Commit Graph

748 Commits

Author SHA1 Message Date
stamparm
3873805dab Partial implementation for an Issue #189 (error-based; still partial union left) 2013-05-09 16:23:57 +02:00
stamparm
9fe5a8832f Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box) 2013-05-09 15:52:18 +02:00
stamparm
03be419d5d Fix for an Issue #447 2013-05-07 13:25:30 +02:00
Miroslav Stampar
73917fc9c8 Minor update (same, but safer) 2013-04-11 21:25:44 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
stamparm
558ef0aaff Minor fix 2013-03-19 10:42:20 +01:00
Miroslav Stampar
e9b86350f1 Patch for an Issue #403 2013-03-05 18:32:31 +01:00
Bernardo Damele
0e7f771be6 minor adjustment 2013-02-15 16:28:09 +00:00
Bernardo Damele
35aa785870 bug fix to make --predict-output work also with time-based technique 2013-02-15 16:25:33 +00:00
Miroslav Stampar
014e4e0055 Minor represenation fix 2013-02-15 14:48:24 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Bernardo Damele
e03010f48b got rid of unnecessary output for API - #297 2013-02-05 15:00:06 +00:00
Miroslav Stampar
01219219fc Minor bug fix (for --first/--last through problematic DBMSes) 2013-02-05 15:03:55 +01:00
Miroslav Stampar
31daefc7c9 Minor fix (skipping one uneccesary request in single-threaded --first/--last mode) 2013-02-05 13:51:35 +01:00
Miroslav Stampar
4f2981f163 Minor fix 2013-02-04 16:37:54 +01:00
Miroslav Stampar
f4b8a3c1d8 Bug fix for boolean (multithreaded Ctrl+C) resumed values 2013-02-04 15:49:29 +01:00
Miroslav Stampar
235153ab39 Removal of unused imports 2013-02-04 15:29:13 +01:00
Bernardo Damele
9370f96a67 step by step getting there to partial output presentation to restful API (issue #297), not quite yet though.. 2013-02-03 22:09:33 +00:00
Bernardo Damele
dc2bbbeaa7 minor revert 2013-02-03 20:55:58 +00:00
Bernardo Damele
f8bc74758c improvement to restful API to store to IPC database partial entries, not yet functional (issue #297) 2013-02-03 11:31:05 +00:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
c06f94e2c8 Fix for an Issue #378 2013-01-25 16:38:41 +01:00
Bernardo Damele
f848f259a6 upper() -D value for certain DBMSes 2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite 2013-01-23 15:52:03 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
59b02539ca More general approach regarding that last commit 2013-01-22 11:34:34 +01:00
Miroslav Stampar
75bf8528d1 Minor just in case update 2013-01-21 14:50:43 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
c95119559e minor bug fix 2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Miroslav Stampar
04aa39f0c6 Minor update 2013-01-15 13:51:19 +01:00
Miroslav Stampar
a5a309212a Fix for an Issue #339 2013-01-14 16:18:03 +01:00
Miroslav Stampar
4b79269608 Minor bug fix 2013-01-11 11:10:18 +01:00
Miroslav Stampar
ec4e49d771 Minor refactoring 2013-01-10 16:09:28 +01:00
Miroslav Stampar
ca3d35a878 Some PEP8 related style cleaning 2013-01-10 13:18:44 +01:00
Miroslav Stampar
ca1c0c2a1d Minor style update 2013-01-10 11:54:07 +01:00
Miroslav Stampar
bf5544903b Minor style update 2013-01-09 16:10:26 +01:00
Miroslav Stampar
25f01a419f Minor style update (for the sake of consistency over the code and our PEP8 adaptation) 2013-01-09 15:38:41 +01:00
Bernardo Damele
c155c6df84 minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi 2013-01-07 23:31:11 +00:00
Miroslav Stampar
3abe87ac89 Minor fix with status update (Issue #305) 2013-01-07 18:53:08 +01:00
Miroslav Stampar
a8f02916a9 Minor fix (Issue #305) 2013-01-07 18:39:35 +01:00
Miroslav Stampar
e219fad8bf Added a short comment 2013-01-07 18:19:48 +01:00
Miroslav Stampar
76839ff9d6 Fix for an Issue #305 2013-01-07 12:52:55 +01:00
Miroslav Stampar
dc21f3ce67 Minor just in case filtering of union results 2013-01-04 17:09:07 +01:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Miroslav Stampar
75edb84a71 Minor update 2012-12-30 11:10:32 +01:00
Miroslav Stampar
58ad2f1c5d Revert of last commit and proper fix 2012-12-29 10:35:05 +01:00
Miroslav Stampar
0e18fa9c5f Minor fix 2012-12-28 23:43:47 +01:00
Miroslav Stampar
77625e5af7 Minor revert 2012-12-21 19:31:05 +01:00
Miroslav Stampar
8b3e17ed4d Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table) 2012-12-21 14:52:47 +01:00
Miroslav Stampar
0d5d84edc7 Minor cleanup 2012-12-20 21:03:41 +01:00
Miroslav Stampar
712cf4e4db Fix for an Issue #316 2012-12-20 20:55:59 +01:00
Miroslav Stampar
c2c4601d6e Minor restyling 2012-12-20 11:06:52 +01:00
Bernardo Damele
282aeb734f ORDER BY does not play well with UNION query SQLi (related to issue #313) 2012-12-19 13:21:16 +00:00
Bernardo Damele
259b345f1f catch ImportError exception if libmagic is not installed 2012-12-19 13:10:54 +00:00
Bernardo Damele
9149d77cc8 removed duplicate code - fixes issue #310 2012-12-19 12:17:56 +00:00
Bernardo Damele
d80744d3d5 preparation for issue #310 2012-12-19 11:40:00 +00:00
Bernardo Damele
dee56b17c3 handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308 2012-12-19 10:50:15 +00:00
Miroslav Stampar
92e338251a Finally working inference against MySQL/international letters (even chinese) 2012-12-19 10:44:02 +01:00
Bernardo Damele
8e95470415 minor refactoring 2012-12-19 00:46:23 +00:00
Miroslav Stampar
88d8494b5a Implementation for an Issue #307 2012-12-18 16:03:35 +01:00
Miroslav Stampar
7f47623876 Minor patch 2012-12-18 11:10:06 +01:00
Bernardo Damele
1fdd804e94 replaced instances of dataToStdout with logger 2012-12-17 13:30:21 +00:00
Bernardo Damele
064d443d60 replaced unnecessary dataToStdout() call with appropriate logger.info() call 2012-12-17 11:30:08 +00:00
Miroslav Stampar
562044577b Implementation for an Issue #292 2012-12-11 12:02:06 +01:00
Miroslav Stampar
996e882e78 Minor update 2012-12-10 17:13:00 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
775e0df04b Update for an Issue #278 2012-12-05 10:45:17 +01:00
Miroslav Stampar
7304971544 Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator' 2012-11-29 11:43:49 +01:00
Miroslav Stampar
7c16bfe025 Fix for error-based MsSQL dumping (in some cases failed because of wrong order - e.g. MIN(SUBSTRING( instead of SUBSTRING(MIN ) 2012-11-29 10:51:59 +01:00
Miroslav Stampar
621ae587c7 Fix for an Issue #263 2012-11-28 00:03:17 +01:00
Miroslav Stampar
a40d7a5bca Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed) 2012-11-15 15:06:54 +01:00
Miroslav Stampar
b75c52f93c Minor display fix (in --hex mode) 2012-10-28 12:30:21 +01:00
Miroslav Stampar
25a5073281 Bug fix for --hex/--technique=B (especially MsSQL) 2012-10-28 12:22:33 +01:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
99ceea5eae Fix for an Issue #214 2012-10-23 17:05:45 +02:00
Miroslav Stampar
54d086f409 Minor fix 2012-10-23 10:02:10 +02:00
Miroslav Stampar
029143880a Displaying hex-decoded resulting output in --hex mode 2012-10-22 14:36:01 +02:00
Miroslav Stampar
e61c4c22c9 Implementation for an Issue #200 2012-10-09 15:19:47 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
560e0fcb25 Minor cleanup 2012-09-25 14:21:57 +02:00
Miroslav Stampar
cea5127ffd Update for an Issue #6 2012-09-06 15:51:38 +02:00
Miroslav Stampar
01f481c332 Minor refactoring of dictionaries 2012-08-21 11:19:15 +02:00
Miroslav Stampar
47073f4afd Implementation of an Issue #131 2012-07-30 21:50:46 +02:00
Miroslav Stampar
93d35fe522 Minor update regarding Issue #129 2012-07-30 21:43:32 +02:00
Miroslav Stampar
cc2a916716 Fix for an Issue #126 2012-07-29 17:33:08 +02:00
Miroslav Stampar
f8c9868cb6 Implementation for an Issue #118 2012-07-24 15:34:50 +02:00
Miroslav Stampar
0f64e1e6c1 Minor update for Issue #94 (not fixing it) 2012-07-16 15:43:02 +02:00
Miroslav Stampar
805120ac52 Minor refactoring 2012-07-14 11:01:30 +02:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Bernardo Damele
ea9c66108e cleanup for issue #68 2012-07-12 15:38:43 +01:00
Miroslav Stampar
8e18514e56 Minor refactoring for all that stickyness 2012-07-12 15:58:45 +02:00
Miroslav Stampar
cba2a26b68 Finishing Issue #75 (inference dumping) 2012-07-12 14:46:57 +02:00
Miroslav Stampar
65639cdda6 First update for Issue #75 (error-based dumping) 2012-07-12 14:31:28 +02:00
Bernardo Damele
f704a46341 silly blank line added 2012-07-12 01:38:29 +01:00