Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6fa2fd139c 
							
						 
					 
					
						
						
							
							implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)  
						
						
						
					 
					
						2011-04-08 15:17:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							228cc68747 
							
						 
					 
					
						
						
							
							fix for those ugly DEBUG messages in brute mode  
						
						
						
					 
					
						2011-04-08 11:02:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b14a9eaa7 
							
						 
					 
					
						
						
							
							Minor code adjustments  
						
						
						
					 
					
						2011-04-06 14:40:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3948cd9e77 
							
						 
					 
					
						
						
							
							Minor layout adjustments  
						
						
						
					 
					
						2011-03-31 14:13:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f7bce5c66 
							
						 
					 
					
						
						
							
							fixing a huge mess going on because of counting on error and union techniques  
						
						
						
					 
					
						2011-03-23 11:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7613134515 
							
						 
					 
					
						
						
							
							it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)  
						
						
						
					 
					
						2011-03-22 12:37:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9479a68eb5 
							
						 
					 
					
						
						
							
							minor fix regarding last commit  
						
						
						
					 
					
						2011-03-22 12:21:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c24ed6e622 
							
						 
					 
					
						
						
							
							minor fix related to a bug reported by warninggp@gmail.com  
						
						
						
					 
					
						2011-03-22 09:22:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c9ccb755 
							
						 
					 
					
						
						
							
							Oracle XML based error payload has problems with char $ as with space  
						
						
						
					 
					
						2011-03-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9b1f2d82d0 
							
						 
					 
					
						
						
							
							minor update (that .strip() was a leftover)  
						
						
						
					 
					
						2011-03-20 23:20:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db992a0a86 
							
						 
					 
					
						
						
							
							mssql likes to htmlescape error reports  
						
						
						
					 
					
						2011-03-20 23:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							beba69faa9 
							
						 
					 
					
						
						
							
							implementation of request from Santiago (look for error based responses in redirects)  
						
						
						
					 
					
						2011-03-17 09:12:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d8a76ebe34 
							
						 
					 
					
						
						
							
							Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs  
						
						
						
					 
					
						2011-03-11 16:03:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cb0ca4b63 
							
						 
					 
					
						
						
							
							Minor bug fix for --privileges on PgSQL with error-based SQL inj technique  
						
						
						
					 
					
						2011-03-11 15:24:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							83d7803ce7 
							
						 
					 
					
						
						
							
							other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)  
						
						
						
					 
					
						2011-02-12 20:03:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3de6117253 
							
						 
					 
					
						
						
							
							revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)  
						
						
						
					 
					
						2011-02-09 09:53:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							98ca1702ae 
							
						 
					 
					
						
						
							
							los cosmeticado  
						
						
						
					 
					
						2011-02-08 16:30:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							87e36796c6 
							
						 
					 
					
						
						
							
							just to not cause confusion  
						
						
						
					 
					
						2011-02-08 16:29:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dcb9c93328 
							
						 
					 
					
						
						
							
							minor cleanup  
						
						
						
					 
					
						2011-02-08 16:27:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							37f7001143 
							
						 
					 
					
						
						
							
							first commit with mysql/error/substringing  
						
						
						
					 
					
						2011-02-08 16:23:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							265e7ca272 
							
						 
					 
					
						
						
							
							fix for that MSSQL limit/top problem  
						
						
						
					 
					
						2011-02-07 16:24:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							061f56daf9 
							
						 
					 
					
						
						
							
							More adjustments related to unescape() and cleanupPayload().  
						
						... 
						
						
						
						Minor code cleanup related to error-based payload. 
						
					 
					
						2011-02-06 23:27:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9eac2339ca 
							
						 
					 
					
						
						
							
							 
						
						
						
					 
					
						2011-02-06 22:55:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							078a2207cc 
							
						 
					 
					
						
						
							
							few reverts  
						
						
						
					 
					
						2011-02-06 22:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9b2fe0e7c 
							
						 
					 
					
						
						
							
							little cleanup  
						
						
						
					 
					
						2011-02-06 21:52:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							acb986ae80 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-04 17:40:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9b342a4c95 
							
						 
					 
					
						
						
							
							Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.  
						
						... 
						
						
						
						Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too. 
						
					 
					
						2011-02-01 22:07:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6761933f75 
							
						 
					 
					
						
						
							
							Just.. cosmetics ;)  
						
						
						
					 
					
						2011-01-31 22:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e3a3ae11cc 
							
						 
					 
					
						
						
							
							Proper return from error-based technique enumeration  
						
						
						
					 
					
						2011-01-31 21:13:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8ef47307db 
							
						 
					 
					
						
						
							
							added checking of header values for GREP (error); still UNION to do  
						
						
						
					 
					
						2011-01-31 12:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							02e5c4b1e6 
							
						 
					 
					
						
						
							
							Minor bug fix for --sql-query/-shell with error-based technique  
						
						
						
					 
					
						2011-01-30 14:19:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a184a4c772 
							
						 
					 
					
						
						
							
							major of majors bug fix  
						
						
						
					 
					
						2011-01-28 14:31:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0f2634c4b0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)  
						
						
						
					 
					
						2011-01-20 22:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							daebb0010b 
							
						 
					 
					
						
						
							
							Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.  
						
						... 
						
						
						
						Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup. 
						
					 
					
						2011-01-18 23:02:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3822b494ea 
							
						 
					 
					
						
						
							
							Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.  
						
						
						
					 
					
						2011-01-17 23:43:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7f7fb93155 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-23 18:44:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							466d61ee85 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-21 14:29:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							385e208f38 
							
						 
					 
					
						
						
							
							code refactoring regarding standard output suppression and some threading issues  
						
						
						
					 
					
						2010-12-21 14:21:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8a01ddaf8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							db844c1785 
							
						 
					 
					
						
						
							
							No point in showing the error-based inject payload, it's same as the one showed in -v3  
						
						
						
					 
					
						2010-12-13 21:35:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac9080c07b 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 08:24:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2735848ab6 
							
						 
					 
					
						
						
							
							removed ERROR_SPACE  
						
						
						
					 
					
						2010-12-06 22:40:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8be14e00a 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-06 07:48:14 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11058667e4 
							
						 
					 
					
						
						
							
							Better naming  
						
						
						
					 
					
						2010-12-03 14:45:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a9d4b37987 
							
						 
					 
					
						
						
							
							Code cleanup and minor refactoring  
						
						
						
					 
					
						2010-12-03 10:51:27 +00:00