Re: [sqlmap-users] Bug report 0.8-rc1

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Superman,

I can't reproduce this bug on my test environment.
Can you please edit ./lib/techniques/blind/inference.py adding before
line 126 the following:

print "expressionUnescaped: " + expressionUnescaped + " idx: " + idx +
" posValue: " + posValue

and get back with the whole sqlmap output from the beginning?

Cheers,
Bernardo

>     forgedPayload = payload % (expressionUnescaped, idx, posValue)
On Tue, Nov 17, 2009 at 19:18, Clark Kent <wo...@gm...> wrote:
>
> Command
> sqlmap.py -u "http://vulnerable.com/test.aspx?page=95937&id=95937" -p "id"
> -v3 --dbs --string "hidden"
>
> Cookie:
> ASP.NET_SessionId=3jnjn345cxjtmequ2g0qqg45;B100Serverpoolcookie=3841711232.1.3728877696.2466886620
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> User-agent: sqlmap/0.8-rc1 (http://sqlmap.sourceforge.net)
> Connection: close
>
> [11:13:14] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows 2003 or 2008
> web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 1.1.4322
> back-end DBMS: Microsoft SQL Server 2005
>
> [11:13:14] [INFO] fetching database names
> [11:13:14] [INFO] fetching number of databases
> [11:13:14] [DEBUG] query: SELECT ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
> VARCHAR(8000)), CHAR(32)) FROM master..sysdatabases
> [11:13:14] [ERROR] unhandled exception in sqlmap/0.8-rc1, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.8-rc1
> Python version: 2.6.4
> Operating system: linux2
> Traceback (most recent call last):
>   File "./sqlmap.py", line 84, in main
>     start()
>   File "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/controller/controller.py",
> line 263, in start
>     action()
>   File "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/controller/action.py",
> line 108, in action
>     dumper.lister("available databases", conf.dbmsHandler.getDbs())
>   File
> "/home/blackcatz/Desktop/sqlmap/sqlmap/plugins/generic/enumeration.py", line
> 661, in getDbs
>     count = inject.getValue(query, inband=False, expected="int",
> charsetType=2)
>   File "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/request/inject.py", line
> 378, in getValue
>     value = __goInferenceProxy(expression, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar)
>   File "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/request/inject.py", line
> 308, in __goInferenceProxy
>     outputs = __goInferenceFields(expression, expressionFields,
> expressionFieldsList, payload, expected, resumeValue=resumeValue,
> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
>   File "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/request/inject.py", line
> 99, in __goInferenceFields
>     output = __goInference(payload, expressionReplaced, charsetType,
> firstChar, lastChar)
>   File "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/request/inject.py", line
> 58, in __goInference
>     count, value = bisection(payload, expression, length, charsetType,
> firstChar, lastChar)
>   File
> "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/techniques/blind/inference.py",
> line 253, in bisection
>     val       = getChar(index, asciiTbl)
>   File
> "/home/blackcatz/Desktop/sqlmap/sqlmap/lib/techniques/blind/inference.py",
> line 126, in getChar
>     forgedPayload = payload % (expressionUnescaped, idx, posValue)
> TypeError: not enough arguments for format string

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F