[sqlmap-users] List of things
Brought to you by:
inquisb
From: Kasper F. <th...@ma...> - 2010-03-15 18:18:04
|
Hello SQLMAP users. I have just been using the tools for an hour or so, and I came up with many suggestions and or error outputs from the program. I ran svn version 1483 [latest] [SUGGESTION / BUG] While using the Google dorks, it can be quite annoying that the program escapes when a page returns 404. Example: [18:51:44] [INFO] testing url http://<host>/site.aspx?p=12446 [18:51:44] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\ses ' as session file [18:51:44] [INFO] testing connection to the target url [18:51:44] [INFO] testing if the url is stable, wait a few seconds [18:51:46] [INFO] url is stable [18:51:46] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [18:51:46] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [18:51:46] [INFO] testing if Cookie parameter 'ASP.NET_SessionId' is dynamic [18:51:47] [WARNING] Cookie parameter 'ASP.NET_SessionId' is not dynamic [18:51:47] [INFO] testing if GET parameter 'p' is dynamic [18:51:47] [ERROR] page not found [*] shutting down at: 18:51:47 I guess that the server returned 404, which of course can be valid since p is properly a "page" parameter. So, we can drop this url, but don't stop the whole google dorks progress. [SUGGESTION] Another suggestion was being able to give some input, while sqlmap is trying a server, that makes sqlmap go to the next. Sometimes servers are just slow, unresposive or have so many cookie parameters that you just want to go on. It might be by pressing 's' for skip, just something. [BUG] Infinite connection redirection: [19:05:41] [INFO] testing url <host>?p=4220 [19:05:41] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file [19:05:41] [INFO] testing connection to the target url [19:05:45] [INFO] connection redirected, going to use <host> as target address [19:05:45] [INFO] testing if the url is stable, wait a few seconds [19:05:48] [INFO] url is stable [19:05:48] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [19:05:49] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [19:05:49] [INFO] testing if Cookie parameter 'phpbb3_dto_k' is dynamic [19:05:50] [WARNING] Cookie parameter 'phpbb3_dto_k' is not dynamic [19:05:50] [INFO] testing if Cookie parameter 'phpbb3_dto_u' is dynamic [19:05:53] [WARNING] Cookie parameter 'phpbb3_dto_u' is not dynamic [19:05:53] [INFO] testing if Cookie parameter 'phpbb3_dto_sid' is dynamic [19:05:55] [WARNING] Cookie parameter 'phpbb3_dto_sid' is not dynamic [19:05:55] [INFO] testing if GET parameter 'p' is dynamic [19:05:57] [INFO] connection redirected, going to use <host> as target address [19:05:59] [INFO] connection redirected, going to use <host> as target address [19:06:00] [INFO] connection redirected, going to use <host> as target address [19:06:01] [INFO] connection redirected, going to use <host> as target address [19:06:02] [INFO] connection redirected, going to use <host> as target address [19:06:10] [INFO] connection redirected, going to use <host> as target address [19:06:12] [INFO] connection redirected, going to use <host> as target address [19:06:13] [INFO] connection redirected, going to use <host> as target address [19:06:14] [INFO] connection redirected, going to use <host> as target address [19:06:16] [INFO] connection redirected, going to use <host> as target address [19:06:17] [INFO] connection redirected, going to use <host> as target address [19:06:18] [INFO] connection redirected, going to use <host> as target address [19:06:19] [INFO] connection redirected, going to use <host> as target address [19:06:20] [INFO] connection redirected, going to use <host> as target address [19:06:21] [INFO] connection redirected, going to use <host> as target address [19:06:22] [INFO] connection redirected, going to use <host> as target address [19:06:24] [INFO] connection redirected, going to use <host> as target address [19:06:26] [INFO] connection redirected, going to use <host> as target address [19:06:28] [INFO] connection redirected, going to use <host> as target address [19:06:29] [INFO] connection redirected, going to use <host> as target address [19:06:30] [INFO] connection redirected, going to use <host> as target address [19:06:32] [INFO] connection redirected, going to use <host> as target address [BUG] Unknown bug... [19:08:30] [INFO] testing if the url is stable, wait a few seconds [19:08:36] [WARNING] connection timed out to the target url or proxy, skipping to next url [19:08:36] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher, if no dynamic nor injectable parameters are detected, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on [19:08:36] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [19:08:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 194, i n start elif not checkDynParam(place, parameter, value): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 260, in ch eckDynParam dynResult1 = Request.queryPage(payload, place) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 296, in quer yPage return comparison(page, headers, getSeqMatcher) File "C:\Users\foens\Desktop\sqlmap\lib\request\comparison.py", line 72, in co mparison ratio = round(conf.seqMatcher.ratio(), 3) File "C:\Python26\lib\difflib.py", line 660, in ratio self.get_matching_blocks(), 0) File "C:\Python26\lib\difflib.py", line 482, in get_matching_blocks la, lb = len(self.a), len(self.b) TypeError: object of type 'NoneType' has no len() [*] shutting down at: 19:08:38 [BUG] Also, it seems that there has been introduced a bug in lastest svn in regards to url redirection (as it is mentioned in the logs): [18:54:02] [INFO] testing url http://<host>/?page=66 [18:54:02] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file [18:54:02] [INFO] testing connection to the target url [18:54:03] [INFO] connection redirected, going to use /index.php as target addre ss [18:54:03] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 141, i n start if not checkConnection() or not checkString() or not checkRegexp(): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 387, in ch eckConnection page, _ = Request.getPage() File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: /index.php?page=66 [*] shutting down at: 18:54:03 I keep getting some of these. More below: [19:04:15] [INFO] testing connection to the target url [19:04:15] [INFO] connection redirected, going to use /site.aspx as target addre ss [19:04:15] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 141, i n start if not checkConnection() or not checkString() or not checkRegexp(): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 387, in ch eckConnection page, _ = Request.getPage() File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: /site.aspx?p=146 [*] shutting down at: 19:04:15 [19:12:09] [INFO] connection redirected, going to use weblinks.php as target add ress [19:12:09] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 194, i n start elif not checkDynParam(place, parameter, value): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 260, in ch eckDynParam dynResult1 = Request.queryPage(payload, place) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 291, in quer yPage page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, si lent=silent) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: weblinks.php?cat_id=3732&%3Bweblink_id=68 [*] shutting down at: 19:12:09 [19:10:36] [INFO] testing if Cookie parameter 'ASPSESSIONIDSQDCTTSB' is dynamic [19:10:36] [WARNING] Cookie parameter 'ASPSESSIONIDSQDCTTSB' is not dynamic [19:10:36] [INFO] testing if GET parameter 'FORUM_ID' is dynamic [19:10:37] [INFO] connection redirected, going to use default.asp as target address [19:10:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 194, i n start elif not checkDynParam(place, parameter, value): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 260, in ch eckDynParam dynResult1 = Request.queryPage(payload, place) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 291, in quer yPage page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, si lent=silent) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: default.asp?FORUM_ID=8899 [*] shutting down at: 19:10:37 Greetings from Kasper |