sqlmap-users Mailing List for sqlmap (Page 60)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Patrick W. <pa...@au...> - 2012-05-28 14:48:10
|
Hi Miroslav / Bernardo, Just come up against a host that refuses to talk SSL - TLS only :) It would seem sqlmap does ssl only? Thanks, -Patrick |
|
From: Miroslav S. <mir...@gm...> - 2012-05-27 21:35:25
|
Hi nightman.
Thank you for your report and find it fixed with the latest commit (r5088).
Kind regards,
Miroslav Stampar
On Sun, May 27, 2012 at 11:27 PM, <nig...@em...> wrote:
> [23:19:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r5082), retry
> your run with the latest
> development version from the Subversion repository. If the exception
> persists, please send by e-mail
> to sql...@li... the following text and any
> information required to reproduce
> the bug. The developers will try to reproduce the bug, fix it accordingly
> and get back to you.
> sqlmap version: 1.0-dev (r5082)
> Python version: 2.7.2
> Operating system: nt
> Command line: C:\map3\sqlmap.py -u
> **************************************************** --threads=6
> --random-agent --level 5 --risk 3 --technique=BEUS --dump -D ************
> -T *********** -C ********
> *************************
> Technique: ERROR
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "C:\map3\_sqlmap.py", line 82, in main
> start()
> File "C:\map3\lib\controller\controller.py", line 573, in start
> action()
> File "C:\map3\lib\controller\action.py", line 109, in action
> conf.dbmsHandler.dumpTable()
> File "C:\map3\plugins\generic\enumeration.py", line 1763, in dumpTable
> attackDumpedTable()
> File "C:\map3\lib\utils\hash.py", line 375, in attackDumpedTable
> results = dictionaryAttack(attack_dict)
> File "C:\map3\lib\utils\hash.py", line 833, in dictionaryAttack
> fp.write("%s:%s\n" % (user, hash_))
> UnicodeEncodeError: 'ascii' codec can't encode characters in position
> 4-12: ordinal not in range(128
> )
>
> [*] shutting down at 23:19:47
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: <nig...@em...> - 2012-05-27 21:27:12
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>[23:19:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r5082), retry your run with the latest<br/>development version from the Subversion repository. If the exception persists, please send by e-mail<br/> to sql...@li... the following text and any information required to reproduce<br/>the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.<br/>sqlmap version: 1.0-dev (r5082)<br/>Python version: 2.7.2<br/>Operating system: nt<br/>Command line: C:\map3\sqlmap.py -u **************************************************** --threads=6<br/>--random-agent --level 5 --risk 3 --technique=BEUS --dump -D ************ -T *********** -C ********<br/>*************************<br/>Technique: ERROR<br/>Back-end DBMS: MySQL (fingerprinted)<br/>Traceback (most recent call last):<br/> File "C:\map3\_sqlmap.py", line 82, in main<br/> start()<br/> File "C:\map3\lib\controller\controller.py", line 573, in start<br/> action()<br/> File "C:\map3\lib\controller\action.py", line 109, in action<br/> conf.dbmsHandler.dumpTable()<br/> File "C:\map3\plugins\generic\enumeration.py", line 1763, in dumpTable<br/> attackDumpedTable()<br/> File "C:\map3\lib\utils\hash.py", line 375, in attackDumpedTable<br/> results = dictionaryAttack(attack_dict)<br/> File "C:\map3\lib\utils\hash.py", line 833, in dictionaryAttack<br/> fp.write("%s:%s\n" % (user, hash_))<br/>UnicodeEncodeError: 'ascii' codec can't encode characters in position 4-12: ordinal not in range(128<br/>)<br/><br/>[*] shutting down at 23:19:47<br/><br/></div></div></body></html> |
|
From: Pedrito P. <0ar...@gm...> - 2012-05-27 20:45:08
|
[15:43:26] [INFO] testing connection to the target url [15:43:27] [WARNING] unknown web page charset 'utc8'. Please report by e-mail to sql...@li.... [15:43:28] [INFO] heuristics detected web page charset 'ISO-8859-2' [15:43:28] [INFO] testing NULL connection to the target url |
|
From: Miroslav S. <mir...@gm...> - 2012-05-27 19:00:19
|
Hi Anton. ACK and put on TODO list. Kind regards, Miroslav Stampar On Sun, May 27, 2012 at 8:19 PM, Anton Sazonov <ant...@gm...>wrote: > Thanks for answering, Miroslav. > > I must haven't been clear enough in my previous post. What I mean is > that, say, you got a website under your purview, an example.com. > There's a vulnerable script at > http://www.example.com/example.php?id=1&id2=2 and "id" is vulnerable. > > Say, there's another SQLi in http://www.example.com/exampe2.asp". > > Basically, every time I need to --dbs, --columns or whatever, I have > to _type in exactly the same URL and parameters_ which are _already > stored in the log file_. What I'm proposing to do is to add an option > to specify a domain name and (optionally) select from a number of > available attacks and go from there. Something like ./sqlmap.py -D > example.com --dbs. > > Otherwise, we, the users, are forced to look up the logs in search of > the vulnerable script and its settings. > > That'd just make things so much simpler for further attacks against > the "victim" server. > > Thanks for your time and the work you put into this, > Anton Sazonov > > On Sun, May 27, 2012 at 6:58 PM, Miroslav Stampar > <mir...@gm...> wrote: > > Hi Anton. > > > > Maybe I am missing something: > > "I must be missing something, but shouldn't there be a command line > > switch to perform the exact same SQLi you did on your target machine" > > > > If you are referring to a normal session resumal then it's automatically > > being done. If you mean that you want to use information of SQLi from one > > target to another then there is no such option. > > > > If you need that first scenario then please tell which version do you > use? > > > > Kind regards, > > Miroslav Stampar > > > > On Sat, May 26, 2012 at 1:32 AM, Anton Sazonov <ant...@gm...> > > wrote: > >> > >> Hello there, > >> > >> I must be missing something, but shouldn't there be a command line > >> switch to perform the exact same SQLi you did on your target machine? > >> I do realize that the vulnerabilities are stored in > >> $SQLMAP/output/$HOSTNAME/log and are rather easy to replicate, if > >> frustrating. > >> > >> Wouldn't that be easier for the end-users to just add an option to > >> specify the already injected and confirmed server in the command line, > >> as in, for example, ./sqlmap.py -h example.com --dbs? > >> > >> Couldn't find it in the documentation for the life of me. Apologies if > >> it has already been brought up. > >> > >> Thanks, > >> Anton > >> > >> > >> > ------------------------------------------------------------------------------ > >> Live Security Virtual Conference > >> Exclusive live event will cover all the ways today's security and > >> threat landscape has changed and how IT managers can respond. > Discussions > >> will include endpoint security, mobile security and the latest in > malware > >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Anton S. <ant...@gm...> - 2012-05-27 18:20:20
|
Thanks for answering, Miroslav. I must haven't been clear enough in my previous post. What I mean is that, say, you got a website under your purview, an example.com. There's a vulnerable script at http://www.example.com/example.php?id=1&id2=2 and "id" is vulnerable. Say, there's another SQLi in http://www.example.com/exampe2.asp". Basically, every time I need to --dbs, --columns or whatever, I have to _type in exactly the same URL and parameters_ which are _already stored in the log file_. What I'm proposing to do is to add an option to specify a domain name and (optionally) select from a number of available attacks and go from there. Something like ./sqlmap.py -D example.com --dbs. Otherwise, we, the users, are forced to look up the logs in search of the vulnerable script and its settings. That'd just make things so much simpler for further attacks against the "victim" server. Thanks for your time and the work you put into this, Anton Sazonov On Sun, May 27, 2012 at 6:58 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi Anton. > > Maybe I am missing something: > "I must be missing something, but shouldn't there be a command line > switch to perform the exact same SQLi you did on your target machine" > > If you are referring to a normal session resumal then it's automatically > being done. If you mean that you want to use information of SQLi from one > target to another then there is no such option. > > If you need that first scenario then please tell which version do you use? > > Kind regards, > Miroslav Stampar > > On Sat, May 26, 2012 at 1:32 AM, Anton Sazonov <ant...@gm...> > wrote: >> >> Hello there, >> >> I must be missing something, but shouldn't there be a command line >> switch to perform the exact same SQLi you did on your target machine? >> I do realize that the vulnerabilities are stored in >> $SQLMAP/output/$HOSTNAME/log and are rather easy to replicate, if >> frustrating. >> >> Wouldn't that be easier for the end-users to just add an option to >> specify the already injected and confirmed server in the command line, >> as in, for example, ./sqlmap.py -h example.com --dbs? >> >> Couldn't find it in the documentation for the life of me. Apologies if >> it has already been brought up. >> >> Thanks, >> Anton >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-05-27 14:58:17
|
Hi Anton. Maybe I am missing something: "I must be missing something, but shouldn't there be a command line switch to perform the exact same SQLi you did on your target machine" If you are referring to a normal session resumal then it's automatically being done. If you mean that you want to use information of SQLi from one target to another then there is no such option. If you need that first scenario then please tell which version do you use? Kind regards, Miroslav Stampar On Sat, May 26, 2012 at 1:32 AM, Anton Sazonov <ant...@gm...>wrote: > Hello there, > > I must be missing something, but shouldn't there be a command line > switch to perform the exact same SQLi you did on your target machine? > I do realize that the vulnerabilities are stored in > $SQLMAP/output/$HOSTNAME/log and are rather easy to replicate, if > frustrating. > > Wouldn't that be easier for the end-users to just add an option to > specify the already injected and confirmed server in the command line, > as in, for example, ./sqlmap.py -h example.com --dbs? > > Couldn't find it in the documentation for the life of me. Apologies if > it has already been brought up. > > Thanks, > Anton > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-05-26 05:45:17
|
Hi Bob. Yes, sqlmap works with MsSQL 2008. Could you please post traffic file for that run (-t traffic.txt --current-user --fresh-queries)? Also, if you could send url that could be good too. Kind regards On Sat, May 26, 2012 at 4:38 AM, Bob <sto...@qq...> wrote: > I meet the problem with sqlmap working with sql server 2008 . the details > if below . sometimes can retrieval db,and user ,but sometimes is show below > . > > Place: GET > Parameter: nclassid > Type: boolean-based blind > Title: OR boolean-based blind - WHERE or HAVING clause > Payload: classid=4&nclassid=-2854 OR (2950=2950) > --- > > [10:31:11] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: Microsoft SQL Server 2008 > [10:31:11] [INFO] fetching current user > [10:31:12] [WARNING] running in a single-thread mode. Please consider > usage of option '--threads' for faster data retrieval > sqlmap got a 302 redirect to 'http://www.xxxxx:80/index.asp'. Do you want > to follow? [Y/n] n > > [10:33:03] [INFO] heuristics detected web page charset 'ascii' > > current user: None > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-05-26 05:45:15
|
Hi Bob. Yes, sqlmap works with MsSQL 2008. Could you please post traffic file for that run (-t traffic.txt --current-user --fresh-queries)? Also, if you could send url that could be good too. Kind regards On Sat, May 26, 2012 at 4:38 AM, Bob <sto...@qq...> wrote: > I meet the problem with sqlmap working with sql server 2008 . the details > if below . sometimes can retrieval db,and user ,but sometimes is show below > . > > Place: GET > Parameter: nclassid > Type: boolean-based blind > Title: OR boolean-based blind - WHERE or HAVING clause > Payload: classid=4&nclassid=-2854 OR (2950=2950) > --- > > [10:31:11] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: Microsoft SQL Server 2008 > [10:31:11] [INFO] fetching current user > [10:31:12] [WARNING] running in a single-thread mode. Please consider > usage of option '--threads' for faster data retrieval > sqlmap got a 302 redirect to 'http://www.xxxxx:80/index.asp'. Do you want > to follow? [Y/n] n > > [10:33:03] [INFO] heuristics detected web page charset 'ascii' > > current user: None > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: B. <sto...@qq...> - 2012-05-26 02:38:29
|
I meet the problem with sqlmap working with sql server 2008 . the details if below . sometimes can retrieval db,and user ,but sometimes is show below .
Place: GET
Parameter: nclassid
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: classid=4&nclassid=-2854 OR (2950=2950)
---
[10:31:11] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2008
[10:31:11] [INFO] fetching current user
[10:31:12] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
sqlmap got a 302 redirect to 'http://www.xxxxx:80/index.asp'. Do you want to follow? [Y/n] n
[10:33:03] [INFO] heuristics detected web page charset 'ascii'
current user: None |
|
From: Anton S. <ant...@gm...> - 2012-05-25 23:32:52
|
Hello there, I must be missing something, but shouldn't there be a command line switch to perform the exact same SQLi you did on your target machine? I do realize that the vulnerabilities are stored in $SQLMAP/output/$HOSTNAME/log and are rather easy to replicate, if frustrating. Wouldn't that be easier for the end-users to just add an option to specify the already injected and confirmed server in the command line, as in, for example, ./sqlmap.py -h example.com --dbs? Couldn't find it in the documentation for the life of me. Apologies if it has already been brought up. Thanks, Anton |
|
From: DNC <sq...@hu...> - 2012-05-25 17:13:55
|
Hello All, Is it possible to make injection in Basic Auth information ? I am in this situation : On the Basic Auth login if i put : x' AND 1=(SELECT COUNT(*) FROM users); -- I have as reply : *You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--' AND pass = 'test'' at line 1* On the Basic Auth Pass if i put the same : x' AND 1=(SELECT COUNT(*) FROM users); -- I have as reply : *You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--'' at line 1* As I am kind of bad in SQL Query, I try to automate with SQLMap with this command : ./sqlmap.py -u http://test.com/folder/file.php --auth-type=Basic --auth-cred=*:admin --level=5 --risk=3 --user-agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" It stop on : not authorized, try to provide right HTTP authentication type and valid credentials (401) Is there a way to make it anyway ? Regards DNC |
|
From: Thomas S. <ts...@go...> - 2012-05-25 10:40:32
|
Miroslav, great! Makes me and my customer happy! Thomas Von: Miroslav Stampar [mailto:mir...@gm...] Gesendet: Freitag, 25. Mai 2012 01:12 An: Thomas Schreiber Cc: sql...@li... Betreff: Re: [sqlmap-users] Not url-encoding POST-data possible? Hi Thomas. With the latest r5076 you'll get a new switch '--skip-urlencode' which tells sqlmap to skip URL encoding of POST data. Kind regards, Miroslav Stampar On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar <mir...@gm...> wrote: Hi. There is no such option, but something will be done (e.g. --skip-urlencode). Will keep you updated. Kind regards On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts...@go...> wrote: Hi, can I tell sqlmap to not url-encode POST-data? In my case a php webservice complains about not getting a '<' as first character: Warning: simplexml_load_string(): Entity: line 1: parser error : Start tag expected, '<' not found in... Warning: simplexml_load_string(): %3Crequest... The reason is, that sqlmap sends the payload url-encoded: %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E Trying the same request in burp without urlencoding like this: <Request><ID>111*</ID></Request> does not produce the error Thanks! Thomas ---------------------------------------------------------------------------- -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-05-25 09:35:26
|
Hi Devon With the latest commit (r5077) you won't be asked any more for that "you've probably...tainted..." in "multiple target mode". That simply means that check will be only conducted if user has explicitly used -u parameter and not in those more advanced modes (-g, -m,...) Kind regards, Miroslav Stampar On Thu, May 24, 2012 at 5:22 PM, Devon <dev...@ao...> wrote: > Hello, > > I encountered a situation where --batch ended up prematurely ending a scan > of a website. The reason is because there was an invalid link on the > site's HTML document, that confused sqlmap into exiting. Here's the output > which I think should explain it better: > > root@apj351:~# ./sqlmap.py --random-agent --threads=5 -u ' > http://XXXXXXXXXXXXXXXXXX/' --crawl=5 --batch > > sqlmap/1.0-dev (r5058) - automatic SQL injection and database takeover > tool > http://www.sqlmap.org > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Authors assume no liability and > are not responsible for any misuse or damage caused by this program > > [*] starting at 08:06:59 > > [08:06:59] [INFO] fetched random HTTP User-Agent header from file > '/opt/sqlmap/txt/user-agents.txt': Opera/9.80 (X11; Linux x86_64; U; en-GB) > Presto/2.2.15 Version/10.01 > [08:06:59] [INFO] starting crawler > [08:06:59] [INFO] searching for links with depth 1 > [08:07:00] [INFO] heuristics detected web page charset 'ascii' > [08:07:00] [INFO] searching for links with depth 2 > [08:07:00] [INFO] starting 5 threads > [08:07:02] [INFO] 3/57 links visited (5%) > [08:07:02] [INFO] heuristics detected web page charset 'utf-8' > [08:07:12] [INFO] 28/57 links visited (49%) > [08:07:12] [INFO] heuristics detected web page charset 'ISO-8859-2' > [08:07:22] [INFO] searching for links with depth 3 > [08:07:22] [INFO] starting 5 threads > [08:07:47] [INFO] searching for links with depth 4 > [08:07:47] [INFO] starting 5 threads > [08:08:14] [INFO] searching for links with depth 5 > [08:08:14] [INFO] starting 5 threads > [08:08:41] [INFO] sqlmap got a total of 20 targets > [08:08:41] [INFO] url 1: > GET http:/XXXXXXXXXXXXXXXXXX/YYYYYYYYYYY.aspx?selected=03. Something > somsething something (Yadda yadda) > do you want to test this url? [Y/n/q] > > Y > [08:08:41] [INFO] testing url > http:/XXXXXXXXXXXXXXXXXX/YYYYYYYYYYY.aspx?selected=03. Something somsething > something (Yadda yadda) > [08:08:41] [WARNING] it appears that you have provided tainted parameter > values ('selected=03. Something somsething something (Yadda yadda)') with > most probably leftover chars from manual sql injection tests (;()') or > non-valid numerical value. Please, always use only valid parameter values > so sqlmap could be able to properly run > [08:08:41] [INFO] Are you sure you want to continue? [y/N] N > > [*] shutting down at 08:08:41 > > > I think in addition to --batch, it would be useful to have something like > --yes which just assumes "yes" for any prompt that comes up. It is just an > idea, but I thought it might be useful since --batch is most often used in > non-interactive scripts where the user might not catch what happened. > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Dennis <kor...@ya...> - 2012-05-25 07:54:39
|
That feature comes in handy for me as well. Great work guys, as always! Cheers, Dennis Am 25.05.2012 01:47, schrieb Miroslav Stampar: > ;) > > On Fri, May 25, 2012 at 1:34 AM, André Silva <and...@gm... > <mailto:and...@gm...>> wrote: > > Bernado / Miroslav, > > The SqlMap is indeed an amazing open source sotware. > > Bug fixes, implementation of new features.... > > Thanks guys > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 23:47:39
|
;) On Fri, May 25, 2012 at 1:34 AM, André Silva <and...@gm...> wrote: > Bernado / Miroslav, > > The SqlMap is indeed an amazing open source sotware. > > Bug fixes, implementation of new features.... > > Thanks guys > -- Miroslav Stampar http://about.me/stamparm |
|
From: André S. <and...@gm...> - 2012-05-24 23:34:53
|
Bernado / Miroslav, The SqlMap is indeed an amazing open source sotware. Bug fixes, implementation of new features.... Thanks guys |
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 23:11:45
|
Hi Thomas. With the latest r5076 you'll get a new switch '--skip-urlencode' which tells sqlmap to skip URL encoding of POST data. Kind regards, Miroslav Stampar On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > There is no such option, but something will be done (e.g. > --skip-urlencode). Will keep you updated. > > Kind regards > On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts...@go...> wrote: > >> Hi, >> >> can I tell sqlmap to not url-encode POST-data? >> >> In my case a php webservice complains about not getting a '<' as first >> character: >> >> Warning: simplexml_load_string(): Entity: line 1: parser error : Start >> tag expected, '<' not found in... >> Warning: simplexml_load_string(): %3Crequest... >> >> The reason is, that sqlmap sends the payload url-encoded: >> >> %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E >> >> Trying the same request in burp without urlencoding like this: >> >> <Request><ID>111*</ID></Request> >> >> does not produce the error >> >> Thanks! >> >> Thomas >> >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 22:12:38
|
Hi.
IPv6 support is now up and running with the latest r5075.
Kind regards,
Miroslav Stampar
On Thu, May 24, 2012 at 12:00 PM, Miroslav Stampar <
mir...@gm...> wrote:
> Hi.
>
> To be honest, we haven't tried usage of IPv6 addresses, but you are the
> messenger that we should start :)
>
> We'll see what can be done and keep you posted.
>
> Kind regards,
> Miroslav Stampar
> On May 23, 2012 8:15 PM, "rmillet" <rmi...@us...>
> wrote:
>
>> Hi all,
>>
>> sqlmap hangs when using with an IPv6 address:
>> ./sqlmap.py -u 'http://[::1]/?p=42'
>>
>>
>> Here is the traceback displayed on keyboard interrupt:
>>
>> Traceback (most recent call last):
>> File "./sqlmap.py", line 19, in <module>
>> main()
>> File "/sqlmap/_sqlmap.py", line 110, in main
>> errMsg = unhandledExceptionMessage()
>> File "/sqlmap/lib/core/common.py", line 2557, in
>> unhandledExceptionMessage
>> return maskSensitiveData(errMsg)
>> File "/sqlmap/lib/core/common.py", line 2568, in maskSensitiveData
>> while extractRegexResult(regex, retVal):
>> File "/sqlmap/lib/core/common.py", line 2159, in extractRegexResult
>> retVal = match.group("result")
>> KeyboardInterrupt
>>
>>
>>
>> Regards,
>>
>> rmillet42
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 17:46:03
|
Hi nightman. Thank you again and find it fixed with the latest commit Kind regards On Thu, May 24, 2012 at 1:07 PM, <nig...@em...> wrote: > [12:53:20] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r5067), retry > your run with the latest > development version from the Subversion repository. If the exception > persists, please send by e-mail > to sql...@li... the following text and any > information required to reproduce > the bug. The developers will try to reproduce the bug, fix it accordingly > and get back to you. > sqlmap version: 1.0-dev (r5067) > Python version: 2.7.2 > Operating system: nt > Command line: C:\map2\sqlmap.py -u > ************************************************* --threads=6 --r > andom-agent --level 5 --risk 3 --technique=BEUS --file-read=/etc/passwd > Technique: BOOLEAN > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "C:\map2\_sqlmap.py", line 82, in main > start() > File "C:\map2\lib\controller\controller.py", line 573, in start > action() > File "C:\map2\lib\controller\action.py", line 129, in action > conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile)) > File "C:\map2\plugins\generic\filesystem.py", line 201, in readFile > fileContent = self.stackedReadFile(rFile) > File "C:\map2\plugins\dbms\mysql\filesystem.py", line 62, in > stackedReadFile > if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): > NameError: global name 'PAYLOAD' is not defined > > [*] shutting down at 12:53:20 > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Devon <dev...@ao...> - 2012-05-24 15:22:39
|
Hello,
I encountered a situation where --batch ended up prematurely ending a scan of a website. The reason is because there was an invalid link on the site's HTML document, that confused sqlmap into exiting. Here's the output which I think should explain it better:
root@apj351:~# ./sqlmap.py --random-agent --threads=5 -u 'http://XXXXXXXXXXXXXXXXXX/' --crawl=5 --batch
sqlmap/1.0-dev (r5058) - automatic SQL injection and database takeover tool
http://www.sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 08:06:59
[08:06:59] [INFO] fetched random HTTP User-Agent header from file '/opt/sqlmap/txt/user-agents.txt': Opera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.2.15 Version/10.01
[08:06:59] [INFO] starting crawler
[08:06:59] [INFO] searching for links with depth 1
[08:07:00] [INFO] heuristics detected web page charset 'ascii'
[08:07:00] [INFO] searching for links with depth 2
[08:07:00] [INFO] starting 5 threads
[08:07:02] [INFO] 3/57 links visited (5%)
[08:07:02] [INFO] heuristics detected web page charset 'utf-8'
[08:07:12] [INFO] 28/57 links visited (49%)
[08:07:12] [INFO] heuristics detected web page charset 'ISO-8859-2'
[08:07:22] [INFO] searching for links with depth 3
[08:07:22] [INFO] starting 5 threads
[08:07:47] [INFO] searching for links with depth 4
[08:07:47] [INFO] starting 5 threads
[08:08:14] [INFO] searching for links with depth 5
[08:08:14] [INFO] starting 5 threads
[08:08:41] [INFO] sqlmap got a total of 20 targets
[08:08:41] [INFO] url 1:
GET http:/XXXXXXXXXXXXXXXXXX/YYYYYYYYYYY.aspx?selected=03. Something somsething something (Yadda yadda)
do you want to test this url? [Y/n/q]
> Y
[08:08:41] [INFO] testing url http:/XXXXXXXXXXXXXXXXXX/YYYYYYYYYYY.aspx?selected=03. Something somsething something (Yadda yadda)
[08:08:41] [WARNING] it appears that you have provided tainted parameter values ('selected=03. Something somsething something (Yadda yadda)') with most probably leftover chars from manual sql injection tests (;()') or non-valid numerical value. Please, always use only valid parameter values so sqlmap could be able to properly run
[08:08:41] [INFO] Are you sure you want to continue? [y/N] N
[*] shutting down at 08:08:41
I think in addition to --batch, it would be useful to have something like --yes which just assumes "yes" for any prompt that comes up. It is just an idea, but I thought it might be useful since --batch is most often used in non-interactive scripts where the user might not catch what happened.
|
|
From: <nig...@em...> - 2012-05-24 11:07:40
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>[12:53:20] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r5067), retry your run with the latest<br/>development version from the Subversion repository. If the exception persists, please send by e-mail<br/> to sql...@li... the following text and any information required to reproduce<br/>the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.<br/>sqlmap version: 1.0-dev (r5067)<br/>Python version: 2.7.2<br/>Operating system: nt<br/>Command line: C:\map2\sqlmap.py -u ************************************************* --threads=6 --r<br/>andom-agent --level 5 --risk 3 --technique=BEUS --file-read=/etc/passwd<br/>Technique: BOOLEAN<br/>Back-end DBMS: MySQL (fingerprinted)<br/>Traceback (most recent call last):<br/> File "C:\map2\_sqlmap.py", line 82, in main<br/> start()<br/> File "C:\map2\lib\controller\controller.py", line 573, in start<br/> action()<br/> File "C:\map2\lib\controller\action.py", line 129, in action<br/> conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))<br/> File "C:\map2\plugins\generic\filesystem.py", line 201, in readFile<br/> fileContent = self.stackedReadFile(rFile)<br/> File "C:\map2\plugins\dbms\mysql\filesystem.py", line 62, in stackedReadFile<br/> if conf.direct or isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):<br/>NameError: global name 'PAYLOAD' is not defined<br/><br/>[*] shutting down at 12:53:20<br/></div></div></body></html> |
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 10:00:13
|
Hi.
To be honest, we haven't tried usage of IPv6 addresses, but you are the
messenger that we should start :)
We'll see what can be done and keep you posted.
Kind regards,
Miroslav Stampar
On May 23, 2012 8:15 PM, "rmillet" <rmi...@us...> wrote:
> Hi all,
>
> sqlmap hangs when using with an IPv6 address:
> ./sqlmap.py -u 'http://[::1]/?p=42'
>
>
> Here is the traceback displayed on keyboard interrupt:
>
> Traceback (most recent call last):
> File "./sqlmap.py", line 19, in <module>
> main()
> File "/sqlmap/_sqlmap.py", line 110, in main
> errMsg = unhandledExceptionMessage()
> File "/sqlmap/lib/core/common.py", line 2557, in
> unhandledExceptionMessage
> return maskSensitiveData(errMsg)
> File "/sqlmap/lib/core/common.py", line 2568, in maskSensitiveData
> while extractRegexResult(regex, retVal):
> File "/sqlmap/lib/core/common.py", line 2159, in extractRegexResult
> retVal = match.group("result")
> KeyboardInterrupt
>
>
>
> Regards,
>
> rmillet42
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
|
From: Miroslav S. <mir...@gm...> - 2012-05-24 09:56:47
|
Hi. There is no such option, but something will be done (e.g. --skip-urlencode). Will keep you updated. Kind regards On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts...@go...> wrote: > Hi, > > can I tell sqlmap to not url-encode POST-data? > > In my case a php webservice complains about not getting a '<' as first > character: > > Warning: simplexml_load_string(): Entity: line 1: parser error : Start > tag expected, '<' not found in... > Warning: simplexml_load_string(): %3Crequest... > > The reason is, that sqlmap sends the payload url-encoded: > > %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E > > Trying the same request in burp without urlencoding like this: > > <Request><ID>111*</ID></Request> > > does not produce the error > > Thanks! > > Thomas > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Thomas S. <ts...@go...> - 2012-05-23 19:56:24
|
Hi, can I tell sqlmap to not url-encode POST-data? In my case a php webservice complains about not getting a '<' as first character: Warning: simplexml_load_string(): Entity: line 1: parser error : Start tag expected, '<' not found in... Warning: simplexml_load_string(): %3Crequest... The reason is, that sqlmap sends the payload url-encoded: %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E Trying the same request in burp without urlencoding like this: <Request><ID>111*</ID></Request> does not produce the error Thanks! Thomas |
48 messages has been excluded from this view by a project administrator.
