Bernardo Damele
|
f4028bd7d2
|
minor adjustment
|
2013-01-23 02:10:38 +00:00 |
|
Bernardo Damele
|
adf97e630f
|
add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL
|
2013-01-19 18:04:33 +00:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Bernardo Damele
|
65ed2304fd
|
comment update
|
2012-12-19 09:38:03 +00:00 |
|
Bernardo Damele
|
0037d52098
|
typo fix
|
2012-12-19 01:11:18 +00:00 |
|
Miroslav Stampar
|
df0f08bc6a
|
Cleaning some (web upload based) garbage
|
2012-12-13 13:19:47 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
7c7aff12c6
|
Update for an Issue #225
|
2012-10-30 01:26:19 +01:00 |
|
Miroslav Stampar
|
726de868e2
|
Fix for an Issue #225
|
2012-10-30 00:37:43 +01:00 |
|
Miroslav Stampar
|
5358d85d37
|
Important refactoring for web-based functionality
|
2012-10-29 15:09:05 +01:00 |
|
Miroslav Stampar
|
d6e16e8641
|
Minor update
|
2012-10-29 11:08:02 +01:00 |
|
Miroslav Stampar
|
359e734954
|
Minor refactoring
|
2012-10-29 10:48:49 +01:00 |
|
Bernardo Damele
|
0a4b6431a8
|
minor bug fix - issue #112
|
2012-07-21 16:51:01 +01:00 |
|
Bernardo Damele
|
dba0a96c2e
|
fall-back to UNION technique if web file stager was not uploaded with LIMIT
|
2012-07-20 17:11:22 +01:00 |
|
Bernardo Damele
|
cbe8f41746
|
minor code refactoring preparing for #96
|
2012-07-20 16:20:17 +01:00 |
|
Miroslav Stampar
|
6677da63cd
|
Fix for an Issue #88
|
2012-07-13 14:25:39 +02:00 |
|
Miroslav Stampar
|
c5ecc8b8db
|
Closing work on Issue #83
|
2012-07-13 11:23:21 +02:00 |
|
Miroslav Stampar
|
48f68bd076
|
First commit for Issue #83
|
2012-07-13 10:35:22 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Bernardo Damele
|
0702dd70b5
|
verify also that the web backdoor has been successfully uploaded
|
2012-07-11 14:08:51 +01:00 |
|
Miroslav Stampar
|
e948e4d45b
|
Some more refactoring
|
2012-07-06 17:18:22 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
61ad3b999a
|
fix for a crash with partial union and --hex
|
2012-03-14 10:31:24 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
ba5eff1de6
|
minor bug fix
|
2011-09-23 18:29:45 +00:00 |
|
Bernardo Damele
|
702ed73a65
|
Added --code switch to match in boolean-based tests against the HTTP response code
|
2011-08-12 16:48:11 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Miroslav Stampar
|
9e453e8709
|
fix for a bug reported by nightman@email.de
|
2011-06-29 17:49:59 +00:00 |
|
Bernardo Damele
|
cd6ceb733e
|
Adjustment and refactoring for takeover via web backdoor
|
2011-06-08 14:16:53 +00:00 |
|
Miroslav Stampar
|
868fbe370b
|
minor beautification
|
2011-05-23 10:39:58 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
d0dff82ce0
|
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
|
2011-04-23 16:25:09 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
8134c2154a
|
adding WHERE enum for payloads
|
2011-02-02 13:34:09 +00:00 |
|
Miroslav Stampar
|
430fd5cd63
|
minor fixes
|
2011-01-25 16:05:06 +00:00 |
|
Miroslav Stampar
|
818c9787b2
|
minor update
|
2011-01-23 21:20:16 +00:00 |
|
Miroslav Stampar
|
b18397fbc7
|
major revisit of --os-shell methods
|
2011-01-23 20:47:06 +00:00 |
|
Bernardo Damele
|
cffa17f5a6
|
Major bug fix - before it raised a traceback, now works.
|
2011-01-18 23:02:47 +00:00 |
|
Miroslav Stampar
|
1fa8f0cba7
|
code reviewing part 2
|
2011-01-15 12:53:40 +00:00 |
|
Miroslav Stampar
|
de54219571
|
code refactoring
|
2010-12-15 12:50:56 +00:00 |
|
Bernardo Damele
|
698f30e65e
|
Cosmetics
|
2010-12-13 21:34:35 +00:00 |
|
Bernardo Damele
|
da3fd17fc3
|
Adjustment to make it work also in OR based injection
|
2010-12-05 12:24:23 +00:00 |
|
Miroslav Stampar
|
6712f4da55
|
some refactoring and one less request for aspx maintanance during --os-shell
|
2010-11-24 14:20:43 +00:00 |
|
Miroslav Stampar
|
9579a97039
|
now ASPX works too for --os-shell
|
2010-11-24 11:38:27 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
17f0609263
|
minor bug fix
|
2010-11-17 13:29:57 +00:00 |
|
Miroslav Stampar
|
2802923dbe
|
some improvements regarding --os-shell web server application choice
|
2010-11-17 11:45:52 +00:00 |
|
Miroslav Stampar
|
bec152609a
|
minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)
|
2010-11-17 09:33:05 +00:00 |
|