1027 Commits

Author	SHA1	Message	Date
Miroslav Stampar	9ccc8f90a3	minor cosmetic update ("heuristics shows" is not grammatically correct)	2010-12-06 18:47:22 +00:00
Miroslav Stampar	d336f1df23	minor update	2010-12-06 18:44:42 +00:00
Miroslav Stampar	d77ddbee47	OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)	2010-12-06 18:20:57 +00:00
Miroslav Stampar	27ee9a5ccf	minor refactoring	2010-12-06 15:50:19 +00:00
Miroslav Stampar	e8be14e00a	minor refactoring	2010-12-06 07:48:14 +00:00
Miroslav Stampar	a43d252ae9	minor update	2010-12-06 00:14:08 +00:00
Miroslav Stampar	5189f138d7	increasing socket timeout in case of time based checks	2010-12-05 23:18:16 +00:00
Bernardo Damele	17449754fe	Got rid of UNION false cond	2010-12-05 16:16:15 +00:00
Bernardo Damele	da3fd17fc3	Adjustment to make it work also in OR based injection	2010-12-05 12:24:23 +00:00
Bernardo Damele	41e1b95c6c	Minor code refactoring and finally make exploitation work also on OR boolean-based injections	2010-12-05 11:25:44 +00:00
Miroslav Stampar	7a5cd3b35f	minor comment update	2010-12-05 11:15:09 +00:00
Bernardo Damele	618b3b0211	Cosmetics	2010-12-05 11:05:57 +00:00
Miroslav Stampar	9e5f933ace	some updates	2010-12-04 15:47:02 +00:00
Miroslav Stampar	3f9450b9dc	minor fix	2010-12-04 14:43:35 +00:00
Miroslav Stampar	1f795622b3	some fine tuning of dynamicity removing engine	2010-12-04 13:39:35 +00:00
Miroslav Stampar	eeb199375b	usage of compiled regexes in case of dynamic markings and other refactoring	2010-12-04 13:23:28 +00:00
Miroslav Stampar	0fc7a8f9e8	code refactoring	2010-12-04 10:13:18 +00:00
Miroslav Stampar	04714374f9	now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))	2010-12-04 10:05:18 +00:00
Miroslav Stampar	b3a094b9d6	fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql')	2010-12-03 22:44:29 +00:00
Miroslav Stampar	5764816891	minor cosmetics	2010-12-03 22:28:09 +00:00
Bernardo Damele	5d37df6104	Ugly code to set the cookies when got them from a 302 redirect too	2010-12-03 17:41:10 +00:00
Bernardo Damele	9d55c4da87	Done with support for injection in ORDER BY and GROUP BY (hopefully)	2010-12-03 16:12:47 +00:00
Bernardo Damele	91c3cf8fd0	Minor improvement	2010-12-03 16:11:57 +00:00
Bernardo Damele	0e6359ab6e	Minor layout adjustment	2010-12-03 16:11:35 +00:00
Bernardo Damele	6e73adec47	Get rid of one useless attribute	2010-12-03 16:11:13 +00:00
Bernardo Damele	126a1479d8	Bug fix for --union-test	2010-12-03 14:57:30 +00:00
Bernardo Damele	11058667e4	Better naming	2010-12-03 14:45:13 +00:00
Bernardo Damele	b824826a89	Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses	2010-12-03 14:39:51 +00:00
Bernardo Damele	bb40ab9fb0	Major bug fix for default boolean-based vector still work and minor adjustments	2010-12-03 14:31:11 +00:00
Miroslav Stampar	612ee08a0b	added response time kb attribute	2010-12-03 13:19:34 +00:00
Bernardo Damele	4dec049c22	Major bug fix for test on ORDER BY and GROUP BY clauses. ... Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).	2010-12-03 12:00:03 +00:00
Bernardo Damele	827a0aea05	Minor bug fix	2010-12-03 11:15:11 +00:00
Bernardo Damele	7690aa85ce	Added a comment needed to understand this hack when looking at the code in a month or so ;)	2010-12-03 11:00:41 +00:00
Bernardo Damele	a9d4b37987	Code cleanup and minor refactoring	2010-12-03 10:51:27 +00:00
Bernardo Damele	22de82634a	Important update to parse correctly the <where> tag during exploitation phase. ... Minor code cleanup.	2010-12-03 10:44:16 +00:00
Bernardo Damele	7d6f51f758	Avoid blank space between prefix and test's payload if it's a stacked queries test	2010-12-03 10:42:46 +00:00
Bernardo Damele	b0928e02c6	Proper comment	2010-12-03 10:39:36 +00:00
Miroslav Stampar	2cc167a42e	fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"	2010-12-02 18:57:43 +00:00
Bernardo Damele	283a04e29a	On my way to properly parse test's <where> tag in exploitation phase	2010-12-01 23:32:58 +00:00
Bernardo Damele	09b265a1ea	Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check	2010-12-01 23:32:02 +00:00
Bernardo Damele	47f2d22181	Minor bug fix	2010-12-01 17:18:31 +00:00
Bernardo Damele	089c16a1b8	Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type. ... Removed some useless tests. Moved <error> from queries.xml to payloads.xml as it makes more sense. Beeps at sql inj found only if --beep is provided. Minor fix in order to be able to pickle advancedDict() objects. Minor code refactoring. Removed useless folders.	2010-12-01 17:09:52 +00:00
Bernardo Damele	c00ea7f5e5	Store and resume also UNION char to session file (--union-char)	2010-12-01 10:59:58 +00:00
Bernardo Damele	025361c970	Higher precedence to union query sql inj than error-based	2010-12-01 10:57:17 +00:00
Bernardo Damele	56d2b2f322	Avoid storing to session file also payload delimiters	2010-12-01 10:55:59 +00:00
Bernardo Damele	2708aad504	Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.	2010-12-01 10:31:50 +00:00
Bernardo Damele	8d84dcc5dc	More sense	2010-12-01 09:17:17 +00:00
Bernardo Damele	c8f943f5e4	Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase. ... Major code refactoring and commenting to detection engine. Ask user whether or not to proceed to test remaining parameters after an injection point has been identified. Restore beep at SQL injection find. Avoid reuse of same variable in DBMS handler code. Minor adjustment of payloads XML file.	2010-11-30 22:40:25 +00:00
Miroslav Stampar	fcdebbd55f	cosmeticados	2010-11-30 14:48:13 +00:00
Miroslav Stampar	47a7708950	minor improvement of dynamic content detection/removal part	2010-11-30 12:45:42 +00:00