Re: [sqlmap-users] Direct connection to Oracle supported?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Direct connection to Oracle supported?
|
From: Brian M. <Br...@EC...> - 2013-10-24 14:56:15
|
Thanks for the sample command and output. It turns out there was a case sensitivity issue. oracle:// vs Oracle:// Once I solved that, sqlmap began complaining about a missing cx_Oracle.py The Kali installation it seems is missing the Oracle client and python libraries. Does sqlmap need a specifc version of these files? > Hi. > > sqlmap supports it. Sample console output: > > $ python sqlmap.py -d "oracle://SYSTEM:testpass@192.168.5.27:1521/testdb" > -v 5 --banner > > sqlmap/1.0-dev-8dac47f - automatic SQL injection and database takeover > tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 20:15:37 > > [20:15:37] [DEBUG] cleaning up configuration parameters > [20:15:37] [DEBUG] forcing timeout to 10 seconds > [20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 established > [20:15:37] [INFO] the back-end DBMS is Oracle > [20:15:37] [INFO] fetching banner > [20:15:37] [PAYLOAD] SELECT NVL(CAST(banner AS VARCHAR(4000)),' ') FROM > v$version WHERE ROWNUM=1 > back-end DBMS: Oracle > banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - > Prod' > [20:15:37] [INFO] connection to oracle server 192.168.5.27:1521 closed > > [*] shutting down at 20:15:37 > > Could you please check that you run the latest revision from the Github > repository and try to run it with -v 5? Strange thing with your case is > "sqlmap was not able to fingerprint..." while there is no fingerprinting in > sqlmap's direct mode (at least in HEAD revision). > > Kind regards, > Miroslav Stampar |
