sqlmap-users — sqlmap users mailing list

[sqlmap-users] time--test (checking on fix)

[Tate H. <ta...@cl...>]

Hi, is this still in queue to be fixed?
-Tate

> Sam,
> 
> On Wed, Feb 10, 2010 at 22:32, Sam Elliot <dr...@bu...> wrote:
>> > I have manually confirmed a simple 'waitfor%20delay'0:0:20'-  sql
>> > injection vector in a site test, but when I try to replicate this with
>> > SQLMap using the '--time-test' option it does not even perform any 'wait
>> > for delay' type vectors as shown in the usage options.
>> > ...
> 
> By (weak) design, sqlmap tries specified --stacked-test, --time-test
> and --union-test only if beforehand it detected a boolean based blind
> sql injection. This is wrong and will be fixed starting from March.
> 
> Regards,
> -- 
> Bernardo Damele A. G.
> 
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] Unknown Encoding

[Bernardo D. A. G. <ber...@gm...>]

Miroslav fixed this bug and committed the patch. It's in svn.
Thanks for reporting.

Bernardo


On Wed, Jun 30, 2010 at 11:31, mitchell <mit...@tu...> wrote:
> Hello,
> First, good job on the SOAP-based requests improvement! I am really looking
> forward to test this feature in a test.
> I was using sqlmap against the site of a customer with a Cyrillic encoding
> the other day, and it produced the following error:
> ------------------------------------------------
> # ./sqlmap.py -u 'http://url.com/script.php?id=1'
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
> [*] starting at: 06:19:48
> [06:19:48] [INFO] using
> '/pentest/database/sqlmap/output/www.url.com/session' as session file
> [06:19:48] [INFO] testing connection to the target url
> [06:19:49] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.9-dev
> Python version: 2.6.5
> Operating system: posix
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in
> start
>     if not checkConnection() or not checkString() or not checkRegexp():
>   File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in
> checkConnection
>     page, _ = Request.getPage()
>   File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in
> getPage
>     page = decodePage(page, responseHeaders.get("Content-Encoding"),
> responseHeaders.get("Content-Type"))
>   File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in
> decodePage
>     page = unicode(page, contentType.split('charset=')[-1])     #don't use
> getUnicode here. it needs to stay as is.
> LookupError: unknown encoding: cp-1251
> [*] shutting down at: 06:19:49
> ===========
> # svn info
> Path: .
> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
> Repository Root: https://svn.sqlmap.org/sqlmap
> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
> Revision: 1775
> Node Kind: directory
> Schedule: normal
> Last Changed Author: inquisb
> Last Changed Rev: 1775
> Last Changed Date: 2010-06-25 16:24:43 +0300 (Fri, 25 Jun 2010)
> ------------------------------------------------
> I can recreate the error with the last update of sqlmap, as of several
> minutes ago.
> It seems that sqlmap is getting the encoding of the page from the HTTP
> response, which in this case is
> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
> The encoding in python is 'cp1251', hence the lookup error.
> Maybe sqlmap can keep a dictionary of "encoding translations", so that it
> can translate encodings when there is dash in the encoding returned in the
> response?
> Cheers!
> # mitchell
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] sqlmap and SOAP based web services

[Bernardo D. A. G. <ber...@gm...>]

http://bernardodamele.blogspot.com/2010/06/sqlmap-and-soap-based-web-services.html

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] Unknown Encoding

[mitchell <mit...@tu...>]

Hello,

First, good job on the SOAP-based requests improvement! I am really looking
forward to test this feature in a test.

I was using sqlmap against the site of a customer with a Cyrillic encoding
the other day, and it produced the following error:

------------------------------------------------
# ./sqlmap.py -u 'http://url.com/script.php?id=1'

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 06:19:48

[06:19:48] [INFO] using '/pentest/database/sqlmap/output/www.url.com/session'
as session file
[06:19:48] [INFO] testing connection to the target url

[06:19:49] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.9-dev
Python version: 2.6.5
Operating system: posix
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in
start
    if not checkConnection() or not checkString() or not checkRegexp():
  File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in
checkConnection
    page, _ = Request.getPage()
  File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in
getPage
    page = decodePage(page, responseHeaders.get("Content-Encoding"),
responseHeaders.get("Content-Type"))
  File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in
decodePage
    page = unicode(page, contentType.split('charset=')[-1])     #don't use
getUnicode here. it needs to stay as is.
LookupError: unknown encoding: cp-1251

[*] shutting down at: 06:19:49

===========

# svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1775
Node Kind: directory
Schedule: normal
Last Changed Author: inquisb
Last Changed Rev: 1775
Last Changed Date: 2010-06-25 16:24:43 +0300 (Fri, 25 Jun 2010)
------------------------------------------------

I can recreate the error with the last update of sqlmap, as of several
minutes ago.

It seems that sqlmap is getting the encoding of the page from the HTTP
response, which in this case is

<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">

The encoding in python is 'cp1251', hence the lookup error.

Maybe sqlmap can keep a dictionary of "encoding translations", so that it
can translate encodings when there is dash in the encoding returned in the
response?

Cheers!

# mitchell

Re: [sqlmap-users] Regarding the sample sites that have been used in demo presentations.

[Bernardo D. A. G. <ber...@gm...>]

Saurabh,

On Thu, Jun 24, 2010 at 10:19, Saurabh Tiwari
<sau...@gm...> wrote:
> Greetings,
> I am Saurabh Tiwari, I am currently a student.
> I need some help from the developers and the users of the sqlmap, The
> Primary concern is that I am giving a presentation on sqlmap in the form of
> a lecture.
> I would be very thankful is somebody can provide me with the infected pages
> that have already been used in the demo videos of the youtube.
> A complete set included in the "http://domain-name/sqlmap/" will be of a
> great help.
> I have already created the PHP pages along with the MySql integration in it
> and the user agent was not dynamic, so I have modified them.

The test environment is not public yet, we are in the process to
refactor it. I will keep the ml posted.
In the meanwhile, you can use the demo applications around like
test.acunetix.com.

> Additionally I am creating a web application that would provide a web based
> user interface for the sqlmap. I am sure that would also help in creating
> the GUI for the sqlmap application.

Feel free to share the code, I am always seeking for someone to stand
his/her shiny hand up to develop a graphical front-end, either web
application or standalone GUI.


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] Bug with -d

[Bernardo D. A. G. <ber...@gm...>]

Hi David,

On Thu, Jun 24, 2010 at 21:28, David Guimaraes <sk...@gm...> wrote:
> ...
> [17:20:09] [WARNING] information_schema not available, back-end DBMS
> is MySQL < 5. database names will be fetched from 'mysql' database
> [17:20:09] [INFO] fetching database names
> available databases [5]:
> [*] %
> [*] e
> [*] s
> [*] t
> ...

svn update.
Run with -v 5 and please forward me the full standard output.

> ...
> Another thing I noticed is that using the --read-file option:
>
> $ ./sqlmap.py -d "mysql://admin:admin@xxx:3306/dauerdb" --read-file
> 'c:\windows\system32\a.txt'
>
>    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>    http://sqlmap.sourceforge.net
>
> [*] starting at: 17:18:33
>
> [17:18:33] [INFO] using '/home/skys/sqlmap-dev/output/xxx/session' as
> session file
> [17:18:33] [INFO] connection to mysql server xxx:3306 established
> [17:18:33] [INFO] testing MySQL
> [17:18:33] [INFO] confirming MySQL
> [17:18:33] [INFO] the back-end DBMS is MySQL
> back-end DBMS: MySQL < 5.0.0
>
> [17:18:33] [INFO] fingerprinting the back-end DBMS operating system
> [17:18:33] [INFO] the back-end DBMS operating system is Windows
> [17:18:33] [INFO] fetching file: 'c:/windows/system32/a.txt'
>
> [17:18:34] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
> the command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon
> as possible:
> sqlmap version: 0.9-dev
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
>  File "./sqlmap.py", line 89, in main
>    start()
>  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 99, in start
>    action()
>  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 137, in action
>    conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
>  File "/home/skys/sqlmap-dev/plugins/generic/filesystem.py", line
> 288, in readFile
>    fileContent = self.stackedReadFile(rFile)
>  File "/home/skys/sqlmap-dev/plugins/dbms/mysql/filesystem.py", line
> 69, in stackedReadFile
>    if not length.isdigit() or not len(length) or length in ( "0", "1" ):
> AttributeError: 'NoneType' object has no attribute 'isdigit'

svn update.
The traceback is now handled.

Thanks for reporting bugs.


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] Bug with -d

[David G. <sk...@gm...>]

I don't know if this is an experimental module, but when using -d
option, sqlmap fail to fetch the name of the databases correctly...

$ ./sqlmap.py -d "mysql://admin:admin@xxx:3306/dauerdb" --dbs

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 17:20:09

[17:20:09] [INFO] using '/home/skys/sqlmap-dev/output/xxx/session' as
session file
[17:20:09] [INFO] connection to mysql server xxx:3306 established
[17:20:09] [INFO] testing MySQL
[17:20:09] [INFO] confirming MySQL
[17:20:09] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL < 5.0.0

[17:20:09] [WARNING] information_schema not available, back-end DBMS
is MySQL < 5. database names will be fetched from 'mysql' database
[17:20:09] [INFO] fetching database names
available databases [5]:
[*] %
[*] e
[*] s
[*] t

[17:20:09] [INFO] connection to mysql server xxx:3306 closed

[*] shutting down at: 17:20:09

The right one:
mysql> show databases;
+------------+
| Database   |
+------------+
| dauerdb    |
| mysql      |
| tcl        |
| tcl_antigo |
| test       |
+------------+
5 rows in set (0.00 sec)


Another thing I noticed is that using the --read-file option:

$ ./sqlmap.py -d "mysql://admin:admin@xxx:3306/dauerdb" --read-file
'c:\windows\system32\a.txt'

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 17:18:33

[17:18:33] [INFO] using '/home/skys/sqlmap-dev/output/xxx/session' as
session file
[17:18:33] [INFO] connection to mysql server xxx:3306 established
[17:18:33] [INFO] testing MySQL
[17:18:33] [INFO] confirming MySQL
[17:18:33] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL < 5.0.0

[17:18:33] [INFO] fingerprinting the back-end DBMS operating system
[17:18:33] [INFO] the back-end DBMS operating system is Windows
[17:18:33] [INFO] fetching file: 'c:/windows/system32/a.txt'

[17:18:34] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon
as possible:
sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 99, in start
    action()
  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 137, in action
    conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
  File "/home/skys/sqlmap-dev/plugins/generic/filesystem.py", line
288, in readFile
    fileContent = self.stackedReadFile(rFile)
  File "/home/skys/sqlmap-dev/plugins/dbms/mysql/filesystem.py", line
69, in stackedReadFile
    if not length.isdigit() or not len(length) or length in ( "0", "1" ):
AttributeError: 'NoneType' object has no attribute 'isdigit'

[*] shutting down at: 17:18:34

$ svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1774
Node Kind: directory
Schedule: normal
Last Changed Author: stamparm
Last Changed Rev: 1774
Last Changed Date: 2010-06-23 04:30:15 -0300 (Wed, 23 Jun 2010)

Mysql version:
3306/tcp open  mysql         MySQL 4.0.18-nt
|  mysql-info: Protocol: 10
|  Version: 4.0.18-nt
|  Thread ID: 42
|  Some Capabilities: Connect with DB, Compress, Transactions
|  Status: Autocommit
|_ Salt: 0EHyJF`1

-- 
David Gomes Guimarães

[sqlmap-users] Regarding the sample sites that have been used in demo presentations.

[Saurabh T. <sau...@gm...>]

Greetings,
I am Saurabh Tiwari, I am currently a student.
I need some help from the developers and the users of the sqlmap, The
Primary concern is that I am giving a presentation on sqlmap in the form of
a lecture.
I would be very thankful is somebody can provide me with the infected pages
that have already been used in the demo videos of the youtube.
A complete set included in the "http://domain-name/sqlmap/" will be of a
great help.
I have already created the PHP pages along with the MySql integration in it
and the user agent was not dynamic, so I have modified them.

Additionally I am creating a web application that would provide a web based
user interface for the sqlmap. I am sure that would also help in creating
the GUI for the sqlmap application.
I hope to see a reply as soon as possible.

-- 
Saurabh Tiwari
B. Tech (3rd Year)
Institute Of Engineering and Rural Technology
Allahabad - 211006

Re: [sqlmap-users] sqlmap bug

[Miroslav S. <mir...@gm...>]

Hi.

This should be fixed now. Could you please try to run it with the
latest version from our SVN repository.

Thanks.

On Sat, Jun 19, 2010 at 1:28 PM, linux man <lin...@gm...> wrote:
> Whats up guys ? thats me Ahmed
>  I faced this error a lot while using SQLmap on Ubuntu 10.04 and i hop you
> will fix it soon :D
> ========================================---------------------------------------------------------------------------
>
> root@ubuntu:/pentest/sqlmap# ./sqlmap.py --dump-all -g
> "site:http://XXX.com/cc/ ext:php"
>
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
>
> [*] starting at: 17:21:23
>
> [17:21:23] [INFO] first request to Google to get the session cookie
> [17:21:23] [INFO] using Google result page #1
> [17:21:25] [INFO] sqlmap got 1 results for your Google dork expression, all
> of them are testable targets
>
> [17:21:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.9-dev
> Python version: 2.6.5
> Operating system: posix
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/pentest/sqlmap/lib/controller/controller.py", line 138, in start
>     test = readInput(message, default="Y")
>   File "/pentest/sqlmap/lib/core/common.py", line 462, in readInput
>     data = raw_input(message)
> UnicodeEncodeError: 'ascii' codec can't encode character u'\xbb' in position
> 66017: ordinal not in range(128)
>
> [*] shutting down at: 17:21:25
>
> root@ubuntu:/pentest/sqlmap#
>
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] Error

[Alessandro T. <ale...@lo...>]

2010/6/20 Faisal Hourani <fai...@gm...>:
> [02:57:12] [INFO] updating sqlmap
> [02:57:14] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developers will fix it as soon as
> possible:
> sqlmap version: 0.6.4

You are a little bit outdated...

-- 
Alessandro `jekil` Tanasi
Email: ale...@ta...
MSN: ale...@lo...

Re: [sqlmap-users] Error

[Bernardo D. A. G. <ber...@gm...>]

As you can easily spot yourself, you're running a quite outdated
sqlmap version. Would you gently mind to give a go to.. guess what?
The latest version from subversion or alternatively the stable version
0.8?

Good luck!
Bernardo


On Sun, Jun 20, 2010 at 19:58, Faisal Hourani <fai...@gm...> wrote:
> [02:57:12] [INFO] updating sqlmap
> [02:57:14] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developers will fix it as soon as
> possible:
> sqlmap version: 0.6.4
> Python version: 2.6.5
> Operating system: linux2
> Traceback (most recent call last):
>   File "/usr/bin/sqlmap", line 78, in main
>     init(cmdLineOptions)
>   File "/usr/share/sqlmap/lib/core/option.py", line 770, in init
>     update()
>   File "/usr/share/sqlmap/lib/core/update.py", line 349, in update
>     __updateSqlmap()
>   File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap
>     logger.errMsg(errMsg)
> AttributeError: Logger instance has no attribute 'errMsg'
>
> [*] shutting down at: 02:57:14
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] Error

[Faisal H. <fai...@gm...>]

[02:57:12] [INFO] updating sqlmap
[02:57:14] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developers will fix it as soon as
possible:
sqlmap version: 0.6.4
Python version: 2.6.5
Operating system: linux2
Traceback (most recent call last):
  File "/usr/bin/sqlmap", line 78, in main
    init(cmdLineOptions)
  File "/usr/share/sqlmap/lib/core/option.py", line 770, in init
    update()
  File "/usr/share/sqlmap/lib/core/update.py", line 349, in update
    __updateSqlmap()
  File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap
    logger.errMsg(errMsg)
AttributeError: Logger instance has no attribute 'errMsg'

[*] shutting down at: 02:57:14

Re: [sqlmap-users] --keep-alive

[Kasper F. <th...@ma...>]

This is a great feature, thanks for giving a try on it!

I have tested it on two pages. One is pretty fast, other is pretty slow. 
I have used threads and batchmode.

My results:
It seems to receive invalid responses now and then. SQLmap reports that 
"the target url responded with an unknown HTTP status code..." and that 
I should try to set the user agent. Sqlmap goes down. Running the 
program once again, and the program might get through the same point 
just fine.
What is worse: it actually sometimes fetches wrong results. I have tried 
fetching a long line (30 chars) out of a database, seeing that it looked 
weird I deleted the last line in the session file and tried again - this 
time some chars where not the same! This is bad! I did this multiple 
times and some characters were different nearly each time.

Other then that it really speeds up the fetching. I hope this will get 
to be a default feature once!

/Kasper

On 11-06-2010 10:28, Miroslav Stampar wrote:
> Hi.
>
> Currently as a part of development process we've added support for
> Keep-alive sessions (using "slightly adjusted version" of Keepalive
> module from Michael D. Stenner's urlgrabber project -
> http://linux.duke.edu/urlgrabber/), which by first results gave great
> results (in some cases up to 2.5x times faster scanning, particularly
> in multi threading mode).
>
> Right now that option is hidden behind --keep-alive switch (not
> visible in help menu) and we would like you to test it thoroughly
> before we turn it on as a default part of sqlmap. We just want to be
> sure that everything works as expected (only a bit faster :).
>
> Also, in case that you are doing a session behind a proxy (explicitly
> by --proxy or implicitly by a system set one) keep alive is
> automatically turned off because, as result of Bernardo's research:
> "Use Keep-Alive (persistent HTTP connection) only if a proxy is not
> set - http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html".
>
> So, please checkout sqlmap's latest version from it's repository and
> please report any "inconveniences" you find.
>
> Kind regards.
>
>    

[sqlmap-users] sqlmap bug

[linux m. <lin...@gm...>]

Whats up guys ? thats me Ahmed
 I faced this error a lot while using SQLmap on Ubuntu 10.04 and i hop you
will fix it soon :D
========================================---------------------------------------------------------------------------

root@ubuntu:/pentest/sqlmap# ./sqlmap.py --dump-all -g "site:
http://XXX.com/cc/ ext:php"

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 17:21:23

[17:21:23] [INFO] first request to Google to get the session cookie
[17:21:23] [INFO] using Google result page #1
[17:21:25] [INFO] sqlmap got 1 results for your Google dork expression, all
of them are testable targets

[17:21:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.9-dev
Python version: 2.6.5
Operating system: posix
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/pentest/sqlmap/lib/controller/controller.py", line 138, in start
    test = readInput(message, default="Y")
  File "/pentest/sqlmap/lib/core/common.py", line 462, in readInput
    data = raw_input(message)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xbb' in position
66017: ordinal not in range(128)

[*] shutting down at: 17:21:25

root@ubuntu:/pentest/sqlmap#

Re: [sqlmap-users] UnicodeEncodeError in lib/core/dump.py

[Bernardo D. A. G. <ber...@gm...>]

This bug has been fixed few days ago, svn update.

Bernardo


On Fri, Jun 18, 2010 at 02:29, ehmo <dis...@gm...> wrote:
> sqlmap version: 0.9-dev
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
>  File "sqlmap.py", line 88, in main
>    start()
>  File "/root/sqlmap/lib/controller/controller.py", line 267, in start
>    action()
>  File "/root/sqlmap/lib/controller/action.py", line 129, in action
>    conf.dbmsHandler.sqlShell()
>  File "/root/sqlmap/plugins/generic/enumeration.py", line 1714, in sqlShell
>    conf.dumper.query(query, output)
>  File "/root/sqlmap/lib/core/dump.py", line 381, in query
>    self.string(query, queryRes)
>  File "/root/sqlmap/lib/core/dump.py", line 70, in string
>    self.lister(header, data, sort)
>  File "/root/sqlmap/lib/core/dump.py", line 102, in lister
>    self.__write("[*] " + ", ".join(unicode(e) for e in element))
>  File "/root/sqlmap/lib/core/dump.py", line 46, in __write
>    print data
> UnicodeEncodeError: 'ascii' codec can't encode character u'\xcb' in position 33: ordinal not in range(128)
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

[sqlmap-users] UnicodeEncodeError in lib/core/dump.py

[ehmo <dis...@gm...>]

sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
  File "sqlmap.py", line 88, in main
    start()
  File "/root/sqlmap/lib/controller/controller.py", line 267, in start
    action()
  File "/root/sqlmap/lib/controller/action.py", line 129, in action
    conf.dbmsHandler.sqlShell()
  File "/root/sqlmap/plugins/generic/enumeration.py", line 1714, in sqlShell
    conf.dumper.query(query, output)
  File "/root/sqlmap/lib/core/dump.py", line 381, in query
    self.string(query, queryRes)
  File "/root/sqlmap/lib/core/dump.py", line 70, in string
    self.lister(header, data, sort)
  File "/root/sqlmap/lib/core/dump.py", line 102, in lister
    self.__write("[*] " + ", ".join(unicode(e) for e in element))
  File "/root/sqlmap/lib/core/dump.py", line 46, in __write
    print data
UnicodeEncodeError: 'ascii' codec can't encode character u'\xcb' in position 33: ordinal not in range(128)

[sqlmap-users] --keep-alive

[Miroslav S. <mir...@gm...>]

Hi.

Currently as a part of development process we've added support for
Keep-alive sessions (using "slightly adjusted version" of Keepalive
module from Michael D. Stenner's urlgrabber project -
http://linux.duke.edu/urlgrabber/), which by first results gave great
results (in some cases up to 2.5x times faster scanning, particularly
in multi threading mode).

Right now that option is hidden behind --keep-alive switch (not
visible in help menu) and we would like you to test it thoroughly
before we turn it on as a default part of sqlmap. We just want to be
sure that everything works as expected (only a bit faster :).

Also, in case that you are doing a session behind a proxy (explicitly
by --proxy or implicitly by a system set one) keep alive is
automatically turned off because, as result of Bernardo's research:
"Use Keep-Alive (persistent HTTP connection) only if a proxy is not
set - http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html".

So, please checkout sqlmap's latest version from it's repository and
please report any "inconveniences" you find.

Kind regards.

-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] Bug

[Miroslav S. <mir...@gm...>]

Nevertheless, in the associated commit we've put a limitation to this
kind of situations so there shouldn't be any more errors like you've
reported: "OverflowError: long int too large to convert to int".

Thanks for report.

Kind regards.

On Thu, Jun 10, 2010 at 7:16 PM, David Guimaraes <sk...@gm...> wrote:
> Mirolav, my mistake. The problem is that apache is cutting the URI
> because of the internal configuration of the server (maximum size is
> limited by the apache policy URI LimitRequestLine). As you can see,
> the problem occurs only in columns that have big name, so the encode
> (with chr() in postgresql) is much greater.
>
> As the php script allows me to use the POST method for the same
> purpose(which is limited by the policy post_max_size in php.ini, which
> has a value far greater(=~8MB) than that limited by LimitRequestLine),
> I could successfully perform the dump.
>
> [13:52:41] [INFO] fetching columns for table 'livro' on database 'public'
> Database: public
> Table: livro
> [15 columns]
> +-------------------+---------+
> | Column            | Type    |
> +-------------------+---------+
> | ano               | int4    |
> | autor             | varchar |
> | dt_cadastro       | date    |
> | edicao            | varchar |
> | editora           | varchar |
> | esgotado          | bpchar  |
> | id_area           | int4    |
> | id_livro          | int4    |
> | isbn              | varchar |
> | lancamento        | bpchar  |
> | paginas           | int4    |
> | preco             | float4  |
> | preco_promocional | float4  |
> | release           | text    |
> | titulo            | varchar |
> +-------------------+---------+
>
> Thanks anyway! =)
>
> On Thu, Jun 10, 2010 at 1:24 PM, Miroslav Stampar
> <mir...@gm...> wrote:
>> It would be most helpful if you could send me what should be there (if
>> you could do it manually it would be most helpful).
>>
>> KR
>>
>> On Thu, Jun 10, 2010 at 6:19 PM, David Guimaraes <sk...@gm...> wrote:
>>> ...
>>> [12:57:17] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento
>>> [12:57:17] [INFO] retrieving the length of query output
>>> [12:57:17] [INFO] retrieved:
>>> [12:57:18] [INFO] retrieved:
>>> [12:57:19] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado
>>> [12:57:19] [INFO] retrieving the length of query output
>>> [12:57:19] [INFO] retrieved: 6
>>> [12:57:20] [INFO] retrieved: bpchar
>>> [12:57:20] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session':
>>> preco_promocional
>>> [12:57:20] [INFO] retrieving the length of query output
>>> [12:57:20] [INFO] retrieved:
>>> [12:57:21] [INFO] retrieved:
>>> [12:57:22] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao
>>> [12:57:22] [INFO] retrieving the length of query output
>>> [12:57:22] [INFO] retrieved: 7
>>> [12:57:24] [INFO] retrieved: varchar
>>> [12:57:24] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn
>>> [12:57:24] [INFO] retrieving the length of query output
>>> [12:57:24] [INFO] retrieved: 7
>>> [12:57:25] [INFO] retrieved: varchar
>>> [12:57:25] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro
>>> [12:57:25] [INFO] retrieving the length of query output
>>> [12:57:25] [INFO] retrieved:
>>> [12:57:25] [INFO] retrieved:
>>> [12:57:27] [INFO] read from file
>>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora
>>> [12:57:27] [INFO] retrieving the length of query output
>>> [12:57:27] [INFO] retrieved: 7
>>> [12:57:28] [INFO] retrieved: varchar
>>> Database: public
>>> Table: livro
>>> [15 columns]
>>> +-------------------+---------+
>>> | Column            | Type    |
>>> +-------------------+---------+
>>> | ano               | int4    |
>>> | autor             | varchar |
>>> | dt_cadastro       |         |
>>> | edicao            | varchar |
>>> | editora           | varchar |
>>> | esgotado          | bpchar  |
>>> | id_area           | int4    |
>>> | id_livro          | int4    |
>>> | isbn              | varchar |
>>> | lancamento        |         |
>>> | paginas           | int4    |
>>> | preco             | float4  |
>>> | preco_promocional |         |
>>> | release           | text    |
>>> | titulo            | varchar |
>>> +-------------------+---------+
>>>
>>> $ svn info
>>> Path: .
>>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
>>> Repository Root: https://svn.sqlmap.org/sqlmap
>>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
>>> Revision: 1763
>>> Node Kind: directory
>>> Schedule: normal
>>> Last Changed Author: inquisb
>>> Last Changed Rev: 1763
>>> Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010)
>>>
>>> This is ok now (despite for some reason, it failed to retrieve the
>>> column type "dt_cadastro", "lancamento", and "preco_promocional")
>>>
>>> Thanks for solving this in so short notice.
>>>
>>> On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar
>>> <mir...@gm...> wrote:
>>>> We've made some modifications regarding your bug report. Could you
>>>> please try to run it again with the latest repository version?
>>>>
>>>> Thanks
>>>>
>>>> On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote:
>>>>> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns
>>>>>
>>>>> [11:22:01] [INFO] retrieving the length of query output
>>>>> [11:22:01] [INFO] retrieved: 10
>>>>> [11:22:03] [INFO] retrieved: lancamento
>>>>> [11:22:03] [INFO] retrieving the length of query output
>>>>> [11:22:03] [INFO] retrieved:
>>>>> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
>>>>> the command line and the following text and send by e-mail to
>>>>> sql...@li.... The developer will fix it as soon
>>>>> as possible:
>>>>> sqlmap version: 0.9-dev
>>>>> Python version: 2.5.2
>>>>> Operating system: posix
>>>>> Traceback (most recent call last):
>>>>>  File "./sqlmap.py", line 89, in main
>>>>>    start()
>>>>>  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start
>>>>>    action()
>>>>>  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action
>>>>>    conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
>>>>>  File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line
>>>>> 955, in getColumns
>>>>>    colType = inject.getValue(query, inband=False)
>>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue
>>>>>    value = __goInferenceProxy(expression, fromUser, expected, batch,
>>>>> resumeValue, unpack, charsetType, firstChar, lastChar)
>>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in
>>>>> __goInferenceProxy
>>>>>    outputs = __goInferenceFields(expression, expressionFields,
>>>>> expressionFieldsList, payload, expected, resumeValue=resumeValue,
>>>>> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
>>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in
>>>>> __goInferenceFields
>>>>>    output = __goInference(payload, expressionReplaced, charsetType,
>>>>> firstChar, lastChar)
>>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference
>>>>>    _, length, _ = queryOutputLength(expression, payload)
>>>>>  File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in
>>>>> queryOutputLength
>>>>>    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
>>>>>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
>>>>> 431, in bisection
>>>>>    val = getChar(index, asciiTbl)
>>>>>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
>>>>> 210, in getChar
>>>>>    charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
>>>>> OverflowError: long int too large to convert to int
>>>>>
>>>>> [*] shutting down at: 11:22:17
>>>>>
>>>>> $ svn info
>>>>> Path: .
>>>>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
>>>>> Repository Root: https://svn.sqlmap.org/sqlmap
>>>>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
>>>>> Revision: 1759
>>>>> Node Kind: directory
>>>>> Schedule: normal
>>>>> Last Changed Author: inquisb
>>>>> Last Changed Rev: 1759
>>>>> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010)
>>>>>
>>>>>
>>>>> --
>>>>> David Gomes Guimarães
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>>>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>>>>> lucky parental unit.  See the prize list and enter to win:
>>>>> http://p.sf.net/sfu/thinkgeek-promo
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sql...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Miroslav Stampar
>>>>
>>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>>> Mobile: +385921010204 (HR 0921010204)
>>>> PGP Key ID: 0xB5397B1B
>>>>
>>>
>>>
>>>
>>> --
>>> David Gomes Guimarães
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>>
>
>
>
> --
> David Gomes Guimarães
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] Bug

[David G. <sk...@gm...>]

Mirolav, my mistake. The problem is that apache is cutting the URI
because of the internal configuration of the server (maximum size is
limited by the apache policy URI LimitRequestLine). As you can see,
the problem occurs only in columns that have big name, so the encode
(with chr() in postgresql) is much greater.

As the php script allows me to use the POST method for the same
purpose(which is limited by the policy post_max_size in php.ini, which
has a value far greater(=~8MB) than that limited by LimitRequestLine),
I could successfully perform the dump.

[13:52:41] [INFO] fetching columns for table 'livro' on database 'public'
Database: public
Table: livro
[15 columns]
+-------------------+---------+
| Column            | Type    |
+-------------------+---------+
| ano               | int4    |
| autor             | varchar |
| dt_cadastro       | date    |
| edicao            | varchar |
| editora           | varchar |
| esgotado          | bpchar  |
| id_area           | int4    |
| id_livro          | int4    |
| isbn              | varchar |
| lancamento        | bpchar  |
| paginas           | int4    |
| preco             | float4  |
| preco_promocional | float4  |
| release           | text    |
| titulo            | varchar |
+-------------------+---------+

Thanks anyway! =)

On Thu, Jun 10, 2010 at 1:24 PM, Miroslav Stampar
<mir...@gm...> wrote:
> It would be most helpful if you could send me what should be there (if
> you could do it manually it would be most helpful).
>
> KR
>
> On Thu, Jun 10, 2010 at 6:19 PM, David Guimaraes <sk...@gm...> wrote:
>> ...
>> [12:57:17] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento
>> [12:57:17] [INFO] retrieving the length of query output
>> [12:57:17] [INFO] retrieved:
>> [12:57:18] [INFO] retrieved:
>> [12:57:19] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado
>> [12:57:19] [INFO] retrieving the length of query output
>> [12:57:19] [INFO] retrieved: 6
>> [12:57:20] [INFO] retrieved: bpchar
>> [12:57:20] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session':
>> preco_promocional
>> [12:57:20] [INFO] retrieving the length of query output
>> [12:57:20] [INFO] retrieved:
>> [12:57:21] [INFO] retrieved:
>> [12:57:22] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao
>> [12:57:22] [INFO] retrieving the length of query output
>> [12:57:22] [INFO] retrieved: 7
>> [12:57:24] [INFO] retrieved: varchar
>> [12:57:24] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn
>> [12:57:24] [INFO] retrieving the length of query output
>> [12:57:24] [INFO] retrieved: 7
>> [12:57:25] [INFO] retrieved: varchar
>> [12:57:25] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro
>> [12:57:25] [INFO] retrieving the length of query output
>> [12:57:25] [INFO] retrieved:
>> [12:57:25] [INFO] retrieved:
>> [12:57:27] [INFO] read from file
>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora
>> [12:57:27] [INFO] retrieving the length of query output
>> [12:57:27] [INFO] retrieved: 7
>> [12:57:28] [INFO] retrieved: varchar
>> Database: public
>> Table: livro
>> [15 columns]
>> +-------------------+---------+
>> | Column            | Type    |
>> +-------------------+---------+
>> | ano               | int4    |
>> | autor             | varchar |
>> | dt_cadastro       |         |
>> | edicao            | varchar |
>> | editora           | varchar |
>> | esgotado          | bpchar  |
>> | id_area           | int4    |
>> | id_livro          | int4    |
>> | isbn              | varchar |
>> | lancamento        |         |
>> | paginas           | int4    |
>> | preco             | float4  |
>> | preco_promocional |         |
>> | release           | text    |
>> | titulo            | varchar |
>> +-------------------+---------+
>>
>> $ svn info
>> Path: .
>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
>> Repository Root: https://svn.sqlmap.org/sqlmap
>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
>> Revision: 1763
>> Node Kind: directory
>> Schedule: normal
>> Last Changed Author: inquisb
>> Last Changed Rev: 1763
>> Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010)
>>
>> This is ok now (despite for some reason, it failed to retrieve the
>> column type "dt_cadastro", "lancamento", and "preco_promocional")
>>
>> Thanks for solving this in so short notice.
>>
>> On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar
>> <mir...@gm...> wrote:
>>> We've made some modifications regarding your bug report. Could you
>>> please try to run it again with the latest repository version?
>>>
>>> Thanks
>>>
>>> On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote:
>>>> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns
>>>>
>>>> [11:22:01] [INFO] retrieving the length of query output
>>>> [11:22:01] [INFO] retrieved: 10
>>>> [11:22:03] [INFO] retrieved: lancamento
>>>> [11:22:03] [INFO] retrieving the length of query output
>>>> [11:22:03] [INFO] retrieved:
>>>> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
>>>> the command line and the following text and send by e-mail to
>>>> sql...@li.... The developer will fix it as soon
>>>> as possible:
>>>> sqlmap version: 0.9-dev
>>>> Python version: 2.5.2
>>>> Operating system: posix
>>>> Traceback (most recent call last):
>>>>  File "./sqlmap.py", line 89, in main
>>>>    start()
>>>>  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start
>>>>    action()
>>>>  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action
>>>>    conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
>>>>  File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line
>>>> 955, in getColumns
>>>>    colType = inject.getValue(query, inband=False)
>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue
>>>>    value = __goInferenceProxy(expression, fromUser, expected, batch,
>>>> resumeValue, unpack, charsetType, firstChar, lastChar)
>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in
>>>> __goInferenceProxy
>>>>    outputs = __goInferenceFields(expression, expressionFields,
>>>> expressionFieldsList, payload, expected, resumeValue=resumeValue,
>>>> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in
>>>> __goInferenceFields
>>>>    output = __goInference(payload, expressionReplaced, charsetType,
>>>> firstChar, lastChar)
>>>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference
>>>>    _, length, _ = queryOutputLength(expression, payload)
>>>>  File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in
>>>> queryOutputLength
>>>>    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
>>>>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
>>>> 431, in bisection
>>>>    val = getChar(index, asciiTbl)
>>>>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
>>>> 210, in getChar
>>>>    charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
>>>> OverflowError: long int too large to convert to int
>>>>
>>>> [*] shutting down at: 11:22:17
>>>>
>>>> $ svn info
>>>> Path: .
>>>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
>>>> Repository Root: https://svn.sqlmap.org/sqlmap
>>>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
>>>> Revision: 1759
>>>> Node Kind: directory
>>>> Schedule: normal
>>>> Last Changed Author: inquisb
>>>> Last Changed Rev: 1759
>>>> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010)
>>>>
>>>>
>>>> --
>>>> David Gomes Guimarães
>>>>
>>>> ------------------------------------------------------------------------------
>>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>>>> lucky parental unit.  See the prize list and enter to win:
>>>> http://p.sf.net/sfu/thinkgeek-promo
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sql...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>>
>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>> Mobile: +385921010204 (HR 0921010204)
>>> PGP Key ID: 0xB5397B1B
>>>
>>
>>
>>
>> --
>> David Gomes Guimarães
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
>



-- 
David Gomes Guimarães

Re: [sqlmap-users] Bug

[David G. <sk...@gm...>]

...
[12:57:17] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento
[12:57:17] [INFO] retrieving the length of query output
[12:57:17] [INFO] retrieved:
[12:57:18] [INFO] retrieved:
[12:57:19] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado
[12:57:19] [INFO] retrieving the length of query output
[12:57:19] [INFO] retrieved: 6
[12:57:20] [INFO] retrieved: bpchar
[12:57:20] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session':
preco_promocional
[12:57:20] [INFO] retrieving the length of query output
[12:57:20] [INFO] retrieved:
[12:57:21] [INFO] retrieved:
[12:57:22] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao
[12:57:22] [INFO] retrieving the length of query output
[12:57:22] [INFO] retrieved: 7
[12:57:24] [INFO] retrieved: varchar
[12:57:24] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn
[12:57:24] [INFO] retrieving the length of query output
[12:57:24] [INFO] retrieved: 7
[12:57:25] [INFO] retrieved: varchar
[12:57:25] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro
[12:57:25] [INFO] retrieving the length of query output
[12:57:25] [INFO] retrieved:
[12:57:25] [INFO] retrieved:
[12:57:27] [INFO] read from file
'/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora
[12:57:27] [INFO] retrieving the length of query output
[12:57:27] [INFO] retrieved: 7
[12:57:28] [INFO] retrieved: varchar
Database: public
Table: livro
[15 columns]
+-------------------+---------+
| Column            | Type    |
+-------------------+---------+
| ano               | int4    |
| autor             | varchar |
| dt_cadastro       |         |
| edicao            | varchar |
| editora           | varchar |
| esgotado          | bpchar  |
| id_area           | int4    |
| id_livro          | int4    |
| isbn              | varchar |
| lancamento        |         |
| paginas           | int4    |
| preco             | float4  |
| preco_promocional |         |
| release           | text    |
| titulo            | varchar |
+-------------------+---------+

$ svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1763
Node Kind: directory
Schedule: normal
Last Changed Author: inquisb
Last Changed Rev: 1763
Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010)

This is ok now (despite for some reason, it failed to retrieve the
column type "dt_cadastro", "lancamento", and "preco_promocional")

Thanks for solving this in so short notice.

On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar
<mir...@gm...> wrote:
> We've made some modifications regarding your bug report. Could you
> please try to run it again with the latest repository version?
>
> Thanks
>
> On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote:
>> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns
>>
>> [11:22:01] [INFO] retrieving the length of query output
>> [11:22:01] [INFO] retrieved: 10
>> [11:22:03] [INFO] retrieved: lancamento
>> [11:22:03] [INFO] retrieving the length of query output
>> [11:22:03] [INFO] retrieved:
>> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
>> the command line and the following text and send by e-mail to
>> sql...@li.... The developer will fix it as soon
>> as possible:
>> sqlmap version: 0.9-dev
>> Python version: 2.5.2
>> Operating system: posix
>> Traceback (most recent call last):
>>  File "./sqlmap.py", line 89, in main
>>    start()
>>  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start
>>    action()
>>  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action
>>    conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
>>  File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line
>> 955, in getColumns
>>    colType = inject.getValue(query, inband=False)
>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue
>>    value = __goInferenceProxy(expression, fromUser, expected, batch,
>> resumeValue, unpack, charsetType, firstChar, lastChar)
>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in
>> __goInferenceProxy
>>    outputs = __goInferenceFields(expression, expressionFields,
>> expressionFieldsList, payload, expected, resumeValue=resumeValue,
>> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in
>> __goInferenceFields
>>    output = __goInference(payload, expressionReplaced, charsetType,
>> firstChar, lastChar)
>>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference
>>    _, length, _ = queryOutputLength(expression, payload)
>>  File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in
>> queryOutputLength
>>    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
>>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
>> 431, in bisection
>>    val = getChar(index, asciiTbl)
>>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
>> 210, in getChar
>>    charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
>> OverflowError: long int too large to convert to int
>>
>> [*] shutting down at: 11:22:17
>>
>> $ svn info
>> Path: .
>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
>> Repository Root: https://svn.sqlmap.org/sqlmap
>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
>> Revision: 1759
>> Node Kind: directory
>> Schedule: normal
>> Last Changed Author: inquisb
>> Last Changed Rev: 1759
>> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010)
>>
>>
>> --
>> David Gomes Guimarães
>>
>> ------------------------------------------------------------------------------
>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>> lucky parental unit.  See the prize list and enter to win:
>> http://p.sf.net/sfu/thinkgeek-promo
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
>



-- 
David Gomes Guimarães

Re: [sqlmap-users] Bug

[Miroslav S. <mir...@gm...>]

We've made some modifications regarding your bug report. Could you
please try to run it again with the latest repository version?

Thanks

On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote:
> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns
>
> [11:22:01] [INFO] retrieving the length of query output
> [11:22:01] [INFO] retrieved: 10
> [11:22:03] [INFO] retrieved: lancamento
> [11:22:03] [INFO] retrieving the length of query output
> [11:22:03] [INFO] retrieved:
> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
> the command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon
> as possible:
> sqlmap version: 0.9-dev
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
>  File "./sqlmap.py", line 89, in main
>    start()
>  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start
>    action()
>  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action
>    conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
>  File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line
> 955, in getColumns
>    colType = inject.getValue(query, inband=False)
>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue
>    value = __goInferenceProxy(expression, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar)
>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in
> __goInferenceProxy
>    outputs = __goInferenceFields(expression, expressionFields,
> expressionFieldsList, payload, expected, resumeValue=resumeValue,
> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in
> __goInferenceFields
>    output = __goInference(payload, expressionReplaced, charsetType,
> firstChar, lastChar)
>  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference
>    _, length, _ = queryOutputLength(expression, payload)
>  File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in
> queryOutputLength
>    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
> 431, in bisection
>    val = getChar(index, asciiTbl)
>  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
> 210, in getChar
>    charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
> OverflowError: long int too large to convert to int
>
> [*] shutting down at: 11:22:17
>
> $ svn info
> Path: .
> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
> Repository Root: https://svn.sqlmap.org/sqlmap
> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
> Revision: 1759
> Node Kind: directory
> Schedule: normal
> Last Changed Author: inquisb
> Last Changed Rev: 1759
> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010)
>
>
> --
> David Gomes Guimarães
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

[sqlmap-users] Bug

[David G. <sk...@gm...>]

$ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns

[11:22:01] [INFO] retrieving the length of query output
[11:22:01] [INFO] retrieved: 10
[11:22:03] [INFO] retrieved: lancamento
[11:22:03] [INFO] retrieving the length of query output
[11:22:03] [INFO] retrieved:
[11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon
as possible:
sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start
    action()
  File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action
    conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
  File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line
955, in getColumns
    colType = inject.getValue(query, inband=False)
  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue
    value = __goInferenceProxy(expression, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar)
  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in
__goInferenceProxy
    outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, resumeValue=resumeValue,
charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in
__goInferenceFields
    output = __goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar)
  File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference
    _, length, _ = queryOutputLength(expression, payload)
  File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in
queryOutputLength
    count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
431, in bisection
    val = getChar(index, asciiTbl)
  File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
210, in getChar
    charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
OverflowError: long int too large to convert to int

[*] shutting down at: 11:22:17

$ svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1759
Node Kind: directory
Schedule: normal
Last Changed Author: inquisb
Last Changed Rev: 1759
Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010)


-- 
David Gomes Guimarães

Re: [sqlmap-users] (no subject)

[Bernardo D. A. G. <ber...@gm...>]

Bjørn,

2010/6/3 Bjørn Ørving <bo...@ds...>:
> ...
> I’m using your windows version of SQLmap, is it possible to search for a
> specific row in the table, so let us say row with the name John Doo?

No, it's not. Such full-text search functionality is a bit tricky to
implement, I am trying to figure out the best way to implement so.
Suggestions are welcome, as usual.
In the meantime, you can grab a copy of the development version from
the Subversion repository where I implement this feature (--search)
for searching databases (with -D), tables (with -T) or columns (with
-C) containing in the name one or more (comma separated) patterns.

> Also it
> has a problem when it’s retrieving data it just stops retrieve but still
> proceed trying to retrieve without any data output. Is it only a windows
> problem, it will export like 7 rows of data and then just stop.

Never experienced such a problem, can you please provide with the
output of -v 5, privately if you prefer?

Regards

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] List of things

[Miroslav S. <mir...@gm...>]

Hi again.

Thank you very much for pointing us to this direction. It seems that
we haven't pay enough attention to HTTP content charset encoding in
previous.

Now, with the latest commit, we take care of the declared HTTP
response charset encoding and properly decode it to unicode. This
means that previously all session/log files were stored with improper
encoding (ASCII without proper decoding) which results in some cases
to disaster (euro sign is 0x80 in cp1252, while 0x20ac in Unicode, and
"improper" in ASCII -> in plain speak: if the declared page's charset
was declared to cp1252 and we store it in plain ASCII as 0x80, in
final we get sh.t).

To finalize, latest commit is a major bug fix. So, please update.

Sorry Kasper, your problem with those crashes isn't solved with this
one, but we'll try to find something out for this too.

KR

On Wed, Jun 9, 2010 at 3:07 PM, Kasper Føns <th...@ma...> wrote:
> Hi Miro.
>
> I think this part would knock sqlmap down.
>
> It should have been an ø.
> (image of ø: http://www.xn--srensen-q1a.dk/charmap.jpg)
>
> /Kasper
>
> On 09-06-2010 14:54, Miroslav Stampar wrote:
>>
>> Hi.
>>
>> As you can conclude, we've modified sqlmap for full unicode support
>> and expect (not too many hopefully :) this kind of "unpredicted
>> fails".
>>
>> Could you be so kind and send some kind of excerpt or whole session
>> file (privately) with the containing "problematic" part.
>>
>> Kind regards.
>>
>> On Wed, Jun 9, 2010 at 2:16 PM, Kasper Føns<th...@ma...>  wrote:
>>
>>>
>>> Hello SQLMAP users.
>>>
>>> Is there a problem using an old session file with new svn version?
>>>
>>> I get this:
>>>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>>>     http://sqlmap.sourceforge.net
>>>
>>> [*] starting at: 14:17:25
>>>
>>> [14:17:25] [INFO] using 'bla' as session file
>>>
>>> [14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
>>> the command line and the following text and send by e-mail to
>>> sql...@li.... The developer will fix it as soon as
>>> possible:
>>> sqlmap version: 0.9-dev
>>> Python version: 2.5.2
>>> Operating system: posix
>>> Traceback (most recent call last):
>>>   File "./sqlmap.py", line 89, in main
>>>     start()
>>>   File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in
>>> start
>>>     setupTargetEnv()
>>>   File "/home/foens/sqlmap/lib/core/target.py", line 258, in
>>> setupTargetEnv
>>>     __setOutputResume()
>>>   File "/home/foens/sqlmap/lib/core/target.py", line 130, in
>>> __setOutputResume
>>>     for line in readSessionFP.readlines(): # xreadlines doesn't return
>>> unicode strings when codec.open() is used
>>>   File "/usr/lib/python2.5/codecs.py", line 626, in readlines
>>>     return self.reader.readlines(sizehint)
>>>   File "/usr/lib/python2.5/codecs.py", line 535, in readlines
>>>     data = self.read()
>>>   File "/usr/lib/python2.5/codecs.py", line 424, in read
>>>     newchars, decodedbytes = self.decode(data, self.errors)
>>> UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position
>>> 3397: unexpected code byte
>>>
>>> [*] shutting down at: 14:17:25
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>>> lucky parental unit.  See the prize list and enter to win:
>>> http://p.sf.net/sfu/thinkgeek-promo
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>>
>
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] List of things

[Miroslav S. <mir...@gm...>]

Hi.

As you can conclude, we've modified sqlmap for full unicode support
and expect (not too many hopefully :) this kind of "unpredicted
fails".

Could you be so kind and send some kind of excerpt or whole session
file (privately) with the containing "problematic" part.

Kind regards.

On Wed, Jun 9, 2010 at 2:16 PM, Kasper Føns <th...@ma...> wrote:
> Hello SQLMAP users.
>
> Is there a problem using an old session file with new svn version?
>
> I get this:
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
>
> [*] starting at: 14:17:25
>
> [14:17:25] [INFO] using 'bla' as session file
>
> [14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
> the command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.9-dev
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in
> start
>     setupTargetEnv()
>   File "/home/foens/sqlmap/lib/core/target.py", line 258, in setupTargetEnv
>     __setOutputResume()
>   File "/home/foens/sqlmap/lib/core/target.py", line 130, in
> __setOutputResume
>     for line in readSessionFP.readlines(): # xreadlines doesn't return
> unicode strings when codec.open() is used
>   File "/usr/lib/python2.5/codecs.py", line 626, in readlines
>     return self.reader.readlines(sizehint)
>   File "/usr/lib/python2.5/codecs.py", line 535, in readlines
>     data = self.read()
>   File "/usr/lib/python2.5/codecs.py", line 424, in read
>     newchars, decodedbytes = self.decode(data, self.errors)
> UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position
> 3397: unexpected code byte
>
> [*] shutting down at: 14:17:25
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B