Miroslav Stampar
|
f4127a80d7
|
improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)
|
2011-08-22 21:43:46 +00:00 |
|
Miroslav Stampar
|
dafc4d93bd
|
typo
|
2011-08-22 15:05:54 +00:00 |
|
Miroslav Stampar
|
8a174248dc
|
fix for a bug reported by blueBoy
|
2011-08-20 20:08:11 +00:00 |
|
Miroslav Stampar
|
fb6a84b10b
|
minor update (when columns are missing from information_schema too)
|
2011-08-18 07:03:53 +00:00 |
|
Miroslav Stampar
|
cb32d46f2a
|
minor minor update
|
2011-08-18 06:09:12 +00:00 |
|
Miroslav Stampar
|
54bcc35ba7
|
important bug fix (connection exception was causing losing of already retrieved data)
|
2011-08-17 22:31:33 +00:00 |
|
Miroslav Stampar
|
9d31322f3d
|
update regarding special case when conf.uChar appears only in testable pages
|
2011-08-17 21:40:42 +00:00 |
|
Miroslav Stampar
|
75ec146224
|
minor beautification
|
2011-08-17 21:17:02 +00:00 |
|
Miroslav Stampar
|
f46baac70b
|
bug fix (when comment is None this was errornous)
|
2011-08-17 10:58:29 +00:00 |
|
Bernardo Damele
|
9361e633f4
|
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
|
2011-08-16 09:21:01 +00:00 |
|
Miroslav Stampar
|
e1dbb4443b
|
minor update related to the last commit
|
2011-08-16 07:01:14 +00:00 |
|
Miroslav Stampar
|
7cc5743c5d
|
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
|
2011-08-16 06:50:20 +00:00 |
|
Miroslav Stampar
|
600ef3eace
|
minor patch
|
2011-08-16 06:22:04 +00:00 |
|
Miroslav Stampar
|
262996fc5b
|
bug fix
|
2011-08-16 06:14:40 +00:00 |
|
Miroslav Stampar
|
df4abf1af1
|
lowering constant value from 10 to 7 for da peace in da houz
|
2011-08-12 17:19:19 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
e34787db99
|
update
|
2011-08-12 16:06:41 +00:00 |
|
Bernardo Damele
|
fff4c34e33
|
Search for --string and --regexp matches also in HTTP response headers
|
2011-08-12 15:33:37 +00:00 |
|
Bernardo Damele
|
6d22d09a61
|
doc updated
|
2011-08-12 15:03:39 +00:00 |
|
Bernardo Damele
|
5e5133b8e7
|
Should be fixed now
|
2011-08-12 15:00:11 +00:00 |
|
Bernardo Damele
|
1505cb2a80
|
typo
|
2011-08-12 14:51:39 +00:00 |
|
Bernardo Damele
|
702ca22d54
|
Minor bug fix for URI injections
|
2011-08-12 14:48:44 +00:00 |
|
Bernardo Damele
|
28bba9f5e6
|
More verbose warning message
|
2011-08-12 13:47:38 +00:00 |
|
Miroslav Stampar
|
10bdd90e60
|
minor speed optimizations (as a result of profiling)
|
2011-08-12 13:40:37 +00:00 |
|
Bernardo Damele
|
36280b33fa
|
Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site
|
2011-08-12 13:06:40 +00:00 |
|
Bernardo Damele
|
997c9ba1e8
|
Minor adjustments to user's manual
|
2011-08-12 12:56:55 +00:00 |
|
Miroslav Stampar
|
41ae9bc7ff
|
minor bug fix
|
2011-08-09 14:20:25 +00:00 |
|
Miroslav Stampar
|
2ad267132a
|
minor update for empty normal responses (like AJAX requests)
|
2011-08-05 10:55:21 +00:00 |
|
Miroslav Stampar
|
e849b71027
|
minor typo
|
2011-08-03 14:31:42 +00:00 |
|
Miroslav Stampar
|
538b49bcc5
|
removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports
|
2011-08-03 13:26:38 +00:00 |
|
Miroslav Stampar
|
f7562da754
|
from now on proper union column count should be displayed in injection info output
|
2011-08-03 10:34:50 +00:00 |
|
Miroslav Stampar
|
13eb20cea1
|
minor beautification
|
2011-08-03 10:12:06 +00:00 |
|
Bernardo Damele
|
2e20eb1a88
|
Minor fix
|
2011-08-03 10:08:59 +00:00 |
|
Miroslav Stampar
|
a3a649ed03
|
minor update
|
2011-08-03 09:11:50 +00:00 |
|
Miroslav Stampar
|
9423d15fb3
|
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
|
2011-08-03 09:08:16 +00:00 |
|
Miroslav Stampar
|
07afcd5440
|
fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)
|
2011-08-02 18:20:21 +00:00 |
|
Miroslav Stampar
|
07c3d4fb18
|
minor adjustment
|
2011-08-02 17:35:43 +00:00 |
|
Miroslav Stampar
|
edab7d01a5
|
minor fix
|
2011-08-02 17:31:13 +00:00 |
|
Bernardo Damele
|
c15439ab7f
|
Minor improvement to --passwords output
|
2011-08-02 09:04:34 +00:00 |
|
Miroslav Stampar
|
cb0981d858
|
proper way of handling 0 length results (as in __goInferenceProxy)
|
2011-08-02 08:39:32 +00:00 |
|
Miroslav Stampar
|
0643ced651
|
minor update
|
2011-08-02 08:12:43 +00:00 |
|
Miroslav Stampar
|
457f501bbd
|
proper fix
|
2011-08-01 23:48:38 +00:00 |
|
Bernardo Damele
|
ad4584da70
|
Minor bug fix when dumping tables with UNION query technique on Access, Firebird and MaxDB
|
2011-08-01 23:44:14 +00:00 |
|
Miroslav Stampar
|
4ca81dd345
|
quick fix
|
2011-08-01 23:25:58 +00:00 |
|
Bernardo Damele
|
cbd0ea0866
|
Possible fix for a minor bug
|
2011-08-01 23:24:39 +00:00 |
|
Miroslav Stampar
|
b9438c3e14
|
doc/THANKS update
|
2011-08-01 10:18:00 +00:00 |
|
Miroslav Stampar
|
e0fda9f985
|
minor fix
|
2011-08-01 10:13:25 +00:00 |
|
Miroslav Stampar
|
79b4e26e23
|
bug fix
|
2011-08-01 00:17:26 +00:00 |
|
Miroslav Stampar
|
018d7ed646
|
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
|
2011-07-31 23:40:09 +00:00 |
|
Miroslav Stampar
|
0627bb02cb
|
minor beautification
|
2011-07-31 10:21:47 +00:00 |
|