sqlmap-users — sqlmap users mailing list

Re: [sqlmap-users] --method=GET vs. --data=

[Bernardo D. A. G. <ber...@gm...>]

Hi,

On 1 February 2011 22:16,  <bu...@gm...> wrote:
> ...
> If --data= is used it seams always to result in POST requests regardless
> of the --method switch
> "--data=DATA         Data string to be sent through POST"

Yes, this is as per design choice.

> this rises the question: What do you need --method for if the absence of
> --data results in GET request and the presence of --data results in POST
> requests.

In fact we do not.

> I would propose the following behaviour:
>
> - remove the --method switch and make the method depending on the fact
> that --data switch was used or not

I think that I agree on this.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] --method=GET vs. --data=

[<bu...@gm...>]

Hi,

after testing some parameters via HTTP POST requests I wanted to execute
the same test with GET request and changed only the --method= parameter

from:
... -u http://foo --method=POST --data="a=b&c=d"  ...

to:
... -u http://foo --method=GET --data="a=b&c=d"  ...

I expected it to be equally to
... -u "http://foo?a=b&c=d" --method=GET ...
or
... -u "http://foo?a=b&c=d" ...
bit id does send POST requests.

If --data= is used it seams always to result in POST requests regardless
of the --method switch
"--data=DATA         Data string to be sent through POST"

this rises the question: What do you need --method for if the absence of
--data results in GET request and the presence of --data results in POST
requests.

I would propose the following behaviour:

- remove the --method switch and make the method depending on the fact
that --data switch was used or not

OR

- omit the --data switch and make the method solely depending on the
--method switch (data would always be provided with the url even if it
is POST)
POST example: -u "http://foo?a=b&c=d" --method=POST
GET example -u "http://foo?a=b&c=d"
(no method switch => default method GET)

let me know what you think about it.
(no hurry for the actual implementation)

Re: [sqlmap-users] sqlmap and follow redirections sql-inj

[Miroslav S. <mir...@gm...>]

...you have been asked something like this for sure:

[01:25:06] [INFO] testing connection to the target url
sqlmap got a 302 redirect to http://www.someothersite.com/ - What
target address do you wa
nt to use from now on? http://www.site.com/index.php (default) or pro
vide another target address based also on the redirection got from the applicati
on

>

...and you've probably just pressed Enter. please read that part
carefully and choose wisely.

kr

On Sun, Jan 30, 2011 at 1:15 PM, Valentin Kurkov <zac...@gm...> wrote:
> [quote]
> Well, it such a great thing to help users which don't have common sense at
> all.
> [/quote]
> that was a joke..mda.
> ------------------
> sql-inj have 2 column,which stay visible only after the redirect to other
> page happened.havij work with it fine as non-blind.But i want non blind-inj
> with sqlmap.
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] suggestion - per character verify option

[Bernardo D. A. G. <ber...@gm...>]

If you can hold on a week that would be better as we are in the
process of fixing some major bugs these days.

Bernardo Damele A. G.

This message was sent from a smartphone

On 31 Jan 2011, at 16:50, Steve Pinkham <ste...@gm...> wrote:

> On 01/31/2011 11:08 AM, Miroslav Stampar wrote:
>> Hi.
>>
>> Implemented (r3154).
>>
>> Now every character retrieved via time-based inference is "fast"
>> verified after it has been retrieved (if unequal there is a time delay
>> and the retrieval is repeated for that character). That "validation"
>> is also prone to errors, but I must admit that with it quality of data
>> retrieval (in time based techniques) is going way up.
>>
>> KR
>
> Awesome work, thanks.
>
> We're about to push out the next revision of our Web Security Dojo
> project which includes the latest SVN version of sqlmap.
>
> Are there any show-stoppers you are aware of in r3157 that I should wait
> for a version in the near future instead?
>
> --
> | Steven Pinkham, Security Consultant    |
> | http://www.mavensecurity.com           |
> | GPG public key ID CD31CAFB             |
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] Approaching sqlmap 0.9 stable release

[Bernardo D. A. G. <ber...@gm...>]

Hi,

Over 10 months have passed since we released sqlmap 0.8 stable. A LOT
has been done since then. Having had Miroslav on board during the
whole release development time has been an incredible speed burst in
terms of development, brainstorming and users' support.
We have all benefit a lot. Thanks mate!

Your feedback has also increased and we do really appreciate it a lot.
Please, keep the bug reports and feature requests coming!

At this very moment we are focusing on closing down the last known
bugs, stabilising the code and testing it as much as possible across
our test environment (some ugly php/asp/asp.net pages with all DBMS
supported connected, nothing fancy and far away from being
"releasable").

In the upcoming weeks we will redesign the homepage and update the
documentation, including an all new FAQ.
Time permitting, by the beginning of March we will release 0.9.

We are constantly seeking for motivated developers to join the team -
especially hardcore GUI developers for 1.0 release ;)
Document writers, QA testers and software packagers are welcome too!

PS: we will not maintain .deb, .rpm and .exe anymore so if you are
patient enough to deal with Debian folks or able to package python
(with threading, etc.) into .exe and willing to give back some of your
time and know-how to the free software community, do not hesitate to
contact us. We do not bite.

Stay tuned!

Bernardo Damele A. G.

This message was sent from a semi-smartphone

Re: [sqlmap-users] suggestion - per character verify option

[Steve P. <ste...@gm...>]

On 01/31/2011 11:08 AM, Miroslav Stampar wrote:
> Hi.
> 
> Implemented (r3154).
> 
> Now every character retrieved via time-based inference is "fast"
> verified after it has been retrieved (if unequal there is a time delay
> and the retrieval is repeated for that character). That "validation"
> is also prone to errors, but I must admit that with it quality of data
> retrieval (in time based techniques) is going way up.
> 
> KR

Awesome work, thanks.

We're about to push out the next revision of our Web Security Dojo
project which includes the latest SVN version of sqlmap.

Are there any show-stoppers you are aware of in r3157 that I should wait
for a version in the near future instead?

-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |

Re: [sqlmap-users] suggestion - per character verify option

[Miroslav S. <mir...@gm...>]

:)

On Mon, Jan 31, 2011 at 5:12 PM, Andres Riancho
<and...@gm...> wrote:
> On Mon, Jan 31, 2011 at 1:08 PM, Miroslav Stampar
> <mir...@gm...> wrote:
>> Hi.
>>
>> Implemented (r3154).
>
> You guys rock.
>
>> Now every character retrieved via time-based inference is "fast"
>> verified after it has been retrieved (if unequal there is a time delay
>> and the retrieval is repeated for that character). That "validation"
>> is also prone to errors, but I must admit that with it quality of data
>> retrieval (in time based techniques) is going way up.
>>
>> KR
>>
>> On Tue, Jan 18, 2011 at 12:34 AM, Miroslav Stampar
>> <mir...@gm...> wrote:
>>> ...but still, i must say that this is quite good idea:
>>>
>>> "One way to increase the quality with little speed overhead would be an
>>> option to verify the character result of the blind binary search using
>>> an equals query and restarting just that character if the answer is not
>>> correct."
>>>
>>> and we'll try to implement it
>>>
>>> kr
>>>
>>> On Tue, Jan 18, 2011 at 12:31 AM, Miroslav Stampar
>>> <mir...@gm...> wrote:
>>>> Hi Steve.
>>>>
>>>> We can consider some mechanisms to improve it, but first of all keep it real.
>>>>
>>>> We are talking about a most delicate sql injection technique which is
>>>> highly prone to "outside entropy". It's precision is directly
>>>> inversely proportional to the time needed to retrieve all data, and
>>>> nobody wants to wait for some "useful" data "too long".
>>>>
>>>> So, IMHO, I am aware that here and there some character can go wrong
>>>> (either caused by line used or some change of the web servers load)
>>>> but still info retrieved is prone to personal filtration (in this case
>>>> everybody is aware that that 'A' there is a junk character).
>>>>
>>>> KR
>>>>
>>>> On Tue, Jan 18, 2011 at 12:17 AM, Steve Pinkham <ste...@gm...> wrote:
>>>>> First off, I'm loving the newest versions of sqlmap.. It's even better
>>>>> than ever, and by far my favourite tool in the space.
>>>>>
>>>>> Now that time-based injection is better supported, one of the side
>>>>> effects is that the quality of results has gone down for me.  For
>>>>> example on a site I'm testing, the banner results are:
>>>>>
>>>>> Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64)
>>>>> Where is should probably be
>>>>> Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64)
>>>>>
>>>>> And this is with a 20 second delay!
>>>>>
>>>>> One way to increase the quality with little speed overhead would be an
>>>>> option to verify the character result of the blind binary search using
>>>>> an equals query and restarting just that character if the answer is not
>>>>> correct.
>>>>>
>>>>> This should only add one request per character, and be much more time
>>>>> efficient than using a longer delay, using a safe url in between every
>>>>> request, or other mitigations that would increase the result quality at
>>>>> higher cost.
>>>>>
>>>>> Any thoughts?
>>>>> --
>>>>>  | Steven Pinkham, Security Consultant    |
>>>>>  | http://www.mavensecurity.com           |
>>>>>  | GPG public key ID CD31CAFB             |
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Protect Your Site and Customers from Malware Attacks
>>>>> Learn about various malware tactics and how to avoid them. Understand
>>>>> malware threats, the impact they can have on your business, and how you
>>>>> can protect your company and customers by using code signing.
>>>>> http://p.sf.net/sfu/oracle-sfdevnl
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sql...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Miroslav Stampar
>>>>
>>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>>> Mobile: +385921010204 (HR 0921010204)
>>>> PGP Key ID: 0xB5397B1B
>>>> Location: Zagreb, Croatia
>>>>
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>>
>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>> Mobile: +385921010204 (HR 0921010204)
>>> PGP Key ID: 0xB5397B1B
>>> Location: Zagreb, Croatia
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>>
>> ------------------------------------------------------------------------------
>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> Finally, a world-class log management solution at an even better price-free!
>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> February 28th, so secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsight-sfd2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] suggestion - per character verify option

[Andres R. <and...@gm...>]

On Mon, Jan 31, 2011 at 1:08 PM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi.
>
> Implemented (r3154).

You guys rock.

> Now every character retrieved via time-based inference is "fast"
> verified after it has been retrieved (if unequal there is a time delay
> and the retrieval is repeated for that character). That "validation"
> is also prone to errors, but I must admit that with it quality of data
> retrieval (in time based techniques) is going way up.
>
> KR
>
> On Tue, Jan 18, 2011 at 12:34 AM, Miroslav Stampar
> <mir...@gm...> wrote:
>> ...but still, i must say that this is quite good idea:
>>
>> "One way to increase the quality with little speed overhead would be an
>> option to verify the character result of the blind binary search using
>> an equals query and restarting just that character if the answer is not
>> correct."
>>
>> and we'll try to implement it
>>
>> kr
>>
>> On Tue, Jan 18, 2011 at 12:31 AM, Miroslav Stampar
>> <mir...@gm...> wrote:
>>> Hi Steve.
>>>
>>> We can consider some mechanisms to improve it, but first of all keep it real.
>>>
>>> We are talking about a most delicate sql injection technique which is
>>> highly prone to "outside entropy". It's precision is directly
>>> inversely proportional to the time needed to retrieve all data, and
>>> nobody wants to wait for some "useful" data "too long".
>>>
>>> So, IMHO, I am aware that here and there some character can go wrong
>>> (either caused by line used or some change of the web servers load)
>>> but still info retrieved is prone to personal filtration (in this case
>>> everybody is aware that that 'A' there is a junk character).
>>>
>>> KR
>>>
>>> On Tue, Jan 18, 2011 at 12:17 AM, Steve Pinkham <ste...@gm...> wrote:
>>>> First off, I'm loving the newest versions of sqlmap.. It's even better
>>>> than ever, and by far my favourite tool in the space.
>>>>
>>>> Now that time-based injection is better supported, one of the side
>>>> effects is that the quality of results has gone down for me.  For
>>>> example on a site I'm testing, the banner results are:
>>>>
>>>> Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64)
>>>> Where is should probably be
>>>> Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64)
>>>>
>>>> And this is with a 20 second delay!
>>>>
>>>> One way to increase the quality with little speed overhead would be an
>>>> option to verify the character result of the blind binary search using
>>>> an equals query and restarting just that character if the answer is not
>>>> correct.
>>>>
>>>> This should only add one request per character, and be much more time
>>>> efficient than using a longer delay, using a safe url in between every
>>>> request, or other mitigations that would increase the result quality at
>>>> higher cost.
>>>>
>>>> Any thoughts?
>>>> --
>>>>  | Steven Pinkham, Security Consultant    |
>>>>  | http://www.mavensecurity.com           |
>>>>  | GPG public key ID CD31CAFB             |
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Protect Your Site and Customers from Malware Attacks
>>>> Learn about various malware tactics and how to avoid them. Understand
>>>> malware threats, the impact they can have on your business, and how you
>>>> can protect your company and customers by using code signing.
>>>> http://p.sf.net/sfu/oracle-sfdevnl
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sql...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>>
>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>> Mobile: +385921010204 (HR 0921010204)
>>> PGP Key ID: 0xB5397B1B
>>> Location: Zagreb, Croatia
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

Re: [sqlmap-users] suggestion - per character verify option

[Miroslav S. <mir...@gm...>]

Hi.

Implemented (r3154).

Now every character retrieved via time-based inference is "fast"
verified after it has been retrieved (if unequal there is a time delay
and the retrieval is repeated for that character). That "validation"
is also prone to errors, but I must admit that with it quality of data
retrieval (in time based techniques) is going way up.

KR

On Tue, Jan 18, 2011 at 12:34 AM, Miroslav Stampar
<mir...@gm...> wrote:
> ...but still, i must say that this is quite good idea:
>
> "One way to increase the quality with little speed overhead would be an
> option to verify the character result of the blind binary search using
> an equals query and restarting just that character if the answer is not
> correct."
>
> and we'll try to implement it
>
> kr
>
> On Tue, Jan 18, 2011 at 12:31 AM, Miroslav Stampar
> <mir...@gm...> wrote:
>> Hi Steve.
>>
>> We can consider some mechanisms to improve it, but first of all keep it real.
>>
>> We are talking about a most delicate sql injection technique which is
>> highly prone to "outside entropy". It's precision is directly
>> inversely proportional to the time needed to retrieve all data, and
>> nobody wants to wait for some "useful" data "too long".
>>
>> So, IMHO, I am aware that here and there some character can go wrong
>> (either caused by line used or some change of the web servers load)
>> but still info retrieved is prone to personal filtration (in this case
>> everybody is aware that that 'A' there is a junk character).
>>
>> KR
>>
>> On Tue, Jan 18, 2011 at 12:17 AM, Steve Pinkham <ste...@gm...> wrote:
>>> First off, I'm loving the newest versions of sqlmap.. It's even better
>>> than ever, and by far my favourite tool in the space.
>>>
>>> Now that time-based injection is better supported, one of the side
>>> effects is that the quality of results has gone down for me.  For
>>> example on a site I'm testing, the banner results are:
>>>
>>> Microsoft SQL Seryer 2008 (RTM) - 10.0A1600.22 (X64)
>>> Where is should probably be
>>> Microsoft SQL Server 2008 (RTM) - 10.0.1600.22 (X64)
>>>
>>> And this is with a 20 second delay!
>>>
>>> One way to increase the quality with little speed overhead would be an
>>> option to verify the character result of the blind binary search using
>>> an equals query and restarting just that character if the answer is not
>>> correct.
>>>
>>> This should only add one request per character, and be much more time
>>> efficient than using a longer delay, using a safe url in between every
>>> request, or other mitigations that would increase the result quality at
>>> higher cost.
>>>
>>> Any thoughts?
>>> --
>>>  | Steven Pinkham, Security Consultant    |
>>>  | http://www.mavensecurity.com           |
>>>  | GPG public key ID CD31CAFB             |
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Protect Your Site and Customers from Malware Attacks
>>> Learn about various malware tactics and how to avoid them. Understand
>>> malware threats, the impact they can have on your business, and how you
>>> can protect your company and customers by using code signing.
>>> http://p.sf.net/sfu/oracle-sfdevnl
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

[sqlmap-users] PGP

[Miroslav S. <mir...@gm...>]

Hi all

One of users warned me about the problem with "plain text" mail
exchange of sensitive data (target URLs,...).

Just to let you know that myself and Bernardo have PGP key IDs inside
our mail signatures, so if you feel "uncomfortable" using "plain" old
mode, search and download key(s) on http://pgp.mit.edu/ and google for
how to pgp encrypt.

KR

-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] Problem found on sqlmap

[Bernardo D. A. G. <ber...@gm...>]

Thanks for reporting. Fixed and committed on yesterday.

Bernardo Damele A. G.

This message was sent from a smartphone

On 31 Jan 2011, at 09:36, Kyprianos Vasilopoulos <kyp...@at...>
wrote:

Hope it helps,

krumels-MacBook-Pro:sqlmap-dev krumel$ ./sqlmap.py -u
http://www.target.com/desc.asp?id=15 --users --passwords --is-dba --dump-all
-v 2


[13:33:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the command line, the following text and
any information needed to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3131)
Python version: 2.6.1
Operating system: posix
Technique: ERROR
Back-end DBMS: Oracle
Traceback (most recent call last):
  File "./sqlmap.py", line 83, in main
    start()
  File
"/Users/krumel/Desktop/sqlmap/sqlmap-dev/lib/controller/controller.py", line
414, in start
    action()
  File "/Users/krumel/Desktop/sqlmap/sqlmap-dev/lib/controller/action.py",
line 77, in action
    conf.dbmsHandler.getPasswordHashes(), "password hash")
  File
"/Users/krumel/Desktop/sqlmap/sqlmap-dev/plugins/generic/enumeration.py",
line 270, in getPasswordHashes
    if user in retrievedUsers:
TypeError: unhashable type: 'list'

[*] shutting down at: 13:33:22


------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] Problem with using Webscarab conversations

[Miroslav S. <mir...@gm...>]

Hi.

Are you positive that the site is injectable? Have you tried to
exploit it manually?

You can try to use advanced payloads with switches --level (e.g. 3)
and --risk (e.g. 3).

If you need help you can contact me privately.

KR

On Sun, Jan 30, 2011 at 9:13 PM, Antonios Atlasis
<ant...@gm...> wrote:
> Hi Miroslav,
>
> first of all, please let me apologize for my late response.
>
> I downloaded the latest svn tonight and I tested against webscarab
> conversation using the batch mode. It does seem to process them but it does
> not detect the existing SQLi.
>
> Please let me know if you want any further information.
>
> Antonios
>
> 2011/1/20 Miroslav Stampar <mir...@gm...>
>>
>> hi.
>>
>> with last commit you can find support for WebScarab log files. if you
>> find any "problems" related please report.
>>
>> only one warning: you won't be able to process POST requests as
>> WebScarab "smartly" stores their bodies in separate files.
>>
>> kr
>>
>> On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar
>> <mir...@gm...> wrote:
>> > hi Antonios.
>> >
>> > no worry. gonna fix it probably today.
>> >
>> > kr
>> >
>> > On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis
>> > <ant...@gm...> wrote:
>> >> Thanks for your reply.
>> >>
>> >> The problem is that the free version of Burpsuite does not allow to
>> >> save the
>> >> spidering results; this is why I rely on webscarab.
>> >>
>> >> Thanks again
>> >>
>> >> Antonios
>> >> .
>> >> 2011/1/20 Miroslav Stampar <mir...@gm...>
>> >>>
>> >>> LOL
>> >>>
>> >>> we've stated that we support WebScarab logs, while we don't :)
>> >>>
>> >>> thx for reporting.
>> >>>
>> >>> we'll see what we can do. in the mean time you can try to use Burp
>> >>> which logs we should support most definitely.
>> >>>
>> >>> kr
>> >>>
>> >>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar
>> >>> <mir...@gm...> wrote:
>> >>> > Downloading right now. Will report back.
>> >>> >
>> >>> > KR
>> >>> >
>> >>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis
>> >>> > <ant...@gm...> wrote:
>> >>> >> Hi Miroslav and thanks for your answer,
>> >>> >>
>> >>> >> I did reproduce the results a couple of times and you can easily do
>> >>> >> so.
>> >>> >>
>> >>> >> My target is the ctf6 lampsec security (you can downloaded from
>> >>> >> http://sourceforge.net/projects/lampsecurity/).
>> >>> >>
>> >>> >> After a very fast browsing, I crawled the rest of the site using
>> >>> >> Webscarab.
>> >>> >>
>> >>> >> I run the command sqlmap --batch -v 2 -l
>> >>> >> ../webscarab-logs/conversations/
>> >>> >>
>> >>> >> sqlmap failed to find any sqli.
>> >>> >>
>> >>> >> Then I run  sqlmap -u  http://192.168.163.128/index.php?id=4 (one
>> >>> >> of
>> >>> >> the
>> >>> >> vulnerable urls) and it does find the sqli vulnerability.
>> >>> >>
>> >>> >> please let me know if you want me to send you any logs.
>> >>> >>
>> >>> >> Regards
>> >>> >>
>> >>> >> Antonios
>> >>> >>
>> >>> >> 2011/1/18 Miroslav Stampar <mir...@gm...>
>> >>> >>>
>> >>> >>> Hi Antonios.
>> >>> >>>
>> >>> >>> main question is: are you able to reproduce this kind of behavior
>> >>> >>> again?
>> >>> >>>
>> >>> >>> if yes, then sqlmap really has some "bug" and it would be great if
>> >>> >>> you
>> >>> >>> could (maybe privately) provide is with further details from used
>> >>> >>> logs.
>> >>> >>>
>> >>> >>> if no, thing that comes to my mind and that can screw things up is
>> >>> >>> "dynamicity". we've worked hard to make a good
>> >>> >>> comparison/detection
>> >>> >>> engine together with dynamicity removal, but still, pages with
>> >>> >>> lots of
>> >>> >>> garbaged styles/tags/scripts... can screw things up, especially
>> >>> >>> when
>> >>> >>> only a small part of the page is affected by injection itself.
>> >>> >>> hence
>> >>> >>> there are switches like --string and --text-only (removes all
>> >>> >>> tags/scripts/styles and retrieves only pure text) that can do
>> >>> >>> miracles
>> >>> >>> in those kind of cases.
>> >>> >>>
>> >>> >>> KR
>> >>> >>>
>> >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis
>> >>> >>> <ant...@gm...> wrote:
>> >>> >>> >
>> >>> >>> > Hello to the list,
>> >>> >>> >
>> >>> >>> > after spidering a site that is vulnerable to SQLi with
>> >>> >>> > Webscarab, I
>> >>> >>> > fed
>> >>> >>> > its
>> >>> >>> > conversations directory to sqlmap using the -l option.
>> >>> >>> > sqlmap didn't find any SQLi vulnerable.
>> >>> >>> >
>> >>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which
>> >>> >>> > URL
>> >>> >>> > was
>> >>> >>> > also included in the webscarab conversations and it had also
>> >>> >>> > been
>> >>> >>> > tested
>> >>> >>> > before with sqlmap), and sqlmap did found this time the specific
>> >>> >>> > SQLi
>> >>> >>> > vulnerability.
>> >>> >>> >
>> >>> >>> > Has anyone else observed a problem using Webscarab
>> >>> >>> > conversations? Is
>> >>> >>> > there
>> >>> >>> > any tip or trick that I can use in order to solve this problem?
>> >>> >>> >
>> >>> >>> > Thanks in advance
>> >>> >>> >
>> >>> >>> > Antonios
>> >>> >>> >
>> >>> >>> >
>> >>> >>> >
>> >>> >>> >
>> >>> >>> > ------------------------------------------------------------------------------
>> >>> >>> > Protect Your Site and Customers from Malware Attacks
>> >>> >>> > Learn about various malware tactics and how to avoid them.
>> >>> >>> > Understand
>> >>> >>> > malware threats, the impact they can have on your business, and
>> >>> >>> > how
>> >>> >>> > you
>> >>> >>> > can protect your company and customers by using code signing.
>> >>> >>> > http://p.sf.net/sfu/oracle-sfdevnl
>> >>> >>> > _______________________________________________
>> >>> >>> > sqlmap-users mailing list
>> >>> >>> > sql...@li...
>> >>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >>> >>> >
>> >>> >>> >
>> >>> >>>
>> >>> >>>
>> >>> >>>
>> >>> >>> --
>> >>> >>> Miroslav Stampar
>> >>> >>>
>> >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> >>> >>> Mobile: +385921010204 (HR 0921010204)
>> >>> >>> PGP Key ID: 0xB5397B1B
>> >>> >>> Location: Zagreb, Croatia
>> >>> >>
>> >>> >>
>> >>> >>
>> >>> >
>> >>> >
>> >>> >
>> >>> > --
>> >>> > Miroslav Stampar
>> >>> >
>> >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com
>> >>> > Mobile: +385921010204 (HR 0921010204)
>> >>> > PGP Key ID: 0xB5397B1B
>> >>> > Location: Zagreb, Croatia
>> >>> >
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Miroslav Stampar
>> >>>
>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> >>> Mobile: +385921010204 (HR 0921010204)
>> >>> PGP Key ID: 0xB5397B1B
>> >>> Location: Zagreb, Croatia
>> >>
>> >>
>> >
>> >
>> >
>> > --
>> > Miroslav Stampar
>> >
>> > E-mail / Jabber: miroslav.stampar (at) gmail.com
>> > Mobile: +385921010204 (HR 0921010204)
>> > PGP Key ID: 0xB5397B1B
>> > Location: Zagreb, Croatia
>> >
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>
>
>
> --
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] dump-all bug

[Miroslav S. <mir...@gm...>]

thank you for your report.

fixed.

kr

On Mon, Jan 31, 2011 at 3:52 AM, m4l1c3 <mal...@gm...> wrote:
> ./sqlmap.py -u "http://hugeurl.whatev.php?param=77777" -p param --dump-all
> --exclude-sysdbs
>
>
> sqlmap version: 0.9-dev (r3139)
> Python version: 2.5.2
> Operating system: posix
> Technique: UNION
> Back-end DBMS: MySQL
> Traceback (most recent call last):
>   File "./sqlmap.py", line 83, in main
>     start()
>   File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
> 414, in start
>     action()
>   File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 106, in
> action
>     conf.dbmsHandler.dumpAll()
>   File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
> 1422, in dumpAll
>     conf.dumper.dbTableValues(data)
>   File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 366, in
> dbTableValues
>     self.__write("| %s%s" % (value, blank), n=False)
>   File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 38, in __write
>     dataToStdout(text)
>   File "/pentest/database/sqlmap-dev/lib/core/common.py", line 590, in
> dataToStdout
>     sys.stdout.write(data.encode(UNICODE_ENCODING, errors="replace"))
> TypeError: encode() takes no keyword arguments
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

[sqlmap-users] dump-all bug

[m4l1c3 <mal...@gm...>]

./sqlmap.py -u "http://hugeurl.whatev.php?param=77777" -p param --dump-all
--exclude-sysdbs


sqlmap version: 0.9-dev (r3139)
Python version: 2.5.2
Operating system: posix
Technique: UNION
Back-end DBMS: MySQL
Traceback (most recent call last):
  File "./sqlmap.py", line 83, in main
    start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
414, in start
    action()
  File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 106, in
action
    conf.dbmsHandler.dumpAll()
  File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
1422, in dumpAll
    conf.dumper.dbTableValues(data)
  File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 366, in
dbTableValues
    self.__write("| %s%s" % (value, blank), n=False)
  File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 38, in __write
    dataToStdout(text)
  File "/pentest/database/sqlmap-dev/lib/core/common.py", line 590, in
dataToStdout
    sys.stdout.write(data.encode(UNICODE_ENCODING, errors="replace"))
TypeError: encode() takes no keyword arguments

Re: [sqlmap-users] Problem with using Webscarab conversations

[Antonios A. <ant...@gm...>]

Hi Miroslav,

first of all, please let me apologize for my late response.

I downloaded the latest svn tonight and I tested against webscarab
conversation using the batch mode. It does seem to process them but it does
not detect the existing SQLi.

Please let me know if you want any further information.

Antonios

2011/1/20 Miroslav Stampar <mir...@gm...>

> hi.
>
> with last commit you can find support for WebScarab log files. if you
> find any "problems" related please report.
>
> only one warning: you won't be able to process POST requests as
> WebScarab "smartly" stores their bodies in separate files.
>
> kr
>
> On Thu, Jan 20, 2011 at 12:32 PM, Miroslav Stampar
> <mir...@gm...> wrote:
> > hi Antonios.
> >
> > no worry. gonna fix it probably today.
> >
> > kr
> >
> > On Thu, Jan 20, 2011 at 12:22 PM, Antonios Atlasis
> > <ant...@gm...> wrote:
> >> Thanks for your reply.
> >>
> >> The problem is that the free version of Burpsuite does not allow to save
> the
> >> spidering results; this is why I rely on webscarab.
> >>
> >> Thanks again
> >>
> >> Antonios
> >> .
> >> 2011/1/20 Miroslav Stampar <mir...@gm...>
> >>>
> >>> LOL
> >>>
> >>> we've stated that we support WebScarab logs, while we don't :)
> >>>
> >>> thx for reporting.
> >>>
> >>> we'll see what we can do. in the mean time you can try to use Burp
> >>> which logs we should support most definitely.
> >>>
> >>> kr
> >>>
> >>> On Wed, Jan 19, 2011 at 10:19 PM, Miroslav Stampar
> >>> <mir...@gm...> wrote:
> >>> > Downloading right now. Will report back.
> >>> >
> >>> > KR
> >>> >
> >>> > On Wed, Jan 19, 2011 at 9:28 PM, Antonios Atlasis
> >>> > <ant...@gm...> wrote:
> >>> >> Hi Miroslav and thanks for your answer,
> >>> >>
> >>> >> I did reproduce the results a couple of times and you can easily do
> so.
> >>> >>
> >>> >> My target is the ctf6 lampsec security (you can downloaded from
> >>> >> http://sourceforge.net/projects/lampsecurity/).
> >>> >>
> >>> >> After a very fast browsing, I crawled the rest of the site using
> >>> >> Webscarab.
> >>> >>
> >>> >> I run the command sqlmap --batch -v 2 -l
> >>> >> ../webscarab-logs/conversations/
> >>> >>
> >>> >> sqlmap failed to find any sqli.
> >>> >>
> >>> >> Then I run  sqlmap -u  http://192.168.163.128/index.php?id=4 (one
> of
> >>> >> the
> >>> >> vulnerable urls) and it does find the sqli vulnerability.
> >>> >>
> >>> >> please let me know if you want me to send you any logs.
> >>> >>
> >>> >> Regards
> >>> >>
> >>> >> Antonios
> >>> >>
> >>> >> 2011/1/18 Miroslav Stampar <mir...@gm...>
> >>> >>>
> >>> >>> Hi Antonios.
> >>> >>>
> >>> >>> main question is: are you able to reproduce this kind of behavior
> >>> >>> again?
> >>> >>>
> >>> >>> if yes, then sqlmap really has some "bug" and it would be great if
> you
> >>> >>> could (maybe privately) provide is with further details from used
> >>> >>> logs.
> >>> >>>
> >>> >>> if no, thing that comes to my mind and that can screw things up is
> >>> >>> "dynamicity". we've worked hard to make a good comparison/detection
> >>> >>> engine together with dynamicity removal, but still, pages with lots
> of
> >>> >>> garbaged styles/tags/scripts... can screw things up, especially
> when
> >>> >>> only a small part of the page is affected by injection itself.
> hence
> >>> >>> there are switches like --string and --text-only (removes all
> >>> >>> tags/scripts/styles and retrieves only pure text) that can do
> miracles
> >>> >>> in those kind of cases.
> >>> >>>
> >>> >>> KR
> >>> >>>
> >>> >>> On Tue, Jan 18, 2011 at 10:04 PM, Antonios Atlasis
> >>> >>> <ant...@gm...> wrote:
> >>> >>> >
> >>> >>> > Hello to the list,
> >>> >>> >
> >>> >>> > after spidering a site that is vulnerable to SQLi with Webscarab,
> I
> >>> >>> > fed
> >>> >>> > its
> >>> >>> > conversations directory to sqlmap using the -l option.
> >>> >>> > sqlmap didn't find any SQLi vulnerable.
> >>> >>> >
> >>> >>> > Then, I fed a vulnerable URL to sqlmap with the -u option (which
> URL
> >>> >>> > was
> >>> >>> > also included in the webscarab conversations and it had also been
> >>> >>> > tested
> >>> >>> > before with sqlmap), and sqlmap did found this time the specific
> >>> >>> > SQLi
> >>> >>> > vulnerability.
> >>> >>> >
> >>> >>> > Has anyone else observed a problem using Webscarab conversations?
> Is
> >>> >>> > there
> >>> >>> > any tip or trick that I can use in order to solve this problem?
> >>> >>> >
> >>> >>> > Thanks in advance
> >>> >>> >
> >>> >>> > Antonios
> >>> >>> >
> >>> >>> >
> >>> >>> >
> >>> >>> >
> ------------------------------------------------------------------------------
> >>> >>> > Protect Your Site and Customers from Malware Attacks
> >>> >>> > Learn about various malware tactics and how to avoid them.
> >>> >>> > Understand
> >>> >>> > malware threats, the impact they can have on your business, and
> how
> >>> >>> > you
> >>> >>> > can protect your company and customers by using code signing.
> >>> >>> > http://p.sf.net/sfu/oracle-sfdevnl
> >>> >>> > _______________________________________________
> >>> >>> > sqlmap-users mailing list
> >>> >>> > sql...@li...
> >>> >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>> >>> >
> >>> >>> >
> >>> >>>
> >>> >>>
> >>> >>>
> >>> >>> --
> >>> >>> Miroslav Stampar
> >>> >>>
> >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com
> >>> >>> Mobile: +385921010204 (HR 0921010204)
> >>> >>> PGP Key ID: 0xB5397B1B
> >>> >>> Location: Zagreb, Croatia
> >>> >>
> >>> >>
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> > --
> >>> > Miroslav Stampar
> >>> >
> >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com
> >>> > Mobile: +385921010204 (HR 0921010204)
> >>> > PGP Key ID: 0xB5397B1B
> >>> > Location: Zagreb, Croatia
> >>> >
> >>>
> >>>
> >>>
> >>> --
> >>> Miroslav Stampar
> >>>
> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com
> >>> Mobile: +385921010204 (HR 0921010204)
> >>> PGP Key ID: 0xB5397B1B
> >>> Location: Zagreb, Croatia
> >>
> >>
> >
> >
> >
> > --
> > Miroslav Stampar
> >
> > E-mail / Jabber: miroslav.stampar (at) gmail.com
> > Mobile: +385921010204 (HR 0921010204)
> > PGP Key ID: 0xB5397B1B
> > Location: Zagreb, Croatia
> >
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>



--

Re: [sqlmap-users] TypeError: unhashable type: 'list'

[Bernardo D. A. G. <ber...@gm...>]

Hi,

Can you please svn update and retry? This could have been fixed by
recent commits. If not, please provide us with the command line and
full sqlmap output.

Cheers,
Bernardo


On 26 January 2011 23:04, black zero <tim...@gm...> wrote:
> why mssql sa  pass dumping error?
>
> sqlmap version: 0.9-dev (r3115)
> Python version: 2.6.6
> Operating system: posix
> Traceback (most recent call last):
>   File "sqlmap.py", line 83, in main
>     start()
>   File "/home/john/sqlmap-dev/lib/controller/controller.py", line 414, in
> start
>     action()
>   File "/home/john/sqlmap-dev/lib/controller/action.py", line 77, in action
>     conf.dbmsHandler.getPasswordHashes(), "password hash")
>   File "/home/john/sqlmap-dev/plugins/generic/enumeration.py", line 270, in
> getPasswordHashes
>     if user in retrievedUsers:
> TypeError: unhashable type: 'list'
>
> [*] shutting down at: 01:01:22
>
> thanks
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] Problem found on sqlmap

[Kyprianos V. <kyp...@at...>]

Hope it helps,

krumels-MacBook-Pro:sqlmap-dev krumel$ ./sqlmap.py -u
http://www.target.com/desc.asp?id=15 --users --passwords --is-dba --dump-all
-v 2


[13:33:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the command line, the following text and
any information needed to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3131)
Python version: 2.6.1
Operating system: posix
Technique: ERROR
Back-end DBMS: Oracle
Traceback (most recent call last):
  File "./sqlmap.py", line 83, in main
    start()
  File
"/Users/krumel/Desktop/sqlmap/sqlmap-dev/lib/controller/controller.py", line
414, in start
    action()
  File "/Users/krumel/Desktop/sqlmap/sqlmap-dev/lib/controller/action.py",
line 77, in action
    conf.dbmsHandler.getPasswordHashes(), "password hash")
  File
"/Users/krumel/Desktop/sqlmap/sqlmap-dev/plugins/generic/enumeration.py",
line 270, in getPasswordHashes
    if user in retrievedUsers:
TypeError: unhashable type: 'list'

[*] shutting down at: 13:33:22

[sqlmap-users] sqlmap and follow redirections sql-inj

[Valentin K. <zac...@gm...>]

[quote]
Well, it such a great thing to help users which don't have common sense at
all.
[/quote]
that was a joke..mda.
------------------
sql-inj have 2 column,which stay visible only after the redirect to other
page happened.havij work with it fine as non-blind.But i want non blind-inj
with sqlmap.

Re: [sqlmap-users] 0.9-dev (r3127) - UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233: ordinal not in range(128)

[Miroslav S. <mir...@gm...>]

After all it seems that this is a little bit more complex issue
(proper encoding of program input parameters). Will research later
today.

KR

On Sun, Jan 30, 2011 at 12:00 AM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi.
>
> From the commit r3128 as the default encoding for supplied arguments
> system one is used. Failsafe is now UTF8.
>
> Before, other way around was used.
>
> KR
>
> p.s. now those "strange" characters should be acceptable out of box
>
> On Sat, Jan 29, 2011 at 11:22 PM, Miroslav Stampar
> <mir...@gm...> wrote:
>> Hi.
>>
>> I guess you've tried to use non-utf8 data with --data switch? I can
>> make a "quick" patch, but in that case some of data could be
>> "stripped".
>>
>> Feel free to contact me privately with used parameters.
>>
>> KR
>>
>> 2011/1/29 Kazım Buğra Tombul <mha...@gm...>:
>>> Since this is a content specific bug I can send the execution parameters in
>>> private if needed.
>>> [22:24:31] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
>>> with the latest development version from the Subversion repository. If the
>>> exception persists, please send by e-mail to
>>> sql...@li... the command line, the following text and
>>> any information needed to reproduce the bug. The developers will try to
>>> reproduce the bug, fix it accordingly and get back to you.
>>> sqlmap version: 0.9-dev (r3127)
>>> Python version: 2.5.4
>>> Operating system: posix
>>> Technique: None
>>> Back-end DBMS: None
>>> Traceback (most recent call last):
>>>   File "/Users/my_user_name/sqlmap-dev/sqlmap.py", line 83, in main
>>>     start()
>>>   File "/Users/my_user_name/sqlmap-dev/lib/controller/controller.py", line
>>> 250, in start
>>>     if not checkConnection(suppressOutput=conf.forms) or not checkString()
>>> or not checkRegexp():
>>>   File "/Users/my_user_name/sqlmap-dev/lib/controller/checks.py", line 783,
>>> in checkConnection
>>>     page, _ = Request.queryPage(content=True)
>>>   File "/Users/my_user_name/sqlmap-dev/lib/request/connect.py", line 415, in
>>> queryPage
>>>     post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or
>>> not value else value)
>>>   File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 85, in
>>> urlencode
>>>     result = urllib.quote(utf8encode(value), safe)
>>>   File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 90, in
>>> utf8encode
>>>     return value.encode("utf-8")
>>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233:
>>> ordinal not in range(128)
>>> [*] shutting down at: 22:24:31
>>>
>>>
>>> Kazım Buğra Tombul
>>>
>>> Senior @ Metu Computer Engineering
>>> Software Developer @ Speeddate.com, Inc.
>>> System Administrator @ Metu Computer Club
>>> Supervisory Board Member @ Metu Computer Club
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>>> Finally, a world-class log management solution at an even better price-free!
>>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>>> February 28th, so secure your free ArcSight Logger TODAY!
>>> http://p.sf.net/sfu/arcsight-sfd2d
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] 0.9-dev (r3127) - UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233: ordinal not in range(128)

[Miroslav S. <mir...@gm...>]

Hi.

>From the commit r3128 as the default encoding for supplied arguments
system one is used. Failsafe is now UTF8.

Before, other way around was used.

KR

p.s. now those "strange" characters should be acceptable out of box

On Sat, Jan 29, 2011 at 11:22 PM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi.
>
> I guess you've tried to use non-utf8 data with --data switch? I can
> make a "quick" patch, but in that case some of data could be
> "stripped".
>
> Feel free to contact me privately with used parameters.
>
> KR
>
> 2011/1/29 Kazım Buğra Tombul <mha...@gm...>:
>> Since this is a content specific bug I can send the execution parameters in
>> private if needed.
>> [22:24:31] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
>> with the latest development version from the Subversion repository. If the
>> exception persists, please send by e-mail to
>> sql...@li... the command line, the following text and
>> any information needed to reproduce the bug. The developers will try to
>> reproduce the bug, fix it accordingly and get back to you.
>> sqlmap version: 0.9-dev (r3127)
>> Python version: 2.5.4
>> Operating system: posix
>> Technique: None
>> Back-end DBMS: None
>> Traceback (most recent call last):
>>   File "/Users/my_user_name/sqlmap-dev/sqlmap.py", line 83, in main
>>     start()
>>   File "/Users/my_user_name/sqlmap-dev/lib/controller/controller.py", line
>> 250, in start
>>     if not checkConnection(suppressOutput=conf.forms) or not checkString()
>> or not checkRegexp():
>>   File "/Users/my_user_name/sqlmap-dev/lib/controller/checks.py", line 783,
>> in checkConnection
>>     page, _ = Request.queryPage(content=True)
>>   File "/Users/my_user_name/sqlmap-dev/lib/request/connect.py", line 415, in
>> queryPage
>>     post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or
>> not value else value)
>>   File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 85, in
>> urlencode
>>     result = urllib.quote(utf8encode(value), safe)
>>   File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 90, in
>> utf8encode
>>     return value.encode("utf-8")
>> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233:
>> ordinal not in range(128)
>> [*] shutting down at: 22:24:31
>>
>>
>> Kazım Buğra Tombul
>>
>> Senior @ Metu Computer Engineering
>> Software Developer @ Speeddate.com, Inc.
>> System Administrator @ Metu Computer Club
>> Supervisory Board Member @ Metu Computer Club
>>
>>
>> ------------------------------------------------------------------------------
>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> Finally, a world-class log management solution at an even better price-free!
>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> February 28th, so secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsight-sfd2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] Fwd: sqlmap and follow redirections sql-inj

[Miroslav S. <mir...@gm...>]

LOL

"And,Of course, no following redirection"

Well, it such a great thing to help users which don't have common sense at all.

KR

On Sat, Jan 29, 2011 at 8:40 PM, Valentin Kurkov <zac...@gm...> wrote:
>
>
> ---------- Forwarded message ----------
> From: Valentin Kurkov <zac...@gm...>
> Date: 2011/1/29
> Subject: Re: [sqlmap-users] sqlmap and follow redirections sql-inj
> To: "Bernardo Damele A. G." <ber...@gm...>
>
>
> update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a
> sql-inj,even only with -u "http://url.com/test.php?id=1" .And,Of course, no
> following redirection((
>
>
> 2011/1/28 Bernardo Damele A. G. <ber...@gm...>
>>
>> Svn update and try with latest version. Http redirects should be well
>> supported now.
>>
>> Bernardo Damele A. G.
>>
>> This message was sent from a smartphone
>>
>> On 28 Jan 2011, at 17:59, Valentin Kurkov <zac...@gm...> wrote:
>>
>> > i have an 0.8 version,but don`t find no info about following redirection
>> > on the page for union based sql(else -just blind sql).Maybe in future
>> > releases this functions will be add?)
>> >
>> > ------------------------------------------------------------------------------
>> > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> > Finally, a world-class log management solution at an even better
>> > price-free!
>> > Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> > February 28th, so secure your free ArcSight Logger TODAY!
>> > http://p.sf.net/sfu/arcsight-sfd2d
>> > _______________________________________________
>> > sqlmap-users mailing list
>> > sql...@li...
>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] Fwd: sqlmap and follow redirections sql-inj

[Miroslav S. <mir...@gm...>]

Hi.

How many columns? Have you tried to exploit it manually? Have you
tried to use --union-cols?

KR

On Sat, Jan 29, 2011 at 8:40 PM, Valentin Kurkov <zac...@gm...> wrote:
>
>
> ---------- Forwarded message ----------
> From: Valentin Kurkov <zac...@gm...>
> Date: 2011/1/29
> Subject: Re: [sqlmap-users] sqlmap and follow redirections sql-inj
> To: "Bernardo Damele A. G." <ber...@gm...>
>
>
> update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a
> sql-inj,even only with -u "http://url.com/test.php?id=1" .And,Of course, no
> following redirection((
>
>
> 2011/1/28 Bernardo Damele A. G. <ber...@gm...>
>>
>> Svn update and try with latest version. Http redirects should be well
>> supported now.
>>
>> Bernardo Damele A. G.
>>
>> This message was sent from a smartphone
>>
>> On 28 Jan 2011, at 17:59, Valentin Kurkov <zac...@gm...> wrote:
>>
>> > i have an 0.8 version,but don`t find no info about following redirection
>> > on the page for union based sql(else -just blind sql).Maybe in future
>> > releases this functions will be add?)
>> >
>> > ------------------------------------------------------------------------------
>> > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> > Finally, a world-class log management solution at an even better
>> > price-free!
>> > Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> > February 28th, so secure your free ArcSight Logger TODAY!
>> > http://p.sf.net/sfu/arcsight-sfd2d
>> > _______________________________________________
>> > sqlmap-users mailing list
>> > sql...@li...
>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

Re: [sqlmap-users] 0.9-dev (r3127) - UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233: ordinal not in range(128)

[Miroslav S. <mir...@gm...>]

Hi.

I guess you've tried to use non-utf8 data with --data switch? I can
make a "quick" patch, but in that case some of data could be
"stripped".

Feel free to contact me privately with used parameters.

KR

2011/1/29 Kazım Buğra Tombul <mha...@gm...>:
> Since this is a content specific bug I can send the execution parameters in
> private if needed.
> [22:24:31] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sql...@li... the command line, the following text and
> any information needed to reproduce the bug. The developers will try to
> reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 0.9-dev (r3127)
> Python version: 2.5.4
> Operating system: posix
> Technique: None
> Back-end DBMS: None
> Traceback (most recent call last):
>   File "/Users/my_user_name/sqlmap-dev/sqlmap.py", line 83, in main
>     start()
>   File "/Users/my_user_name/sqlmap-dev/lib/controller/controller.py", line
> 250, in start
>     if not checkConnection(suppressOutput=conf.forms) or not checkString()
> or not checkRegexp():
>   File "/Users/my_user_name/sqlmap-dev/lib/controller/checks.py", line 783,
> in checkConnection
>     page, _ = Request.queryPage(content=True)
>   File "/Users/my_user_name/sqlmap-dev/lib/request/connect.py", line 415, in
> queryPage
>     post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or
> not value else value)
>   File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 85, in
> urlencode
>     result = urllib.quote(utf8encode(value), safe)
>   File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 90, in
> utf8encode
>     return value.encode("utf-8")
> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233:
> ordinal not in range(128)
> [*] shutting down at: 22:24:31
>
>
> Kazım Buğra Tombul
>
> Senior @ Metu Computer Engineering
> Software Developer @ Speeddate.com, Inc.
> System Administrator @ Metu Computer Club
> Supervisory Board Member @ Metu Computer Club
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia

[sqlmap-users] 0.9-dev (r3127) - UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233: ordinal not in range(128)

[Kazım B. T. <mha...@gm...>]

Since this is a content specific bug I can send the execution parameters in
private if needed.

[22:24:31] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the command line, the following text and
any information needed to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3127)
Python version: 2.5.4
Operating system: posix
Technique: None
Back-end DBMS: None
Traceback (most recent call last):
  File "/Users/my_user_name/sqlmap-dev/sqlmap.py", line 83, in main
    start()
  File "/Users/my_user_name/sqlmap-dev/lib/controller/controller.py", line
250, in start
    if not checkConnection(suppressOutput=conf.forms) or not checkString()
or not checkRegexp():
  File "/Users/my_user_name/sqlmap-dev/lib/controller/checks.py", line 783,
in checkConnection
    page, _ = Request.queryPage(content=True)
  File "/Users/my_user_name/sqlmap-dev/lib/request/connect.py", line 415, in
queryPage
    post = urlencode(conf.parameters[PLACE.POST] if place != PLACE.POST or
not value else value)
  File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 85, in
urlencode
    result = urllib.quote(utf8encode(value), safe)
  File "/Users/my_user_name/sqlmap-dev/lib/core/convert.py", line 90, in
utf8encode
    return value.encode("utf-8")
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 4233:
ordinal not in range(128)

[*] shutting down at: 22:24:31



*Kazım Buğra Tombul*

*Senior @ Metu Computer Engineering*
*Software Developer @ Speeddate.com, Inc.*
*System Administrator @ Metu Computer Club*
*Supervisory Board Member @ Metu Computer Club*

[sqlmap-users] sqlmap and follow redirections sql-inj

[Valentin K. <zac...@gm...>]

update sqlmap from svn upto revision 3127,but now sqlmap don`t detect a
sql-inj,even only with -u "http://url.com/test.php?id=1" .And,Of course, no
following redirection((