sqlmap-users — sqlmap users mailing list

Re: [sqlmap-users] sqlmap bugs!

[Bernardo D. A. G. <ber...@gm...>]

Hi,

2009/6/5 peterdocter <doc...@gm...>:
> sqlmap is so good working for mysql 5.x or have Schema
>
> some bugs:
> mysql<=4.x
> A:
> vul:
> http://test.com/test.php?id=1 SQL
> The admin table is exists!
> But I use:
> ./sqlmap -u http://test.com/test.php?id=1
>
> --sql-query "select * from admin"
> do not working???

On MySQL < 5.0 there is not information_schema and sqlmap does not
perform any bruteforce on the tables/columns names. This said, the
asterisk can not be expanded to the columns within the admin table.
However, you can use --dump -T admin -D databasename -C col1,col2,col3
assuming you know already the columns and the databasename.

> B:
> vul:
>
> http://test.com/test.php?id=1' SQL /*
>
>    --prefix=PREFIX     Injection payload prefix string
>    --postfix=POSTFIX   Injection payload postfix string
>
> ./sqlmap -u http://test.com/test.php?id=1
> --prefix "'"
> --postfix "/*"
> sqlmap is not working too!!!

Run it with -v 3 and see if the SQL payload is forged as you expect.

> Wish add:
> Fuzz Tables and Columns or brute force for dictionary file
> Manually injected into sql
>
> I meet a lot of is:
> http://test.com/test.php/id/1 SQL
>
> or tell me how to add it and resolve bugs?

This is something that I will work in the long run.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] unhandled exceptions

[Bernardo D. A. G. <ber...@gm...>]

Hi Simon,

I will have a look at this bug soon. It's not specific to cygwin.
Thanks for reporting.

Cheers,
Bernardo


On Fri, May 22, 2009 at 16:31, Simon Baker <Si...@se...> wrote:
> ...
Hi Guys,
>
>
>
> Error message told me to tell you that you’d like to know about this.
> Probably a cygwin specific issue, I know it’s not supported so give me a
> slap and tell me shush.
>
>
>
> S.
>
>
>
>
>
>
>
> [16:28:58] [INFO] the back-end DBMS operating system is Linux
>
> [16:28:58] [INFO] fetching file: 'my.cnf'
>
> [16:28:58] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
>
> sqlmap version: 0.7rc1
>
> Python version: 2.5.2
>
> Operating system: cygwin
>
> Traceback (most recent call last):
>
>   File "./sqlmap.py", line 81, in main
>
>     start()
>
>   File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/lib/controller/controller.py",
> line 265, in start
>
>   File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/lib/controller/action.py", line
> 130, in action
>
>   File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/plugins/generic/filesystem.py",
> line 304, in readFile
>
>   File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/plugins/generic/filesystem.py",
> line 77, in __unhexString
>
> TypeError: Odd-length string
>
>
>
> [*] shutting down at: 16:28:58


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

[sqlmap-users] exception in /plugins/generic/filesystem.py

[Dan G. <dg...@gm...>]

Trying to make one of those OS-commanding videos you asked about in
your blog :-)

11:37:38] [ERROR] unhandled exception in sqlmap/0.7rc2, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon
as possible:
sqlmap version: 0.7rc2
Python version: 2.5.1
Operating system: darwin
Traceback (most recent call last):
  File "./sqlmap.py", line 84, in main
    start()
  File "/Users/dguido/bin/sqlmap/lib/controller/controller.py", line
263, in start
    action()
  File "/Users/dguido/bin/sqlmap/lib/controller/action.py", line 130, in action
    dumper.string("%s file saved to" % conf.rFile,
conf.dbmsHandler.readFile(conf.rFile), sort=False)
  File "/Users/dguido/bin/sqlmap/plugins/generic/filesystem.py", line
302, in readFile
    fileContent = self.__unhexString(fileContent)
  File "/Users/dguido/bin/sqlmap/plugins/generic/filesystem.py", line
75, in __unhexString
    unhexStr = binascii.unhexlify(hexStr)
TypeError: Odd-length string

--
Dan Guido

Re: [sqlmap-users] Crash

[Bernardo D. A. G. <ber...@gm...>]

Hi Joe,

this bug is fixed since 0.7rc1. Checkout sqlmap from svn repository.

Cheers,
Bernardo


On Mon, May 25, 2009 at 18:33, Pragmatk <pra...@gm...> wrote:
> [18:32:00] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
> command
> line and the following text and send by e-mail to
> sql...@li...urceforge
> .net. The developers will fix it as soon as possible:
> sqlmap version: 0.6.4
> Python version: 2.6.1
> Operating system: win32
> Traceback (most recent call last):
>  File "Z:\sqlmap_svn\sqlmap.py", line 81, in main
>    start()
>  File "Z:\sqlmap_svn\lib\controller\controller.py", line 255, in start
>    action()
>  File "Z:\sqlmap_svn\lib\controller\action.py", line 49, in action
>    conf.dbmsHandler = setHandler()
>  File "Z:\sqlmap_svn\lib\controller\handler.py", line 65, in setHandler
>    if dbmsHandler.checkDbms():
>  File "Z:\sqlmap_svn\plugins\dbms\mysql.py", line 274, in checkDbms
>    self.getPrematureBanner("VERSION()")
>  File "Z:\sqlmap_svn\plugins\generic\enumeration.py", line 80, in
> getPrematureB
> anner
>    self.banner = inject.getValue(query)
>  File "Z:\sqlmap_svn\lib\request\inject.py", line 353, in getValue
>    value = __goInband(expression, expected)
>  File "Z:\sqlmap_svn\lib\request\inject.py", line 329, in __goInband
>    output = unionUse(expression, resetCounter=True)
>  File "Z:\sqlmap_svn\lib\techniques\inband\union\use.py", line 134, in
> unionUse
>
>    unionTest()
>  File "Z:\sqlmap_svn\lib\techniques\inband\union\test.py", line 167, in
> unionTe
> st
>    value, columns = __unionTestByNULLBruteforce(comment)
> TypeError: __unionTestByNULLBruteforce() takes exactly 2 arguments (1 given)
>
> [*] shutting down at: 18:32:00
> --
> Joe / "Pragmatk" (Hacklab / Attack Research)
> PGP: pgp.mit.edu 0x323C7837
> 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://www.creativitycat.com
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

[sqlmap-users] Crash

[Pragmatk <pra...@gm...>]

[18:32:00] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
command
line and the following text and send by e-mail to
sql...@li...urceforge
.net. The developers will fix it as soon as possible:
sqlmap version: 0.6.4
Python version: 2.6.1
Operating system: win32
Traceback (most recent call last):
  File "Z:\sqlmap_svn\sqlmap.py", line 81, in main
    start()
  File "Z:\sqlmap_svn\lib\controller\controller.py", line 255, in start
    action()
  File "Z:\sqlmap_svn\lib\controller\action.py", line 49, in action
    conf.dbmsHandler = setHandler()
  File "Z:\sqlmap_svn\lib\controller\handler.py", line 65, in setHandler
    if dbmsHandler.checkDbms():
  File "Z:\sqlmap_svn\plugins\dbms\mysql.py", line 274, in checkDbms
    self.getPrematureBanner("VERSION()")
  File "Z:\sqlmap_svn\plugins\generic\enumeration.py", line 80, in
getPrematureB
anner
    self.banner = inject.getValue(query)
  File "Z:\sqlmap_svn\lib\request\inject.py", line 353, in getValue
    value = __goInband(expression, expected)
  File "Z:\sqlmap_svn\lib\request\inject.py", line 329, in __goInband
    output = unionUse(expression, resetCounter=True)
  File "Z:\sqlmap_svn\lib\techniques\inband\union\use.py", line 134, in
unionUse

    unionTest()
  File "Z:\sqlmap_svn\lib\techniques\inband\union\test.py", line 167, in
unionTe
st
    value, columns = __unionTestByNULLBruteforce(comment)
TypeError: __unionTestByNULLBruteforce() takes exactly 2 arguments (1 given)

[*] shutting down at: 18:32:00
-- 
Joe / "Pragmatk" (Hacklab / Attack Research)
PGP: pgp.mit.edu 0x323C7837
6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837

Re: [sqlmap-users] cftoken

[Bernardo D. A. G. <ber...@gm...>]

Hi Dan,

avoid your troubles by providing to sqlmap the list of parameters to
scan for, it also accept multiple parameters comma separated. Refer to
the user's manual for further details.

Cheers,
Bernardo


On Fri, May 22, 2009 at 16:40, Dan Guido <dg...@gm...> wrote:
> Has anyone on the list had any trouble running sqlmap against
> ColdFusion servers? Specifically it stops scanning when analyzing the
> CFTOKEN cookie.
>
> --
> Dan Guido
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://www.creativitycat.com
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

[sqlmap-users] unhandled exceptions

[Simon B. <Si...@se...>]

Hi Guys,

Error message told me to tell you that you'd like to know about this.  Probably a cygwin specific issue, I know it's not supported so give me a slap and tell me shush.

S.



[16:28:58] [INFO] the back-end DBMS operating system is Linux
[16:28:58] [INFO] fetching file: 'my.cnf'
[16:28:58] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible:
sqlmap version: 0.7rc1
Python version: 2.5.2
Operating system: cygwin
Traceback (most recent call last):
  File "./sqlmap.py", line 81, in main
    start()
  File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/lib/controller/controller.py", line 265, in start
  File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/lib/controller/action.py", line 130, in action
  File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/plugins/generic/filesystem.py", line 304, in readFile
  File "/cygdrive/c/INCOMING/sqlmap-0.7rc1/plugins/generic/filesystem.py", line 77, in __unhexString
TypeError: Odd-length string

[*] shutting down at: 16:28:58


This e-mail and any attached files are confidential and may also be legally privileged. They are intended solely for the intended addressee. If you are not the addressee please e-mail it back to the sender and then immediately, permanently delete it. Do not read, print, re-transmit, store or act in reliance on it. This e-mail may be monitored by Sec-1 Ltd in accordance with current regulations. This footnote also confirms that this e-mail message has been swept for the presence of computer viruses currently known to Sec-1 Ltd. However, the recipient is responsible for virus-checking before opening this message and any attachment. Unless expressly stated to the contrary, any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Sec-1 Ltd.
Registered Name: Sec-1 Ltd, Registration Number: 4138637, Registered Office Address: Unit 4, Spring Valley Park, Butler Way, Stanningley, Leeds, LS28 6EA.

[sqlmap-users] cftoken

[Dan G. <dg...@gm...>]

Has anyone on the list had any trouble running sqlmap against
ColdFusion servers? Specifically it stops scanning when analyzing the
CFTOKEN cookie.

--
Dan Guido

Re: [sqlmap-users] sqlmap exceptions

[Bernardo D. A. G. <ber...@gm...>]

Hi,

Fixed and commited on SVN.
Thanks for reporting.

Cheers,
Bernardo


On Sun, May 17, 2009 at 22:57, Y P Chien <yp...@co...> wrote:
> sqlmap version: 0.7rc1
> Python version: 2.5.2
> Operating system: linux2
> Traceback (most recent call last):
>   File "/usr/bin/sqlmap", line 81, in main
>     start()
>   File "/usr/share/sqlmap/lib/controller/controller.py", line 265, in start
>     action()
>   File "/usr/share/sqlmap/lib/controller/action.py", line 120, in action
>     conf.dbmsHandler.dumpAll()
>   File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 1095, in
> dumpAll
>     dumper.dbTableValues(data)
>   File "/usr/share/sqlmap/lib/core/dump.py", line 259, in dbTableValues
>     dataToDumpFile(dumpFP, "\"%s\"," % column)
> UnboundLocalError: local variable 'dumpFP' referenced before assignment


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] bug

[Bernardo D. A. G. <ber...@gm...>]

Hi Gabriel,

On Thu, May 14, 2009 at 14:10, Gabriel eu <mes...@gm...> wrote:
> cmd: ./sqlmap.py -u
> "http://.../?conteudo=integra&numero=97&titulo=Uma%20refdorma%20atrasada"
> -p numero --union-use --read-file
> '.../login.php
>...
>     unhexStr = binascii.unhexlify(hexStr)
> TypeError: Odd-length string

It looks like the enumerated hexadecimal encoded file content is not a
pair number so it can not be converted back to its original value on
the attacker side.
Use -s option to save the file content in the session file if possible
and get back to me privately.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] bug

[Bernardo D. A. G. <ber...@gm...>]

Hi,

On Sun, May 17, 2009 at 13:01,  <un...@we...> wrote:
> ...
> sqlmap version: 0.6.4
> Python version: 2.5.4
> Operating system: win32
> Traceback (most recent call last):
> ...
>  File "httplib.pyc", line 509, in read
>  File "httplib.pyc", line 554, in _read_chunked
>  File "httplib.pyc", line 604, in _safe_read
> IncompleteRead: ['ef="/index.php?modul=magazin&amp;action=show_channel&amp;magaz
> ...

It looks like this is a known bug in Python standard library httplib.
I could catch this exception, but this would not solve the problem.
Give it a try with the latest stable Python 2.6.

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] bug

[Christian E. E. <c_e...@ya...>]

I Agree. This isn't ethical at all.
Another solution should be to moderate this list.

 ---
Christian Eric Edjenguele
IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect
mobile (IT): +39 3408580513



----- Messaggio originale -----
> Da: "Stiefenhofer, Marek" <M.S...@r-...>
> A: Gabriel eu <mes...@gm...>; sql...@li...
> Inviato: Lunedì 18 maggio 2009, 9:17:51
> Oggetto: Re: [sqlmap-users] bug
> 
> People,
> 
> For the good of this list and the developer(s) of sqlmap - please don't
> post any real world exploits here. At least anonymize your targets!
> I'm not a lawyer, but bugfixing this issue could surely be treated as
> crime abatement.
> 
> Sorry to suggest that, but maybe it's time for some ethical rules for
> this list?
> 
> -marek



      

Re: [sqlmap-users] bug

[Stiefenhofer, M. <M.S...@r-...>]

People,

For the good of this list and the developer(s) of sqlmap - please don't
post any real world exploits here. At least anonymize your targets!
I'm not a lawyer, but bugfixing this issue could surely be treated as
crime abatement.

Sorry to suggest that, but maybe it's time for some ethical rules for
this list?

-marek

[sqlmap-users] sqlmap exceptions

[Y P C. <yp...@co...>]

sqlmap version: 0.7rc1
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
  File "/usr/bin/sqlmap", line 81, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 265, in start
    action()
  File "/usr/share/sqlmap/lib/controller/action.py", line 120, in action
    conf.dbmsHandler.dumpAll()
  File "/usr/share/sqlmap/plugins/generic/enumeration.py", line 1095, in dumpAll
    dumper.dbTableValues(data)
  File "/usr/share/sqlmap/lib/core/dump.py", line 259, in dbTableValues
    dataToDumpFile(dumpFP, "\"%s\"," % column)
UnboundLocalError: local variable 'dumpFP' referenced before assignment

[sqlmap-users] bug

[<un...@we...>]

sqlmap -u "http://gesichterparty.de/index.php?modul=magazin&action=show_channel&magazin_channel_id=6&magazin_subchannel_id=17" --timeout 120 --string "Was in den USA bereits seit den 80er Jahren" -p "magazin_subchannel_id" --columns -D gesichterparty -T user



sqlmap version: 0.6.4
Python version: 2.5.4
Operating system: win32
Traceback (most recent call last):
  File "sqlmap.py", line 81, in main
  File "lib\controller\controller.pyc", line 255, in start
  File "lib\controller\action.pyc", line 114, in action
  File "plugins\generic\enumeration.pyc", line 833, in getColumns
  File "lib\request\inject.pyc", line 364, in getValue
  File "lib\request\inject.pyc", line 297, in __goInferenceProxy
  File "lib\request\inject.pyc", line 100, in __goInferenceFields
  File "lib\request\inject.pyc", line 60, in __goInference
  File "lib\techniques\blind\inference.pyc", line 231, in bisection
  File "lib\techniques\blind\inference.pyc", line 102, in getChar
  File "lib\request\connect.pyc", line 268, in queryPage
  File "lib\request\connect.pyc", line 163, in getPage
  File "socket.pyc", line 304, in read
  File "httplib.pyc", line 509, in read
  File "httplib.pyc", line 554, in _read_chunked
  File "httplib.pyc", line 604, in _safe_read
IncompleteRead: ['ef="/index.php?modul=magazin&action=show_channel&magaz
in_channel_id=1">Highlights</a></li><li><a href="/index.php?modul=magazin&amp;ac
tion=show_channel&amp;magazin_channel_id=4">Entertainment</a></li><li><a href="/
index.php?modul=magazin&amp;action=show_channel&amp;magazin_channel_id=5">Lifest
yle</a></li><li><a href="/index.php?modul=magazin&amp;action=show_channel&amp;ma
gazin_channel_id=6">Sport &amp; Fun</a></li><li><a href="/index.php?modul=magazi
n&amp;action=show_channel&amp;magazin_channel_id=2">Events</a></li><li><a href="
/index.php?modul=magazin&amp;action=show_channel&amp;magazin_channel_id=3">Start
Up</a></li><li><a href="/index.php?modul=magazin&amp;action=show_channel&amp;mag
azin_channel_id=7">CoolArts</a></li><li><a href="/index.php?modul=magazin&amp;ac
tion=show_channel&amp;magazin_channel_id=5&amp;magazin_subchannel_id=30">GP-Mode
l</a></li><li><a href="http://twitter.com/DieRedaktion">Twitter</a></li></ul><ul
 class="submenu sub-gptv" id="submenu_7" onmouseover="YAHOO.gp.menu.show(7);"><l
i><a href="/gptv/onair">GP.TV live</a></li><li><a href="/gptv/offair">GP.TV</a><
/li><li><a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?i
d=294353995">GP.TV Podcast</a></li><li><a href="/gptv/archiv/">Sendungsarchiv</a
></li><li><a href="/index.php?modul=group&amp;group_id=241169">TV-Gruppe</a></li
><li><a href="/index.php?modul=board&amp;action=viewboard&amp;board_id=81">TV-Fo
rum</a></li></ul><ul class="submenu sub-gp2go" id="submenu_8" onmouseover="YAHOO
.gp.menu.show(8);"><li><a href="/index.php?modul=cms&cms_id=125">GP2GO</a></li><
li><a href="/index.php?modul=cms&cms_id=127">So geht\'s</a></li><li><a href="/in
dex.php?modul=cms&cms_id=128">FAQ</a></li></ul><ul class="submenu sub-region" id
="submenu_9" onmouseover="YAHOO.gp.menu.show(9);"><li><a href="javascript:YAHOO.
gp.regionselector.onSelect();">W&auml;hle Deine Region</a></li></ul></div>\n<div
 id="gp-breadcrumb"><p class="breadcrumb"><a href="/index.php?modul=magazin" tit
le="Magazin">Magazin</a><a href="/index.php?modul=magazin&action=show_channel&ma
gazin_channel_id=6" title="Sport & Fun">Sport & Fun</a><span class="here">Wie fu
nktioniert...?</span></p></div></div>\n\n\n</div>\n</div>\n\n<div id="custom-doc
" class="yui-t6">\n<div id="bd">\n<div id="yui-main">\n<div class="yui-b">\n<!--
 div class="yui-g" -->\n<div id="gp-content">\n<!-- google_ad_section_start -->\
n<div class="yui-u">\n<div id="article-headline" style="background-color:#008f01
">\n    <span class="channel">Sport & Fun</span> -\n    <span class="subchannel"
>Aktuelles</span>\n\n</div>\n\n<div id="article-abstract">\n\n\n<a style="float:
 left;" href="/index.php?modul=magazin&action=show_article&magazin_article_id=23
50">\n<img src="http://ec2-75-101-197-147.compute-1.amazonaws.com/images/cache/m
agazin_image/V4/2A/V42AvdmdKPo,16.jpg" class="alignleft"\n            width="356
" height="192"\n    />\n</a>\n\n<div class="abstract-content">\n        <a href=
"/index.php?modul=magazin&action=show_article&magazin_article_id=2350">\n    <h2
>Gro\xc3\x9fer Preis von Spanien in Barc']

[sqlmap-users] bug

[Gabriel eu <mes...@gm...>]

cmd: ./sqlmap.py -u "
http://www.amazontech2008.com.br/espanhol/index.php?conteudo=integra&numero=97&titulo=Uma%20refdorma%20atrasada"
-p numero --union-use --read-file
'/home/amazonte/public_html/admin/login.php



sqlmap version: 0.7rc1
Python version: 2.5
Operating system: linux2
Traceback (most recent call last):
  File "./sqlmap.py", line 81, in main
    start()
  File
"/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/lib/controller/controller.py",
line 265, in start
    action()
  File
"/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/lib/controller/action.py",
line 130, in action
    dumper.string("%s file saved to" % conf.rFile,
conf.dbmsHandler.readFile(conf.rFile), sort=False)
  File
"/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/plugins/generic/filesystem.py",
line 304, in readFile
    fileContent = self.__unhexString(fileContent)
  File
"/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/plugins/generic/filesystem.py",
line 77, in __unhexString
    unhexStr = binascii.unhexlify(hexStr)
TypeError: Odd-length string

Re: [sqlmap-users] holy moly.. MS access?

[Bernardo D. A. G. <ber...@gm...>]

In the long run, yes.

On Tue, May 12, 2009 at 11:43,  <ja...@ev...> wrote:
>
> Hey,
>
>  The unthinkable has happened. I've just stumbled upon a MS Access DB.
> The code is quite vulnerable however, sqlmap appears to not support MS
> Access out of box. Is there plans for this to be available?
>
> Would make my job easier ;X
>
> -Jamie


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

[sqlmap-users] holy moly.. MS access?

[<ja...@ev...>]

Hey,

  The unthinkable has happened. I've just stumbled upon a MS Access DB.
The code is quite vulnerable however, sqlmap appears to not support MS 
Access out of box. Is there plans for this to be available?

Would make my job easier ;X

-Jamie

Re: [sqlmap-users] Injection in non paremetrized URL

[Bernardo D. A. G. <ber...@gm...>]

It's not possible yet.
I will implement it in the long run.

Cheers,
Bernardo

On Tue, May 12, 2009 at 09:06, Konrads Smelkovs <ko...@sm...> wrote:
> Hello,
>
> What would be the best way in SQLmap to attempt to inject into eleemnts of
> URL path, not parametrs.
> Often, to achieve SEO web apps create meaningful paths,such as
> http://www.cms.dom/company/boss/foo / Internally, it is rewritten by web
> server (e.g. Apache rewrite) or handled as is (e.g. servlets). Somewhere
> down, the SQL looks like SELECT * from contents WHERE
> title="company~boss~foo" or similarly. How to inject those with SQLmap?
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
> ------------------------------------------------------------------------------
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK
> i700
> Series Scanner you'll get full speed at 300 dpi even with all image
> processing features enabled. http://p.sf.net/sfu/kodak-com
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

[sqlmap-users] Injection in non paremetrized URL

[Konrads S. <ko...@sm...>]

Hello,

What would be the best way in SQLmap to attempt to inject into eleemnts of
URL path, not parametrs.
Often, to achieve SEO web apps create meaningful paths,such as
http://www.cms.dom/company/boss/foo / Internally, it is rewritten by web
server (e.g. Apache rewrite) or handled as is (e.g. servlets). Somewhere
down, the SQL looks like SELECT * from contents WHERE
title="company~boss~foo" or similarly. How to inject those with SQLmap?
--
Konrads Smelkovs
Applied IT sorcery.

[sqlmap-users] Odd resutls

[Konrads S. <ko...@sm...>]

Hi,

sqlmap reported on a  injection like this:

[22:21:30] [INFO] GET parameter 'start' is double quoted string injectable
with 3 parenthesis
[22:21:30] [INFO] testing for parenthesis on injectable parameter
[22:21:38] [INFO] the injectable parameter requires 3 parenthesis
[22:21:38] [INFO] testing MySQL
[22:21:41] [INFO] confirming MySQL
[22:21:44] [INFO] retrieved:
[22:21:53] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL < 5.0.0
[22:21:53] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press
ENTER
sql-shell> show tables;
do you want to retrieve the SQL statement output? [Y/n]
[22:22:05] [INFO] fetching None query output: 'show%20tables%3B'
[22:22:05] [INFO] retrieved: �^C
[22:22:39] [ERROR] user aborted


 However, repeat attempts invoking same parameters failed. What could have
happened? I can't really confirm the vuln manually either, I tried "))) AND
1=2
--
Konrads Smelkovs
Applied IT sorcery.

Re: [sqlmap-users] --os-shell current

[Bernardo D. A. G. <ber...@gm...>]

It should be fixed now and commited.

Cheers,
Bernardo


On Wed, May 6, 2009 at 14:15, Nicolas Krassas <kr...@an...> wrote:
> Hi, i'm pasting the error that i get from the current svn revision
>
> [16:07:27] [ERROR] unhandled exception in sqlmap/0.7rc2, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.7rc2
> Python version: 2.5.2
> Operating system: linux2
> Traceback (most recent call last):
>  File "./sqlmap.py", line 84, in main
>    start()
>  File "/root/sqlmap/lib/controller/controller.py", line 263, in start
>    action()
>  File "/root/sqlmap/lib/controller/action.py", line 140, in action
>    conf.dbmsHandler.osShell()
>  File "/root/sqlmap/plugins/generic/takeover.py", line 294, in osShell
>    backdoorUrl = self.__webBackdoorInit()
>  File "/root/sqlmap/plugins/generic/takeover.py", line 186, in
> __webBackdoorInit
>    uplPage, _  = Request.getPage(url=uploaderUrl, direct=True)
>  File "/root/sqlmap/lib/request/connect.py", line 131, in getPage
>    conn           = urllib2.urlopen(req)
>  File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
>    return _opener.open(url, data)
>  File "/usr/lib/python2.5/urllib2.py", line 381, in open
>    response = self._open(req, data)
>  File "/usr/lib/python2.5/urllib2.py", line 399, in _open
>    '_open', req)
>  File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
>    result = func(*args)
>  File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open
>    return self.do_open(httplib.HTTPConnection, req)
>  File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open
>    h = http_class(host) # will parse host:port
>  File "/usr/lib/python2.5/httplib.py", line 639, in __init__
>    self._set_hostport(host, port)
>  File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport
>    raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
> InvalidURL: nonnumeric port: '80.'
>
> [*] shutting down at: 16:07:27
>
>
> Regards,
> Nicolas

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

[sqlmap-users] --os-shell current

[Nicolas K. <kr...@an...>]

Hi, i'm pasting the error that i get from the current svn revision

[16:07:27] [ERROR] unhandled exception in sqlmap/0.7rc2, please copy the 
command line and the following text and send by e-mail to 
sql...@li.... The developer will fix it as soon as 
possible:
sqlmap version: 0.7rc2
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
  File "./sqlmap.py", line 84, in main
    start()
  File "/root/sqlmap/lib/controller/controller.py", line 263, in start
    action()
  File "/root/sqlmap/lib/controller/action.py", line 140, in action
    conf.dbmsHandler.osShell()
  File "/root/sqlmap/plugins/generic/takeover.py", line 294, in osShell
    backdoorUrl = self.__webBackdoorInit()
  File "/root/sqlmap/plugins/generic/takeover.py", line 186, in 
__webBackdoorInit
    uplPage, _  = Request.getPage(url=uploaderUrl, direct=True)
  File "/root/sqlmap/lib/request/connect.py", line 131, in getPage
    conn           = urllib2.urlopen(req)
  File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
    return _opener.open(url, data)
  File "/usr/lib/python2.5/urllib2.py", line 381, in open
    response = self._open(req, data)
  File "/usr/lib/python2.5/urllib2.py", line 399, in _open
    '_open', req)
  File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.5/urllib2.py", line 1107, in http_open
    return self.do_open(httplib.HTTPConnection, req)
  File "/usr/lib/python2.5/urllib2.py", line 1064, in do_open
    h = http_class(host) # will parse host:port
  File "/usr/lib/python2.5/httplib.py", line 639, in __init__
    self._set_hostport(host, port)
  File "/usr/lib/python2.5/httplib.py", line 651, in _set_hostport
    raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
InvalidURL: nonnumeric port: '80.'

[*] shutting down at: 16:07:27


Regards,
Nicolas 

Re: [sqlmap-users] [sqlmap-devel] more bugs... sorry :)

[Bernardo D. A. G. <ber...@gm...>]

Hi Christian,

I will grant SVN write access only to experienced Python developers
and, as far as I know, nobody provided me with source code patches
more than once so far.

Cheers,
Bernardo


On Wed, Apr 29, 2009 at 08:06, Christian Eric EDJENGUELE
<c_e...@ya...> wrote:
> Hmm! It's likely those script aren't tested before submitting,
> Bernardo, if you need some help, maybe it's the time to grant svn write
> access to some developers, what do you think ?
> Cheers.
>  ---
> Christian Eric Edjenguele
> IT Security Software Developer & Researcher / Business Developer /
> Enterprise Software Architect
> mobile (IT): +39 3408580513


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] more bugs... sorry :)

[Bernardo D. A. G. <ber...@gm...>]

It should be fixed now. Commited.

On Wed, Apr 29, 2009 at 07:29, Patrick Webster <pa...@au...> wrote:
> [16:28:33] [ERROR] unhandled exception in sqlmap/0.7rc2, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.7rc2
> Python version: 2.4.3
> Operating system: linux2
> Traceback (most recent call last):
>   File "./sqlmap.py", line 84, in main
>     start()
>   File "/home/patrick/sqlmap/lib/controller/controller.py", line 263, in
> start
>     action()
>   File "/home/patrick/sqlmap/lib/controller/action.py", line 111, in action
>     dumper.dbTables(conf.dbmsHandler.getTables())
>   File "/home/patrick/sqlmap/lib/core/dump.py", line 146, in dbTables
>     tables.sort(key=lambda x: x.lower())
> AttributeError: 'str' object has no attribute 'sort'
>
>
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F