Re: [sqlmap-users] List of things
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] List of things
|
From: Miroslav S. <mir...@gm...> - 2010-06-09 14:51:55
|
Hi again. Thank you very much for pointing us to this direction. It seems that we haven't pay enough attention to HTTP content charset encoding in previous. Now, with the latest commit, we take care of the declared HTTP response charset encoding and properly decode it to unicode. This means that previously all session/log files were stored with improper encoding (ASCII without proper decoding) which results in some cases to disaster (euro sign is 0x80 in cp1252, while 0x20ac in Unicode, and "improper" in ASCII -> in plain speak: if the declared page's charset was declared to cp1252 and we store it in plain ASCII as 0x80, in final we get sh.t). To finalize, latest commit is a major bug fix. So, please update. Sorry Kasper, your problem with those crashes isn't solved with this one, but we'll try to find something out for this too. KR On Wed, Jun 9, 2010 at 3:07 PM, Kasper Føns <th...@ma...> wrote: > Hi Miro. > > I think this part would knock sqlmap down. > > It should have been an ø. > (image of ø: http://www.xn--srensen-q1a.dk/charmap.jpg) > > /Kasper > > On 09-06-2010 14:54, Miroslav Stampar wrote: >> >> Hi. >> >> As you can conclude, we've modified sqlmap for full unicode support >> and expect (not too many hopefully :) this kind of "unpredicted >> fails". >> >> Could you be so kind and send some kind of excerpt or whole session >> file (privately) with the containing "problematic" part. >> >> Kind regards. >> >> On Wed, Jun 9, 2010 at 2:16 PM, Kasper Føns<th...@ma...> wrote: >> >>> >>> Hello SQLMAP users. >>> >>> Is there a problem using an old session file with new svn version? >>> >>> I get this: >>> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >>> http://sqlmap.sourceforge.net >>> >>> [*] starting at: 14:17:25 >>> >>> [14:17:25] [INFO] using 'bla' as session file >>> >>> [14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >>> the command line and the following text and send by e-mail to >>> sql...@li.... The developer will fix it as soon as >>> possible: >>> sqlmap version: 0.9-dev >>> Python version: 2.5.2 >>> Operating system: posix >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 89, in main >>> start() >>> File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in >>> start >>> setupTargetEnv() >>> File "/home/foens/sqlmap/lib/core/target.py", line 258, in >>> setupTargetEnv >>> __setOutputResume() >>> File "/home/foens/sqlmap/lib/core/target.py", line 130, in >>> __setOutputResume >>> for line in readSessionFP.readlines(): # xreadlines doesn't return >>> unicode strings when codec.open() is used >>> File "/usr/lib/python2.5/codecs.py", line 626, in readlines >>> return self.reader.readlines(sizehint) >>> File "/usr/lib/python2.5/codecs.py", line 535, in readlines >>> data = self.read() >>> File "/usr/lib/python2.5/codecs.py", line 424, in read >>> newchars, decodedbytes = self.decode(data, self.errors) >>> UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position >>> 3397: unexpected code byte >>> >>> [*] shutting down at: 14:17:25 >>> >>> >>> ------------------------------------------------------------------------------ >>> ThinkGeek and WIRED's GeekDad team up for the Ultimate >>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >>> lucky parental unit. See the prize list and enter to win: >>> http://p.sf.net/sfu/thinkgeek-promo >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
){kind=link}