Miroslav Stampar
|
f8a01ddaf8
|
minor update
|
2010-12-15 11:21:47 +00:00 |
|
Miroslav Stampar
|
63f5c35c23
|
bug fix
|
2010-12-15 10:02:58 +00:00 |
|
Miroslav Stampar
|
d5fb921154
|
removed debug print
|
2010-12-09 20:08:59 +00:00 |
|
Miroslav Stampar
|
0eb2c408a9
|
code refactoring
|
2010-12-09 16:49:02 +00:00 |
|
Bernardo Damele
|
df5f6bc1b7
|
Little precaution
|
2010-12-09 14:06:43 +00:00 |
|
Bernardo Damele
|
5fb04515d3
|
Added hidden (for the moment) switch --technique
|
2010-12-09 13:47:17 +00:00 |
|
Bernardo Damele
|
0c01be0eeb
|
Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).
|
2010-12-09 00:34:02 +00:00 |
|
Bernardo Damele
|
9c61adb21d
|
Cosmetics
|
2010-12-09 00:26:06 +00:00 |
|
Bernardo Damele
|
10ef2b5de8
|
Minor bug fix
|
2010-12-08 23:09:42 +00:00 |
|
Miroslav Stampar
|
81c16926c1
|
code refactoring some more
|
2010-12-08 14:46:07 +00:00 |
|
Miroslav Stampar
|
ed09c53ee4
|
minor minor update
|
2010-12-08 14:27:37 +00:00 |
|
Miroslav Stampar
|
1ae2fa7f1a
|
update regarding time based payloads
|
2010-12-08 11:26:54 +00:00 |
|
Miroslav Stampar
|
a4a63f5b1e
|
minor update
|
2010-12-07 23:49:00 +00:00 |
|
Miroslav Stampar
|
293ce18fed
|
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
|
2010-12-07 23:32:33 +00:00 |
|
Miroslav Stampar
|
575e50673b
|
minor update
|
2010-12-07 19:27:01 +00:00 |
|
Miroslav Stampar
|
398b82644a
|
little explanation
|
2010-12-07 19:25:26 +00:00 |
|
Miroslav Stampar
|
dc651d59ec
|
little mathematics here and there (used "Rules for normally distributed data")
|
2010-12-07 19:19:12 +00:00 |
|
Bernardo Damele
|
ee72838231
|
Removed debug print
|
2010-12-07 17:19:29 +00:00 |
|
Bernardo Damele
|
5f97312f29
|
Minor fix
|
2010-12-07 17:17:38 +00:00 |
|
Miroslav Stampar
|
ecd4a5a532
|
added standard deviation check in time based tests
|
2010-12-07 16:39:31 +00:00 |
|
Miroslav Stampar
|
294119d2ec
|
more advanced time technique(s)
|
2010-12-07 16:04:53 +00:00 |
|
Miroslav Stampar
|
4959da3ce6
|
it's a must to double check time based payloads
|
2010-12-07 14:59:11 +00:00 |
|
Miroslav Stampar
|
e53fef546e
|
update regarding session page templates
|
2010-12-07 14:35:31 +00:00 |
|
Miroslav Stampar
|
add6235b16
|
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
|
2010-12-07 14:06:54 +00:00 |
|
Miroslav Stampar
|
0dc630203f
|
code refactoring
|
2010-12-07 13:34:06 +00:00 |
|
Bernardo Damele
|
8e78057ac8
|
Added counter of total HTTP(s) requests done during detection phase
|
2010-12-07 12:33:47 +00:00 |
|
Miroslav Stampar
|
3d87489de5
|
minor update
|
2010-12-07 08:05:03 +00:00 |
|
Miroslav Stampar
|
0da1ebde7d
|
introducing PostgreSQL time based blind
|
2010-12-07 00:51:14 +00:00 |
|
Miroslav Stampar
|
61f82fd274
|
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
|
2010-12-07 00:27:26 +00:00 |
|
Miroslav Stampar
|
2735848ab6
|
removed ERROR_SPACE
|
2010-12-06 22:40:07 +00:00 |
|
Miroslav Stampar
|
9ccc8f90a3
|
minor cosmetic update ("heuristics shows" is not grammatically correct)
|
2010-12-06 18:47:22 +00:00 |
|
Miroslav Stampar
|
d336f1df23
|
minor update
|
2010-12-06 18:44:42 +00:00 |
|
Miroslav Stampar
|
d77ddbee47
|
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
|
2010-12-06 18:20:57 +00:00 |
|
Miroslav Stampar
|
27ee9a5ccf
|
minor refactoring
|
2010-12-06 15:50:19 +00:00 |
|
Miroslav Stampar
|
5189f138d7
|
increasing socket timeout in case of time based checks
|
2010-12-05 23:18:16 +00:00 |
|
Miroslav Stampar
|
7a5cd3b35f
|
minor comment update
|
2010-12-05 11:15:09 +00:00 |
|
Bernardo Damele
|
618b3b0211
|
Cosmetics
|
2010-12-05 11:05:57 +00:00 |
|
Miroslav Stampar
|
9e5f933ace
|
some updates
|
2010-12-04 15:47:02 +00:00 |
|
Miroslav Stampar
|
1f795622b3
|
some fine tuning of dynamicity removing engine
|
2010-12-04 13:39:35 +00:00 |
|
Miroslav Stampar
|
eeb199375b
|
usage of compiled regexes in case of dynamic markings and other refactoring
|
2010-12-04 13:23:28 +00:00 |
|
Miroslav Stampar
|
0fc7a8f9e8
|
code refactoring
|
2010-12-04 10:13:18 +00:00 |
|
Miroslav Stampar
|
04714374f9
|
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
|
2010-12-04 10:05:18 +00:00 |
|
Bernardo Damele
|
0e6359ab6e
|
Minor layout adjustment
|
2010-12-03 16:11:35 +00:00 |
|
Bernardo Damele
|
6e73adec47
|
Get rid of one useless attribute
|
2010-12-03 16:11:13 +00:00 |
|
Bernardo Damele
|
11058667e4
|
Better naming
|
2010-12-03 14:45:13 +00:00 |
|
Bernardo Damele
|
b824826a89
|
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
|
2010-12-03 14:39:51 +00:00 |
|
Bernardo Damele
|
bb40ab9fb0
|
Major bug fix for default boolean-based vector still work and minor adjustments
|
2010-12-03 14:31:11 +00:00 |
|
Miroslav Stampar
|
612ee08a0b
|
added response time kb attribute
|
2010-12-03 13:19:34 +00:00 |
|
Bernardo Damele
|
4dec049c22
|
Major bug fix for test on ORDER BY and GROUP BY clauses.
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
|
2010-12-03 12:00:03 +00:00 |
|
Bernardo Damele
|
7d6f51f758
|
Avoid blank space between prefix and test's payload if it's a stacked queries test
|
2010-12-03 10:42:46 +00:00 |
|