Re: [sqlmap-users] Bug: Unhandled exception while doing a sql-shell query on MSSQL 2000, blind mode
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Bug: Unhandled exception while doing a sql-shell query on MSSQL 2000, blind mode with ORDER clause
|
From: Konrads S. <ko...@sm...> - 2009-01-28 13:56:02
|
Perhaps this diff solves it:
Index: lib/core/agent.py
===================================================================
--- lib/core/agent.py (revision 330)
+++ lib/core/agent.py (working copy)
@@ -458,7 +458,7 @@
elif kb.dbms == "Oracle":
if " ORDER BY " in limitedQuery and "(SELECT " in limitedQuery:
- limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY
")]
+ limitedQuery = limitedQuery[:limitedQuery.lower().index("
ORDER BY ")]
if query.startswith("SELECT "):
limitedQuery = "%s FROM (%s, %s" % (untilFrom, untilFrom,
limitStr)
@@ -469,7 +469,7 @@
elif kb.dbms == "Microsoft SQL Server":
if " ORDER BY " in limitedQuery:
- limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY
")]
+ limitedQuery = limitedQuery[:limitedQuery.lower().index("
ORDER BY ")]
if not limitedQuery.startswith("SELECT TOP ") and not
limitedQuery.startswith("TOP "):
limitedQuery = limitedQuery.replace("SELECT ", (limitStr %
1), 1)
Index: lib/request/inject.py
===================================================================
--- lib/request/inject.py (revision 330)
+++ lib/request/inject.py (working copy)
@@ -205,7 +205,7 @@
countedExpression =
expression.replace(expressionFields, countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
- untilOrderChar = countedExpression.index(" ORDER BY
")
+ untilOrderChar = countedExpression.lower().index("
ORDER BY ")
countedExpression =
countedExpression[:untilOrderChar]
count = resume(countedExpression, payload)
@@ -342,7 +342,7 @@
if inband and conf.unionUse and kb.dbms:
if kb.dbms == "Oracle" and " ORDER BY " in expression:
- expression = expression[:expression.index(" ORDER BY ")]
+ expression = expression[:expression.lower().index(" ORDER BY
")]
value = __goInband(expression, expected)
Index: lib/techniques/inband/union/use.py
===================================================================
--- lib/techniques/inband/union/use.py (revision 330)
+++ lib/techniques/inband/union/use.py (working copy)
@@ -231,7 +231,7 @@
countedExpression = origExpr.replace(expressionFields,
countFirstField, 1)
if re.search(" ORDER BY ", expression, re.I):
- untilOrderChar = countedExpression.index(" ORDER BY
")
+ untilOrderChar = countedExpression.lower().index("
ORDER BY ")
countedExpression =
countedExpression[:untilOrderChar]
count = resume(countedExpression, None)
--
Konrads Smelkovs
Applied IT sorcery.
On Wed, Jan 28, 2009 at 2:42 PM, Konrads Smelkovs <ko...@sm...>wrote:
> [14:39:38] [INFO] calling Microsoft SQL Server shell. To quit type 'x' or
> 'q' and press ENTER
> sql> select name from sysobjects ORDER by xtype DESC
> [14:39:43] [INFO] fetching SQL SELECT statement query output: 'select name
> from sysobjects ORDER by xtype DESC'
> [14:39:43] [INPUT] can the SQL query provided return multiple entries?
> [Y/n]
> [14:39:44] [ERROR] unhandled exception in sqlmap/0.6.4-rc4, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developers will fix it as soon as
> possible:
> sqlmap version: 0.6.4-rc4
> Python version: 2.5.2
> Operating system: linux2
> Traceback (most recent call last):
> File "./sqlmap.py", line 81, in main
> start()
> File "/home/konrads/sqlmap/lib/controller/controller.py", line 255, in
> start
> action()
> File "/home/konrads/sqlmap/lib/controller/action.py", line 126, in action
> conf.dbmsHandler.sqlShell()
> File "/home/konrads/sqlmap/plugins/generic/enumeration.py", line 1117, in
> sqlShell
> output = self.sqlQuery(query)
> File "/home/konrads/sqlmap/plugins/generic/enumeration.py", line 1061, in
> sqlQuery
> output = inject.getValue(query, fromUser=True)
> File "/home/konrads/sqlmap/lib/request/inject.py", line 358, in getValue
> value = __goInferenceProxy(expression, fromUser, expected)
> File "/home/konrads/sqlmap/lib/request/inject.py", line 208, in
> __goInferenceProxy
> untilOrderChar = countedExpression.index(" ORDER BY ")
> ValueError: substring not found
>
> [*] shutting down at: 14:39:44
>
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
|
