Miroslav Stampar
|
71761ba9a5
|
another fix for another beautiful heavy query payload which took a few 100 megs and 5 mins to run
|
2010-12-09 10:35:18 +00:00 |
|
Miroslav Stampar
|
094baadc5b
|
bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay)
|
2010-12-09 10:17:04 +00:00 |
|
Bernardo Damele
|
3b293c4ea7
|
Added possible stacked queries time-based blind vector for MSSQL
|
2010-12-08 23:55:42 +00:00 |
|
Bernardo Damele
|
f5ce739bdf
|
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
|
2010-12-08 23:52:31 +00:00 |
|
Miroslav Stampar
|
ad00fe13c1
|
another fix for MySQL time based payloads
|
2010-12-08 12:00:27 +00:00 |
|
Miroslav Stampar
|
8227e6d3cf
|
bug fix for BENCHMARK time-based vectors
|
2010-12-08 11:49:55 +00:00 |
|
Bernardo Damele
|
8ff7c9a5a1
|
Works on Oracle's GROUP BY too
|
2010-12-07 17:17:01 +00:00 |
|
Miroslav Stampar
|
4f01d4c109
|
number crunching based time payloads are now affected by conf.timeSec
|
2010-12-07 13:24:18 +00:00 |
|
Miroslav Stampar
|
d0936bc8ed
|
adding vectors for SQLite time-based payloads
|
2010-12-07 13:14:56 +00:00 |
|
Bernardo Damele
|
54b8cb76a1
|
Messed up with my last merge, all fixed now
|
2010-12-07 12:59:53 +00:00 |
|
Miroslav Stampar
|
b38a634d95
|
bug fix
|
2010-12-07 12:55:31 +00:00 |
|
Bernardo Damele
|
7c32db6e9d
|
Forgot when merged with my last commit
|
2010-12-07 12:52:09 +00:00 |
|
Bernardo Damele
|
acac0d346f
|
Minor bug fixes and adjustments
|
2010-12-07 12:45:45 +00:00 |
|
Miroslav Stampar
|
2b2b7dc3a6
|
added vectors for time-based Firebird payloads
|
2010-12-07 12:20:48 +00:00 |
|
Miroslav Stampar
|
36a7fca8d5
|
added time-based payload vector for MSSQL
|
2010-12-07 12:06:25 +00:00 |
|
Miroslav Stampar
|
485981c619
|
added vectors for PostgresSQL time-based payloads
|
2010-12-07 11:57:33 +00:00 |
|
Miroslav Stampar
|
f9085e01e7
|
added vectors for Oracle time-based payloads
|
2010-12-07 11:47:29 +00:00 |
|
Miroslav Stampar
|
3d87489de5
|
minor update
|
2010-12-07 08:05:03 +00:00 |
|
Miroslav Stampar
|
90b776c1a2
|
update
|
2010-12-07 00:58:54 +00:00 |
|
Miroslav Stampar
|
0da1ebde7d
|
introducing PostgreSQL time based blind
|
2010-12-07 00:51:14 +00:00 |
|
Miroslav Stampar
|
1ba98dc9ec
|
found a fix for a OR time-based MySQL payload :)
|
2010-12-07 00:31:46 +00:00 |
|
Miroslav Stampar
|
61f82fd274
|
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
|
2010-12-07 00:27:26 +00:00 |
|
Bernardo Damele
|
32f1909131
|
Some more "advanced" boundaries
|
2010-12-06 23:15:41 +00:00 |
|
Miroslav Stampar
|
84a038d0a3
|
added one more subtag
|
2010-12-06 23:10:38 +00:00 |
|
Miroslav Stampar
|
1031723c89
|
added one more time based blind for Oracle
|
2010-12-06 23:05:53 +00:00 |
|
Miroslav Stampar
|
7697d19292
|
space replace is not needed in other two Oracle error based payloads; removing incorrect dbms_version for ctxsys.drithsx.sn as it also works on 10g
|
2010-12-06 22:52:18 +00:00 |
|
Miroslav Stampar
|
2735848ab6
|
removed ERROR_SPACE
|
2010-12-06 22:40:07 +00:00 |
|
Miroslav Stampar
|
f516c18a2a
|
minor update
|
2010-12-06 21:39:57 +00:00 |
|
Miroslav Stampar
|
0c5c2aa807
|
adding one more error based payload for Oracle
|
2010-12-06 21:20:26 +00:00 |
|
Miroslav Stampar
|
956a155377
|
adding one more error based payload for Oracle
|
2010-12-06 20:43:23 +00:00 |
|
Miroslav Stampar
|
ff43a4a955
|
minor update to preserve consistency of payload naming
|
2010-12-06 20:28:26 +00:00 |
|
Miroslav Stampar
|
c0e05d6869
|
update
|
2010-12-06 19:11:05 +00:00 |
|
Miroslav Stampar
|
e4b51dd549
|
proper way of handling OR based injections (completely compatible with current AND based inference engine)
|
2010-12-06 17:23:21 +00:00 |
|
Bernardo Damele
|
a1e89d3e94
|
Minor tweak
|
2010-12-05 13:12:12 +00:00 |
|
Bernardo Damele
|
bf425d90bc
|
More tweaking
|
2010-12-05 12:23:18 +00:00 |
|
Bernardo Damele
|
41e1b95c6c
|
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
|
2010-12-05 11:25:44 +00:00 |
|
Bernardo Damele
|
191ba3118f
|
Cosmetics
|
2010-12-05 11:08:52 +00:00 |
|
Bernardo Damele
|
1b17bac494
|
Sorted out
|
2010-12-05 11:06:37 +00:00 |
|
Bernardo Damele
|
8066610217
|
Minor improvements to OR based injections
|
2010-12-05 10:55:19 +00:00 |
|
Bernardo Damele
|
2612615978
|
Major improvements
|
2010-12-04 16:40:08 +00:00 |
|
Miroslav Stampar
|
9e5f933ace
|
some updates
|
2010-12-04 15:47:02 +00:00 |
|
Bernardo Damele
|
95a3f4b52f
|
Rudimental OR boolean-based tests for login forms
|
2010-12-03 22:58:35 +00:00 |
|
Bernardo Damele
|
9d55c4da87
|
Done with support for injection in ORDER BY and GROUP BY (hopefully)
|
2010-12-03 16:12:47 +00:00 |
|
Bernardo Damele
|
072835e04b
|
Removed for time being
|
2010-12-03 14:48:31 +00:00 |
|
Bernardo Damele
|
11058667e4
|
Better naming
|
2010-12-03 14:45:13 +00:00 |
|
Miroslav Stampar
|
73dfb69308
|
minor update for OR based time injection (Firebird)
|
2010-12-03 12:15:41 +00:00 |
|
Bernardo Damele
|
4dec049c22
|
Major bug fix for test on ORDER BY and GROUP BY clauses.
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
|
2010-12-03 12:00:03 +00:00 |
|
Miroslav Stampar
|
23a86ed612
|
minor bug fix related to Firebird time based test vectors
|
2010-12-03 11:05:16 +00:00 |
|
Bernardo Damele
|
0069a21a0d
|
Added also OR error-based checks, tweaked some TODOs and added some new boundaries for login forms (yet to test)
|
2010-12-03 10:52:24 +00:00 |
|
Miroslav Stampar
|
bf09b8a6d9
|
added Firebird error based (WHERE) attack vector
|
2010-12-02 15:09:21 +00:00 |
|