Miroslav Stampar
f7be0ca4e2
minor fix
2011-10-28 12:49:35 +00:00
Miroslav Stampar
25f0ec3597
some minor range to xrange conversion (where safe to do)
2011-10-21 22:34:27 +00:00
Miroslav Stampar
a6ade08c28
just in case commit to prevent join string iteration over 'None' values
2011-07-30 13:01:37 +00:00
Miroslav Stampar
4ce93221d1
minor update
2011-07-28 09:24:37 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
d27afaed7e
some fixes
2011-06-16 14:27:44 +00:00
Miroslav Stampar
a397baa89a
fix for a bug reported by viniciusmaxdaloop@gmail.com and few related patches
2011-05-26 08:17:21 +00:00
Miroslav Stampar
eceb5eca7b
fix for --file-read on MSSQL for error technique (again that unpacking was causing problems); also reverting that check for file paths as one user mentioned that network paths are also possible for usage on Windows machines (e.g. \\bla\bla)
2011-05-02 21:55:06 +00:00
Bernardo Damele
284c69a686
Improved --tables for MSSQL too, like r3798
2011-04-30 22:05:02 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Bernardo Damele
d0dff82ce0
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
2011-04-23 16:25:09 +00:00
Miroslav Stampar
f909ecb369
bug fix for mssqlserver escape
2011-04-20 13:41:01 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
b6af80bab3
refactoring, cleanup and improvement
2011-03-29 21:54:15 +00:00
Miroslav Stampar
73e5d20ade
bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)
2011-03-28 11:01:55 +00:00
Bernardo Damele
c078de894f
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
2011-02-10 14:24:04 +00:00
Bernardo Damele
a2c20acf94
Minor fixes once more
2011-02-10 11:34:16 +00:00
Bernardo Damele
d0ddaee3c8
Minor bug fix
2011-02-10 11:28:24 +00:00
Miroslav Stampar
ecaf5729fd
revert
2011-02-06 22:14:18 +00:00
Miroslav Stampar
caaac72029
minor update regarding last commit
2011-02-06 20:15:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Bernardo Damele
b1d6040a48
Minor bug fix so that --search also works when the technique is error-based (which always return a list with lists inside)
2011-01-20 21:46:56 +00:00
Bernardo Damele
50c02fbb37
Done with previous refactoring
2011-01-20 00:01:06 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
2d9b151883
Minor bug fix
2011-01-15 10:14:05 +00:00
Bernardo Damele
e4e9b11b79
Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.
2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Miroslav Stampar
8e1927fe31
minor fix
2011-01-02 18:12:18 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
7c06dbffc3
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
2010-12-22 18:55:50 +00:00
Bernardo Damele
1a3f57e5fe
Cosmetics
2010-12-21 09:23:00 +00:00
Miroslav Stampar
03b275ce33
update
2010-12-20 23:27:04 +00:00
Miroslav Stampar
108a96c6b4
some fixes
2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Miroslav Stampar
b02bd55edc
minor refactoring
2010-12-10 13:04:36 +00:00
Miroslav Stampar
bbffea2cbc
bug fix
2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
64b5de44a0
Converted to new XML object format
2010-11-12 10:11:13 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Bernardo Damele
0c8918bf07
Minor bug fix, thanks Alex
2010-11-08 12:45:23 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00