sqlmap-users — sqlmap users mailing list

[sqlmap-users] ERROR in SQLMAP

[Alex G. <ger...@gm...>]

sqlmap version: 1.0-dev
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap -u **************************************** --dbs
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap", line 95, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 364, in start
    if not checkConnection(suppressOutput=conf.forms) or not checkString()
or not checkRegexp():
  File "/usr/share/sqlmap/lib/controller/checks.py", line 1213, in
checkConnection
    page, _ = Request.queryPage(content=True, noteResponseTime=False)
  File "/usr/share/sqlmap/lib/request/connect.py", line 894, in queryPage
    page, headers, code = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, referer=referer, host=host, silent=silent,
method=method, auxHeaders=auxHeaders, response=response, raise404=raise404,
ignoreTimeout=timeBasedCompare)
  File "/usr/share/sqlmap/lib/request/connect.py", line 573, in getPage
    processResponse(page, responseHeaders)
  File "/usr/share/sqlmap/lib/request/basic.py", line 303, in
processResponse
    parseResponse(page, responseHeaders if kb.processResponseCounter <
PARSE_HEADERS_LIMIT else None)
  File "/usr/share/sqlmap/lib/request/basic.py", line 122, in parseResponse
    headersParser(headers)
  File "/usr/share/sqlmap/lib/parse/headers.py", line 43, in headersParser
    parseXmlFile(xmlfile, handler)
  File "/usr/share/sqlmap/lib/core/common.py", line 1672, in parseXmlFile
    with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as
stream:
  File "/usr/share/sqlmap/lib/core/common.py", line 1728, in
readCachedFileContent
    kb.cache.content[filename] = f.read()
  File "/usr/lib/python2.7/codecs.py", line 671, in read
    return self.reader.read(size)
  File "/usr/lib/python2.7/codecs.py", line 471, in read
    newdata = self.stream.read()
IOError: [Errno 5] Input/output error

Re: [sqlmap-users] Select Sorting Order

[Miroslav S. <mir...@gm...>]

There is no way how to retrieve DBMS data entry by entry in same order as
stored inside. That's a known problem for all databases. Please do some
research.

Bye
On Jul 9, 2014 11:02 PM, "Matthew H" <cap...@gm...> wrote:

> Hi,
>
> I'm working on a Oracle target when I get select query result or dump
> something the order of columns are not in same order, I got a schema also
> but each is different.
>
> I am trying to simulate that database in my local host and I used the
> table schema sorting to create the columns.
>
> but upon entering results from the attacked sql i found out the columns
> are not in same order with my simulated one.
>
> can you help me with this.
>
> thanks.
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

Re: [sqlmap-users] Select Sorting Order

[Brandon P. <bpe...@gm...>]

How many threads are you using? Maybe just use a single one?


On Wed, Jul 9, 2014 at 10:32 AM, Matthew H <cap...@gm...> wrote:

> Hi,
>
> I'm working on a Oracle target when I get select query result or dump
> something the order of columns are not in same order, I got a schema also
> but each is different.
>
> I am trying to simulate that database in my local host and I used the
> table schema sorting to create the columns.
>
> but upon entering results from the attacked sql i found out the columns
> are not in same order with my simulated one.
>
> can you help me with this.
>
> thanks.
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] Select Sorting Order

[Matthew H <cap...@gm...>]

Hi,

I'm working on a Oracle target when I get select query result or dump
something the order of columns are not in same order, I got a schema also
but each is different.

I am trying to simulate that database in my local host and I used the table
schema sorting to create the columns.

but upon entering results from the attacked sql i found out the columns are
not in same order with my simulated one.

can you help me with this.

thanks.

Re: [sqlmap-users] sql-map sql shell option

[Sabin R. <thi...@gm...>]

ok, cool. thanks.


On Wed, Jul 9, 2014 at 12:44 PM, Miroslav Stampar <
mir...@gm...> wrote:

> I've already said that there is nothing more than subquerying. Than means
> that it works in application layer without any username/password
>
> bye
>
>
> On Wed, Jul 9, 2014 at 8:33 AM, Sabin Ranjit <thi...@gm...>
> wrote:
>
>> in which layer does the sqlmap work on for this? does it goes in database
>> layer or resides in application layer for finding database user/ password?
>>
>>
>> On Wed, Jul 9, 2014 at 12:02 PM, Miroslav Stampar <
>> mir...@gm...> wrote:
>>
>>> It just uses found SQLi to carry a given SQL (as a subquery). There is
>>> no direct connection. There is no brute forcing.
>>>
>>> Bye
>>> On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...>
>>> wrote:
>>>
>>>>   Hi all,
>>>>
>>>>
>>>>
>>>> Can someone tell me that how does sql map open a sql shell for me. How
>>>> does it come to know the password of the database user. Is it brute force?
>>>>
>>>>
>>>>
>>>> Vivek Sharma
>>>>
>>>> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY
>>>> BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
>>>> subsidiaries, ("BlackRock") does not waive any confidentiality or
>>>> privilege. If you are not the intended recipient, please notify us
>>>> immediately and destroy the message without disclosing its contents to
>>>> anyone. Any distribution, use or copying of this e-mail or the information
>>>> it contains by other than an intended recipient is unauthorized. The views
>>>> and opinions expressed in this e-mail message are the author's own and may
>>>> not reflect the views and opinions of BlackRock, unless the author is
>>>> authorized by BlackRock to express such views or opinions on its behalf.
>>>> All email sent to or from this address is subject to electronic storage and
>>>> review by BlackRock. Although BlackRock operates anti-virus programs, it
>>>> does not accept responsibility for any damage whatsoever caused by viruses
>>>> being passed.
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Open source business process management suite built on Java and Eclipse
>>>> Turn processes into business applications with Bonita BPM Community
>>>> Edition
>>>> Quickly connect people, data, and systems into organized workflows
>>>> Winner of BOSSIE, CODIE, OW2 and Gartner awards
>>>> http://p.sf.net/sfu/Bonitasoft
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sql...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Open source business process management suite built on Java and Eclipse
>>> Turn processes into business applications with Bonita BPM Community
>>> Edition
>>> Quickly connect people, data, and systems into organized workflows
>>> Winner of BOSSIE, CODIE, OW2 and Gartner awards
>>> http://p.sf.net/sfu/Bonitasoft
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>

Re: [sqlmap-users] sql-map sql shell option

[Miroslav S. <mir...@gm...>]

I've already said that there is nothing more than subquerying. Than means
that it works in application layer without any username/password

bye


On Wed, Jul 9, 2014 at 8:33 AM, Sabin Ranjit <thi...@gm...> wrote:

> in which layer does the sqlmap work on for this? does it goes in database
> layer or resides in application layer for finding database user/ password?
>
>
> On Wed, Jul 9, 2014 at 12:02 PM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> It just uses found SQLi to carry a given SQL (as a subquery). There is no
>> direct connection. There is no brute forcing.
>>
>> Bye
>> On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...>
>> wrote:
>>
>>>   Hi all,
>>>
>>>
>>>
>>> Can someone tell me that how does sql map open a sql shell for me. How
>>> does it come to know the password of the database user. Is it brute force?
>>>
>>>
>>>
>>> Vivek Sharma
>>>
>>> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY
>>> BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
>>> subsidiaries, ("BlackRock") does not waive any confidentiality or
>>> privilege. If you are not the intended recipient, please notify us
>>> immediately and destroy the message without disclosing its contents to
>>> anyone. Any distribution, use or copying of this e-mail or the information
>>> it contains by other than an intended recipient is unauthorized. The views
>>> and opinions expressed in this e-mail message are the author's own and may
>>> not reflect the views and opinions of BlackRock, unless the author is
>>> authorized by BlackRock to express such views or opinions on its behalf.
>>> All email sent to or from this address is subject to electronic storage and
>>> review by BlackRock. Although BlackRock operates anti-virus programs, it
>>> does not accept responsibility for any damage whatsoever caused by viruses
>>> being passed.
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Open source business process management suite built on Java and Eclipse
>>> Turn processes into business applications with Bonita BPM Community
>>> Edition
>>> Quickly connect people, data, and systems into organized workflows
>>> Winner of BOSSIE, CODIE, OW2 and Gartner awards
>>> http://p.sf.net/sfu/Bonitasoft
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Open source business process management suite built on Java and Eclipse
>> Turn processes into business applications with Bonita BPM Community
>> Edition
>> Quickly connect people, data, and systems into organized workflows
>> Winner of BOSSIE, CODIE, OW2 and Gartner awards
>> http://p.sf.net/sfu/Bonitasoft
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] sql-map sql shell option

[Sabin R. <thi...@gm...>]

in which layer does the sqlmap work on for this? does it goes in database
layer or resides in application layer for finding database user/ password?


On Wed, Jul 9, 2014 at 12:02 PM, Miroslav Stampar <
mir...@gm...> wrote:

> It just uses found SQLi to carry a given SQL (as a subquery). There is no
> direct connection. There is no brute forcing.
>
> Bye
> On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...>
> wrote:
>
>>   Hi all,
>>
>>
>>
>> Can someone tell me that how does sql map open a sql shell for me. How
>> does it come to know the password of the database user. Is it brute force?
>>
>>
>>
>> Vivek Sharma
>>
>> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY
>> BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
>> subsidiaries, ("BlackRock") does not waive any confidentiality or
>> privilege. If you are not the intended recipient, please notify us
>> immediately and destroy the message without disclosing its contents to
>> anyone. Any distribution, use or copying of this e-mail or the information
>> it contains by other than an intended recipient is unauthorized. The views
>> and opinions expressed in this e-mail message are the author's own and may
>> not reflect the views and opinions of BlackRock, unless the author is
>> authorized by BlackRock to express such views or opinions on its behalf.
>> All email sent to or from this address is subject to electronic storage and
>> review by BlackRock. Although BlackRock operates anti-virus programs, it
>> does not accept responsibility for any damage whatsoever caused by viruses
>> being passed.
>>
>>
>> ------------------------------------------------------------------------------
>> Open source business process management suite built on Java and Eclipse
>> Turn processes into business applications with Bonita BPM Community
>> Edition
>> Quickly connect people, data, and systems into organized workflows
>> Winner of BOSSIE, CODIE, OW2 and Gartner awards
>> http://p.sf.net/sfu/Bonitasoft
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

Re: [sqlmap-users] sql-map sql shell option

[Miroslav S. <mir...@gm...>]

It just uses found SQLi to carry a given SQL (as a subquery). There is no
direct connection. There is no brute forcing.

Bye
On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...> wrote:

>   Hi all,
>
>
>
> Can someone tell me that how does sql map open a sql shell for me. How
> does it come to know the password of the database user. Is it brute force?
>
>
>
> Vivek Sharma
>
> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE
> PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its
> subsidiaries, ("BlackRock") does not waive any confidentiality or
> privilege. If you are not the intended recipient, please notify us
> immediately and destroy the message without disclosing its contents to
> anyone. Any distribution, use or copying of this e-mail or the information
> it contains by other than an intended recipient is unauthorized. The views
> and opinions expressed in this e-mail message are the author's own and may
> not reflect the views and opinions of BlackRock, unless the author is
> authorized by BlackRock to express such views or opinions on its behalf.
> All email sent to or from this address is subject to electronic storage and
> review by BlackRock. Although BlackRock operates anti-virus programs, it
> does not accept responsibility for any damage whatsoever caused by viruses
> being passed.
>
>
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] sql-map sql shell option

[Sharma, V. <viv...@bl...>]

Hi all,

Can someone tell me that how does sql map open a sql shell for me. How does it come to know the password of the database user. Is it brute force?

Vivek Sharma

THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BlackRock, unless the author is authorized by BlackRock to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BlackRock. Although BlackRock operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.

[sqlmap-users] sqlmap

[Евгений <sh...@li...>]

Hi,when running sqlmap get the following message



[18:31:06] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
the latest development version from the GitHub repository. If the exception per
sists, please send by e-mail to 'sql...@li...' or open a n
ew issue at ' https://github.com/sqlmapproject/sqlmap/issues/new ' with the follow
ing text and any information required to reproduce the bug. The developers will
try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev
Python version: 2.7.6
Operating system: nt
Command line: C:\sql\sql\sqlmap.py -u ******************************************
****
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "C:\sql\sql\sqlmap.py", line 95, in main
start()
File "C:\sql\sql\lib\controller\controller.py", line 364, in start
setupTargetEnv()
File "C:\sql\sql\lib\core\target.py", line 605, in setupTargetEnv
_createTargetDirs()
File "C:\sql\sql\lib\core\target.py", line 528, in _createTargetDirs
conf.outputPath = os.path.join(paths.SQLMAP_OUTPUT_PATH, getUnicode(conf.hos
tname))
File "C:\Python27\lib\ntpath.py", line 108, in join
path += "\\" + b
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc0 in position 9: ordinal
not in range(128)

[*] shutting down at 18:31:06
Pyton and sqlmap downloaded the latest version from official sources. Operating system Windows7. Help .

Re: [sqlmap-users] Can't dump on windows but on linux

[Brandon P. <bpe...@gm...>]

Are you on the same version?

Sent from a computer

> On Jun 23, 2014, at 10:55 AM, "Buttbuddiie ." <but...@gm...> wrote:
> 
> So I came across an annoying problem. There was a database with 10k users. I can only dump 500 of those users on windows using Python 2.7 newest version. My friend however who is on linux can dump all 10k. We are using the exact same command. It's not crashing, it's finishing up like there is only 500 users. What is the problem here?
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] Can't dump on windows but on linux

[Buttbuddiie . <but...@gm...>]

So I came across an annoying problem. There was a database with 10k users.
I can only dump 500 of those users on windows using Python 2.7 newest
version. My friend however who is on linux can dump all 10k. We are using
the exact same command. It's not crashing, it's finishing up like there is
only 500 users. What is the problem here?

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Brandon P. <bpe...@gm...>]

I was also able to shave off about 100 bytes using  --remove-section=.note
and  --remove-section=.comment as arguments to strip FWIW.


On Sat, Jun 21, 2014 at 1:25 PM, Brandon Perry <bpe...@gm...>
wrote:

> So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is
> coming up greater than 8192 bytes. I have attempted to whittle down the
> code to just what I was trying to test (sys_bineval) and even just sys_eval
> but I always get a so larger than 8k. This is larger than a page in pgsql,
> and so sqlmap bails when trying to insert it.
>
> Any thoughts on some I can do to get the size down? I am currently
> building with the make file and added -ffunction-sections -fdata-sections
> as well, but to no avail.
>
> gcc:
> bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ gcc
> --version
> gcc (Ubuntu/Linaro 4.7.2-2ubuntu1) 4.7.2
> Copyright (C) 2012 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.  There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
> bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$
>
>
>
> On Fri, Jun 20, 2014 at 2:16 PM, Bernardo Damele A. G. <
> ber...@gm...> wrote:
>
>> Yes, not high priority but it would be an improvement. Please first
>> verify if the current code works with SELinux without modifications - I
>> havent tested it myself.
>>
>> Bernardo
>>
>>
>> On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...>
>> wrote:
>>
>>> So, reading the source for the pgsql udf here:
>>>
>>>
>>> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c
>>>
>>> It looks like we mmap RWX memory in order to eval some commands. Was
>>> this tested on a machine with SELinux? In my experience, this actually
>>> fails to allocate when RWX is used as the permissions on the memory region
>>> (line 186).
>>>
>>> I have successfully gotten around this on some systems using a technique
>>> similar to that described at the bottom of this page (basically mapping two
>>> pointers to the same file, require FS access though…):
>>>
>>> http://www.akkadia.org/drepper/selinux-mem.html
>>>
>>> I am going to pull down the udfhack code and try it in a CentOS VM with
>>> SELinux enabled and see what happens. If it performs how I expect, would
>>> this be a useful addition to the UDF?
>>>
>>>
>>> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <
>>> bpe...@gm...> wrote:
>>>
>>>> Hey Bernardo,
>>>>
>>>> Any update to this?
>>>>
>>>>
>>>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
>>>> ber...@gm...> wrote:
>>>>
>>>>> I will be fixing this shortly.
>>>>>
>>>>> Bernardo
>>>>>
>>>>>
>>>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...>
>>>>> wrote:
>>>>>
>>>>>> Hello!
>>>>>>
>>>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
>>>>>> compiled/checked into source control.
>>>>>>
>>>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
>>>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
>>>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
>>>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
>>>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
>>>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
>>>>>> brandons-imac:sqlmap bperry$
>>>>>>
>>>>>> You can see that:
>>>>>>
>>>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>>>>>>
>>>>>> is missing. This leads to the following error. Anything I can do to
>>>>>> help, let me know:
>>>>>>
>>>>>> what is the back-end database management system architecture?
>>>>>> [1] 32-bit (default)
>>>>>> [2] 64-bit
>>>>>> > 2
>>>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
>>>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>>>>>>
>>>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80,
>>>>>> retry your run with the latest development version from the GitHub
>>>>>> repository. If the exception persists, please send by e-mail to '
>>>>>> sql...@li...' or open a new issue at '
>>>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the
>>>>>> following text and any information required to reproduce the bug. The
>>>>>> developers will try to reproduce the bug, fix it accordingly and get back
>>>>>> to you.
>>>>>> sqlmap version: 1.0-dev-f558b80
>>>>>> Python version: 2.7.5
>>>>>> Operating system: posix
>>>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5
>>>>>> --risk=3 --dbms=postgresql -o --os-shell
>>>>>> Technique: TIME
>>>>>> Back-end DBMS: PostgreSQL (fingerprinted)
>>>>>> Traceback (most recent call last):
>>>>>>   File "./sqlmap.py", line 95, in main
>>>>>>     start()
>>>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py",
>>>>>> line 585, in start
>>>>>>     action()
>>>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line
>>>>>> 160, in action
>>>>>>     conf.dbmsHandler.osShell()
>>>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py",
>>>>>> line 80, in osShell
>>>>>>     self.initEnv(web=web)
>>>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py",
>>>>>> line 198, in initEnv
>>>>>>     success = self.udfInjectSys()
>>>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184,
>>>>>> in udfInjectSys
>>>>>>     return self.udfInjectCore(self.sysUdfs)
>>>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149,
>>>>>> in udfInjectCore
>>>>>>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
>>>>>> "binary", forceCheck=True)
>>>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py",
>>>>>> line 270, in writeFile
>>>>>>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
>>>>>> forceCheck)
>>>>>>   File
>>>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
>>>>>> 37, in stackedWriteFile
>>>>>>     wFileSize = os.path.getsize(wFile)
>>>>>>   File
>>>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
>>>>>> line 49, in getsize
>>>>>>     return os.stat(filename).st_size
>>>>>> OSError: [Errno 2] No such file or directory:
>>>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>>>>>>
>>>>>> [*] shutting down at 22:48:43
>>>>>>
>>>>>>
>>>>>> --
>>>>>> http://volatile-minds.blogspot.com -- blog
>>>>>> http://www.volatileminds.net -- website
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Bernardo Damele A. G.
>>>>>
>>>>> E-mail / Jabber: bernardo.damele (at) gmail.com
>>>>> Mobile: +447788962949 (UK 07788962949)
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> http://volatile-minds.blogspot.com -- blog
>>>> http://www.volatileminds.net -- website
>>>>
>>>
>>>
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>
>>
>> --
>> Bernardo Damele A. G.
>>
>> E-mail / Jabber: bernardo.damele (at) gmail.com
>> Mobile: +447788962949 (UK 07788962949)
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Brandon P. <bpe...@gm...>]

So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is
coming up greater than 8192 bytes. I have attempted to whittle down the
code to just what I was trying to test (sys_bineval) and even just sys_eval
but I always get a so larger than 8k. This is larger than a page in pgsql,
and so sqlmap bails when trying to insert it.

Any thoughts on some I can do to get the size down? I am currently building
with the make file and added -ffunction-sections -fdata-sections as well,
but to no avail.

gcc:
bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ gcc
--version
gcc (Ubuntu/Linaro 4.7.2-2ubuntu1) 4.7.2
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$



On Fri, Jun 20, 2014 at 2:16 PM, Bernardo Damele A. G. <
ber...@gm...> wrote:

> Yes, not high priority but it would be an improvement. Please first verify
> if the current code works with SELinux without modifications - I havent
> tested it myself.
>
> Bernardo
>
>
> On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...>
> wrote:
>
>> So, reading the source for the pgsql udf here:
>>
>>
>> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c
>>
>> It looks like we mmap RWX memory in order to eval some commands. Was this
>> tested on a machine with SELinux? In my experience, this actually fails to
>> allocate when RWX is used as the permissions on the memory region (line
>> 186).
>>
>> I have successfully gotten around this on some systems using a technique
>> similar to that described at the bottom of this page (basically mapping two
>> pointers to the same file, require FS access though…):
>>
>> http://www.akkadia.org/drepper/selinux-mem.html
>>
>> I am going to pull down the udfhack code and try it in a CentOS VM with
>> SELinux enabled and see what happens. If it performs how I expect, would
>> this be a useful addition to the UDF?
>>
>>
>> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm...
>> > wrote:
>>
>>> Hey Bernardo,
>>>
>>> Any update to this?
>>>
>>>
>>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
>>> ber...@gm...> wrote:
>>>
>>>> I will be fixing this shortly.
>>>>
>>>> Bernardo
>>>>
>>>>
>>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...>
>>>> wrote:
>>>>
>>>>> Hello!
>>>>>
>>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
>>>>> compiled/checked into source control.
>>>>>
>>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
>>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
>>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
>>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
>>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
>>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
>>>>> brandons-imac:sqlmap bperry$
>>>>>
>>>>> You can see that:
>>>>>
>>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>>>>>
>>>>> is missing. This leads to the following error. Anything I can do to
>>>>> help, let me know:
>>>>>
>>>>> what is the back-end database management system architecture?
>>>>> [1] 32-bit (default)
>>>>> [2] 64-bit
>>>>> > 2
>>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
>>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>>>>>
>>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80,
>>>>> retry your run with the latest development version from the GitHub
>>>>> repository. If the exception persists, please send by e-mail to '
>>>>> sql...@li...' or open a new issue at '
>>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the
>>>>> following text and any information required to reproduce the bug. The
>>>>> developers will try to reproduce the bug, fix it accordingly and get back
>>>>> to you.
>>>>> sqlmap version: 1.0-dev-f558b80
>>>>> Python version: 2.7.5
>>>>> Operating system: posix
>>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5
>>>>> --risk=3 --dbms=postgresql -o --os-shell
>>>>> Technique: TIME
>>>>> Back-end DBMS: PostgreSQL (fingerprinted)
>>>>> Traceback (most recent call last):
>>>>>   File "./sqlmap.py", line 95, in main
>>>>>     start()
>>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py",
>>>>> line 585, in start
>>>>>     action()
>>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line
>>>>> 160, in action
>>>>>     conf.dbmsHandler.osShell()
>>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py",
>>>>> line 80, in osShell
>>>>>     self.initEnv(web=web)
>>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py",
>>>>> line 198, in initEnv
>>>>>     success = self.udfInjectSys()
>>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184,
>>>>> in udfInjectSys
>>>>>     return self.udfInjectCore(self.sysUdfs)
>>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149,
>>>>> in udfInjectCore
>>>>>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
>>>>> "binary", forceCheck=True)
>>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py",
>>>>> line 270, in writeFile
>>>>>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
>>>>> forceCheck)
>>>>>   File
>>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
>>>>> 37, in stackedWriteFile
>>>>>     wFileSize = os.path.getsize(wFile)
>>>>>   File
>>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
>>>>> line 49, in getsize
>>>>>     return os.stat(filename).st_size
>>>>> OSError: [Errno 2] No such file or directory:
>>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>>>>>
>>>>> [*] shutting down at 22:48:43
>>>>>
>>>>>
>>>>> --
>>>>> http://volatile-minds.blogspot.com -- blog
>>>>> http://www.volatileminds.net -- website
>>>>>
>>>>
>>>>
>>>> --
>>>> Bernardo Damele A. G.
>>>>
>>>> E-mail / Jabber: bernardo.damele (at) gmail.com
>>>> Mobile: +447788962949 (UK 07788962949)
>>>>
>>>
>>>
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Bernardo D. A. G. <ber...@gm...>]

Yes, not high priority but it would be an improvement. Please first verify
if the current code works with SELinux without modifications - I havent
tested it myself.

Bernardo


On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...> wrote:

> So, reading the source for the pgsql udf here:
>
>
> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c
>
> It looks like we mmap RWX memory in order to eval some commands. Was this
> tested on a machine with SELinux? In my experience, this actually fails to
> allocate when RWX is used as the permissions on the memory region (line
> 186).
>
> I have successfully gotten around this on some systems using a technique
> similar to that described at the bottom of this page (basically mapping two
> pointers to the same file, require FS access though…):
>
> http://www.akkadia.org/drepper/selinux-mem.html
>
> I am going to pull down the udfhack code and try it in a CentOS VM with
> SELinux enabled and see what happens. If it performs how I expect, would
> this be a useful addition to the UDF?
>
>
> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm...
> <javascript:_e(%7B%7D,'cvml','bpe...@gm...');>> wrote:
>
>> Hey Bernardo,
>>
>> Any update to this?
>>
>>
>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
>> ber...@gm...
>> <javascript:_e(%7B%7D,'cvml','ber...@gm...');>> wrote:
>>
>>> I will be fixing this shortly.
>>>
>>> Bernardo
>>>
>>>
>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...
>>> <javascript:_e(%7B%7D,'cvml','bpe...@gm...');>> wrote:
>>>
>>>> Hello!
>>>>
>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
>>>> compiled/checked into source control.
>>>>
>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
>>>> brandons-imac:sqlmap bperry$
>>>>
>>>> You can see that:
>>>>
>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>>>>
>>>> is missing. This leads to the following error. Anything I can do to
>>>> help, let me know:
>>>>
>>>> what is the back-end database management system architecture?
>>>> [1] 32-bit (default)
>>>> [2] 64-bit
>>>> > 2
>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>>>>
>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80,
>>>> retry your run with the latest development version from the GitHub
>>>> repository. If the exception persists, please send by e-mail to '
>>>> sql...@li...' or open a new issue at '
>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>>> text and any information required to reproduce the bug. The developers will
>>>> try to reproduce the bug, fix it accordingly and get back to you.
>>>> sqlmap version: 1.0-dev-f558b80
>>>> Python version: 2.7.5
>>>> Operating system: posix
>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5
>>>> --risk=3 --dbms=postgresql -o --os-shell
>>>> Technique: TIME
>>>> Back-end DBMS: PostgreSQL (fingerprinted)
>>>> Traceback (most recent call last):
>>>>   File "./sqlmap.py", line 95, in main
>>>>     start()
>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py",
>>>> line 585, in start
>>>>     action()
>>>>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line
>>>> 160, in action
>>>>     conf.dbmsHandler.osShell()
>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py",
>>>> line 80, in osShell
>>>>     self.initEnv(web=web)
>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py",
>>>> line 198, in initEnv
>>>>     success = self.udfInjectSys()
>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184,
>>>> in udfInjectSys
>>>>     return self.udfInjectCore(self.sysUdfs)
>>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149,
>>>> in udfInjectCore
>>>>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
>>>> "binary", forceCheck=True)
>>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py",
>>>> line 270, in writeFile
>>>>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
>>>> forceCheck)
>>>>   File
>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
>>>> 37, in stackedWriteFile
>>>>     wFileSize = os.path.getsize(wFile)
>>>>   File
>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
>>>> line 49, in getsize
>>>>     return os.stat(filename).st_size
>>>> OSError: [Errno 2] No such file or directory:
>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>>>>
>>>> [*] shutting down at 22:48:43
>>>>
>>>>
>>>> --
>>>> http://volatile-minds.blogspot.com -- blog
>>>> http://www.volatileminds.net -- website
>>>>
>>>
>>>
>>> --
>>> Bernardo Damele A. G.
>>>
>>> E-mail / Jabber: bernardo.damele (at) gmail.com
>>> Mobile: +447788962949 (UK 07788962949)
>>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Brandon P. <bpe...@gm...>]

So, reading the source for the pgsql udf here:

https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c

It looks like we mmap RWX memory in order to eval some commands. Was this
tested on a machine with SELinux? In my experience, this actually fails to
allocate when RWX is used as the permissions on the memory region (line
186).

I have successfully gotten around this on some systems using a technique
similar to that described at the bottom of this page (basically mapping two
pointers to the same file, require FS access though…):

http://www.akkadia.org/drepper/selinux-mem.html

I am going to pull down the udfhack code and try it in a CentOS VM with
SELinux enabled and see what happens. If it performs how I expect, would
this be a useful addition to the UDF?


On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm...>
wrote:

> Hey Bernardo,
>
> Any update to this?
>
>
> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
> ber...@gm...> wrote:
>
>> I will be fixing this shortly.
>>
>> Bernardo
>>
>>
>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...>
>> wrote:
>>
>>> Hello!
>>>
>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
>>> compiled/checked into source control.
>>>
>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
>>> brandons-imac:sqlmap bperry$
>>>
>>> You can see that:
>>>
>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>>>
>>> is missing. This leads to the following error. Anything I can do to
>>> help, let me know:
>>>
>>> what is the back-end database management system architecture?
>>> [1] 32-bit (default)
>>> [2] 64-bit
>>> > 2
>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>>>
>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80,
>>> retry your run with the latest development version from the GitHub
>>> repository. If the exception persists, please send by e-mail to '
>>> sql...@li...' or open a new issue at '
>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>> text and any information required to reproduce the bug. The developers will
>>> try to reproduce the bug, fix it accordingly and get back to you.
>>> sqlmap version: 1.0-dev-f558b80
>>> Python version: 2.7.5
>>> Operating system: posix
>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5
>>> --risk=3 --dbms=postgresql -o --os-shell
>>> Technique: TIME
>>> Back-end DBMS: PostgreSQL (fingerprinted)
>>> Traceback (most recent call last):
>>>   File "./sqlmap.py", line 95, in main
>>>     start()
>>>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py",
>>> line 585, in start
>>>     action()
>>>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line
>>> 160, in action
>>>     conf.dbmsHandler.osShell()
>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line
>>> 80, in osShell
>>>     self.initEnv(web=web)
>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line
>>> 198, in initEnv
>>>     success = self.udfInjectSys()
>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in
>>> udfInjectSys
>>>     return self.udfInjectCore(self.sysUdfs)
>>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in
>>> udfInjectCore
>>>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
>>> "binary", forceCheck=True)
>>>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py",
>>> line 270, in writeFile
>>>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
>>> forceCheck)
>>>   File
>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
>>> 37, in stackedWriteFile
>>>     wFileSize = os.path.getsize(wFile)
>>>   File
>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
>>> line 49, in getsize
>>>     return os.stat(filename).st_size
>>> OSError: [Errno 2] No such file or directory:
>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>>>
>>> [*] shutting down at 22:48:43
>>>
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>
>>
>> --
>> Bernardo Damele A. G.
>>
>> E-mail / Jabber: bernardo.damele (at) gmail.com
>> Mobile: +447788962949 (UK 07788962949)
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Brandon P. <bpe...@gm...>]

Hey Bernardo,

Any update to this?


On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
ber...@gm...> wrote:

> I will be fixing this shortly.
>
> Bernardo
>
>
> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...>
> wrote:
>
>> Hello!
>>
>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
>> compiled/checked into source control.
>>
>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
>> brandons-imac:sqlmap bperry$
>>
>> You can see that:
>>
>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>>
>> is missing. This leads to the following error. Anything I can do to help,
>> let me know:
>>
>> what is the back-end database management system architecture?
>> [1] 32-bit (default)
>> [2] 64-bit
>> > 2
>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>>
>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80,
>> retry your run with the latest development version from the GitHub
>> repository. If the exception persists, please send by e-mail to '
>> sql...@li...' or open a new issue at '
>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>> text and any information required to reproduce the bug. The developers will
>> try to reproduce the bug, fix it accordingly and get back to you.
>> sqlmap version: 1.0-dev-f558b80
>> Python version: 2.7.5
>> Operating system: posix
>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3
>> --dbms=postgresql -o --os-shell
>> Technique: TIME
>> Back-end DBMS: PostgreSQL (fingerprinted)
>> Traceback (most recent call last):
>>   File "./sqlmap.py", line 95, in main
>>     start()
>>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line
>> 585, in start
>>     action()
>>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line
>> 160, in action
>>     conf.dbmsHandler.osShell()
>>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line
>> 80, in osShell
>>     self.initEnv(web=web)
>>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line
>> 198, in initEnv
>>     success = self.udfInjectSys()
>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in
>> udfInjectSys
>>     return self.udfInjectCore(self.sysUdfs)
>>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in
>> udfInjectCore
>>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
>> "binary", forceCheck=True)
>>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py",
>> line 270, in writeFile
>>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
>> forceCheck)
>>   File
>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
>> 37, in stackedWriteFile
>>     wFileSize = os.path.getsize(wFile)
>>   File
>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
>> line 49, in getsize
>>     return os.stat(filename).st_size
>> OSError: [Errno 2] No such file or directory:
>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>>
>> [*] shutting down at 22:48:43
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Does sqlmap have support for injection without quotes?

[Miroslav S. <mir...@gm...>]

Hi.

I believe that you are doing something wrong (at PHP side). Can you please
post the complete PHP used in your case? Also, do you get anything when you
use --parse-errors?

Kind regards,
Miroslav Stampar


On Mon, Jun 16, 2014 at 4:12 PM, Nikola Tesla <735...@gm...> wrote:

> There are times when the query being executed is something like:
> *'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'*
>
> I have noticed support for double quotes but sqlmap did not seem to be
> able to exploit a sample web app I setup locally that did not use quotes.
> The command I used was:
>  *./sqlmap.py -u http://localhost/numeric_injection.php?id=1
> <http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2
> --threads 5 --dbms mysql --random-agent -o --dump-all*
>
> Is there something wrong with the way commentI am running sqlmap or is
> this just not a feature yet?
>
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Does sqlmap have support for injection without quotes?

[Nikola T. <735...@gm...>]

There are times when the query being executed is something like:
*'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'*

I have noticed support for double quotes but sqlmap did not seem to be able
to exploit a sample web app I setup locally that did not use quotes. The
command I used was:
 *./sqlmap.py -u http://localhost/numeric_injection.php?id=1
<http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2
--threads 5 --dbms mysql --random-agent -o --dump-all*

Is there something wrong with the way commentI am running sqlmap or is this
just not a feature yet?

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Bernardo D. A. G. <ber...@gm...>]

I will be fixing this shortly.

Bernardo


On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> wrote:

> Hello!
>
> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
> compiled/checked into source control.
>
> brandons-imac:sqlmap bperry$ find . | grep postgresqludf
> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
> brandons-imac:sqlmap bperry$
>
> You can see that:
>
> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so
>
> is missing. This leads to the following error. Anything I can do to help,
> let me know:
>
> what is the back-end database management system architecture?
> [1] 32-bit (default)
> [2] 64-bit
> > 2
> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist
> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist
>
> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...
> <javascript:_e(%7B%7D,'cvml','sql...@li...');>' or
> open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new'
> with the following text and any information required to reproduce the bug.
> The developers will try to reproduce the bug, fix it accordingly and get
> back to you.
> sqlmap version: 1.0-dev-f558b80
> Python version: 2.7.5
> Operating system: posix
> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3
> --dbms=postgresql -o --os-shell
> Technique: TIME
> Back-end DBMS: PostgreSQL (fingerprinted)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 95, in main
>     start()
>   File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line
> 585, in start
>     action()
>   File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160,
> in action
>     conf.dbmsHandler.osShell()
>   File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line
> 80, in osShell
>     self.initEnv(web=web)
>   File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line
> 198, in initEnv
>     success = self.udfInjectSys()
>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in
> udfInjectSys
>     return self.udfInjectCore(self.sysUdfs)
>   File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in
> udfInjectCore
>     written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
> "binary", forceCheck=True)
>   File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line
> 270, in writeFile
>     written = self.stackedWriteFile(localFile, remoteFile, fileType,
> forceCheck)
>   File
> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
> 37, in stackedWriteFile
>     wFileSize = os.path.getsize(wFile)
>   File
> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
> line 49, in getsize
>     return os.stat(filename).st_size
> OSError: [Errno 2] No such file or directory:
> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'
>
> [*] shutting down at 22:48:43
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Sumit S. <si...@no...>]

this should help:

 <http://www.notsosecure.com/blog/2013/09/12/pwning-postgres-9-1/> http://www.notsosecure.com/blog/2013/09/12/pwning-postgres-9-1/

 

 

Founder/Director

NotSoSecure Limited,

9, Old Forge Way,

Sawston,

CB223BZ

www.notsosecure.com <http://www.notsosecure.com/>  

 

Upcoming events:

The Art of Exploiting Injection Flaws <http://blackhat.com/us-14/training/the-art-of-exploiting-injection-flaws.html> . 2 days hands-on training Black Hat 2014, Las Vegas

Advanced Android and iOS Exploitation <http://www.eventbrite.co.uk/e/advanced-android-and-ios-exploitation-tickets-11837214427> : 3 days hands-on training in London

 

From: Brandon Perry [mailto:bpe...@gm...] 
Sent: 14 June 2014 04:54
To: sqlmap users
Subject: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

 

Hello!

 

I have run into a small issue, it seems that the 9.1 pgsql udf wasn't compiled/checked into source control.

 

brandons-imac:sqlmap bperry$ find . | grep postgresqludf

./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so

./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll

./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll

./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll

./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll

brandons-imac:sqlmap bperry$

 

You can see that:

 

./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so

 

is missing. This leads to the following error. Anything I can do to help, let me know:

 

what is the back-end database management system architecture?

[1] 32-bit (default)

[2] 64-bit

> 2

[22:48:43] [INFO] checking if UDF 'sys_eval' already exist

[22:48:43] [INFO] checking if UDF 'sys_exec' already exist

 

[22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li... <mailto:sql...@li...> ' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.

sqlmap version: 1.0-dev-f558b80

Python version: 2.7.5

Operating system: posix

Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3 --dbms=postgresql -o --os-shell

Technique: TIME

Back-end DBMS: PostgreSQL (fingerprinted)

Traceback (most recent call last):

  File "./sqlmap.py", line 95, in main

    start()

  File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line 585, in start

    action()

  File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160, in action

    conf.dbmsHandler.osShell()

  File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line 80, in osShell

    self.initEnv(web=web)

  File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line 198, in initEnv

    success = self.udfInjectSys()

  File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in udfInjectSys

    return self.udfInjectCore(self.sysUdfs)

  File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in udfInjectCore

    written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", forceCheck=True)

  File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line 270, in writeFile

    written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck)

  File "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line 37, in stackedWriteFile

    wFileSize = os.path.getsize(wFile)

  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", line 49, in getsize

    return os.stat(filename).st_size

OSError: [Errno 2] No such file or directory: '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'

 

[*] shutting down at 22:48:43

 

 

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website 

[sqlmap-users] 64-bit pgsql 9.1 udf missing?

[Brandon P. <bpe...@gm...>]

Hello!

I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
compiled/checked into source control.

brandons-imac:sqlmap bperry$ find . | grep postgresqludf
./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so
./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll
./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll
./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll
./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll
brandons-imac:sqlmap bperry$

You can see that:

./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so

is missing. This leads to the following error. Anything I can do to help,
let me know:

what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
> 2
[22:48:43] [INFO] checking if UDF 'sys_eval' already exist
[22:48:43] [INFO] checking if UDF 'sys_exec' already exist

[22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry
your run with the latest development version from the GitHub repository. If
the exception persists, please send by e-mail to '
sql...@li...' or open a new issue at '
https://github.com/sqlmapproject/sqlmap/issues/new' with the following text
and any information required to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-f558b80
Python version: 2.7.5
Operating system: posix
Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3
--dbms=postgresql -o --os-shell
Technique: TIME
Back-end DBMS: PostgreSQL (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 95, in main
    start()
  File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line
585, in start
    action()
  File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160,
in action
    conf.dbmsHandler.osShell()
  File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line
80, in osShell
    self.initEnv(web=web)
  File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line
198, in initEnv
    success = self.udfInjectSys()
  File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in
udfInjectSys
    return self.udfInjectCore(self.sysUdfs)
  File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in
udfInjectCore
    written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
"binary", forceCheck=True)
  File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line
270, in writeFile
    written = self.stackedWriteFile(localFile, remoteFile, fileType,
forceCheck)
  File
"/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line
37, in stackedWriteFile
    wFileSize = os.path.getsize(wFile)
  File
"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
line 49, in getsize
    return os.stat(filename).st_size
OSError: [Errno 2] No such file or directory:
'/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'

[*] shutting down at 22:48:43


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] testing testfire

[Miroslav S. <mir...@gm...>]

http://unconciousmind.blogspot.com/2011/05/sqlmap-vs-testfire-testing-web-server.html


On Thu, Jun 12, 2014 at 7:56 AM, Gordon Madarm <gm...@gm...> wrote:

> On Thu, Jun 12, 2014 at 12:08 AM, Brandon Perry <bpe...@gm...
> > wrote:
>
>> Increase your --risk to 3. OR payloads aren't run on the default risk
>> level IIRC.
>>
>>
> Hi Brandon,
>
> Thanks but still no joy. Any other ideas?
>
> -G
>
>
>> Sent from a computer
>>
>> On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gm...@gm...> wrote:
>>
>> I've never been very successful using sqlmap, perhaps someone can help
>> point out what I'm missing. For example, when using IBM's intentionally
>> vulnerable test web app http://demo.testfire.com/ I manually verified
>> that the uid parameter in login.aspx is vulnerable to SQLi (using the
>> payload admin' or 1=1;--). I saved the login request to a file via burp and
>> ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST
>> parameter 'uid' is not injectable". What am I doing wrong?
>>
>> thanks,
>> -G
>>
>>
>> ------------------------------------------------------------------------------
>> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
>> Find What Matters Most in Your Big Data with HPCC Systems
>> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
>> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
>> http://p.sf.net/sfu/hpccsystems
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] hi, guys, I find a bug.

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report and find it patched now.

Bye


On Wed, Jun 11, 2014 at 4:19 PM, 金军航junhang <jin...@ho...> wrote:

> sqlmap version: 1.0-dev
> Python version: 2.7.6
> Operating system: nt
> Command line: sqlmap.py -u **********************************************
> -p p --current-user --os-s
> hell
> Technique: ERROR
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
>   File "sqlmap.py", line 95, in main
>     start()
>   File "D:\sqlmap-master\lib\controller\controller.py", line 585, in start
>     action()
>   File "D:\sqlmap-master\lib\controller\action.py", line 160, in action
>     conf.dbmsHandler.osShell()
>   File "D:\sqlmap-master\plugins\generic\takeover.py", line 80, in osShell
>     self.initEnv(web=web)
>   File "D:\sqlmap-master\lib\takeover\abstraction.py", line 198, in initEnv
>     success = self.udfInjectSys()
>   File "D:\sqlmap-master\lib\takeover\udf.py", line 184, in udfInjectSys
>     return self.udfInjectCore(self.sysUdfs)
>   File "D:\sqlmap-master\lib\takeover\udf.py", line 148, in udfInjectCore
>     self.udfSetRemotePath()
>   File "D:\sqlmap-master\plugins\dbms\mysql\takeover.py", line 45, in
> udfSetRemotePath
>     if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I):
>   File "C:\Python27\lib\re.py", line 142, in search
>     return _compile(pattern, flags).search(string)
> TypeError: expected string or buffer
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] testing testfire

[Gordon M. <gm...@gm...>]

On Thu, Jun 12, 2014 at 12:08 AM, Brandon Perry <bpe...@gm...>
wrote:

> Increase your --risk to 3. OR payloads aren't run on the default risk
> level IIRC.
>
>
Hi Brandon,

Thanks but still no joy. Any other ideas?

-G


> Sent from a computer
>
> On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gm...@gm...> wrote:
>
> I've never been very successful using sqlmap, perhaps someone can help
> point out what I'm missing. For example, when using IBM's intentionally
> vulnerable test web app http://demo.testfire.com/ I manually verified
> that the uid parameter in login.aspx is vulnerable to SQLi (using the
> payload admin' or 1=1;--). I saved the login request to a file via burp and
> ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST
> parameter 'uid' is not injectable". What am I doing wrong?
>
> thanks,
> -G
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>