stamparm
|
3873805dab
|
Partial implementation for an Issue #189 (error-based; still partial union left)
|
2013-05-09 16:23:57 +02:00 |
|
stamparm
|
9fe5a8832f
|
Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box)
|
2013-05-09 15:52:18 +02:00 |
|
stamparm
|
03be419d5d
|
Fix for an Issue #447
|
2013-05-07 13:25:30 +02:00 |
|
Miroslav Stampar
|
73917fc9c8
|
Minor update (same, but safer)
|
2013-04-11 21:25:44 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
stamparm
|
558ef0aaff
|
Minor fix
|
2013-03-19 10:42:20 +01:00 |
|
Miroslav Stampar
|
e9b86350f1
|
Patch for an Issue #403
|
2013-03-05 18:32:31 +01:00 |
|
Bernardo Damele
|
0e7f771be6
|
minor adjustment
|
2013-02-15 16:28:09 +00:00 |
|
Bernardo Damele
|
35aa785870
|
bug fix to make --predict-output work also with time-based technique
|
2013-02-15 16:25:33 +00:00 |
|
Miroslav Stampar
|
014e4e0055
|
Minor represenation fix
|
2013-02-15 14:48:24 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Bernardo Damele
|
e03010f48b
|
got rid of unnecessary output for API - #297
|
2013-02-05 15:00:06 +00:00 |
|
Miroslav Stampar
|
01219219fc
|
Minor bug fix (for --first/--last through problematic DBMSes)
|
2013-02-05 15:03:55 +01:00 |
|
Miroslav Stampar
|
31daefc7c9
|
Minor fix (skipping one uneccesary request in single-threaded --first/--last mode)
|
2013-02-05 13:51:35 +01:00 |
|
Miroslav Stampar
|
4f2981f163
|
Minor fix
|
2013-02-04 16:37:54 +01:00 |
|
Miroslav Stampar
|
f4b8a3c1d8
|
Bug fix for boolean (multithreaded Ctrl+C) resumed values
|
2013-02-04 15:49:29 +01:00 |
|
Miroslav Stampar
|
235153ab39
|
Removal of unused imports
|
2013-02-04 15:29:13 +01:00 |
|
Bernardo Damele
|
9370f96a67
|
step by step getting there to partial output presentation to restful API (issue #297), not quite yet though..
|
2013-02-03 22:09:33 +00:00 |
|
Bernardo Damele
|
dc2bbbeaa7
|
minor revert
|
2013-02-03 20:55:58 +00:00 |
|
Bernardo Damele
|
f8bc74758c
|
improvement to restful API to store to IPC database partial entries, not yet functional (issue #297)
|
2013-02-03 11:31:05 +00:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Miroslav Stampar
|
c06f94e2c8
|
Fix for an Issue #378
|
2013-01-25 16:38:41 +01:00 |
|
Bernardo Damele
|
f848f259a6
|
upper() -D value for certain DBMSes
|
2013-01-23 16:22:28 +00:00 |
|
Bernardo Damele
|
012815333c
|
minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite
|
2013-01-23 15:52:03 +00:00 |
|
Miroslav Stampar
|
d6a361f859
|
Proper implementation for --technique=Q --dbms=Firebird
|
2013-01-22 16:31:26 +01:00 |
|
Miroslav Stampar
|
59b02539ca
|
More general approach regarding that last commit
|
2013-01-22 11:34:34 +01:00 |
|
Miroslav Stampar
|
75bf8528d1
|
Minor just in case update
|
2013-01-21 14:50:43 +01:00 |
|
Miroslav Stampar
|
069c6acabd
|
Another update for an Issue #362
|
2013-01-20 22:47:26 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Bernardo Damele
|
c95119559e
|
minor bug fix
|
2013-01-19 00:41:51 +00:00 |
|
Bernardo Damele
|
0e78fbef56
|
correctly format SQLi payload for inline query technique
|
2013-01-19 00:28:03 +00:00 |
|
Miroslav Stampar
|
601eb1e49a
|
Unescaping is renamed to escaping
|
2013-01-18 15:40:37 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
04aa39f0c6
|
Minor update
|
2013-01-15 13:51:19 +01:00 |
|
Miroslav Stampar
|
a5a309212a
|
Fix for an Issue #339
|
2013-01-14 16:18:03 +01:00 |
|
Miroslav Stampar
|
4b79269608
|
Minor bug fix
|
2013-01-11 11:10:18 +01:00 |
|
Miroslav Stampar
|
ec4e49d771
|
Minor refactoring
|
2013-01-10 16:09:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
ca1c0c2a1d
|
Minor style update
|
2013-01-10 11:54:07 +01:00 |
|
Miroslav Stampar
|
bf5544903b
|
Minor style update
|
2013-01-09 16:10:26 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Bernardo Damele
|
c155c6df84
|
minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi
|
2013-01-07 23:31:11 +00:00 |
|
Miroslav Stampar
|
3abe87ac89
|
Minor fix with status update (Issue #305)
|
2013-01-07 18:53:08 +01:00 |
|
Miroslav Stampar
|
a8f02916a9
|
Minor fix (Issue #305)
|
2013-01-07 18:39:35 +01:00 |
|
Miroslav Stampar
|
e219fad8bf
|
Added a short comment
|
2013-01-07 18:19:48 +01:00 |
|
Miroslav Stampar
|
76839ff9d6
|
Fix for an Issue #305
|
2013-01-07 12:52:55 +01:00 |
|
Miroslav Stampar
|
dc21f3ce67
|
Minor just in case filtering of union results
|
2013-01-04 17:09:07 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
75edb84a71
|
Minor update
|
2012-12-30 11:10:32 +01:00 |
|
Miroslav Stampar
|
58ad2f1c5d
|
Revert of last commit and proper fix
|
2012-12-29 10:35:05 +01:00 |
|
Miroslav Stampar
|
0e18fa9c5f
|
Minor fix
|
2012-12-28 23:43:47 +01:00 |
|
Miroslav Stampar
|
77625e5af7
|
Minor revert
|
2012-12-21 19:31:05 +01:00 |
|
Miroslav Stampar
|
8b3e17ed4d
|
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
|
2012-12-21 14:52:47 +01:00 |
|
Miroslav Stampar
|
0d5d84edc7
|
Minor cleanup
|
2012-12-20 21:03:41 +01:00 |
|
Miroslav Stampar
|
712cf4e4db
|
Fix for an Issue #316
|
2012-12-20 20:55:59 +01:00 |
|
Miroslav Stampar
|
c2c4601d6e
|
Minor restyling
|
2012-12-20 11:06:52 +01:00 |
|
Bernardo Damele
|
282aeb734f
|
ORDER BY does not play well with UNION query SQLi (related to issue #313)
|
2012-12-19 13:21:16 +00:00 |
|
Bernardo Damele
|
259b345f1f
|
catch ImportError exception if libmagic is not installed
|
2012-12-19 13:10:54 +00:00 |
|
Bernardo Damele
|
9149d77cc8
|
removed duplicate code - fixes issue #310
|
2012-12-19 12:17:56 +00:00 |
|
Bernardo Damele
|
d80744d3d5
|
preparation for issue #310
|
2012-12-19 11:40:00 +00:00 |
|
Bernardo Damele
|
dee56b17c3
|
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
|
2012-12-19 10:50:15 +00:00 |
|
Miroslav Stampar
|
92e338251a
|
Finally working inference against MySQL/international letters (even chinese)
|
2012-12-19 10:44:02 +01:00 |
|
Bernardo Damele
|
8e95470415
|
minor refactoring
|
2012-12-19 00:46:23 +00:00 |
|
Miroslav Stampar
|
88d8494b5a
|
Implementation for an Issue #307
|
2012-12-18 16:03:35 +01:00 |
|
Miroslav Stampar
|
7f47623876
|
Minor patch
|
2012-12-18 11:10:06 +01:00 |
|
Bernardo Damele
|
1fdd804e94
|
replaced instances of dataToStdout with logger
|
2012-12-17 13:30:21 +00:00 |
|
Bernardo Damele
|
064d443d60
|
replaced unnecessary dataToStdout() call with appropriate logger.info() call
|
2012-12-17 11:30:08 +00:00 |
|
Miroslav Stampar
|
562044577b
|
Implementation for an Issue #292
|
2012-12-11 12:02:06 +01:00 |
|
Miroslav Stampar
|
996e882e78
|
Minor update
|
2012-12-10 17:13:00 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
7304971544
|
Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator'
|
2012-11-29 11:43:49 +01:00 |
|
Miroslav Stampar
|
7c16bfe025
|
Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN )
|
2012-11-29 10:51:59 +01:00 |
|
Miroslav Stampar
|
621ae587c7
|
Fix for an Issue #263
|
2012-11-28 00:03:17 +01:00 |
|
Miroslav Stampar
|
a40d7a5bca
|
Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed)
|
2012-11-15 15:06:54 +01:00 |
|
Miroslav Stampar
|
b75c52f93c
|
Minor display fix (in --hex mode)
|
2012-10-28 12:30:21 +01:00 |
|
Miroslav Stampar
|
25a5073281
|
Bug fix for --hex/--technique=B (especially MsSQL)
|
2012-10-28 12:22:33 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
99ceea5eae
|
Fix for an Issue #214
|
2012-10-23 17:05:45 +02:00 |
|
Miroslav Stampar
|
54d086f409
|
Minor fix
|
2012-10-23 10:02:10 +02:00 |
|
Miroslav Stampar
|
029143880a
|
Displaying hex-decoded resulting output in --hex mode
|
2012-10-22 14:36:01 +02:00 |
|
Miroslav Stampar
|
e61c4c22c9
|
Implementation for an Issue #200
|
2012-10-09 15:19:47 +02:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
560e0fcb25
|
Minor cleanup
|
2012-09-25 14:21:57 +02:00 |
|
Miroslav Stampar
|
cea5127ffd
|
Update for an Issue #6
|
2012-09-06 15:51:38 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
47073f4afd
|
Implementation of an Issue #131
|
2012-07-30 21:50:46 +02:00 |
|
Miroslav Stampar
|
93d35fe522
|
Minor update regarding Issue #129
|
2012-07-30 21:43:32 +02:00 |
|
Miroslav Stampar
|
cc2a916716
|
Fix for an Issue #126
|
2012-07-29 17:33:08 +02:00 |
|
Miroslav Stampar
|
f8c9868cb6
|
Implementation for an Issue #118
|
2012-07-24 15:34:50 +02:00 |
|
Miroslav Stampar
|
0f64e1e6c1
|
Minor update for Issue #94 (not fixing it)
|
2012-07-16 15:43:02 +02:00 |
|
Miroslav Stampar
|
805120ac52
|
Minor refactoring
|
2012-07-14 11:01:30 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Bernardo Damele
|
ea9c66108e
|
cleanup for issue #68
|
2012-07-12 15:38:43 +01:00 |
|
Miroslav Stampar
|
8e18514e56
|
Minor refactoring for all that stickyness
|
2012-07-12 15:58:45 +02:00 |
|
Miroslav Stampar
|
cba2a26b68
|
Finishing Issue #75 (inference dumping)
|
2012-07-12 14:46:57 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Bernardo Damele
|
f704a46341
|
silly blank line added
|
2012-07-12 01:38:29 +01:00 |
|