Miroslav Stampar
d9af01d73d
imporant fix for boolean expression which return [None]
2011-02-09 16:53:22 +00:00
Miroslav Stampar
71d1b72e0e
minor adjustment
2011-02-07 12:51:38 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Bernardo Damele
a37f5e05b9
Refactoring
2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
...
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
2fd9621499
Minor adjustments
...
Cosmetics
2011-01-31 21:22:39 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Bernardo Damele
6e4b65a822
Minor refactoring
2011-01-15 23:28:31 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
281d124fa6
minor bug fix
2010-12-31 12:04:39 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
cd337d9f39
minor fix
2010-12-26 09:46:09 +00:00
Miroslav Stampar
8470de7b76
bug fix for boolean proxy when using time based payloads
2010-12-23 23:46:08 +00:00
Miroslav Stampar
5be9c04e44
update regarding Sybase syntax
2010-12-22 10:39:56 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
95b2c0803b
minor fix
2010-12-15 20:51:29 +00:00
Miroslav Stampar
cda00c7501
code refactoring
2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24
minor cosmetics
2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c
minor cosmetics
2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea
quick fix of a fix
2010-12-15 12:10:33 +00:00
Miroslav Stampar
270ae0f080
just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False
2010-12-14 09:05:00 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
6a3c4485e6
minor update (removing extra ())
2010-12-12 14:44:39 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43
further update regarding bugtrace's report
2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2
quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)
2010-12-11 17:20:39 +00:00
Miroslav Stampar
3dc0a51d34
major bug fix with boolean expressions
2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b
update
2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d
fix
2010-12-10 16:03:32 +00:00
Miroslav Stampar
977988c0ab
cosmetics
2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80
another update
2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60
fix
2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55
proper fix
2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040
you won't believe commit
2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8
minor refactoring
2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb
fix for booleans
2010-12-10 12:26:01 +00:00
Miroslav Stampar
471d9ccd65
another fix of my lala
2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2
quick fix
2010-12-10 09:54:25 +00:00