Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
ae53ad4c30
|
making an update for special case of timed out response
|
2011-03-28 21:05:04 +00:00 |
|
Miroslav Stampar
|
762397854e
|
fix for a bug reported by Kirill (unknown charset '8859-1')
|
2011-03-24 09:27:19 +00:00 |
|
Miroslav Stampar
|
d79fae724c
|
minor refactoring
|
2011-03-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
cbfb10cbd1
|
fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)
|
2011-03-21 16:43:46 +00:00 |
|
Miroslav Stampar
|
b53c9a2599
|
minor fix and some refactoring
|
2011-03-18 00:24:02 +00:00 |
|
Bernardo Damele
|
9526f0c4c2
|
Minor layout adjustments
|
2011-03-17 12:35:40 +00:00 |
|
Miroslav Stampar
|
cbdd9e921e
|
minor cosmetics
|
2011-03-17 12:23:56 +00:00 |
|
Miroslav Stampar
|
6607a240cf
|
added logging to redirecthandler
|
2011-03-17 12:21:27 +00:00 |
|
Miroslav Stampar
|
9a513198dd
|
minor fix regarding last couple of commits
|
2011-03-17 11:25:37 +00:00 |
|
Miroslav Stampar
|
fbd0cfda29
|
minor update toward the implementation of request from Santiago
|
2011-03-17 06:39:05 +00:00 |
|
Miroslav Stampar
|
e64f225e65
|
minor refactoring
|
2011-03-11 20:16:34 +00:00 |
|
Miroslav Stampar
|
2fd3f0d7b2
|
minor update (added comment)
|
2011-03-11 20:07:52 +00:00 |
|
Miroslav Stampar
|
5eae525010
|
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
|
2011-03-11 19:57:44 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
154d947c62
|
minor update
|
2011-03-07 10:15:41 +00:00 |
|
Miroslav Stampar
|
3a1f5744be
|
minor update to make counting variable totally independent of the urllib2's self.retried
|
2011-03-02 10:42:17 +00:00 |
|
Miroslav Stampar
|
a010386a23
|
finally a proper fix for that annoying recursive bug
|
2011-03-02 10:29:38 +00:00 |
|
Miroslav Stampar
|
9856cb71de
|
redo of the last commit with comments added
|
2011-02-28 18:58:05 +00:00 |
|
Miroslav Stampar
|
ade31b2cb0
|
removal of obsolete item
|
2011-02-28 18:49:25 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
63b8156c00
|
some update (if header key is non-unicode comformant)
|
2011-02-25 09:43:04 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
12ede1e5de
|
minor JIC (just-in-case) update
|
2011-02-22 13:18:47 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
dcad5410fe
|
minor refactoring
|
2011-02-22 12:54:22 +00:00 |
|
Miroslav Stampar
|
17c39fe231
|
fix for that non-HTML stuff
|
2011-02-22 11:32:55 +00:00 |
|
Miroslav Stampar
|
0c57f2af0f
|
minor fix
|
2011-02-20 12:20:44 +00:00 |
|
Bernardo Damele
|
60b05ff49f
|
Reflect new switch name
|
2011-02-19 21:05:15 +00:00 |
|
Miroslav Stampar
|
3badf92ceb
|
not doing "basic" filtering in default cases because of a bug reported by Kazim
|
2011-02-18 07:38:13 +00:00 |
|
Bernardo Damele
|
429ab631fe
|
Minor refactoring
|
2011-02-13 21:25:01 +00:00 |
|
Miroslav Stampar
|
1cd483f42f
|
one more update
|
2011-02-12 10:24:09 +00:00 |
|
Miroslav Stampar
|
25a3a64327
|
we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.
|
2011-02-12 10:15:42 +00:00 |
|
Miroslav Stampar
|
535eb9f3eb
|
implementation of referer feature
|
2011-02-11 23:07:03 +00:00 |
|
Bernardo Damele
|
864eade744
|
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
|
2011-02-10 11:14:05 +00:00 |
|
Miroslav Stampar
|
d9af01d73d
|
imporant fix for boolean expression which return [None]
|
2011-02-09 16:53:22 +00:00 |
|
Bernardo Damele
|
156d8cd99b
|
Directory restyling
|
2011-02-08 00:15:02 +00:00 |
|
Miroslav Stampar
|
71d1b72e0e
|
minor adjustment
|
2011-02-07 12:51:38 +00:00 |
|
Bernardo Damele
|
6a71629575
|
Converted from DOS format (\n\r to \n only)
|
2011-02-06 23:25:55 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Miroslav Stampar
|
1af418d444
|
huge bug fix
|
2011-02-04 10:18:26 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
1aecbe6b08
|
minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)
|
2011-02-03 22:59:26 +00:00 |
|
Miroslav Stampar
|
b56a77e573
|
removing obsolete switches (--threshold, --excl-reg, --excl-str)
|
2011-02-03 15:55:19 +00:00 |
|
Miroslav Stampar
|
402c1b622e
|
removing urlencode from UA
|
2011-02-02 15:18:06 +00:00 |
|
Bernardo Damele
|
a37f5e05b9
|
Refactoring
|
2011-02-01 22:27:36 +00:00 |
|
Bernardo Damele
|
9b342a4c95
|
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
|
2011-02-01 22:07:42 +00:00 |
|
Bernardo Damele
|
6761933f75
|
Just.. cosmetics ;)
|
2011-01-31 22:51:14 +00:00 |
|