Commit Graph

7170 Commits

Author SHA1 Message Date
Bernardo Damele
2f08c8b666 bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup 2015-02-27 13:57:28 +00:00
Miroslav Stampar
ee11292f87 Update of doc/THANKS 2015-02-25 10:33:54 +01:00
Miroslav Stampar
33429f443c Minor update 2015-02-25 10:31:27 +01:00
Miroslav Stampar
dde400ab8f More suitable version of 6bcc95a (suggested by user) 2015-02-25 10:19:51 +01:00
Miroslav Stampar
b74edf9664 Fixes #1175 2015-02-25 10:16:01 +01:00
Miroslav Stampar
6bcc95a20d Restricting evaluated code variable names to Python valid characters ([_0-9a-zA-Z]) 2015-02-24 15:05:44 +01:00
Miroslav Stampar
e35c7fbb7a Fixes #1172 2015-02-22 13:41:54 +01:00
Bernardo Damele
475cc8b24b trivial code cleanup 2015-02-21 13:12:30 +00:00
Bernardo Damele
383929c0c2 if the user forces the DBMS, then sort the tests accordingly to perform first the DBMS-specific tests, then the others 2015-02-21 13:12:03 +00:00
Bernardo Damele
d235ee375b code cleanup 2015-02-21 12:59:44 +00:00
Bernardo Damele
8be24d3e9b minor enhancement, prefer intersect() each time DBMS values are comfronted 2015-02-21 12:59:27 +00:00
Bernardo Damele
388c0dfd77 trivial layout fix 2015-02-21 12:57:49 +00:00
Bernardo Damele
21c1ae427b swapped generic and MySQL-specific UNION payloads - issue #1169 2015-02-21 12:57:28 +00:00
Bernardo Damele
ef9d4b58ae minor signature for PHP pgsql functions 2015-02-21 02:24:03 +00:00
Bernardo Damele
52dd92748a rework some of the logic of the detection phase based on identified DBMS along the way 2015-02-21 02:23:42 +00:00
Bernardo Damele
4f939b5719 avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables 2015-02-20 18:36:34 +00:00
Bernardo Damele
4bbf168b18 Minor titles fix 2015-02-20 18:35:13 +00:00
Bernardo Damele
ab6cc271d3 Major consistency rework of error-based payloads - issue #1169 2015-02-20 18:34:47 +00:00
Bernardo Damele
9fed41ddc2 Major consistency rework of boolean payloads - issue #1169 2015-02-20 18:34:23 +00:00
Bernardo Damele
2d886011c8 Consistency in enums 2015-02-20 18:33:04 +00:00
Bernardo Damele
1ecb921ba7 Consistency in enums 2015-02-20 18:31:47 +00:00
Bernardo Damele
214b9360e9 Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup 2015-02-20 18:30:42 +00:00
Bernardo Damele
3b3205c532 Minor stacked queries and time-based payloads cleanup - issue #1169 2015-02-20 15:44:06 +00:00
Bernardo Damele
79d4d970a5 trivial code cleanup 2015-02-20 15:42:28 +00:00
Bernardo Damele
5b65d2e133 more consistency of boolean blind payloads - issue #1169 2015-02-20 11:34:16 +00:00
Bernardo Damele
201b605f9b Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already 2015-02-20 10:21:44 +00:00
Bernardo Damele
f547a776d8 consolidating blind based payloads - issue #1169 2015-02-19 16:42:26 +00:00
Bernardo Damele
4195f770a3 removing one unnecessary character from stacked payloads 2015-02-19 16:41:55 +00:00
Bernardo Damele
1e9586c90b minor layout fix 2015-02-19 16:18:16 +00:00
Bernardo Damele
6cc092b926 split payloads in different files 2015-02-18 10:13:44 +00:00
Bernardo Damele
daa8e0d8c5 minor fix 2015-02-18 10:13:28 +00:00
Bernardo Damele
560bc7cc28 minor fixes 2015-02-18 09:51:07 +00:00
Bernardo Damele
c51ecf33f3 ported the recent MySQL time-based payload (introduced with 66c2a79397) to other techniques and conditions 2015-02-18 09:45:44 +00:00
Miroslav Stampar
1636088b75 Minor update 2015-02-16 11:48:53 +01:00
Bernardo Damele
32373996ee standard message 2015-02-15 20:53:40 +00:00
Bernardo Damele
e17d212c23 bug fix introduced with 863d5a6281 2015-02-15 20:07:52 +00:00
Bernardo Damele
84349a370a minor code cleanup 2015-02-15 19:51:07 +00:00
Bernardo Damele
32ab52b8ca code refactoring: split boundaries and payloads XML files 2015-02-15 16:31:35 +00:00
Bernardo Damele
863d5a6281 --test-filter now ignores values of --risk and --level 2015-02-15 16:28:37 +00:00
Miroslav Stampar
2e5c11e427 Closes #1163 2015-02-13 10:59:03 +01:00
Miroslav Stampar
b1d13d1e7d Patch for an Issue #1158 2015-02-06 09:05:41 +01:00
Miroslav Stampar
247384858e Patch for an Issue #1159 (undo commit with single-quotes problem on windows) 2015-02-04 16:21:21 +01:00
Miroslav Stampar
38011743bb Patch for an Issue #1157 2015-02-04 15:01:19 +01:00
Bernardo Damele
66c2a79397 added a time-based payload for MySQL when the simpler AND SLEEP(X) does not work 2015-02-03 15:14:41 +00:00
Miroslav Stampar
eecc0b924b Patch for an Issue #1148 2015-02-03 10:06:00 +01:00
Miroslav Stampar
2af2aef43e Minor patch for masking sensitive information (when formation -u=... is used) 2015-02-03 09:48:05 +01:00
Miroslav Stampar
59f0da369d Patch for a bug reported via ML (Accept header ignored in --headers) 2015-02-02 22:07:16 +01:00
Miroslav Stampar
8b135e45bd Patch for an Issue #1147 2015-02-02 22:05:31 +01:00
Miroslav Stampar
bf1c08a8a6 Bug fix 2015-01-30 22:43:40 +01:00
Miroslav Stampar
2e9bf47703 Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145) 2015-01-30 22:12:35 +01:00