Re: [sqlmap-users] UNION injectable -> sqlmap stops to work

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

done

i believe we've fixed it few secs ago.

tested against our testing environment and it works now ok.

kr

p.s. will do some further tests later today

On Sat, Feb 26, 2011 at 6:43 PM, Miroslav Stampar
<mir...@gm...> wrote:
> we've traced the problem. will try to deal with it in 6 hour approx.
> (now have to go out :)
>
> kr
>
> On Sat, Feb 26, 2011 at 5:16 AM, -insane- <in...@gm...> wrote:
>> Hey,
>>
>> i've been using sqlmap and proxychains together for months and it
>> allways worked fine for me.
>> Today i updated to the latest revision (3369) and i tried to find and
>> use UNION injections.
>> In the past it was no problem, but with the latest revision i got one.
>> After sqlmap reports the following:
>> "target url appears to be UNION injectable with 22 columns"
>> it connects to the target one last time and afterwards it stops to work.
>> I tried some different targets and i also tried to use sqlmap without
>> proxychains, but in all cases i got the same result.
>> Is it a bug or am i making a mistake?
>>
>> The end of my output:
>> [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns'
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns
>> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK
>> ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase
>>
>> My very simple cmd:
>> proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms
>> mysql -p id --union-cols 21-22
>>
>> Content of /usr/bin/sqlmap:
>> #!/bin/sh
>> python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@
>>
>> ------------------------------------------------------------------------------
>> Free Software Download: Index, Search & Analyze Logs and other IT data in
>> Real-Time with Splunk. Collect, index and harness all the fast moving IT data
>> generated by your applications, servers and devices whether physical, virtual
>> or in the cloud. Deliver compliance at lower cost and gain new business
>> insights. http://p.sf.net/sfu/splunk-dev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>

-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B