Miroslav Stampar
|
d77ddbee47
|
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
|
2010-12-06 18:20:57 +00:00 |
|
Miroslav Stampar
|
e4b51dd549
|
proper way of handling OR based injections (completely compatible with current AND based inference engine)
|
2010-12-06 17:23:21 +00:00 |
|
Miroslav Stampar
|
27ee9a5ccf
|
minor refactoring
|
2010-12-06 15:50:19 +00:00 |
|
Miroslav Stampar
|
e8be14e00a
|
minor refactoring
|
2010-12-06 07:48:14 +00:00 |
|
Miroslav Stampar
|
a43d252ae9
|
minor update
|
2010-12-06 00:14:08 +00:00 |
|
Miroslav Stampar
|
5189f138d7
|
increasing socket timeout in case of time based checks
|
2010-12-05 23:18:16 +00:00 |
|
Bernardo Damele
|
17449754fe
|
Got rid of UNION false cond
|
2010-12-05 16:16:15 +00:00 |
|
Bernardo Damele
|
a1e89d3e94
|
Minor tweak
|
2010-12-05 13:12:12 +00:00 |
|
Bernardo Damele
|
da3fd17fc3
|
Adjustment to make it work also in OR based injection
|
2010-12-05 12:24:23 +00:00 |
|
Bernardo Damele
|
bf425d90bc
|
More tweaking
|
2010-12-05 12:23:18 +00:00 |
|
Bernardo Damele
|
41e1b95c6c
|
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
|
2010-12-05 11:25:44 +00:00 |
|
Miroslav Stampar
|
7a5cd3b35f
|
minor comment update
|
2010-12-05 11:15:09 +00:00 |
|
Bernardo Damele
|
191ba3118f
|
Cosmetics
|
2010-12-05 11:08:52 +00:00 |
|
Bernardo Damele
|
1b17bac494
|
Sorted out
|
2010-12-05 11:06:37 +00:00 |
|
Bernardo Damele
|
618b3b0211
|
Cosmetics
|
2010-12-05 11:05:57 +00:00 |
|
Bernardo Damele
|
8066610217
|
Minor improvements to OR based injections
|
2010-12-05 10:55:19 +00:00 |
|
Bernardo Damele
|
2612615978
|
Major improvements
|
2010-12-04 16:40:08 +00:00 |
|
Miroslav Stampar
|
9e5f933ace
|
some updates
|
2010-12-04 15:47:02 +00:00 |
|
Miroslav Stampar
|
3f9450b9dc
|
minor fix
|
2010-12-04 14:43:35 +00:00 |
|
Miroslav Stampar
|
1f795622b3
|
some fine tuning of dynamicity removing engine
|
2010-12-04 13:39:35 +00:00 |
|
Miroslav Stampar
|
eeb199375b
|
usage of compiled regexes in case of dynamic markings and other refactoring
|
2010-12-04 13:23:28 +00:00 |
|
Miroslav Stampar
|
0fc7a8f9e8
|
code refactoring
|
2010-12-04 10:13:18 +00:00 |
|
Miroslav Stampar
|
04714374f9
|
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
|
2010-12-04 10:05:18 +00:00 |
|
Bernardo Damele
|
95a3f4b52f
|
Rudimental OR boolean-based tests for login forms
|
2010-12-03 22:58:35 +00:00 |
|
Miroslav Stampar
|
b3a094b9d6
|
fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql')
|
2010-12-03 22:44:29 +00:00 |
|
Miroslav Stampar
|
5764816891
|
minor cosmetics
|
2010-12-03 22:28:09 +00:00 |
|
Bernardo Damele
|
5d37df6104
|
Ugly code to set the cookies when got them from a 302 redirect too
|
2010-12-03 17:41:10 +00:00 |
|
Bernardo Damele
|
9d55c4da87
|
Done with support for injection in ORDER BY and GROUP BY (hopefully)
|
2010-12-03 16:12:47 +00:00 |
|
Bernardo Damele
|
91c3cf8fd0
|
Minor improvement
|
2010-12-03 16:11:57 +00:00 |
|
Bernardo Damele
|
0e6359ab6e
|
Minor layout adjustment
|
2010-12-03 16:11:35 +00:00 |
|
Bernardo Damele
|
6e73adec47
|
Get rid of one useless attribute
|
2010-12-03 16:11:13 +00:00 |
|
Bernardo Damele
|
126a1479d8
|
Bug fix for --union-test
|
2010-12-03 14:57:30 +00:00 |
|
Bernardo Damele
|
072835e04b
|
Removed for time being
|
2010-12-03 14:48:31 +00:00 |
|
Bernardo Damele
|
11058667e4
|
Better naming
|
2010-12-03 14:45:13 +00:00 |
|
Bernardo Damele
|
b824826a89
|
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
|
2010-12-03 14:39:51 +00:00 |
|
Bernardo Damele
|
bb40ab9fb0
|
Major bug fix for default boolean-based vector still work and minor adjustments
|
2010-12-03 14:31:11 +00:00 |
|
Miroslav Stampar
|
612ee08a0b
|
added response time kb attribute
|
2010-12-03 13:19:34 +00:00 |
|
Miroslav Stampar
|
73dfb69308
|
minor update for OR based time injection (Firebird)
|
2010-12-03 12:15:41 +00:00 |
|
Bernardo Damele
|
4dec049c22
|
Major bug fix for test on ORDER BY and GROUP BY clauses.
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
|
2010-12-03 12:00:03 +00:00 |
|
Bernardo Damele
|
827a0aea05
|
Minor bug fix
|
2010-12-03 11:15:11 +00:00 |
|
Miroslav Stampar
|
23a86ed612
|
minor bug fix related to Firebird time based test vectors
|
2010-12-03 11:05:16 +00:00 |
|
Bernardo Damele
|
7690aa85ce
|
Added a comment needed to understand this hack when looking at the code in a month or so ;)
|
2010-12-03 11:00:41 +00:00 |
|
Bernardo Damele
|
0069a21a0d
|
Added also OR error-based checks, tweaked some TODOs and added some new boundaries for login forms (yet to test)
|
2010-12-03 10:52:24 +00:00 |
|
Bernardo Damele
|
a9d4b37987
|
Code cleanup and minor refactoring
|
2010-12-03 10:51:27 +00:00 |
|
Bernardo Damele
|
22de82634a
|
Important update to parse correctly the <where> tag during exploitation phase.
Minor code cleanup.
|
2010-12-03 10:44:16 +00:00 |
|
Bernardo Damele
|
7d6f51f758
|
Avoid blank space between prefix and test's payload if it's a stacked queries test
|
2010-12-03 10:42:46 +00:00 |
|
Bernardo Damele
|
b0928e02c6
|
Proper comment
|
2010-12-03 10:39:36 +00:00 |
|
Miroslav Stampar
|
2cc167a42e
|
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
|
2010-12-02 18:57:43 +00:00 |
|
Miroslav Stampar
|
bf09b8a6d9
|
added Firebird error based (WHERE) attack vector
|
2010-12-02 15:09:21 +00:00 |
|
Bernardo Damele
|
283a04e29a
|
On my way to properly parse test's <where> tag in exploitation phase
|
2010-12-01 23:32:58 +00:00 |
|