Re: [sqlmap-users] Bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Bug
|
From: David G. <sk...@gm...> - 2010-06-10 17:17:12
|
Mirolav, my mistake. The problem is that apache is cutting the URI because of the internal configuration of the server (maximum size is limited by the apache policy URI LimitRequestLine). As you can see, the problem occurs only in columns that have big name, so the encode (with chr() in postgresql) is much greater. As the php script allows me to use the POST method for the same purpose(which is limited by the policy post_max_size in php.ini, which has a value far greater(=~8MB) than that limited by LimitRequestLine), I could successfully perform the dump. [13:52:41] [INFO] fetching columns for table 'livro' on database 'public' Database: public Table: livro [15 columns] +-------------------+---------+ | Column | Type | +-------------------+---------+ | ano | int4 | | autor | varchar | | dt_cadastro | date | | edicao | varchar | | editora | varchar | | esgotado | bpchar | | id_area | int4 | | id_livro | int4 | | isbn | varchar | | lancamento | bpchar | | paginas | int4 | | preco | float4 | | preco_promocional | float4 | | release | text | | titulo | varchar | +-------------------+---------+ Thanks anyway! =) On Thu, Jun 10, 2010 at 1:24 PM, Miroslav Stampar <mir...@gm...> wrote: > It would be most helpful if you could send me what should be there (if > you could do it manually it would be most helpful). > > KR > > On Thu, Jun 10, 2010 at 6:19 PM, David Guimaraes <sk...@gm...> wrote: >> ... >> [12:57:17] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento >> [12:57:17] [INFO] retrieving the length of query output >> [12:57:17] [INFO] retrieved: >> [12:57:18] [INFO] retrieved: >> [12:57:19] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado >> [12:57:19] [INFO] retrieving the length of query output >> [12:57:19] [INFO] retrieved: 6 >> [12:57:20] [INFO] retrieved: bpchar >> [12:57:20] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': >> preco_promocional >> [12:57:20] [INFO] retrieving the length of query output >> [12:57:20] [INFO] retrieved: >> [12:57:21] [INFO] retrieved: >> [12:57:22] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao >> [12:57:22] [INFO] retrieving the length of query output >> [12:57:22] [INFO] retrieved: 7 >> [12:57:24] [INFO] retrieved: varchar >> [12:57:24] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn >> [12:57:24] [INFO] retrieving the length of query output >> [12:57:24] [INFO] retrieved: 7 >> [12:57:25] [INFO] retrieved: varchar >> [12:57:25] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro >> [12:57:25] [INFO] retrieving the length of query output >> [12:57:25] [INFO] retrieved: >> [12:57:25] [INFO] retrieved: >> [12:57:27] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora >> [12:57:27] [INFO] retrieving the length of query output >> [12:57:27] [INFO] retrieved: 7 >> [12:57:28] [INFO] retrieved: varchar >> Database: public >> Table: livro >> [15 columns] >> +-------------------+---------+ >> | Column | Type | >> +-------------------+---------+ >> | ano | int4 | >> | autor | varchar | >> | dt_cadastro | | >> | edicao | varchar | >> | editora | varchar | >> | esgotado | bpchar | >> | id_area | int4 | >> | id_livro | int4 | >> | isbn | varchar | >> | lancamento | | >> | paginas | int4 | >> | preco | float4 | >> | preco_promocional | | >> | release | text | >> | titulo | varchar | >> +-------------------+---------+ >> >> $ svn info >> Path: . >> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >> Repository Root: https://svn.sqlmap.org/sqlmap >> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >> Revision: 1763 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: inquisb >> Last Changed Rev: 1763 >> Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010) >> >> This is ok now (despite for some reason, it failed to retrieve the >> column type "dt_cadastro", "lancamento", and "preco_promocional") >> >> Thanks for solving this in so short notice. >> >> On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> We've made some modifications regarding your bug report. Could you >>> please try to run it again with the latest repository version? >>> >>> Thanks >>> >>> On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote: >>>> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns >>>> >>>> [11:22:01] [INFO] retrieving the length of query output >>>> [11:22:01] [INFO] retrieved: 10 >>>> [11:22:03] [INFO] retrieved: lancamento >>>> [11:22:03] [INFO] retrieving the length of query output >>>> [11:22:03] [INFO] retrieved: >>>> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >>>> the command line and the following text and send by e-mail to >>>> sql...@li.... The developer will fix it as soon >>>> as possible: >>>> sqlmap version: 0.9-dev >>>> Python version: 2.5.2 >>>> Operating system: posix >>>> Traceback (most recent call last): >>>> File "./sqlmap.py", line 89, in main >>>> start() >>>> File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start >>>> action() >>>> File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action >>>> conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns()) >>>> File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line >>>> 955, in getColumns >>>> colType = inject.getValue(query, inband=False) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue >>>> value = __goInferenceProxy(expression, fromUser, expected, batch, >>>> resumeValue, unpack, charsetType, firstChar, lastChar) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in >>>> __goInferenceProxy >>>> outputs = __goInferenceFields(expression, expressionFields, >>>> expressionFieldsList, payload, expected, resumeValue=resumeValue, >>>> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in >>>> __goInferenceFields >>>> output = __goInference(payload, expressionReplaced, charsetType, >>>> firstChar, lastChar) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference >>>> _, length, _ = queryOutputLength(expression, payload) >>>> File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in >>>> queryOutputLength >>>> count, length = bisection(payload, lengthExprUnescaped, charsetType=2) >>>> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >>>> 431, in bisection >>>> val = getChar(index, asciiTbl) >>>> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >>>> 210, in getChar >>>> charTbl = xrange(maxChar + 1, (maxChar + 1) << 8) >>>> OverflowError: long int too large to convert to int >>>> >>>> [*] shutting down at: 11:22:17 >>>> >>>> $ svn info >>>> Path: . >>>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >>>> Repository Root: https://svn.sqlmap.org/sqlmap >>>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >>>> Revision: 1759 >>>> Node Kind: directory >>>> Schedule: normal >>>> Last Changed Author: inquisb >>>> Last Changed Rev: 1759 >>>> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010) >>>> >>>> >>>> -- >>>> David Gomes Guimarães >>>> >>>> ------------------------------------------------------------------------------ >>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate >>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >>>> lucky parental unit. See the prize list and enter to win: >>>> http://p.sf.net/sfu/thinkgeek-promo >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> >> >> >> >> -- >> David Gomes Guimarães >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > -- David Gomes Guimarães |
