hexon Posted June 7, 2010 Report Posted June 7, 2010 Hexjector Version 1.0.7.3SE (5/6/2010)Changes Made from previous release :-Special Edition-Disclaimer added.-Hexjector Official Documentation for Win32 released.-MySQL Injection v5 Full Database Enumeration (There was a few bugs in past releases that is fixed in this version and Data Retrieved is checked one by one.).-Persistent XSS is patched by filtering the $url2. (For the Patch, you can find it at Exploitdb or email me if it has still not posted at exploitdb) -Html Dump temporary removed due to 0day Vulnerablity found by me.-Video regarding 0day Exploit is made and uploaded at youtube.-Non-Persistent XSS is patched. -Another Non-persistent XSS is patched (Hexdumper).-Yet Another Non-persistent XSS is patched (Hexafind).-Every input is filtered to prevent XSS.-cURL is modified to reduce HTTP Request Time Usage.-Type of Injection(Numeric,String Based) added.-Changes in Query according to Numeric or String Based Detection is added.-Total Queries Generated for Information_schema,phpmyadmin and mysql is 359.-Error in Hexdumper fixed. (wafdetect($dumpstr))-Filenames had been modifed to make it more professional.-Error in Column Count is patched.-Coalesce() is added.-Error on conditional matching is fixed. ($str_col=true)-Now I will focus on MySQL Injection v4.-MySQL Injection v4 is temporary disabled as I never refined the code since made and it is kind of buggy. -You may notice some performance slow down.(Reason is located at the below).-Problem on if there is too many columns ,only partial of the data will be extracted is patched.-Interface changed to aid users in finding the data wanted(Data are in bold).-SiXSS Added.-Custom Header is added.-Server Information is added.-Connect4.php editted to make it more error-proof.-Processes of Hexafind,Hexoutfile and Hexdumpfile has been changed to make it more real-time.-Hexoutfile(Into OutFile) added.-New File Created : hexoutfile.php-Hexdumpfile(Into DumpFile) added .-New File Created : hexdumpfile.php-Load_File added.-New File Created : hexloader.php-Custom Back Parameter added.-Update Check Module is added.-Version Comment added.-Operating System Detection added.-Operating System Architecture Detection added.-Temporary Directory Retrieval Added.-New File added : HexacURL.php-HexacURL is a cURL based webbrowser with Header Enumeration to ease Professional Pentesters to solve the sql query problems.-Non-persistent XSS is expected if the site has XSS.It is more or less like a browser so this is normal.-Testers can use it to find the unique parameter input it in Custom Parameter of Hexjector so Hexjector can execute.-Custom Whitespace added.-To Hexadecimal added.-Url_encode added.-Url_decode added.Download Link :Windows : https://sourceforge.net/projects/hexjector/files/Hexjector%20%28Win32%29/Hexjector%20v1.0.7.3SE.zip/downloadUnix : https://sourceforge.net/projects/hexjector/files/Hexjector%20%28Unix%29/Hexjector%20v1.0.7.3SE.tar/downloadMac :https://sourceforge.net/projects/hexjector/files/Hexjector%20%28Mac%29/Hexjector%20v1.0.7.3SE.tar/download 1 Quote
