sqlmap-users Mailing List for sqlmap (Page 133)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Reddy H. xp <red...@ya...> - 2010-01-20 13:14:16
|
sqlmap version: 0.7
Python version: 2.6.1
Operating system: win32
Traceback (most recent call last):
File "sqlmap.py", line 84, in main
File "lib\controller\controller.pyc", line 263, in start
File "lib\controller\action.pyc", line 140, in action
File "plugins\generic\takeover.pyc", line 295, in osShell
File "plugins\generic\takeover.pyc", line 187, in __webBackdoorInit
File "lib\request\connect.pyc", line 131, in getPage
File "urllib2.pyc", line 124, in urlopen
File "urllib2.pyc", line 383, in open
File "urllib2.pyc", line 401, in _open
File "urllib2.pyc", line 361, in _call_chain
File "urllib2.pyc", line 1130, in http_open
File "urllib2.pyc", line 1087, in do_open
File "httplib.pyc", line 656, in __init__
File "httplib.pyc", line 668, in _set_hostport
InvalidURL: nonnumeric port: '80\home\feldgrau'
[*] shutting down at: 18:06:42
C:\ll>
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-18 13:01:26
|
Just in case someone is wondering what skill set I am looking for, I posted them on the 'Help Wanted' page on SourceForge, http://sourceforge.net/people/?group_id=171598 -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-15 10:45:52
|
Hi Nicolas, I just tried to checkout and update and worked well: --8<-- debian-5:~# rm -rf .subversion/ debian-5:~# svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap/ Error validating server certificate for 'https://svn.sqlmap.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: *.sqlmap.org - Valid: from Thu, 29 Oct 2009 13:05:28 GMT until Fri, 29 Oct 2010 13:05:28 GMT - Issuer: sqlmap, sqlmap, London, London, UK - Fingerprint: 0a:17:ef:d1:4d:24:0b:fc:9b:b5:67:ef:5f:cd:a2:91:a9:84:be:d9 (R)eject, accept (t)emporarily or accept (p)ermanently? p A sqlmap/txt A sqlmap/txt/user-agents.txt A sqlmap/xml A sqlmap/xml/banner A sqlmap/xml/banner/x-aspnet-version.xml A sqlmap/xml/banner/x-powered-by.xml A sqlmap/xml/banner/postgresql.xml A sqlmap/xml/banner/servlet.xml A sqlmap/xml/banner/mysql.xml A sqlmap/xml/banner/oracle.xml A sqlmap/xml/banner/server.xml A sqlmap/xml/banner/cookie.xml A sqlmap/xml/banner/generic.xml A sqlmap/xml/banner/sharepoint.xml A sqlmap/xml/banner/mssql.xml A sqlmap/xml/errors.xml A sqlmap/xml/queries.xml A sqlmap/plugins A sqlmap/plugins/dbms A sqlmap/plugins/dbms/__init__.py A sqlmap/plugins/dbms/postgresql.py A sqlmap/plugins/dbms/mysql.py A sqlmap/plugins/dbms/oracle.py A sqlmap/plugins/dbms/mssqlserver.py A sqlmap/plugins/__init__.py A sqlmap/plugins/generic A sqlmap/plugins/generic/misc.py A sqlmap/plugins/generic/__init__.py A sqlmap/plugins/generic/takeover.py A sqlmap/plugins/generic/filesystem.py A sqlmap/plugins/generic/enumeration.py A sqlmap/plugins/generic/fingerprint.py A sqlmap/sqlmap.conf A sqlmap/extra A sqlmap/extra/msfauxmod A sqlmap/extra/msfauxmod/wmap_sqlmap.rb A sqlmap/extra/msfauxmod/README.txt A sqlmap/extra/udfhack A sqlmap/extra/udfhack/linux A sqlmap/extra/udfhack/linux/lib_postgresqludf_sys A sqlmap/extra/udfhack/linux/lib_postgresqludf_sys/install.sh A sqlmap/extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.sql A sqlmap/extra/udfhack/linux/lib_postgresqludf_sys/lib_postgresqludf_sys.c A sqlmap/extra/udfhack/linux/lib_postgresqludf_sys/Makefile A sqlmap/extra/udfhack/linux/lib_mysqludf_sys A sqlmap/extra/udfhack/linux/lib_mysqludf_sys/install.sh A sqlmap/extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.sql A sqlmap/extra/udfhack/linux/lib_mysqludf_sys/lib_mysqludf_sys.c A sqlmap/extra/udfhack/linux/lib_mysqludf_sys/Makefile A sqlmap/extra/udfhack/windows A sqlmap/extra/udfhack/windows/lib_postgresqludf_sys A sqlmap/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys.sln A sqlmap/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys A sqlmap/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.c A sqlmap/extra/udfhack/windows/lib_postgresqludf_sys/lib_postgresqludf_sys/lib_postgresqludf_sys.vcproj A sqlmap/extra/udfhack/windows/lib_mysqludf_sys A sqlmap/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys.sln A sqlmap/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys A sqlmap/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.c A sqlmap/extra/udfhack/windows/lib_mysqludf_sys/lib_mysqludf_sys/lib_mysqludf_sys.vcproj A sqlmap/extra/udfhack/windows/README.txt A sqlmap/extra/dbgtool A sqlmap/extra/dbgtool/dbgtool.py A sqlmap/extra/dbgtool/README.txt A sqlmap/sqlmap.py A sqlmap/doc A sqlmap/doc/README.html A sqlmap/doc/AUTHORS A sqlmap/doc/README.pdf A sqlmap/doc/ChangeLog A sqlmap/doc/COPYING A sqlmap/doc/THANKS A sqlmap/doc/README.sgml A sqlmap/lib A sqlmap/lib/contrib A sqlmap/lib/contrib/tokenkidnapping A sqlmap/lib/contrib/tokenkidnapping/Churrasco.exe A sqlmap/lib/contrib/__init__.py A sqlmap/lib/contrib/magic.py A sqlmap/lib/contrib/upx A sqlmap/lib/contrib/upx/linux A sqlmap/lib/contrib/upx/linux/upx A sqlmap/lib/contrib/upx/doc A sqlmap/lib/contrib/upx/doc/upx.html A sqlmap/lib/contrib/upx/doc/LICENSE A sqlmap/lib/contrib/upx/doc/README A sqlmap/lib/contrib/upx/macosx A sqlmap/lib/contrib/upx/macosx/upx A sqlmap/lib/contrib/upx/windows A sqlmap/lib/contrib/upx/windows/upx.exe A sqlmap/lib/contrib/multipartpost.py A sqlmap/lib/takeover A sqlmap/lib/takeover/registry.py A sqlmap/lib/takeover/abstraction.py A sqlmap/lib/takeover/upx.py A sqlmap/lib/takeover/web.py A sqlmap/lib/takeover/udf.py A sqlmap/lib/takeover/__init__.py A sqlmap/lib/takeover/metasploit.py A sqlmap/lib/takeover/xp_cmdshell.py A sqlmap/lib/utils A sqlmap/lib/utils/google.py A sqlmap/lib/utils/__init__.py A sqlmap/lib/utils/resume.py A sqlmap/lib/utils/parenthesis.py A sqlmap/lib/controller A sqlmap/lib/controller/action.py A sqlmap/lib/controller/handler.py A sqlmap/lib/controller/__init__.py A sqlmap/lib/controller/checks.py A sqlmap/lib/controller/controller.py A sqlmap/lib/__init__.py A sqlmap/lib/core A sqlmap/lib/core/common.py A sqlmap/lib/core/agent.py A sqlmap/lib/core/exception.py A sqlmap/lib/core/__init__.py A sqlmap/lib/core/settings.py A sqlmap/lib/core/progress.py A sqlmap/lib/core/dump.py A sqlmap/lib/core/shell.py A sqlmap/lib/core/option.py A sqlmap/lib/core/readlineng.py A sqlmap/lib/core/data.py A sqlmap/lib/core/datatype.py A sqlmap/lib/core/optiondict.py A sqlmap/lib/core/subprocessng.py A sqlmap/lib/core/convert.py A sqlmap/lib/core/update.py A sqlmap/lib/core/session.py A sqlmap/lib/core/unescaper.py A sqlmap/lib/core/target.py A sqlmap/lib/request A sqlmap/lib/request/connect.py A sqlmap/lib/request/comparison.py A sqlmap/lib/request/certhandler.py A sqlmap/lib/request/inject.py A sqlmap/lib/request/__init__.py A sqlmap/lib/request/basic.py A sqlmap/lib/request/proxy.py A sqlmap/lib/techniques A sqlmap/lib/techniques/__init__.py A sqlmap/lib/techniques/blind A sqlmap/lib/techniques/blind/timebased.py A sqlmap/lib/techniques/blind/inference.py A sqlmap/lib/techniques/blind/__init__.py A sqlmap/lib/techniques/inband A sqlmap/lib/techniques/inband/__init__.py A sqlmap/lib/techniques/inband/union A sqlmap/lib/techniques/inband/union/use.py A sqlmap/lib/techniques/inband/union/__init__.py A sqlmap/lib/techniques/inband/union/test.py A sqlmap/lib/techniques/outband A sqlmap/lib/techniques/outband/stacked.py A sqlmap/lib/techniques/outband/__init__.py A sqlmap/lib/parse A sqlmap/lib/parse/cmdline.py A sqlmap/lib/parse/headers.py A sqlmap/lib/parse/handler.py A sqlmap/lib/parse/queriesfile.py A sqlmap/lib/parse/__init__.py A sqlmap/lib/parse/html.py A sqlmap/lib/parse/banner.py A sqlmap/lib/parse/configfile.py A sqlmap/shell A sqlmap/shell/backdoor.jsp A sqlmap/shell/uploader.php A sqlmap/shell/uploader.aspx A sqlmap/shell/backdoor.asp A sqlmap/shell/backdoor.php A sqlmap/shell/uploader.aspx.vb A sqlmap/shell/uploader.asp A sqlmap/shell/backdoor.aspx A sqlmap/udf A sqlmap/udf/postgresql A sqlmap/udf/postgresql/linux A sqlmap/udf/postgresql/linux/8.2 A sqlmap/udf/postgresql/linux/8.2/lib_postgresqludf_sys.so A sqlmap/udf/postgresql/linux/8.3 A sqlmap/udf/postgresql/linux/8.3/lib_postgresqludf_sys.so A sqlmap/udf/postgresql/linux/8.4 A sqlmap/udf/postgresql/linux/8.4/lib_postgresqludf_sys.so A sqlmap/udf/postgresql/windows A sqlmap/udf/postgresql/windows/8.2 A sqlmap/udf/postgresql/windows/8.2/lib_postgresqludf_sys.dll A sqlmap/udf/postgresql/windows/8.3 A sqlmap/udf/postgresql/windows/8.3/lib_postgresqludf_sys.dll A sqlmap/udf/postgresql/windows/8.4 A sqlmap/udf/postgresql/windows/8.4/lib_postgresqludf_sys.dll A sqlmap/udf/mysql A sqlmap/udf/mysql/linux A sqlmap/udf/mysql/linux/lib_mysqludf_sys.so A sqlmap/udf/mysql/windows A sqlmap/udf/mysql/windows/lib_mysqludf_sys.dll U sqlmap Checked out revision 1092. debian-5:~# cd sqlmap/ debian-5:~/sqlmap# svn update At revision 1092. --8<-- Anyone else experiencing this issue? Regards, Bernardo On Fri, Jan 15, 2010 at 10:11, Nicolas Krassas <kr...@an...> wrote: > Hi, today I’m having problems updating from the svn, does anybody else have > the same problem ? > ... -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Nicolas K. <kr...@an...> - 2010-01-15 10:38:19
|
Hi, today I'm having problems updating from the svn, does anybody else have the same problem ? sqlmap Skipped 'xml/banner/mssql.xml' G plugins/dbms/postgresql.py G plugins/generic/takeover.py U sqlmap.conf D extra/postgresqludfsys D extra/mysqludfsys A extra/udfhack A extra/udfhack/linux A extra/udfhack/linux/lib_postgresqludf_sys Authentication realm: <https://svn.sqlmap.org:443> Authentication required Password for 'root': Authentication realm: <https://svn.sqlmap.org:443> Authentication required Username: Password for '': Authentication realm: <https://svn.sqlmap.org:443> Authentication required Username: Password for '': svn: OPTIONS of 'https://svn.sqlmap.org/sqlmap': authorization failed (https://svn.sqlmap.org) Thanks, Nicolas |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-10 10:02:48
|
Try with sqlmap version from subversion repository. Bernardo On Sat, Jan 9, 2010 at 15:16, xingxing gao <it...@gm...> wrote: > sqlmap version: 0.7 > Python version: 2.6.4 > Operating system: ubuntu9.10 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 84, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 263, in start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 49, in action > conf.dbmsHandler = setHandler() > File "/usr/share/sqlmap/lib/controller/handler.py", line 67, in setHandler > if dbmsHandler.checkDbms(): > File "/usr/share/sqlmap/plugins/dbms/mysql.py", line 283, in checkDbms > self.getBanner() > File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 130, in > getBanner > setOs() > File "/usr/share/sqlmap/lib/core/session.py", line 191, in setOs > infoMsg += " Service Pack %d" % kb.osSP > TypeError: %d format: a number is required, not NoneType -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: xingxing g. <it...@gm...> - 2010-01-09 15:17:17
|
sqlmap version: 0.7
Python version: 2.6.4
Operating system: ubuntu9.10
Traceback (most recent call last):
File "/usr/bin/sqlmap", line 84, in main
start()
File "/usr/share/sqlmap/lib/controller/controller.py", line 263, in start
action()
File "/usr/share/sqlmap/lib/controller/action.py", line 49, in action
conf.dbmsHandler = setHandler()
File "/usr/share/sqlmap/lib/controller/handler.py", line 67, in setHandler
if dbmsHandler.checkDbms():
File "/usr/share/sqlmap/plugins/dbms/mysql.py", line 283, in checkDbms
self.getBanner()
File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 130, in
getBanner
setOs()
File "/usr/share/sqlmap/lib/core/session.py", line 191, in setOs
infoMsg += " Service Pack %d" % kb.osSP
TypeError: %d format: a number is required, not NoneType
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-06 11:27:02
|
Hi, Almost a month has passed since this call for developers and I've got few replies, not as many as I wished though. Some friends warned me it would have happen.. People (ab)use open source tools without giving anything back, it's the same story, nothing new. Some companies (try to) break open source licenses, it's a routine somewhere. It's as easy to congratulate as to criticize, but actively contribute with source code or donations is another story and to me this is a shame. Nevertheless one Python developer joined me in sqlmap development: Miroslav Stampar (stamparm on subversion repository). Thank you! Cheers, Bernardo On Tue, Dec 15, 2009 at 13:59, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi, > > A few months ago sqlmap has passed its 3rd year of virtual life. I > would like to personally thank Daniele Bellucci for starting the > project back in July 2006 and letting me to succeed him in sqlmap > development since September 2006. > > During the last 12 months, sqlmap has seen a lot of improvements in > (post-)exploitation functionalities[1][2][3] ranging from underlying > file system read and write access to database buffer overflow > exploitation with memory protection bypass passing by UDF injection to > execute Metasploit payload in-memory or via payload stager executable > and more[4] (thanks to Guido Landi for helping me out with some of > these features). > > I've received tons of great feedback (dumb questions too) privately by > email, face to face and via this mailing list from you all and I > really appreciate it, thank you[5]! > Sorry if I did not get back right away, I might have missed your > email: send it again privately and I will try to get back promptly. > > The media/blogger attention to the tool and SQL injection as a vector > not only to expose sensible data but also to own the whole underlying > system and internal network in general has been higher in the last 12 > months. Personally speaking, since my talk at Black Hat > Europe[6][7][8] and the recent Corporate websites ownage[9]. > > Surprisingly sqlmap is the most downloaded SQL injection tool on > SourceForge[10], however I've no statistics about the downloads from > third-party mirrors so this information does *not* count globally. > Also, a search on Google for "sql injection"[11] places sqlmap at the > 21st place, first tool of its category to be mentioned: good to see > that many whitepapers and tutorials showed up first, symptom maybe > that many people do care about learning how it works before just > firing up a tool. > > Now I see sqlmap development for 2010 going in two directions: > > 1. I would like to brainstorm with *you* then rewrite from scratch the > detection engine, it's the weak part of sqlmap in my opinion, it > upsets many users, requires reading and understanding of the user's > manual for not-straightforward SQL injections and, sadly, is not as > mature as some other tools (very few though[12] ;)). I've some > thoughts about it and will share them soon. Please, do reply to this > point if you've anything to say either publicly or privately, feel > free to get in touch also via Jabber if you prefer. All comments, > suggestions and critics will be answered, taken into account and > eventually summarized afterwards in an email open to the mailing list. > > 2. It would be great that someone joins actively the development team > (me, sigh..) to maintain the code, refactor it a bit, document it to > ease new developers to code over it, fix bugs and add new features. > I've a list of about 60 unique items in the ticketing system, so > there's plenty of work to do, time permitting. > > Yes, you've got it right, I am looking for help as in code: software > engineers experienced in Python development (no, I won't follow the > Ruby hype so please don't ask for a change of technology) so if you > ever thought it would be cool to join sqlmap development now it's your > time to do so. I can provide you with write access to a personal > branch on the sqlmap subversion repository, access to the project > management interface (this include ticketing system) and if you show > up in London area we can meet for a beer too or, if you prefer, a more > typical English tea! ;) > > I hope this will bring a lot of good ideas and I am open to read all > your thoughts. Thanks if you spent your time to the end of this email. > > [1] http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf > [2] http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides > [3] http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database > [4] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog > [5] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS > [6] http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216402297 > [7] http://www.theregister.co.uk/2009/04/02/new_sql_injection_attack/ > [8] http://www.h-online.com/security/SQL-injection-reloaded-access-to-the-operating-system--/news/113095 > [9] http://www.theregister.co.uk/2009/11/23/symantec_website_security_snafu/ > [10] http://sourceforge.net/search/?words=%22sql+injection%22&sort=num_downloads&sortdir=desc&offset=0&type_of_search=soft&pmode=0&form_cat=18 > [11] http://www.google.com/search?hl=en&q=sql+injection&start=20&sa=N > [12] http://code.google.com/p/sqlibench/ > > Cheers, > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-05 11:47:23
|
Hi Krzysztof, Fixed and commited. Thanks for reporting. Cheers, Bernardo On Tue, Dec 29, 2009 at 01:15, Krzysztof Kotowicz <kko...@gm...> wrote: > Hi! > > I'm using SVN version of sqlmap ( r988 ). > MYSQL: Server version: 5.0.67-0ubuntu6 (Ubuntu) > > > When doing --time-test on a known-to-be vulnerable mysql setup the software > cannot detect it to be affected by injection: > > > [01:39:19] [INFO] testing time based blind sql injection on parameter 'id' > with AND condition syntax > [01:39:19] [INFO] detecting back-end DBMS version from its banner > [01:39:19] [INFO] read from file > '/home/koto/Private/dev/sqlmap/output/localhost/session': 5.0.67 > [01:39:19] [TRAFFIC OUT] HTTP request: > GET > /~koto/sqlinjection/index.php?id=1%20AND%20SELECT%20SLEEP%285%29%20AND%208530=8530 > HTTP/1.1 > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > Host: localhost > Accept-language: en-us,en;q=0.5 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 > User-agent: sqlmap/0.8-rc2 (http://sqlmap.sourceforge.net) > Connection: close > > [01:39:19] [WARNING] the parameter 'id' is not affected by a time based > blind sql injection with AND condition syntax > > The problem is with the query used to detect injection. In the application > I'm using: > > SELECT * FROM table WHERE id = {$_GET['id']} > > which results in the following injected query: > > SELECT * FROM table WHERE id = 1 AND SELECT SLEEP(5) AND 8530=8530 > > This is invalid in mysql (at least in my version), you should use: > SELECT * FROM table WHERE id = 1 AND SLEEP(5) AND 8530=8530 > > If I change relevant query in <timedelay> element from queries.xml to > "SLEEP(%d)", sqlmap correctly detects time-based blind sql injection. > However I suppose that the same query is used later on in stacked query > fallback in timebased.py, and this one needs "SELECT", > so the logic of this test should be changed. > > -- > Cheers, > Krzysztof Kotowicz -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-01-04 13:07:39
|
Did you try it with --threads? If so, the multi-threading is bugged
and need to be fixed, try without.
Bernardo
On Wed, Dec 30, 2009 at 12:24, Dennie Mans <den...@gm...> wrote:
> Hi,
>
> I received the following error, hope it is useful for the next realease.
> Great job on sqlmap, keep up the good work!
>
> Dennie
>
> ---------------------------
>
> [12:58:37] [ERROR] unhandled exception in sqlmap/0.8-rc1, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.8-rc1
> Python version: 2.6.4rc2
> Operating system: linux2
> Traceback (most recent call last):
> File "sqlmap/sqlmap.py", line 84, in main
> start()
> File "/home/wouter/sqlmap/lib/controller/controller.py", line 263, in
> start
> action()
> File "/home/wouter/sqlmap/lib/controller/action.py", line 108, in action
> dumper.lister("available databases", conf.dbmsHandler.getDbs())
> File "/home/wouter/sqlmap/plugins/generic/enumeration.py", line 674, in
> getDbs
> db = inject.getValue(query, inband=False)
> File "/home/wouter/sqlmap/lib/request/inject.py", line 378, in getValue
> value = __goInferenceProxy(expression, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar)
> File "/home/wouter/sqlmap/lib/request/inject.py", line 128, in
> __goInferenceProxy
> output = resume(expression, payload)
> File "/home/wouter/sqlmap/lib/utils/resume.py", line 144, in resume
> if len(resumedValue) == int(length):
> ValueError: invalid literal for int() with base 10: '*!cJ%\x18'
>
> [*] shutting down at: 12:58:37
>
>
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
|
From: Miroslav S. <mir...@gm...> - 2010-01-02 22:30:52
|
On Sat, Jan 2, 2010 at 4:35 PM, Adi Mutu <adi...@ya...> wrote: > In the above function I'm a little confused about the next variables: > > 1)testableParameters __testableParameters is a simple boolean variable used for flagging if the function went properly regarding extracting of parameters into returning dictionary. If not, user is warned accordingly. > 2)conf.parameters used to store user provided parameters, like GET/POST data > 3)conf.testParameter used to store testable parameter(s) supplied by command option -p > > 4)and this condition test: > > condition = not conf.testParameter > condition |= parameter in conf.testParameter > > if condition: > value = elem[1] > testableParameters[parameter] = value either the testable parameter(s) is/are not supplied by command option -p at all or particular parameter by that name (stored in variable parameter) must be inside dictionary conf.testParameter for this condition to be true - if that's the case, returning dictionary testableParameters used by this function is filled with the proper value. Kind regards. > > Can you please clarify these a little? > Cheers, > > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Miroslav S. <mir...@gm...> - 2010-01-02 22:07:58
|
Hi.
This function splits supplied parameters (type string) into a
dictionary for a easier manipulation during the testing/injection
phase, regarding the place of usage in HTTP request packet - in this
case "GET".
For example, this parameters string "a=user1&b=place2" would be
converted to a dictionary {a:"user1", b:"place2"}
Kind regards.
On Fri, Jan 1, 2010 at 4:01 PM, Adi Mutu <adi...@ya...> wrote:
>
>
> What does this function do :
>
> __paramDict = paramToDict("GET", parameters)
>
> It is called in __setRequestParams.
> I'm not a python developer i'm just a python junior hacking into sqlmap's
> code....
>
>
>
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
|
From: Adi M. <adi...@ya...> - 2010-01-02 15:36:59
|
But what if he will use "--union-test" ? Will sqlmap be able to detect it? I'm curious.....
Cheers,
|
|
From: Adi M. <adi...@ya...> - 2010-01-02 15:35:38
|
In the above function I'm a little confused about the next variables:
1)testableParameters
2)conf.parameters
3)conf.testParameter
4)and this condition test:
condition = not conf.testParameter
condition |= parameter in conf.testParameter
if condition:
value = elem[1]
testableParameters[parameter] = value
Can you please clarify these a little?
Cheers,
|
|
From: Adi M. <adi...@ya...> - 2010-01-01 15:01:38
|
What does this function do :
__paramDict = paramToDict("GET", parameters)
It is called in __setRequestParams.
I'm not a python developer i'm just a python junior hacking into sqlmap's code....
|
|
From: Dennie M. <den...@gm...> - 2009-12-30 12:33:11
|
Hi,
I received the following error, hope it is useful for the next realease.
Great job on sqlmap, keep up the good work!
Dennie
---------------------------
[12:58:37] [ERROR] unhandled exception in sqlmap/0.8-rc1, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.8-rc1
Python version: 2.6.4rc2
Operating system: linux2
Traceback (most recent call last):
File "sqlmap/sqlmap.py", line 84, in main
start()
File "/home/wouter/sqlmap/lib/controller/controller.py", line 263, in
start
action()
File "/home/wouter/sqlmap/lib/controller/action.py", line 108, in action
dumper.lister("available databases", conf.dbmsHandler.getDbs())
File "/home/wouter/sqlmap/plugins/generic/enumeration.py", line 674, in
getDbs
db = inject.getValue(query, inband=False)
File "/home/wouter/sqlmap/lib/request/inject.py", line 378, in getValue
value = __goInferenceProxy(expression, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar)
File "/home/wouter/sqlmap/lib/request/inject.py", line 128, in
__goInferenceProxy
output = resume(expression, payload)
File "/home/wouter/sqlmap/lib/utils/resume.py", line 144, in resume
if len(resumedValue) == int(length):
ValueError: invalid literal for int() with base 10: '*!cJ%\x18'
[*] shutting down at: 12:58:37
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-12-29 11:08:04
|
Hi Kerem, On Tue, Dec 22, 2009 at 19:40, Kerem Gunes <ker...@gm...> wrote: > ... > my valid injection: http:// www.thesite.com/page.asp?p1=string)') union > select 1,name COLLATE Latin1_General_CI_AS,3,4,5,6,7 from dbo.sysobjects -- > ... sqlmap tests for boolean-based blind SQL injection in the detection phase. If, for any reason, the parameter is affected only by UNION based SQL injection then sqlmap will not detect it and you won't be able to use the tool any further. This is a design weakness in sqlmap. In the mid term I will rewrite from scratch the detection engine[1]. [1] http://sourceforge.net/mailarchive/forum.php?thread_name=ffa...@ma...&forum_name=sqlmap-users Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Krzysztof K. <kko...@gm...> - 2009-12-29 01:15:15
|
Hi! I'm using SVN version of sqlmap ( r988 ). MYSQL: Server version: 5.0.67-0ubuntu6 (Ubuntu) When doing --time-test on a known-to-be vulnerable mysql setup the software cannot detect it to be affected by injection: [01:39:19] [INFO] testing time based blind sql injection on parameter 'id' with AND condition syntax [01:39:19] [INFO] detecting back-end DBMS version from its banner [01:39:19] [INFO] read from file '/home/koto/Private/dev/sqlmap/output/localhost/session': 5.0.67 [01:39:19] [TRAFFIC OUT] HTTP request: GET /~koto/sqlinjection/index.php?id=1%20AND%20SELECT%20SLEEP%285%29%20AND%208530=8530 HTTP/1.1 Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: localhost Accept-language: en-us,en;q=0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-agent: sqlmap/0.8-rc2 (http://sqlmap.sourceforge.net) Connection: close [01:39:19] [WARNING] the parameter 'id' is not affected by a time based blind sql injection with AND condition syntax The problem is with the query used to detect injection. In the application I'm using: SELECT * FROM table WHERE id = {$_GET['id']} which results in the following injected query: SELECT * FROM table WHERE id = 1 AND SELECT SLEEP(5) AND 8530=8530 This is invalid in mysql (at least in my version), you should use: SELECT * FROM table WHERE id = 1 AND SLEEP(5) AND 8530=8530 If I change relevant query in <timedelay> element from queries.xml to "SLEEP(%d)", sqlmap correctly detects time-based blind sql injection. However I suppose that the same query is used later on in stacked query fallback in timebased.py, and this one needs "SELECT", so the logic of this test should be changed. -- Cheers, Krzysztof Kotowicz |
|
From: Kerem G. <ker...@gm...> - 2009-12-22 19:40:30
|
Greetings, I have been manually testing a site built with ASP.NET running MSSQL Server 2005 and identified a GET parameter vulnerable to injection. The site returns *Microsoft OLE DB Provider for ODBC Drivers error '80040e14'*through *[Microsoft][SQL Server Native Client 10.0][SQL Server]* for illegal queries. The query is a little awkward and I'm having a hard time with specifying * --prefix* and *--postfix* correctly to use sqlmap for this injection. my valid injection: http:// www.thesite.com/page.asp?p1=string*)')* union select 1,name COLLATE Latin1_General_CI_AS,3,4,5,6,7 from dbo.sysobjects *-- * The 2nd column is the only one to return output. This is what I did with sqlmap: ./sqlmap --url www.thesite.com/page.asp?p1=string -p p1 --prefix \)\'\) --postfix "--" While testing my custom query, sqlmap does the following: GET /page.asp?p1=string)') AND 967=967 -- HTTP/1.1 GET /page.asp?p1=string)') AND 967=968 -- HTTP/1.1 The query selects the options into a <select> field. Both requests are 200 OK, while both fail to select anything into the <select> field. Thus, sqlmap directly moves on to the predefined tests. Any suggestions? Kerem Gunes |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-12-22 12:02:14
|
Hi Wullie, On Mon, Dec 21, 2009 at 23:30, wullie millen <wul...@go...> wrote: > ... > First off I just want to say thanks such a great tool and really appreciate > all the hard > work that you put into the project. Thanks. > When ever I use this to exploit a system, I usually get > user names and passwords and all kinds of other which can come in handy. > What I would > really like to know is how to get command execution on a server that does > not support > batched queries? Please forgive me for being a noob to webapp security but > in mysql I know > there is the UDF's you have created but what is the present requirements to > use these? I have > had read and write access but still no shell have even been dba on a mssql > system but still > no shell are these limitations of the tool or could this be something to do > with the paths Im > asked for? Also is there any way I can get command execution on a system > with only read > access? I have heard this is possible via log poisening does anyone have any > pointers on this. UDF injection to command execution can be achieved when the database user has high privileges on PostgreSQL and FILE privileges on MySQL. Also, it's required that the front-end web application supports batched queries (all do for PostgreSQL, ASP.NET does for MySQL). When this requirement is not in place there are still ways to command execute, like uploading a web backdoor within a writable folder in the web server document root (this is implemented for MySQL running on PHP/ASP in sqlmap, a bit buggy though) and still requires the database user to have FILE privilege. On Microsoft SQL Server you need to privilege escalate (via OPENROWSET on MSSQL 7.0 and 2000), exploit a buffer overflow (MS09-004, it does not require ANY privilege to the database user, sqlmap can do it) or abuse xp_cmdshell stored procedure (requires high privileged and is usually disabled on MSSQL 2005/2008, but can be easily re-enabled/created if you've DBA privileges). An in-depth walk-through these and other techniques can be found on the following links: * http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf * http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides * http://www.slideshare.net/inquis/expanding-the-control-over-the-operating-system-from-the-database Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-12-22 11:55:17
|
Hi Jeroen, On Tue, Dec 22, 2009 at 08:30, Jeroen van Beek <je...@de...> wrote: > ... > File "lib\request\connect.pyc", line 197, in getPage > UnboundLocalError: local variable 'warnMsg' referenced before assignment This bug should be fixed on sqlmap development version on subversion repository. > ... > The problem might (I'm not sure) have something to do with the sessionID > since it was expired when I checked it the next morning. It might be, but more likely a connection issue with the application. > I also mentioned that a number of functions is not (yet) implemented for > Oracle databases. I used to do lots of Oracle pentests in the past and > wrote lots of tools including support for command execution on Oracle > (with Java enabled) Oracle is missing the file system and takeover functionalities. It's a bit tricky when the dbms is back-end to a web application due to Oracle design to not handle semicolon, thus some Oracle packages can still be abused via web application to privilege escalate, etc. > and password crackers > <http://www.thc.org/thc-orakelcrackert11g> > <http://www.thc.org/thc-orakel>. Please let me know if help is > appreciated. I know this cracker, good work! As I wrote in a previous email[1] to this mailing list, any help is welcome! [1] http://sourceforge.net/mailarchive/forum.php?thread_name=ffa...@ma...&forum_name=sqlmap-users Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-12-22 09:48:45
|
The problem is that by (wrong) design, sqlmap checks only for boolean-based blind SQL injection at first place. It assumes that if the parameter is not vulnerable by this specific type of SQL injection, then it's not by any, included inband. This assumpting is obviously wrong and as I wrote few times recently, the weak part of sqlmap is as of today the detection. This will be totally rewritten as soon as possible. In the meanwhile you can hack around the source code if you want. Cheers, Bernardo On Tue, Dec 22, 2009 at 07:22, Adi Mutu <adi...@ya...> wrote: > > Hello, > > I have found manually an inband vulnerability which uses ms-sql as a db > server, however sqlmap is unable to detect it. I've tried creating a log > file (similar to the one created with -s option by sqlmap), I have filled > all the data I thought necessary hand, so that sqlmap can read it from > there......however this doesn't work also and sqlmap goes blind....Any idea > why? Or can you show me the correct syntax of this log file? > > Thanks, > ps: of course making sqlmap detect the vuln. in the first place, would be > perfect;).... > > > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Patrick W. <pa...@au...> - 2009-12-22 09:44:21
|
Hey, You can force the DB option with --dbms "Microsoft SQL 2000" or 2005 (from memory). -----Original Message----- From: Adi Mutu <adi...@ya...> Sent: Tuesday, 22 December 2009 6:22 PM To: sql...@li... Subject: [sqlmap-users] forcing sqlmap to detect a vulnerability Hello, I have found manually an inband vulnerability which uses ms-sql as a db server, however sqlmap is unable to detect it. I've tried creating a log file (similar to the one created with -s option by sqlmap), I have filled all the data I thought necessary hand, so that sqlmap can read it from there......however this doesn't work also and sqlmap goes blind....Any idea why? Or can you show me the correct syntax of this log file? Thanks, ps: of course making sqlmap detect the vuln. in the first place, would be perfect;).... |
|
From: Jeroen v. B. <je...@de...> - 2009-12-22 08:46:56
|
Hi,
Below you'll find a sqlmap error message:
//----------------------------------------------------------------------------
D:\sqlmap-0.7_exe>sqlmap.exe -u "https://****/****/****.do?p=2&****=0&rowsp
erpage=20&order_by=UPPER_NAME&asc_desc=ASC&responsibility=%2B" --cookie
"JSESSIONID=****;" -p **** --passwords
sqlmap/0.7
by Bernardo Damele A. G. <ber...@gm...>
[*] starting at: 16:25:42
[16:25:42] [WARNING] the testable parameter '****' you provided is not
into the Cookie
[16:25:42] [INFO] testing connection to the target url
[16:25:43] [INFO] testing if the url is stable, wait a few seconds
[16:25:48] [INFO] url is stable
[16:25:48] [INFO] testing sql injection on GET parameter '****' with 0
parenthesis
[16:25:48] [INFO] testing unescaped numeric injection on GET parameter '****'
[16:26:11] [INFO] confirming unescaped numeric injection on GET parameter
'****'
[16:26:16] [INFO] GET parameter '****' is unescaped numeric injectable
with 0 parenthesis
[16:26:16] [INFO] testing for parenthesis on injectable parameter
[16:26:35] [INFO] the injectable parameter requires 0 parenthesis
[16:26:35] [INFO] testing MySQL
[16:26:41] [WARNING] the back-end DMBS is not MySQL
[16:26:41] [INFO] testing Oracle
[16:26:58] [INFO] confirming Oracle
[16:27:17] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[16:27:17] [INFO] fetching database users password hashes
[16:27:17] [INFO] fetching database users
[16:27:17] [INFO] fetching number of database users
[16:27:17] [INFO] retrieved: 92
[16:29:32] [INFO] retrieved: CTXSYS
[16:40:04] [INFO] retrieved: EXFSYS
<50 lines removed>
[03:02:00] [INFO] retrieved: PN
[03:07:59] [ERROR] unhandled exception in sqlmap/0.7, please copy the
command line and th
e following text and send by e-mail to sql...@li....
The developer will fix it as soon as possible
:
sqlmap version: 0.7
Python version: 2.6.1
Operating system: win32
Traceback (most recent call last):
File "sqlmap.py", line 84, in main
File "lib\controller\controller.pyc", line 263, in start
File "lib\controller\action.pyc", line 101, in action
File "plugins\generic\enumeration.pyc", line 277, in getPasswordHashes
File "plugins\generic\enumeration.pyc", line 210, in getUsers
File "lib\request\inject.pyc", line 378, in getValue
File "lib\request\inject.pyc", line 308, in __goInferenceProxy
File "lib\request\inject.pyc", line 99, in __goInferenceFields
File "lib\request\inject.pyc", line 58, in __goInference
File "lib\techniques\blind\inference.pyc", line 232, in bisection
File "lib\techniques\blind\inference.pyc", line 106, in getChar
File "lib\request\connect.pyc", line 274, in queryPage
File "lib\request\connect.pyc", line 197, in getPage
UnboundLocalError: local variable 'warnMsg' referenced before assignment
[*] shutting down at: 03:07:59
//----------------------------------------------------------------------------
The problem might (I'm not sure) have something to do with the sessionID
since it was expired when I checked it the next morning.
I also mentioned that a number of functions is not (yet) implemented for
Oracle databases. I used to do lots of Oracle pentests in the past and
wrote lots of tools including support for command execution on Oracle
(with Java enabled) and password crackers
<http://www.thc.org/thc-orakelcrackert11g>
<http://www.thc.org/thc-orakel>. Please let me know if help is
appreciated.
Cheers,
Jeroen
|
|
From: Adi M. <adi...@ya...> - 2009-12-22 07:22:30
|
Hello,
I have found manually an inband vulnerability which uses ms-sql as a db server, however sqlmap is unable to detect it. I've tried creating a log file (similar to the one created with -s option by sqlmap), I have filled all the data I thought necessary hand, so that sqlmap can read it from there......however this doesn't work also and sqlmap goes blind....Any idea why? Or can you show me the correct syntax of this log file?
Thanks,
ps: of course making sqlmap detect the vuln. in the first place, would be perfect;)....
|
|
From: wullie m. <wul...@go...> - 2009-12-21 23:30:13
|
Hi list First off I just want to say thanks such a great tool and really appreciate all the hard work that you put into the project. When ever I use this to exploit a system, I usually get user names and passwords and all kinds of other which can come in handy. What I would really like to know is how to get command execution on a server that does not support batched queries? Please forgive me for being a noob to webapp security but in mysql I know there is the UDF's you have created but what is the present requirements to use these? I have had read and write access but still no shell have even been dba on a mssql system but still no shell are these limitations of the tool or could this be something to do with the paths Im asked for? Also is there any way I can get command execution on a system with only read access? I have heard this is possible via log poisening does anyone have any pointers on this. Thanks in advance -rogue |
48 messages has been excluded from this view by a project administrator.
