Re: [sqlmap-users] Unable to fingerprint dbms
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Unable to fingerprint dbms
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-13 09:41:48
|
Fixed and committed.
Bernardo
On 12 January 2011 17:32, Bernardo Damele A. G.
<ber...@gm...> wrote:
> Which command line di you run?
>
> Bernardo
>
>
> On 12 January 2011 16:57, -insane- <in...@gm...> wrote:
>> Unable to fingerprint any dbms. If i use earlier versions it works.
>>
>> sqlmap identified the following injection points with a total of 0
>> HTTP(s) requests:
>> ---
>> Place: GET
>> Parameter: xxx
>> Type: boolean-based blind
>> Title: AND boolean-based blind - WHERE clause
>> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 AND
>> 8933=8933&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
>>
>> Type: UNION query
>> Title: MySQL NULL UNION query - 1 to 3 columns
>> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 UNION ALL SELECT NULL,
>> NULL, NULL, CHAR(75,101,105,110), NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL#&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
>> ---
>>
>> [17:51:28] [INFO] testing MySQL
>>
>> [17:51:28] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your
>> run with the latest development version from the Subversion repository.
>> If the exception persists, please send by e-mail to
>> sql...@li... the command line, the following text
>> and any information needed to reproduce the bug. The developers will try
>> to reproduce the bug, fix it accordingly and get back to you.
>> sqlmap version: 0.9-dev (r2946)
>> Python version: 2.5.2
>> Operating system: posix
>> Traceback (most recent call last):
>> File "/pentest/database/sqlmap/sqlmap.py", line 83, in main
>> start()
>> File "/pentest/database/sqlmap/lib/controller/controller.py", line
>> 407, in start
>> action()
>> File "/pentest/database/sqlmap/lib/controller/action.py", line 31, in
>> action
>> setHandler()
>> File "/pentest/database/sqlmap/lib/controller/handler.py", line 103,
>> in setHandler
>> if handler.checkDbms():
>> File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py",
>> line 175, in checkDbms
>> result =
>> inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
>> File "/pentest/database/sqlmap/lib/request/inject.py", line 504, in
>> checkBooleanExpression
>> return getValue(unescaper.unescape(expression),
>> expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
>> File "/pentest/database/sqlmap/lib/request/inject.py", line 421, in
>> getValue
>> value = __goInband(forgeCaseExpression, expected, sort, resumeValue,
>> unpack, dump)
>> File "/pentest/database/sqlmap/lib/request/inject.py", line 379, in
>> __goInband
>> output = unionUse(expression, resetCounter=True, unpack=unpack,
>> dump=dump)
>> File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py",
>> line 214, in unionUse
>> query = agent.forgeInbandQuery(expression, exprPosition=vector[0],
>> count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
>> File "/pentest/database/sqlmap/lib/core/agent.py", line 542, in
>> forgeInbandQuery
>> inbandQuery += conf.uChar
>> TypeError: cannot concatenate 'str' and 'NoneType' objects
>>
>> [*] shutting down at: 17:51:28
>>
>>
>> ------------------------------------------------------------------------------
>> Protect Your Site and Customers from Malware Attacks
>> Learn about various malware tactics and how to avoid them. Understand
>> malware threats, the impact they can have on your business, and how you
>> can protect your company and customers by using code signing.
>> http://p.sf.net/sfu/oracle-sfdevnl
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
