Bernardo Damele
|
c155c6df84
|
minor bug fix for user's provided LIMIT'd statement when technique is full UNION SQLi
|
2013-01-07 23:31:11 +00:00 |
|
Miroslav Stampar
|
e219fad8bf
|
Added a short comment
|
2013-01-07 18:19:48 +01:00 |
|
Miroslav Stampar
|
dc21f3ce67
|
Minor just in case filtering of union results
|
2013-01-04 17:09:07 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Miroslav Stampar
|
58ad2f1c5d
|
Revert of last commit and proper fix
|
2012-12-29 10:35:05 +01:00 |
|
Miroslav Stampar
|
0e18fa9c5f
|
Minor fix
|
2012-12-28 23:43:47 +01:00 |
|
Miroslav Stampar
|
77625e5af7
|
Minor revert
|
2012-12-21 19:31:05 +01:00 |
|
Miroslav Stampar
|
8b3e17ed4d
|
Minor update (better approach for those old NOT IN cases in MsSQL - instead of standard pivot dump table)
|
2012-12-21 14:52:47 +01:00 |
|
Miroslav Stampar
|
c2c4601d6e
|
Minor restyling
|
2012-12-20 11:06:52 +01:00 |
|
Bernardo Damele
|
282aeb734f
|
ORDER BY does not play well with UNION query SQLi (related to issue #313)
|
2012-12-19 13:21:16 +00:00 |
|
Bernardo Damele
|
259b345f1f
|
catch ImportError exception if libmagic is not installed
|
2012-12-19 13:10:54 +00:00 |
|
Bernardo Damele
|
9149d77cc8
|
removed duplicate code - fixes issue #310
|
2012-12-19 12:17:56 +00:00 |
|
Bernardo Damele
|
d80744d3d5
|
preparation for issue #310
|
2012-12-19 11:40:00 +00:00 |
|
Bernardo Damele
|
dee56b17c3
|
handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308
|
2012-12-19 10:50:15 +00:00 |
|
Miroslav Stampar
|
88d8494b5a
|
Implementation for an Issue #307
|
2012-12-18 16:03:35 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
7304971544
|
Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator'
|
2012-11-29 11:43:49 +01:00 |
|
Miroslav Stampar
|
a40d7a5bca
|
Minor improvement (safer to use column name in COUNT than *, especially when only one column is needed)
|
2012-11-15 15:06:54 +01:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
54d086f409
|
Minor fix
|
2012-10-23 10:02:10 +02:00 |
|
Miroslav Stampar
|
cea5127ffd
|
Update for an Issue #6
|
2012-09-06 15:51:38 +02:00 |
|
Miroslav Stampar
|
01f481c332
|
Minor refactoring of dictionaries
|
2012-08-21 11:19:15 +02:00 |
|
Miroslav Stampar
|
93d35fe522
|
Minor update regarding Issue #129
|
2012-07-30 21:43:32 +02:00 |
|
Miroslav Stampar
|
cc2a916716
|
Fix for an Issue #126
|
2012-07-29 17:33:08 +02:00 |
|
Miroslav Stampar
|
0f64e1e6c1
|
Minor update for Issue #94 (not fixing it)
|
2012-07-16 15:43:02 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
295a7a8e5e
|
Another update for Issue #80
|
2012-07-11 16:14:20 +02:00 |
|
Miroslav Stampar
|
9a4f8d5f45
|
Fix for Issue #80
|
2012-07-11 16:01:25 +02:00 |
|
Miroslav Stampar
|
32f52cdd04
|
Another language update for Issue #45
|
2012-06-29 10:33:54 +02:00 |
|
Miroslav Stampar
|
f0e39c3fae
|
Language update for Issue #45
|
2012-06-29 10:33:00 +02:00 |
|
Miroslav Stampar
|
c0f16f0c1a
|
Fix for Issue #45
|
2012-06-29 10:31:03 +02:00 |
|
Miroslav Stampar
|
c8bac658f3
|
Fix for Issue #43
|
2012-06-28 18:47:55 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
6c4bd84d18
|
minor fix (turning back the functionality of kb.suppressResumeInfo)
|
2012-06-25 16:19:51 +00:00 |
|
Miroslav Stampar
|
302d782a0f
|
minor style update
|
2012-06-19 08:33:51 +00:00 |
|
Miroslav Stampar
|
e2a60b302f
|
minor fix
|
2012-06-17 21:21:45 +00:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
facce2c0df
|
some more cleanup
|
2012-06-14 13:50:36 +00:00 |
|
Miroslav Stampar
|
b0a8238774
|
minor fixes
|
2012-05-09 14:58:16 +00:00 |
|
Miroslav Stampar
|
9fa3619262
|
minor fix
|
2012-05-09 14:00:07 +00:00 |
|
Miroslav Stampar
|
56a3431be6
|
minor update for empty tables (skipping other techniques)
|
2012-05-09 10:34:21 +00:00 |
|
Miroslav Stampar
|
e419177871
|
minor update
|
2012-05-08 17:28:19 +00:00 |
|
Miroslav Stampar
|
eccd4da00f
|
minor fix
|
2012-05-08 15:03:33 +00:00 |
|
Miroslav Stampar
|
938d9ff23e
|
doing all the work for the users so they wouldn't strain their little hands
|
2012-05-08 15:00:23 +00:00 |
|
Miroslav Stampar
|
524dd75ff2
|
that query variable hasn't been used anywhere (obsolete for some time)
|
2012-05-08 14:34:40 +00:00 |
|
Miroslav Stampar
|
3532d23933
|
automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)
|
2012-04-23 13:41:36 +00:00 |
|
Miroslav Stampar
|
71b0acc16f
|
minor fix (checking for full inband should be done with ORIGINAL - more concise)
|
2012-04-15 16:43:18 +00:00 |
|
Miroslav Stampar
|
5772c52f46
|
minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)
|
2012-04-15 16:33:47 +00:00 |
|
Miroslav Stampar
|
ae8c70e895
|
another cosmetics
|
2012-04-13 15:11:44 +00:00 |
|
Miroslav Stampar
|
d765cdc3a3
|
minor cosmetics
|
2012-04-13 15:10:40 +00:00 |
|