[sqlmap-users] Crash when using top / distinct on MSSQL

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

sql> select TOP 3 distinct oooo  from XXXXXX WHERE aaa <123456
[21:35:52] [INFO] fetching SQL SELECT statement query output: 'select TOP 3
distinct abspin from client_acc WHERE abspin<009532'
[21:35:52] [INPUT] can the SQL query provided return multiple entries? [Y/n]

[21:35:53] [INFO] query: SELECT TOP 3 ISNULL(CAST(COUNT(distinct ffff) AS
VARCHAR(8000)), CHAR(32)) FROM dfd_sdf WHERE ggggg <009532
[21:35:53] [INFO] retrieved: 14
[21:36:01] [INFO] performed 20 queries in 7 seconds
[21:36:01] [INPUT] the SQL query provided can return up to 14 entries. How
many entries do you want to retrieve?
[a] All (default)
[#] Specific number
[q] Quit
Choice:
[21:36:12] [ERROR] unhandled exception in sqlmap/0.6.4-rc5, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developers will fix it as soon as
possible:
sqlmap version: 0.6.4-rc5
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
  File "./sqlmap.py", line 81, in main
    start()
  File "/home/konrads/sqlmap/lib/controller/controller.py", line 255, in
start
    action()
  File "/home/konrads/sqlmap/lib/controller/action.py", line 126, in action
    conf.dbmsHandler.sqlShell()
  File "/home/konrads/sqlmap/plugins/generic/enumeration.py", line 1134, in
sqlShell
    output = self.sqlQuery(query)
  File "/home/konrads/sqlmap/plugins/generic/enumeration.py", line 1078, in
sqlQuery
    output = inject.getValue(query, fromUser=True)
  File "/home/konrads/sqlmap/lib/request/inject.py", line 358, in getValue
    value = __goInferenceProxy(expression, fromUser, expected)
  File "/home/konrads/sqlmap/lib/request/inject.py", line 283, in
__goInferenceProxy
    output = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, num)
  File "/home/konrads/sqlmap/lib/request/inject.py", line 85, in
__goInferenceFields
    expression = agent.limitQuery(num, expression, field)
  File "/home/konrads/sqlmap/lib/core/agent.py", line 486, in limitQuery
    topNums         =
re.search("TOP\s+([\d]+)\s+.+?\s+FROM\s+.+?\s+WHERE\s+.+?\s+NOT\s+IN\s+\(SELECT\s+TOP\s+([\d]+)\s+",
limitedQuery, re.I).groups()
AttributeError: 'NoneType' object has no attribute 'groups'

--
Konrads Smelkovs
Applied IT sorcery.