sqlmap-users Mailing List for sqlmap (Page 54)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Brandon P. <bpe...@gm...> - 2012-07-13 18:24:34
|
Now run git pull On Jul 13, 2012 11:23 AM, "Iago Sousa" <146...@gm...> wrote: > I think my git is crazy. > > root@bt:/pentest/database/sqlmap# git reset --hard HEAD > HEAD is now at 25eca9d finally got this working on MSSQL 2005: commands > can now be executed as another user (BULK INSERT must be used in such case, > see comments in the code) - issue #34 > > On Fri, Jul 13, 2012 at 3:16 PM, Brandon Perry <bpe...@gm...>wrote: > >> If you haven't made any changes to the source, you can git reset --hard >> HEAD >> On Jul 13, 2012 11:12 AM, "Iago Sousa" <146...@gm...> wrote: >> >>> Yes, "Already on 'master'" show me when I put -f. >>> >>> On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar < >>> mir...@gm...> wrote: >>> >>>> But have you tried with -f? >>>> On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote: >>>> >>>>> Already on 'master' >>>>> Your branch is behind 'origin/master' by 79 commits, and can be >>>>> fast-forwarded. >>>>> >>>>> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar < >>>>> mir...@gm...> wrote: >>>>> >>>>>> Hi Iago. >>>>>> >>>>>> Try with: >>>>>> git checkout -f master >>>>>> >>>>>> Kind regards, >>>>>> Miroslav Stampar >>>>>> >>>>>> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...>wrote: >>>>>> >>>>>>> I receive that error when I try to update with 'git pull'. >>>>>>> >>>>>>> error: Untracked working tree file 'extra/ansistrm/__init__.py' >>>>>>> would be overwritten by merge. Aborting >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Live Security Virtual Conference >>>>>>> Exclusive live event will cover all the ways today's security and >>>>>>> threat landscape has changed and how IT managers can respond. >>>>>>> Discussions >>>>>>> will include endpoint security, mobile security and the latest in >>>>>>> malware >>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>>>>> _______________________________________________ >>>>>>> sqlmap-users mailing list >>>>>>> sql...@li... >>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Miroslav Stampar >>>>>> http://about.me/stamparm >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Regards, Iago Sousa >>>>> Webdesigner at Radar Topografia >>>>> Programmer and Security Researcher >>>>> >>>>> >>> >>> >>> -- >>> >>> Regards, Iago Sousa >>> Webdesigner at Radar Topografia >>> Programmer and Security Researcher >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> > > > -- > > Regards, Iago Sousa > Webdesigner at Radar Topografia > Programmer and Security Researcher > > |
|
From: Iago S. <146...@gm...> - 2012-07-13 18:23:14
|
I think my git is crazy. root@bt:/pentest/database/sqlmap# git reset --hard HEAD HEAD is now at 25eca9d finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34 On Fri, Jul 13, 2012 at 3:16 PM, Brandon Perry <bpe...@gm...>wrote: > If you haven't made any changes to the source, you can git reset --hard > HEAD > On Jul 13, 2012 11:12 AM, "Iago Sousa" <146...@gm...> wrote: > >> Yes, "Already on 'master'" show me when I put -f. >> >> On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> But have you tried with -f? >>> On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote: >>> >>>> Already on 'master' >>>> Your branch is behind 'origin/master' by 79 commits, and can be >>>> fast-forwarded. >>>> >>>> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar < >>>> mir...@gm...> wrote: >>>> >>>>> Hi Iago. >>>>> >>>>> Try with: >>>>> git checkout -f master >>>>> >>>>> Kind regards, >>>>> Miroslav Stampar >>>>> >>>>> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...>wrote: >>>>> >>>>>> I receive that error when I try to update with 'git pull'. >>>>>> >>>>>> error: Untracked working tree file 'extra/ansistrm/__init__.py' would >>>>>> be overwritten by merge. Aborting >>>>>> >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Live Security Virtual Conference >>>>>> Exclusive live event will cover all the ways today's security and >>>>>> threat landscape has changed and how IT managers can respond. >>>>>> Discussions >>>>>> will include endpoint security, mobile security and the latest in >>>>>> malware >>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>>>> _______________________________________________ >>>>>> sqlmap-users mailing list >>>>>> sql...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> http://about.me/stamparm >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Regards, Iago Sousa >>>> Webdesigner at Radar Topografia >>>> Programmer and Security Researcher >>>> >>>> >> >> >> -- >> >> Regards, Iago Sousa >> Webdesigner at Radar Topografia >> Programmer and Security Researcher >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> -- Regards, Iago Sousa Webdesigner at Radar Topografia Programmer and Security Researcher |
|
From: Brandon P. <bpe...@gm...> - 2012-07-13 18:16:35
|
If you haven't made any changes to the source, you can git reset --hard HEAD On Jul 13, 2012 11:12 AM, "Iago Sousa" <146...@gm...> wrote: > Yes, "Already on 'master'" show me when I put -f. > > On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> But have you tried with -f? >> On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote: >> >>> Already on 'master' >>> Your branch is behind 'origin/master' by 79 commits, and can be >>> fast-forwarded. >>> >>> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar < >>> mir...@gm...> wrote: >>> >>>> Hi Iago. >>>> >>>> Try with: >>>> git checkout -f master >>>> >>>> Kind regards, >>>> Miroslav Stampar >>>> >>>> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...>wrote: >>>> >>>>> I receive that error when I try to update with 'git pull'. >>>>> >>>>> error: Untracked working tree file 'extra/ansistrm/__init__.py' would >>>>> be overwritten by merge. Aborting >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Live Security Virtual Conference >>>>> Exclusive live event will cover all the ways today's security and >>>>> threat landscape has changed and how IT managers can respond. >>>>> Discussions >>>>> will include endpoint security, mobile security and the latest in >>>>> malware >>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm >>>> >>> >>> >>> >>> -- >>> >>> Regards, Iago Sousa >>> Webdesigner at Radar Topografia >>> Programmer and Security Researcher >>> >>> > > > -- > > Regards, Iago Sousa > Webdesigner at Radar Topografia > Programmer and Security Researcher > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Iago S. <146...@gm...> - 2012-07-13 18:11:34
|
Yes, "Already on 'master'" show me when I put -f. On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar < mir...@gm...> wrote: > But have you tried with -f? > On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote: > >> Already on 'master' >> Your branch is behind 'origin/master' by 79 commits, and can be >> fast-forwarded. >> >> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> Hi Iago. >>> >>> Try with: >>> git checkout -f master >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...> wrote: >>> >>>> I receive that error when I try to update with 'git pull'. >>>> >>>> error: Untracked working tree file 'extra/ansistrm/__init__.py' would >>>> be overwritten by merge. Aborting >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Live Security Virtual Conference >>>> Exclusive live event will cover all the ways today's security and >>>> threat landscape has changed and how IT managers can respond. >>>> Discussions >>>> will include endpoint security, mobile security and the latest in >>>> malware >>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >> >> >> >> -- >> >> Regards, Iago Sousa >> Webdesigner at Radar Topografia >> Programmer and Security Researcher >> >> -- Regards, Iago Sousa Webdesigner at Radar Topografia Programmer and Security Researcher |
|
From: Miroslav S. <mir...@gm...> - 2012-07-13 18:00:33
|
But have you tried with -f? On Jul 13, 2012 7:51 PM, "Iago Sousa" <146...@gm...> wrote: > Already on 'master' > Your branch is behind 'origin/master' by 79 commits, and can be > fast-forwarded. > > On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi Iago. >> >> Try with: >> git checkout -f master >> >> Kind regards, >> Miroslav Stampar >> >> On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...> wrote: >> >>> I receive that error when I try to update with 'git pull'. >>> >>> error: Untracked working tree file 'extra/ansistrm/__init__.py' would be >>> overwritten by merge. Aborting >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > > > -- > > Regards, Iago Sousa > Webdesigner at Radar Topografia > Programmer and Security Researcher > > |
|
From: Iago S. <146...@gm...> - 2012-07-13 17:51:31
|
Already on 'master' Your branch is behind 'origin/master' by 79 commits, and can be fast-forwarded. On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi Iago. > > Try with: > git checkout -f master > > Kind regards, > Miroslav Stampar > > On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...> wrote: > >> I receive that error when I try to update with 'git pull'. >> >> error: Untracked working tree file 'extra/ansistrm/__init__.py' would be >> overwritten by merge. Aborting >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Regards, Iago Sousa Webdesigner at Radar Topografia Programmer and Security Researcher |
|
From: Miroslav S. <mir...@gm...> - 2012-07-13 17:48:02
|
Hi Iago. Try with: git checkout -f master Kind regards, Miroslav Stampar On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146...@gm...> wrote: > I receive that error when I try to update with 'git pull'. > > error: Untracked working tree file 'extra/ansistrm/__init__.py' would be > overwritten by merge. Aborting > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Iago S. <146...@gm...> - 2012-07-13 17:43:19
|
I receive that error when I try to update with 'git pull'. error: Untracked working tree file 'extra/ansistrm/__init__.py' would be overwritten by merge. Aborting |
|
From: Miroslav S. <mir...@gm...> - 2012-07-13 12:29:23
|
Hi Bob. It should be fixed a minute ago along with the https://github.com/sqlmapproject/sqlmap/issues/88. Kind regards, Miroslav Stampar On Fri, Jul 13, 2012 at 2:24 PM, Bob <sto...@qq...> wrote: > 20:15:56] [CRITICAL] unhandled exception in sqlmap/1.0-dev-162da75, retry > your run with the latest development version from the GitHub repository. If > the exception persists, please send by e-mail to ' > sql...@li...' or open a new issue at ' > https://github.com/sqlmapproject/sqlmap/issues/new' with the following > text and any information required to reproduce the bug. The developers will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev-162da75 > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u > ******************************************************* --dbms=MySQL > --level 5 --risk 3 --threads=10 --os-cmd=OSCMD > Technique: STACKED > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "/pentest/database/sqlmap/_sqlmap.py", line 79, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line 571, > in start > action() > File "/pentest/database/sqlmap/lib/controller/action.py", line 140, in > action > conf.dbmsHandler.osCmd() > File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 63, in > osCmd > self.cleanup(web=web) > File "/pentest/database/sqlmap/plugins/generic/misc.py", line 116, in > cleanup > self.delRemoteFile(self.webBackdoorFilePath) > File "/pentest/database/sqlmap/plugins/generic/misc.py", line 95, in > delRemoteFile > filename = posixToNtSlashes(filename) > File "/pentest/database/sqlmap/lib/core/common.py", line 1500, in > posixToNtSlashes > return filepath.replace('/', '\\') > AttributeError: 'NoneType' object has no attribute 'replace' > > [*] shutting down at 20:15:56 > > > ** > > > best regards > Bob > ** > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: B. <sto...@qq...> - 2012-07-13 12:24:57
|
20:15:56] [CRITICAL] unhandled exception in sqlmap/1.0-dev-162da75, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev-162da75 Python version: 2.6.5 Operating system: posix Command line: ./sqlmap.py -u ******************************************************* --dbms=MySQL --level 5 --risk 3 --threads=10 --os-cmd=OSCMD Technique: STACKED Back-end DBMS: MySQL (fingerprinted) Traceback (most recent call last): File "/pentest/database/sqlmap/_sqlmap.py", line 79, in main start() File "/pentest/database/sqlmap/lib/controller/controller.py", line 571, in start action() File "/pentest/database/sqlmap/lib/controller/action.py", line 140, in action conf.dbmsHandler.osCmd() File "/pentest/database/sqlmap/plugins/generic/takeover.py", line 63, in osCmd self.cleanup(web=web) File "/pentest/database/sqlmap/plugins/generic/misc.py", line 116, in cleanup self.delRemoteFile(self.webBackdoorFilePath) File "/pentest/database/sqlmap/plugins/generic/misc.py", line 95, in delRemoteFile filename = posixToNtSlashes(filename) File "/pentest/database/sqlmap/lib/core/common.py", line 1500, in posixToNtSlashes return filepath.replace('/', '\\') AttributeError: 'NoneType' object has no attribute 'replace' [*] shutting down at 20:15:56 best regards Bob |
|
From: Andres R. <and...@gm...> - 2012-07-13 12:16:04
|
w0w, those are too many libraries, I wasn't expecting this. Are those libraries included in all/most linux platforms? Do you guys care about that? :) On Thu, Jul 12, 2012 at 10:11 AM, Bernardo Damele <ber...@gm...> wrote: > Hi Andres, > > We use ansistrm library to wrap the stream output builtin logging > library method. > > We use termcolor library to colourize the print/sys.stdout() calls and > use colorama library to wrap termcolor and make it cross-platform. > > This was the cleanest and most reliable solution that I have > identified following some testing of other libraries too. > > Hope this helps. > > Bernardo Damele A. G. > > This message was sent from a smartphone > > On 12 Jul 2012, at 13:33, Andres Riancho <and...@gm...> wrote: > >> Bernardo, >> >> On Wed, Jul 11, 2012 at 10:18 PM, Bernardo Damele A. G. >> <ber...@gm...> wrote: >>> Hi, >>> >>> We have recently implemented colouring of the standard output. It >>> should work across all three main operating systems: Linux (tested on >>> Ubuntu with bash and zsh), Windows (tested on Windows 7) and Mac OSX >>> (tested on Lion with bash and zsh). >> >> I was thinking about implementing something similar for w3af, which >> library did you guys use to have cross-platform support for coloring? >> >>> See a screenshot here, >>> https://twitter.com/sqlmap/status/223175873614987264. >>> >>> Please, report any bugs you might encounter. >>> >>> Thank you, >>> Bernardo >>> >>> >>> -- >>> Bernardo Damele A. G. >>> >>> E-mail / Jabber: bernardo.damele (at) gmail.com >>> Mobile: +447788962949 (UK 07788962949) >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
|
From: Ruslan M. <cv...@ya...> - 2012-07-12 13:53:39
|
Hi, Bernardo Damele A. G. wrote on 12.07.2012 15:43: > Hi Ruslan, > > Soon we will tag previous versions of sqlmap against Git revisions so > these will show up under https://github.com/sqlmapproject/sqlmap/tags > tab in GitHub and you will be able to clone locally the repository at > a certain version. > I have also uploaded the .tar.gz of all previous versions to > https://github.com/sqlmapproject/sqlmap/downloads so there is no > longer need for the SourceForge File List page at all. > > Never versions will also tagged in the repository and available as a > .tar.gz on GitHub. > > I will soon make sure that a file will all MD5 and SHA1 hashes is also > uploaded to the 'Downloads' page. > > Please, advise if you see any room for improvements of the release process. > > Thank you. > Bernardo Thanks a bunch for this! How annoying for you this would be to upload each new release to downloads/ subdirectory? I understand that it's less hard just to tag some revision and github will do all the magic, but it's more fast and easy for users/packagers. I'm fine with both (in terms of FreeBSD packaging), but static tarballs in downloads are preferred. While you on this, would you please place sqlmap-0.9.tar.gz there (now 0.9 is the only release that packed with zip) and I add github as primary mirror. Thank you. PS. While I wrote this I see that there is 0.9.tar.gz already. Thanks. > > > On 12 July 2012 12:31, Ruslan Mahmatkhanov <cv...@ya...> wrote: >> Good day! >> >> I's a good news that sqlmap finally got the new homepage and github >> repo. The only thing that I feel inconvenient for packagers - is a lack >> of pregenerated tarballs. Some package repositories (like FreeBSD port's >> collection) depend on checksums of downloaded tarballs, so to >> continue to maintain sqlmap in the ports I will need to update the >> FreeBSD port after every commit into the sqlmap repository (because of >> tarball checksum changes). Are you planning to create fixed tarballs for >> new versions of sqlmap in near future? I known github has facility to do so. >> >> Thanks. -- Regards, Ruslan Tinderboxing kills... the drives. |
|
From: Bernardo D. <ber...@gm...> - 2012-07-12 13:12:07
|
Hi Andres, We use ansistrm library to wrap the stream output builtin logging library method. We use termcolor library to colourize the print/sys.stdout() calls and use colorama library to wrap termcolor and make it cross-platform. This was the cleanest and most reliable solution that I have identified following some testing of other libraries too. Hope this helps. Bernardo Damele A. G. This message was sent from a smartphone On 12 Jul 2012, at 13:33, Andres Riancho <and...@gm...> wrote: > Bernardo, > > On Wed, Jul 11, 2012 at 10:18 PM, Bernardo Damele A. G. > <ber...@gm...> wrote: >> Hi, >> >> We have recently implemented colouring of the standard output. It >> should work across all three main operating systems: Linux (tested on >> Ubuntu with bash and zsh), Windows (tested on Windows 7) and Mac OSX >> (tested on Lion with bash and zsh). > > I was thinking about implementing something similar for w3af, which > library did you guys use to have cross-platform support for coloring? > >> See a screenshot here, >> https://twitter.com/sqlmap/status/223175873614987264. >> >> Please, report any bugs you might encounter. >> >> Thank you, >> Bernardo >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 |
|
From: Andres R. <and...@gm...> - 2012-07-12 12:33:57
|
Bernardo, On Wed, Jul 11, 2012 at 10:18 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi, > > We have recently implemented colouring of the standard output. It > should work across all three main operating systems: Linux (tested on > Ubuntu with bash and zsh), Windows (tested on Windows 7) and Mac OSX > (tested on Lion with bash and zsh). I was thinking about implementing something similar for w3af, which library did you guys use to have cross-platform support for coloring? > See a screenshot here, > https://twitter.com/sqlmap/status/223175873614987264. > > Please, report any bugs you might encounter. > > Thank you, > Bernardo > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-07-12 11:43:18
|
Hi Ruslan, Soon we will tag previous versions of sqlmap against Git revisions so these will show up under https://github.com/sqlmapproject/sqlmap/tags tab in GitHub and you will be able to clone locally the repository at a certain version. I have also uploaded the .tar.gz of all previous versions to https://github.com/sqlmapproject/sqlmap/downloads so there is no longer need for the SourceForge File List page at all. Never versions will also tagged in the repository and available as a .tar.gz on GitHub. I will soon make sure that a file will all MD5 and SHA1 hashes is also uploaded to the 'Downloads' page. Please, advise if you see any room for improvements of the release process. Thank you. Bernardo On 12 July 2012 12:31, Ruslan Mahmatkhanov <cv...@ya...> wrote: > Good day! > > I's a good news that sqlmap finally got the new homepage and github > repo. The only thing that I feel inconvenient for packagers - is a lack > of pregenerated tarballs. Some package repositories (like FreeBSD port's > collection) depend on checksums of downloaded tarballs, so to > continue to maintain sqlmap in the ports I will need to update the > FreeBSD port after every commit into the sqlmap repository (because of > tarball checksum changes). Are you planning to create fixed tarballs for > new versions of sqlmap in near future? I known github has facility to do so. > > Thanks. > > -- > Regards, > Ruslan > > Tinderboxing kills... the drives. > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Ruslan M. <cv...@ya...> - 2012-07-12 11:33:34
|
Good day! I's a good news that sqlmap finally got the new homepage and github repo. The only thing that I feel inconvenient for packagers - is a lack of pregenerated tarballs. Some package repositories (like FreeBSD port's collection) depend on checksums of downloaded tarballs, so to continue to maintain sqlmap in the ports I will need to update the FreeBSD port after every commit into the sqlmap repository (because of tarball checksum changes). Are you planning to create fixed tarballs for new versions of sqlmap in near future? I known github has facility to do so. Thanks. -- Regards, Ruslan Tinderboxing kills... the drives. |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-07-12 09:49:05
|
Hi Marco, Please find it fixed with commit 3d66e2dfb1efe307ab097b03a18db35775c6058a. Thanks for reporting. Bernardo On 12 July 2012 10:25, Marco Mirandola <mm...@gm...> wrote: > [11:23:50] [INFO] the back-end DBMS is MySQL > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: MySQL 5.0 > [11:23:50] [INFO] testing if current user is DBA > [11:23:50] [INFO] fetching current user > [11:23:50] [INFO] heuristics detected web page charset 'ascii' > [11:23:50] [INFO] retrieved: root@localhost > [11:23:50] [INFO] retrieved: 1 > [11:23:50] [WARNING] HTTP error codes detected during testing: > 500 (Internal Server Error) - 2 times > > [11:23:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run > with > the latest development version from the GitHub repository. If the exception > per > sists, please send by e-mail to 'sql...@li...' or open > a n > ew issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the > follow > ing text and any information required to reproduce the bug. The developers > will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.3 > Operating system: nt > Command line: C:\SqlMap\sqlmap.git\trunk\sqlmap.py -u > ************************** > ************************************** --users --passwords --is-dba > Technique: ERROR > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "C:\SqlMap\sqlmap.git\trunk\_sqlmap.py", line 79, in main > start() > File "C:\SqlMap\sqlmap.git\trunk\lib\controller\controller.py", line 571, > in s > tart > action() > File "C:\SqlMap\sqlmap.git\trunk\lib\controller\action.py", line 71, in > action > > conf.dumper.dba(conf.dbmsHandler.isDba()) > File "C:\SqlMap\sqlmap.git\trunk\lib\core\dump.py", line 132, in dba > self.string("current user is DBA", data) > File "C:\SqlMap\sqlmap.git\trunk\lib\core\dump.py", line 77, in string > elif data is not None and len(data) > 0: > TypeError: object of type 'bool' has no len() > > best regards > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Marco M. <mm...@gm...> - 2012-07-12 09:26:09
|
[11:23:50] [INFO] the back-end DBMS is MySQL web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: MySQL 5.0 [11:23:50] [INFO] testing if current user is DBA [11:23:50] [INFO] fetching current user [11:23:50] [INFO] heuristics detected web page charset 'ascii' [11:23:50] [INFO] retrieved: root@localhost [11:23:50] [INFO] retrieved: 1 [11:23:50] [WARNING] HTTP error codes detected during testing: 500 (Internal Server Error) - 2 times [11:23:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the GitHub repository. If the exception per sists, please send by e-mail to 'sql...@li...' or open a n ew issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the follow ing text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev Python version: 2.7.3 Operating system: nt Command line: C:\SqlMap\sqlmap.git\trunk\sqlmap.py -u ************************** ************************************** --users --passwords --is-dba Technique: ERROR Back-end DBMS: MySQL (fingerprinted) Traceback (most recent call last): File "C:\SqlMap\sqlmap.git\trunk\_sqlmap.py", line 79, in main start() File "C:\SqlMap\sqlmap.git\trunk\lib\controller\controller.py", line 571, in s tart action() File "C:\SqlMap\sqlmap.git\trunk\lib\controller\action.py", line 71, in action conf.dumper.dba(conf.dbmsHandler.isDba()) File "C:\SqlMap\sqlmap.git\trunk\lib\core\dump.py", line 132, in dba self.string("current user is DBA", data) File "C:\SqlMap\sqlmap.git\trunk\lib\core\dump.py", line 77, in string elif data is not None and len(data) > 0: TypeError: object of type 'bool' has no len() best regards |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-07-12 01:29:36
|
Hi, We tend to keep our Twitter account, @sqlmap, up to date with the development. We certainly update it more often than the mailing list - with the exception of bugs reported to the mailing list. Hence, if you are keen on keeping a closer eye at the development you can: * Subscribe to its feed so you see the project updated on your GitHub homepage given you have a GitHub account, https://github.com/sqlmapproject/sqlmap/toggle_watch. * Subscribe to its Atom feed in your feed reader of choice, https://github.com/sqlmapproject/sqlmap/commits/master.atom. * Follow the twitter account, https://twitter.com/sqlmap. Like I wrote a few weeks back, if you want to contribute to the development you can: * Register an account on GitHub, fork the project (https://github.com/sqlmapproject/sqlmap/fork_select), checkout (git clone) your forked repository locally, make your changes, push them and send us a pull request - we will then verify your patch and eventually merge it to the main tree. * Report bugs, request features, etc. - by direct email to us, de...@sq..., via this mailing list or by opening an issue on the project's GitHub issues page, https://github.com/sqlmapproject/sqlmap/issues/new. On a side note, if you are keen on helping, but are not confident about Python development, there's still something you can do! We are seeking for a web designer, a logo designer, a QA specialist and someone to review and update the user's manual before we release the much attended version 1.0. Thank you, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-07-12 01:18:31
|
Hi, We have recently implemented colouring of the standard output. It should work across all three main operating systems: Linux (tested on Ubuntu with bash and zsh), Windows (tested on Windows 7) and Mac OSX (tested on Lion with bash and zsh). See a screenshot here, https://twitter.com/sqlmap/status/223175873614987264. Please, report any bugs you might encounter. Thank you, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Miroslav S. <mir...@gm...> - 2012-07-11 08:37:08
|
Hi sc0rp. Currently we don't have plans to support other search engines, but thank you anyway. Kind regards, Miroslav Stampar On Tue, Jul 10, 2012 at 11:19 AM, <sc...@hu...> wrote: > i dunno if you people want to port this perl script to your > project. is not 100% finished, i still add functions and fixes > frokm time to time > but since you people ported ansi color to the sqlmap i think this > scanner is a great add to it test it out let me know what u think > > just made several modifications to existent scanners and this is > how it is right now, it uses Bing insted of google i do have a > google version but it only pulls 64 uris from the search this one > is up to 300, it filters this page outputs > > /SQL/ || /\/var\/www\// || 80040e14 <- know asp error, m/SELECT > (.*) FROM (.*)/i > m/(.*) Invalid argument supplied (.*)/i > > usage perl dor.pl > > insert query ex: -> site:pt noticias.php?id=* > or any asp string > > site:pt *.asp?***=* > > do not use inurl in bing wont work > insert file to store type in a name for the file no extension needed > i will change som things int he scanner in time > > let me know what u think willing to submit it to backtrack to > please dont mention this email > > myself AKA = luke > > thanks > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Zaki A. <zak...@gm...> - 2012-07-11 07:12:10
|
Hello list, I am using sqlmap exploiting SQL injection vulnerabilities. By using sqlmap, I could fingerprint the database server is using Oracle. Then I dumped the username with its password, then cracked the hashes. Now how do I get this Oracle database server IP address? Since from sqlmap the manual, OS command injection is only for MS-SQL, PostgreSQL, and MySQL database. Regards, -- Zaki Akhmad |
|
From: <sc...@hu...> - 2012-07-10 09:20:03
|
i dunno if you people want to port this perl script to your project. is not 100% finished, i still add functions and fixes frokm time to time but since you people ported ansi color to the sqlmap i think this scanner is a great add to it test it out let me know what u think just made several modifications to existent scanners and this is how it is right now, it uses Bing insted of google i do have a google version but it only pulls 64 uris from the search this one is up to 300, it filters this page outputs /SQL/ || /\/var\/www\// || 80040e14 <- know asp error, m/SELECT (.*) FROM (.*)/i m/(.*) Invalid argument supplied (.*)/i usage perl dor.pl insert query ex: -> site:pt noticias.php?id=* or any asp string site:pt *.asp?***=* do not use inurl in bing wont work insert file to store type in a name for the file no extension needed i will change som things int he scanner in time let me know what u think willing to submit it to backtrack to please dont mention this email myself AKA = luke thanks |
|
From: Miroslav S. <mir...@gm...> - 2012-07-08 06:34:30
|
Hi. It's strange. I would need a traffic file (-t traffic.txt --flush-session) for that case to tell you what's happening. Kind regards, Miroslav Stampar On Jul 7, 2012 9:19 PM, "a nice guy" <ae9...@to...> wrote: > Hello, > > I have some questions regarding union injections that google didn't > answer. > The scenario is the following: > > MySQL 5.0 and error messages are shown > "SELECT col1 as val,col2 FROM dummtyable WHERE col3=".$id ." ORDER BY > col2 DESC LIMIT 1" > > The outputs of the query are not shown. > > > Sqlmap detects a error-based vulnerability and the union injection > with two columns but it's unable to exploit the union injection. I > already tried --union-char several times, it's always the same result. > Is there a way to exploit it though there is no output of the query? > > > kind regards, > a nice guy > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Miroslav S. <mir...@gm...> - 2012-07-07 22:19:10
|
Hi Marco. There are some issues around this feature request briefly described here: https://github.com/sqlmapproject/sqlmap/issues/71#issuecomment-6827035 Kind regards, Miroslav Stampar On Thu, Jul 5, 2012 at 10:25 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi Marco. > > We'll consider this one and maybe put it back on (we had it long time > before). > > Kind regards, > Miroslav Stampar > > On Tue, Jul 3, 2012 at 10:35 PM, Marco Mirandola <mm...@gm...>wrote: > >> Hello sqlMap I thought of an improvement, because when you retrieve the >> databases (or tables or columns) does not enumerate the number of the item? >> >> ====================================== >> current sqlMap >> ====================================== >> >> [22:15:39] [INFO] the back-end DBMS is Microsoft SQL Server >> web server operating system: Windows 2003 >> web application technology: ASP.NET, Microsoft IIS 6.0, ASP >> back-end DBMS: Microsoft SQL Server 2005 >> [22:15:39] [INFO] fetching columns for table 'myTable' in database >> 'mystore' >> [22:15:49] [WARNING] reflective value(s) found and filtering out >> [22:15:49] [INFO] the SQL query used returns 253 entries >> [22:16:00] [INFO] retrieved: citta >> [22:16:07] [INFO] retrieved: varchar >> [22:16:13] [INFO] retrieved: cognome >> [22:16:22] [INFO] retrieved: nvarchar >> .... >> >> >> ====================================== >> my idea (modify in green) >> ====================================== >> >> [22:15:39] [INFO] the back-end DBMS is Microsoft SQL Server >> web server operating system: Windows 2003 >> web application technology: ASP.NET, Microsoft IIS 6.0, ASP >> back-end DBMS: Microsoft SQL Server 2005 >> [22:15:39] [INFO] fetching columns for table 'myTable' in database >> 'mystore' >> [22:15:49] [WARNING] reflective value(s) found and filtering out >> [22:15:49] [INFO] the SQL query used returns 253 entries >> [22:16:00] [INFO] retrieved #1: citta >> [22:16:07] [INFO] retrieved #2: varchar >> [22:16:13] [INFO] retrieved #3: cognome >> [22:16:22] [INFO] retrieved #4: nvarchar >> .... >> >> lot a kiss >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
48 messages has been excluded from this view by a project administrator.
