Re: [sqlmap-users] found another Bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] found another Bug
|
From: Miroslav S. <mir...@gm...> - 2010-12-21 00:46:36
|
hi nightman. thank you for your commit and find it fixed in the latest commit. kind regards. On Tue, Dec 21, 2010 at 1:08 AM, <nig...@em...> wrote: > sqlmap -u "http://xxxxxxx.xxx/update_thumb.php?e=263&s=6" -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 00:23:50 > > [00:23:50] [INFO] fetched random HTTP User-Agent header from file 'C:\pentest\sqlmap.0.9\txt\user-agents.txt': > Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50 > [00:23:50] [INFO] using 'C:\pentest\sqlmap.0.9\output\xxxxxx\session' as session file > [00:23:50] [INFO] testing connection to the target url > [00:23:51] [INFO] testing if the url is stable, wait a few seconds > [00:23:53] [INFO] url is stable > many tests > [00:34:15] [INFO] GET parameter 's' is 'MySQL > 5.0.11 AND time-based blind' injectable > GET parameter 's' is vulnerable. Do you want to keep testing the others? [y/N] y > more tests > [00:52:02] [INFO] testing 'Firebird AND error-based - WHERE clause' > > [00:52:02] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio > n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi > ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentestsqlmap.0.9\sqlmap.py", line 79, in main > start() > File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 352, in start > injection = checkSqlInjection(place, parameter, value) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 165, in checkSqlInjection > fstPayload = unescapeDbms(fstPayload, injection, dbms) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 65, in unescapeDbms > payload = unescape(payload, dbms) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 53, in unescape > return unescaper[dbms](string) > File "C:\pentest\sqlmap.0.9\plugins\dbms\firebird\syntax.py", line 21, in unescape > if isDBMSVersionAtLeast('2.1'): > File "C:\pentest\sqlmap.0.9\lib\core\common.py", line 1752, in isDBMSVersionAtLeast > value = float(value.replace(">", "")) + 0.01 > ValueError: invalid literal for float(): 5.0.11 > > [*] shutting down at: 00:52:02 > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
