Commit Graph

10 Commits

Author SHA1 Message Date
Bernardo Damele
fa0507ab39 Minor enhancement to fingerprint the back-end DBMS operating system (type,
version, release, distribution, codename and service pack) by parsing the
DBMS banner value when both -f and -b are provided: adapted the code and
added XML files defining regular expressions for matching.

Example of the -f -b output now on MySQL 5.0.67 running on latest Ubuntu:
--8<--
back-end DBMS:	active fingerprint: MySQL >= 5.0.38 and < 5.1.2
                comment injection fingerprint: MySQL 5.0.67
                banner parsing fingerprint: MySQL 5.0.67
                html error message fingerprint: MySQL
back-end DBMS operating system: Linux Ubuntu 8.10 (Intrepid)
--8<--
2008-11-15 23:41:31 +00:00
Bernardo Damele
81ed7c2086 Initial implementation of support for stacked queries.
Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments.
2008-11-12 00:36:50 +00:00
Bernardo Damele
0f79ec0088 Minor bug fix in MySQL comment injection fingerprint technique 2008-11-04 16:05:43 +00:00
Bernardo Damele
09ca578ca1 Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0 also if the user has provided one or more users with -U option; 2008-11-02 18:17:12 +00:00
Bernardo Damele
e2a0f7a47b Fix typo 2008-10-30 23:20:14 +00:00
Bernardo Damele
7ad9639ed0 Updated the database management system fingerprint checks to correctly identify MySQL 5.1.x, MySQL 6.0.x and PostgreSQL 8.3 2008-10-29 15:32:12 +00:00
Bernardo Damele
2fcbb57e1c Minor code restyling 2008-10-26 17:00:07 +00:00
Bernardo Damele
4b02ed45fa Due to last commit.. 2008-10-26 16:45:36 +00:00
Bernardo Damele
892a7b2f8a propsets.. 2008-10-15 15:56:32 +00:00
Bernardo Damele
8e3eb45510 After the storm, a restore.. 2008-10-15 15:38:22 +00:00