Re: [sqlmap-users] End string DB2
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] End string DB2
|
From: David A. <dav...@gm...> - 2012-01-30 11:23:07
|
Hi Miroslav, Thank you for your response! "INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests. great! Now, I report you an unhandled exception found during the test: *[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.* *sqlmap version: 1.0-dev (r4692)* *Python version: 2.6.6* *Operating system: posix* *Command line: sqlmap.py -u ************************************************************************************************************************************************************************* --data ******************************************************* -p param --cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1 --safe-url=*************************************** --tables* *Technique: BOOLEAN* *Back-end DBMS: IBM DB2 (fingerprinted)* *Traceback (most recent call last):* * File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main* * start()* * File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563, in start * * action()* * File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in action * * conf.dumper.dbTables(conf.dbmsHandler.getTables())* * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833, in getTables* * dbs = self.getDbs()* * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777, in getDbs* * db = inject.getValue(query, inband=False, error=False)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in getValue * * value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar, dump)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in __goInferenceProxy* * outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in __goInferenceFields* * output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in __goInference * * count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)* * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line 497, in bisection* * val = getChar(index, asciiTbl)* * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line 214, in getChar* * unescapedCharValue = unescaper.unescape(markingValue % decodeIntToUnicode(posValue))* *TypeError: %c requires int or char* Kind Regards, David Alvarez On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi David. > > Fact is that we rely that DBMS won't return a proper character on a > request for "substring" on non-valid index and that works ok for most of > today's DBMSes. > > But, also we do have a check for these kind of cases. If there is more > than some predefined number of spaces at the end of the retrieved value we > just abruptly abort with that value, trim spaces from the end and continue > on with the next item. > > Thing is that that "breaking" value is currently (r4692) set to 10 and if > you think that's too high for your case you are more than welcome to adjust > it to your needs. Just go to the lib/core/settings.py and change line: > > INFERENCE_BLANK_BREAK = 10 > > to something more appropriate for your needs (e.g. 3) > > Kind regards, > Miroslav Stampar > > On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez <dav...@gm... > > wrote: > >> Hello, >> >> There is a sql injection in an IBM DB2 9.1. I'm using an AND >> boolean-based blind injection. The problem is that sqlmap doesn't check >> properly the end of the string and go in loop getting space chars as result. >> >> I'm using the latest version of sqlmap (r4690). >> >> How could I resolve it? >> >> Regards, >> David Alvarez >> >> >> ------------------------------------------------------------------------------ >> Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |