sqlmap-users Mailing List for sqlmap (Page 21)
Brought to you by:
inquisb
You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Alex G. <ger...@gm...> - 2014-07-11 01:46:51
|
sqlmap version: 1.0-dev Python version: 2.7.3 Operating system: posix Command line: ./sqlmap -u **************************************** --dbs Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "./sqlmap", line 95, in main start() File "/usr/share/sqlmap/lib/controller/controller.py", line 364, in start if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): File "/usr/share/sqlmap/lib/controller/checks.py", line 1213, in checkConnection page, _ = Request.queryPage(content=True, noteResponseTime=False) File "/usr/share/sqlmap/lib/request/connect.py", line 894, in queryPage page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) File "/usr/share/sqlmap/lib/request/connect.py", line 573, in getPage processResponse(page, responseHeaders) File "/usr/share/sqlmap/lib/request/basic.py", line 303, in processResponse parseResponse(page, responseHeaders if kb.processResponseCounter < PARSE_HEADERS_LIMIT else None) File "/usr/share/sqlmap/lib/request/basic.py", line 122, in parseResponse headersParser(headers) File "/usr/share/sqlmap/lib/parse/headers.py", line 43, in headersParser parseXmlFile(xmlfile, handler) File "/usr/share/sqlmap/lib/core/common.py", line 1672, in parseXmlFile with contextlib.closing(StringIO(readCachedFileContent(xmlFile))) as stream: File "/usr/share/sqlmap/lib/core/common.py", line 1728, in readCachedFileContent kb.cache.content[filename] = f.read() File "/usr/lib/python2.7/codecs.py", line 671, in read return self.reader.read(size) File "/usr/lib/python2.7/codecs.py", line 471, in read newdata = self.stream.read() IOError: [Errno 5] Input/output error |
From: Miroslav S. <mir...@gm...> - 2014-07-10 05:55:02
|
There is no way how to retrieve DBMS data entry by entry in same order as stored inside. That's a known problem for all databases. Please do some research. Bye On Jul 9, 2014 11:02 PM, "Matthew H" <cap...@gm...> wrote: > Hi, > > I'm working on a Oracle target when I get select query result or dump > something the order of columns are not in same order, I got a schema also > but each is different. > > I am trying to simulate that database in my local host and I used the > table schema sorting to create the columns. > > but upon entering results from the attacked sql i found out the columns > are not in same order with my simulated one. > > can you help me with this. > > thanks. > > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
From: Brandon P. <bpe...@gm...> - 2014-07-09 23:55:28
|
How many threads are you using? Maybe just use a single one? On Wed, Jul 9, 2014 at 10:32 AM, Matthew H <cap...@gm...> wrote: > Hi, > > I'm working on a Oracle target when I get select query result or dump > something the order of columns are not in same order, I got a schema also > but each is different. > > I am trying to simulate that database in my local host and I used the > table schema sorting to create the columns. > > but upon entering results from the attacked sql i found out the columns > are not in same order with my simulated one. > > can you help me with this. > > thanks. > > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Matthew H <cap...@gm...> - 2014-07-09 15:32:24
|
Hi, I'm working on a Oracle target when I get select query result or dump something the order of columns are not in same order, I got a schema also but each is different. I am trying to simulate that database in my local host and I used the table schema sorting to create the columns. but upon entering results from the attacked sql i found out the columns are not in same order with my simulated one. can you help me with this. thanks. |
From: Sabin R. <thi...@gm...> - 2014-07-09 07:06:26
|
ok, cool. thanks. On Wed, Jul 9, 2014 at 12:44 PM, Miroslav Stampar < mir...@gm...> wrote: > I've already said that there is nothing more than subquerying. Than means > that it works in application layer without any username/password > > bye > > > On Wed, Jul 9, 2014 at 8:33 AM, Sabin Ranjit <thi...@gm...> > wrote: > >> in which layer does the sqlmap work on for this? does it goes in database >> layer or resides in application layer for finding database user/ password? >> >> >> On Wed, Jul 9, 2014 at 12:02 PM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> It just uses found SQLi to carry a given SQL (as a subquery). There is >>> no direct connection. There is no brute forcing. >>> >>> Bye >>> On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...> >>> wrote: >>> >>>> Hi all, >>>> >>>> >>>> >>>> Can someone tell me that how does sql map open a sql shell for me. How >>>> does it come to know the password of the database user. Is it brute force? >>>> >>>> >>>> >>>> Vivek Sharma >>>> >>>> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY >>>> BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its >>>> subsidiaries, ("BlackRock") does not waive any confidentiality or >>>> privilege. If you are not the intended recipient, please notify us >>>> immediately and destroy the message without disclosing its contents to >>>> anyone. Any distribution, use or copying of this e-mail or the information >>>> it contains by other than an intended recipient is unauthorized. The views >>>> and opinions expressed in this e-mail message are the author's own and may >>>> not reflect the views and opinions of BlackRock, unless the author is >>>> authorized by BlackRock to express such views or opinions on its behalf. >>>> All email sent to or from this address is subject to electronic storage and >>>> review by BlackRock. Although BlackRock operates anti-virus programs, it >>>> does not accept responsibility for any damage whatsoever caused by viruses >>>> being passed. >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Open source business process management suite built on Java and Eclipse >>>> Turn processes into business applications with Bonita BPM Community >>>> Edition >>>> Quickly connect people, data, and systems into organized workflows >>>> Winner of BOSSIE, CODIE, OW2 and Gartner awards >>>> http://p.sf.net/sfu/Bonitasoft >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> ------------------------------------------------------------------------------ >>> Open source business process management suite built on Java and Eclipse >>> Turn processes into business applications with Bonita BPM Community >>> Edition >>> Quickly connect people, data, and systems into organized workflows >>> Winner of BOSSIE, CODIE, OW2 and Gartner awards >>> http://p.sf.net/sfu/Bonitasoft >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
From: Miroslav S. <mir...@gm...> - 2014-07-09 06:59:55
|
I've already said that there is nothing more than subquerying. Than means that it works in application layer without any username/password bye On Wed, Jul 9, 2014 at 8:33 AM, Sabin Ranjit <thi...@gm...> wrote: > in which layer does the sqlmap work on for this? does it goes in database > layer or resides in application layer for finding database user/ password? > > > On Wed, Jul 9, 2014 at 12:02 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> It just uses found SQLi to carry a given SQL (as a subquery). There is no >> direct connection. There is no brute forcing. >> >> Bye >> On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...> >> wrote: >> >>> Hi all, >>> >>> >>> >>> Can someone tell me that how does sql map open a sql shell for me. How >>> does it come to know the password of the database user. Is it brute force? >>> >>> >>> >>> Vivek Sharma >>> >>> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY >>> BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its >>> subsidiaries, ("BlackRock") does not waive any confidentiality or >>> privilege. If you are not the intended recipient, please notify us >>> immediately and destroy the message without disclosing its contents to >>> anyone. Any distribution, use or copying of this e-mail or the information >>> it contains by other than an intended recipient is unauthorized. The views >>> and opinions expressed in this e-mail message are the author's own and may >>> not reflect the views and opinions of BlackRock, unless the author is >>> authorized by BlackRock to express such views or opinions on its behalf. >>> All email sent to or from this address is subject to electronic storage and >>> review by BlackRock. Although BlackRock operates anti-virus programs, it >>> does not accept responsibility for any damage whatsoever caused by viruses >>> being passed. >>> >>> >>> ------------------------------------------------------------------------------ >>> Open source business process management suite built on Java and Eclipse >>> Turn processes into business applications with Bonita BPM Community >>> Edition >>> Quickly connect people, data, and systems into organized workflows >>> Winner of BOSSIE, CODIE, OW2 and Gartner awards >>> http://p.sf.net/sfu/Bonitasoft >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> ------------------------------------------------------------------------------ >> Open source business process management suite built on Java and Eclipse >> Turn processes into business applications with Bonita BPM Community >> Edition >> Quickly connect people, data, and systems into organized workflows >> Winner of BOSSIE, CODIE, OW2 and Gartner awards >> http://p.sf.net/sfu/Bonitasoft >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > -- Miroslav Stampar http://about.me/stamparm |
From: Sabin R. <thi...@gm...> - 2014-07-09 06:33:53
|
in which layer does the sqlmap work on for this? does it goes in database layer or resides in application layer for finding database user/ password? On Wed, Jul 9, 2014 at 12:02 PM, Miroslav Stampar < mir...@gm...> wrote: > It just uses found SQLi to carry a given SQL (as a subquery). There is no > direct connection. There is no brute forcing. > > Bye > On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...> > wrote: > >> Hi all, >> >> >> >> Can someone tell me that how does sql map open a sql shell for me. How >> does it come to know the password of the database user. Is it brute force? >> >> >> >> Vivek Sharma >> >> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY >> BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its >> subsidiaries, ("BlackRock") does not waive any confidentiality or >> privilege. If you are not the intended recipient, please notify us >> immediately and destroy the message without disclosing its contents to >> anyone. Any distribution, use or copying of this e-mail or the information >> it contains by other than an intended recipient is unauthorized. The views >> and opinions expressed in this e-mail message are the author's own and may >> not reflect the views and opinions of BlackRock, unless the author is >> authorized by BlackRock to express such views or opinions on its behalf. >> All email sent to or from this address is subject to electronic storage and >> review by BlackRock. Although BlackRock operates anti-virus programs, it >> does not accept responsibility for any damage whatsoever caused by viruses >> being passed. >> >> >> ------------------------------------------------------------------------------ >> Open source business process management suite built on Java and Eclipse >> Turn processes into business applications with Bonita BPM Community >> Edition >> Quickly connect people, data, and systems into organized workflows >> Winner of BOSSIE, CODIE, OW2 and Gartner awards >> http://p.sf.net/sfu/Bonitasoft >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
From: Miroslav S. <mir...@gm...> - 2014-07-09 06:17:55
|
It just uses found SQLi to carry a given SQL (as a subquery). There is no direct connection. There is no brute forcing. Bye On Jul 9, 2014 2:00 AM, "Sharma, Vivek" <viv...@bl...> wrote: > Hi all, > > > > Can someone tell me that how does sql map open a sql shell for me. How > does it come to know the password of the database user. Is it brute force? > > > > Vivek Sharma > > THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE > PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its > subsidiaries, ("BlackRock") does not waive any confidentiality or > privilege. If you are not the intended recipient, please notify us > immediately and destroy the message without disclosing its contents to > anyone. Any distribution, use or copying of this e-mail or the information > it contains by other than an intended recipient is unauthorized. The views > and opinions expressed in this e-mail message are the author's own and may > not reflect the views and opinions of BlackRock, unless the author is > authorized by BlackRock to express such views or opinions on its behalf. > All email sent to or from this address is subject to electronic storage and > review by BlackRock. Although BlackRock operates anti-virus programs, it > does not accept responsibility for any damage whatsoever caused by viruses > being passed. > > > ------------------------------------------------------------------------------ > Open source business process management suite built on Java and Eclipse > Turn processes into business applications with Bonita BPM Community Edition > Quickly connect people, data, and systems into organized workflows > Winner of BOSSIE, CODIE, OW2 and Gartner awards > http://p.sf.net/sfu/Bonitasoft > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
From: Sharma, V. <viv...@bl...> - 2014-07-08 11:44:19
|
Hi all, Can someone tell me that how does sql map open a sql shell for me. How does it come to know the password of the database user. Is it brute force? Vivek Sharma THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY, AND MAY BE PRIVILEGED. If this message was misdirected, BlackRock, Inc. and its subsidiaries, ("BlackRock") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of BlackRock, unless the author is authorized by BlackRock to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by BlackRock. Although BlackRock operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed. |
From: Евгений <sh...@li...> - 2014-07-05 14:49:09
|
Hi,when running sqlmap get the following message [18:31:06] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the GitHub repository. If the exception per sists, please send by e-mail to 'sql...@li...' or open a n ew issue at ' https://github.com/sqlmapproject/sqlmap/issues/new ' with the follow ing text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev Python version: 2.7.6 Operating system: nt Command line: C:\sql\sql\sqlmap.py -u ****************************************** **** Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "C:\sql\sql\sqlmap.py", line 95, in main start() File "C:\sql\sql\lib\controller\controller.py", line 364, in start setupTargetEnv() File "C:\sql\sql\lib\core\target.py", line 605, in setupTargetEnv _createTargetDirs() File "C:\sql\sql\lib\core\target.py", line 528, in _createTargetDirs conf.outputPath = os.path.join(paths.SQLMAP_OUTPUT_PATH, getUnicode(conf.hos tname)) File "C:\Python27\lib\ntpath.py", line 108, in join path += "\\" + b UnicodeDecodeError: 'ascii' codec can't decode byte 0xc0 in position 9: ordinal not in range(128) [*] shutting down at 18:31:06 Pyton and sqlmap downloaded the latest version from official sources. Operating system Windows7. Help . |
From: Brandon P. <bpe...@gm...> - 2014-06-23 17:14:58
|
Are you on the same version? Sent from a computer > On Jun 23, 2014, at 10:55 AM, "Buttbuddiie ." <but...@gm...> wrote: > > So I came across an annoying problem. There was a database with 10k users. I can only dump 500 of those users on windows using Python 2.7 newest version. My friend however who is on linux can dump all 10k. We are using the exact same command. It's not crashing, it's finishing up like there is only 500 users. What is the problem here? > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Buttbuddiie . <but...@gm...> - 2014-06-23 15:55:14
|
So I came across an annoying problem. There was a database with 10k users. I can only dump 500 of those users on windows using Python 2.7 newest version. My friend however who is on linux can dump all 10k. We are using the exact same command. It's not crashing, it's finishing up like there is only 500 users. What is the problem here? |
From: Brandon P. <bpe...@gm...> - 2014-06-21 18:50:02
|
I was also able to shave off about 100 bytes using --remove-section=.note and --remove-section=.comment as arguments to strip FWIW. On Sat, Jun 21, 2014 at 1:25 PM, Brandon Perry <bpe...@gm...> wrote: > So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is > coming up greater than 8192 bytes. I have attempted to whittle down the > code to just what I was trying to test (sys_bineval) and even just sys_eval > but I always get a so larger than 8k. This is larger than a page in pgsql, > and so sqlmap bails when trying to insert it. > > Any thoughts on some I can do to get the size down? I am currently > building with the make file and added -ffunction-sections -fdata-sections > as well, but to no avail. > > gcc: > bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ gcc > --version > gcc (Ubuntu/Linaro 4.7.2-2ubuntu1) 4.7.2 > Copyright (C) 2012 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ > > > > On Fri, Jun 20, 2014 at 2:16 PM, Bernardo Damele A. G. < > ber...@gm...> wrote: > >> Yes, not high priority but it would be an improvement. Please first >> verify if the current code works with SELinux without modifications - I >> havent tested it myself. >> >> Bernardo >> >> >> On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...> >> wrote: >> >>> So, reading the source for the pgsql udf here: >>> >>> >>> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c >>> >>> It looks like we mmap RWX memory in order to eval some commands. Was >>> this tested on a machine with SELinux? In my experience, this actually >>> fails to allocate when RWX is used as the permissions on the memory region >>> (line 186). >>> >>> I have successfully gotten around this on some systems using a technique >>> similar to that described at the bottom of this page (basically mapping two >>> pointers to the same file, require FS access though…): >>> >>> http://www.akkadia.org/drepper/selinux-mem.html >>> >>> I am going to pull down the udfhack code and try it in a CentOS VM with >>> SELinux enabled and see what happens. If it performs how I expect, would >>> this be a useful addition to the UDF? >>> >>> >>> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry < >>> bpe...@gm...> wrote: >>> >>>> Hey Bernardo, >>>> >>>> Any update to this? >>>> >>>> >>>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < >>>> ber...@gm...> wrote: >>>> >>>>> I will be fixing this shortly. >>>>> >>>>> Bernardo >>>>> >>>>> >>>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> >>>>> wrote: >>>>> >>>>>> Hello! >>>>>> >>>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >>>>>> compiled/checked into source control. >>>>>> >>>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >>>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >>>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >>>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >>>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >>>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >>>>>> brandons-imac:sqlmap bperry$ >>>>>> >>>>>> You can see that: >>>>>> >>>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >>>>>> >>>>>> is missing. This leads to the following error. Anything I can do to >>>>>> help, let me know: >>>>>> >>>>>> what is the back-end database management system architecture? >>>>>> [1] 32-bit (default) >>>>>> [2] 64-bit >>>>>> > 2 >>>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >>>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >>>>>> >>>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >>>>>> retry your run with the latest development version from the GitHub >>>>>> repository. If the exception persists, please send by e-mail to ' >>>>>> sql...@li...' or open a new issue at ' >>>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the >>>>>> following text and any information required to reproduce the bug. The >>>>>> developers will try to reproduce the bug, fix it accordingly and get back >>>>>> to you. >>>>>> sqlmap version: 1.0-dev-f558b80 >>>>>> Python version: 2.7.5 >>>>>> Operating system: posix >>>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 >>>>>> --risk=3 --dbms=postgresql -o --os-shell >>>>>> Technique: TIME >>>>>> Back-end DBMS: PostgreSQL (fingerprinted) >>>>>> Traceback (most recent call last): >>>>>> File "./sqlmap.py", line 95, in main >>>>>> start() >>>>>> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", >>>>>> line 585, in start >>>>>> action() >>>>>> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >>>>>> 160, in action >>>>>> conf.dbmsHandler.osShell() >>>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", >>>>>> line 80, in osShell >>>>>> self.initEnv(web=web) >>>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", >>>>>> line 198, in initEnv >>>>>> success = self.udfInjectSys() >>>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, >>>>>> in udfInjectSys >>>>>> return self.udfInjectCore(self.sysUdfs) >>>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, >>>>>> in udfInjectCore >>>>>> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >>>>>> "binary", forceCheck=True) >>>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >>>>>> line 270, in writeFile >>>>>> written = self.stackedWriteFile(localFile, remoteFile, fileType, >>>>>> forceCheck) >>>>>> File >>>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >>>>>> 37, in stackedWriteFile >>>>>> wFileSize = os.path.getsize(wFile) >>>>>> File >>>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >>>>>> line 49, in getsize >>>>>> return os.stat(filename).st_size >>>>>> OSError: [Errno 2] No such file or directory: >>>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >>>>>> >>>>>> [*] shutting down at 22:48:43 >>>>>> >>>>>> >>>>>> -- >>>>>> http://volatile-minds.blogspot.com -- blog >>>>>> http://www.volatileminds.net -- website >>>>>> >>>>> >>>>> >>>>> -- >>>>> Bernardo Damele A. G. >>>>> >>>>> E-mail / Jabber: bernardo.damele (at) gmail.com >>>>> Mobile: +447788962949 (UK 07788962949) >>>>> >>>> >>>> >>>> >>>> -- >>>> http://volatile-minds.blogspot.com -- blog >>>> http://www.volatileminds.net -- website >>>> >>> >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Brandon P. <bpe...@gm...> - 2014-06-21 18:26:06
|
So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is coming up greater than 8192 bytes. I have attempted to whittle down the code to just what I was trying to test (sys_bineval) and even just sys_eval but I always get a so larger than 8k. This is larger than a page in pgsql, and so sqlmap bails when trying to insert it. Any thoughts on some I can do to get the size down? I am currently building with the make file and added -ffunction-sections -fdata-sections as well, but to no avail. gcc: bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ gcc --version gcc (Ubuntu/Linaro 4.7.2-2ubuntu1) 4.7.2 Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. bperry@w00den-pickle:~/tools/udfhack/linux/64/lib_postgresqludf_sys$ On Fri, Jun 20, 2014 at 2:16 PM, Bernardo Damele A. G. < ber...@gm...> wrote: > Yes, not high priority but it would be an improvement. Please first verify > if the current code works with SELinux without modifications - I havent > tested it myself. > > Bernardo > > > On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...> > wrote: > >> So, reading the source for the pgsql udf here: >> >> >> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c >> >> It looks like we mmap RWX memory in order to eval some commands. Was this >> tested on a machine with SELinux? In my experience, this actually fails to >> allocate when RWX is used as the permissions on the memory region (line >> 186). >> >> I have successfully gotten around this on some systems using a technique >> similar to that described at the bottom of this page (basically mapping two >> pointers to the same file, require FS access though…): >> >> http://www.akkadia.org/drepper/selinux-mem.html >> >> I am going to pull down the udfhack code and try it in a CentOS VM with >> SELinux enabled and see what happens. If it performs how I expect, would >> this be a useful addition to the UDF? >> >> >> On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm... >> > wrote: >> >>> Hey Bernardo, >>> >>> Any update to this? >>> >>> >>> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < >>> ber...@gm...> wrote: >>> >>>> I will be fixing this shortly. >>>> >>>> Bernardo >>>> >>>> >>>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> >>>> wrote: >>>> >>>>> Hello! >>>>> >>>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >>>>> compiled/checked into source control. >>>>> >>>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >>>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >>>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >>>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >>>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >>>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >>>>> brandons-imac:sqlmap bperry$ >>>>> >>>>> You can see that: >>>>> >>>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >>>>> >>>>> is missing. This leads to the following error. Anything I can do to >>>>> help, let me know: >>>>> >>>>> what is the back-end database management system architecture? >>>>> [1] 32-bit (default) >>>>> [2] 64-bit >>>>> > 2 >>>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >>>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >>>>> >>>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >>>>> retry your run with the latest development version from the GitHub >>>>> repository. If the exception persists, please send by e-mail to ' >>>>> sql...@li...' or open a new issue at ' >>>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the >>>>> following text and any information required to reproduce the bug. The >>>>> developers will try to reproduce the bug, fix it accordingly and get back >>>>> to you. >>>>> sqlmap version: 1.0-dev-f558b80 >>>>> Python version: 2.7.5 >>>>> Operating system: posix >>>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 >>>>> --risk=3 --dbms=postgresql -o --os-shell >>>>> Technique: TIME >>>>> Back-end DBMS: PostgreSQL (fingerprinted) >>>>> Traceback (most recent call last): >>>>> File "./sqlmap.py", line 95, in main >>>>> start() >>>>> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", >>>>> line 585, in start >>>>> action() >>>>> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >>>>> 160, in action >>>>> conf.dbmsHandler.osShell() >>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", >>>>> line 80, in osShell >>>>> self.initEnv(web=web) >>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", >>>>> line 198, in initEnv >>>>> success = self.udfInjectSys() >>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, >>>>> in udfInjectSys >>>>> return self.udfInjectCore(self.sysUdfs) >>>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, >>>>> in udfInjectCore >>>>> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >>>>> "binary", forceCheck=True) >>>>> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >>>>> line 270, in writeFile >>>>> written = self.stackedWriteFile(localFile, remoteFile, fileType, >>>>> forceCheck) >>>>> File >>>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >>>>> 37, in stackedWriteFile >>>>> wFileSize = os.path.getsize(wFile) >>>>> File >>>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >>>>> line 49, in getsize >>>>> return os.stat(filename).st_size >>>>> OSError: [Errno 2] No such file or directory: >>>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >>>>> >>>>> [*] shutting down at 22:48:43 >>>>> >>>>> >>>>> -- >>>>> http://volatile-minds.blogspot.com -- blog >>>>> http://www.volatileminds.net -- website >>>>> >>>> >>>> >>>> -- >>>> Bernardo Damele A. G. >>>> >>>> E-mail / Jabber: bernardo.damele (at) gmail.com >>>> Mobile: +447788962949 (UK 07788962949) >>>> >>> >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Bernardo D. A. G. <ber...@gm...> - 2014-06-20 19:17:08
|
Yes, not high priority but it would be an improvement. Please first verify if the current code works with SELinux without modifications - I havent tested it myself. Bernardo On Thursday, June 19, 2014, Brandon Perry <bpe...@gm...> wrote: > So, reading the source for the pgsql udf here: > > > https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c > > It looks like we mmap RWX memory in order to eval some commands. Was this > tested on a machine with SELinux? In my experience, this actually fails to > allocate when RWX is used as the permissions on the memory region (line > 186). > > I have successfully gotten around this on some systems using a technique > similar to that described at the bottom of this page (basically mapping two > pointers to the same file, require FS access though…): > > http://www.akkadia.org/drepper/selinux-mem.html > > I am going to pull down the udfhack code and try it in a CentOS VM with > SELinux enabled and see what happens. If it performs how I expect, would > this be a useful addition to the UDF? > > > On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm... > <javascript:_e(%7B%7D,'cvml','bpe...@gm...');>> wrote: > >> Hey Bernardo, >> >> Any update to this? >> >> >> On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < >> ber...@gm... >> <javascript:_e(%7B%7D,'cvml','ber...@gm...');>> wrote: >> >>> I will be fixing this shortly. >>> >>> Bernardo >>> >>> >>> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm... >>> <javascript:_e(%7B%7D,'cvml','bpe...@gm...');>> wrote: >>> >>>> Hello! >>>> >>>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >>>> compiled/checked into source control. >>>> >>>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >>>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >>>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >>>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >>>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >>>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >>>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >>>> brandons-imac:sqlmap bperry$ >>>> >>>> You can see that: >>>> >>>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >>>> >>>> is missing. This leads to the following error. Anything I can do to >>>> help, let me know: >>>> >>>> what is the back-end database management system architecture? >>>> [1] 32-bit (default) >>>> [2] 64-bit >>>> > 2 >>>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >>>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >>>> >>>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >>>> retry your run with the latest development version from the GitHub >>>> repository. If the exception persists, please send by e-mail to ' >>>> sql...@li...' or open a new issue at ' >>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following >>>> text and any information required to reproduce the bug. The developers will >>>> try to reproduce the bug, fix it accordingly and get back to you. >>>> sqlmap version: 1.0-dev-f558b80 >>>> Python version: 2.7.5 >>>> Operating system: posix >>>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 >>>> --risk=3 --dbms=postgresql -o --os-shell >>>> Technique: TIME >>>> Back-end DBMS: PostgreSQL (fingerprinted) >>>> Traceback (most recent call last): >>>> File "./sqlmap.py", line 95, in main >>>> start() >>>> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", >>>> line 585, in start >>>> action() >>>> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >>>> 160, in action >>>> conf.dbmsHandler.osShell() >>>> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", >>>> line 80, in osShell >>>> self.initEnv(web=web) >>>> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", >>>> line 198, in initEnv >>>> success = self.udfInjectSys() >>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, >>>> in udfInjectSys >>>> return self.udfInjectCore(self.sysUdfs) >>>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, >>>> in udfInjectCore >>>> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >>>> "binary", forceCheck=True) >>>> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >>>> line 270, in writeFile >>>> written = self.stackedWriteFile(localFile, remoteFile, fileType, >>>> forceCheck) >>>> File >>>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >>>> 37, in stackedWriteFile >>>> wFileSize = os.path.getsize(wFile) >>>> File >>>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >>>> line 49, in getsize >>>> return os.stat(filename).st_size >>>> OSError: [Errno 2] No such file or directory: >>>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >>>> >>>> [*] shutting down at 22:48:43 >>>> >>>> >>>> -- >>>> http://volatile-minds.blogspot.com -- blog >>>> http://www.volatileminds.net -- website >>>> >>> >>> >>> -- >>> Bernardo Damele A. G. >>> >>> E-mail / Jabber: bernardo.damele (at) gmail.com >>> Mobile: +447788962949 (UK 07788962949) >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
From: Brandon P. <bpe...@gm...> - 2014-06-19 21:29:41
|
So, reading the source for the pgsql udf here: https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c It looks like we mmap RWX memory in order to eval some commands. Was this tested on a machine with SELinux? In my experience, this actually fails to allocate when RWX is used as the permissions on the memory region (line 186). I have successfully gotten around this on some systems using a technique similar to that described at the bottom of this page (basically mapping two pointers to the same file, require FS access though…): http://www.akkadia.org/drepper/selinux-mem.html I am going to pull down the udfhack code and try it in a CentOS VM with SELinux enabled and see what happens. If it performs how I expect, would this be a useful addition to the UDF? On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry <bpe...@gm...> wrote: > Hey Bernardo, > > Any update to this? > > > On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < > ber...@gm...> wrote: > >> I will be fixing this shortly. >> >> Bernardo >> >> >> On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> >> wrote: >> >>> Hello! >>> >>> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >>> compiled/checked into source control. >>> >>> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >>> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >>> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >>> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >>> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >>> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >>> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >>> brandons-imac:sqlmap bperry$ >>> >>> You can see that: >>> >>> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >>> >>> is missing. This leads to the following error. Anything I can do to >>> help, let me know: >>> >>> what is the back-end database management system architecture? >>> [1] 32-bit (default) >>> [2] 64-bit >>> > 2 >>> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >>> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >>> >>> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >>> retry your run with the latest development version from the GitHub >>> repository. If the exception persists, please send by e-mail to ' >>> sql...@li...' or open a new issue at ' >>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following >>> text and any information required to reproduce the bug. The developers will >>> try to reproduce the bug, fix it accordingly and get back to you. >>> sqlmap version: 1.0-dev-f558b80 >>> Python version: 2.7.5 >>> Operating system: posix >>> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 >>> --risk=3 --dbms=postgresql -o --os-shell >>> Technique: TIME >>> Back-end DBMS: PostgreSQL (fingerprinted) >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 95, in main >>> start() >>> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", >>> line 585, in start >>> action() >>> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >>> 160, in action >>> conf.dbmsHandler.osShell() >>> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line >>> 80, in osShell >>> self.initEnv(web=web) >>> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line >>> 198, in initEnv >>> success = self.udfInjectSys() >>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in >>> udfInjectSys >>> return self.udfInjectCore(self.sysUdfs) >>> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in >>> udfInjectCore >>> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >>> "binary", forceCheck=True) >>> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >>> line 270, in writeFile >>> written = self.stackedWriteFile(localFile, remoteFile, fileType, >>> forceCheck) >>> File >>> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >>> 37, in stackedWriteFile >>> wFileSize = os.path.getsize(wFile) >>> File >>> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >>> line 49, in getsize >>> return os.stat(filename).st_size >>> OSError: [Errno 2] No such file or directory: >>> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >>> >>> [*] shutting down at 22:48:43 >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Brandon P. <bpe...@gm...> - 2014-06-17 19:22:23
|
Hey Bernardo, Any update to this? On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. < ber...@gm...> wrote: > I will be fixing this shortly. > > Bernardo > > > On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> > wrote: > >> Hello! >> >> I have run into a small issue, it seems that the 9.1 pgsql udf wasn't >> compiled/checked into source control. >> >> brandons-imac:sqlmap bperry$ find . | grep postgresqludf >> ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so >> ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so >> ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll >> ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll >> ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll >> ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll >> brandons-imac:sqlmap bperry$ >> >> You can see that: >> >> ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so >> >> is missing. This leads to the following error. Anything I can do to help, >> let me know: >> >> what is the back-end database management system architecture? >> [1] 32-bit (default) >> [2] 64-bit >> > 2 >> [22:48:43] [INFO] checking if UDF 'sys_eval' already exist >> [22:48:43] [INFO] checking if UDF 'sys_exec' already exist >> >> [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, >> retry your run with the latest development version from the GitHub >> repository. If the exception persists, please send by e-mail to ' >> sql...@li...' or open a new issue at ' >> https://github.com/sqlmapproject/sqlmap/issues/new' with the following >> text and any information required to reproduce the bug. The developers will >> try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev-f558b80 >> Python version: 2.7.5 >> Operating system: posix >> Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3 >> --dbms=postgresql -o --os-shell >> Technique: TIME >> Back-end DBMS: PostgreSQL (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 95, in main >> start() >> File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line >> 585, in start >> action() >> File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line >> 160, in action >> conf.dbmsHandler.osShell() >> File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line >> 80, in osShell >> self.initEnv(web=web) >> File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line >> 198, in initEnv >> success = self.udfInjectSys() >> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in >> udfInjectSys >> return self.udfInjectCore(self.sysUdfs) >> File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in >> udfInjectCore >> written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, >> "binary", forceCheck=True) >> File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", >> line 270, in writeFile >> written = self.stackedWriteFile(localFile, remoteFile, fileType, >> forceCheck) >> File >> "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line >> 37, in stackedWriteFile >> wFileSize = os.path.getsize(wFile) >> File >> "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", >> line 49, in getsize >> return os.stat(filename).st_size >> OSError: [Errno 2] No such file or directory: >> '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' >> >> [*] shutting down at 22:48:43 >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Miroslav S. <mir...@gm...> - 2014-06-17 11:23:10
|
Hi. I believe that you are doing something wrong (at PHP side). Can you please post the complete PHP used in your case? Also, do you get anything when you use --parse-errors? Kind regards, Miroslav Stampar On Mon, Jun 16, 2014 at 4:12 PM, Nikola Tesla <735...@gm...> wrote: > There are times when the query being executed is something like: > *'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'* > > I have noticed support for double quotes but sqlmap did not seem to be > able to exploit a sample web app I setup locally that did not use quotes. > The command I used was: > *./sqlmap.py -u http://localhost/numeric_injection.php?id=1 > <http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2 > --threads 5 --dbms mysql --random-agent -o --dump-all* > > Is there something wrong with the way commentI am running sqlmap or is > this just not a feature yet? > > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Nikola T. <735...@gm...> - 2014-06-16 14:12:17
|
There are times when the query being executed is something like: *'SELECT content FROM pages WHERE ID=' . $_GET['page_id'] . ' LIMIT 1'* I have noticed support for double quotes but sqlmap did not seem to be able to exploit a sample web app I setup locally that did not use quotes. The command I used was: *./sqlmap.py -u http://localhost/numeric_injection.php?id=1 <http://localhost/numeric_injection.php?id=1> --level 5 --risk 3 -v2 --threads 5 --dbms mysql --random-agent -o --dump-all* Is there something wrong with the way commentI am running sqlmap or is this just not a feature yet? |
From: Bernardo D. A. G. <ber...@gm...> - 2014-06-14 09:16:17
|
I will be fixing this shortly. Bernardo On Saturday, June 14, 2014, Brandon Perry <bpe...@gm...> wrote: > Hello! > > I have run into a small issue, it seems that the 9.1 pgsql udf wasn't > compiled/checked into source control. > > brandons-imac:sqlmap bperry$ find . | grep postgresqludf > ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so > ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so > ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so > ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so > ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so > ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so > ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so > ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so > ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so > ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll > ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll > ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll > ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll > brandons-imac:sqlmap bperry$ > > You can see that: > > ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so > > is missing. This leads to the following error. Anything I can do to help, > let me know: > > what is the back-end database management system architecture? > [1] 32-bit (default) > [2] 64-bit > > 2 > [22:48:43] [INFO] checking if UDF 'sys_eval' already exist > [22:48:43] [INFO] checking if UDF 'sys_exec' already exist > > [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry > your run with the latest development version from the GitHub repository. If > the exception persists, please send by e-mail to ' > sql...@li... > <javascript:_e(%7B%7D,'cvml','sql...@li...');>' or > open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' > with the following text and any information required to reproduce the bug. > The developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 1.0-dev-f558b80 > Python version: 2.7.5 > Operating system: posix > Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3 > --dbms=postgresql -o --os-shell > Technique: TIME > Back-end DBMS: PostgreSQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 95, in main > start() > File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line > 585, in start > action() > File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160, > in action > conf.dbmsHandler.osShell() > File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line > 80, in osShell > self.initEnv(web=web) > File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line > 198, in initEnv > success = self.udfInjectSys() > File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in > udfInjectSys > return self.udfInjectCore(self.sysUdfs) > File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in > udfInjectCore > written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, > "binary", forceCheck=True) > File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line > 270, in writeFile > written = self.stackedWriteFile(localFile, remoteFile, fileType, > forceCheck) > File > "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line > 37, in stackedWriteFile > wFileSize = os.path.getsize(wFile) > File > "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", > line 49, in getsize > return os.stat(filename).st_size > OSError: [Errno 2] No such file or directory: > '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' > > [*] shutting down at 22:48:43 > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
From: Sumit S. <si...@no...> - 2014-06-14 08:59:33
|
this should help: <http://www.notsosecure.com/blog/2013/09/12/pwning-postgres-9-1/> http://www.notsosecure.com/blog/2013/09/12/pwning-postgres-9-1/ Founder/Director NotSoSecure Limited, 9, Old Forge Way, Sawston, CB223BZ www.notsosecure.com <http://www.notsosecure.com/> Upcoming events: The Art of Exploiting Injection Flaws <http://blackhat.com/us-14/training/the-art-of-exploiting-injection-flaws.html> . 2 days hands-on training Black Hat 2014, Las Vegas Advanced Android and iOS Exploitation <http://www.eventbrite.co.uk/e/advanced-android-and-ios-exploitation-tickets-11837214427> : 3 days hands-on training in London From: Brandon Perry [mailto:bpe...@gm...] Sent: 14 June 2014 04:54 To: sqlmap users Subject: [sqlmap-users] 64-bit pgsql 9.1 udf missing? Hello! I have run into a small issue, it seems that the 9.1 pgsql udf wasn't compiled/checked into source control. brandons-imac:sqlmap bperry$ find . | grep postgresqludf ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll brandons-imac:sqlmap bperry$ You can see that: ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so is missing. This leads to the following error. Anything I can do to help, let me know: what is the back-end database management system architecture? [1] 32-bit (default) [2] 64-bit > 2 [22:48:43] [INFO] checking if UDF 'sys_eval' already exist [22:48:43] [INFO] checking if UDF 'sys_exec' already exist [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li... <mailto:sql...@li...> ' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev-f558b80 Python version: 2.7.5 Operating system: posix Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3 --dbms=postgresql -o --os-shell Technique: TIME Back-end DBMS: PostgreSQL (fingerprinted) Traceback (most recent call last): File "./sqlmap.py", line 95, in main start() File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line 585, in start action() File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160, in action conf.dbmsHandler.osShell() File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line 80, in osShell self.initEnv(web=web) File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line 198, in initEnv success = self.udfInjectSys() File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in udfInjectSys return self.udfInjectCore(self.sysUdfs) File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in udfInjectCore written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", forceCheck=True) File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line 270, in writeFile written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck) File "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line 37, in stackedWriteFile wFileSize = os.path.getsize(wFile) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", line 49, in getsize return os.stat(filename).st_size OSError: [Errno 2] No such file or directory: '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' [*] shutting down at 22:48:43 -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Brandon P. <bpe...@gm...> - 2014-06-14 03:53:43
|
Hello! I have run into a small issue, it seems that the 9.1 pgsql udf wasn't compiled/checked into source control. brandons-imac:sqlmap bperry$ find . | grep postgresqludf ./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so ./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so ./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so ./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll ./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll ./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll ./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll brandons-imac:sqlmap bperry$ You can see that: ./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so is missing. This leads to the following error. Anything I can do to help, let me know: what is the back-end database management system architecture? [1] 32-bit (default) [2] 64-bit > 2 [22:48:43] [INFO] checking if UDF 'sys_eval' already exist [22:48:43] [INFO] checking if UDF 'sys_exec' already exist [22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to ' sql...@li...' or open a new issue at ' https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev-f558b80 Python version: 2.7.5 Operating system: posix Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3 --dbms=postgresql -o --os-shell Technique: TIME Back-end DBMS: PostgreSQL (fingerprinted) Traceback (most recent call last): File "./sqlmap.py", line 95, in main start() File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line 585, in start action() File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160, in action conf.dbmsHandler.osShell() File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line 80, in osShell self.initEnv(web=web) File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line 198, in initEnv success = self.udfInjectSys() File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in udfInjectSys return self.udfInjectCore(self.sysUdfs) File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in udfInjectCore written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", forceCheck=True) File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line 270, in writeFile written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck) File "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", line 37, in stackedWriteFile wFileSize = os.path.getsize(wFile) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py", line 49, in getsize return os.stat(filename).st_size OSError: [Errno 2] No such file or directory: '/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so' [*] shutting down at 22:48:43 -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Miroslav S. <mir...@gm...> - 2014-06-12 07:12:14
|
http://unconciousmind.blogspot.com/2011/05/sqlmap-vs-testfire-testing-web-server.html On Thu, Jun 12, 2014 at 7:56 AM, Gordon Madarm <gm...@gm...> wrote: > On Thu, Jun 12, 2014 at 12:08 AM, Brandon Perry <bpe...@gm... > > wrote: > >> Increase your --risk to 3. OR payloads aren't run on the default risk >> level IIRC. >> >> > Hi Brandon, > > Thanks but still no joy. Any other ideas? > > -G > > >> Sent from a computer >> >> On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gm...@gm...> wrote: >> >> I've never been very successful using sqlmap, perhaps someone can help >> point out what I'm missing. For example, when using IBM's intentionally >> vulnerable test web app http://demo.testfire.com/ I manually verified >> that the uid parameter in login.aspx is vulnerable to SQLi (using the >> payload admin' or 1=1;--). I saved the login request to a file via burp and >> ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST >> parameter 'uid' is not injectable". What am I doing wrong? >> >> thanks, >> -G >> >> >> ------------------------------------------------------------------------------ >> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions >> Find What Matters Most in Your Big Data with HPCC Systems >> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. >> Leverages Graph Analysis for Fast Processing & Easy Data Exploration >> http://p.sf.net/sfu/hpccsystems >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2014-06-12 06:57:25
|
Hi. Thank you for your report and find it patched now. Bye On Wed, Jun 11, 2014 at 4:19 PM, 金军航junhang <jin...@ho...> wrote: > sqlmap version: 1.0-dev > Python version: 2.7.6 > Operating system: nt > Command line: sqlmap.py -u ********************************************** > -p p --current-user --os-s > hell > Technique: ERROR > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 95, in main > start() > File "D:\sqlmap-master\lib\controller\controller.py", line 585, in start > action() > File "D:\sqlmap-master\lib\controller\action.py", line 160, in action > conf.dbmsHandler.osShell() > File "D:\sqlmap-master\plugins\generic\takeover.py", line 80, in osShell > self.initEnv(web=web) > File "D:\sqlmap-master\lib\takeover\abstraction.py", line 198, in initEnv > success = self.udfInjectSys() > File "D:\sqlmap-master\lib\takeover\udf.py", line 184, in udfInjectSys > return self.udfInjectCore(self.sysUdfs) > File "D:\sqlmap-master\lib\takeover\udf.py", line 148, in udfInjectCore > self.udfSetRemotePath() > File "D:\sqlmap-master\plugins\dbms\mysql\takeover.py", line 45, in > udfSetRemotePath > if re.search("^[\w]\:[\/\\\\]+", self.__basedir, re.I): > File "C:\Python27\lib\re.py", line 142, in search > return _compile(pattern, flags).search(string) > TypeError: expected string or buffer > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Gordon M. <gm...@gm...> - 2014-06-12 05:57:05
|
On Thu, Jun 12, 2014 at 12:08 AM, Brandon Perry <bpe...@gm...> wrote: > Increase your --risk to 3. OR payloads aren't run on the default risk > level IIRC. > > Hi Brandon, Thanks but still no joy. Any other ideas? -G > Sent from a computer > > On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gm...@gm...> wrote: > > I've never been very successful using sqlmap, perhaps someone can help > point out what I'm missing. For example, when using IBM's intentionally > vulnerable test web app http://demo.testfire.com/ I manually verified > that the uid parameter in login.aspx is vulnerable to SQLi (using the > payload admin' or 1=1;--). I saved the login request to a file via burp and > ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST > parameter 'uid' is not injectable". What am I doing wrong? > > thanks, > -G > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |