Commit Graph

94 Commits

Author SHA1 Message Date
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Bernardo Damele
fbe5ba5394 cosmetics 2011-04-21 10:54:12 +00:00
Miroslav Stampar
4fadcf0615 improvement for UNION/ERROR case 2011-04-20 10:17:42 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
1823c116bb minor update for special cases of union testing results 2011-03-28 21:45:38 +00:00
Miroslav Stampar
422967fbcd just an minor update related to the last commit 2011-03-25 12:21:53 +00:00
Bernardo Damele
03fac62592 Minor code restyle 2011-03-17 12:34:29 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
66adf23532 Unbiased approach for searching appropriate usable column 2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) 2011-02-07 16:55:02 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8 more appropriate 2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd new UNION column detection is going into wild 2011-02-03 16:16:38 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Bernardo Damele
71d82e6f57 Minor layout adjustment 2011-01-30 16:19:58 +00:00
Miroslav Stampar
bc8f1142c9 minor revert 2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
49aeb41be8 quick bug fix for FALSE positives with UNION based technique 2011-01-27 18:49:44 +00:00
Miroslav Stampar
5692506131 this was bad thing to have 2011-01-25 01:08:38 +00:00
Miroslav Stampar
ff7707579f minor improvement 2011-01-23 11:35:24 +00:00
Miroslav Stampar
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message 2011-01-23 10:51:57 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92 Proper fix to avoid UNION test false positives 2011-01-11 23:59:02 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f Major bug fix 2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns.
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
0616edcc44 adding progress to --union-test 2011-01-06 09:26:01 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00