[sqlmap-users] Error/Bug report

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
I were using sqlmap to check a demo website and got the below error message twice.
I run sqlmap with wizard and set the scanner to highest level and risk. The test was run in BackTrack 5, VMWare player 3.1.4, the vm settings are: 1Gb RAM, 20Gb extendable HDD with NAT in Windows 7 Ultimate installed on T43, 2Gb RAM, 40Gb HDD. I was using wireless connection when run this test.

Please check! Many thanks.

===========================================================================

# python sqlmap.py --wizard

    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 14:34:01

Please enter full target URL (-u): http://demo.testfire.net/subscribe.aspx
POST data (--data) [Enter for None]: txtEmail=ab...@co...&btnSubmit=Subscribe
Injection difficulty (--level/--risk). Please choose:
[1] Normal (default)
[2] Medium
[3] Hard
> 3
Enumeration (--banner/--current-user/etc). Please choose:
[1] Basic (default)
[2] Smart
[3] All
> 3

sqlmap is running, please wait..

sqlmap identified the following injection points with a total of 4653 HTTP(s) requests:
---
Place: POST                                                                                        
Parameter: btnSubmit
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: txtEmail=ab...@co...&btnSubmit=-6204) OR NOT 5551=5551 AND (7686=7686
---

web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft Access
banner:    'None'

current user:    'None'

current database:    'None'

[16:32:14] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py --wizard
Technique: BOOLEAN
Back-end DBMS: Microsoft Access (fingerprinted)
Traceback (most recent call last):
  File "sqlmap.py", line 82, in main
    start()
  File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", line 447, in start
    action()
  File "/pentest/web/scanners/sqlmap/lib/controller/action.py", line 70, in action
    conf.dumper.dba(conf.dbmsHandler.isDba())
  File "/pentest/web/scanners/sqlmap/plugins/generic/enumeration.py", line 149, in isDba
    query = queries[Backend.getIdentifiedDbms()].is_dba.query
  File "/pentest/web/scanners/sqlmap/extra/xmlobject/xmlobject.py", line 372, in __getattr__
    raise AttributeError(attr)
AttributeError: query

[*] shutting down at: 16:32:14

Ha Thanh