Re: [sqlmap-users] sqlmap dying when handling unicode
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap dying when handling unicode
|
From: Miroslav S. <mir...@gm...> - 2013-08-30 13:27:36
|
Hi. Can you please retry it now? Spotted a bug and fixed it. Kind regards, Miroslav Stampar On Fri, Aug 30, 2013 at 12:16 PM, Sebastian Nerz <seb...@sy...>wrote: > Hi, > > Am 30.08.2013 12:15, schrieb Miroslav Stampar: > > > > Does your original case use GET parameters? That could be a bug in sqlmap > > (appending to GET while there is no GET in the first place). > > No, it only contains COOKIE parameters. > > Kind regards, > > Sebastian Nerz > > > > > Kind regards, > > Miroslav Stampar > > > > > > On Fri, Aug 30, 2013 at 12:09 PM, Sebastian Nerz <seb...@sy... > >wrote: > > > >> Hi there, > >> > >> sqlmap is dying, when it should handle unicode. What I am doing is the > >> following: > >> > >> x is a parameter on a website, normally it contains base16(base64(binary > >> hash)). I am testing this parameter by submitting an empty parameter x > >> and --eval. In --eval I am concatenating my original values (u'\x...') > >> with the payload, encode it as base64 and overwrite the parameter. > >> Everything is working fine - IF and only if I overwrite every temporary > >> variable. > >> Apparently sqlmap is trying to concat the new variables to the list of > >> parameters and failing because they are unicode. Maybe some checking > >> could be done? > >> > >> Best regards, > >> > >> Sebastian Nerz > >> > >> [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, > >> retry your run with the latest development version from the GitHub > >> repository. If the exception persists, please send by e-mail to > >> 'sql...@li...' or open a new issue at > >> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following > >> text and any information required to reproduce the bug. The developers > >> will try to reproduce the bug, fix it accordingly and get back to you. > >> sqlmap version: 1.0-dev-7cb3ea2 > >> Python version: 2.7.4 > >> Operating system: posix > >> Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l > >> /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* > >> --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c > >> Technique: None > >> Back-end DBMS: None (identified) > >> Traceback (most recent call last): > >> File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main > >> start() > >> File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line > >> 363, in start > >> if not checkConnection(suppressOutput=conf.forms) or not > >> checkString() or not checkRegexp(): > >> File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line > >> 1195, in checkConnection > >> page, _ = Request.queryPage(content=True, noteResponseTime=False) > >> File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, > >> in queryPage > >> get += "%s%s=%s" % (delimiter, name, value) > >> TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode' > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > >> Discover the easy way to master current and previous Microsoft > technologies > >> and advance your career. Get an incredible 1,500+ hours of step-by-step > >> tutorial videos with LearnDevNow. Subscribe today and save! > >> > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > > > > > > > -- > Sebastian Nerz > Dipl.-Inform. > IT-Security Consultant > > mailto:seb...@sy... > ___________________________________________________________ > > SySS GmbH > Wohlboldstraße 8 > 72072 Tübingen > Germany > Voice: +49 7071 407856-31 > Fax: +49 7071 407856-19 > WWW: http://www.syss.de > > PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 > > Geschaeftsfuehrer Sebastian Schreiber > Registergericht: Amtsgericht Stuttgart / HRB 382420 > Steuernummer: 86118 / 55809 > > > -- Miroslav Stampar http://about.me/stamparm |
