Re: [sqlmap-users] Possible Bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Possible Bug
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-06 15:21:46
|
Hi yonny. On 6 February 2011 14:44, yonny mutai <yo...@go...> wrote: > ... > Command line: /pentest/database/sqlmap/sqlmap.py --level 5 --risk 3 > --parse-errors --msf-path /pentest/exploits/framework3 --read-file > /etc/passwd --time-sec 10 --method=POST --data=user_name=loan&password=2121 > --threads 1 --timeout 39 -u ********************************************** > --dbms mysql --flush-session > Technique: ERROR > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "/pentest/database/sqlmap/sqlmap.py", line 82, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line 414, in > start > action() > File "/pentest/database/sqlmap/lib/controller/action.py", line 123, in > action > conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile)) > File "/pentest/database/sqlmap/plugins/generic/filesystem.py", line 285, > in readFile > newFileContent += chunk > TypeError: cannot concatenate 'str' and 'NoneType' objects We have been reported this bug since 24 hours by another user. We are on the case. If you svn update, you'll see that the exception is handled correctly now, no traceback anymore. Support to read files on MySQL via error-based though will come as soon as we fix an important bug related to MySQL trimming of output in error-based payloads. Thanks for reporting. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
