Commit Graph

715 Commits

Author SHA1 Message Date
Miroslav Stampar
c89a4162e2 bug fix for --dns-domain with --technique=TS 2012-04-04 18:01:39 +00:00
Miroslav Stampar
098c7c06dd added few comments 2012-04-04 13:24:58 +00:00
Miroslav Stampar
a4b95ab7dd works against MySQL/Windows 2012-04-04 12:49:45 +00:00
Bernardo Damele
c0946ce2c9 Minor refactoring 2012-04-04 12:42:58 +00:00
Bernardo Damele
75d1dab895 more cosmetics 2012-04-04 12:33:16 +00:00
Bernardo Damele
d106fb5184 layout adjustments 2012-04-04 12:27:24 +00:00
Miroslav Stampar
503988887c minor update 2012-04-03 10:43:46 +00:00
Miroslav Stampar
2504f4edb8 minor fixes 2012-04-03 10:10:33 +00:00
Miroslav Stampar
e05109812f minor improvements regarding data retrieval through DNS channel 2012-04-03 09:18:30 +00:00
Miroslav Stampar
1cd3c3f7af further update of DNS data retrieval mechanism through SQLi 2012-04-02 14:05:30 +00:00
Miroslav Stampar
abffc39929 minor update regarding DNS data retrieval task 2012-04-02 12:22:40 +00:00
Miroslav Stampar
429b8396e9 minor update for DNSServer support 2012-03-30 13:20:29 +00:00
Miroslav Stampar
6acf6b193a minor update regarding boolean logic comparison mechanism 2012-03-30 09:42:58 +00:00
Miroslav Stampar
5469186540 minor comment update 2012-03-29 14:35:47 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code 2012-03-29 13:39:12 +00:00
Miroslav Stampar
60146481af bug fix(es) (flags were used in place of count parameter in re.sub() calls) 2012-03-28 19:33:00 +00:00
Miroslav Stampar
7d131d1fb1 minor update 2012-03-28 13:46:31 +00:00
Miroslav Stampar
769b0d0ae7 more minor updates regarding data retrieval through DNS channel 2012-03-27 19:29:24 +00:00
Miroslav Stampar
1b072f6415 laying foundation for DNS based data retrieval 2012-03-27 18:59:12 +00:00
Miroslav Stampar
e88687b1f0 revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection) 2012-03-21 23:15:59 +00:00
Miroslav Stampar
524c1d38ad making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message) 2012-03-21 23:03:57 +00:00
Miroslav Stampar
037db9b3b8 minor removal of older stuff 2012-03-19 09:38:27 +00:00
Miroslav Stampar
da7f4eeffd removing left over 2012-03-18 17:33:14 +00:00
Miroslav Stampar
0fc4288a7c modifying redirection code for only two choices 2012-03-18 17:27:08 +00:00
Bernardo Damele
c03d0e24fb it must stay as is 2012-03-16 17:42:00 +00:00
Bernardo Damele
3505503a08 no need to return here 2012-03-16 17:30:16 +00:00
Bernardo Damele
942d9e4fa8 code cleanup 2012-03-16 17:27:24 +00:00
Bernardo Damele
a1c943fc79 Major bug fix to comparison algorithm with OR based boolean-based injections 2012-03-16 17:22:55 +00:00
Miroslav Stampar
577caac4de putting kb.negativeLogic setting to the safe place 2012-03-16 09:17:11 +00:00
Miroslav Stampar
209e795369 minor just in case update 2012-03-16 09:02:17 +00:00
Miroslav Stampar
adb5fff6b2 one more update related to the redirection mechanism 2012-03-15 20:17:40 +00:00
Miroslav Stampar
7d313ac911 few more fixes for proper redirecting mechanism 2012-03-15 19:47:59 +00:00
Bernardo Damele
86c4650058 Minor bug fix - revert 2012-03-15 17:12:24 +00:00
Bernardo Damele
cc15373769 More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later) 2012-03-15 16:29:28 +00:00
Bernardo Damele
4520744b4d second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now 2012-03-15 16:25:26 +00:00
Miroslav Stampar
ddd92476a8 minor fix 2012-03-15 15:58:25 +00:00
Miroslav Stampar
19beb912fa first step toward negative logic support 2012-03-15 15:52:12 +00:00
Miroslav Stampar
8dd570057b minor fix (double traffic log for -t in case of HTTP error) 2012-03-15 14:51:16 +00:00
Miroslav Stampar
f7df755f37 minor update 2012-03-15 12:55:22 +00:00
Miroslav Stampar
3d39c6cb3b some fixes here and there 2012-03-15 12:14:50 +00:00
Miroslav Stampar
91f1d6141f minor fix 2012-03-15 11:24:55 +00:00
Miroslav Stampar
a8c9a47092 redirect logic rewritten from scratch 2012-03-15 11:10:58 +00:00
Miroslav Stampar
52a8b25ff4 minor fix 2012-03-14 14:31:41 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
edfcddd3c3 minor fix for logging only cookies used by request (e.g. --load-cookies case) 2012-03-13 10:58:15 +00:00
Miroslav Stampar
34b0935cb3 refactoring "echo 1" quick test for xp_cmdshell console output 2012-03-13 10:36:49 +00:00
Miroslav Stampar
e6c610abab minor fix 2012-03-13 09:14:56 +00:00
Miroslav Stampar
48bcde478e more general update 2012-03-12 15:29:55 +00:00
Miroslav Stampar
1d0c8a7f44 minor update 2012-03-12 15:19:02 +00:00