Re: [sqlmap-users] Unable to fingerprint dbms
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Unable to fingerprint dbms
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-12 17:33:05
|
Which command line di you run?
Bernardo
On 12 January 2011 16:57, -insane- <in...@gm...> wrote:
> Unable to fingerprint any dbms. If i use earlier versions it works.
>
> sqlmap identified the following injection points with a total of 0
> HTTP(s) requests:
> ---
> Place: GET
> Parameter: xxx
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE clause
> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 AND
> 8933=8933&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
>
> Type: UNION query
> Title: MySQL NULL UNION query - 1 to 3 columns
> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 UNION ALL SELECT NULL,
> NULL, NULL, CHAR(75,101,105,110), NULL, NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL#&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
> ---
>
> [17:51:28] [INFO] testing MySQL
>
> [17:51:28] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your
> run with the latest development version from the Subversion repository.
> If the exception persists, please send by e-mail to
> sql...@li... the command line, the following text
> and any information needed to reproduce the bug. The developers will try
> to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 0.9-dev (r2946)
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
> File "/pentest/database/sqlmap/sqlmap.py", line 83, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line
> 407, in start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 31, in
> action
> setHandler()
> File "/pentest/database/sqlmap/lib/controller/handler.py", line 103,
> in setHandler
> if handler.checkDbms():
> File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py",
> line 175, in checkDbms
> result =
> inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
> File "/pentest/database/sqlmap/lib/request/inject.py", line 504, in
> checkBooleanExpression
> return getValue(unescaper.unescape(expression),
> expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 421, in
> getValue
> value = __goInband(forgeCaseExpression, expected, sort, resumeValue,
> unpack, dump)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 379, in
> __goInband
> output = unionUse(expression, resetCounter=True, unpack=unpack,
> dump=dump)
> File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py",
> line 214, in unionUse
> query = agent.forgeInbandQuery(expression, exprPosition=vector[0],
> count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
> File "/pentest/database/sqlmap/lib/core/agent.py", line 542, in
> forgeInbandQuery
> inbandQuery += conf.uChar
> TypeError: cannot concatenate 'str' and 'NoneType' objects
>
> [*] shutting down at: 17:51:28
>
>
> ------------------------------------------------------------------------------
> Protect Your Site and Customers from Malware Attacks
> Learn about various malware tactics and how to avoid them. Understand
> malware threats, the impact they can have on your business, and how you
> can protect your company and customers by using code signing.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
