Miroslav Stampar
|
d225c5c9aa
|
was wrong about this one (just now tested on a real site)
|
2011-01-17 11:00:09 +00:00 |
|
Miroslav Stampar
|
ac0b5e6dbc
|
proper way to handle this (console output has totally different encoding than the page one)
|
2011-01-17 10:27:36 +00:00 |
|
Miroslav Stampar
|
34d13be0d3
|
minor update regarding default page encoding
|
2011-01-17 10:23:37 +00:00 |
|
Miroslav Stampar
|
5c857779c1
|
important fix for unicode based character inference
|
2011-01-17 10:15:19 +00:00 |
|
Miroslav Stampar
|
99a3a3b89c
|
minor fix (break if all found)
|
2011-01-17 09:41:25 +00:00 |
|
Miroslav Stampar
|
0fcca671bd
|
information update regarding common password suffixes
|
2011-01-17 09:28:25 +00:00 |
|
Miroslav Stampar
|
a835f233ac
|
fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')
|
2011-01-17 00:17:31 +00:00 |
|
Miroslav Stampar
|
2041361695
|
minor cosmetics
|
2011-01-16 23:20:52 +00:00 |
|
Miroslav Stampar
|
e2c821eb81
|
minor cosmetics
|
2011-01-16 22:35:54 +00:00 |
|
Miroslav Stampar
|
e881465a9f
|
minor improvement
|
2011-01-16 20:55:07 +00:00 |
|
Miroslav Stampar
|
f5e36876e7
|
removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency
|
2011-01-16 19:29:06 +00:00 |
|
Miroslav Stampar
|
a6516798c0
|
proper fix for that previous "stacked" fix (that one screwed other injection types)
|
2011-01-16 19:25:10 +00:00 |
|
Miroslav Stampar
|
5476a8a27e
|
russian sites are great for testing :)
|
2011-01-16 19:00:19 +00:00 |
|
Miroslav Stampar
|
19dcaeaabf
|
fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)
|
2011-01-16 18:25:18 +00:00 |
|
Miroslav Stampar
|
718eef8753
|
minor fix
|
2011-01-16 18:11:35 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
ec1ab3cd2a
|
removing timeSec from injection configuration attributes as it highly depends on current connection "variables"
|
2011-01-16 12:12:01 +00:00 |
|
Miroslav Stampar
|
2001bad7e1
|
automatic adjustment of timeSec for delayed queries
|
2011-01-16 12:04:32 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Miroslav Stampar
|
fb166e9445
|
adding USER_LOCK stacked query support for ORACLE (older versions)
|
2011-01-16 10:31:16 +00:00 |
|
Miroslav Stampar
|
f31c028232
|
Oracle stacked vector based on DBMS_LOCK.SLEEP (https://foro.undersecurity.net/read.php?46,1436)
|
2011-01-16 10:07:56 +00:00 |
|
Bernardo Damele
|
0fc4ebdc1b
|
Major bug fix.
Minor code refactoring.
|
2011-01-16 01:17:09 +00:00 |
|
Bernardo Damele
|
c0d5daee99
|
More refactoring and cleanup
|
2011-01-16 00:15:30 +00:00 |
|
Bernardo Damele
|
02b333e30b
|
Minor improvement
|
2011-01-15 23:54:03 +00:00 |
|
Miroslav Stampar
|
29ea0950b6
|
now False is also affected (along with None and "")
|
2011-01-15 23:43:26 +00:00 |
|
Bernardo Damele
|
6e4b65a822
|
Minor refactoring
|
2011-01-15 23:28:31 +00:00 |
|
Bernardo Damele
|
558f3894f4
|
Minor improvement
|
2011-01-15 23:20:52 +00:00 |
|
Bernardo Damele
|
d3a28124b1
|
More code cleanup
|
2011-01-15 23:11:36 +00:00 |
|
Bernardo Damele
|
4a35f598b8
|
Minor refactoring
|
2011-01-15 22:09:53 +00:00 |
|
Miroslav Stampar
|
d2ce647113
|
one of my stupidest commits (just in case)
|
2011-01-15 18:17:46 +00:00 |
|
Miroslav Stampar
|
0f565c941e
|
bug fix and proper warning message
|
2011-01-15 16:59:53 +00:00 |
|
Miroslav Stampar
|
e105e1ea32
|
bug fix (some sites raise 404 during union tests)
|
2011-01-15 16:42:33 +00:00 |
|
Miroslav Stampar
|
3873d204bb
|
important update for dictionary attack
|
2011-01-15 15:56:11 +00:00 |
|
Miroslav Stampar
|
e17ac5fdca
|
update
|
2011-01-15 15:14:22 +00:00 |
|
Miroslav Stampar
|
44504746cf
|
minor update
|
2011-01-15 13:43:08 +00:00 |
|
Miroslav Stampar
|
5bdb50c224
|
code review part 3
|
2011-01-15 13:15:10 +00:00 |
|
Miroslav Stampar
|
1fa8f0cba7
|
code reviewing part 2
|
2011-01-15 12:53:40 +00:00 |
|
Miroslav Stampar
|
6a0e0cde3c
|
code review of modules in lib/core directory
|
2011-01-15 12:13:45 +00:00 |
|
Bernardo Damele
|
2d9b151883
|
Minor bug fix
|
2011-01-15 10:14:05 +00:00 |
|
Miroslav Stampar
|
05b2a338fe
|
cosmetics
|
2011-01-14 16:12:44 +00:00 |
|
Miroslav Stampar
|
bff989d348
|
minor update
|
2011-01-14 15:43:53 +00:00 |
|
Miroslav Stampar
|
daf5662eab
|
update
|
2011-01-14 15:33:49 +00:00 |
|
Bernardo Damele
|
1cfd6a6b9d
|
Code cleanup
|
2011-01-14 15:16:34 +00:00 |
|
Miroslav Stampar
|
08f7e20c51
|
minor code refactoring
|
2011-01-14 14:55:59 +00:00 |
|
Miroslav Stampar
|
fb9d7cdfaa
|
refactoring, code clearing and removal of obsolete switch --longest-common
|
2011-01-14 14:37:03 +00:00 |
|
Bernardo Damele
|
534f51f9fc
|
Minor bug fix
|
2011-01-14 14:20:28 +00:00 |
|
Bernardo Damele
|
e4e9b11b79
|
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
|
2011-01-14 12:47:07 +00:00 |
|
Bernardo Damele
|
3c95d71ea5
|
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
|
2011-01-14 11:55:20 +00:00 |
|
Bernardo Damele
|
f209b7a65e
|
Updated
|
2011-01-14 09:56:55 +00:00 |
|
Bernardo Damele
|
7d9fd5a7b7
|
Minor bug fix
|
2011-01-14 09:49:14 +00:00 |
|