sqlmap-users Mailing List for sqlmap (Page 101)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2011-03-29 06:25:15
|
thx fixed kr On Tue, Mar 29, 2011 at 2:56 AM, m4l1c3 <mal...@gm...> wrote: > sqlmap version: 0.9-dev (r3513) > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -u *********************************************** > --batch -o --tables -D ************************** > Technique: ERROR > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 447, in start > action() > File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 91, in > action > conf.dumper.dbTables(conf.dbmsHandler.getTables()) > File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 169, in > dbTables > maxlength = max(maxlength, len(normalizeUnicode(table))) > TypeError: object of type 'NoneType' has no len() > > [*] shutting down at: 20:53:10 > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: m4l1c3 <mal...@gm...> - 2011-03-29 00:56:08
|
sqlmap version: 0.9-dev (r3513)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u ***********************************************
--batch -o --tables -D **************************
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
447, in start
action()
File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 91, in
action
conf.dumper.dbTables(conf.dbmsHandler.getTables())
File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 169, in
dbTables
maxlength = max(maxlength, len(normalizeUnicode(table)))
TypeError: object of type 'NoneType' has no len()
[*] shutting down at: 20:53:10
|
|
From: Miroslav S. <mir...@gm...> - 2011-03-28 11:09:31
|
p.s. new with this last commit is the support for non-standard identificator naming in all 4 major DBMSes (MySQL, Oracle, PgSQL, MsSQL). sqlmap will automatically try to enclose those identificator names with proper markings: example: SELECT id FROM table-name --> SELECT id FROM `table-name` (MySQL) SELECT id FROM table name with space --> SELECT id FROM "table name with space" (MsSQL) On Mon, Mar 28, 2011 at 1:04 PM, Miroslav Stampar <mir...@gm...> wrote: > hi m4l1c3. > > thank you for this bug report and find it fixed in last commit (r3503). > > kr > > On Sun, Mar 27, 2011 at 4:13 AM, m4l1c3 <mal...@gm...> wrote: >> >> [22:01:34] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >> with the latest development version from the Subversion repository. If the >> exception persists, please send by e-mail to >> sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the bug, >> fix it accordingly and get back to you. >> sqlmap version: 0.9-dev (r3498) >> Python version: 2.5.2 >> Operating system: posix >> Command line: ./sqlmap.py -g ******************* ext:aspx --batch -o --dump >> -C ******* >> Technique: TIME >> Back-end DBMS: Microsoft SQL Server (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 82, in main >> start() >> File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line >> 424, in start >> action() >> File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, in >> action >> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >> File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line >> 1237, in dumpTable >> self.searchColumn() >> File >> "/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line >> 336, in searchColumn >> dbs[db][tbl].update(kb.data.cachedColumns[db][tbl]) >> KeyError: u'dt_addtosourcecontrol' >> >> >> ------------------------------------------------------------------------------ >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-03-28 11:05:05
|
hi m4l1c3. thank you for this bug report and find it fixed in last commit (r3503). kr On Sun, Mar 27, 2011 at 4:13 AM, m4l1c3 <mal...@gm...> wrote: > > [22:01:34] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 0.9-dev (r3498) > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -g ******************* ext:aspx --batch -o --dump > -C ******* > Technique: TIME > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 424, in start > action() > File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, in > action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line > 1237, in dumpTable > self.searchColumn() > File > "/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line > 336, in searchColumn > dbs[db][tbl].update(kb.data.cachedColumns[db][tbl]) > KeyError: u'dt_addtosourcecontrol' > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-03-27 13:43:23
|
hi m4l1c3. thank you for this report and generally for your effort regarding bug reporting. find it fixed in the latest commit (r3500). kr On Sun, Mar 27, 2011 at 12:58 AM, m4l1c3 <mal...@gm...> wrote: > sqlmap version: 0.9-dev (r3498) > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -u **************************************** --dbs > --batch -o --forms > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 74, in main > init(cmdLineOptions) > File "/pentest/database/sqlmap-dev/lib/core/option.py", line 1461, in init > __findPageForms() > File "/pentest/database/sqlmap-dev/lib/core/option.py", line 443, in > __findPageForms > forms = ParseResponse(response, backwards_compat=False) > File "/pentest/database/sqlmap-dev/extra/clientform/clientform.py", line > 1064, in ParseResponse > return _ParseFileEx(response, response.geturl(), *args, **kwds)[1:] > AttributeError: 'unicode' object has no attribute 'geturl' > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: m4l1c3 <mal...@gm...> - 2011-03-27 02:13:32
|
[22:01:34] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3498)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -g ******************* ext:aspx --batch -o --dump
-C *******
Technique: TIME
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
424, in start
action()
File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, in
action
conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
1237, in dumpTable
self.searchColumn()
File
"/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line
336, in searchColumn
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
KeyError: u'dt_addtosourcecontrol'
|
|
From: m4l1c3 <mal...@gm...> - 2011-03-26 23:58:28
|
sqlmap version: 0.9-dev (r3498)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u **************************************** --dbs
--batch -o --forms
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 74, in main
init(cmdLineOptions)
File "/pentest/database/sqlmap-dev/lib/core/option.py", line 1461, in init
__findPageForms()
File "/pentest/database/sqlmap-dev/lib/core/option.py", line 443, in
__findPageForms
forms = ParseResponse(response, backwards_compat=False)
File "/pentest/database/sqlmap-dev/extra/clientform/clientform.py", line
1064, in ParseResponse
return _ParseFileEx(response, response.geturl(), *args, **kwds)[1:]
AttributeError: 'unicode' object has no attribute 'geturl'
|
|
From: Miroslav S. <mir...@gm...> - 2011-03-26 21:41:36
|
hi. this is implemented with r3496. support for Windows users is also incorporated through much slower 3rd party fcrypt module included in extra folder. kr On Fri, Mar 25, 2011 at 8:01 AM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > no problem. only thing is that this will be limited to sqlmap on Unix > platforms as we'll need to use crypt module > (http://docs.python.org/library/crypt.html). other (manual written) > solutions would be too slow. > > kr > > On Fri, Mar 25, 2011 at 5:58 AM, Kirill Morozov <l0...@l0...> wrote: >> Hi, Miroslav, >> >> please add standart DES hash(13 chars, 2 bytes salt) support to sqlmap. >> >> Thanks. >> >> -- >> Kirill Morozov >> KIMO2-RIPE, RHCE >> >> >> ------------------------------------------------------------------------------ >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-03-25 12:26:36
|
just to make it official to the list. commit r3479 fixed both this and bug reported by m4l1c3 kr On Fri, Mar 25, 2011 at 11:28 AM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > it's seems to be epidemical :) > > m4l1c3 reported it too 7 hours ago > > it would be great if you could send me the results of: --flush-session > -t traffic.txt -v 3 > > for that -v 3 if would be great if you could send me the console lines after: > [11:27:13] [INFO] fetching tables for database... > > kr > > On Fri, Mar 25, 2011 at 10:08 AM, Kirill Morozov <l0...@l0...> wrote: >> [12:04:57] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >> with the latest development version from the Subversion repository. If the >> exception persists, please send by e-mail to >> sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the bug, >> fix it accordingly and get back to you. >> sqlmap version: 0.9-dev (r3476) >> Python version: 2.6.5 >> Operating system: posix >> Command line: ./sqlmap.py -u >> ************************************************** --tables -D ************* >> Technique: UNION >> Back-end DBMS: MySQL (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 82, in main >> start() >> File "/root/sqlmap-dev/lib/controller/controller.py", line 424, in start >> action() >> File "/root/sqlmap-dev/lib/controller/action.py", line 91, in action >> conf.dumper.dbTables(conf.dbmsHandler.getTables()) >> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 827, in >> getTables >> for db, table in value: >> ValueError: too many values to unpack >> Do you need some additional info? >> >> -- >> Kirill Morozov >> KIMO2-RIPE, RHCE >> >> >> ------------------------------------------------------------------------------ >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-03-25 10:29:49
|
hi m4l1c3. could you please post me the results of: -t traffic.txt --flush-session? it would be of great help. kr On Fri, Mar 25, 2011 at 3:37 AM, m4l1c3 <mal...@gm...> wrote: > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -u > ******************************************************************************************************** > --batch -o --tables -D ****************** > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 424, in start > action() > File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 91, in > action > conf.dumper.dbTables(conf.dbmsHandler.getTables()) > File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line > 827, in getTables > for db, table in value: > ValueError: too many values to unpack > > --fingerprint is successful > --banner is successful > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-03-25 10:28:48
|
hi. it's seems to be epidemical :) m4l1c3 reported it too 7 hours ago it would be great if you could send me the results of: --flush-session -t traffic.txt -v 3 for that -v 3 if would be great if you could send me the console lines after: [11:27:13] [INFO] fetching tables for database... kr On Fri, Mar 25, 2011 at 10:08 AM, Kirill Morozov <l0...@l0...> wrote: > [12:04:57] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 0.9-dev (r3476) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u > ************************************************** --tables -D ************* > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/root/sqlmap-dev/lib/controller/controller.py", line 424, in start > action() > File "/root/sqlmap-dev/lib/controller/action.py", line 91, in action > conf.dumper.dbTables(conf.dbmsHandler.getTables()) > File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 827, in > getTables > for db, table in value: > ValueError: too many values to unpack > Do you need some additional info? > > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Kirill M. <l0...@l0...> - 2011-03-25 09:08:41
|
[12:04:57] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3476)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u
************************************************** --tables -D *************
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/root/sqlmap-dev/lib/controller/controller.py", line 424, in start
action()
File "/root/sqlmap-dev/lib/controller/action.py", line 91, in action
conf.dumper.dbTables(conf.dbmsHandler.getTables())
File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 827, in
getTables
for db, table in value:
ValueError: too many values to unpack
Do you need some additional info?
--
Kirill Morozov
KIMO2-RIPE, RHCE
|
|
From: Miroslav S. <mir...@gm...> - 2011-03-25 07:01:29
|
hi. no problem. only thing is that this will be limited to sqlmap on Unix platforms as we'll need to use crypt module (http://docs.python.org/library/crypt.html). other (manual written) solutions would be too slow. kr On Fri, Mar 25, 2011 at 5:58 AM, Kirill Morozov <l0...@l0...> wrote: > Hi, Miroslav, > > please add standart DES hash(13 chars, 2 bytes salt) support to sqlmap. > > Thanks. > > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Kirill M. <l0...@l0...> - 2011-03-25 05:00:49
|
Hi, Miroslav, please add standart DES hash(13 chars, 2 bytes salt) support to sqlmap. Thanks. -- Kirill Morozov KIMO2-RIPE, RHCE |
|
From: m4l1c3 <mal...@gm...> - 2011-03-25 02:37:06
|
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u
********************************************************************************************************
--batch -o --tables -D ******************
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
424, in start
action()
File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 91, in
action
conf.dumper.dbTables(conf.dbmsHandler.getTables())
File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
827, in getTables
for db, table in value:
ValueError: too many values to unpack
--fingerprint is successful
--banner is successful
|
|
From: Miroslav S. <mir...@gm...> - 2011-03-24 16:10:56
|
"Sorry for delay, works fine now thanks" just to put it official. kr On Thu, Mar 24, 2011 at 1:20 PM, Miroslav Stampar <mir...@gm...> wrote: > hi > > is there a possibility to send privately result of that run with > switch -t traffic.txt (with --flush-session or --fresh-queries)? > > kr > > On Thu, Mar 24, 2011 at 12:21 PM, Alone Shell > <alo...@gm...> wrote: >> Hi all, >> First at all, sorry for my English and congrats for this great tool xD >> ok, I'm auditing a web application with iis5 and SQL Server 2000 and in all >> the enumeration techniques (--dbs, --users ... ) the number of entities >> retrieved is greater than the real retrieved data, resulting in duplicated >> entries. >> ------ example >> $ ./sqlmap.py -u "****************************************************" >> --dbs >> ....... skipped >> [11:48:33] [INFO] the back-end DBMS is Microsoft SQL Server >> web server operating system: Windows 2000 >> web application technology: PHP 5.2.5, Microsoft IIS 5.0 >> back-end DBMS: Microsoft SQL Server 2000 >> [11:48:33] [INFO] fetching database names >> [11:48:33] [INFO] fetching number of databases >> [11:48:33] [INFO] retrieved: 12 >> [11:48:43] [INFO] retrieved: master >> [11:49:32] [INFO] retrieved: tempdb >> [11:50:27] [INFO] retrieved: model >> [11:51:14] [INFO] retrieved: msdb >> [11:51:54] [INFO] retrieved: *********** >> [11:53:34] [INFO] retrieved: *********** >> [11:54:23] [INFO] retrieved: *********** >> [11:55:02] [INFO] retrieved: *********** >> [11:55:52] [INFO] retrieved: master >> [11:56:41] [INFO] retrieved: model >> [11:57:34] [INFO] retrieved: msdb >> [11:58:07] [INFO] retrieved: *********** >> available databases [12]: >> [*] *********** >> [*] *********** >> [*] *********** >> [*] *********** >> [*] master >> [*] model >> [*] msdb >> [*] tempdb >> -------- end of example >> Regards >> >> ------------------------------------------------------------------------------ >> Enable your software for Intel(R) Active Management Technology to meet the >> growing manageability and security demands of your customers. Businesses >> are taking advantage of Intel(R) vPro (TM) technology - will your software >> be a part of the solution? Download the Intel(R) Manageability Checker >> today! http://p.sf.net/sfu/intel-dev2devmar >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-03-24 12:20:33
|
hi is there a possibility to send privately result of that run with switch -t traffic.txt (with --flush-session or --fresh-queries)? kr On Thu, Mar 24, 2011 at 12:21 PM, Alone Shell <alo...@gm...> wrote: > Hi all, > First at all, sorry for my English and congrats for this great tool xD > ok, I'm auditing a web application with iis5 and SQL Server 2000 and in all > the enumeration techniques (--dbs, --users ... ) the number of entities > retrieved is greater than the real retrieved data, resulting in duplicated > entries. > ------ example > $ ./sqlmap.py -u "****************************************************" > --dbs > ....... skipped > [11:48:33] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows 2000 > web application technology: PHP 5.2.5, Microsoft IIS 5.0 > back-end DBMS: Microsoft SQL Server 2000 > [11:48:33] [INFO] fetching database names > [11:48:33] [INFO] fetching number of databases > [11:48:33] [INFO] retrieved: 12 > [11:48:43] [INFO] retrieved: master > [11:49:32] [INFO] retrieved: tempdb > [11:50:27] [INFO] retrieved: model > [11:51:14] [INFO] retrieved: msdb > [11:51:54] [INFO] retrieved: *********** > [11:53:34] [INFO] retrieved: *********** > [11:54:23] [INFO] retrieved: *********** > [11:55:02] [INFO] retrieved: *********** > [11:55:52] [INFO] retrieved: master > [11:56:41] [INFO] retrieved: model > [11:57:34] [INFO] retrieved: msdb > [11:58:07] [INFO] retrieved: *********** > available databases [12]: > [*] *********** > [*] *********** > [*] *********** > [*] *********** > [*] master > [*] model > [*] msdb > [*] tempdb > -------- end of example > Regards > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Alone S. <alo...@gm...> - 2011-03-24 11:22:00
|
Hi all, First at all, sorry for my English and congrats for this great tool xD ok, I'm auditing a web application with iis5 and SQL Server 2000 and in all the enumeration techniques (--dbs, --users ... ) the number of entities retrieved is greater than the real retrieved data, resulting in duplicated entries. ------ example $ ./sqlmap.py -u "****************************************************" --dbs ....... skipped [11:48:33] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2000 web application technology: PHP 5.2.5, Microsoft IIS 5.0 back-end DBMS: Microsoft SQL Server 2000 [11:48:33] [INFO] fetching database names [11:48:33] [INFO] fetching number of databases [11:48:33] [INFO] retrieved: 12 [11:48:43] [INFO] retrieved: master [11:49:32] [INFO] retrieved: tempdb [11:50:27] [INFO] retrieved: model [11:51:14] [INFO] retrieved: msdb [11:51:54] [INFO] retrieved: *********** [11:53:34] [INFO] retrieved: *********** [11:54:23] [INFO] retrieved: *********** [11:55:02] [INFO] retrieved: *********** [11:55:52] [INFO] retrieved: master [11:56:41] [INFO] retrieved: model [11:57:34] [INFO] retrieved: msdb [11:58:07] [INFO] retrieved: *********** available databases [12]: [*] *********** [*] *********** [*] *********** [*] *********** [*] master [*] model [*] msdb [*] tempdb -------- end of example Regards |
|
From: Miroslav S. <mir...@gm...> - 2011-03-24 10:15:41
|
hi all.
with r3466 there is a new switch introduced. it's called
--fresh-queries and it has a similar functionality as --flush-session.
there are cases when you'll need to make new ("fresh") query results
without flushing the whole session file or removing lines from session
file manually. those cases are in major number of times bind to the
new revision when something before was just screwing results of
queries due to some bug (e.g. lots of None(s)) fixed afterwards. so,
this way you won't need to flush the whole session and repeat the
injection detection phase whole again. also, those new ("fresh")
queries will override the previous "resumable" results.
kr
--
Miroslav Stampar
E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B
|
|
From: Miroslav S. <mir...@gm...> - 2011-03-24 09:30:39
|
hi Kirill thank you for your report. find it fixed in the latest commit. there are popular "typos" out there with non-IANA (http://www.iana.org/assignments/character-sets) conformant values. that's why've put that warning message out there and we encourage you all to report such cases. thing is that if the encoding is unknown/invalid at the sqlmap run time, there are cases which could screw testing results (especially with language-specific characters). kr On Thu, Mar 24, 2011 at 10:14 AM, Kirill Morozov <l0...@l0...> wrote: >> if you tend to spot something for several times please report and >> >> we'll fix it as quick as we can. > > Thank your for quickly response. > While testing sites of my customers, i received this error from 2 different > sites. > [WARNING] unknown charset '8859-1'. Please report by e-mail to > sql...@li.... > (repeated many times, i think for each http query) > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Kirill M. <l0...@l0...> - 2011-03-24 09:15:06
|
> > if you tend to spot something for several times please report and we'll fix it as quick as we can. Thank your for quickly response. While testing sites of my customers, i received this error from 2 different sites. [WARNING] unknown charset '8859-1'. Please report by e-mail to sql...@li.... (repeated many times, i think for each http query) -- Kirill Morozov KIMO2-RIPE, RHCE |
|
From: Miroslav S. <mir...@gm...> - 2011-03-24 08:45:38
|
hi. thank you for your report. find it fixed in the latest revision. actually table value was None there and we weren't checking. if you tend to spot something for several times please report and we'll fix it as quick as we can. kr On Thu, Mar 24, 2011 at 9:20 AM, Kirill Morozov <l0...@l0...> wrote: > [08:07:06] [CRITICAL] there was a problem while hashing entry: u'Dud\xfa'. > Please report by e-mail to sql...@li.... > [08:07:06] [CRITICAL] there was a problem while hashing entry: u'el > caribe\xf1o'. Please report by e-mail to sql...@li.... > > > [08:07:06] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 0.9-dev (r3457) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u > **************************************************** --dump -D ******** -T > *********** > Technique: ERROR > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/root/sqlmap-dev/lib/controller/controller.py", line 427, in start > action() > File "/root/sqlmap-dev/lib/controller/action.py", line 103, in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1438, in > dumpTable > attackDumpedTable() > File "/root/sqlmap-dev/lib/utils/hash.py", line 264, in attackDumpedTable > if value.lower() == hash_.lower(): > AttributeError: 'NoneType' object has no attribute 'lower' > I saw this error 5-7 times. I think there hash_ is None. > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Kirill M. <l0...@l0...> - 2011-03-24 08:20:59
|
[08:07:06] [CRITICAL] there was a problem while hashing entry: u'Dud\xfa'.
Please report by e-mail to sql...@li....
[08:07:06] [CRITICAL] there was a problem while hashing entry: u'el
caribe\xf1o'. Please report by e-mail to sql...@li....
[08:07:06] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3457)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u
**************************************************** --dump -D ******** -T
***********
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/root/sqlmap-dev/lib/controller/controller.py", line 427, in start
action()
File "/root/sqlmap-dev/lib/controller/action.py", line 103, in action
conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 1438, in
dumpTable
attackDumpedTable()
File "/root/sqlmap-dev/lib/utils/hash.py", line 264, in attackDumpedTable
if value.lower() == hash_.lower():
AttributeError: 'NoneType' object has no attribute 'lower'
I saw this error 5-7 times. I think there hash_ is None.
--
Kirill Morozov
KIMO2-RIPE, RHCE
|
|
From: <bu...@gm...> - 2011-03-23 15:13:17
|
On 03/22/2011 08:03 PM, Miroslav Stampar wrote: > hi. > > now you can follow sqlmap also on: > http://news.gmane.org/gmane.comp.security.sqlmap > > for the time being only new messages are available there, but > hopefully gmane administrators will manage to import the archive > caring the rest. Great, thanks! |
|
From: Miroslav S. <mir...@gm...> - 2011-03-23 11:59:23
|
hi Kirill. you are right. it's should be disabled by default. now it can be enabled by usage of a switch --page-rank kr On Wed, Mar 23, 2011 at 11:07 AM, Kirill Morozov <l0...@l0...> wrote: > By default pagerank check is always enabled, but google can ban your IP if > you make too much requests. > I don't need PR check at all. Attached patch helps you to disable PR check > via config. I hope this will be in trunk. > Thanks. > > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > ------------------------------------------------------------------------------ > Enable your software for Intel(R) Active Management Technology to meet the > growing manageability and security demands of your customers. Businesses > are taking advantage of Intel(R) vPro (TM) technology - will your software > be a part of the solution? Download the Intel(R) Manageability Checker > today! http://p.sf.net/sfu/intel-dev2devmar > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
48 messages has been excluded from this view by a project administrator.
