sqlmap-users Mailing List for sqlmap (Page 27)
Brought to you by:
inquisb
You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Chris O. <chr...@gm...> - 2014-01-14 09:59:54
|
You can tell the program to inject anywhere. If your injection point is in a slightly weirder place (and, to be honest, even if it's not) then the easiest thing to do is to save the HTTP request to a file, place a * where you want the program to inject and use the -r command to point SQLMap at the right request file. - Chris On 14 January 2014 07:38, hooshmand k <hoo...@gm...> wrote: > Hi, > > It is not mandatory to inject via url. you can use other user input data > such as form fields, referrer address, user-agent, etc. > you can do this by change the "risk" and "level" options. > > Best Regards > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
From: hooshmand k <hoo...@gm...> - 2014-01-14 07:39:33
|
Hi, It is not mandatory to inject via url. you can use other user input data such as form fields, referrer address, user-agent, etc. you can do this by change the "risk" and "level" options. Best Regards |
From: l.g. <lg...@gm...> - 2014-01-13 21:56:57
|
Chris Oakley <christopher.oakley@...> writes: > > > No, it can handle arbitrary injection points - if you're looking to test e.g. RESTful style parameters then just place a * where you want to inject - this is the custom injection point marker. - Chris > > > On 13 January 2014 17:42, l.g. <lg1981- Re5...@pu...> wrote: > Hi! > I got the error > [CRITICAL] no parameter(s) found for testing in the provided data (e. > g. GET parameter 'id' in 'www.site.com/index.php?id=1') > is it possible that SQLMAP is intended for webapps which interact with the > server thru queystrings only? > Thank you! > -------------------------------------------------------------------------- ---- > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today.http://pubads.g.doubleclick.net/gampad/clk? id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing listsqlmap-users- 5NW...@pu...https://lists.sourceforge.net/lists /listinfo/sqlmap-users > > > > > > > -------------------------------------------------------------------------- ---- > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > http://pubads.g.doubleclick.net/gampad/clk? id=119420431&iu=/4140/ostg.clktrk > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > ok, but the params must be passed in the url, right? Or is there a way to inject, e.g., thru viewstate? Thank you again |
From: Douglas B. <dou...@gm...> - 2014-01-13 20:30:54
|
Have you tried using the parameter -p ? sqlmap -u "http://www.site.com/index.php?id=1" -p "id" [ ]'s 2014/1/13 l.g. <lg...@gm...> > Hi! > > > I got the error > > [CRITICAL] no parameter(s) found for testing in the provided data (e. > g. GET parameter 'id' in 'www.site.com/index.php?id=1') > > is it possible that SQLMAP is intended for webapps which interact with the > server thru queystrings only? > > Thank you! > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Douglas Brancaglion Security Engineer |
From: Chris O. <chr...@gm...> - 2014-01-13 20:28:15
|
No, it can handle arbitrary injection points - if you're looking to test e.g. RESTful style parameters then just place a * where you want to inject - this is the custom injection point marker. - Chris On 13 January 2014 17:42, l.g. <lg...@gm...> wrote: > Hi! > > > I got the error > > [CRITICAL] no parameter(s) found for testing in the provided data (e. > g. GET parameter 'id' in 'www.site.com/index.php?id=1') > > is it possible that SQLMAP is intended for webapps which interact with the > server thru queystrings only? > > Thank you! > > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
From: l.g. <lg...@gm...> - 2014-01-13 20:25:13
|
Hi! I got the error [CRITICAL] no parameter(s) found for testing in the provided data (e. g. GET parameter 'id' in 'www.site.com/index.php?id=1') is it possible that SQLMAP is intended for webapps which interact with the server thru queystrings only? Thank you! |
From: Miroslav S. <mir...@gm...> - 2014-01-13 08:06:12
|
Hi. There are two ways: 1) From DBMS banner (e.g. banner "Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005 Microsoft Corporation Express Edition on *Windows NT 5.2* (Build 3790: Service Pack 2)" -> Windows 2003) [1] 2) Heuristically/guessing from IIS version (e.g. HTTP response header "Server: Microsoft-IIS/6.0" -> Windows 2003) [2] Kind regards, Miroslav Stampar Reference: [1] sqlmap/plugins/dbms/mssqlserver/fingerprint.py [2] sqlmap/xml/banner/server.xml On Sun, Jan 12, 2014 at 1:53 PM, <du...@al...> wrote: > No, the site displays custom error pages. > > > On 2014-01-12 13:43, Miroslav Stampar wrote: > >> Are error messages turned on on the target server? >> >> Bye >> On Jan 12, 2014 1:19 PM, <du...@al...> wrote: >> >> Well I checked the HTTP headers on the server and it only says >>> "Microsoft/IIS6.0". >>> And I can't figure out how to via the SQL injection determine the >>> OS. >>> >>> Anymore information would be greatly appreciated. >>> No rush though, I'm mostly curious on how it does it :) >>> Maybe some sort of example? >>> >>> Regards >>> >>> On 2014-01-12 12:55, Miroslav Stampar wrote: >>> Hi. >>> >>> There are multiple vectors sqlmap uses. For example, it usually >>> uses >>> DBMS banner if available and HTTP header values (e.g. Server). Do >>> you >>> need more specific info? >>> >>> Bye >>> On Jan 11, 2014 10:17 PM, <du...@al...> wrote: >>> >>> I tried sqlmap on a site running on Windows Server 2003, and it >>> could >>> detect the OS. >>> How does sqlmap go about doing that? >>> >>> Regards, Jimmy >>> >>> >>> ------------------------------------------------------------ >> ------------------ >> >>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>> Critical Workloads, Development Environments & Everything In >>> Between. >>> Get a Quote or Start a Free Trial Today. >>> >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431& >> iu=/4140/ostg.clktrk >> >>> [1] >>> [1] >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] [2] >>> >>> Links: >>> ------ >>> [1] >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431& >> amp;iu=/4140/ostg.clktrk<http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk> >> >>> [1] >>> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] >>> >> >> >> Links: >> ------ >> [1] >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431& >> amp;iu=/4140/ostg.clktrk<http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk> >> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > -- Miroslav Stampar http://about.me/stamparm |
From: <du...@al...> - 2014-01-12 12:53:55
|
No, the site displays custom error pages. On 2014-01-12 13:43, Miroslav Stampar wrote: > Are error messages turned on on the target server? > > Bye > On Jan 12, 2014 1:19 PM, <du...@al...> wrote: > >> Well I checked the HTTP headers on the server and it only says >> "Microsoft/IIS6.0". >> And I can't figure out how to via the SQL injection determine the >> OS. >> >> Anymore information would be greatly appreciated. >> No rush though, I'm mostly curious on how it does it :) >> Maybe some sort of example? >> >> Regards >> >> On 2014-01-12 12:55, Miroslav Stampar wrote: >> Hi. >> >> There are multiple vectors sqlmap uses. For example, it usually >> uses >> DBMS banner if available and HTTP header values (e.g. Server). Do >> you >> need more specific info? >> >> Bye >> On Jan 11, 2014 10:17 PM, <du...@al...> wrote: >> >> I tried sqlmap on a site running on Windows Server 2003, and it >> could >> detect the OS. >> How does sqlmap go about doing that? >> >> Regards, Jimmy >> >> > ------------------------------------------------------------------------------ >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In >> Between. >> Get a Quote or Start a Free Trial Today. >> >> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> [1] >> [1] >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] [2] >> >> Links: >> ------ >> [1] >> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> [1] >> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] > > > Links: > ------ > [1] > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Miroslav S. <mir...@gm...> - 2014-01-12 12:43:51
|
Are error messages turned on on the target server? Bye On Jan 12, 2014 1:19 PM, <du...@al...> wrote: > Well I checked the HTTP headers on the server and it only says > "Microsoft/IIS6.0". > And I can't figure out how to via the SQL injection determine the OS. > > Anymore information would be greatly appreciated. > No rush though, I'm mostly curious on how it does it :) > Maybe some sort of example? > > Regards > > On 2014-01-12 12:55, Miroslav Stampar wrote: > >> Hi. >> >> There are multiple vectors sqlmap uses. For example, it usually uses >> DBMS banner if available and HTTP header values (e.g. Server). Do you >> need more specific info? >> >> Bye >> On Jan 11, 2014 10:17 PM, <du...@al...> wrote: >> >> I tried sqlmap on a site running on Windows Server 2003, and it >>> could >>> detect the OS. >>> How does sqlmap go about doing that? >>> >>> Regards, Jimmy >>> >>> >>> ------------------------------------------------------------ >> ------------------ >> >>> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >>> Learn Why More Businesses Are Choosing CenturyLink Cloud For >>> Critical Workloads, Development Environments & Everything In >>> Between. >>> Get a Quote or Start a Free Trial Today. >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431& >> iu=/4140/ostg.clktrk >> >>> [1] >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] >>> >> >> >> Links: >> ------ >> [1] >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431& >> amp;iu=/4140/ostg.clktrk<http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk> >> [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > |
From: <du...@al...> - 2014-01-12 12:19:47
|
Well I checked the HTTP headers on the server and it only says "Microsoft/IIS6.0". And I can't figure out how to via the SQL injection determine the OS. Anymore information would be greatly appreciated. No rush though, I'm mostly curious on how it does it :) Maybe some sort of example? Regards On 2014-01-12 12:55, Miroslav Stampar wrote: > Hi. > > There are multiple vectors sqlmap uses. For example, it usually uses > DBMS banner if available and HTTP header values (e.g. Server). Do you > need more specific info? > > Bye > On Jan 11, 2014 10:17 PM, <du...@al...> wrote: > >> I tried sqlmap on a site running on Windows Server 2003, and it >> could >> detect the OS. >> How does sqlmap go about doing that? >> >> Regards, Jimmy >> >> > ------------------------------------------------------------------------------ >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In >> Between. >> Get a Quote or Start a Free Trial Today. >> > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> [1] >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users [2] > > > Links: > ------ > [1] > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > [2] https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Miroslav S. <mir...@gm...> - 2014-01-12 11:56:06
|
Hi. There are multiple vectors sqlmap uses. For example, it usually uses DBMS banner if available and HTTP header values (e.g. Server). Do you need more specific info? Bye On Jan 11, 2014 10:17 PM, <du...@al...> wrote: > I tried sqlmap on a site running on Windows Server 2003, and it could > detect the OS. > How does sqlmap go about doing that? > > Regards, Jimmy > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
From: <du...@al...> - 2014-01-11 21:16:29
|
I tried sqlmap on a site running on Windows Server 2003, and it could detect the OS. How does sqlmap go about doing that? Regards, Jimmy |
From: Bernardo D. A. G. <ber...@gm...> - 2013-12-06 13:16:43
|
Hi Luis, The --os-bof is outdated and should not be used these days. If you want to exploit MS09-004 use Metasploit relevant exploit instead[1] - careful that it may crash the DBMS as this is an unreliable heap-based buffer overflow vulnerability. [1] https://raw.github.com/rapid7/metasploit-framework/HEAD/modules/exploits/windows/mssql/ms09_004_sp_replwritetovarbin_sqli.rb Bernardo On 3 December 2013 19:57, Luis Rocha <lui...@gm...> wrote: > Hello List, Miroslav, > > Did you had any chance to further look into this? > > thx > Luis > > ---------- Forwarded message ---------- > From: Luis Rocha <lui...@gm...> > Date: Sun, Dec 1, 2013 at 10:47 PM > Subject: Re: [sqlmap-users] Ms09-004 on W2K3SP2 > To: Miroslav Stampar <mir...@gm...> > > > Thank you for your time Miroslav! > > > With the latest version : sqlmap/1.0-dev-59d667d ... when running with > --banner --os-bof, it produces the same output as before: > > --- > Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) > Oct 14 2005 00:33:37 > Copyright (c) 1988-2005 Microsoft Corporation > Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2) > --- > > (..) > > [16:43:53] [CRITICAL] sqlmap can not exploit the stored procedure buffer > overflow because it does not have a valid return code for the underlying > operating system (Windows 2003 Service Pack 0) > [16:43:53] [WARNING] HTTP error codes detected during run: > 500 (Internal Server Error) - 2 times > > [*] shutting down at 16:43:53 > > Exception AttributeError: "'NoneType' object has no attribute 'error'" in > <bound method Popen.__del__ of <lib.core.subprocessng.Popen object at > 0xa1c0bcc>> ignored > > > > > > On Sun, Dec 1, 2013 at 10:25 PM, Miroslav Stampar > <mir...@gm...> wrote: >> >> Hi. >> >> Please retry it now. >> >> Bye >> >> >> On Sun, Dec 1, 2013 at 9:54 PM, Luis Rocha <lui...@gm...> wrote: >>> >>> Here you have: >>> >>> [15:52:47] [INFO] the back-end DBMS is Microsoft SQL Server >>> [15:52:47] [INFO] fetching banner >>> [15:52:47] [INFO] resumed: Microsoft SQL Server 2005 - 9.00.1399.06 >>> (Intel X86) \n\tOct 14 2005 00:33:37 \n\tCopyright (c) 1988-2005 Microsoft >>> Corporation\n\tExpress Edition on Windows NT 5.2 (Build 3790: Service Pack >>> 2)\n >>> >>> [15:52:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev-663b1e7, >>> retry your run with the latest development version from the GitHub >>> repository. If the exception persists, please send by e-mail to >>> 'sql...@li...' or open a new issue at >>> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text >>> and any information required to reproduce the bug. The developers will try >>> to reproduce the bug, fix it accordingly and get back to you. >>> sqlmap version: 1.0-dev-663b1e7 >>> Python version: 2.6.5 >>> Operating system: posix >>> >>> (..) >>> >>> Technique: BOOLEAN >>> Back-end DBMS: Microsoft SQL Server (fingerprinted) >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 95, in main >>> start() >>> File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line >>> 582, in start >>> action() >>> File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 32, >>> in action >>> setHandler() >>> File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line >>> 100, in setHandler >>> if handler.checkDbms(): >>> File >>> "/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/fingerprint.py", line >>> 73, in checkDbms >>> self.getBanner() >>> File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", >>> line 59, in getBanner >>> bannerParser(kb.data.banner) >>> File "/pentest/database/sqlmap-dev/lib/parse/banner.py", line 114, in >>> bannerParser >>> parseXmlFile(paths.GENERIC_XML, handler) >>> File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1655, in >>> parseXmlFile >>> parse(stream, handler) >>> File "/usr/lib/python2.6/xml/sax/__init__.py", line 33, in parse >>> parser.parse(source) >>> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 107, in parse >>> xmlreader.IncrementalParser.parse(self, source) >>> File "/usr/lib/python2.6/xml/sax/xmlreader.py", line 123, in parse >>> self.feed(buffer) >>> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 207, in feed >>> self._parser.Parse(data, isFinal) >>> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 301, in >>> start_element >>> self._cont_handler.startElement(name, AttributesImpl(attrs)) >>> File "/pentest/database/sqlmap-dev/lib/parse/handler.py", line 73, in >>> startElement >>> self._feedInfo("sp", "Service Pack %s" % >>> self._match.group(int(self._sp))) >>> IndexError: no such group >>> >>> [*] shutting down at 15:52:47 >>> >>> >>> >>> thx >>> Luis >>> >>> >>> On Sun, Dec 1, 2013 at 9:33 PM, Miroslav Stampar >>> <mir...@gm...> wrote: >>>> >>>> Hi. >>>> >>>> Can you please update to the latest revision and include --banner >>>> together with --os-bof? >>>> >>>> Kind regards, >>>> Miroslav Stampar >>>> >>>> >>>> On Sun, Dec 1, 2013 at 9:09 PM, Luis Rocha <lui...@gm...> wrote: >>>>> >>>>> Yes, its the following: >>>>> >>>>> --- >>>>> Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) >>>>> Oct 14 2005 00:33:37 >>>>> Copyright (c) 1988-2005 Microsoft Corporation >>>>> Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2) >>>>> --- >>>>> >>>>> Thank you, >>>>> Luis >>>>> >>>>> >>>>> On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar >>>>> <mir...@gm...> wrote: >>>>>> >>>>>> Hi. >>>>>> >>>>>> It seems that sqlmap was not able to parse "service pack" information >>>>>> from retrieved banner. >>>>>> >>>>>> Can you please write back what do you get for --banner? >>>>>> >>>>>> Kind regards, >>>>>> Miroslav Stampar >>>>>> >>>>>> >>>>>> On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <lui...@gm...> >>>>>> wrote: >>>>>>> >>>>>>> Hello All, >>>>>>> >>>>>>> Since this is my first post I want to make sure that I write that >>>>>>> sqlmap is a brilliant tool and congratulations to the devteam! >>>>>>> >>>>>>> >>>>>>> I have a question that you might know. I am using sqlmap version >>>>>>> 1.0-dev-cda27ec. >>>>>>> >>>>>>> >>>>>>> Consider a victim system running Windows 2003 SP2 English version >>>>>>> with HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 >>>>>>> on VMware Workstation. >>>>>>> >>>>>>> >>>>>>> From the attacker I am trying to take advantage of the MS09-004 and >>>>>>> when I try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx' >>>>>>> --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries --os-bof >>>>>>> it generates an error: >>>>>>> >>>>>>> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure >>>>>>> buffer overflow because it does not have a valid return code for the >>>>>>> underlying operating system (Windows 2003 Service Pack 0) >>>>>>> >>>>>>> >>>>>>> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and >>>>>>> saw the following lines commented out: >>>>>>> >>>>>>> 2003 Service Pack 2 updated at 12/2008 (....) >>>>>>> >>>>>>> 2003 Service Pack 2 updated at 09/2009 (....) >>>>>>> >>>>>>> >>>>>>> I remove the comment but still the same problem. ...the tool seems to >>>>>>> determine that the OS does not contain any SP when in fact it has SP2... >>>>>>> >>>>>>> >>>>>>> Any ideas? >>>>>>> >>>>>>> >>>>>>> Thank you, >>>>>>> >>>>>>> Luis >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Rapidly troubleshoot problems before they affect your business. Most >>>>>>> IT >>>>>>> organizations don't have a clear picture of how application >>>>>>> performance >>>>>>> affects their revenue. With AppDynamics, you get 100% visibility into >>>>>>> your >>>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>>>>>> AppDynamics Pro! >>>>>>> >>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>>>>>> _______________________________________________ >>>>>>> sqlmap-users mailing list >>>>>>> sql...@li... >>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Miroslav Stampar >>>>>> http://about.me/stamparm >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm >>> >>> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm > > > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
From: Luis R. <lui...@gm...> - 2013-12-03 19:57:12
|
Hello List, Miroslav, Did you had any chance to further look into this? thx Luis ---------- Forwarded message ---------- From: Luis Rocha <lui...@gm...> Date: Sun, Dec 1, 2013 at 10:47 PM Subject: Re: [sqlmap-users] Ms09-004 on W2K3SP2 To: Miroslav Stampar <mir...@gm...> Thank you for your time Miroslav! With the latest version : sqlmap/1.0-dev-59d667d ... when running with --banner --os-bof, it produces the same output as before: --- Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005 Microsoft Corporation Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2) --- (..) [16:43:53] [CRITICAL] sqlmap can not exploit the stored procedure buffer overflow because it does not have a valid return code for the underlying operating system (Windows 2003 Service Pack 0) [16:43:53] [WARNING] HTTP error codes detected during run: 500 (Internal Server Error) - 2 times [*] shutting down at 16:43:53 Exception AttributeError: "'NoneType' object has no attribute 'error'" in <bound method Popen.__del__ of <lib.core.subprocessng.Popen object at 0xa1c0bcc>> ignored On Sun, Dec 1, 2013 at 10:25 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > Please retry it now. > > Bye > > > On Sun, Dec 1, 2013 at 9:54 PM, Luis Rocha <lui...@gm...> wrote: > >> Here you have: >> >> [15:52:47] [INFO] the back-end DBMS is Microsoft SQL Server >> [15:52:47] [INFO] fetching banner >> [15:52:47] [INFO] resumed: Microsoft SQL Server 2005 - 9.00.1399.06 >> (Intel X86) \n\tOct 14 2005 00:33:37 \n\tCopyright (c) 1988-2005 Microsoft >> Corporation\n\tExpress Edition on Windows NT 5.2 (Build 3790: Service Pack >> 2)\n >> >> [15:52:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev-663b1e7, >> retry your run with the latest development version from the GitHub >> repository. If the exception persists, please send by e-mail to ' >> sql...@li...' or open a new issue at ' >> https://github.com/sqlmapproject/sqlmap/issues/new' with the following >> text and any information required to reproduce the bug. The developers will >> try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev-663b1e7 >> Python version: 2.6.5 >> Operating system: posix >> >> (..) >> >> Technique: BOOLEAN >> Back-end DBMS: Microsoft SQL Server (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 95, in main >> start() >> File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line >> 582, in start >> action() >> File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 32, >> in action >> setHandler() >> File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line >> 100, in setHandler >> if handler.checkDbms(): >> File >> "/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/fingerprint.py", >> line 73, in checkDbms >> self.getBanner() >> File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", >> line 59, in getBanner >> bannerParser(kb.data.banner) >> File "/pentest/database/sqlmap-dev/lib/parse/banner.py", line 114, in >> bannerParser >> parseXmlFile(paths.GENERIC_XML, handler) >> File "/pentest/database/sqlmap-dev/lib/core/common.py", line 1655, in >> parseXmlFile >> parse(stream, handler) >> File "/usr/lib/python2.6/xml/sax/__init__.py", line 33, in parse >> parser.parse(source) >> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 107, in parse >> xmlreader.IncrementalParser.parse(self, source) >> File "/usr/lib/python2.6/xml/sax/xmlreader.py", line 123, in parse >> self.feed(buffer) >> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 207, in feed >> self._parser.Parse(data, isFinal) >> File "/usr/lib/python2.6/xml/sax/expatreader.py", line 301, in >> start_element >> self._cont_handler.startElement(name, AttributesImpl(attrs)) >> File "/pentest/database/sqlmap-dev/lib/parse/handler.py", line 73, in >> startElement >> self._feedInfo("sp", "Service Pack %s" % >> self._match.group(int(self._sp))) >> IndexError: no such group >> >> [*] shutting down at 15:52:47 >> >> >> >> thx >> Luis >> >> >> On Sun, Dec 1, 2013 at 9:33 PM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> Hi. >>> >>> Can you please update to the latest revision and include --banner >>> together with --os-bof? >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> >>> On Sun, Dec 1, 2013 at 9:09 PM, Luis Rocha <lui...@gm...> wrote: >>> >>>> Yes, its the following: >>>> >>>> --- >>>> Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) >>>> Oct 14 2005 00:33:37 >>>> Copyright (c) 1988-2005 Microsoft Corporation >>>> Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2) >>>> --- >>>> >>>> Thank you, >>>> Luis >>>> >>>> >>>> On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar < >>>> mir...@gm...> wrote: >>>> >>>>> Hi. >>>>> >>>>> It seems that sqlmap was not able to parse "service pack" information >>>>> from retrieved banner. >>>>> >>>>> Can you please write back what do you get for --banner? >>>>> >>>>> Kind regards, >>>>> Miroslav Stampar >>>>> >>>>> >>>>> On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <lui...@gm...>wrote: >>>>> >>>>>> Hello All, >>>>>> >>>>>> Since this is my first post I want to make sure that I write that >>>>>> sqlmap is a brilliant tool and congratulations to the devteam! >>>>>> >>>>>> >>>>>> I have a question that you might know. I am using sqlmap version >>>>>> 1.0-dev-cda27ec. >>>>>> >>>>>> >>>>>> Consider a victim system running Windows 2003 SP2 English version >>>>>> with HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 >>>>>> on VMware Workstation. >>>>>> >>>>>> >>>>>> From the attacker I am trying to take advantage of the MS09-004 and >>>>>> when I try to execute the ./sqlmap.py -u ' >>>>>> http://vulnerable/page.aspx' --data=`cat data` --prefix="1', 1);" >>>>>> --suffix="--" --fresh-queries --os-bof it generates an error: >>>>>> >>>>>> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure >>>>>> buffer overflow because it does not have a valid return code for the >>>>>> underlying operating system (Windows 2003 Service Pack 0) >>>>>> >>>>>> >>>>>> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and >>>>>> saw the following lines commented out: >>>>>> >>>>>> 2003 Service Pack 2 updated at 12/2008 (....) >>>>>> >>>>>> 2003 Service Pack 2 updated at 09/2009 (....) >>>>>> >>>>>> >>>>>> I remove the comment but still the same problem. ...the tool seems to >>>>>> determine that the OS does not contain any SP when in fact it has SP2... >>>>>> >>>>>> >>>>>> Any ideas? >>>>>> >>>>>> >>>>>> Thank you, >>>>>> >>>>>> Luis >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Rapidly troubleshoot problems before they affect your business. Most >>>>>> IT >>>>>> organizations don't have a clear picture of how application >>>>>> performance >>>>>> affects their revenue. With AppDynamics, you get 100% visibility into >>>>>> your >>>>>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>>>>> AppDynamics Pro! >>>>>> >>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sql...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> http://about.me/stamparm >>>>> >>>> >>>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
From: Jacob K. <pro...@gm...> - 2013-12-03 14:55:59
|
Awesome, with -r it works like a charm. Thanks for being so responsive On Tue, Dec 3, 2013 at 9:37 AM, Miroslav Stampar <mir...@gm... > wrote: > Yes, sqlmap should support it out of the box with option -r. > > Most probably your formatting went bad while copy pasting but be sure that > there are not extra new lines between headers. > > Bye > > > On Tue, Dec 3, 2013 at 3:29 PM, Travis Altman <tra...@gm...>wrote: > >> Does sqlmap support this? I get errors when making the request. Below >> is my sample request. >> >> =================================================== >> >> PUT /someFile HTTP/1.1 >> >> Host: 1.2.3.4:9000 >> >> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 >> Firefox/24.0 >> >> Accept: */* >> >> Accept-Language: en-US,en;q=0.5 >> >> Accept-Encoding: gzip, deflate >> >> Content-Type: application/json; charset=UTF-8 >> >> X-Requested-With: XMLHttpRequest >> >> Referer: something >> >> Content-Length: 397 >> >> Cookie: blah >> >> Connection: keep-alive >> >> >> >> >> {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}} >> >> >> ------------------------------------------------------------------------------ >> Rapidly troubleshoot problems before they affect your business. Most IT >> organizations don't have a clear picture of how application performance >> affects their revenue. With AppDynamics, you get 100% visibility into your >> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics >> Pro! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
From: Miroslav S. <mir...@gm...> - 2013-12-03 14:37:28
|
Yes, sqlmap should support it out of the box with option -r. Most probably your formatting went bad while copy pasting but be sure that there are not extra new lines between headers. Bye On Tue, Dec 3, 2013 at 3:29 PM, Travis Altman <tra...@gm...>wrote: > Does sqlmap support this? I get errors when making the request. Below is > my sample request. > > =================================================== > > PUT /someFile HTTP/1.1 > > Host: 1.2.3.4:9000 > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 > Firefox/24.0 > > Accept: */* > > Accept-Language: en-US,en;q=0.5 > > Accept-Encoding: gzip, deflate > > Content-Type: application/json; charset=UTF-8 > > X-Requested-With: XMLHttpRequest > > Referer: something > > Content-Length: 397 > > Cookie: blah > > Connection: keep-alive > > > > > {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}} > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Brandon P. <bpe...@gm...> - 2013-12-03 14:33:23
|
What are the errors? Do you need --force-ssl? Sent from a computer > On Dec 3, 2013, at 8:29, Travis Altman <tra...@gm...> wrote: > > Does sqlmap support this? I get errors when making the request. Below is my sample request. > > =================================================== > PUT /someFile HTTP/1.1 > > Host: 1.2.3.4:9000 > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 > > Accept: */* > > Accept-Language: en-US,en;q=0.5 > > Accept-Encoding: gzip, deflate > > Content-Type: application/json; charset=UTF-8 > > X-Requested-With: XMLHttpRequest > > Referer: something > > Content-Length: 397 > > Cookie: blah > > Connection: keep-alive > > > > {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}} > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Travis A. <tra...@gm...> - 2013-12-03 14:29:56
|
Does sqlmap support this? I get errors when making the request. Below is my sample request. =================================================== PUT /someFile HTTP/1.1 Host: 1.2.3.4:9000 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: something Content-Length: 397 Cookie: blah Connection: keep-alive {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}} |
From: Miroslav S. <mir...@gm...> - 2013-12-02 11:58:28
|
Hi. That file should be there (in regular installations). Is there a possibility that you are running a sqlmap from one place and that you have a sqlmap installed from official repository at the other place? Simple said, that directory "/usr/share/sqlmap/udf/mysql..." looks like it's a part of the official sqlmap (0.9) package while you are running a v1.0-dev. This could be fixed by removing a sqlmap from PYTHONPATH. Kind regards, Miroslav Stampar On Wed, Nov 27, 2013 at 5:45 AM, Trần Thoại <tra...@gm...> wrote: > please help me > > [11:40:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with the latest development version from the GitHub repository. If the > exception persists, please send by e-mail to ' > sql...@li...' or open a new issue at ' > https://github.com/sqlmapproject/sqlmap/issues/new' with the following > text and any information required to reproduce the bug. The developers will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.3 > Operating system: posix > Command line: ./sqlmap -u > ******************************************************************************************** > --os-cmd=ls --threads 10 > Technique: STACKED > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap", line 95, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 582, in start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 157, in action > conf.dbmsHandler.osCmd() > File "/usr/share/sqlmap/plugins/generic/takeover.py", line 57, in osCmd > self.initEnv(web=web) > File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 198, in > initEnv > success = self.udfInjectSys() > File "/usr/share/sqlmap/lib/takeover/udf.py", line 184, in udfInjectSys > return self.udfInjectCore(self.sysUdfs) > File "/usr/share/sqlmap/lib/takeover/udf.py", line 149, in udfInjectCore > written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, > "binary", forceCheck=True) > File "/usr/share/sqlmap/plugins/generic/filesystem.py", line 270, in > writeFile > written = self.stackedWriteFile(localFile, remoteFile, fileType, > forceCheck) > File "/usr/share/sqlmap/plugins/dbms/mysql/filesystem.py", line 117, in > stackedWriteFile > fcEncodedList = self.fileEncode(wFile, "hex", False) > File "/usr/share/sqlmap/plugins/generic/filesystem.py", line 114, in > fileEncode > with open(fileName, "rb") as f: > IOError: [Errno 2] No such file or directory: > u'/usr/share/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so' > > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2013-12-02 11:54:14
|
Hi. You are using an ancient version v0.7. Please update to the latest v1.0-dev from our Github repository. Bye On Tue, Nov 26, 2013 at 11:21 AM, Pushpa JL <pus...@sp...>wrote: > Hi, > > I have been using sqlmap plugin with burpsuite for a while > and from since today afternoon, there is an issue. Please find the > attachment enclosed containing the error details of sqlmap. Please resolve > the issue as early as possible. Kindly do the needful. > > > > Regards, > > Pushpa JL > > > > > > DISCLAIMER: This email message and all attachments are confidential and > may contain information that is Privileged, Confidential or exempt from > disclosure under applicable law. If you are not the intended recipient, you > are notified that any dissemination, distribution or copying of this email > is strictly prohibited. If you have received this email in error, please > notify us immediately by return email to mai...@sp... and > destroy the original message. Opinions, conclusions and other information > in this message that do not relate to the official of SPAN, shall be > understood to be nether given nor endorsed by SPAN. > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: mastermind <cyb...@ma...> - 2013-12-02 02:27:19
|
C:\Python27\lib\urllib.py:1282: UnicodeWarning: Unicode equal comparison failed to convert both argu ments to Unicode - interpreting them as being unequal return ''.join(map(quoter, s)) [09:25:32] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest developm ent version from the GitHub repository. If the exception persists, please send by e-mail to 'sqlmap- us...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/ new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev Python version: 2.7.5 Operating system: nt Command line: C:\Users\Mastermind\Desktop\Hack\SQLmap\sqlmap.py -g ************************** --rand om-agent --threads=10 --batch --is-dba --dbs --beep --page-rank --smart Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "C:\Users\Mastermind\Desktop\Hack\SQLmap\sqlmap.py", line 95, in main start() File "C:\Users\Mastermind\Desktop\Hack\SQLmap\lib\controller\controller.py", line 309, in start message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank : %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "") File "C:\Users\Mastermind\Desktop\Hack\SQLmap\thirdparty\pagerank\pagerank.py", line 18, in get_pa gerank _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url)) File "C:\Python27\lib\urllib.py", line 1282, in quote return ''.join(map(quoter, s)) KeyError: u'\xd4' |
From: Miroslav S. <mir...@gm...> - 2013-12-01 20:33:29
|
Hi. Can you please update to the latest revision and include --banner together with --os-bof? Kind regards, Miroslav Stampar On Sun, Dec 1, 2013 at 9:09 PM, Luis Rocha <lui...@gm...> wrote: > Yes, its the following: > > --- > Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) > Oct 14 2005 00:33:37 > Copyright (c) 1988-2005 Microsoft Corporation > Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2) > --- > > Thank you, > Luis > > > On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi. >> >> It seems that sqlmap was not able to parse "service pack" information >> from retrieved banner. >> >> Can you please write back what do you get for --banner? >> >> Kind regards, >> Miroslav Stampar >> >> >> On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <lui...@gm...> wrote: >> >>> Hello All, >>> >>> Since this is my first post I want to make sure that I write that sqlmap >>> is a brilliant tool and congratulations to the devteam! >>> >>> >>> I have a question that you might know. I am using sqlmap version >>> 1.0-dev-cda27ec. >>> >>> >>> Consider a victim system running Windows 2003 SP2 English version with >>> HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 on >>> VMware Workstation. >>> >>> >>> From the attacker I am trying to take advantage of the MS09-004 and when >>> I try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx' >>> --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries >>> --os-bof it generates an error: >>> >>> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure >>> buffer overflow because it does not have a valid return code for the >>> underlying operating system (Windows 2003 Service Pack 0) >>> >>> >>> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and saw >>> the following lines commented out: >>> >>> 2003 Service Pack 2 updated at 12/2008 (....) >>> >>> 2003 Service Pack 2 updated at 09/2009 (....) >>> >>> >>> I remove the comment but still the same problem. ...the tool seems to >>> determine that the OS does not contain any SP when in fact it has SP2... >>> >>> >>> Any ideas? >>> >>> >>> Thank you, >>> >>> Luis >>> >>> >>> ------------------------------------------------------------------------------ >>> Rapidly troubleshoot problems before they affect your business. Most IT >>> organizations don't have a clear picture of how application performance >>> affects their revenue. With AppDynamics, you get 100% visibility into >>> your >>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of >>> AppDynamics Pro! >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > -- Miroslav Stampar http://about.me/stamparm |
From: Luis R. <lui...@gm...> - 2013-12-01 20:09:56
|
Yes, its the following: --- Microsoft SQL Server 2005 - 9.00.1399.06 (Intel X86) Oct 14 2005 00:33:37 Copyright (c) 1988-2005 Microsoft Corporation Express Edition on Windows NT 5.2 (Build 3790: Service Pack 2) --- Thank you, Luis On Sun, Dec 1, 2013 at 8:46 PM, Miroslav Stampar <mir...@gm... > wrote: > Hi. > > It seems that sqlmap was not able to parse "service pack" information from > retrieved banner. > > Can you please write back what do you get for --banner? > > Kind regards, > Miroslav Stampar > > > On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <lui...@gm...> wrote: > >> Hello All, >> >> Since this is my first post I want to make sure that I write that sqlmap >> is a brilliant tool and congratulations to the devteam! >> >> >> I have a question that you might know. I am using sqlmap version >> 1.0-dev-cda27ec. >> >> >> Consider a victim system running Windows 2003 SP2 English version with >> HAL version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 on >> VMware Workstation. >> >> >> From the attacker I am trying to take advantage of the MS09-004 and when >> I try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx' >> --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries >> --os-bof it generates an error: >> >> [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure buffer >> overflow because it does not have a valid return code for the underlying >> operating system (Windows 2003 Service Pack 0) >> >> >> I took a look at the file /plugins/dbms/mssqlserver/takeover.py and saw >> the following lines commented out: >> >> 2003 Service Pack 2 updated at 12/2008 (....) >> >> 2003 Service Pack 2 updated at 09/2009 (....) >> >> >> I remove the comment but still the same problem. ...the tool seems to >> determine that the OS does not contain any SP when in fact it has SP2... >> >> >> Any ideas? >> >> >> Thank you, >> >> Luis >> >> >> ------------------------------------------------------------------------------ >> Rapidly troubleshoot problems before they affect your business. Most IT >> organizations don't have a clear picture of how application performance >> affects their revenue. With AppDynamics, you get 100% visibility into your >> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics >> Pro! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
From: Miroslav S. <mir...@gm...> - 2013-12-01 19:46:54
|
Hi. It seems that sqlmap was not able to parse "service pack" information from retrieved banner. Can you please write back what do you get for --banner? Kind regards, Miroslav Stampar On Sat, Nov 30, 2013 at 8:07 PM, Luis Rocha <lui...@gm...> wrote: > Hello All, > > Since this is my first post I want to make sure that I write that sqlmap > is a brilliant tool and congratulations to the devteam! > > > I have a question that you might know. I am using sqlmap version > 1.0-dev-cda27ec. > > > Consider a victim system running Windows 2003 SP2 English version with HAL > version : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) with MSSQL2005 on > VMware Workstation. > > > From the attacker I am trying to take advantage of the MS09-004 and when I > try to execute the ./sqlmap.py -u 'http://vulnerable/page.aspx' > --data=`cat data` --prefix="1', 1);" --suffix="--" --fresh-queries > --os-bof it generates an error: > > [13:17:51] [CRITICAL] sqlmap can not exploit the stored procedure buffer > overflow because it does not have a valid return code for the underlying > operating system (Windows 2003 Service Pack 0) > > > I took a look at the file /plugins/dbms/mssqlserver/takeover.py and saw > the following lines commented out: > > 2003 Service Pack 2 updated at 12/2008 (....) > > 2003 Service Pack 2 updated at 09/2009 (....) > > > I remove the comment but still the same problem. ...the tool seems to > determine that the OS does not contain any SP when in fact it has SP2... > > > Any ideas? > > > Thank you, > > Luis > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics > Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2013-12-01 19:25:08
|
Hi. You are using an older revision of sqlmap. In the current one that line is different. Please update to the latest revision and retry it again. Kind regards, Miroslav Stampar On Sun, Dec 1, 2013 at 3:48 PM, ju...@li... <ju...@li...> wrote: > > > ----Messaggio originale---- > Da: ju...@li... > Data: 01/12/2013 13.46 > A: <mir...@gm...> > Cc: <sql...@li...> > Ogg: R: Re: [sqlmap-users] critical > > Sorry, > > here the missing part... > > bye > > > > > [13:35:56] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with the latest development version from the GitHub repository. If the > exception persists, please send by e-mail to ' > sql...@li...' or open a new issue at ' > https://github.com/sqlmapproject/sqlmap/issues/new' with the following > text and any information required to reproduce the bug. The developers will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.3 > Operating system: posix > Command line: ./sqlmap -u "http://95.237.248.69/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" > --cookie "PHPSESSID=2lvbrc86nn45asqhforkqojr87; security=low" --reg-read > =HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run > Technique: STACKED > Back-end DBMS: MySQL (fingerprinted) > > > Traceback (most recent call last): > File "./sqlmap", line 87, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 572, in start > action() > File "/usr/share/sqlmap/lib/controller/action.py", line 173, in action > conf.dumper.registerValue(conf.dbmsHandler.regRead()) > File "/usr/share/sqlmap/lib/core/dump.py", line 612, in registerValue > self.string("Registry key value data", registerData, registerData, > content_type=CONTENT_TYPE.REG_READ, sort=False) > TypeError: string() got multiple values for keyword argument 'content_type' > > ----Messaggio originale---- > Da: mir...@gm... > Data: 22/11/2013 6.49 > A: <ju...@li...> > Cc: "SqlMap List"<sql...@li...> > Ogg: Re: [sqlmap-users] critical > > > > > Hi. > > We need a whole stack trace for us to be able to trace it and fix it. > Please last part is missing with code info. > > Bye > On Nov 22, 2013 12:17 AM, "ju...@li..." <ju...@li...> wrote: > >> [00:06:55] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your >> run with the latest development version from the GitHub repository. If the >> exception persists, please send by e-mail to ' >> sql...@li...' or open a new issue at ' >> https://github.com/sqlmapproject/sqlmap/issues/new' with the following >> text and any information required to reproduce the bug. The developers will >> try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev >> Python version: 2.7.3 >> Operating system: posix >> Command line: ./sqlmap -u >> *********************************************************************** >> --cookie=************************************************** --string=First >> name: Gordon --reg-read >> Technique: STACKED >> Back-end DBMS: MySQL (fingerprinted) >> >> >> >> >> ------------------------------------------------------------------------------ >> Shape the Mobile Experience: Free Subscription >> Software experts and developers: Be at the forefront of tech innovation. >> Intel(R) Software Adrenaline delivers strategic insight and game-changing >> conversations that shape the rapidly evolving mobile landscape. Sign up >> now. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > > -- Miroslav Stampar http://about.me/stamparm |