.py
|
2011-07-11 09:49:03 +00:00 |
|
Bernardo Damele
|
c9ba58acb6
|
Moved MS Access UNION query tests after generic as generic test must identify MSSQL
|
2011-07-11 09:47:52 +00:00 |
|
Bernardo Damele
|
1e1f429668
|
Minor minor fix
|
2011-07-11 09:22:47 +00:00 |
|
Miroslav Stampar
|
5014475637
|
minor update (changing form of payload[i+1] with payload[i+1:i+2] which is much safer for not crashing the script with invalid char index)
|
2011-07-11 09:22:29 +00:00 |
|
Miroslav Stampar
|
7a6bddf811
|
minor fixes pointed by RS
|
2011-07-11 09:08:24 +00:00 |
|
Miroslav Stampar
|
f5e45bf113
|
quick fix for a bug reported by jovon.itwaru@gmail.com
|
2011-07-11 08:54:39 +00:00 |
|
Miroslav Stampar
|
98958f8808
|
minor minor update
|
2011-07-10 15:41:45 +00:00 |
|
Miroslav Stampar
|
0d6afca7db
|
adding new switch '--smart' by request
|
2011-07-10 15:16:58 +00:00 |
|
Miroslav Stampar
|
5d31eb5ef7
|
cosmetics and also tested against testing env - works perfectly
|
2011-07-10 09:07:07 +00:00 |
|
Miroslav Stampar
|
b3acaf85d8
|
minor update
|
2011-07-10 08:58:55 +00:00 |
|
Miroslav Stampar
|
eb42cedf2a
|
adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment
|
2011-07-10 08:54:22 +00:00 |
|
Miroslav Stampar
|
b7433011f8
|
new tamper script by request
|
2011-07-08 22:48:03 +00:00 |
|
Miroslav Stampar
|
1e182e6c72
|
quick fix
|
2011-07-08 22:34:44 +00:00 |
|
Bernardo Damele
|
05cb65b106
|
Added one more tamper script from Roberto Salgado and minor adjustment to others
|
2011-07-08 13:43:34 +00:00 |
|
Bernardo Damele
|
3985a81cb9
|
Update email addresses
|
2011-07-08 13:39:47 +00:00 |
|
Bernardo Damele
|
651349e229
|
More verbose critical message
|
2011-07-08 13:12:53 +00:00 |
|
Bernardo Damele
|
062c156fc0
|
Added another tamper script from Roberto Salgado
|
2011-07-08 11:03:14 +00:00 |
|
Miroslav Stampar
|
93219b9e13
|
i've accidentally left table_schema removed while doing some tests. now it should be ok
|
2011-07-08 10:24:46 +00:00 |
|
Bernardo Damele
|
b5dd4d4a63
|
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
|
2011-07-08 10:19:01 +00:00 |
|
Miroslav Stampar
|
02bfd05b20
|
more general approach
|
2011-07-08 10:03:14 +00:00 |
|
Miroslav Stampar
|
5443e06430
|
cosmetics (in debug mode [0] is used)
|
2011-07-08 09:43:52 +00:00 |
|
Miroslav Stampar
|
c463c411b9
|
minor update
|
2011-07-08 09:32:58 +00:00 |
|
Miroslav Stampar
|
ba2c06c9dc
|
quick fix
|
2011-07-08 09:01:32 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Bernardo Damele
|
736327c893
|
Added two tamper scripts contributed by Roberto Salgado
|
2011-07-07 18:45:07 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
c6a0b84242
|
Some more common tables and columns
|
2011-07-07 00:23:54 +00:00 |
|
Bernardo Damele
|
9e1a6beb7a
|
Major bug fix in UNION detection, it was a leftover
|
2011-07-07 00:06:20 +00:00 |
|
Bernardo Damele
|
fcd4e94c04
|
Higher chances to detect UNION query SQL injection against Microsoft Access
|
2011-07-06 23:52:44 +00:00 |
|
Bernardo Damele
|
9d2aadd4a6
|
missing docstring details
|
2011-07-06 22:53:22 +00:00 |
|
Bernardo Damele
|
23b4efdcaf
|
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.
|
2011-07-06 21:04:45 +00:00 |
|
Bernardo Damele
|
0d28c1e9e7
|
cosmetics
|
2011-07-06 20:41:13 +00:00 |
|
Bernardo Damele
|
6f6038b534
|
Quick fix (revert..)
|
2011-07-06 11:32:12 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
b8ffcf9495
|
few fixes here and there and multi-core processing for dictionary based hash attack
|
2011-07-04 19:58:41 +00:00 |
|
Bernardo Damele
|
da049110df
|
Minor revert
|
2011-07-04 15:23:05 +00:00 |
|
Miroslav Stampar
|
a1fe9d07ca
|
minor revert
|
2011-07-02 23:00:22 +00:00 |
|
Miroslav Stampar
|
34d9a91af1
|
bulk of fixes
|
2011-07-02 22:48:56 +00:00 |
|
Bernardo Damele
|
861cdb1b14
|
cosmetics
|
2011-07-01 10:04:34 +00:00 |
|
Miroslav Stampar
|
4513ef409e
|
massive (like really massive) dictionary support
|
2011-06-30 23:44:49 +00:00 |
|
Miroslav Stampar
|
43db6b03a7
|
update with a feature request (file with list of wordlist files)
|
2011-06-30 08:42:43 +00:00 |
|
Miroslav Stampar
|
366c2d279d
|
minor update
|
2011-06-30 08:02:52 +00:00 |
|
Miroslav Stampar
|
d063ae91eb
|
propset update
|
2011-06-30 07:55:07 +00:00 |
|
Miroslav Stampar
|
b361f60644
|
minor changes
|
2011-06-30 07:52:13 +00:00 |
|
Miroslav Stampar
|
f3013e4a29
|
minor update
|
2011-06-30 06:39:32 +00:00 |
|
Miroslav Stampar
|
caf22b58bc
|
new tamper script
|
2011-06-30 06:34:24 +00:00 |
|
Miroslav Stampar
|
8a36f7fc03
|
fix for a bug reported by aboynes@gmail.com (UnboundLocalError: local variable 'infoMsg' referenced before assignment)
|
2011-06-29 18:04:58 +00:00 |
|
Miroslav Stampar
|
9e453e8709
|
fix for a bug reported by nightman@email.de
|
2011-06-29 17:49:59 +00:00 |
|
Miroslav Stampar
|
be9b8bca78
|
bug fix
|
2011-06-29 17:39:58 +00:00 |
|