[sqlmap-users] List of things

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello SQLMAP users.

I have just been using the tools for an hour or so, and I came up with 
many suggestions and or error outputs from the program.
I ran svn version 1483 [latest]

[SUGGESTION / BUG]
While using the Google dorks, it can be quite annoying that the program 
escapes when a page returns 404.

Example:
[18:51:44] [INFO] testing url http://<host>/site.aspx?p=12446
[18:51:44] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\ses
' as session file
[18:51:44] [INFO] testing connection to the target url
[18:51:44] [INFO] testing if the url is stable, wait a few seconds
[18:51:46] [INFO] url is stable
[18:51:46] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[18:51:46] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[18:51:46] [INFO] testing if Cookie parameter 'ASP.NET_SessionId' is dynamic
[18:51:47] [WARNING] Cookie parameter 'ASP.NET_SessionId' is not dynamic
[18:51:47] [INFO] testing if GET parameter 'p' is dynamic
[18:51:47] [ERROR] page not found

[*] shutting down at: 18:51:47

I guess that the server returned 404, which of course can be valid since 
p is properly a "page" parameter.
So, we can drop this url, but don't stop the whole google dorks progress.

[SUGGESTION]
Another suggestion was being able to give some input, while sqlmap is 
trying a server, that makes sqlmap go to the next.
Sometimes servers are just slow, unresposive or have so many cookie 
parameters that you just want to go on.
It might be by pressing 's' for skip, just something.

[BUG]
Infinite connection redirection:
[19:05:41] [INFO] testing url <host>?p=4220
[19:05:41] [INFO] using 
'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file
[19:05:41] [INFO] testing connection to the target url
[19:05:45] [INFO] connection redirected, going to use <host> as target 
address
[19:05:45] [INFO] testing if the url is stable, wait a few seconds
[19:05:48] [INFO] url is stable
[19:05:48] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[19:05:49] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[19:05:49] [INFO] testing if Cookie parameter 'phpbb3_dto_k' is dynamic
[19:05:50] [WARNING] Cookie parameter 'phpbb3_dto_k' is not dynamic
[19:05:50] [INFO] testing if Cookie parameter 'phpbb3_dto_u' is dynamic
[19:05:53] [WARNING] Cookie parameter 'phpbb3_dto_u' is not dynamic
[19:05:53] [INFO] testing if Cookie parameter 'phpbb3_dto_sid' is dynamic
[19:05:55] [WARNING] Cookie parameter 'phpbb3_dto_sid' is not dynamic
[19:05:55] [INFO] testing if GET parameter 'p' is dynamic
[19:05:57] [INFO] connection redirected, going to use <host> as target 
address
[19:05:59] [INFO] connection redirected, going to use <host> as target 
address
[19:06:00] [INFO] connection redirected, going to use <host> as target 
address
[19:06:01] [INFO] connection redirected, going to use <host> as target 
address
[19:06:02] [INFO] connection redirected, going to use <host> as target 
address
[19:06:10] [INFO] connection redirected, going to use <host> as target 
address
[19:06:12] [INFO] connection redirected, going to use <host> as target 
address
[19:06:13] [INFO] connection redirected, going to use <host> as target 
address
[19:06:14] [INFO] connection redirected, going to use <host> as target 
address
[19:06:16] [INFO] connection redirected, going to use <host> as target 
address
[19:06:17] [INFO] connection redirected, going to use <host> as target 
address
[19:06:18] [INFO] connection redirected, going to use <host> as target 
address
[19:06:19] [INFO] connection redirected, going to use <host> as target 
address
[19:06:20] [INFO] connection redirected, going to use <host> as target 
address
[19:06:21] [INFO] connection redirected, going to use <host> as target 
address
[19:06:22] [INFO] connection redirected, going to use <host> as target 
address
[19:06:24] [INFO] connection redirected, going to use <host> as target 
address
[19:06:26] [INFO] connection redirected, going to use <host> as target 
address
[19:06:28] [INFO] connection redirected, going to use <host> as target 
address
[19:06:29] [INFO] connection redirected, going to use <host> as target 
address
[19:06:30] [INFO] connection redirected, going to use <host> as target 
address
[19:06:32] [INFO] connection redirected, going to use <host> as target 
address

[BUG]
Unknown bug...
[19:08:30] [INFO] testing if the url is stable, wait a few seconds
[19:08:36] [WARNING] connection timed out to the target url or proxy, 
skipping to next url
[19:08:36] [WARNING] url is not stable, sqlmap will base the page 
comparison on a sequence matcher, if no dynamic nor injectable 
parameters are detected, refer
to user's manual paragraph 'Page comparison' and provide a string or 
regular expression to match on
[19:08:36] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[19:08:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy 
the comman
d line and the following text and send by e-mail to 
sql...@li...urcefor
ge.net. The developer will fix it as soon as possible:
sqlmap version: 0.9-dev
Python version: 2.6.4
Operating system: win32
Traceback (most recent call last):
   File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main
     start()
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", 
line 194, i
n start
     elif not checkDynParam(place, parameter, value):
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 
260, in ch
eckDynParam
     dynResult1 = Request.queryPage(payload, place)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
296, in quer
yPage
     return comparison(page, headers, getSeqMatcher)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\comparison.py", line 
72, in co
mparison
     ratio = round(conf.seqMatcher.ratio(), 3)
   File "C:\Python26\lib\difflib.py", line 660, in ratio
     self.get_matching_blocks(), 0)
   File "C:\Python26\lib\difflib.py", line 482, in get_matching_blocks
     la, lb = len(self.a), len(self.b)
TypeError: object of type 'NoneType' has no len()

[*] shutting down at: 19:08:38

[BUG]
Also, it seems that there has been introduced a bug in lastest svn in 
regards to url redirection (as it is mentioned in the logs):
[18:54:02] [INFO] testing url http://<host>/?page=66
[18:54:02] [INFO] using 
'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file
[18:54:02] [INFO] testing connection to the target url
[18:54:03] [INFO] connection redirected, going to use /index.php as 
target addre
ss
[18:54:03] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy 
the comman
d line and the following text and send by e-mail to 
sql...@li...urcefor
ge.net. The developer will fix it as soon as possible:
sqlmap version: 0.9-dev
Python version: 2.6.4
Operating system: win32
Traceback (most recent call last):
   File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main
     start()
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", 
line 141, i
n start
     if not checkConnection() or not checkString() or not checkRegexp():
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 
387, in ch
eckConnection
     page, _ = Request.getPage()
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
135, in getP
age
     return Connect.__getPageProxy(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, 
in __get
PageProxy
     return Connect.getPage(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
126, in getP
age
     conn           = urllib2.urlopen(req)
   File "C:\Python26\lib\urllib2.py", line 124, in urlopen
     return _opener.open(url, data, timeout)
   File "C:\Python26\lib\urllib2.py", line 381, in open
     protocol = req.get_type()
   File "C:\Python26\lib\urllib2.py", line 242, in get_type
     raise ValueError, "unknown url type: %s" % self.__original
ValueError: unknown url type: /index.php?page=66

[*] shutting down at: 18:54:03

I keep getting some of these. More below:
[19:04:15] [INFO] testing connection to the target url
[19:04:15] [INFO] connection redirected, going to use /site.aspx as 
target addre
ss
[19:04:15] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy 
the comman
d line and the following text and send by e-mail to 
sql...@li...urcefor
ge.net. The developer will fix it as soon as possible:
sqlmap version: 0.9-dev
Python version: 2.6.4
Operating system: win32
Traceback (most recent call last):
   File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main
     start()
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", 
line 141, i
n start
     if not checkConnection() or not checkString() or not checkRegexp():
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 
387, in ch
eckConnection
     page, _ = Request.getPage()
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
135, in getP
age
     return Connect.__getPageProxy(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, 
in __get
PageProxy
     return Connect.getPage(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
126, in getP
age
     conn           = urllib2.urlopen(req)
   File "C:\Python26\lib\urllib2.py", line 124, in urlopen
     return _opener.open(url, data, timeout)
   File "C:\Python26\lib\urllib2.py", line 381, in open
     protocol = req.get_type()
   File "C:\Python26\lib\urllib2.py", line 242, in get_type
     raise ValueError, "unknown url type: %s" % self.__original
ValueError: unknown url type: /site.aspx?p=146

[*] shutting down at: 19:04:15

[19:12:09] [INFO] connection redirected, going to use weblinks.php as 
target add
ress
[19:12:09] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy 
the comman
d line and the following text and send by e-mail to 
sql...@li...urcefor
ge.net. The developer will fix it as soon as possible:
sqlmap version: 0.9-dev
Python version: 2.6.4
Operating system: win32
Traceback (most recent call last):
   File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main
     start()
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", 
line 194, i
n start
     elif not checkDynParam(place, parameter, value):
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 
260, in ch
eckDynParam
     dynResult1 = Request.queryPage(payload, place)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
291, in quer
yPage
     page, headers = Connect.getPage(get=get, post=post, cookie=cookie, 
ua=ua, si
lent=silent)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
135, in getP
age
     return Connect.__getPageProxy(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, 
in __get
PageProxy
     return Connect.getPage(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
126, in getP
age
     conn           = urllib2.urlopen(req)
   File "C:\Python26\lib\urllib2.py", line 124, in urlopen
     return _opener.open(url, data, timeout)
   File "C:\Python26\lib\urllib2.py", line 381, in open
     protocol = req.get_type()
   File "C:\Python26\lib\urllib2.py", line 242, in get_type
     raise ValueError, "unknown url type: %s" % self.__original
ValueError: unknown url type: weblinks.php?cat_id=3732&amp%3Bweblink_id=68

[*] shutting down at: 19:12:09

[19:10:36] [INFO] testing if Cookie parameter 'ASPSESSIONIDSQDCTTSB' is 
dynamic
[19:10:36] [WARNING] Cookie parameter 'ASPSESSIONIDSQDCTTSB' is not dynamic
[19:10:36] [INFO] testing if GET parameter 'FORUM_ID' is dynamic
[19:10:37] [INFO] connection redirected, going to use default.asp as 
target address
[19:10:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy 
the command line and the following text and send by e-mail to 
sql...@li.... The developer will fix it as soon as 
possible:
sqlmap version: 0.9-dev
Python version: 2.6.4
Operating system: win32
Traceback (most recent call last):
   File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main
     start()
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", 
line 194, i
n start
     elif not checkDynParam(place, parameter, value):
   File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 
260, in ch
eckDynParam
     dynResult1 = Request.queryPage(payload, place)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
291, in quer
yPage
     page, headers = Connect.getPage(get=get, post=post, cookie=cookie, 
ua=ua, si
lent=silent)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
135, in getP
age
     return Connect.__getPageProxy(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, 
in __get
PageProxy
     return Connect.getPage(**kwargs)
   File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 
126, in getP
age
     conn           = urllib2.urlopen(req)
   File "C:\Python26\lib\urllib2.py", line 124, in urlopen
     return _opener.open(url, data, timeout)
   File "C:\Python26\lib\urllib2.py", line 381, in open
     protocol = req.get_type()
   File "C:\Python26\lib\urllib2.py", line 242, in get_type
     raise ValueError, "unknown url type: %s" % self.__original
ValueError: unknown url type: default.asp?FORUM_ID=8899

[*] shutting down at: 19:10:37

Greetings from
Kasper