bsqlhacker - Project Hosting on Google Code

Last 30 days Dec 22, 2009 issue 12 (Program always assumes injectable parameter is a string) reported by jeremeyp - What steps will reproduce the problem? 1. any URL where the injection won't work with single quotes i.e., /page.asp?id=1%2b(select top 1 filename from sysfiles)-- works but /page.asp?id=1'%2b(select top 1 filename from sysfiles)-- wouldn't What steps will reproduce the problem? 1. any URL where the injection won't work with single quotes i.e., /page.asp?id=1%2b(select top 1 filename from sysfiles)-- works but /page.asp?id=1'%2b(select top 1 filename from sysfiles)-- wouldn't Older Apr 09, 2009 MySQL_Union_Error_Based_Injection_Template Wiki page added by fmavituna Apr 09, 2009 MySQL5_OrderBy_Blind_SQL_Injection_Template Wiki page edited by fmavituna Apr 09, 2009 MySQL5_OrderBy_Blind_SQL_Injection_Template Wiki page added by fmavituna Mar 31, 2009 r26 (Some ORACLE fixes, This version is quite unstable and middle...) committed by fmavituna - Some ORACLE fixes, This version is quite unstable and middle of development Some ORACLE fixes, This version is quite unstable and middle of development Mar 06, 2009 BSQL Hacker Manual.docx (BSQL Hacker Manual - Spanish (translated by Cristian C)) file uploaded by fmavituna - Labels: Type-Docs Manual Labels: Type-Docs Manual Feb 25, 2009 issue 11 (Application failed to initialize) changed by fmavituna - Owner: fmavituna Labels: Type-Other −Type-Defect Owner: fmavituna Labels: Type-Other −Type-Defect Feb 25, 2009 issue 11 (Application failed to initialize) commented on by fmavituna - Could you attach the screenshot or error message. Also ensure that you've downloaded and installed .NET Framwork 2.0 - http://www.microsoft.com/downloads/details.aspx?familyid=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en Could you attach the screenshot or error message. Also ensure that you've downloaded and installed .NET Framwork 2.0 - http://www.microsoft.com/downloads/details.aspx?familyid=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en Feb 24, 2009 issue 11 (Application failed to initialize) reported by eknath.iyer - It went to a microsoft.com's page while installation. Before the page got loaded, it said "Installation complete" Now, when I run wither BSQL - hacker or bsql hacker console it gives me a fatal error and terminates:( It went to a microsoft.com's page while installation. Before the page got loaded, it said "Installation complete" Now, when I run wither BSQL - hacker or bsql hacker console it gives me a fatal error and terminates:( Jan 23, 2009 issue 8 (Info Request) changed by fmavituna - Status: Done Labels: Type-Other −Type-Defect Status: Done Labels: Type-Other −Type-Defect Jan 23, 2009 issue 9 (Oracle DB Automatic Injection "ORA-00923: FROM keyword not f...) changed by fmavituna - I added to my todo list, hopefully will be fixed in the next release. Status: Accepted Labels: Priority-High −Priority-Medium I added to my todo list, hopefully will be fixed in the next release. Status: Accepted Labels: Priority-High −Priority-Medium Jan 23, 2009 issue 10 (Crash) Labels changed by fmavituna - Could you elaborate the question a little bit more? What you were doing exactly, what happened? and there should be log files in your "My Documents/BSQL Hacker Logs". Could you send all attach all of them. Cheers, Labels: Priority-Low −Priority-Medium Could you elaborate the question a little bit more? What you were doing exactly, what happened? and there should be log files in your "My Documents/BSQL Hacker Logs". Could you send all attach all of them. Cheers, Labels: Priority-Low −Priority-Medium Jan 20, 2009 issue 10 (Crash) reported by Navy9genius - Description: Stopped working Problem signature: Problem Event Name: APPCRASH Application Name: BSQLGUI.exe Application Version: 0.9.0.9 Application Timestamp: 48c7c87f Fault Module Name: KERNEL32.dll Fault Module Version: 6.0.6000.16386 Fault Module Timestamp: 4549bd80 Exception Code: e053534f Exception Offset: 0001b09e OS Version: 6.0.6000.2.0.0.256.1 Locale ID: 1033 _________ Windows Vista Ultimate 32-bit Description: Stopped working Problem signature: Problem Event Name: APPCRASH Application Name: BSQLGUI.exe Application Version: 0.9.0.9 Application Timestamp: 48c7c87f Fault Module Name: KERNEL32.dll Fault Module Version: 6.0.6000.16386 Fault Module Timestamp: 4549bd80 Exception Code: e053534f Exception Offset: 0001b09e OS Version: 6.0.6000.2.0.0.256.1 Locale ID: 1033 _________ Windows Vista Ultimate 32-bit Jan 09, 2009 issue 9 (Oracle DB Automatic Injection "ORA-00923: FROM keyword not f...) reported by amjad.masad - What steps will reproduce the problem? 1. Automated Injection on Oracle DB 2. Check Get Name under settings under automated attack tab 3. What is the expected output? What do you see instead? ORA-00923: FROM keyword not found where expected What version of the product are you using? On what operating system? BSQL HACKER V 0.9.0.9 Please provide any additional information below. All select queries in oracle must have a from clause, select db_name(0) from dual. What steps will reproduce the problem? 1. Automated Injection on Oracle DB 2. Check Get Name under settings under automated attack tab 3. What is the expected output? What do you see instead? ORA-00923: FROM keyword not found where expected What version of the product are you using? On what operating system? BSQL HACKER V 0.9.0.9 Please provide any additional information below. All select queries in oracle must have a from clause, select db_name(0) from dual. Jan 07, 2009 r25 (Revert commit) committed by fmavituna - Revert commit Revert commit Jan 07, 2009 r24 ([No log message]) committed by fmavituna - [No log message] [No log message] Jan 07, 2009 r23 (Mono Branch) committed by fmavituna - Mono Branch Mono Branch Jan 05, 2009 r22 (Removed template prefixes) committed by fmavituna - Removed template prefixes Removed template prefixes Jan 05, 2009 r21 (MySQL Orderby SQL Injection Template) committed by fmavituna - MySQL Orderby SQL Injection Template MySQL Orderby SQL Injection Template Dec 14, 2008 r20 (Genghis Library - http://www.sellsbrothers.com/tools/Genghis...) committed by fmavituna - Genghis Library - http://www.sellsbrothers.com/tools/Genghis/ Genghis Library - http://www.sellsbrothers.com/tools/Genghis/ Dec 14, 2008 r19 (Commandline support and some updates) committed by fmavituna - Commandline support and some updates Commandline support and some updates Oct 13, 2008 issue 8 (Info Request) Owner changed by fmavituna - Yes just copy & paste should work. Are you getting an error or is it just failing to confirm SQL Injection ? BTW instead of username=test&password={X}test use username=test&password=test{X} {X} should be after the value. I'm not saying this is going to solve the problem but that's how it designed to use. Also you can try manually doing it from "Import > Parse Raw HTTP Request". Owner: fmavituna Yes just copy & paste should work. Are you getting an error or is it just failing to confirm SQL Injection ? BTW instead of username=test&password={X}test use username=test&password=test{X} {X} should be after the value. I'm not saying this is going to solve the problem but that's how it designed to use. Also you can try manually doing it from "Import > Parse Raw HTTP Request". Owner: fmavituna Oct 03, 2008 issue 8 (Info Request) reported by ross.bushby - What steps will reproduce the problem? 1. 2. 3. What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. Hi, Not sure if this is the correct place to post this, but wanted verify the syntax of the POST inpput when using wizard Mode. I have tried many different ways but have managed to get this to work using POST Method. If my output from Paros (for example) is as follows: POST http://192.168.19.10/process_login.asp HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x- shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms- excel, application/vnd.ms-powerpoint, application/msword, application/x- silverlight, / Referer: http://192.168.19.10/login.html Accept-Language: en-gb,zh-cn;q=0.5 Content-Type: application/x-www-form-urlencoded Proxy-Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) Paros/3.2.13 Host: 192.168.19.10 Content-Length: 27 Pragma: no-cache Cookie: ASPSESSIONIDQGQQGTWC=OGDKCIACGMNDHGHJAPKGKFID username=test&password=test Can I just paste this straight into the BSQL hacker RAW Reuqest windows? Understand that parameter value for injection must be as so: username=test&password={X}test I have tried a number of variations of this and it doesnt seem to work, maybe I am being stupid but all seems well with GET Method test. Regards, Ross. What steps will reproduce the problem? 1. 2. 3. What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. Hi, Not sure if this is the correct place to post this, but wanted verify the syntax of the POST inpput when using wizard Mode. I have tried many different ways but have managed to get this to work using POST Method. If my output from Paros (for example) is as follows: POST http://192.168.19.10/process_login.asp HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x- shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms- excel, application/vnd.ms-powerpoint, application/msword, application/x- silverlight, / Referer: http://192.168.19.10/login.html Accept-Language: en-gb,zh-cn;q=0.5 Content-Type: application/x-www-form-urlencoded Proxy-Connection: Keep-Alive User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648) Paros/3.2.13 Host: 192.168.19.10 Content-Length: 27 Pragma: no-cache Cookie: ASPSESSIONIDQGQQGTWC=OGDKCIACGMNDHGHJAPKGKFID username=test&password=test Can I just paste this straight into the BSQL hacker RAW Reuqest windows? Understand that parameter value for injection must be as so: username=test&password={X}test I have tried a number of variations of this and it doesnt seem to work, maybe I am being stupid but all seems well with GET Method test. Regards, Ross. Sep 26, 2008 r18 (More work on driller, almost working now.) committed by fmavituna - More work on driller, almost working now. More work on driller, almost working now. Sep 26, 2008 Screenshots (Some screenshots.) Wiki page edited by fmavituna Sep 26, 2008 Screenshots (Some screenshots.) Wiki page added by fmavituna Sep 24, 2008 r15 (- Unstable Commit! - Working on database drilling feature ) committed by fmavituna - - Unstable Commit! - Working on database drilling feature - Unstable Commit! - Working on database drilling feature Sep 17, 2008 r14 (Still working on Driller...) committed by fmavituna - Still working on Driller... Still working on Driller... Sep 16, 2008 r13 (Better error handling in automated injections Small GUI Chan...) committed by fmavituna - Better error handling in automated injections Small GUI Changes A few refactoring in the code Started database drilling feature Better error handling in automated injections Small GUI Changes A few refactoring in the code Started database drilling feature Sep 16, 2008 issue 3 (System.ArgumentNullException: Value cannot be null.) Labels changed by fmavituna - Labels: Priority-Low −Priority-Medium Labels: Priority-Low −Priority-Medium Sep 16, 2008 issue 4 (Cannot access a disposed object. Object name: 'TextBox'.) Status changed by fmavituna - Status: Fixed Status: Fixed Sep 10, 2008 issue 5 (Crash on Test Injection) changed by fmavituna - Fixed, in the repository now. Will be in the 0.9.0.9 release. Status: Verified Owner: fmavituna Fixed, in the repository now. Will be in the 0.9.0.9 release. Status: Verified Owner: fmavituna Sep 10, 2008 r12 (Crash on Test Injection if the response is nothing fixed. So...) committed by fmavituna - Crash on Test Injection if the response is nothing fixed. Some typo fixes. Crash on Test Injection if the response is nothing fixed. Some typo fixes. Sep 10, 2008 issue 4 (Cannot access a disposed object. Object name: 'TextBox'.) commented on by aspsrc - Teşekkürler. 0.9.0.8 versiyon'u çektim. Gelişmeleri merakla bekliyoruz ;) Kolay Gelsin. Teşekkürler. 0.9.0.8 versiyon'u çektim. Gelişmeleri merakla bekliyoruz ;) Kolay Gelsin. Sep 10, 2008 issue 3 (System.ArgumentNullException: Value cannot be null.) commented on by fmavituna - Could you provide more information about how to reproduce the issue ? Could you provide more information about how to reproduce the issue ? Sep 10, 2008 issue 7 (Feature request - Selective Extract of Table Data) changed by fmavituna - It's in the to-do list. Thanks for the feature request. Status: Accepted Owner: fmavituna Labels: Type-Enhancement −Type-Defect It's in the to-do list. Thanks for the feature request. Status: Accepted Owner: fmavituna Labels: Type-Enhancement −Type-Defect Sep 10, 2008 issue 6 (Error) changed by fmavituna - Should be fixed in the latest version. Please send a new bug report if the latest version hasn't fixed this problem. Status: Duplicate Owner: fmavituna Cc: fmavituna Should be fixed in the latest version. Please send a new bug report if the latest version hasn't fixed this problem. Status: Duplicate Owner: fmavituna Cc: fmavituna Sep 10, 2008 issue 5 (Crash on Test Injection) Status changed by fmavituna - Confirmed the bug, working on it. Status: Accepted Confirmed the bug, working on it. Status: Accepted Sep 10, 2008 issue 4 (Cannot access a disposed object. Object name: 'TextBox'.) Status changed by fmavituna - This issue is happening because during the closing down process opened threads are trying to access disposed objects. I tried to fix this, you can download 0.9.0.8 version. There can be similar issues in rare situations, I'm working on them. Status: Accepted This issue is happening because during the closing down process opened threads are trying to access disposed objects. I tried to fix this, you can download 0.9.0.8 version. There can be similar issues in rare situations, I'm working on them. Status: Accepted Sep 10, 2008 issue 2 (System.NullReferenceException: Object reference not set to a...) changed by fmavituna - Bu hata 0.9.0.8 versiyonda cozuldu. Hata raporu icin tesekkurler. Status: Verified Owner: fmavituna Bu hata 0.9.0.8 versiyonda cozuldu. Hata raporu icin tesekkurler. Status: Verified Owner: fmavituna Sep 10, 2008 issue 1 (Crach on "Injection Wizard") changed by fmavituna - This issues has been fixed in 0.9.0.8. Please upgrade to the latest version of BSQL Hacker. Status: Verified Owner: fmavituna This issues has been fixed in 0.9.0.8. Please upgrade to the latest version of BSQL Hacker. Status: Verified Owner: fmavituna Sep 09, 2008 issue 7 (Feature request - Selective Extract of Table Data) reported by ross.bushby - What steps will reproduce the problem? 1. 2. 3. What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. Hi, would it be possible to provide a feature that allows you to retrieve only selected database tables. For example Table Names are retrieved, then only Columns and Data are retrieved from the selected tables rather than ALL tables? What steps will reproduce the problem? 1. 2. 3. What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below. Hi, would it be possible to provide a feature that allows you to retrieve only selected database tables. For example Table Names are retrieved, then only Columns and Data are retrieved from the selected tables rather than ALL tables? Aug 26, 2008 issue 6 (Error) reported by gokhan366 - System.ObjectDisposedException: Cannot access a disposed object. Object name: 'TextBox'. at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.TextBoxBase.CreateHandle() at System.Windows.Forms.TextBoxBase.SetSelectedTextInternal(String text, Boolean clearUndo) at System.Windows.Forms.TextBoxBase.set_SelectedText(String value) at System.Windows.Forms.TextBoxBase.AppendText(String text) at BSQLGUI.FrmMain.AppendLog(String log) in C:\Development\BSQL Hacker\BSQL GUI\FormUI.vb:line 240 at BlindSQLHacker.Settings.RaiseLog(String message, Level level, Exception ex) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\Settings.vb:line 1385 at BSQLAttackLayer.AutomatedAttack.InjectionResult() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 624 at BSQLAttackLayer.AutomatedAttack.GetData(Boolean Enabled, String SQL, ResponseType injectionEvent) in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 364 at BSQLAttackLayer.AutomatedAttack.Attack() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 280 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() System.ObjectDisposedException: Cannot access a disposed object. Object name: 'TextBox'. at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.TextBoxBase.CreateHandle() at System.Windows.Forms.TextBoxBase.SetSelectedTextInternal(String text, Boolean clearUndo) at System.Windows.Forms.TextBoxBase.set_SelectedText(String value) at System.Windows.Forms.TextBoxBase.AppendText(String text) at BSQLGUI.FrmMain.AppendLog(String log) in C:\Development\BSQL Hacker\BSQL GUI\FormUI.vb:line 240 at BlindSQLHacker.Settings.RaiseLog(String message, Level level, Exception ex) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\Settings.vb:line 1385 at BSQLAttackLayer.AutomatedAttack.InjectionResult() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 624 at BSQLAttackLayer.AutomatedAttack.GetData(Boolean Enabled, String SQL, ResponseType injectionEvent) in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 364 at BSQLAttackLayer.AutomatedAttack.Attack() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 280 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() Aug 25, 2008 issue 5 (Crash on Test Injection) reported by Darkness.MKD - What steps will reproduce the problem? 1. I put the URL 2. And on Detection Tab on Search Based i Check Determinate Diffrences Automaticlly 3. And Click Test Injection What is the expected output? What do you see instead? Error What version of the product are you using? On what operating system? V 0.9.0.7 on Windows XP SP3 Please provide any additional information below. What steps will reproduce the problem? 1. I put the URL 2. And on Detection Tab on Search Based i Check Determinate Diffrences Automaticlly 3. And Click Test Injection What is the expected output? What do you see instead? Error What version of the product are you using? On what operating system? V 0.9.0.7 on Windows XP SP3 Please provide any additional information below. Aug 20, 2008 issue 4 (Cannot access a disposed object. Object name: 'TextBox'.) reported by aspsrc - What steps will reproduce the problem? 1. Test Injection 2. Attack Successful Finished 3. Program Closing What is the expected output? What do you see instead? System.ObjectDisposedException was unhandled Message="Cannot access a disposed object.\r\nObject name: 'TextBox'." Source="System.Windows.Forms" ObjectName="TextBox" StackTrace: at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.TextBoxBase.CreateHandle() at System.Windows.Forms.TextBoxBase.SetSelectedTextInternal(String text, Boolean clearUndo) at System.Windows.Forms.TextBoxBase.AppendText(String text) at BSQLGUI.FrmMain.AppendLog(String log) in C:\Development\BSQL Hacker\BSQL GUI\FormUI.vb:line 241 at BSQLAttackLayer.AutomatedAttack.GetCount(Settings settings, String SQLQuery) in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 569 at BSQLAttackLayer.AutomatedAttack.GetTables() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 502 at BSQLAttackLayer.AutomatedAttack.Attack() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 289 at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: What version of the product are you using? On what operating system? 0.9.0.7 What steps will reproduce the problem? 1. Test Injection 2. Attack Successful Finished 3. Program Closing What is the expected output? What do you see instead? System.ObjectDisposedException was unhandled Message="Cannot access a disposed object.\r\nObject name: 'TextBox'." Source="System.Windows.Forms" ObjectName="TextBox" StackTrace: at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.TextBoxBase.CreateHandle() at System.Windows.Forms.TextBoxBase.SetSelectedTextInternal(String text, Boolean clearUndo) at System.Windows.Forms.TextBoxBase.AppendText(String text) at BSQLGUI.FrmMain.AppendLog(String log) in C:\Development\BSQL Hacker\BSQL GUI\FormUI.vb:line 241 at BSQLAttackLayer.AutomatedAttack.GetCount(Settings settings, String SQLQuery) in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 569 at BSQLAttackLayer.AutomatedAttack.GetTables() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 502 at BSQLAttackLayer.AutomatedAttack.Attack() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AutomatedAttack.vb:line 289 at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: What version of the product are you using? On what operating system? 0.9.0.7 Aug 20, 2008 r11 (Bug report screen disabled for now.) committed by fmavituna - Bug report screen disabled for now. Bug report screen disabled for now. Aug 20, 2008 r10 (2 crashes handled gracefully) committed by fmavituna - 2 crashes handled gracefully 2 crashes handled gracefully Aug 20, 2008 issue 3 (System.ArgumentNullException: Value cannot be null.) reported by chinxx - xp prof sp 3 System.ArgumentNullException: Value cannot be null. Parameter name: array at System.Array.IndexOf[T](T[] array, T value) at BlindSQLHacker.ContentAnalyzer.AverageSubtractiveFilters(Int32[][] SubtractiveFilterArray) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\ContentAnalyzer.vb:line 319 at BlindSQLHacker.ContentAnalyzer.ProcessContent() in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\ContentAnalyzer.vb:line 167 at BlindSQLHacker.GenerateSignatures.GetAnalyzer() in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\GenerateSignatures.vb:line 84 at BlindSQLHacker.Settings.GenerateContentAnalyzer() in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\Settings.vb:line 445 at BSQLAttackLayer.AttackTest.Test() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AttackTest.vb:line 128 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 319 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) xp prof sp 3 System.ArgumentNullException: Value cannot be null. Parameter name: array at System.Array.IndexOf[T](T[] array, T value) at BlindSQLHacker.ContentAnalyzer.AverageSubtractiveFilters(Int32[][] SubtractiveFilterArray) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\ContentAnalyzer.vb:line 319 at BlindSQLHacker.ContentAnalyzer.ProcessContent() in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\ContentAnalyzer.vb:line 167 at BlindSQLHacker.GenerateSignatures.GetAnalyzer() in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\GenerateSignatures.vb:line 84 at BlindSQLHacker.Settings.GenerateContentAnalyzer() in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\Settings.vb:line 445 at BSQLAttackLayer.AttackTest.Test() in C:\Development\BSQL Hacker\BSQLAttackLayer\Attacks\AttackTest.vb:line 128 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 319 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) Aug 19, 2008 issue 2 (System.NullReferenceException: Object reference not set to a...) reported by berker.peksag - Injection Wizard'a tıkladıktan sonra, "from raw request" bölümünde deneme isteğimi yazdım ve finish deyince ekteki hatayı aldım. İşletim sistemi: WinXP, .net Framework 2.0 Injection Wizard'a tıkladıktan sonra, "from raw request" bölümünde deneme isteğimi yazdım ve finish deyince ekteki hatayı aldım. İşletim sistemi: WinXP, .net Framework 2.0 Aug 19, 2008 issue 1 (Crach on "Injection Wizard") reported by sacrosancttayyar - 1. "From Raw Request" : I smiply typed this : 'POST /?q=1{X} HTTP/1.1' 2. "Query String" : like 'htpp://xxx.edu.tr/xxx' 3. Finish ---------------------- The crash report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- Other similar report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- .Net Framework version:2.0 O.S. : Windows XP SP2 (Updated) 1. "From Raw Request" : I smiply typed this : 'POST /?q=1{X} HTTP/1.1' 2. "Query String" : like 'htpp://xxx.edu.tr/xxx' 3. Finish ---------------------- The crash report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- Other similar report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- .Net Framework version:2.0 O.S. : Windows XP SP2 (Updated)

issue 1 (Crach on "Injection Wizard") reported by sacrosancttayyar - 1. "From Raw Request" : I smiply typed this : 'POST /?q=1{X} HTTP/1.1' 2. "Query String" : like 'htpp://xxx.edu.tr/xxx' 3. Finish ---------------------- The crash report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- Other similar report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- .Net Framework version:2.0 O.S. : Windows XP SP2 (Updated)

1. "From Raw Request" : I smiply typed this : 'POST /?q=1{X} HTTP/1.1' 2. "Query String" : like 'htpp://xxx.edu.tr/xxx' 3. Finish ---------------------- The crash report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- Other similar report: System.NullReferenceException: Object reference not set to an instance of an object. at BlindSQLHacker.AttackFile.AttackFileFromRawRequest(String HTTPRawRequest, Boolean expectSSL) in C:\Development\BSQL Hacker\BlindSQL Hacker\Classes\AttackFile.vb:line 706 at BSQLGUI.Wizard.LaunchTest(Object startSettings) in C:\Development\BSQL Hacker\BSQL GUI\Wizard.vb:line 268 at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart(Object obj) ---------------------- .Net Framework version:2.0 O.S. : Windows XP SP2 (Updated)

Last 30 days

Older