Re: [sqlmap-users] End string DB2
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] End string DB2
|
From: Miroslav S. <mir...@gm...> - 2012-01-30 12:56:35
|
Hi David. Thank you for your report and find it fixed with the latest commit (r4693). Kind regards, Miroslav Stampar On Mon, Jan 30, 2012 at 12:22 PM, David Alvarez <dav...@gm...>wrote: > Hi Miroslav, > > Thank you for your response! > > "INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests. > great! > > Now, I report you an unhandled exception found during the test: > *[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you.* > *sqlmap version: 1.0-dev (r4692)* > *Python version: 2.6.6* > *Operating system: posix* > *Command line: sqlmap.py -u > ************************************************************************************************************************************************************************* > --data ******************************************************* -p param > --cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1 > --safe-url=*************************************** --tables* > *Technique: BOOLEAN* > *Back-end DBMS: IBM DB2 (fingerprinted)* > *Traceback (most recent call last):* > * File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main* > * start()* > * File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563, > in start * > * action()* > * File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in > action * > * conf.dumper.dbTables(conf.dbmsHandler.getTables())* > * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833, > in getTables* > * dbs = self.getDbs()* > * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777, > in getDbs* > * db = inject.getValue(query, inband=False, error=False)* > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in > getValue* > * value = __goInferenceProxy(query, fromUser, expected, batch, > resumeValue, unpack, charsetType, firstChar, lastChar, dump)* > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in > __goInferenceProxy* > * outputs = __goInferenceFields(expression, expressionFields, > expressionFieldsList, payload, expected, resumeValue=resumeValue, > charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) > * > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in > __goInferenceFields* > * output = __goInference(payload, expressionReplaced, charsetType, > firstChar, lastChar, dump)* > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in > __goInference * > * count, value = bisection(payload, expression, length, charsetType, > firstChar, lastChar, dump)* > * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line > 497, in bisection* > * val = getChar(index, asciiTbl)* > * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line > 214, in getChar* > * unescapedCharValue = unescaper.unescape(markingValue % > decodeIntToUnicode(posValue))* > *TypeError: %c requires int or char* > > Kind Regards, > David Alvarez > > On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi David. >> >> Fact is that we rely that DBMS won't return a proper character on a >> request for "substring" on non-valid index and that works ok for most of >> today's DBMSes. >> >> But, also we do have a check for these kind of cases. If there is more >> than some predefined number of spaces at the end of the retrieved value we >> just abruptly abort with that value, trim spaces from the end and continue >> on with the next item. >> >> Thing is that that "breaking" value is currently (r4692) set to 10 and if >> you think that's too high for your case you are more than welcome to adjust >> it to your needs. Just go to the lib/core/settings.py and change line: >> >> INFERENCE_BLANK_BREAK = 10 >> >> to something more appropriate for your needs (e.g. 3) >> >> Kind regards, >> Miroslav Stampar >> >> On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez < >> dav...@gm...> wrote: >> >>> Hello, >>> >>> There is a sql injection in an IBM DB2 9.1. I'm using an AND >>> boolean-based blind injection. The problem is that sqlmap doesn't check >>> properly the end of the string and go in loop getting space chars as result. >>> >>> I'm using the latest version of sqlmap (r4690). >>> >>> How could I resolve it? >>> >>> Regards, >>> David Alvarez >>> >>> >>> ------------------------------------------------------------------------------ >>> Try before you buy = See our experts in action! >>> The most comprehensive online learning library for Microsoft developers >>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >>> Metro Style Apps, more. Free future releases when you subscribe now! >>> http://p.sf.net/sfu/learndevnow-dev2 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > -- Miroslav Stampar http://about.me/stamparm |
