Re: [sqlmap-users] Sqlmap: DBMS Microsoft SQL Server 2005 --current-db ERROR

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

hi.

could you please send me privately content of a file:
/home/unkq/sqlmap/output/www.cssd.cz/session
for further analysis.

also, please retry your testing with usage of flag: --flush-session.

kind regards.

On Fri, Oct 8, 2010 at 7:42 PM, Pavel Saparov <sap...@gm...> wrote:
> Hello there, I got another error with sqlmap-0.9dev:
>
> $ python sqlmap.py -u "http://www.cssd.cz/vyhledat/?slovo=hledat" -v 1 -a
> "./txt/user-agents.txt" --current-db --threads 3
>
> [*] starting at: 19:21:53
>
> [19:21:53] [INFO] fetched random HTTP User-Agent header from file
> './txt/user-agents.txt': Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1)
> Gecko/20060130 SeaMonkey/1.0
> [19:21:53] [INFO] using '/home/unkq/sqlmap/output/www.cssd.cz/session' as
> session file
> [19:21:53] [INFO] resuming match ratio '0.9' from session file
> [19:21:53] [INFO] resuming injection point 'GET' from session file
> [19:21:53] [INFO] resuming injection parameter 'slovo' from session file
> [19:21:53] [INFO] resuming injection type 'stringdouble' from session file
> [19:21:53] [INFO] resuming 2 number of parenthesis from session file
> [19:21:53] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from
> session file
> [19:21:53] [INFO] testing connection to the target url
> [19:21:58] [INFO] testing for parenthesis on injectable parameter
> [19:21:58] [INFO] the back-end DBMS is Microsoft SQL Server
>
> web application technology: Apache
> back-end DBMS: Microsoft SQL Server 2005
> [19:21:58] [INFO] fetching current database
> [19:21:58] [INFO] retrieving the length of query output
> [19:21:58] [INFO] retrieved:
> 816555554554444447411111114444455444444121445455444511111
>
> [19:31:43] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.9-dev
> Python version: 2.6.4
> Operating system: posix
> Traceback (most recent call last):
>   File "sqlmap.py", line 96, in main
>     start()
>   File "/home/unkq/sqlmap/lib/controller/controller.py", line 281, in start
>     action()
>   File "/home/unkq/sqlmap/lib/controller/action.py", line 89, in action
>     conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb())
>   File "/home/unkq/sqlmap/plugins/generic/enumeration.py", line 131, in
> getCurrentDb
>     kb.data.currentDb = inject.getValue(query)
>   File "/home/unkq/sqlmap/lib/request/inject.py", line 374, in getValue
>     value = __goInferenceProxy(expression, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar)
>   File "/home/unkq/sqlmap/lib/request/inject.py", line 120, in
> __goInferenceProxy
>     output = resume(expression, payload)
>   File "/home/unkq/sqlmap/lib/utils/resume.py", line 164, in resume
>     if len(resumedValue) == int(length):
> ValueError: invalid literal for int() with base 10:
> '816555554554444447411\x02111114444455444444\x02\x021\x02214454554445111\x0211'
>
> [*] shutting down at: 19:31:43
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia