sqlmap-users Mailing List for sqlmap (Page 125)
Brought to you by:
inquisb
You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Kasper F. <th...@ma...> - 2010-06-09 12:31:18
|
Hello SQLMAP users. Is there a problem using an old session file with new svn version? I get this: sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 14:17:25 [14:17:25] [INFO] using 'bla' as session file [14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.5.2 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 89, in main start() File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in start setupTargetEnv() File "/home/foens/sqlmap/lib/core/target.py", line 258, in setupTargetEnv __setOutputResume() File "/home/foens/sqlmap/lib/core/target.py", line 130, in __setOutputResume for line in readSessionFP.readlines(): # xreadlines doesn't return unicode strings when codec.open() is used File "/usr/lib/python2.5/codecs.py", line 626, in readlines return self.reader.readlines(sizehint) File "/usr/lib/python2.5/codecs.py", line 535, in readlines data = self.read() File "/usr/lib/python2.5/codecs.py", line 424, in read newchars, decodedbytes = self.decode(data, self.errors) UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 3397: unexpected code byte [*] shutting down at: 14:17:25 |
From: Miroslav S. <mir...@gm...> - 2010-06-04 17:06:58
|
Hi. Thank you for your report Andreas. We've fixed the issue in our last commit. Please, update to the latest development version to have it fixed on your side. KR On Fri, Jun 4, 2010 at 10:41 AM, Andreas Constantinides (MegaHz) <me...@me...> wrote: > > hi there, > > i'd like to show you some errors i have received today scanning a site: > > > [11:40:26] [INFO] testing connection to the target url > > [11:40:27] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: > sqlmap version: 0.9-dev > Python version: 2.6.4 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/controller/controller.py", line 154, in start > if not checkConnection() or not checkString() or not checkRegexp(): > File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/controller/checks.py", line 395, in checkConnection > page, _ = Request.getPage() > File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/request/connect.py", line 256, in getPage > parseResponse(page, responseHeaders) > File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/request/basic.py", line 73, in parseResponse > htmlParser(page) > File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/parse/html.py", line 69, in htmlParser > page = sanitizeStr(page) > File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/core/common.py", line 520, in sanitizeStr > cleanString = unicode(inpStr) > UnicodeDecodeError: 'ascii' codec can't decode byte 0xef in position 0: ordinal not in range(128) > > [*] shutting down at: 11:40:27 > > > i am using the latest dev version on a mac. > > thanks > > -- Andreas > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Andreas C. (MegaHz) <me...@me...> - 2010-06-04 09:14:45
|
hi there, i'd like to show you some errors i have received today scanning a site: [11:40:26] [INFO] testing connection to the target url [11:40:27] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 89, in main start() File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/controller/controller.py", line 154, in start if not checkConnection() or not checkString() or not checkRegexp(): File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/controller/checks.py", line 395, in checkConnection page, _ = Request.getPage() File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/request/connect.py", line 256, in getPage parseResponse(page, responseHeaders) File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/request/basic.py", line 73, in parseResponse htmlParser(page) File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/parse/html.py", line 69, in htmlParser page = sanitizeStr(page) File "/Users/MegaHz/Downloads/tools/sqlmap-dev/lib/core/common.py", line 520, in sanitizeStr cleanString = unicode(inpStr) UnicodeDecodeError: 'ascii' codec can't decode byte 0xef in position 0: ordinal not in range(128) [*] shutting down at: 11:40:27 i am using the latest dev version on a mac. thanks -- Andreas |
From: Bjørn Ø. <bo...@ds...> - 2010-06-03 08:10:19
|
Hey Sqlmap, Im using your windows version of SQLmap, is it possible to search for a specific row in the table, so let us say row with the name John Doo? Also it has a problem when its retrieving data it just stops retrieve but still proceed trying to retrieve without any data output. Is it only a windows problem, it will export like 7 rows of data and then just stop. Best regards Bjørn Ørving Future Creative Manager - Gryphon Security gryphon.dk Bo...@ds... 22 19 37 21 |
From: Bernardo D. A. G. <ber...@gm...> - 2010-06-01 10:18:21
|
Joe, On Tue, Jun 1, 2010 at 10:46, Joe "Pragmatk" <pra...@gm...> wrote: > ... > - - Does sqlmap support exporting to some sort of binary-safe export > format (sqlite, csv, .sql format, heck - even urlencoded or > c-string-escaped)? I found the text-only output options greatly > disappointing :-( Recently we merged into trunk a patch to save results to a XML file (-x switch). This is still in early development, but for basic cases, it works. As usual, bug reports are welcome. The XML is validated against a XSD file (xml/sqlmap.xsd) too. We recently added support to fetch unicode data, this included lots of enhancements in terms of dealing with files (session, log, .csv dump file, etc) too. CSV files are created when you --dump tables, you can see their path with --verbose is >= 1. > - --- Is there an easy way to extend this sparse selection of test cases, > or will I have to set up my own patch repo for modifications? Detection engine is weak. It will be rewritten from scratch in the upcoming months. You (all!) can supply your patches any time, we really appreciate that and encourage you to send them all. No need to comment the code (appreciated though), we can dig into it ourselves. > - --- multi-threading is - of course - very nice, but does sqlmap support > "persistent" http connections (reuse of existing tcp-connections using > the Keep-Alive HTTP-header)? I implemented this for my own tool and the > speed gain was enormous. Last time I asked about this, both the > developers and I were unable to find a Python module that supported this > relatively simple feature. We fixed a couple of major bugs in multi-threading and improved it quite a lot since the release of 0.8. I recommend you always give a try to the development version from subversion repository. To answer your question, as far as I know Python urllib2 library does not support effectively Keep-Alive, we will research more in this direction. > - --- Has the off-by-one when resuming blind queries been fixed? Automatic saving to session file works in real time when multi-threading is not specified. Vice versa if multi-threading is specified (--threads > 1), the query output is stored in the session file once the whole output is fetched. Resume always work, regardless of the technique used by sqlmap to retrieve the data. The off-by-one should be also fixed now. > I think the post exploitation-stuff that you have implemented, > especially the tie-in with msf, is really cool. Respect! Thanks. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
From: Joe \Pragmatk\ <pra...@gm...> - 2010-06-01 09:46:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a quick email to the sqlmap hard core Although I have used sqlmap for no more than three holes - three holes it failed to exploit - I have been following the project for some time. A friend of mine recently encouraged me to give it another chance, so I have some questions: - - Does sqlmap support exporting to some sort of binary-safe export format (sqlite, csv, .sql format, heck - even urlencoded or c-string-escaped)? I found the text-only output options greatly disappointing :-( - - http://sqlmap.sourceforge.net/features.html states that: "Each dynamic parameter is tested for numeric, single quoted string, double quoted string and all of these three data-types with zero to two parenthesis to correctly detect which is the SELECT statement syntax to perform further injections with" - --- Is there an easy way to extend this sparse selection of test cases, or will I have to set up my own patch repo for modifications? "Option to specify the maximum number of concurrent HTTP requests to speed up the inferential blind SQL injection algorithms (multi-threading)." - --- multi-threading is - of course - very nice, but does sqlmap support "persistent" http connections (reuse of existing tcp-connections using the Keep-Alive HTTP-header)? I implemented this for my own tool and the speed gain was enormous. Last time I asked about this, both the developers and I were unable to find a Python module that supported this relatively simple feature. "Automatic support to save the session (queries and their output, even if partially retrieved) in real time while fetching the data on a text file and resume the injection from this file in a second time. " - --- Has the off-by-one when resuming blind queries been fixed? I think the post exploitation-stuff that you have implemented, especially the tie-in with msf, is really cool. Respect! joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBAgAGBQJMBNboAAoJEBoJnpcyPHg3XGYP/0fXmIqjQepueDlLyQexUFJ+ rdvLeXxMazd2y0B33T7y7cBNRQUU8pK4X1gIIeFuAJQsl7SUu2UoFThMGRwTPvkL iQhFjzZ0jnN9qM438NxiarFT77/ytL1nU7Bw+MgT0LyK8EmQHhaMD+G3DLDzI9J0 498Y+nvLVOzeinrw1VvonUlky+FD7Icnl/ufwy4q51QNOZ8jWK3D3Tm8+fvzpSIi ES4qnEeM2NbNUqQRcusjR5Zu5XXVL0iHjK5fM0FcFM0Zzl2nqLyhN71SHm6606eb 1YQWBKPbezMh4+U+4cnKShwOrJnLWwkCifPHuBfl32CDXGrts+9QrZasCdXHhSYd sI9QmiSR5ibNcmPaCXNIz4L45llHsJi4Gnm9SrgCl0RXQsohYIaEZE3R9la8L4qv P8rQhX3pQBl8/o6tVC8pK0H3EL/uZ4jGJP+iPd3Kb+D2UaKurcBiO/p4+WdEtqF+ UkXWss0WRYEqbGKxXhEHp7KR9e4uVRVa/LiReNOAtCUrW2nDJPi0yDMgb47czmnd tnPCGOT3KSot0ch1fiDbwaNNGeZSI3iTLjVW+/GV6q4IRZPe3YrHomV8+ZjKBJmT aS0Ttwawm2/s5HslMvO1SB9MnjpSgQkQ87VIZofbBDmgt24/e4SPbAij1grFuodI jqalOBKQ8ADXwaOEu4su =9bGj -----END PGP SIGNATURE----- |
From: Miroslav S. <mir...@gm...> - 2010-05-31 21:06:03
|
Hi and sorry for not replying sooner. Please update to the latest development version (v0.9-dev) by executing: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev There were gazillion of bug fixes from version you use (v0.8) Kind regards On Mon, May 31, 2010 at 10:02 PM, Ustupid MFU <ust...@gm...> wrote: > > It is the 0.8 sqlmap version > I have other problems with sqlmap,and i could need some assistance,i`ve read the whole google and watched all youtube "hack" videos with sqlmap > But > [1] ASP (default) > [2] PHP > [3] JSP > this is the only option i get for --os-pwn --os-bof with --msf-path /to/msfconsole/framework > nothing works,i`ve installed all ,ruby-openssl,gems ruby,python newest version,openssl,bind,php latest version,libssl,all dependencies,rubygems,mandb,subversion latest i don`t know what to do anymore,i`ve tryied in ./msfconsole to setup php/exec php/shell_php php/bind LHOST ,exec commands and nothing works. > can i get some help please ?i found many 0day bugs and i can`t use them,i tryied on 20 different machines sqlmap and still the same problems. > Thanks in advance > > 2010/5/31 Ustupid MFU <ust...@gm...> >> >> which web application language does the web server support? >> [1] ASP (default) >> [2] PHP >> [3] JSP >> > 1 >> [23:34:10] [WARNING] unable to retrieve the web server document root >> please provide the web server document root [C:/Inetpub/wwwroot/]: C:/xampp/htdocs/modules/weblinks0/ >> [23:34:13] [INFO] retrieved web server full paths: '/modules/weblinks0/visit.php' >> please provide any additional web server full path to try to upload the agent [C:/Inetpub/wwwroot/]: >> [23:34:16] [WARNING] unable to upload the uploader agent on '/modules/weblinks0' >> [23:34:16] [ERROR] unhandled exception in sqlmap/0.8, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: >> sqlmap version: 0.8 >> Python version: 2.6.5 >> Operating system: linux2 >> Traceback (most recent call last): >> File "./sqlmap.py", line 77, in main >> start() >> File "/.rnd2/pa/sqlmap/lib/controller/controller.py", line 259, in start >> action() >> File "/.rnd2/pa/sqlmap/lib/controller/action.py", line 141, in action >> conf.dbmsHandler.osShell() >> File "/.rnd2/pa/sqlmap/plugins/generic/takeover.py", line 98, in osShell >> self.initEnv(web=web) >> File "/.rnd2/pa/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv >> self.webInit() >> File "/.rnd2/pa/sqlmap/lib/takeover/web.py", line 189, in webInit >> uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False) >> File "/.rnd2/pa/sqlmap/lib/request/connect.py", line 126, in getPage >> conn = urllib2.urlopen(req) >> File "/usr/local/lib/python2.6/urllib2.py", line 126, in urlopen >> return _opener.open(url, data, timeout) >> File "/usr/local/lib/python2.6/urllib2.py", line 391, in open >> response = self._open(req, data) >> File "/usr/local/lib/python2.6/urllib2.py", line 409, in _open >> '_open', req) >> File "/usr/local/lib/python2.6/urllib2.py", line 369, in _call_chain >> result = func(*args) >> File "/usr/local/lib/python2.6/urllib2.py", line 1161, in http_open >> return self.do_open(httplib.HTTPConnection, req) >> File "/usr/local/lib/python2.6/urllib2.py", line 1107, in do_open >> h = http_class(host, timeout=req.timeout) # will parse host:port >> File "/usr/local/lib/python2.6/httplib.py", line 657, in __init__ >> self._set_hostport(host, port) >> File "/usr/local/lib/python2.6/httplib.py", line 682, in _set_hostport >> raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) >> InvalidURL: nonnumeric port: '' >> [*] shutting down at: 23:34:16 >> ./sqlmap.py -u 'http://somehost/modules/weblinks0/visit.php?lid=44' --os-shell --msf-path /opt/metasploit3/msf3 > > ------------------------------------------------------------------------------ > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Ustupid M. <ust...@gm...> - 2010-05-31 20:02:36
|
It is the 0.8 sqlmap version I have other problems with sqlmap,and i could need some assistance,i`ve read the whole google and watched all youtube "hack" videos with sqlmap But [1] ASP (default) [2] PHP [3] JSP this is the only option i get for --os-pwn --os-bof with --msf-path /to/msfconsole/framework nothing works,i`ve installed all ,ruby-openssl,gems ruby,python newest version,openssl,bind,php latest version,libssl,all dependencies,rubygems,mandb,subversion latest i don`t know what to do anymore,i`ve tryied in ./msfconsole to setup php/exec php/shell_php php/bind LHOST ,exec commands and nothing works. can i get some help please ?i found many 0day bugs and i can`t use them,i tryied on 20 different machines sqlmap and still the same problems. Thanks in advance 2010/5/31 Ustupid MFU <ust...@gm...> > which web application language does the web server support? > [1] ASP (default) > [2] PHP > [3] JSP > > 1 > [23:34:10] [WARNING] unable to retrieve the web server document root > please provide the web server document root [C:/Inetpub/wwwroot/]: > C:/xampp/htdocs/modules/weblinks0/ > [23:34:13] [INFO] retrieved web server full paths: > '/modules/weblinks0/visit.php' > please provide any additional web server full path to try to upload the > agent [C:/Inetpub/wwwroot/]: > [23:34:16] [WARNING] unable to upload the uploader agent on > '/modules/weblinks0' > [23:34:16] [ERROR] unhandled exception in sqlmap/0.8, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.8 > Python version: 2.6.5 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > start() > File "/.rnd2/pa/sqlmap/lib/controller/controller.py", line 259, in start > action() > File "/.rnd2/pa/sqlmap/lib/controller/action.py", line 141, in action > conf.dbmsHandler.osShell() > File "/.rnd2/pa/sqlmap/plugins/generic/takeover.py", line 98, in osShell > self.initEnv(web=web) > File "/.rnd2/pa/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv > self.webInit() > File "/.rnd2/pa/sqlmap/lib/takeover/web.py", line 189, in webInit > uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, > raise404=False) > File "/.rnd2/pa/sqlmap/lib/request/connect.py", line 126, in getPage > conn = urllib2.urlopen(req) > File "/usr/local/lib/python2.6/urllib2.py", line 126, in urlopen > return _opener.open(url, data, timeout) > File "/usr/local/lib/python2.6/urllib2.py", line 391, in open > response = self._open(req, data) > File "/usr/local/lib/python2.6/urllib2.py", line 409, in _open > '_open', req) > File "/usr/local/lib/python2.6/urllib2.py", line 369, in _call_chain > result = func(*args) > File "/usr/local/lib/python2.6/urllib2.py", line 1161, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "/usr/local/lib/python2.6/urllib2.py", line 1107, in do_open > h = http_class(host, timeout=req.timeout) # will parse host:port > File "/usr/local/lib/python2.6/httplib.py", line 657, in __init__ > self._set_hostport(host, port) > File "/usr/local/lib/python2.6/httplib.py", line 682, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > InvalidURL: nonnumeric port: '' > > [*] shutting down at: 23:34:16 > > ./sqlmap.py -u 'http://somehost/modules/weblinks0/visit.php?lid=44' > --os-shell --msf-path /opt/metasploit3/msf3 > |
From: <ja...@ev...> - 2010-05-31 11:41:10
|
Ancient SQLmap. Update. On Mon, 31 May 2010 06:33:39 +0300, Ustupid MFU <ust...@gm...> wrote: > which web application language does the web server support?[1] ASP > (default)[2] PHP[3] JSP> 1[23:34:10] [WARNING] unable to retrieve the web > server document root please provide the web server document root > [C:/Inetpub/wwwroot/]: C:/xampp/htdocs/modules/weblinks0/[23:34:13] > [INFO] retrieved web server full paths: > '/modules/weblinks0/visit.php'please provide any additional web server > full path to try to upload the agent [C:/Inetpub/wwwroot/]: [23:34:16] > [WARNING] unable to upload the uploader agent on > '/modules/weblinks0'[23:34:16] [ERROR] unhandled exception in sqlmap/0.8, > please copy the command line and the following text and send by e-mail to > sql...@li... [1]. The developer will fix it as soon > as possible: sqlmap version: 0.8Python version: 2.6.5Operating system: > linux2Traceback (most recent call last): File "./sqlmap.py", line 77, > in main start() File > "/.rnd2/pa/sqlmap/lib/controller/controller.py", line 259, in start > action() File "/.rnd2/pa/sqlmap/lib/controller/action.py", line 141, > in action conf.dbmsHandler.osShell() File > "/.rnd2/pa/sqlmap/plugins/generic/takeover.py", line 98, in osShell > self.initEnv(web=web) File > "/.rnd2/pa/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv > self.webInit() File "/.rnd2/pa/sqlmap/lib/takeover/web.py", line > 189, in webInit uplPage, _ = > Request.getPage(url=self.webUploaderUrl, direct=True, > raise404=False) File "/.rnd2/pa/sqlmap/lib/request/connect.py", line > 126, in getPage conn = urllib2.urlopen(req) File > "/usr/local/lib/python2.6/urllib2.py", line 126, in urlopen return > _opener.open(url, data, timeout) File > "/usr/local/lib/python2.6/urllib2.py", line 391, in open response > = self._open(req, data) File "/usr/local/lib/python2.6/urllib2.py", > line 409, in _open '_open', req) File > "/usr/local/lib/python2.6/urllib2.py", line 369, in _call_chain > result = func(*args) File "/usr/local/lib/python2.6/urllib2.py", > line 1161, in http_open return self.do_open(httplib.HTTPConnection, > req) File "/usr/local/lib/python2.6/urllib2.py", line 1107, in do_open > h = http_class(host, timeout=req.timeout) # will parse > host:port File "/usr/local/lib/python2.6/httplib.py", line 657, in > __init__ self._set_hostport(host, port) File > "/usr/local/lib/python2.6/httplib.py", line 682, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])InvalidURL: > nonnumeric port: '' > [*] shutting down at: 23:34:16 > ./sqlmap.py -u 'http://somehost/modules/weblinks0/visit.php?lid=44 [2]' > --os-shell --msf-path /opt/metasploit3/msf3 > > Links: > ------ > [1] mailto:sql...@li... > [2] http://somehost/modules/weblinks0/visit.php?lid=44 |
From: Ustupid M. <ust...@gm...> - 2010-05-31 03:33:46
|
which web application language does the web server support? [1] ASP (default) [2] PHP [3] JSP > 1 [23:34:10] [WARNING] unable to retrieve the web server document root please provide the web server document root [C:/Inetpub/wwwroot/]: C:/xampp/htdocs/modules/weblinks0/ [23:34:13] [INFO] retrieved web server full paths: '/modules/weblinks0/visit.php' please provide any additional web server full path to try to upload the agent [C:/Inetpub/wwwroot/]: [23:34:16] [WARNING] unable to upload the uploader agent on '/modules/weblinks0' [23:34:16] [ERROR] unhandled exception in sqlmap/0.8, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.8 Python version: 2.6.5 Operating system: linux2 Traceback (most recent call last): File "./sqlmap.py", line 77, in main start() File "/.rnd2/pa/sqlmap/lib/controller/controller.py", line 259, in start action() File "/.rnd2/pa/sqlmap/lib/controller/action.py", line 141, in action conf.dbmsHandler.osShell() File "/.rnd2/pa/sqlmap/plugins/generic/takeover.py", line 98, in osShell self.initEnv(web=web) File "/.rnd2/pa/sqlmap/lib/takeover/abstraction.py", line 155, in initEnv self.webInit() File "/.rnd2/pa/sqlmap/lib/takeover/web.py", line 189, in webInit uplPage, _ = Request.getPage(url=self.webUploaderUrl, direct=True, raise404=False) File "/.rnd2/pa/sqlmap/lib/request/connect.py", line 126, in getPage conn = urllib2.urlopen(req) File "/usr/local/lib/python2.6/urllib2.py", line 126, in urlopen return _opener.open(url, data, timeout) File "/usr/local/lib/python2.6/urllib2.py", line 391, in open response = self._open(req, data) File "/usr/local/lib/python2.6/urllib2.py", line 409, in _open '_open', req) File "/usr/local/lib/python2.6/urllib2.py", line 369, in _call_chain result = func(*args) File "/usr/local/lib/python2.6/urllib2.py", line 1161, in http_open return self.do_open(httplib.HTTPConnection, req) File "/usr/local/lib/python2.6/urllib2.py", line 1107, in do_open h = http_class(host, timeout=req.timeout) # will parse host:port File "/usr/local/lib/python2.6/httplib.py", line 657, in __init__ self._set_hostport(host, port) File "/usr/local/lib/python2.6/httplib.py", line 682, in _set_hostport raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) InvalidURL: nonnumeric port: '' [*] shutting down at: 23:34:16 ./sqlmap.py -u 'http://somehost/modules/weblinks0/visit.php?lid=44' --os-shell --msf-path /opt/metasploit3/msf3 |
From: Miroslav S. <mir...@gm...> - 2010-05-25 06:38:50
|
Hi. Thank you for your report. Please update to the latest development version to have it "patched". (svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev) Kind regards. 2010/5/25 Vinícius K-Max <vin...@gm...> > MacBook:sqlmap mac$ ./sqlmap.py -u " > http://lojasexxxy.com.br/produtos_descricao.asp?lang=pt_BR&codigo_produto=128" > --current-user > > sqlmap/0.8 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 21:04:31 > > [21:04:32] [INFO] using '/Users/mac/Desktop/pentest/sqlmap/output/ > lojasexxxy.com.br/session' as session file > [21:04:32] [INFO] resuming match ratio '0.9' from session file > [21:04:32] [INFO] resuming injection point 'GET' from session file > [21:04:32] [INFO] resuming injection parameter 'codigo_produto' from > session file > [21:04:32] [INFO] resuming injection type 'numeric' from session file > [21:04:32] [INFO] resuming 0 number of parenthesis from session file > [21:04:32] [INFO] resuming back-end DBMS 'mysql 4' from session file > [21:04:32] [INFO] resuming back-end DBMS operating system 'None' from > session file > [21:04:32] [INFO] resuming back-end DBMS operating system 'None' from > session file > [21:04:32] [INFO] testing connection to the target url > [21:04:35] [INFO] testing for parenthesis on injectable parameter > [21:04:35] [INFO] the back-end DBMS is MySQL > web server operating system: Windows 2000 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: MySQL 4 > > [21:04:35] [INFO] fetching current user > [21:04:35] [INFO] retrieved: lojas[21:11:14] [ERROR] unhandled exception in > sqlmap/0.8, please copy the command line and the following text and send by > e-mail to sql...@li.... The developer will fix it as > soon as possible: > sqlmap version: 0.8 > Python version: 2.6.1 > Operating system: darwin > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > start() > File "/Users/mac/Desktop/pentest/sqlmap/lib/controller/controller.py", > line 259, in start > action() > File "/Users/mac/Desktop/pentest/sqlmap/lib/controller/action.py", line > 85, in action > dumper.string("current user", conf.dbmsHandler.getCurrentUser()) > File "/Users/mac/Desktop/pentest/sqlmap/plugins/generic/enumeration.py", > line 135, in getCurrentUser > kb.data.currentUser = inject.getValue(query) > File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 373, > in getValue > value = __goInferenceProxy(expression, fromUser, expected, batch, > resumeValue, unpack, charsetType, firstChar, lastChar) > File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 303, > in __goInferenceProxy > outputs = __goInferenceFields(expression, expressionFields, > expressionFieldsList, payload, expected, resumeValue=resumeValue, > charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) > File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 95, > in __goInferenceFields > output = __goInference(payload, expressionReplaced, charsetType, > firstChar, lastChar) > File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 55, > in __goInference > count, value = bisection(payload, expression, length, charsetType, > firstChar, lastChar) > File > "/Users/mac/Desktop/pentest/sqlmap/lib/techniques/blind/inference.py", line > 281, in bisection > val = getChar(index, asciiTbl) > File > "/Users/mac/Desktop/pentest/sqlmap/lib/techniques/blind/inference.py", line > 125, in getChar > result = Request.queryPage(forgedPayload) > File "/Users/mac/Desktop/pentest/sqlmap/lib/request/connect.py", line > 282, in queryPage > page, headers = Connect.getPage(get=get, post=post, cookie=cookie, > ua=ua, silent=silent) > File "/Users/mac/Desktop/pentest/sqlmap/lib/request/connect.py", line > 179, in getPage > page = e.read() > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/socket.py", > line 327, in read > data = self._sock.recv(rbufsize) > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py", > line 537, in read > s = self.fp.read(amt) > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/socket.py", > line 351, in read > data = self._sock.recv(left) > timeout: timed out > > [*] shutting down at: 21:11:15 > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Vinícius K-M. <vin...@gm...> - 2010-05-25 00:29:34
|
MacBook:sqlmap mac$ ./sqlmap.py -u " http://lojasexxxy.com.br/produtos_descricao.asp?lang=pt_BR&codigo_produto=128" --current-user sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 21:04:31 [21:04:32] [INFO] using '/Users/mac/Desktop/pentest/sqlmap/output/ lojasexxxy.com.br/session' as session file [21:04:32] [INFO] resuming match ratio '0.9' from session file [21:04:32] [INFO] resuming injection point 'GET' from session file [21:04:32] [INFO] resuming injection parameter 'codigo_produto' from session file [21:04:32] [INFO] resuming injection type 'numeric' from session file [21:04:32] [INFO] resuming 0 number of parenthesis from session file [21:04:32] [INFO] resuming back-end DBMS 'mysql 4' from session file [21:04:32] [INFO] resuming back-end DBMS operating system 'None' from session file [21:04:32] [INFO] resuming back-end DBMS operating system 'None' from session file [21:04:32] [INFO] testing connection to the target url [21:04:35] [INFO] testing for parenthesis on injectable parameter [21:04:35] [INFO] the back-end DBMS is MySQL web server operating system: Windows 2000 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: MySQL 4 [21:04:35] [INFO] fetching current user [21:04:35] [INFO] retrieved: lojas[21:11:14] [ERROR] unhandled exception in sqlmap/0.8, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.8 Python version: 2.6.1 Operating system: darwin Traceback (most recent call last): File "./sqlmap.py", line 77, in main start() File "/Users/mac/Desktop/pentest/sqlmap/lib/controller/controller.py", line 259, in start action() File "/Users/mac/Desktop/pentest/sqlmap/lib/controller/action.py", line 85, in action dumper.string("current user", conf.dbmsHandler.getCurrentUser()) File "/Users/mac/Desktop/pentest/sqlmap/plugins/generic/enumeration.py", line 135, in getCurrentUser kb.data.currentUser = inject.getValue(query) File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 373, in getValue value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 303, in __goInferenceProxy outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 95, in __goInferenceFields output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar) File "/Users/mac/Desktop/pentest/sqlmap/lib/request/inject.py", line 55, in __goInference count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar) File "/Users/mac/Desktop/pentest/sqlmap/lib/techniques/blind/inference.py", line 281, in bisection val = getChar(index, asciiTbl) File "/Users/mac/Desktop/pentest/sqlmap/lib/techniques/blind/inference.py", line 125, in getChar result = Request.queryPage(forgedPayload) File "/Users/mac/Desktop/pentest/sqlmap/lib/request/connect.py", line 282, in queryPage page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, silent=silent) File "/Users/mac/Desktop/pentest/sqlmap/lib/request/connect.py", line 179, in getPage page = e.read() File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/socket.py", line 327, in read data = self._sock.recv(rbufsize) File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py", line 537, in read s = self.fp.read(amt) File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/socket.py", line 351, in read data = self._sock.recv(left) timeout: timed out [*] shutting down at: 21:11:15 |
From: shaohua p. <pa...@kn...> - 2010-05-24 13:56:17
|
really fast~ that's cool :) and there's a little problem with this version. when load session file created by previous version, sqlmap failed ,which seems should be fixed easily . ----------------------------------------------------------------------------------------------------- [21:41:57] [INFO] resuming match ratio '0.925]' from session file [21:41:57] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send b y e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.5.2 Operating system: nt Traceback (most recent call last): File "E:\Tool\scan\sqlmap-0.8\sqlmap\sqlmap.py", line 82, in main start() File "E:\Tool\scan\sqlmap-0.8\sqlmap\lib\controller\controller.py", line 151, in start setupTargetEnv() File "E:\Tool\scan\sqlmap-0.8\sqlmap\lib\core\target.py", line 251, in setupTargetEnv __setOutputResume() File "E:\Tool\scan\sqlmap-0.8\sqlmap\lib\core\target.py", line 156, in __setOutputResume resumeConfKb(expression, url, value) File "E:\Tool\scan\sqlmap-0.8\sqlmap\lib\core\session.py", line 324, in resumeConfKb conf.matchRatio = round(float(matchRatio), 3) ValueError: invalid literal for float(): 0.925] [*] shutting down at: 21:41:57 2010/5/24 Miroslav Stampar <mir...@gm...> > Hi. > > We've added blind injection support for unicode data in the latest > development version - tested with some basic cases. > > Kind regards. > > On Sun, May 23, 2010 at 5:27 PM, shaohua pan <pa...@kn...> wrote: > >> *crashed just like below:* >> [23:19:10] [INFO] retrieving the length of query output >> [23:19:10] [INFO] retrieved: 2 >> [23:19:23] [INFO] retrieved: 11 >> [23:19:23] [INFO] retrieving the length of query output >> [23:19:23] [INFO] retrieved: 27 >> [23:19:27] [INFO] retrieved: ______€____________________ 1/27 (4%) >> [23:19:27] [ERROR] thread 10: failed to get character at index 10 >> (expected 27 total) >> [23:19:27] [INFO] retrieved: _____€€____________________ 2/27 (7%) >> [23:19:28] [ERROR] thread 10: failed to get character at index 11 >> (expected 27 total) >> [23:19:30] [INFO] retrieved: _€€_€€€€€__________________ 7/27 (26%) >> [23:19:32] [ERROR] thread 10: failed to get character at index 12 >> (expected 27 total) >> >> [23:19:32] [ERROR] thread 10: failed to get character at index 14 >> (expected 27 total) >> [23:19:33] [INFO] retrieved: €€€_€€€€€__________________ 8/27 (30%) >> [23:19:33] [ERROR] thread 10: failed to get character at index 15 >> (expected 27 total) >> >> [23:19:33] [ERROR] thread 10: failed to get character at index 16 >> (expected 27 total) >> [23:19:33] [INFO] retrieved: €€€€€€€€€__________________ 9/27 (33%) >> [23:19:33] [ERROR] thread 10: failed to get character at index 17 >> (expected 27 total) >> >> [23:19:34] [ERROR] thread 10: failed to get character at index 13 >> (expected 27 total) >> >> [23:19:34] [ERROR] thread 10: failed to get character at index 19 >> (expected 27 total) >> >> [23:19:37] [ERROR] thread 10: failed to get character at index 18 >> (expected 27 total) >> [23:19:37] [INFO] partially retrieved: €€€€€€€€€ >> [23:19:37] [ERROR] something unexpected happen into the threads >> >> >> *by the way, data fetching in sqlmap with **Multi-byte encoding, just >> like I parsed above. * >> *maybe detect the charset before print or save will be helpful.* >> * >> * >> Hope u fix this soon, and really thanks for the great, amazing tool. >> >> pan >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > > |
From: Miroslav S. <mir...@gm...> - 2010-05-24 11:20:50
|
Hi. We've added blind injection support for unicode data in the latest development version - tested with some basic cases. Kind regards. On Sun, May 23, 2010 at 5:27 PM, shaohua pan <pa...@kn...> wrote: > *crashed just like below:* > [23:19:10] [INFO] retrieving the length of query output > [23:19:10] [INFO] retrieved: 2 > [23:19:23] [INFO] retrieved: 11 > [23:19:23] [INFO] retrieving the length of query output > [23:19:23] [INFO] retrieved: 27 > [23:19:27] [INFO] retrieved: ______€____________________ 1/27 (4%) > [23:19:27] [ERROR] thread 10: failed to get character at index 10 (expected > 27 total) > [23:19:27] [INFO] retrieved: _____€€____________________ 2/27 (7%) > [23:19:28] [ERROR] thread 10: failed to get character at index 11 (expected > 27 total) > [23:19:30] [INFO] retrieved: _€€_€€€€€__________________ 7/27 (26%) > [23:19:32] [ERROR] thread 10: failed to get character at index 12 (expected > 27 total) > > [23:19:32] [ERROR] thread 10: failed to get character at index 14 (expected > 27 total) > [23:19:33] [INFO] retrieved: €€€_€€€€€__________________ 8/27 (30%) > [23:19:33] [ERROR] thread 10: failed to get character at index 15 (expected > 27 total) > > [23:19:33] [ERROR] thread 10: failed to get character at index 16 (expected > 27 total) > [23:19:33] [INFO] retrieved: €€€€€€€€€__________________ 9/27 (33%) > [23:19:33] [ERROR] thread 10: failed to get character at index 17 (expected > 27 total) > > [23:19:34] [ERROR] thread 10: failed to get character at index 13 (expected > 27 total) > > [23:19:34] [ERROR] thread 10: failed to get character at index 19 (expected > 27 total) > > [23:19:37] [ERROR] thread 10: failed to get character at index 18 (expected > 27 total) > [23:19:37] [INFO] partially retrieved: €€€€€€€€€ > [23:19:37] [ERROR] something unexpected happen into the threads > > > *by the way, data fetching in sqlmap with **Multi-byte encoding, just like > I parsed above. * > *maybe detect the charset before print or save will be helpful.* > * > * > Hope u fix this soon, and really thanks for the great, amazing tool. > > pan > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Miroslav S. <mir...@gm...> - 2010-05-24 08:13:59
|
Hi. This was fixed two months ago. Please use the latest development version from our SVN to have it fixed (svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev). Kind regards. On Mon, May 24, 2010 at 4:27 AM, Ian P. <xs...@gm...> wrote: > sqlmap version: 0.8 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line 259, > in start > action() > File "/pentest/database/sqlmap/lib/controller/action.py", line 46, in > action > conf.dbmsHandler = setHandler() > File "/pentest/database/sqlmap/lib/controller/handler.py", line 62, in > setHandler > dbmsHandler = dbmsEntry() > File "/pentest/database/sqlmap/plugins/dbms/mysql/__init__.py", line 50, > in __init__ > Fingerprint.__init__(self) > File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py", line > 44, in __init__ > GenericFingerprint.__init__(self) > AttributeError: class Fingerprint has no attribute '__init__' > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Ian P. <xs...@gm...> - 2010-05-24 02:28:11
|
sqlmap version: 0.8 Python version: 2.5.2 Operating system: linux2 Traceback (most recent call last): File "./sqlmap.py", line 77, in main start() File "/pentest/database/sqlmap/lib/controller/controller.py", line 259, in start action() File "/pentest/database/sqlmap/lib/controller/action.py", line 46, in action conf.dbmsHandler = setHandler() File "/pentest/database/sqlmap/lib/controller/handler.py", line 62, in setHandler dbmsHandler = dbmsEntry() File "/pentest/database/sqlmap/plugins/dbms/mysql/__init__.py", line 50, in __init__ Fingerprint.__init__(self) File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py", line 44, in __init__ GenericFingerprint.__init__(self) AttributeError: class Fingerprint has no attribute '__init__' |
From: shaohua p. <pa...@kn...> - 2010-05-23 15:58:46
|
*crashed just like below:* [23:19:10] [INFO] retrieving the length of query output [23:19:10] [INFO] retrieved: 2 [23:19:23] [INFO] retrieved: 11 [23:19:23] [INFO] retrieving the length of query output [23:19:23] [INFO] retrieved: 27 [23:19:27] [INFO] retrieved: ______€____________________ 1/27 (4%) [23:19:27] [ERROR] thread 10: failed to get character at index 10 (expected 27 total) [23:19:27] [INFO] retrieved: _____€€____________________ 2/27 (7%) [23:19:28] [ERROR] thread 10: failed to get character at index 11 (expected 27 total) [23:19:30] [INFO] retrieved: _€€_€€€€€__________________ 7/27 (26%) [23:19:32] [ERROR] thread 10: failed to get character at index 12 (expected 27 total) [23:19:32] [ERROR] thread 10: failed to get character at index 14 (expected 27 total) [23:19:33] [INFO] retrieved: €€€_€€€€€__________________ 8/27 (30%) [23:19:33] [ERROR] thread 10: failed to get character at index 15 (expected 27 total) [23:19:33] [ERROR] thread 10: failed to get character at index 16 (expected 27 total) [23:19:33] [INFO] retrieved: €€€€€€€€€__________________ 9/27 (33%) [23:19:33] [ERROR] thread 10: failed to get character at index 17 (expected 27 total) [23:19:34] [ERROR] thread 10: failed to get character at index 13 (expected 27 total) [23:19:34] [ERROR] thread 10: failed to get character at index 19 (expected 27 total) [23:19:37] [ERROR] thread 10: failed to get character at index 18 (expected 27 total) [23:19:37] [INFO] partially retrieved: €€€€€€€€€ [23:19:37] [ERROR] something unexpected happen into the threads *by the way, data fetching in sqlmap with **Multi-byte encoding, just like I parsed above. * *maybe detect the charset before print or save will be helpful.* * * Hope u fix this soon, and really thanks for the great, amazing tool. pan |
From: David G. <sk...@gm...> - 2010-05-21 13:47:08
|
On Thu, May 20, 2010 at 9:20 AM, Bernardo Damele A. G. < ber...@gm...> wrote: > James, > > On Thu, May 20, 2010 at 12:30, <ja...@ev...> wrote: > > ... > > Have you noted that SQLMap misses a lot of vulns? Simple ones like > > > > windowsistrash.asp?id=1';waitfor delay '00:00:15' > > > > And also more complex POST vulns? I've been using SQLNinja on the advice > > > > of my friend Bert and it appears to pwn windoze better than SQLmap... > > ... > > As I said several times, sqlmap can detect only boolean-based blind > SQL injection at first. If and once it identifies this type of > injection, it can be used to test and exploit UNION query and stacked > queries. This is a design flaw which will be fixed in the upcoming > months. > We are eagerly waiting for it to become true!! >] > sqlninja is not able to detect the injection, you have to instruct it > where it is and how to exploit it in the sqlninja.conf file. It uses > only waitfor delay (time-based blind SQL injection) to enumerate very > little data, the only data needed to takeover it. This is why it "pwn > windoze better". > > Yes, sqlninja can collect just some infos from the database, like the version (2000/2005), database user, privs, etc.. It just a "pnwge" MSSQL tool. Also, icesurf(the developer) just released version 0.2.5 these days. I usually use the tools in backtrack for pententing databases (/pentest/dabase). For full-blind (time-based) sql injection as you need, I always use the tool "sqlbrute.py" with some modifications to suit my needs. Tools for pentesting databases, as available in backtrack, can be described on this page: http://itbreathes.com/?p=59 -- David Gomes Guimarães |
From: Miroslav S. <mir...@gm...> - 2010-05-21 07:37:46
|
Hi. This should be fixed few days ago. Please checkout latest development version to have it fixed (svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev). Kind regards. On Fri, May 21, 2010 at 5:51 AM, Shavian Shakes <sha...@gm...> wrote: > Hello sqlmap list, > > I have the version 0.8 installed. > > python sqlmap.py --version > > sqlmap/0.8 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > ------ > > I try using -g with the following google dork expression: > > python sqlmap.py -g "site:testphp.acunetix.com ext:php" -v 5 > > This produces: > > .....snip.... > [19:11:38] [DEBUG] initializing the configuration > [19:11:38] [DEBUG] initializing the knowledge base > [19:11:38] [DEBUG] cleaning up configuration parameters > [19:11:38] [DEBUG] setting the HTTP timeout > [19:11:38] [DEBUG] setting the HTTP method to GET > [19:11:38] [DEBUG] initializing Google dorking requests > [19:11:38] [INFO] first request to Google to get the session cookie > [19:11:44] [INFO] using Google result page #1 > [19:11:45] [TRAFFIC OUT] HTTP request: > GET > http://www.google.com/search?q=site:testphp.acunetix.com%20ext:php&num=100&hl=en&safe=off&filter=0&btnG=Search&start=0HTTP/1.1 > > [19:11:46] [TRAFFIC IN] HTTP response (OK - 200): > Cache-Control: private, max-age=0 > Date: Thu, 20 May 2010 13:41:44 GMT > Expires: -1 > Content-Type: text/html; charset=ISO-8859-1 > Set-Cookie: > NID=34=SvXjX1RlFdmyn2Jve9akHSoBZHcfRc-2TTpQxh0p8udfnFxuDzgFqb23k-uNV-HZwshjZbMdfYB3Hm-QsjAefVb2zMyohdumIJvlBBNGneXr88qWWgn5tFJ9l8bP_WAR; > expires=Fri, 19-Nov-2010 13:41:44 GMT; path=/; domain=.google.com; > HttpOnly > Server: gws > X-Cache: MISS from . > Via: 1.0 .:8000 (squid) > Connection: close > > <!doctype html><head><title>site:testphp.acunetix.com ext:php - Google > Search</title><script>window.google={kEI:"GDz1S4O_KJGuswOT8KiIBQ",kEXPI:"23730,24661",kCSI:{e:"23730,24661",ei:"GDz1S4O_KJGuswOT8KiIBQ",expi:"23730,24661"},ml:function(){},kHL:"en",time:function(){return(new > Date).getTime()},log:function(b,d,c){var a=new Image,e=google,g=e.lc,f= > e.li;a.onerror=(a.onload=(a.onabort=function(){delete > g[f]}));g[f]=a;c=c||"/gen_204?atyp=i&ct="+b+"&cad="+d+"&zx="+google.time();a.src=c; > e.li=f+1},lc:[],li:0,Toolbelt:{}}; > > ....snip ... > > [19:11:46] [ERROR] unable to find results for your Google dork expression > > [*] shutting down at: 19:11:46 > > --------------- > > I copied the response content in a file and loaded it in a browser and sure > enough it gets some results for the google dork. But sqlmap complains that > there are none. I tried with another site as well, but got the same result. > > What am I missing? > > Thanks, > Shavian > > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Shavian S. <sha...@gm...> - 2010-05-21 03:51:19
|
Hello sqlmap list, I have the version 0.8 installed. python sqlmap.py --version sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net ------ I try using -g with the following google dork expression: python sqlmap.py -g "site:testphp.acunetix.com ext:php" -v 5 This produces: .....snip.... [19:11:38] [DEBUG] initializing the configuration [19:11:38] [DEBUG] initializing the knowledge base [19:11:38] [DEBUG] cleaning up configuration parameters [19:11:38] [DEBUG] setting the HTTP timeout [19:11:38] [DEBUG] setting the HTTP method to GET [19:11:38] [DEBUG] initializing Google dorking requests [19:11:38] [INFO] first request to Google to get the session cookie [19:11:44] [INFO] using Google result page #1 [19:11:45] [TRAFFIC OUT] HTTP request: GET http://www.google.com/search?q=site:testphp.acunetix.com%20ext:php&num=100&hl=en&safe=off&filter=0&btnG=Search&start=0HTTP/1.1 [19:11:46] [TRAFFIC IN] HTTP response (OK - 200): Cache-Control: private, max-age=0 Date: Thu, 20 May 2010 13:41:44 GMT Expires: -1 Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: NID=34=SvXjX1RlFdmyn2Jve9akHSoBZHcfRc-2TTpQxh0p8udfnFxuDzgFqb23k-uNV-HZwshjZbMdfYB3Hm-QsjAefVb2zMyohdumIJvlBBNGneXr88qWWgn5tFJ9l8bP_WAR; expires=Fri, 19-Nov-2010 13:41:44 GMT; path=/; domain=.google.com; HttpOnly Server: gws X-Cache: MISS from . Via: 1.0 .:8000 (squid) Connection: close <!doctype html><head><title>site:testphp.acunetix.com ext:php - Google Search</title><script>window.google={kEI:"GDz1S4O_KJGuswOT8KiIBQ",kEXPI:"23730,24661",kCSI:{e:"23730,24661",ei:"GDz1S4O_KJGuswOT8KiIBQ",expi:"23730,24661"},ml:function(){},kHL:"en",time:function(){return(new Date).getTime()},log:function(b,d,c){var a=new Image,e=google,g=e.lc,f=e.li;a.onerror=(a.onload=(a.onabort=function(){delete g[f]}));g[f]=a;c=c||"/gen_204?atyp=i&ct="+b+"&cad="+d+"&zx="+google.time();a.src=c; e.li=f+1},lc:[],li:0,Toolbelt:{}}; ....snip ... [19:11:46] [ERROR] unable to find results for your Google dork expression [*] shutting down at: 19:11:46 --------------- I copied the response content in a file and loaded it in a browser and sure enough it gets some results for the google dork. But sqlmap complains that there are none. I tried with another site as well, but got the same result. What am I missing? Thanks, Shavian |
From: Miroslav S. <mir...@gm...> - 2010-05-20 19:27:02
|
Hi. We've noticed the problem few days ago and fixed it in development version. The thing is that google changed some HTML attributes in their search result pages which distracted our previous parsing routine. Please check it out from our SVN repository to have it fixed (svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev). Kind regards. p.s. everyone who uses -g switch is advised to do the same On Thu, May 20, 2010 at 9:02 PM, Mike van Engelenburg <mi...@tw...>wrote: > Hello, i got a minor problem. > > When i try to execuse sqlmap with the -g expression (google dork) i use it > as following: > > python sqlmap.py --current-db -g "site:website.org ext:php" > > and it comes up with the following: > > [11:55:13] [INFO] first request to Google to get the session cookie > [11:55:13] [INFO] using Google result page #1 > [11:55:13] [ERROR] unable to find results for your Google dork expression > > it doesn't even try to do something, when i type the same expression in > google, everyting works... (website.org is example) > > Anyone have any ideas? > > Greets, > > Mike > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: Mike v. E. <mi...@tw...> - 2010-05-20 19:18:12
|
Hello, i got a minor problem. When i try to execuse sqlmap with the -g expression (google dork) i use it as following: python sqlmap.py --current-db -g "site:website.org ext:php" and it comes up with the following: [11:55:13] [INFO] first request to Google to get the session cookie [11:55:13] [INFO] using Google result page #1 [11:55:13] [ERROR] unable to find results for your Google dork expression it doesn't even try to do something, when i type the same expression in google, everyting works... (website.org is example) Anyone have any ideas? Greets, Mike |
From: Bernardo D. A. G. <ber...@gm...> - 2010-05-20 15:08:54
|
Hi, On Thu, May 20, 2010 at 12:40, <ja...@ev...> wrote: > ... > Also, It'd be nice if SQLMap supported uploading debug.exe .scr's and > > converting them to .exe's on the db box. It does so since about April 2009 and much more. I recommend you better read doc/README.pdf. There are tons of example for each single switch/feature. I know, reading the manual can be boring, maybe watching some videos is a bit less? http://sqlmap.sourceforge.net/demo.html > [07:29:27] [INFO] retrieved: sqlmap got a 302 redirect to /index.php - > > What target address do you want to use from now on? > > http://www.fbi.gov:80/search/score.php (default) or provide another target > > address based also on the redirection got from the application > > > > I think? SQLmap is supposed to log that to the session file and use it > > every time however it does indeed ask me every time on the same page, same Redirect(ed) URL is one of the few things it is not yet stored/resumed from session file. I will work on this soon. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
From: <ja...@ev...> - 2010-05-20 14:50:41
|
i dont think you understand my brand of sarcasm. |
From: Ole R. <ol...@gm...> - 2010-05-20 14:15:27
|
SqlMap says "page not found" when it's about to confirm the injection point. I do not know why it does this - the page does exist and it will spit out a SQL syntax error if one gives invalid input values (like most injection points..) so everything seems to be "normal". Heres the output: [16:09:51] [INFO] resuming match ratio '0.9' from session file [16:09:51] [INFO] testing connection to the target url [16:09:53] [INFO] testing if the url is stable, wait a few seconds [16:09:57] [INFO] url is stable [16:09:57] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [16:09:59] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [16:09:59] [INFO] testing if Cookie parameter 'ASPSESSIONID' is dynamic [16:10:01] [WARNING] Cookie parameter 'ASPSESSIONID' is not dynamic [16:10:01] [INFO] testing if GET parameter 'someting' is dynamic [16:10:02] [INFO] confirming that GET parameter 'someting' is dynamic [16:10:02] [ERROR] page not found |