Commit Graph

322 Commits

Author SHA1 Message Date
Miroslav Stampar
83d7803ce7 other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2) 2011-02-12 20:03:28 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba More fixes for --common-columns to work against MSSQL too 2011-02-09 17:22:07 +00:00
Miroslav Stampar
917b2b0d6b one more commit related to the previous one 2011-02-09 17:07:02 +00:00
Miroslav Stampar
6c582343fe .. fix 2011-02-09 17:05:06 +00:00
Miroslav Stampar
3de6117253 revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) 2011-02-09 09:53:59 +00:00
Miroslav Stampar
98ca1702ae los cosmeticado 2011-02-08 16:30:32 +00:00
Miroslav Stampar
87e36796c6 just to not cause confusion 2011-02-08 16:29:42 +00:00
Miroslav Stampar
dcb9c93328 minor cleanup 2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
66adf23532 Unbiased approach for searching appropriate usable column 2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) 2011-02-07 16:55:02 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
9eac2339ca 2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8 more appropriate 2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd new UNION column detection is going into wild 2011-02-03 16:16:38 +00:00
Bernardo Damele
253a8d0679 Minor bug fix 2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314 minor fix 2011-02-03 13:28:10 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-01 22:07:42 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Miroslav Stampar
777a19cfa9 LOL. removing that debug 'True' 2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631 one more thing ;) 2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667 cosmetics 2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Bernardo Damele
2a0b03e5c6 Unused import 2011-01-30 17:07:27 +00:00
Bernardo Damele
71d82e6f57 Minor layout adjustment 2011-01-30 16:19:58 +00:00
Bernardo Damele
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique 2011-01-30 14:19:50 +00:00
Miroslav Stampar
bc8f1142c9 minor revert 2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
a184a4c772 major of majors bug fix 2011-01-28 14:31:25 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00