sqlmap-users Mailing List for sqlmap (Page 31)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2013-09-14 06:57:12
|
Inside an Oracle you can't access data outside the current database. There are lots of nice warning messages that sqlmap writes out. In case of Oracle, schema names are used as an alternative to database names (e.g. -D schema1). Bye On Sep 14, 2013 3:26 AM, "Mahdi Hazaveh" <dig...@gm...> wrote: > DBMS is ORACLE. > > I used it like -D DBNAME --SQL-QUERY="" > |
|
From: Miroslav S. <mir...@gm...> - 2013-09-14 06:52:30
|
Have you tried googling? There are literally hundreds of how tos. http://bit.ly/18Zjw2i Bye On Sep 14, 2013 12:20 AM, "Amir A." <the...@ho...> wrote: > I;ve been trying to get SQL Map to attack the body of the post (one line > of code with username, password in it) and I am unable to do so. > > Everything I read talks about attacking the the URL but how can you attack > something thats in the post body? > Great tool though, used it with burp suite! > > Thanks! > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. Consolidate legacy IT systems to a single system of record for IT > 2. Standardize and globalize service processes across IT > 3. Implement zero-touch automation to replace manual, redundant tasks > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Mahdi H. <dig...@gm...> - 2013-09-14 01:26:08
|
DBMS is ORACLE. I used it like -D DBNAME --SQL-QUERY="" |
|
From: Amir A. <the...@ho...> - 2013-09-13 22:20:15
|
I;ve been trying to get SQL Map to attack the body of the post (one line of code with username, password in it) and I am unable to do so. Everything I read talks about attacking the the URL but how can you attack something thats in the post body? Great tool though, used it with burp suite! Thanks! |
|
From: Miroslav S. <mir...@gm...> - 2013-09-13 17:10:02
|
Hi. What's the DBMS, technique, used database name and name of database that sqlmap is wrongly using? Bye On Sep 13, 2013 6:31 PM, "Mahdi Hazaveh" <dig...@gm...> wrote: > Hello. > I am DBA on a Server which has multiple Databases. > I tried to run some query using both --sql-query and --sql-shell > but it seems the sqlmap is not pointing to the DB i want to run the > queries! > I can dump all dbs without problem! but when it comes to the running query > it is set to some db which is not my goal. > > I'm currently using -D DATABASE NAME by the way. > > Thanks in advance. > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. Consolidate legacy IT systems to a single system of record for IT > 2. Standardize and globalize service processes across IT > 3. Implement zero-touch automation to replace manual, redundant tasks > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Mahdi H. <dig...@gm...> - 2013-09-13 16:31:01
|
Hello. I am DBA on a Server which has multiple Databases. I tried to run some query using both --sql-query and --sql-shell but it seems the sqlmap is not pointing to the DB i want to run the queries! I can dump all dbs without problem! but when it comes to the running query it is set to some db which is not my goal. I'm currently using -D DATABASE NAME by the way. Thanks in advance. |
|
From: Chris O. <chr...@gm...> - 2013-09-09 08:31:45
|
Flags to look at: --sql-query or perhaps --start and --stop might also be useful to you (e.g. ---start=10 --stop=20 will dump the 10th-20th rows of the given table(s)) On 9 September 2013 06:40, Mahdi Hazaveh <dig...@gm...> wrote: > Hello. > I wanted to know is there anyway to dump the result of an sql query! i > cannot dump the whole table because it's too big. > > > > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Mahdi H. <dig...@gm...> - 2013-09-09 05:40:37
|
Hello. I wanted to know is there anyway to dump the result of an sql query! i cannot dump the whole table because it's too big. |
|
From: Miroslav S. <mir...@gm...> - 2013-09-07 20:15:44
|
Hi. IMO this approach has a serious issue with latency and cross-DBMS support. That said I don't see a practical value of it. Kind regards, Miroslav Stampar On Sep 7, 2013 7:49 PM, "kevin philips" <ga...@gm...> wrote: > folks, > I'm new here :). Two years ago, I posted the technique "Indexed blind sql > injection" to Full Disclosure > _http://seclists.org/fulldisclosure/2011/Dec/71 > In short, it's a generic optimization method for time-based sql injection > attack. > What do you guys think about this technique? I feel happy if it will be > added to SQLmap feature :). Feel free to discuss > <http://seclists.org/fulldisclosure/2011/Dec/71>Cheers, > --g4mm4 > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: kevin p. <ga...@gm...> - 2013-09-07 17:25:21
|
folks, I'm new here :). Two years ago, I posted the technique "Indexed blind sql injection" to Full Disclosure _http://seclists.org/fulldisclosure/2011/Dec/71 In short, it's a generic optimization method for time-based sql injection attack. What do you guys think about this technique? I feel happy if it will be added to SQLmap feature :). Feel free to discuss <http://seclists.org/fulldisclosure/2011/Dec/71>Cheers, --g4mm4 |
|
From: Miroslav S. <mir...@gm...> - 2013-09-07 10:59:15
|
Hi. That file is a standard part of sqlmap. Please remove the sqlmap directory and retrieve it with: git clone https://github.com/sqlmapproject/sqlmap.git Kind regards, Miroslav Stampar On Mon, Sep 2, 2013 at 3:27 AM, Jeff Samuel <dep...@gm...> wrote: > Hi, here´s the error log**** > > ** ** > > =====================**** > > ** ** > > ** ** > > sqlmap version: 1.0-dev-a639dbb**** > > Python version: 2.7.3**** > > Operating system: posix**** > > Command line: ./sqlmap --random-agent --os-shell -u > **************************************************** > > Technique: STACKED**** > > Back-end DBMS: MySQL (fingerprinted)**** > > Traceback (most recent call last):**** > > File "./sqlmap", line 95, in main**** > > start()**** > > File "/usr/share/sqlmap/lib/controller/controller.py", line 582, in start > **** > > action()**** > > File "/usr/share/sqlmap/lib/controller/action.py", line 160, in action** > ** > > conf.dbmsHandler.osShell()**** > > File "/usr/share/sqlmap/plugins/generic/takeover.py", line 80, in osShell > **** > > self.initEnv(web=web)**** > > File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 198, in > initEnv**** > > success = self.udfInjectSys()**** > > File "/usr/share/sqlmap/lib/takeover/udf.py", line 184, in udfInjectSys* > *** > > return self.udfInjectCore(self.sysUdfs)**** > > File "/usr/share/sqlmap/lib/takeover/udf.py", line 149, in udfInjectCore > **** > > written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, > "binary", forceCheck=True)**** > > File "/usr/share/sqlmap/plugins/generic/filesystem.py", line 270, in > writeFile**** > > written = self.stackedWriteFile(localFile, remoteFile, fileType, > forceCheck)**** > > File "/usr/share/sqlmap/plugins/dbms/mysql/filesystem.py", line 117, in > stackedWriteFile**** > > fcEncodedList = self.fileEncode(wFile, "hex", False)**** > > File "/usr/share/sqlmap/plugins/generic/filesystem.py", line 114, in > fileEncode**** > > with open(fileName, "rb") as f:**** > > IOError: [Errno 2] No such file or directory: > u'/usr/share/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so'**** > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2013-09-07 10:57:58
|
Hi. Please remove the sqlmap directory and retrieve it with: git clone https://github.com/sqlmapproject/sqlmap.git Kind regards, Miroslav Stampar On Mon, Sep 2, 2013 at 3:49 AM, Jeff Samuel <dep...@gm...> wrote: > Hi, when running sqlmap –update i´m getting the following error:**** > > ** ** > > (btw, I´m using this email address because sqlmap told me too, sorry if > this is not the best way to approach you guys)**** > > ** ** > > ** ** > > ** ** > > [22:47:56] [INFO] update in progress ..**** > > [22:47:58] [ERROR] update could not be completed ('From git github com > sqlmapproject sqlmap branch HEAD FETCH_HEAD error Your local changes to the > following files would be overwritten by merge lib controller checks py lib > controller controller py lib core agent py lib core common py lib core > convert py lib core dump py lib core option py lib core optiondict py lib > core settings py lib core threads py lib parse cmdline py lib request basic > py lib request comparison py lib request connect py lib request > httpshandler py lib request inject py lib request redirecthandler py lib > techniques union use py lib utils sqlalchemy py plugins dbms mysql > fingerprint py plugins dbms oracle connector py plugins dbms postgresql > fingerprint py plugins generic databases py tamper randomcomments py > thirdparty socks socks py xml livetests xml xml queries xml Please commit > your changes or stash them before you can merge Aborting')**** > > [22:47:58] [INFO] for Linux platform it's required to install a standard > 'git' package (e.g.: 'sudo apt-get install git')**** > > ** ** > > ** ** > > ** ** > > thank you**** > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2013-09-02 09:20:34
|
Hi. sqlmap warns with "permission denied" in data dumping process ONLY when there is an explicit DBMS error message stating that the user doesn't have permissions to access that resource. There is no way around it. Kind regards, Miroslav Stampar On Mon, Sep 2, 2013 at 10:42 AM, Mahdi Hazaveh <dig...@gm...>wrote: > Hi There. > I'm trying to dump some data of a table from a target using sql map. but > i'm getting following error: > > [00:04:07] [WARNING] the SQL query provided does not return any output > [00:04:07] [WARNING] something went wrong with full UNION technique (most > probably because of limitation on retrieved number of entries). Falling > back to partial UNION technique > [00:04:09] [WARNING] the SQL query provided does not return any output > [00:04:09] [WARNING] in case of continuous data retrieval problems you are > advised to try a switch '--no-cast' or switch '--hex' > [00:04:09] [WARNING] unable to retrieve the entries of columns 'x' for > table 'x' in database 'x' (permission denied) > > I'm already using --hex > I got the error while i was using --start and --stop so there should be no > problem on the large size of the columns. > > will be happy if you help me > > thanks. > > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Mahdi H. <dig...@gm...> - 2013-09-02 08:43:26
|
Hi There. I'm trying to dump some data of a table from a target using sql map. but i'm getting following error: [00:04:07] [WARNING] the SQL query provided does not return any output [00:04:07] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique [00:04:09] [WARNING] the SQL query provided does not return any output [00:04:09] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex' [00:04:09] [WARNING] unable to retrieve the entries of columns 'x' for table 'x' in database 'x' (permission denied) I'm already using --hex I got the error while i was using --start and --stop so there should be no problem on the large size of the columns. will be happy if you help me thanks. |
|
From: Jeff S. <dep...@gm...> - 2013-09-02 01:49:43
|
Hi, when running sqlmap update i´m getting the following error:
(btw, I´m using this email address because sqlmap told me too, sorry if this
is not the best way to approach you guys)
[22:47:56] [INFO] update in progress ..
[22:47:58] [ERROR] update could not be completed ('From git github com
sqlmapproject sqlmap branch HEAD FETCH_HEAD error Your local changes to the
following files would be overwritten by merge lib controller checks py lib
controller controller py lib core agent py lib core common py lib core
convert py lib core dump py lib core option py lib core optiondict py lib
core settings py lib core threads py lib parse cmdline py lib request basic
py lib request comparison py lib request connect py lib request httpshandler
py lib request inject py lib request redirecthandler py lib techniques union
use py lib utils sqlalchemy py plugins dbms mysql fingerprint py plugins
dbms oracle connector py plugins dbms postgresql fingerprint py plugins
generic databases py tamper randomcomments py thirdparty socks socks py xml
livetests xml xml queries xml Please commit your changes or stash them
before you can merge Aborting')
[22:47:58] [INFO] for Linux platform it's required to install a standard
'git' package (e.g.: 'sudo apt-get install git')
thank you
|
|
From: Jeff S. <dep...@gm...> - 2013-09-02 01:28:09
|
Hi, here´s the error log
=====================
sqlmap version: 1.0-dev-a639dbb
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap --random-agent --os-shell -u
************************************************
Technique: STACKED
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap", line 95, in main
start()
File "/usr/share/sqlmap/lib/controller/controller.py", line 582, in start
action()
File "/usr/share/sqlmap/lib/controller/action.py", line 160, in action
conf.dbmsHandler.osShell()
File "/usr/share/sqlmap/plugins/generic/takeover.py", line 80, in osShell
self.initEnv(web=web)
File "/usr/share/sqlmap/lib/takeover/abstraction.py", line 198, in initEnv
success = self.udfInjectSys()
File "/usr/share/sqlmap/lib/takeover/udf.py", line 184, in udfInjectSys
return self.udfInjectCore(self.sysUdfs)
File "/usr/share/sqlmap/lib/takeover/udf.py", line 149, in udfInjectCore
written = self.writeFile(self.udfLocalFile, self.udfRemoteFile,
"binary", forceCheck=True)
File "/usr/share/sqlmap/plugins/generic/filesystem.py", line 270, in
writeFile
written = self.stackedWriteFile(localFile, remoteFile, fileType,
forceCheck)
File "/usr/share/sqlmap/plugins/dbms/mysql/filesystem.py", line 117, in
stackedWriteFile
fcEncodedList = self.fileEncode(wFile, "hex", False)
File "/usr/share/sqlmap/plugins/generic/filesystem.py", line 114, in
fileEncode
with open(fileName, "rb") as f:
IOError: [Errno 2] No such file or directory:
u'/usr/share/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so'
|
|
From: Miroslav S. <mir...@gm...> - 2013-08-30 13:27:36
|
Hi. Can you please retry it now? Spotted a bug and fixed it. Kind regards, Miroslav Stampar On Fri, Aug 30, 2013 at 12:16 PM, Sebastian Nerz <seb...@sy...>wrote: > Hi, > > Am 30.08.2013 12:15, schrieb Miroslav Stampar: > > > > Does your original case use GET parameters? That could be a bug in sqlmap > > (appending to GET while there is no GET in the first place). > > No, it only contains COOKIE parameters. > > Kind regards, > > Sebastian Nerz > > > > > Kind regards, > > Miroslav Stampar > > > > > > On Fri, Aug 30, 2013 at 12:09 PM, Sebastian Nerz <seb...@sy... > >wrote: > > > >> Hi there, > >> > >> sqlmap is dying, when it should handle unicode. What I am doing is the > >> following: > >> > >> x is a parameter on a website, normally it contains base16(base64(binary > >> hash)). I am testing this parameter by submitting an empty parameter x > >> and --eval. In --eval I am concatenating my original values (u'\x...') > >> with the payload, encode it as base64 and overwrite the parameter. > >> Everything is working fine - IF and only if I overwrite every temporary > >> variable. > >> Apparently sqlmap is trying to concat the new variables to the list of > >> parameters and failing because they are unicode. Maybe some checking > >> could be done? > >> > >> Best regards, > >> > >> Sebastian Nerz > >> > >> [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, > >> retry your run with the latest development version from the GitHub > >> repository. If the exception persists, please send by e-mail to > >> 'sql...@li...' or open a new issue at > >> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following > >> text and any information required to reproduce the bug. The developers > >> will try to reproduce the bug, fix it accordingly and get back to you. > >> sqlmap version: 1.0-dev-7cb3ea2 > >> Python version: 2.7.4 > >> Operating system: posix > >> Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l > >> /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* > >> --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c > >> Technique: None > >> Back-end DBMS: None (identified) > >> Traceback (most recent call last): > >> File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main > >> start() > >> File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line > >> 363, in start > >> if not checkConnection(suppressOutput=conf.forms) or not > >> checkString() or not checkRegexp(): > >> File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line > >> 1195, in checkConnection > >> page, _ = Request.queryPage(content=True, noteResponseTime=False) > >> File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, > >> in queryPage > >> get += "%s%s=%s" % (delimiter, name, value) > >> TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode' > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > >> Discover the easy way to master current and previous Microsoft > technologies > >> and advance your career. Get an incredible 1,500+ hours of step-by-step > >> tutorial videos with LearnDevNow. Subscribe today and save! > >> > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > > > > > > > -- > Sebastian Nerz > Dipl.-Inform. > IT-Security Consultant > > mailto:seb...@sy... > ___________________________________________________________ > > SySS GmbH > Wohlboldstraße 8 > 72072 Tübingen > Germany > Voice: +49 7071 407856-31 > Fax: +49 7071 407856-19 > WWW: http://www.syss.de > > PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 > > Geschaeftsfuehrer Sebastian Schreiber > Registergericht: Amtsgericht Stuttgart / HRB 382420 > Steuernummer: 86118 / 55809 > > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Sebastian N. <seb...@sy...> - 2013-08-30 10:17:08
|
Hi, Am 30.08.2013 12:15, schrieb Miroslav Stampar: > > Does your original case use GET parameters? That could be a bug in sqlmap > (appending to GET while there is no GET in the first place). No, it only contains COOKIE parameters. Kind regards, Sebastian Nerz > > Kind regards, > Miroslav Stampar > > > On Fri, Aug 30, 2013 at 12:09 PM, Sebastian Nerz <seb...@sy...>wrote: > >> Hi there, >> >> sqlmap is dying, when it should handle unicode. What I am doing is the >> following: >> >> x is a parameter on a website, normally it contains base16(base64(binary >> hash)). I am testing this parameter by submitting an empty parameter x >> and --eval. In --eval I am concatenating my original values (u'\x...') >> with the payload, encode it as base64 and overwrite the parameter. >> Everything is working fine - IF and only if I overwrite every temporary >> variable. >> Apparently sqlmap is trying to concat the new variables to the list of >> parameters and failing because they are unicode. Maybe some checking >> could be done? >> >> Best regards, >> >> Sebastian Nerz >> >> [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, >> retry your run with the latest development version from the GitHub >> repository. If the exception persists, please send by e-mail to >> 'sql...@li...' or open a new issue at >> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following >> text and any information required to reproduce the bug. The developers >> will try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev-7cb3ea2 >> Python version: 2.7.4 >> Operating system: posix >> Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l >> /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* >> --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c >> Technique: None >> Back-end DBMS: None (identified) >> Traceback (most recent call last): >> File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main >> start() >> File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line >> 363, in start >> if not checkConnection(suppressOutput=conf.forms) or not >> checkString() or not checkRegexp(): >> File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line >> 1195, in checkConnection >> page, _ = Request.queryPage(content=True, noteResponseTime=False) >> File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, >> in queryPage >> get += "%s%s=%s" % (delimiter, name, value) >> TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode' >> >> >> >> ------------------------------------------------------------------------------ >> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! >> Discover the easy way to master current and previous Microsoft technologies >> and advance your career. Get an incredible 1,500+ hours of step-by-step >> tutorial videos with LearnDevNow. Subscribe today and save! >> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > -- Sebastian Nerz Dipl.-Inform. IT-Security Consultant mailto:seb...@sy... ___________________________________________________________ SySS GmbH Wohlboldstraße 8 72072 Tübingen Germany Voice: +49 7071 407856-31 Fax: +49 7071 407856-19 WWW: http://www.syss.de PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 Geschaeftsfuehrer Sebastian Schreiber Registergericht: Amtsgericht Stuttgart / HRB 382420 Steuernummer: 86118 / 55809 |
|
From: Miroslav S. <mir...@gm...> - 2013-08-30 10:15:25
|
Hi. Does your original case use GET parameters? That could be a bug in sqlmap (appending to GET while there is no GET in the first place). Kind regards, Miroslav Stampar On Fri, Aug 30, 2013 at 12:09 PM, Sebastian Nerz <seb...@sy...>wrote: > Hi there, > > sqlmap is dying, when it should handle unicode. What I am doing is the > following: > > x is a parameter on a website, normally it contains base16(base64(binary > hash)). I am testing this parameter by submitting an empty parameter x > and --eval. In --eval I am concatenating my original values (u'\x...') > with the payload, encode it as base64 and overwrite the parameter. > Everything is working fine - IF and only if I overwrite every temporary > variable. > Apparently sqlmap is trying to concat the new variables to the list of > parameters and failing because they are unicode. Maybe some checking > could be done? > > Best regards, > > Sebastian Nerz > > [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, > retry your run with the latest development version from the GitHub > repository. If the exception persists, please send by e-mail to > 'sql...@li...' or open a new issue at > 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following > text and any information required to reproduce the bug. The developers > will try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev-7cb3ea2 > Python version: 2.7.4 > Operating system: posix > Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l > /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* > --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main > start() > File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line > 363, in start > if not checkConnection(suppressOutput=conf.forms) or not > checkString() or not checkRegexp(): > File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line > 1195, in checkConnection > page, _ = Request.queryPage(content=True, noteResponseTime=False) > File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, > in queryPage > get += "%s%s=%s" % (delimiter, name, value) > TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode' > > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Sebastian N. <seb...@sy...> - 2013-08-30 10:11:08
|
Hi there, sqlmap is dying, when it should handle unicode. What I am doing is the following: x is a parameter on a website, normally it contains base16(base64(binary hash)). I am testing this parameter by submitting an empty parameter x and --eval. In --eval I am concatenating my original values (u'\x...') with the payload, encode it as base64 and overwrite the parameter. Everything is working fine - IF and only if I overwrite every temporary variable. Apparently sqlmap is trying to concat the new variables to the list of parameters and failing because they are unicode. Maybe some checking could be done? Best regards, Sebastian Nerz [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev-7cb3ea2 Python version: 2.7.4 Operating system: posix Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main start() File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line 363, in start if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line 1195, in checkConnection page, _ = Request.queryPage(content=True, noteResponseTime=False) File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, in queryPage get += "%s%s=%s" % (delimiter, name, value) TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode' |
|
From: Miroslav S. <mir...@gm...> - 2013-08-27 11:58:53
|
Hi. This is a known Python issue [1]. We've made a small "patch" [2] which will warn you about it and "temporary" give you the possibility to run a sqlmap. For example: python sqlmap.py -hh [13:53:03] [CRITICAL] there is a known Python issue (#1616979) related to support for charset 'cp720'. Please visit ' http://blog.oneortheother.info/tip/python-fix-cp720-encoding/index.html' and follow the instructions to be able to fix it [13:53:03] [WARNING] temporary switching to charset 'cp1256' Usage: python sqlmap.py [options] .... Please download the latest revision to have sqlmap up to date. Kind regards, Miroslav Stampar [1] http://bugs.python.org/issue1616979 [2] https://github.com/sqlmapproject/sqlmap/issues/513 On Tue, Aug 13, 2013 at 12:27 AM, Bola Adel <man...@gm...> wrote: > C:\Python26>python c:\xd\sqlmap.py -h > > [00:25:06] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with > the latest development version from the GitHub repository. If the > exception per > sists, please send by e-mail to 'sql...@li...' or > open a n > ew issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the > follow > ing text and any information required to reproduce the bug. The developers > will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.6 > Operating system: nt > Command line: c:\xd\sqlmap.py -h > Technique: None > Back-end DBMS: None (identified) > ←[41m←[37mTraceback (most recent call last): > File "c:\xd\sqlmap.py", line 71, in main > cmdLineOptions.update(cmdLineParser().__dict__) > File "c:\xd\lib\parse\cmdline.py", line 767, in cmdLineParser > (args, _) = parser.parse_args(args) > File "C:\Python26\lib\optparse.py", line 1378, in parse_args > stop = self._process_args(largs, rargs, values) > File "C:\Python26\lib\optparse.py", line 1422, in _process_args > self._process_short_opts(rargs, values) > File "C:\Python26\lib\optparse.py", line 1529, in _process_short_opts > option.process(opt, value, values, self) > File "C:\Python26\lib\optparse.py", line 782, in process > self.action, self.dest, opt, value, values, parser) > File "C:\Python26\lib\optparse.py", line 804, in take_action > parser.print_help() > File "C:\Python26\lib\optparse.py", line 1648, in print_help > file.write(self.format_help().encode(encoding, "replace")) > LookupError: unknown encoding: cp720 > ←[0m > [*] shutting down at 00:25:06 > > btw am using win7 64x and python26 > Thanks in advance > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2013-08-20 19:07:37
|
Hi. Use --binary-fields option for retrieving binary data. It will retrieve and represent data in it's hexadecimal form. Afterwards you can decode that data into it's binary form by yourself. Example: python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=2" --technique=BU --dump -T artists -D acuart --binary-fields=adesc | artist_id | aname | adesc ........... | 1 | r4w8173 | 3C703E0A4C6F72656D20697073756D20646F6C6F722073697420616D65742C20636F6E7365637465747565722061646970697363696E6720656C69742E20446F6E6563206D6F6C65737469652E0A2020202053656420616C697175616D2073656D20757420617263752E2050686173656C6C757320736F6C6C696369747564696E2E20566573746962756C756D20636F6E64696D656E74756D20666163696C697369730A202020206E756C6C612E20496E206861632068616269746173736520706C617465612064696374756D73742E204E756C6C61206E6F6E756D6D792E20437261732071756973206C696265726F2E0A20202020437261732076656E656E617469732E20416C697175616D20706F7375657265206C6F626F7274697320706564652E204E756C6C616D206672696E67696C6C612075726E61206964206C656F2E0A202020205072616573656E7420616C6971756574207072657469756D20657261742E205072616573656E74206E6F6E206F64696F2E2050656C6C656E7465737175652061206D61676E6120610A202020206D61757269732076756C707574617465206C6163696E69612E2041............. Example of manual decoding: python -c "print '3C703E0A4C6F72656D20697073756D20646F'.decode('hex')" <p> Lorem ipsum do Kind regards, Miroslav Stampar On Tue, Aug 20, 2013 at 8:04 PM, Brandon Perry <bpe...@gm...>wrote: > The hash will be stored as binary data, so the pairs (0xab0xcd0xef) will > give you the actual hash (abcdef) instead of expecting the 0xab to be an > ASCII printable representation of a byte of the hash. > > Make sense? > > Sent from a computer > > On Aug 20, 2013, at 12:48, Douglas Brancaglion <dou...@gm...> > wrote: > > > Brandon, you know how I can extract a hash (md5 or sha) that? > > Tks! > > 2013/8/20 Brandon Perry <bpe...@gm...> > >> Or binary md5 >> >> Sent from a computer >> >> On Aug 20, 2013, at 7:56, Douglas Brancaglion <dou...@gm...> >> wrote: >> >> >> Hello guys, I have researched a lot about my case even more could not get an >> answer that resolves my problem. >> >> In some tests I came across a possible "hash" that is within a table in a >> microsoft sql server that is coming with the hash sooo weird, I >> personally have never seen. >> >> I've tried to convert it in several encodes, however no success. >> >> Does anyone of you have seen similar case? >> >> Below is an example of this "hash" >> >> \ \ x8cĐ \ \ x14Z \ \ xa8 \ \ xd7 # | ż \ \ x04YŚ \ \ xfa? \ \ x82Ę \ \ >> x18] Š \ \ x02E \ \ x8A \ \ xdf \ \ x80Ĺ \ \ x08P \ \ x9eă >> >> -- >> Douglas Brancaglion >> Security Analist >> >> >> ------------------------------------------------------------------------------ >> >> Introducing Performance Central, a new site from SourceForge and >> AppDynamics. Performance Central is your source for news, insights, >> analysis and resources for efficient Application Performance Management. >> Visit us today! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Douglas Brancaglion > Security Analist > > > > ------------------------------------------------------------------------------ > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Brandon P. <bpe...@gm...> - 2013-08-20 18:05:01
|
The hash will be stored as binary data, so the pairs (0xab0xcd0xef) will give you the actual hash (abcdef) instead of expecting the 0xab to be an ASCII printable representation of a byte of the hash. Make sense? Sent from a computer On Aug 20, 2013, at 12:48, Douglas Brancaglion <dou...@gm...> wrote: > > Brandon, you know how I can extract a hash (md5 or sha) that? > > Tks! > > 2013/8/20 Brandon Perry <bpe...@gm...> >> Or binary md5 >> >> Sent from a computer >> >> On Aug 20, 2013, at 7:56, Douglas Brancaglion <dou...@gm...> wrote: >> >>> >>> Hello guys, I have researched a lot about my case even more could not get an answer that resolves my problem. >>> >>> In some tests I came across a possible "hash" that is within a table in a microsoft sql server that is coming with the hash sooo weird, I personally have never seen. >>> >>> I've tried to convert it in several encodes, however no success. >>> >>> Does anyone of you have seen similar case? >>> >>> Below is an example of this "hash" >>> >>> \ \ x8cĐ \ \ x14Z \ \ xa8 \ \ xd7 # | ż \ \ x04YŚ \ \ xfa? \ \ x82Ę \ \ x18] Š \ \ x02E \ \ x8A \ \ xdf \ \ x80Ĺ \ \ x08P \ \ x9eă >>> >>> -- >>> Douglas Brancaglion >>> Security Analist >>> ------------------------------------------------------------------------------ >>> >>> Introducing Performance Central, a new site from SourceForge and >>> AppDynamics. Performance Central is your source for news, insights, >>> analysis and resources for efficient Application Performance Management. >>> Visit us today! >>> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Douglas Brancaglion > Security Analist |
|
From: Douglas B. <dou...@gm...> - 2013-08-20 17:48:49
|
Brandon, you know how I can extract a hash (md5 or sha) that? Tks! 2013/8/20 Brandon Perry <bpe...@gm...> > Or binary md5 > > Sent from a computer > > On Aug 20, 2013, at 7:56, Douglas Brancaglion <dou...@gm...> > wrote: > > > Hello guys, I have researched a lot about my case even more could not get an > answer that resolves my problem. > > In some tests I came across a possible "hash" that is within a table in a > microsoft sql server that is coming with the hash sooo weird, I personally have > never seen. > > I've tried to convert it in several encodes, however no success. > > Does anyone of you have seen similar case? > > Below is an example of this "hash" > > \ \ x8cĐ \ \ x14Z \ \ xa8 \ \ xd7 # | ż \ \ x04YŚ \ \ xfa? \ \ x82Ę \ \ > x18] Š \ \ x02E \ \ x8A \ \ xdf \ \ x80Ĺ \ \ x08P \ \ x9eă > > -- > Douglas Brancaglion > Security Analist > > > ------------------------------------------------------------------------------ > > Introducing Performance Central, a new site from SourceForge and > AppDynamics. Performance Central is your source for news, insights, > analysis and resources for efficient Application Performance Management. > Visit us today! > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Douglas Brancaglion Security Analist |
|
From: Miroslav S. <mir...@gm...> - 2013-08-20 14:43:49
|
Hi.
Short answer is no.
Long answer goes like this. In custom injection marker cases we don't care
about the request format (specifically parameter/value pairs). That is the
beauty of it. Hence, we can't provide an eval interface for those.
Kind regards,
Miroslav Stampar
On Aug 20, 2013 3:39 PM, "Sebastian Nerz" <seb...@sy...> wrote:
> Hi,
>
> is there a way to access the value of elements in eval-code, if custom
> injection markers are used?
>
> Why am I asking?
>
> ==
> $ ~/Downloads/sqlmap/sqlmap.py -u
> "http://localhost/test.php?argl=1*&foo=2" --eval="print dir()"
>
> [..]
>
> [*] starting at 15:37:51
>
> custom injection marking character ('*') found in option '-u'. Do you
> want to process it? [Y/n/q]
> [15:37:52] [INFO] testing connection to the target URL
> ['__builtins__']
> [15:37:52] [INFO] heuristics detected web page charset 'ascii'
> [..]
> ==
>
> Is there a way to access the parameters?
>
> Thanks!
>
> Sebastian
>
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
48 messages has been excluded from this view by a project administrator.
