Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
3da8f86e97
|
minor fix
|
2012-06-15 21:01:27 +00:00 |
|
Miroslav Stampar
|
76584ff0fa
|
unhidding --test-filter
|
2012-06-14 14:36:53 +00:00 |
|
Miroslav Stampar
|
d2bbfa4aad
|
minor style update
|
2012-05-28 14:04:17 +00:00 |
|
Miroslav Stampar
|
dc20bff1d0
|
minor update
|
2012-05-25 08:30:24 +00:00 |
|
Miroslav Stampar
|
7657bbeaf9
|
minor update
|
2012-05-24 22:32:06 +00:00 |
|
Miroslav Stampar
|
86fdad2bfa
|
minor update
|
2012-05-24 22:07:50 +00:00 |
|
Miroslav Stampar
|
1e18168cc8
|
fix for one silent bug and small language update
|
2012-05-23 16:35:40 +00:00 |
|
Miroslav Stampar
|
2538e2d5b4
|
fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring
|
2012-05-22 09:33:22 +00:00 |
|
Miroslav Stampar
|
7fb1f3fc70
|
minor renaming
|
2012-05-09 18:26:02 +00:00 |
|
Miroslav Stampar
|
11d9859199
|
making nice code
|
2012-05-09 18:25:04 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
6177317a17
|
minor update
|
2012-05-09 10:06:23 +00:00 |
|
Miroslav Stampar
|
deec97dfe3
|
adding Frontbase to error message regexes
|
2012-05-08 17:02:58 +00:00 |
|
Miroslav Stampar
|
80ee687b41
|
minor beauty patch
|
2012-05-07 13:51:31 +00:00 |
|
Miroslav Stampar
|
6f67dc85ee
|
adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical
|
2012-04-25 20:29:07 +00:00 |
|
Miroslav Stampar
|
3532d23933
|
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
|
2012-04-23 13:41:36 +00:00 |
|
Miroslav Stampar
|
6ebb621228
|
adding support for (custom) POST injection (marking injection point with '*' in conf.data)
|
2012-04-17 14:23:00 +00:00 |
|
Miroslav Stampar
|
54576ab3a6
|
making a random choice from candidates
|
2012-04-13 10:54:30 +00:00 |
|
Miroslav Stampar
|
bbbcc95fe5
|
use it only if page is stable
|
2012-04-13 10:19:26 +00:00 |
|
Miroslav Stampar
|
052d9455fe
|
warning user in cases of "User xyz already has more than 'max_user_connections' active connections"
|
2012-04-12 09:44:54 +00:00 |
|
Miroslav Stampar
|
b45ae10da4
|
minor fixes
|
2012-04-11 21:36:37 +00:00 |
|
Miroslav Stampar
|
e33ea7c33a
|
minor fix
|
2012-04-10 22:29:39 +00:00 |
|
Miroslav Stampar
|
a82206cec4
|
minor cosmetics
|
2012-04-10 21:57:00 +00:00 |
|
Miroslav Stampar
|
119eec3598
|
improving "boolean detection" by automatic recognition of convenient --string candidate
|
2012-04-10 21:48:34 +00:00 |
|
Miroslav Stampar
|
56638f9e95
|
making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection
|
2012-03-30 10:50:01 +00:00 |
|
Miroslav Stampar
|
637a8d8273
|
improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism
|
2012-03-29 14:33:27 +00:00 |
|
Miroslav Stampar
|
ce4c697bbd
|
disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code
|
2012-03-29 13:39:12 +00:00 |
|
Miroslav Stampar
|
c9cac957bb
|
adding one more case for false positive check (Generic tests without any DBMS knowledge)
|
2012-03-29 09:56:09 +00:00 |
|
Miroslav Stampar
|
3abcd6910a
|
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
|
2012-03-22 00:06:50 +00:00 |
|
Miroslav Stampar
|
0fc4288a7c
|
modifying redirection code for only two choices
|
2012-03-18 17:27:08 +00:00 |
|
Miroslav Stampar
|
577caac4de
|
putting kb.negativeLogic setting to the safe place
|
2012-03-16 09:17:11 +00:00 |
|
Miroslav Stampar
|
7d313ac911
|
few more fixes for proper redirecting mechanism
|
2012-03-15 19:47:59 +00:00 |
|
Bernardo Damele
|
4520744b4d
|
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
|
2012-03-15 16:25:26 +00:00 |
|
Miroslav Stampar
|
a7fbc55748
|
grammar fix
|
2012-03-13 22:03:23 +00:00 |
|
Miroslav Stampar
|
c878dd3e5a
|
doing a dummy test for --os-shell in case of xp_cmdshell
|
2012-03-09 14:21:41 +00:00 |
|
Miroslav Stampar
|
a0b46963cb
|
minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)
|
2012-03-09 10:28:19 +00:00 |
|
Miroslav Stampar
|
0ead1fd87e
|
minor update
|
2012-03-05 09:42:52 +00:00 |
|
Miroslav Stampar
|
1ec56f93ec
|
minor update
|
2012-03-01 10:10:19 +00:00 |
|
Miroslav Stampar
|
f142c0f782
|
minor update
|
2012-02-28 14:04:13 +00:00 |
|
Miroslav Stampar
|
22b3fa0749
|
minor update
|
2012-02-27 15:28:36 +00:00 |
|
Miroslav Stampar
|
a9bf0297f6
|
moving injection data to HashDB
|
2012-02-27 13:44:07 +00:00 |
|
Miroslav Stampar
|
f94b91ad87
|
added helper function for HashDB data storing/retrieval
|
2012-02-24 13:07:20 +00:00 |
|
Miroslav Stampar
|
6e54cb171f
|
minor code restyling
|
2012-02-22 15:53:36 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
386e98a0e3
|
using UNION SELECT for where=..NEGATIVE
|
2012-02-22 09:41:58 +00:00 |
|
Miroslav Stampar
|
844fc8addb
|
minor cleanup
|
2012-02-16 10:19:36 +00:00 |
|
Miroslav Stampar
|
23cc8b6974
|
minor fix for special cases when parameter value contains html encoded characters
|
2012-02-14 14:08:10 +00:00 |
|
Miroslav Stampar
|
2604e73d88
|
minor change in workflow
|
2012-02-13 11:18:47 +00:00 |
|
Miroslav Stampar
|
96f589fc89
|
minor fix
|
2012-02-12 19:22:33 +00:00 |
|