sqlmap-users Mailing List for sqlmap (Page 103)
Brought to you by:
inquisb
You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Rajesh A. <ra...@gm...> - 2011-03-03 11:14:27
|
OK. Thanks a lot. On Thu, Mar 3, 2011 at 4:12 PM, Miroslav Stampar <mir...@gm... > wrote: > hi Rajesh > > you are using pretty outdated version. please update to the latest > 0.9/dev version from our repository to have it fixed: > svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev > > kr > > On Thu, Mar 3, 2011 at 11:34 AM, Rajesh A. <ra...@gm...> wrote: > > [ERROR] unhandled exception in sqlmap/0.8, please copy the command line > and > > the following text and send by e-mail to > sql...@li.... > > The developer will fix it as soon as possible: > > sqlmap version: 0.8 > > Python version: 2.5.2 > > Operating system: linux2 > > Traceback (most recent call last): > > File "./sqlmap.py", line 77, in main > > start() > > File "/home/rajesh/mysoft/sqlmap/lib/controller/controller.py", line > 259, > > in start > > action() > > File "/home/rajesh/mysoft/sqlmap/lib/controller/action.py", line 144, > in > > action > > conf.dbmsHandler.osPwn() > > File "/home/rajesh/mysoft/sqlmap/plugins/generic/takeover.py", line > 169, > > in osPwn > > self.initEnv(web=web) > > File "/home/rajesh/mysoft/sqlmap/lib/takeover/abstraction.py", line > 155, > > in initEnv > > self.webInit() > > File "/home/rajesh/mysoft/sqlmap/lib/takeover/web.py", line 189, in > > webInit > > uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, > > raise404=False) > > File "/home/rajesh/mysoft/sqlmap/lib/request/connect.py", line 126, in > > getPage > > conn = urllib2.urlopen(req) > > File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen > > return _opener.open(url, data) > > File "/usr/lib/python2.5/urllib2.py", line 381, in open > > response = self._open(req, data) > > File "/usr/lib/python2.5/urllib2.py", line 399, in _open > > '_open', req) > > File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain > > result = func(*args) > > File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open > > return self.do_open(httplib.HTTPConnection, req) > > File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open > > h = http_class(host) # will parse host:port > > File "/usr/lib/python2.5/httplib.py", line 639, in __init__ > > self._set_hostport(host, port) > > File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport > > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > > InvalidURL: nonnumeric port: '' > > > > > ------------------------------------------------------------------------------ > > Free Software Download: Index, Search & Analyze Logs and other IT data in > > Real-Time with Splunk. Collect, index and harness all the fast moving IT > > data > > generated by your applications, servers and devices whether physical, > > virtual > > or in the cloud. Deliver compliance at lower cost and gain new business > > insights. http://p.sf.net/sfu/splunk-dev2dev > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
From: Miroslav S. <mir...@gm...> - 2011-03-03 10:42:31
|
hi Rajesh you are using pretty outdated version. please update to the latest 0.9/dev version from our repository to have it fixed: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev kr On Thu, Mar 3, 2011 at 11:34 AM, Rajesh A. <ra...@gm...> wrote: > [ERROR] unhandled exception in sqlmap/0.8, please copy the command line and > the following text and send by e-mail to sql...@li.... > The developer will fix it as soon as possible: > sqlmap version: 0.8 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > start() > File "/home/rajesh/mysoft/sqlmap/lib/controller/controller.py", line 259, > in start > action() > File "/home/rajesh/mysoft/sqlmap/lib/controller/action.py", line 144, in > action > conf.dbmsHandler.osPwn() > File "/home/rajesh/mysoft/sqlmap/plugins/generic/takeover.py", line 169, > in osPwn > self.initEnv(web=web) > File "/home/rajesh/mysoft/sqlmap/lib/takeover/abstraction.py", line 155, > in initEnv > self.webInit() > File "/home/rajesh/mysoft/sqlmap/lib/takeover/web.py", line 189, in > webInit > uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, > raise404=False) > File "/home/rajesh/mysoft/sqlmap/lib/request/connect.py", line 126, in > getPage > conn = urllib2.urlopen(req) > File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen > return _opener.open(url, data) > File "/usr/lib/python2.5/urllib2.py", line 381, in open > response = self._open(req, data) > File "/usr/lib/python2.5/urllib2.py", line 399, in _open > '_open', req) > File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain > result = func(*args) > File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open > h = http_class(host) # will parse host:port > File "/usr/lib/python2.5/httplib.py", line 639, in __init__ > self._set_hostport(host, port) > File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > InvalidURL: nonnumeric port: '' > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT > data > generated by your applications, servers and devices whether physical, > virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: Miroslav S. <mir...@gm...> - 2011-03-03 10:39:18
|
sorry, i meant r3390 kr On Thu, Mar 3, 2011 at 11:38 AM, Miroslav Stampar <mir...@gm...> wrote: > minor update > > latest r3389 also deals with some parts of this issue > > kr > > On Thu, Mar 3, 2011 at 10:44 AM, Miroslav Stampar > <mir...@gm...> wrote: >> hi black zero >> >> could you please try it now with r3389. problem is potentially fixed now. >> >> kr >> >> On Thu, Mar 3, 2011 at 7:50 AM, black zero <tim...@gm...> wrote: >>> sqlmap version: 0.9-dev (r3388) >>> Python version: 2.6.6 >>> Operating system: posix >>> Command line: sqlmap.py -u ************************************************ >>> --forms --user-agent Googlebot -v 3 >>> Technique: None >>> Back-end DBMS: None (identified) >>> Traceback (most recent call last): >>> File "sqlmap.py", line 82, in main >>> start() >>> File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 253, in >>> start >>> if not checkConnection(suppressOutput=conf.forms) or not checkString() >>> or not checkRegexp(): >>> File "/home/z00/sqlmap-dev/lib/controller/checks.py", line 799, in >>> checkConnection >>> page, _ = Request.queryPage(content=True) >>> File "/home/z00/sqlmap-dev/lib/request/connect.py", line 427, in queryPage >>> post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or >>> not value else value) >>> File "/home/z00/sqlmap-dev/lib/core/convert.py", line 90, in urlencode >>> result = urllib.quote(utf8encode(value), safe) >>> File "/home/z00/sqlmap-dev/lib/core/convert.py", line 95, in utf8encode >>> return value.encode("utf-8") >>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xf6 in position 22: >>> ordinal not in range(128) >>> >>> [*] shutting down at: 08:49:21 >>> >>> >>> ------------------------------------------------------------------------------ >>> Free Software Download: Index, Search & Analyze Logs and other IT data in >>> Real-Time with Splunk. Collect, index and harness all the fast moving IT >>> data >>> generated by your applications, servers and devices whether physical, >>> virtual >>> or in the cloud. Deliver compliance at lower cost and gain new business >>> insights. http://p.sf.net/sfu/splunk-dev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: Miroslav S. <mir...@gm...> - 2011-03-03 10:38:59
|
minor update latest r3389 also deals with some parts of this issue kr On Thu, Mar 3, 2011 at 10:44 AM, Miroslav Stampar <mir...@gm...> wrote: > hi black zero > > could you please try it now with r3389. problem is potentially fixed now. > > kr > > On Thu, Mar 3, 2011 at 7:50 AM, black zero <tim...@gm...> wrote: >> sqlmap version: 0.9-dev (r3388) >> Python version: 2.6.6 >> Operating system: posix >> Command line: sqlmap.py -u ************************************************ >> --forms --user-agent Googlebot -v 3 >> Technique: None >> Back-end DBMS: None (identified) >> Traceback (most recent call last): >> File "sqlmap.py", line 82, in main >> start() >> File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 253, in >> start >> if not checkConnection(suppressOutput=conf.forms) or not checkString() >> or not checkRegexp(): >> File "/home/z00/sqlmap-dev/lib/controller/checks.py", line 799, in >> checkConnection >> page, _ = Request.queryPage(content=True) >> File "/home/z00/sqlmap-dev/lib/request/connect.py", line 427, in queryPage >> post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or >> not value else value) >> File "/home/z00/sqlmap-dev/lib/core/convert.py", line 90, in urlencode >> result = urllib.quote(utf8encode(value), safe) >> File "/home/z00/sqlmap-dev/lib/core/convert.py", line 95, in utf8encode >> return value.encode("utf-8") >> UnicodeDecodeError: 'ascii' codec can't decode byte 0xf6 in position 22: >> ordinal not in range(128) >> >> [*] shutting down at: 08:49:21 >> >> >> ------------------------------------------------------------------------------ >> Free Software Download: Index, Search & Analyze Logs and other IT data in >> Real-Time with Splunk. Collect, index and harness all the fast moving IT >> data >> generated by your applications, servers and devices whether physical, >> virtual >> or in the cloud. Deliver compliance at lower cost and gain new business >> insights. http://p.sf.net/sfu/splunk-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: Rajesh A. <ra...@gm...> - 2011-03-03 10:34:26
|
[ERROR] unhandled exception in sqlmap/0.8, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.8 Python version: 2.5.2 Operating system: linux2 Traceback (most recent call last): File "./sqlmap.py", line 77, in main start() File "/home/rajesh/mysoft/sqlmap/lib/controller/controller.py", line 259, in start action() File "/home/rajesh/mysoft/sqlmap/lib/controller/action.py", line 144, in action conf.dbmsHandler.osPwn() File "/home/rajesh/mysoft/sqlmap/plugins/generic/takeover.py", line 169, in osPwn self.initEnv(web=web) File "/home/rajesh/mysoft/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv self.webInit() File "/home/rajesh/mysoft/sqlmap/lib/takeover/web.py", line 189, in webInit uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False) File "/home/rajesh/mysoft/sqlmap/lib/request/connect.py", line 126, in getPage conn = urllib2.urlopen(req) File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen return _opener.open(url, data) File "/usr/lib/python2.5/urllib2.py", line 381, in open response = self._open(req, data) File "/usr/lib/python2.5/urllib2.py", line 399, in _open '_open', req) File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain result = func(*args) File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open return self.do_open(httplib.HTTPConnection, req) File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open h = http_class(host) # will parse host:port File "/usr/lib/python2.5/httplib.py", line 639, in __init__ self._set_hostport(host, port) File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) InvalidURL: nonnumeric port: '' |
From: Miroslav S. <mir...@gm...> - 2011-03-03 09:44:30
|
hi black zero could you please try it now with r3389. problem is potentially fixed now. kr On Thu, Mar 3, 2011 at 7:50 AM, black zero <tim...@gm...> wrote: > sqlmap version: 0.9-dev (r3388) > Python version: 2.6.6 > Operating system: posix > Command line: sqlmap.py -u ************************************************ > --forms --user-agent Googlebot -v 3 > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "sqlmap.py", line 82, in main > start() > File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 253, in > start > if not checkConnection(suppressOutput=conf.forms) or not checkString() > or not checkRegexp(): > File "/home/z00/sqlmap-dev/lib/controller/checks.py", line 799, in > checkConnection > page, _ = Request.queryPage(content=True) > File "/home/z00/sqlmap-dev/lib/request/connect.py", line 427, in queryPage > post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or > not value else value) > File "/home/z00/sqlmap-dev/lib/core/convert.py", line 90, in urlencode > result = urllib.quote(utf8encode(value), safe) > File "/home/z00/sqlmap-dev/lib/core/convert.py", line 95, in utf8encode > return value.encode("utf-8") > UnicodeDecodeError: 'ascii' codec can't decode byte 0xf6 in position 22: > ordinal not in range(128) > > [*] shutting down at: 08:49:21 > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT > data > generated by your applications, servers and devices whether physical, > virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: black z. <tim...@gm...> - 2011-03-03 06:50:39
|
sqlmap version: 0.9-dev (r3388) Python version: 2.6.6 Operating system: posix Command line: sqlmap.py -u ************************************************ --forms --user-agent Googlebot -v 3 Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "sqlmap.py", line 82, in main start() File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 253, in start if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): File "/home/z00/sqlmap-dev/lib/controller/checks.py", line 799, in checkConnection page, _ = Request.queryPage(content=True) File "/home/z00/sqlmap-dev/lib/request/connect.py", line 427, in queryPage post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value) File "/home/z00/sqlmap-dev/lib/core/convert.py", line 90, in urlencode result = urllib.quote(utf8encode(value), safe) File "/home/z00/sqlmap-dev/lib/core/convert.py", line 95, in utf8encode return value.encode("utf-8") UnicodeDecodeError: 'ascii' codec can't decode byte 0xf6 in position 22: ordinal not in range(128) [*] shutting down at: 08:49:21 |
From: Miroslav S. <mir...@gm...> - 2011-03-02 10:34:24
|
hi again. this is an annoying known python/urllib2 bug/issue (you can google: maximum recursive basicauth) which we previously patched, but it appears that it needed some more work. with r3387 it should be completely "patched". tested on windows (python 2.6.5) and linux (python 2.6.6) platforms. kr On Wed, Mar 2, 2011 at 11:19 AM, Miroslav Stampar <mir...@gm...> wrote: > thx for reporting. > > i've been able to reproduce it only on Windows machine (we've fixed > the issue before but it appears that Windows needs some more fixing) > > on it > > kr > > On Tue, Mar 1, 2011 at 4:22 PM, <nig...@em...> wrote: >> >> Hi i tryed a simple testing with not special commands and sqlmap gets an runtime error >> >> Revision 3385 >> sqlmap -u "www.xxxxxxxxx.xxx/members/content.php?show=videos§ion=5&videoset=1" --auth-type=Basic --auth-cred=xxxx:xxxx --random-agent --retries=6 --level 5 --risk 3 -f -b >> >> File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed >> self, auth_header, host, req, headers) >> File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed >> return self.retry_http_basic_auth(host, req, realm) >> File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth >> return self.parent.open(req, timeout=req.timeout) >> File "C:\Python26\lib\urllib2.py", line 397, in open >> response = meth(req, response) >> File "C:\Python26\lib\urllib2.py", line 510, in http_response >> 'http', request, response, code, msg, hdrs) >> File "C:\Python26\lib\urllib2.py", line 429, in error >> result = self._call_chain(*args) >> File "C:\Python26\lib\urllib2.py", line 369, in _call_chain >> result = func(*args) >> File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 >> url, req, headers) >> File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed >> self, auth_header, host, req, headers) >> File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed >> return self.retry_http_basic_auth(host, req, realm) >> File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth >> return self.parent.open(req, timeout=req.timeout) >> File "C:\Python26\lib\urllib2.py", line 391, in open >> response = self._open(req, data) >> File "C:\Python26\lib\urllib2.py", line 409, in _open >> '_open', req) >> File "C:\Python26\lib\urllib2.py", line 369, in _call_chain >> result = func(*args) >> File "C:\Python26\lib\urllib2.py", line 1161, in http_open >> return self.do_open(httplib.HTTPConnection, req) >> File "C:\Python26\lib\urllib2.py", line 1107, in do_open >> h = http_class(host, timeout=req.timeout) # will parse host:port >> RuntimeError: maximum recursion depth exceeded >> >> [*] shutting down at: 16:10:41 >> >> ------------------------------------------------------------------------------ >> Free Software Download: Index, Search & Analyze Logs and other IT data in >> Real-Time with Splunk. Collect, index and harness all the fast moving IT data >> generated by your applications, servers and devices whether physical, virtual >> or in the cloud. Deliver compliance at lower cost and gain new business >> insights. http://p.sf.net/sfu/splunk-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: Miroslav S. <mir...@gm...> - 2011-03-02 10:19:15
|
thx for reporting. i've been able to reproduce it only on Windows machine (we've fixed the issue before but it appears that Windows needs some more fixing) on it kr On Tue, Mar 1, 2011 at 4:22 PM, <nig...@em...> wrote: > > Hi i tryed a simple testing with not special commands and sqlmap gets an runtime error > > Revision 3385 > sqlmap -u "www.xxxxxxxxx.xxx/members/content.php?show=videos§ion=5&videoset=1" --auth-type=Basic --auth-cred=xxxx:xxxx --random-agent --retries=6 --level 5 --risk 3 -f -b > > File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed > self, auth_header, host, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 397, in open > response = meth(req, response) > File "C:\Python26\lib\urllib2.py", line 510, in http_response > 'http', request, response, code, msg, hdrs) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed > self, auth_header, host, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 1161, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "C:\Python26\lib\urllib2.py", line 1107, in do_open > h = http_class(host, timeout=req.timeout) # will parse host:port > RuntimeError: maximum recursion depth exceeded > > [*] shutting down at: 16:10:41 > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: <nig...@em...> - 2011-03-01 15:22:53
|
Hi i tryed a simple testing with not special commands and sqlmap gets an runtime error Revision 3385 sqlmap -u "www.xxxxxxxxx.xxx/members/content.php?show=videos§ion=5&videoset=1" --auth-type=Basic --auth-cred=xxxx:xxxx --random-agent --retries=6 --level 5 --risk 3 -f -b File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed self, auth_header, host, req, headers) File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) File "C:\Python26\lib\urllib2.py", line 397, in open response = meth(req, response) File "C:\Python26\lib\urllib2.py", line 510, in http_response 'http', request, response, code, msg, hdrs) File "C:\Python26\lib\urllib2.py", line 429, in error result = self._call_chain(*args) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 url, req, headers) File "C:\pentest\p\sqlmap.0.9\lib\request\basicauthhandler.py", line 33, in http_error_auth_reqed self, auth_header, host, req, headers) File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) File "C:\Python26\lib\urllib2.py", line 391, in open response = self._open(req, data) File "C:\Python26\lib\urllib2.py", line 409, in _open '_open', req) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\Python26\lib\urllib2.py", line 1161, in http_open return self.do_open(httplib.HTTPConnection, req) File "C:\Python26\lib\urllib2.py", line 1107, in do_open h = http_class(host, timeout=req.timeout) # will parse host:port RuntimeError: maximum recursion depth exceeded [*] shutting down at: 16:10:41 |
From: Bernardo D. A. G. <ber...@gm...> - 2011-03-01 10:09:04
|
Good idea. We will do so as soon as possible. Bernardo Damele A. G. This message was sent from a smartphone On 1 Mar 2011, at 00:39, "bu...@gm..." <bu...@gm...> wrote: > I find the current mailing list archive not very pleasant. > What do you think about subscribing the mailinglist to gmane? > > http://gmane.org/subscribe.php |
From: Bernardo D. A. G. <ber...@gm...> - 2011-03-01 10:08:27
|
Thanks for reminding that. We will certainly add it to the manual. Bernardo Damele A. G. This message was sent from a smartphone On 1 Mar 2011, at 00:39, "bu...@gm..." <bu...@gm...> wrote: > On 02/28/2011 04:30 PM, Bernardo Damele A. G. wrote: >> Hi, >> >> We have been updating the user's manual recently and we ask now for >> your help to review it. It is not completely updated with all of the >> 0.9 changes yet, many parts are marked as TODO, but we would like to >> read from you feedback, grammar fixes, what should be better >> explained, etc sooner rather than later. >> >> You will certainly notice that from over 80 pages now it's around 40. >> This is because we got rid of all the useless examples and kept the >> only really necessary ones now. I expect the manual to be around 50 >> pages when fully updated. > > Don't forget to mention this feature: > http://sourceforge.net/mailarchive/message.php?msg_id=26217333 > > probably something for chapter 5.5.1. > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: David G. <sk...@gm...> - 2011-03-01 01:02:59
|
--technique also, for sure. On Mon, Feb 28, 2011 at 9:38 PM, <bu...@gm...> wrote: > On 02/28/2011 04:30 PM, Bernardo Damele A. G. wrote: > > Hi, > > > > We have been updating the user's manual recently and we ask now for > > your help to review it. It is not completely updated with all of the > > 0.9 changes yet, many parts are marked as TODO, but we would like to > > read from you feedback, grammar fixes, what should be better > > explained, etc sooner rather than later. > > > > You will certainly notice that from over 80 pages now it's around 40. > > This is because we got rid of all the useless examples and kept the > > only really necessary ones now. I expect the manual to be around 50 > > pages when fully updated. > > Don't forget to mention this feature: > http://sourceforge.net/mailarchive/message.php?msg_id=26217333 > > probably something for chapter 5.5.1. > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT > data > generated by your applications, servers and devices whether physical, > virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- David Gomes Guimarães |
From: <bu...@gm...> - 2011-03-01 00:40:04
|
I find the current mailing list archive not very pleasant. What do you think about subscribing the mailinglist to gmane? http://gmane.org/subscribe.php |
From: <bu...@gm...> - 2011-03-01 00:38:53
|
On 02/28/2011 04:30 PM, Bernardo Damele A. G. wrote: > Hi, > > We have been updating the user's manual recently and we ask now for > your help to review it. It is not completely updated with all of the > 0.9 changes yet, many parts are marked as TODO, but we would like to > read from you feedback, grammar fixes, what should be better > explained, etc sooner rather than later. > > You will certainly notice that from over 80 pages now it's around 40. > This is because we got rid of all the useless examples and kept the > only really necessary ones now. I expect the manual to be around 50 > pages when fully updated. Don't forget to mention this feature: http://sourceforge.net/mailarchive/message.php?msg_id=26217333 probably something for chapter 5.5.1. |
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-28 15:51:51
|
Hi, When you report a bug, suggest a new feature we did not come up with yet or extensively beta-test sqlmap, your name and email end up in the contributors[1] text file. If you think that your name is missing, misspelled, referenced inappropriately or simply want it to be removed, please say so privately by email. [1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS Thank you. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-28 15:30:58
|
Hi, We have been updating the user's manual recently and we ask now for your help to review it. It is not completely updated with all of the 0.9 changes yet, many parts are marked as TODO, but we would like to read from you feedback, grammar fixes, what should be better explained, etc sooner rather than later. You will certainly notice that from over 80 pages now it's around 40. This is because we got rid of all the useless examples and kept the only really necessary ones now. I expect the manual to be around 50 pages when fully updated. Cheers, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-28 15:00:02
|
sqlmap does not implement itself any call to xp_getfiledetails. If you provide it within the --sql-shell, try to increase the verbosity level (-v 3 would suffice) and provide also --parse-errors and -t traffic.log to the command line. You can then see in real time if any DBMS error message is raised when executing the xp_getfiledetails procedure. Also, by reading through the generated traffic.log file you might find further error messages. Feel free to provide us with the masked file privately. Cheers, Bernardo On 28 February 2011 02:30, Johnny Venter <Joh...@zo...> wrote: > Does sqlmap currently implement an alternative to "xp_getfiledetails"? > > I am working with a MSSQL 2000 Server and has access via "--sql-shell" as a limited user account. > > This stored procedure is works as a low level user but am having hard time getting results from db server. > > > > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
From: Johnny V. <Joh...@zo...> - 2011-02-28 02:40:27
|
I have tried --file-read but cannot get an errors or messages. On Feb 27, 2011, at 9:30 PM, Johnny Venter wrote: > Does sqlmap currently implement an alternative to "xp_getfiledetails"? > > I am working with a MSSQL 2000 Server and has access via "--sql-shell" as a limited user account. > > This stored procedure is works as a low level user but am having hard time getting results from db server. > > > > > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Johnny V. <Joh...@zo...> - 2011-02-28 02:31:14
|
Does sqlmap currently implement an alternative to "xp_getfiledetails"? I am working with a MSSQL 2000 Server and has access via "--sql-shell" as a limited user account. This stored procedure is works as a low level user but am having hard time getting results from db server. |
From: Miroslav S. <mir...@gm...> - 2011-02-26 17:49:43
|
done i believe we've fixed it few secs ago. tested against our testing environment and it works now ok. kr p.s. will do some further tests later today On Sat, Feb 26, 2011 at 6:43 PM, Miroslav Stampar <mir...@gm...> wrote: > we've traced the problem. will try to deal with it in 6 hour approx. > (now have to go out :) > > kr > > On Sat, Feb 26, 2011 at 5:16 AM, -insane- <in...@gm...> wrote: >> Hey, >> >> i've been using sqlmap and proxychains together for months and it >> allways worked fine for me. >> Today i updated to the latest revision (3369) and i tried to find and >> use UNION injections. >> In the past it was no problem, but with the latest revision i got one. >> After sqlmap reports the following: >> "target url appears to be UNION injectable with 22 columns" >> it connects to the target one last time and afterwards it stops to work. >> I tried some different targets and i also tried to use sqlmap without >> proxychains, but in all cases i got the same result. >> Is it a bug or am i making a mistake? >> >> The end of my output: >> [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns' >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns >> |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK >> ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase >> >> My very simple cmd: >> proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms >> mysql -p id --union-cols 21-22 >> >> Content of /usr/bin/sqlmap: >> #!/bin/sh >> python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@ >> >> ------------------------------------------------------------------------------ >> Free Software Download: Index, Search & Analyze Logs and other IT data in >> Real-Time with Splunk. Collect, index and harness all the fast moving IT data >> generated by your applications, servers and devices whether physical, virtual >> or in the cloud. Deliver compliance at lower cost and gain new business >> insights. http://p.sf.net/sfu/splunk-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: Miroslav S. <mir...@gm...> - 2011-02-26 17:43:35
|
we've traced the problem. will try to deal with it in 6 hour approx. (now have to go out :) kr On Sat, Feb 26, 2011 at 5:16 AM, -insane- <in...@gm...> wrote: > Hey, > > i've been using sqlmap and proxychains together for months and it > allways worked fine for me. > Today i updated to the latest revision (3369) and i tried to find and > use UNION injections. > In the past it was no problem, but with the latest revision i got one. > After sqlmap reports the following: > "target url appears to be UNION injectable with 22 columns" > it connects to the target one last time and afterwards it stops to work. > I tried some different targets and i also tried to use sqlmap without > proxychains, but in all cases i got the same result. > Is it a bug or am i making a mistake? > > The end of my output: > [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns' > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase > > My very simple cmd: > proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms > mysql -p id --union-cols 21-22 > > Content of /usr/bin/sqlmap: > #!/bin/sh > python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@ > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: Miroslav S. <mir...@gm...> - 2011-02-26 15:59:30
|
hi insane. "I tried some different targets and i also tried to use sqlmap without proxychains, but in all cases i got the same result. Is it a bug or am i making a mistake?" so, as i've understood, sqlmap works without proxychains but not with it in last couple of revisions? and you've tested with few different targets? could you please try to see what is the latest payload (that sqlmap stucks) - you can see payloads with usage of -v 3. also, could you please try to use that payload manually in web browser and see if everything works from there? i know that this would be a pain in the ass for you but it would be most helpful if you could revert few revisions back and report which revision got broke kr On Sat, Feb 26, 2011 at 5:16 AM, -insane- <in...@gm...> wrote: > Hey, > > i've been using sqlmap and proxychains together for months and it > allways worked fine for me. > Today i updated to the latest revision (3369) and i tried to find and > use UNION injections. > In the past it was no problem, but with the latest revision i got one. > After sqlmap reports the following: > "target url appears to be UNION injectable with 22 columns" > it connects to the target one last time and afterwards it stops to work. > I tried some different targets and i also tried to use sqlmap without > proxychains, but in all cases i got the same result. > Is it a bug or am i making a mistake? > > The end of my output: > [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns' > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns > |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK > ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase > > My very simple cmd: > proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms > mysql -p id --union-cols 21-22 > > Content of /usr/bin/sqlmap: > #!/bin/sh > python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@ > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: -insane- <in...@gm...> - 2011-02-26 04:16:16
|
Hey, i've been using sqlmap and proxychains together for months and it allways worked fine for me. Today i updated to the latest revision (3369) and i tried to find and use UNION injections. In the past it was no problem, but with the latest revision i got one. After sqlmap reports the following: "target url appears to be UNION injectable with 22 columns" it connects to the target one last time and afterwards it stops to work. I tried some different targets and i also tried to use sqlmap without proxychains, but in all cases i got the same result. Is it a bug or am i making a mistake? The end of my output: [03:12:04] [INFO] testing 'MySQL UNION query (NULL) - 21 to 22 columns' |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK [03:12:43] [INFO] target url appears to be UNION injectable with 22 columns |D-chain|-<>-xxx.xxx.xxx.xxx:8080-<><>-xxx.xxx.xxx.xxx:80-<><>-OK ^C[04:07:55] [WARNING] Ctrl+C detected in detection phase My very simple cmd: proxychains sqlmap -u "http://www.xxx.com/index.php?id=1&type=0" --dbms mysql -p id --union-cols 21-22 Content of /usr/bin/sqlmap: #!/bin/sh python2.6 /path2sqlmap/sqlmap-dev/sqlmap.py $@ |
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-24 10:44:09
|
Hi, There exist two families of out-of-band techniques: * oob to takeover the database server and get command execution on the underlying os: sqlmap implements several techniques to achieve this already both via tcp and icmp channel. Support for takeover oob via dns channel (udp) is planned and will be possibly added to 1.0. * oob to exfiltrate data from the database: you refer to this. sqlmap does not implement yet any technique. This can be achieved on a number of dbms via either tcp or udp channels (mssql openrowset, pgsql db_link, oracle utl_*, ...) This is planned and will potentially make it for 1.0 release. Cheers, Bernardo Damele A. G. This message was sent from a smartphone On 24 Feb 2011, at 07:21, Miroslav Stampar <mir...@gm...> wrote: > hi. > > we are planning OOB features for v1.0, especially DNS based like the > one you've mentioned. > > kr > > On Thu, Feb 24, 2011 at 12:27 AM, <bu...@gm...> wrote: >> Hi, >> >> will sqlmap support DNS exfiltration for dbms that have such a feature? >> e.g. >> oracle: >> UTL_INADDR.get_host_address() >> UTL_HTTP.REQUEST() >> >> for such a feature new options would be needed: >> --domain Domain used for exfitrating results. >> --port Port on which sqlmap should listen for incoming DNS requests. >> Default 53. >> The latter could be useful if root redirects traffic from 53 to a high >> port, where also non-root user could open a listener. This way sqlmap >> wouldn't have to run as root. >> >> let me know what you think about it. >> >> >> >> ------------------------------------------------------------------------------ >> Free Software Download: Index, Search & Analyze Logs and other IT data in >> Real-Time with Splunk. Collect, index and harness all the fast moving IT data >> generated by your applications, servers and devices whether physical, virtual >> or in the cloud. Deliver compliance at lower cost and gain new business >> insights. http://p.sf.net/sfu/splunk-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT data > generated by your applications, servers and devices whether physical, virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |