Miroslav Stampar
|
6632aa7308
|
some more refactoring
|
2012-02-16 13:46:01 +00:00 |
|
Miroslav Stampar
|
7bca926a0b
|
fixes, updates, patches
|
2012-02-09 10:16:58 +00:00 |
|
Miroslav Stampar
|
f86c365694
|
added one more failsafe for MSSQL --tables
|
2012-02-03 10:56:39 +00:00 |
|
Miroslav Stampar
|
f4e7bf1d51
|
minor update regarding support for Unicode characters in Oracle
|
2012-02-01 14:17:27 +00:00 |
|
Miroslav Stampar
|
704488a4e4
|
proper retrieval of unicode characters in inference mode on MSSQL
|
2012-02-01 13:01:46 +00:00 |
|
Miroslav Stampar
|
a6c2fc7ecc
|
some refactoring on MSSQL support
|
2012-02-01 12:53:07 +00:00 |
|
Bernardo Damele
|
ec9cc19951
|
Minor bug fixes for -d
|
2012-01-13 21:46:21 +00:00 |
|
Miroslav Stampar
|
f1147035cf
|
minor concision/beautification update
|
2012-01-10 11:50:26 +00:00 |
|
Miroslav Stampar
|
fecdce5801
|
implemented --tables over information_schema for MSSQL as a failover option for BOOLEAN technique too
|
2012-01-09 21:09:05 +00:00 |
|
Miroslav Stampar
|
f412706fee
|
minor update for MSSQL --tables (fallback to other method)
|
2012-01-03 18:01:14 +00:00 |
|
Miroslav Stampar
|
7d2fce16dc
|
minor fix
|
2011-12-16 11:40:23 +00:00 |
|
Miroslav Stampar
|
cff21814bb
|
minor patch for MSSQL 2008
|
2011-12-16 11:23:41 +00:00 |
|
Miroslav Stampar
|
2adf358524
|
minor update
|
2011-12-03 13:17:43 +00:00 |
|
Miroslav Stampar
|
39b406c5c1
|
fix for --search on Oracle
|
2011-12-02 18:13:27 +00:00 |
|
Miroslav Stampar
|
94790bf08a
|
minor update (removing reference to Microsoft Access for Generic payload)
|
2011-12-01 13:25:27 +00:00 |
|
Miroslav Stampar
|
df4e3be191
|
using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)
|
2011-11-23 22:57:02 +00:00 |
|
Miroslav Stampar
|
d8047c79f3
|
reverting back last two commits
|
2011-11-22 15:28:31 +00:00 |
|
Miroslav Stampar
|
73276c0785
|
even better (added long before plugins table)
|
2011-11-22 15:23:31 +00:00 |
|
Miroslav Stampar
|
ff07031170
|
better choice than character_sets (lesser rows in start and avoiding one rare problem - description column name based)
|
2011-11-22 15:20:12 +00:00 |
|
Miroslav Stampar
|
bbb7e1562d
|
adding AGAINST full-text search boundaries
|
2011-11-12 14:16:43 +00:00 |
|
Miroslav Stampar
|
2e5222bfd8
|
adding INSERT/UPDATE generic boundaries
|
2011-10-28 11:00:09 +00:00 |
|
Miroslav Stampar
|
b6ccc0cc43
|
minor update
|
2011-10-18 14:35:42 +00:00 |
|
Miroslav Stampar
|
597d554153
|
minor update
|
2011-10-18 13:05:49 +00:00 |
|
Miroslav Stampar
|
382db1b67a
|
degrading Microsoft Access UNION tests for one level down (it really does take toooooo long to scan a site with no vulnerable parameters and normal level)
|
2011-08-31 20:35:57 +00:00 |
|
Miroslav Stampar
|
d283e3eb3c
|
adding support for pre-WHERE injections
|
2011-08-24 09:04:18 +00:00 |
|
Miroslav Stampar
|
13eb20cea1
|
minor beautification
|
2011-08-03 10:12:06 +00:00 |
|
Bernardo Damele
|
2e20eb1a88
|
Minor fix
|
2011-08-03 10:08:59 +00:00 |
|
Bernardo Damele
|
b8e2d60bfa
|
Added MSSQL 2008 R2 signatures
|
2011-07-24 23:42:32 +00:00 |
|
Bernardo Damele
|
48f580fb10
|
Minor adjustments to MSSQL fingerprint
|
2011-07-24 23:30:23 +00:00 |
|
Bernardo Damele
|
99a0b62d0d
|
Minor adjustments
|
2011-07-24 22:26:11 +00:00 |
|
Miroslav Stampar
|
ca83305b58
|
added MySQL updatexml error-based payload
|
2011-07-24 21:08:32 +00:00 |
|
Miroslav Stampar
|
a89140e1ce
|
revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)
|
2011-07-23 06:07:00 +00:00 |
|
Miroslav Stampar
|
4cb9988243
|
quick fix
|
2011-07-12 21:09:33 +00:00 |
|
Bernardo Damele
|
c9ba58acb6
|
Moved MS Access UNION query tests after generic as generic test must identify MSSQL
|
2011-07-11 09:47:52 +00:00 |
|
Miroslav Stampar
|
5d31eb5ef7
|
cosmetics and also tested against testing env - works perfectly
|
2011-07-10 09:07:07 +00:00 |
|
Miroslav Stampar
|
eb42cedf2a
|
adding extractvalue MySQL >= 5.1 error payload (http://www.notsosecure.com/folder2/2010/06/29/mysql-exploitation-with-error-messages/) - untested (lack of particular ver for testing) and prone to level/risk adjustment
|
2011-07-10 08:54:22 +00:00 |
|
Miroslav Stampar
|
93219b9e13
|
i've accidentally left table_schema removed while doing some tests. now it should be ok
|
2011-07-08 10:24:46 +00:00 |
|
Bernardo Damele
|
b5dd4d4a63
|
Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection
|
2011-07-08 10:19:01 +00:00 |
|
Miroslav Stampar
|
c517e97a44
|
few fixes and minor cosmetics
|
2011-07-08 06:02:31 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
9eb683531d
|
Minor improvement at blind SQL inj technique for DB2
|
2011-06-27 22:28:12 +00:00 |
|
Bernardo Damele
|
ed4cfbb6d2
|
Minor fix
|
2011-06-27 08:58:59 +00:00 |
|
Miroslav Stampar
|
bedf16b88b
|
adding payloads for time-based injection on SAP MaxDB (heavy query)
|
2011-06-26 23:46:09 +00:00 |
|
Miroslav Stampar
|
d0490cc4e7
|
adding payloads for time-based injection on DB2 (heavy query)
|
2011-06-26 16:38:22 +00:00 |
|
Bernardo Damele
|
36c96ef796
|
Added DB2 support - patch provided by Sebastian Bittig
|
2011-06-25 09:44:24 +00:00 |
|
Bernardo Damele
|
b2e6cf3ed9
|
Enabled --search -C also for Oracle
|
2011-06-24 14:34:20 +00:00 |
|
Miroslav Stampar
|
4188df0501
|
fixes for Sybase
|
2011-06-15 18:49:35 +00:00 |
|
Miroslav Stampar
|
9f6b70f3f9
|
update
|
2011-05-26 22:45:33 +00:00 |
|
Miroslav Stampar
|
0baf931669
|
real generic comment is "-- " not "--" (MySQL doesn't support "--")
|
2011-05-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
171a4c389b
|
added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload
|
2011-05-23 06:24:45 +00:00 |
|