Miroslav Stampar
|
d2dd47fb23
|
some more refactoring
|
2012-06-14 13:52:56 +00:00 |
|
Miroslav Stampar
|
facce2c0df
|
some more cleanup
|
2012-06-14 13:50:36 +00:00 |
|
Miroslav Stampar
|
d5e80089ff
|
minor summer cleanup
|
2012-06-14 13:44:16 +00:00 |
|
Miroslav Stampar
|
3a90105fbb
|
minor refactoring
|
2012-06-14 13:38:53 +00:00 |
|
Miroslav Stampar
|
1204eb00b2
|
minor fix
|
2012-06-14 12:46:32 +00:00 |
|
Miroslav Stampar
|
19c0efec59
|
just a minor refactoring
|
2012-06-14 09:10:28 +00:00 |
|
Miroslav Stampar
|
a51d8c4c79
|
replacing identifier safe char " with [] enclosing for MsSQL
|
2012-06-13 15:27:42 +00:00 |
|
Miroslav Stampar
|
367de838c1
|
minor update
|
2012-06-13 14:08:32 +00:00 |
|
Miroslav Stampar
|
4ac3794e80
|
minor update
|
2012-06-12 14:22:14 +00:00 |
|
Miroslav Stampar
|
d7f698fa14
|
minor update
|
2012-06-11 22:01:13 +00:00 |
|
Miroslav Stampar
|
96177393e1
|
minor update regarding --exact switch
|
2012-06-10 13:38:12 +00:00 |
|
Miroslav Stampar
|
b85a1fc271
|
minor fix
|
2012-06-05 22:55:42 +00:00 |
|
Miroslav Stampar
|
058a9c59a2
|
fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)
|
2012-06-05 22:40:55 +00:00 |
|
Miroslav Stampar
|
f94ebe3107
|
minor fix (credentials were only set for the first target)
|
2012-06-04 22:30:12 +00:00 |
|
Miroslav Stampar
|
738073105e
|
minor updates
|
2012-06-04 19:52:51 +00:00 |
|
Miroslav Stampar
|
7b282b1d6c
|
adding support for newer SSL protocols
|
2012-06-04 19:46:28 +00:00 |
|
Miroslav Stampar
|
10b0639a96
|
making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)
|
2012-06-04 09:24:46 +00:00 |
|
Miroslav Stampar
|
76a4aa19ac
|
some more fine tunning
|
2012-05-28 19:50:12 +00:00 |
|
Miroslav Stampar
|
73dba249e8
|
one more just in case update
|
2012-05-28 19:34:47 +00:00 |
|
Miroslav Stampar
|
efb406fbfc
|
minor revert
|
2012-05-28 19:13:50 +00:00 |
|
Miroslav Stampar
|
f7cba8d2cb
|
minor update
|
2012-05-28 18:05:15 +00:00 |
|
Miroslav Stampar
|
a72cb29c1f
|
taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server
|
2012-05-28 16:57:10 +00:00 |
|
Miroslav Stampar
|
190ae4ca13
|
no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)
|
2012-05-28 15:10:17 +00:00 |
|
Miroslav Stampar
|
89e90c3d84
|
revert of last commit
|
2012-05-28 15:01:56 +00:00 |
|
Miroslav Stampar
|
96c84e6e5b
|
minor update
|
2012-05-28 15:00:06 +00:00 |
|
Miroslav Stampar
|
a70a647aeb
|
few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)
|
2012-05-28 14:51:23 +00:00 |
|
Miroslav Stampar
|
b1d82422a0
|
changing conf.dnsDomain to conf.dName just because of long text problems in help listing
|
2012-05-28 14:15:04 +00:00 |
|
Miroslav Stampar
|
d2bbfa4aad
|
minor style update
|
2012-05-28 14:04:17 +00:00 |
|
Miroslav Stampar
|
226547b7dc
|
minor fix for --skip-urlencode and custom post
|
2012-05-28 09:04:25 +00:00 |
|
Miroslav Stampar
|
75dd1d6a2b
|
minor fix
|
2012-05-27 21:54:56 +00:00 |
|
Miroslav Stampar
|
e967bbd70f
|
minor patch
|
2012-05-27 21:44:42 +00:00 |
|
Miroslav Stampar
|
76eeba10e2
|
unhiding --dns-domain switch
|
2012-05-27 18:41:06 +00:00 |
|
Miroslav Stampar
|
fed0212631
|
now working with recursive queries too
|
2012-05-27 10:03:02 +00:00 |
|
Miroslav Stampar
|
71ff081fde
|
minor update
|
2012-05-27 09:11:19 +00:00 |
|
Miroslav Stampar
|
09f2144485
|
full page read is not needed in DNS exfiltration mode
|
2012-05-26 21:28:43 +00:00 |
|
Miroslav Stampar
|
4e6fcce9ca
|
minor update
|
2012-05-26 07:04:32 +00:00 |
|
Miroslav Stampar
|
ce077137c9
|
minor language update
|
2012-05-26 07:01:37 +00:00 |
|
Miroslav Stampar
|
d335ec0c34
|
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
|
2012-05-26 07:00:26 +00:00 |
|
Miroslav Stampar
|
00d22f013f
|
some consistency in variable naming at the file level
|
2012-05-25 10:08:55 +00:00 |
|
Miroslav Stampar
|
db526bdbc0
|
minor update (tainted values are not checked any more in multipleTargets mode)
|
2012-05-25 09:52:17 +00:00 |
|
Miroslav Stampar
|
dc20bff1d0
|
minor update
|
2012-05-25 08:30:24 +00:00 |
|
Miroslav Stampar
|
c394610740
|
adding switch --skip-urlencode to skip URL encoding of POST data
|
2012-05-24 23:30:33 +00:00 |
|
Miroslav Stampar
|
7657bbeaf9
|
minor update
|
2012-05-24 22:32:06 +00:00 |
|
Miroslav Stampar
|
86fdad2bfa
|
minor update
|
2012-05-24 22:07:50 +00:00 |
|
Miroslav Stampar
|
eed8d7eb5d
|
finalizing support for IPv6
|
2012-05-24 21:55:57 +00:00 |
|
Miroslav Stampar
|
b6d37d766a
|
minor update regarding IPv6 support
|
2012-05-24 21:49:20 +00:00 |
|
Miroslav Stampar
|
92286104e3
|
minor just in case update
|
2012-05-24 21:39:10 +00:00 |
|
Miroslav Stampar
|
3e9c57d177
|
minor fix
|
2012-05-24 21:36:35 +00:00 |
|
Miroslav Stampar
|
be76928293
|
minor fix
|
2012-05-24 20:53:01 +00:00 |
|
Miroslav Stampar
|
1e18168cc8
|
fix for one silent bug and small language update
|
2012-05-23 16:35:40 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
2c057d5b3d
|
minor style update
|
2012-05-21 22:40:52 +00:00 |
|
Miroslav Stampar
|
bbfa4b6d5d
|
minor update
|
2012-05-14 14:38:16 +00:00 |
|
Miroslav Stampar
|
333f8057a5
|
minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces
|
2012-05-14 14:06:43 +00:00 |
|
Miroslav Stampar
|
595f69fa2c
|
minor language update
|
2012-05-10 18:30:25 +00:00 |
|
Miroslav Stampar
|
35f400b45b
|
minor language upgrade
|
2012-05-10 18:25:12 +00:00 |
|
Miroslav Stampar
|
80aedbe284
|
adding a warning about --tor switch
|
2012-05-10 18:17:32 +00:00 |
|
Miroslav Stampar
|
b81fe42d4b
|
turning off null connection on -o when --tor used (not compatible)
|
2012-05-10 17:50:54 +00:00 |
|
Miroslav Stampar
|
efdd86ddcc
|
minor just in case patch
|
2012-05-10 14:22:34 +00:00 |
|
Miroslav Stampar
|
6367f59b98
|
minor code refactoring
|
2012-05-10 14:15:17 +00:00 |
|
Miroslav Stampar
|
12d32f58f2
|
fix for that SOAP reported bug
|
2012-05-10 13:39:54 +00:00 |
|
Miroslav Stampar
|
1418ae9767
|
little refactoring of parseUnionPage together with a patch for some special case
|
2012-05-09 18:47:40 +00:00 |
|
Miroslav Stampar
|
7fb1f3fc70
|
minor renaming
|
2012-05-09 18:26:02 +00:00 |
|
Miroslav Stampar
|
11d9859199
|
making nice code
|
2012-05-09 18:25:04 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
9fa3619262
|
minor fix
|
2012-05-09 14:00:07 +00:00 |
|
Miroslav Stampar
|
56a3431be6
|
minor update for empty tables (skipping other techniques)
|
2012-05-09 10:34:21 +00:00 |
|
Miroslav Stampar
|
6177317a17
|
minor update
|
2012-05-09 10:06:23 +00:00 |
|
Miroslav Stampar
|
37f2709197
|
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
|
2012-05-09 09:08:23 +00:00 |
|
Miroslav Stampar
|
fdf61015ad
|
minor patch
|
2012-05-09 08:41:05 +00:00 |
|
Miroslav Stampar
|
e419177871
|
minor update
|
2012-05-08 17:28:19 +00:00 |
|
Miroslav Stampar
|
deec97dfe3
|
adding Frontbase to error message regexes
|
2012-05-08 17:02:58 +00:00 |
|
Miroslav Stampar
|
eccd4da00f
|
minor fix
|
2012-05-08 15:03:33 +00:00 |
|
Miroslav Stampar
|
938d9ff23e
|
doing all the work for the users so they wouldn't strain their little hands
|
2012-05-08 15:00:23 +00:00 |
|
Miroslav Stampar
|
524dd75ff2
|
that query variable hasn't been used anywhere (obsolete for some time)
|
2012-05-08 14:34:40 +00:00 |
|
Miroslav Stampar
|
6af110d631
|
avoiding --no-cast/--hex warning message before a DBMS is fingerprinted
|
2012-05-08 14:06:41 +00:00 |
|
Miroslav Stampar
|
64c241fe92
|
limiting original UNION query results to only 1 result (potentially speeding things up in some cases)
|
2012-05-08 13:45:53 +00:00 |
|
Miroslav Stampar
|
e00f4a8934
|
minor cosmetics
|
2012-05-08 10:50:04 +00:00 |
|
Miroslav Stampar
|
a121339395
|
automatically writing uncracked hashes to a file for eventual further processing
|
2012-05-08 10:46:05 +00:00 |
|
Miroslav Stampar
|
80ee687b41
|
minor beauty patch
|
2012-05-07 13:51:31 +00:00 |
|
Miroslav Stampar
|
96299d3d5d
|
minor refactoring
|
2012-05-03 22:34:18 +00:00 |
|
Miroslav Stampar
|
cc28f6db6b
|
minor update
|
2012-05-01 20:43:16 +00:00 |
|
Miroslav Stampar
|
17efeaae7f
|
causing too much confusion among dummy users
|
2012-05-01 09:04:11 +00:00 |
|
Miroslav Stampar
|
694b14111f
|
skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)
|
2012-04-27 13:16:51 +00:00 |
|
Miroslav Stampar
|
6f67dc85ee
|
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
|
2012-04-25 20:29:07 +00:00 |
|
Bernardo Damele
|
4da03d898e
|
Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236
|
2012-04-25 07:40:42 +00:00 |
|
Miroslav Stampar
|
cec432f94d
|
minor update
|
2012-04-23 14:43:59 +00:00 |
|
Miroslav Stampar
|
697768c01a
|
adding --purge-output to be one of mandatory switches
|
2012-04-23 14:42:24 +00:00 |
|
Miroslav Stampar
|
d57d5e4b2c
|
minor update
|
2012-04-23 14:33:36 +00:00 |
|
Miroslav Stampar
|
1eecfb3dce
|
adding new file related to the last commit
|
2012-04-23 14:25:16 +00:00 |
|
Miroslav Stampar
|
095b25e1d1
|
adding option '--purge'
|
2012-04-23 14:24:23 +00:00 |
|
Miroslav Stampar
|
3532d23933
|
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
|
2012-04-23 13:41:36 +00:00 |
|
Miroslav Stampar
|
be2da77bf8
|
minor update
|
2012-04-23 10:15:04 +00:00 |
|
Miroslav Stampar
|
21c6b52198
|
minor fix
|
2012-04-23 10:11:00 +00:00 |
|
Miroslav Stampar
|
775134639d
|
minor update
|
2012-04-20 20:33:15 +00:00 |
|
Miroslav Stampar
|
2b1b4c0742
|
minor fix
|
2012-04-18 10:01:04 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
efd27d7ade
|
minor renaming
|
2012-04-17 08:41:19 +00:00 |
|
Miroslav Stampar
|
601d118c68
|
reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)
|
2012-04-15 16:59:03 +00:00 |
|
Miroslav Stampar
|
71b0acc16f
|
minor fix (checking for full inband should be done with ORIGINAL - more concise)
|
2012-04-15 16:43:18 +00:00 |
|
Miroslav Stampar
|
5772c52f46
|
minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)
|
2012-04-15 16:33:47 +00:00 |
|
Miroslav Stampar
|
ae8c70e895
|
another cosmetics
|
2012-04-13 15:11:44 +00:00 |
|
Miroslav Stampar
|
d765cdc3a3
|
minor cosmetics
|
2012-04-13 15:10:40 +00:00 |
|
Miroslav Stampar
|
54576ab3a6
|
making a random choice from candidates
|
2012-04-13 10:54:30 +00:00 |
|
Miroslav Stampar
|
bbbcc95fe5
|
use it only if page is stable
|
2012-04-13 10:19:26 +00:00 |
|
Miroslav Stampar
|
052d9455fe
|
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
|
2012-04-12 09:44:54 +00:00 |
|
Miroslav Stampar
|
831f79b851
|
minor generalization
|
2012-04-12 09:30:19 +00:00 |
|
Miroslav Stampar
|
c7422546e1
|
tiny update
|
2012-04-11 23:01:38 +00:00 |
|
Miroslav Stampar
|
2bad73a981
|
minor update
|
2012-04-11 21:48:44 +00:00 |
|
Miroslav Stampar
|
e195de2093
|
correcting comment on reflective removal function
|
2012-04-11 21:41:48 +00:00 |
|
Miroslav Stampar
|
b45ae10da4
|
minor fixes
|
2012-04-11 21:36:37 +00:00 |
|
Miroslav Stampar
|
627bfc589f
|
some more updates in reflective removal mechanism
|
2012-04-11 21:26:00 +00:00 |
|
Miroslav Stampar
|
8b130f6497
|
minor improvement for reflective values (when missing first part of payload like in error reports)
|
2012-04-11 15:01:28 +00:00 |
|
Miroslav Stampar
|
01bd5d0ab2
|
some more updates for reflective mechanism
|
2012-04-11 10:41:33 +00:00 |
|
Miroslav Stampar
|
2e92d8636e
|
improvement of reflective mechanism
|
2012-04-11 08:58:03 +00:00 |
|
Miroslav Stampar
|
60ca44e0cf
|
minor adjustment
|
2012-04-11 08:35:09 +00:00 |
|
Miroslav Stampar
|
e33ea7c33a
|
minor fix
|
2012-04-10 22:29:39 +00:00 |
|
Miroslav Stampar
|
8541222080
|
minor update
|
2012-04-10 22:26:42 +00:00 |
|
Miroslav Stampar
|
9c2f244d47
|
minor fix
|
2012-04-10 22:20:53 +00:00 |
|
Miroslav Stampar
|
a82206cec4
|
minor cosmetics
|
2012-04-10 21:57:00 +00:00 |
|
Miroslav Stampar
|
119eec3598
|
improving "boolean detection" by automatic recognition of convenient --string candidate
|
2012-04-10 21:48:34 +00:00 |
|
Miroslav Stampar
|
8c6eb4faa9
|
adding support for PgSQL DNS data exfiltration
|
2012-04-07 14:06:11 +00:00 |
|
Miroslav Stampar
|
b2afa87e48
|
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
|
2012-04-06 08:42:36 +00:00 |
|
Miroslav Stampar
|
2223c884e5
|
minor refactoring
|
2012-04-05 12:55:26 +00:00 |
|
Miroslav Stampar
|
02924eb345
|
minor update
|
2012-04-04 23:47:06 +00:00 |
|
Miroslav Stampar
|
e0994947e2
|
minor update
|
2012-04-04 23:37:50 +00:00 |
|
Miroslav Stampar
|
b1dd03731a
|
minor cosmetics
|
2012-04-04 23:34:08 +00:00 |
|
Miroslav Stampar
|
83387d92bb
|
minor bug fix
|
2012-04-04 23:32:20 +00:00 |
|
Miroslav Stampar
|
c89a4162e2
|
bug fix for --dns-domain with --technique=TS
|
2012-04-04 18:01:39 +00:00 |
|
Miroslav Stampar
|
098c7c06dd
|
added few comments
|
2012-04-04 13:24:58 +00:00 |
|
Miroslav Stampar
|
a5b69eaea4
|
removing unused imports
|
2012-04-04 13:18:14 +00:00 |
|
Bernardo Damele
|
52796bb4da
|
revert
|
2012-04-04 13:02:50 +00:00 |
|
Miroslav Stampar
|
a4b95ab7dd
|
works against MySQL/Windows
|
2012-04-04 12:49:45 +00:00 |
|
Bernardo Damele
|
a1d97e9d7b
|
Add a space after a comment
|
2012-04-04 12:48:21 +00:00 |
|
Bernardo Damele
|
025c531d22
|
leftover
|
2012-04-04 12:44:25 +00:00 |
|
Bernardo Damele
|
c0946ce2c9
|
Minor refactoring
|
2012-04-04 12:42:58 +00:00 |
|
Bernardo Damele
|
75d1dab895
|
more cosmetics
|
2012-04-04 12:33:16 +00:00 |
|
Bernardo Damele
|
d106fb5184
|
layout adjustments
|
2012-04-04 12:27:24 +00:00 |
|
Miroslav Stampar
|
1b2cd44255
|
proper fix
|
2012-04-04 10:35:52 +00:00 |
|
Miroslav Stampar
|
7031ef8e00
|
removing default values for referer and host from higher level/risk options
|
2012-04-04 10:34:27 +00:00 |
|
Miroslav Stampar
|
5e358b51f9
|
few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')
|
2012-04-04 09:25:05 +00:00 |
|
Miroslav Stampar
|
5851badff1
|
minor refactoring
|
2012-04-03 14:46:09 +00:00 |
|
Miroslav Stampar
|
b0787f193c
|
getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)
|
2012-04-03 14:34:15 +00:00 |
|
Miroslav Stampar
|
556b349be3
|
minor fix for retrieving non-printable chars in inference and non-multi threading mode
|
2012-04-03 14:04:07 +00:00 |
|
Miroslav Stampar
|
33bb9c5f19
|
much cleaner approach in that "flat" representation of retrieved items in union technique
|
2012-04-03 13:56:11 +00:00 |
|
Miroslav Stampar
|
7fb190f3b1
|
minor fix
|
2012-04-03 12:35:19 +00:00 |
|
Miroslav Stampar
|
886aa22efc
|
minor update
|
2012-04-03 12:19:37 +00:00 |
|
Miroslav Stampar
|
503988887c
|
minor update
|
2012-04-03 10:43:46 +00:00 |
|
Miroslav Stampar
|
78f51fd2e5
|
minor fix
|
2012-04-03 10:18:03 +00:00 |
|
Miroslav Stampar
|
2504f4edb8
|
minor fixes
|
2012-04-03 10:10:33 +00:00 |
|
Miroslav Stampar
|
e05109812f
|
minor improvements regarding data retrieval through DNS channel
|
2012-04-03 09:18:30 +00:00 |
|
Miroslav Stampar
|
5f94987b0f
|
fix for DNS method for MSSQL
|
2012-04-02 17:28:18 +00:00 |
|
Miroslav Stampar
|
2c28423cb8
|
minor update
|
2012-04-02 14:57:15 +00:00 |
|
Miroslav Stampar
|
8a9d09f79b
|
minor fixes
|
2012-04-02 14:11:23 +00:00 |
|
Miroslav Stampar
|
1cd3c3f7af
|
further update of DNS data retrieval mechanism through SQLi
|
2012-04-02 14:05:30 +00:00 |
|
Miroslav Stampar
|
1e01203562
|
few just in case "patches"
|
2012-04-02 12:58:10 +00:00 |
|
Miroslav Stampar
|
d908d078dd
|
minor fix
|
2012-04-02 12:27:30 +00:00 |
|
Miroslav Stampar
|
abffc39929
|
minor update regarding DNS data retrieval task
|
2012-04-02 12:22:40 +00:00 |
|
Miroslav Stampar
|
f7a664b120
|
enablind DNS server for DNS data exfiltration
|
2012-03-31 12:08:27 +00:00 |
|
Miroslav Stampar
|
8be9cd4ac4
|
bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)
|
2012-03-31 10:22:50 +00:00 |
|
Miroslav Stampar
|
429b8396e9
|
minor update for DNSServer support
|
2012-03-30 13:20:29 +00:00 |
|
Miroslav Stampar
|
56638f9e95
|
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
|
2012-03-30 10:50:01 +00:00 |
|
Miroslav Stampar
|
79c3d6f2aa
|
minor update
|
2012-03-30 10:37:46 +00:00 |
|
Miroslav Stampar
|
6acf6b193a
|
minor update regarding boolean logic comparison mechanism
|
2012-03-30 09:42:58 +00:00 |
|
Miroslav Stampar
|
5469186540
|
minor comment update
|
2012-03-29 14:35:47 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
ce4c697bbd
|
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
|
2012-03-29 13:39:12 +00:00 |
|
Miroslav Stampar
|
772ead8d03
|
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
|
2012-03-29 12:44:20 +00:00 |
|
Miroslav Stampar
|
c9cac957bb
|
adding one more case for false positive check (Generic tests without any DBMS knowledge)
|
2012-03-29 09:56:09 +00:00 |
|
Miroslav Stampar
|
60146481af
|
bug fix(es) (flags were used in place of count parameter in re.sub() calls)
|
2012-03-28 19:33:00 +00:00 |
|
Miroslav Stampar
|
9433bbe26d
|
memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)
|
2012-03-28 19:27:12 +00:00 |
|
Miroslav Stampar
|
7d131d1fb1
|
minor update
|
2012-03-28 13:46:31 +00:00 |
|
Miroslav Stampar
|
7fd64df167
|
minor code cleaning
|
2012-03-28 13:31:07 +00:00 |
|
Miroslav Stampar
|
769b0d0ae7
|
more minor updates regarding data retrieval through DNS channel
|
2012-03-27 19:29:24 +00:00 |
|
Miroslav Stampar
|
1b072f6415
|
laying foundation for DNS based data retrieval
|
2012-03-27 18:59:12 +00:00 |
|
Miroslav Stampar
|
3abcd6910a
|
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
|
2012-03-22 00:06:50 +00:00 |
|
Miroslav Stampar
|
e88687b1f0
|
revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)
|
2012-03-21 23:15:59 +00:00 |
|
Miroslav Stampar
|
524c1d38ad
|
making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)
|
2012-03-21 23:03:57 +00:00 |
|
Miroslav Stampar
|
11132ba993
|
fix for a bug in reflection removal mechanism
|
2012-03-19 14:28:18 +00:00 |
|
Miroslav Stampar
|
8e7d360ea2
|
cleaner refactoring regarding last commit
|
2012-03-19 12:03:25 +00:00 |
|
Miroslav Stampar
|
401763b6f8
|
minor fix (it has to be level 1 array like it was with the previous re.findall mechanism)
|
2012-03-19 12:00:22 +00:00 |
|
Miroslav Stampar
|
037db9b3b8
|
minor removal of older stuff
|
2012-03-19 09:38:27 +00:00 |
|
Miroslav Stampar
|
da7f4eeffd
|
removing left over
|
2012-03-18 17:33:14 +00:00 |
|
Miroslav Stampar
|
0fc4288a7c
|
modifying redirection code for only two choices
|
2012-03-18 17:27:08 +00:00 |
|
Bernardo Damele
|
c03d0e24fb
|
it must stay as is
|
2012-03-16 17:42:00 +00:00 |
|
Bernardo Damele
|
3505503a08
|
no need to return here
|
2012-03-16 17:30:16 +00:00 |
|
Bernardo Damele
|
942d9e4fa8
|
code cleanup
|
2012-03-16 17:27:24 +00:00 |
|
Bernardo Damele
|
a1c943fc79
|
Major bug fix to comparison algorithm with OR based boolean-based injections
|
2012-03-16 17:22:55 +00:00 |
|
Miroslav Stampar
|
d66056fe39
|
one more related commit
|
2012-03-16 13:16:53 +00:00 |
|
Miroslav Stampar
|
ac02a2d92c
|
minor fix
|
2012-03-16 13:14:14 +00:00 |
|
Miroslav Stampar
|
cbdcbdd786
|
minor minor update
|
2012-03-16 11:18:18 +00:00 |
|
Miroslav Stampar
|
b130a9e14e
|
minor fix (writing to HashDB on any interrupt)
|
2012-03-16 10:15:43 +00:00 |
|
Miroslav Stampar
|
577caac4de
|
putting kb.negativeLogic setting to the safe place
|
2012-03-16 09:17:11 +00:00 |
|
Miroslav Stampar
|
209e795369
|
minor just in case update
|
2012-03-16 09:02:17 +00:00 |
|
Miroslav Stampar
|
adb5fff6b2
|
one more update related to the redirection mechanism
|
2012-03-15 20:17:40 +00:00 |
|
Miroslav Stampar
|
7d313ac911
|
few more fixes for proper redirecting mechanism
|
2012-03-15 19:47:59 +00:00 |
|
Bernardo Damele
|
86c4650058
|
Minor bug fix - revert
|
2012-03-15 17:12:24 +00:00 |
|
Bernardo Damele
|
cc15373769
|
More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)
|
2012-03-15 16:29:28 +00:00 |
|
Bernardo Damele
|
4520744b4d
|
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
|
2012-03-15 16:25:26 +00:00 |
|
Miroslav Stampar
|
ddd92476a8
|
minor fix
|
2012-03-15 15:58:25 +00:00 |
|