sqlmap-users Mailing List for sqlmap (Page 65)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: buawig <bu...@gm...> - 2012-03-13 21:08:11
|
Hi, regardless whether --keep-alive is used or not the 'Connection:' header field is always set to 'close'. I'm using --keep-alive in conjunction with --proxy=.. regards, buawig |
|
From: buawig <bu...@gm...> - 2012-03-13 17:10:53
|
Hi, when testing URLs that result in redirects sqlmap offers three possibilities: [1] Follow the redirection (default) [2] Stay on the original page [3] Ignore If I answer with > 2 or with > 3 it still sends requests to the URL found in the Location: header. Is there a way to prevent these requests to the URL specified in the Location: header? Sqlmap should only query the url specified in -u parameter and analyze the responses - no follow up requests. thanks, buawig |
|
From: Miroslav S. <mir...@gm...> - 2012-03-12 21:46:43
|
Hi. One question. Have you resumed a session made from previous revision(s) (few weeks old) or you've made it from beginning these days? Kind regards, Miroslav Stampar On Mon, Mar 12, 2012 at 10:28 PM, HGroup VN <hgr...@gm...> wrote: > sqlmap version: 1.0-dev (r4853) > Python version: 2.7.2+ > > Traceback (most recent call last): > File "/home/root/Desktop/sqlmap/_sqlmap.py", line 82, in main > start() > File "/home/root/Desktop/sqlmap/lib/controller/controller.py", line 348, > in start > setupTargetEnv() > File "/home/root/Desktop/sqlmap/lib/core/target.py", line 436, in > setupTargetEnv > __resumeHashDBValues() > File "/home/root/Desktop/sqlmap/lib/core/target.py", line 215, in > __resumeHashDBValues > kb.absFilePaths = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True) > or kb.absFilePaths > File "/home/root/Desktop/sqlmap/lib/core/common.py", line 3199, in > hashDBRetrieve > return conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not > (checkConf and any([conf.flushSession, conf.freshQueries])) else None > File "/home/root/Desktop/sqlmap/lib/utils/hashdb.py", line 71, in > retrieve > return retVal if not unserialize else unserializeObject(retVal) > File "/home/root/Desktop/sqlmap/lib/core/common.py", line 3085, in > unserializeObject > retVal = base64unpickle(value) > File "/home/root/Desktop/sqlmap/lib/core/convert.py", line 39, in > base64unpickle > return pickle.loads(base64decode(value)) > File "/usr/lib/python2.7/pickle.py", line 1382, in loads > return Unpickler(file).load() > File "/usr/lib/python2.7/pickle.py", line 858, in load > dispatch[key](self) > File "/usr/lib/python2.7/pickle.py", line 1170, in load_binput > self.memo[repr(i)] = self.stack[-1] > IndexError: list index out of range > > [*] shutting down at 04:26:22 > > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: HGroup VN <hgr...@gm...> - 2012-03-12 21:28:54
|
sqlmap version: 1.0-dev (r4853)
Python version: 2.7.2+
Traceback (most recent call last):
File "/home/root/Desktop/sqlmap/_sqlmap.py", line 82, in main
start()
File "/home/root/Desktop/sqlmap/lib/controller/controller.py", line 348,
in start
setupTargetEnv()
File "/home/root/Desktop/sqlmap/lib/core/target.py", line 436, in
setupTargetEnv
__resumeHashDBValues()
File "/home/root/Desktop/sqlmap/lib/core/target.py", line 215, in
__resumeHashDBValues
kb.absFilePaths = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)
or kb.absFilePaths
File "/home/root/Desktop/sqlmap/lib/core/common.py", line 3199, in
hashDBRetrieve
return conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not
(checkConf and any([conf.flushSession, conf.freshQueries])) else None
File "/home/root/Desktop/sqlmap/lib/utils/hashdb.py", line 71, in retrieve
return retVal if not unserialize else unserializeObject(retVal)
File "/home/root/Desktop/sqlmap/lib/core/common.py", line 3085, in
unserializeObject
retVal = base64unpickle(value)
File "/home/root/Desktop/sqlmap/lib/core/convert.py", line 39, in
base64unpickle
return pickle.loads(base64decode(value))
File "/usr/lib/python2.7/pickle.py", line 1382, in loads
return Unpickler(file).load()
File "/usr/lib/python2.7/pickle.py", line 858, in load
dispatch[key](self)
File "/usr/lib/python2.7/pickle.py", line 1170, in load_binput
self.memo[repr(i)] = self.stack[-1]
IndexError: list index out of range
[*] shutting down at 04:26:22
|
|
From: a n. g. <ae9...@to...> - 2012-03-10 22:28:26
|
Hello,
I get some weird results after checking a site.
Place: URI
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: */191' AND 4356=4356 AND 'JzPr'='JzPr
Vector: AND [INFERENCE]
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries
Payload: */191'; SELECT SLEEP(5);# AND 'gAjF'='gAjF
Vector: ; IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]);#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: */191' AND SLEEP(5) AND 'lCct'='lCct
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
If I run with --dbs, this is the result:
[14:56:04] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.2.14
back-end DBMS: MySQL 5.0.11
[14:56:04] [INFO] fetching database names
[14:56:04] [INFO] fetching number of databases
[14:56:04] [DEBUG] resuming configuration option 'optimize' (True)
[14:56:04] [INFO] retrieved:
[14:56:14] [DEBUG] performed 3 queries in 9 seconds
[14:56:14] [ERROR] unable to retrieve the number of databases
[14:56:14] [INFO] falling back to current database
[14:56:14] [INFO] fetching current database
[14:56:14] [INFO] retrieving the length of query output
[14:56:14] [INFO] retrieved:
[14:56:17] [DEBUG] performed 3 queries in 2 seconds
[14:56:17] [DEBUG] starting 3 threads
[14:56:17] [INFO] retrieved:
[14:56:26] [DEBUG] performed 10 queries in 12 seconds
[14:56:26] [CRITICAL] unable to retrieve the database names
Could this be a false positive?
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-03-09 14:42:01
|
Hi, This has been recently implemented with switch --load-cookies. Bernardo On 5 March 2012 10:06, Miroslav Stampar <mir...@gm...> wrote: > Hi. > > Good idea for sure. Will put it on a TODO list. > > Kind regards, > Miroslav Stampar > > 2012/3/3 N1XF0RC3 B0X <un...@li...> > >> it will be a cool idea if sqlmap accepts the cookie exported by browser >> something like wget --load-cookies=FILE >> i know that sqlmap already has a flash --cookie >> >> >> thanks in advance >> _N1X_ >> >> >> ------------------------------------------------------------------------------ >> Virtualization & Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Miroslav S. <mir...@gm...> - 2012-03-08 10:53:43
|
Hi David.
Thank you for your report. This (important) bug should be fixed with the
latest r4833.
Kind regards,
Miroslav Stampar
On Wed, Mar 7, 2012 at 8:16 PM, David Guimaraes <sk...@gm...> wrote:
> Hi, I have found a bug:
>
> [16:18:00] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4829), retry
> your run with the latest development version from the Subversion
> repository. If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4829)
> Python version: 2.6.5
> Operating system: posix
> Command line: ./sqlmap.py --random-agent -u
> *****************************************************************************
> -p codigo_xxx -v 3 --tamper tamper/space2comment.py --string xxx --batch
> --current-user --current-db --privileges
> Technique: ERROR
> Back-end DBMS: Microsoft SQL Server (fingerprinted)
> Traceback (most recent call last):
> File "/pentest/database/sqlmap/_sqlmap.py", line 82, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line 573,
> in start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 81, in
> action
> conf.dbmsHandler.getPrivileges(), "privilege")
> File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/enumeration.py",
> line 49, in getPrivileges
> users = self.getUsers()
> File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line
> 180, in getUsers
> value = inject.getValue(query, blind=False)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 408, in
> getValue
> value = __goError(query, expected, dump)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 334, in
> __goError
> output = errorUse(expression, expected, dump)
> File "/pentest/database/sqlmap/lib/techniques/error/use.py", line 354,
> in errorUse
> runThreads(numThreads, errorThread)
> File "/pentest/database/sqlmap/lib/core/threads.py", line 197, in
> runThreads
> conf.hashDB.flush(True)
> File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 101, in flush
> self.cursor.execute("INSERT INTO storage VALUES (?, ?)", (hash_,
> value,))
> ProgrammingError: You must not use 8-bit bytestrings unless you use a
> text_factory that can interpret 8-bit bytestrings (like text_factory =
> str). It is highly recommended that you instead just switch your
> application to Unicode strings.
>
> [*] shutting down at 16:18:00
>
>
> Best Regards,
>
> David
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2012-03-08 09:40:02
|
Hi Ahmed.
Thank you for your report. I've found a potential "silent" bug which is
maybe responsible for this error. Could you please update, and retry with
--flush-session the whole run as you've did here and report back?
If it's still causing problems it would be best if you could send me
privately the content of traffic.txt file made by following options:
-t traffic.txt --is-dba --hex --fresh-queries
Kind regards,
Miroslav Stampar
On Wed, Mar 7, 2012 at 4:15 PM, Ahmed Shawky <ah...@is...> wrote:
> sqlmap version: 1.0-dev (r4829)
> Python version: 2.7.2+
> Operating system: posix
> Command line: ./sqlmap.py -u
> *************************************************** --is-dba --hex
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "/home/lnxg33k/pentest/database/sqlmap/_sqlmap.py", line 82, in main
> start()
> File "/home/lnxg33k/pentest/database/sqlmap/lib/controller/controller.py",
> line 573, in start
> action()
> File "/home/lnxg33k/pentest/database/sqlmap/lib/controller/action.py",
> line 70, in action
> conf.dumper.dba(conf.dbmsHandler.isDba())
> File
> "/home/lnxg33k/pentest/database/sqlmap/plugins/generic/enumeration.py",
> line 154, in isDba
> self.getCurrentUser()
> File
> "/home/lnxg33k/pentest/database/sqlmap/plugins/generic/enumeration.py",
> line 134, in getCurrentUser
> kb.data.currentUser = unArrayizeValue(inject.getValue(query))
> File "/home/lnxg33k/pentest/database/sqlmap/lib/request/inject.py",
> line 397, in getValue
> value = __goInband(query, expected, unique, unpack, dump)
> File "/home/lnxg33k/pentest/database/sqlmap/lib/request/inject.py",
> line 346, in __goInband
> output = parseUnionPage(output, unique)
> File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
> line 1244, in parseUnionPage
> entry = decodeHexValue(entry) if conf.hexConvert else entry
> File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
> line 3140, in decodeHexValue
> return applyFunctionRecursively(value, _)
> File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
> line 3114, in applyFunctionRecursively
> retVal = function(value)
> File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
> line 3127, in _
> value = value.decode("hex")
> File "/usr/lib/python2.7/encodings/hex_codec.py", line 42, in hex_decode
> output = binascii.a2b_hex(input)
> TypeError: Non-hexadecimal digit found
>
> --
>
>
> - Ahmed Shawky El-Antry
> - lnxg33k owner "http://lnxg33k.wordpress.com"
> - Isecur1ty team member"http://www.isecur1ty.org"
> - Twitter @lnxg33k
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2012-03-08 09:01:04
|
Hi Zach. Session file is currently in a deprecated stage, so don't take it's lack of a content (with current v1.0-dev) to be something problematic. Nevertheless, log file should have formatted output of the obtained results. Are you sure that log file is missing? Could you please take a look and report back the content of that output directory you are referring to? Kind regards, Miroslav Stampar On Wed, Mar 7, 2012 at 5:07 PM, Zach Grace <zg...@40...> wrote: > Hi All, > > I'm having an issue where sqlmap doesn't seem to be logging anything to > the log file or the session file. sqlmap has permission to write to the > output directories but there's no output going to the log file, and only > the initial startup time going to the session file with nothing else. > > Version info: I downloaded sqlmap-0.9.tar.gz, then ran sqlmap --update > which updated me to 1.0-dev (r4829). I'm running pythong 2.7.2 > > Thanks, > Zach > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: David G. <sk...@gm...> - 2012-03-07 19:17:10
|
Hi, I have found a bug:
[16:18:00] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4829), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4829)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py --random-agent -u
*****************************************************************************
-p codigo_xxx -v 3 --tamper tamper/space2comment.py --string xxx --batch
--current-user --current-db --privileges
Technique: ERROR
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 82, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 573,
in start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 81, in
action
conf.dbmsHandler.getPrivileges(), "privilege")
File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/enumeration.py",
line 49, in getPrivileges
users = self.getUsers()
File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 180,
in getUsers
value = inject.getValue(query, blind=False)
File "/pentest/database/sqlmap/lib/request/inject.py", line 408, in
getValue
value = __goError(query, expected, dump)
File "/pentest/database/sqlmap/lib/request/inject.py", line 334, in
__goError
output = errorUse(expression, expected, dump)
File "/pentest/database/sqlmap/lib/techniques/error/use.py", line 354, in
errorUse
runThreads(numThreads, errorThread)
File "/pentest/database/sqlmap/lib/core/threads.py", line 197, in
runThreads
conf.hashDB.flush(True)
File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 101, in flush
self.cursor.execute("INSERT INTO storage VALUES (?, ?)", (hash_,
value,))
ProgrammingError: You must not use 8-bit bytestrings unless you use a
text_factory that can interpret 8-bit bytestrings (like text_factory =
str). It is highly recommended that you instead just switch your
application to Unicode strings.
[*] shutting down at 16:18:00
Best Regards,
David
|
|
From: Zach G. <zg...@40...> - 2012-03-07 16:26:53
|
Hi All, I'm having an issue where sqlmap doesn't seem to be logging anything to the log file or the session file. sqlmap has permission to write to the output directories but there's no output going to the log file, and only the initial startup time going to the session file with nothing else. Version info: I downloaded sqlmap-0.9.tar.gz, then ran sqlmap --update which updated me to 1.0-dev (r4829). I'm running pythong 2.7.2 Thanks, Zach |
|
From: Ahmed S. <ah...@is...> - 2012-03-07 15:15:22
|
sqlmap version: 1.0-dev (r4829)
Python version: 2.7.2+
Operating system: posix
Command line: ./sqlmap.py -u
*************************************************** --is-dba --hex
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/home/lnxg33k/pentest/database/sqlmap/_sqlmap.py", line 82, in main
start()
File "/home/lnxg33k/pentest/database/sqlmap/lib/controller/controller.py",
line 573, in start
action()
File "/home/lnxg33k/pentest/database/sqlmap/lib/controller/action.py",
line 70, in action
conf.dumper.dba(conf.dbmsHandler.isDba())
File "/home/lnxg33k/pentest/database/sqlmap/plugins/generic/enumeration.py",
line 154, in isDba
self.getCurrentUser()
File "/home/lnxg33k/pentest/database/sqlmap/plugins/generic/enumeration.py",
line 134, in getCurrentUser
kb.data.currentUser = unArrayizeValue(inject.getValue(query))
File "/home/lnxg33k/pentest/database/sqlmap/lib/request/inject.py",
line 397, in getValue
value = __goInband(query, expected, unique, unpack, dump)
File "/home/lnxg33k/pentest/database/sqlmap/lib/request/inject.py",
line 346, in __goInband
output = parseUnionPage(output, unique)
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
line 1244, in parseUnionPage
entry = decodeHexValue(entry) if conf.hexConvert else entry
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
line 3140, in decodeHexValue
return applyFunctionRecursively(value, _)
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
line 3114, in applyFunctionRecursively
retVal = function(value)
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py",
line 3127, in _
value = value.decode("hex")
File "/usr/lib/python2.7/encodings/hex_codec.py", line 42, in hex_decode
output = binascii.a2b_hex(input)
TypeError: Non-hexadecimal digit found
--
- Ahmed Shawky El-Antry
- lnxg33k owner "http://lnxg33k.wordpress.com"
- Isecur1ty team member"http://www.isecur1ty.org"
- Twitter @lnxg33k
|
|
From: Miroslav S. <mir...@gm...> - 2012-03-05 10:06:14
|
Hi. Good idea for sure. Will put it on a TODO list. Kind regards, Miroslav Stampar 2012/3/3 N1XF0RC3 B0X <un...@li...> > it will be a cool idea if sqlmap accepts the cookie exported by browser > something like wget --load-cookies=FILE > i know that sqlmap already has a flash --cookie > > > thanks in advance > _N1X_ > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: N1XF0RC3 B. <un...@li...> - 2012-03-03 21:02:56
|
it will be a cool idea if sqlmap accepts the cookie exported by browsersomething like wget --load-cookies=FILEi know that sqlmap already has a flash --cookie thanks in advance _N1X_ |
|
From: Miroslav S. <mir...@gm...> - 2012-03-01 10:05:00
|
Hi. I believe that this should be fixed with the latest commit (r4824). Kind regards, Miroslav Stampar 2012/3/1 朱冯贶天 <zh...@ho...> > I met with bug again >.< Debug info is: > > > [16:17:32] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4821), retry > your > run with the latest development version from the Subversion repository. If > the e > xception persists, please send by e-mail to > sql...@li... t > he following text and any information required to reproduce the bug. The > develop > ers will try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4821) > Python version: 2.7.1 > Operating system: nt > Command line: sqlmap.py -u > ***************************************************** > ***** -v 3 --risk 3 --text-only -o --threads=10 --data calendar.id > =201&calendar. > studentType.id=5&calendar.year=2011-2012&calendar.term=2&classroom.name > =&classro > om.configType.id=&classroom.schoolDistrict.id=&classroom.building.id=& > depart.id= > --sql-shell > Technique: TIME > Back-end DBMS: Oracle (fingerprinted) > Traceback (most recent call last): > File "D:\temp_workspace\PyLearning\src\sqlmap\_sqlmap.py", line 82, in > main > start() > File > "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\controller.py", l > ine 573, in start > action() > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\action.py", > line > 121, in action > conf.dbmsHandler.sqlShell() > File > "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", > line 2432, in sqlShell > output = self.sqlQuery(query) > File > "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", > line 2378, in sqlQuery > output = inject.getValue(query, fromUser=True) > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", > line 432 > , in getValue > value = __goInferenceProxy(query, fromUser, expected, batch, unpack, > charset > Type, firstChar, lastChar, dump) > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", > line 216 > , in __goInferenceProxy > count = __goInference(payload, countedExpression, 2, firstChar, > lastChar) > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", > line 66, > in __goInference > count, value = bisection(payload, expression, length, charsetType, > firstChar > , lastChar, dump) > File > "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\blind\inference.p > y", line 489, in bisection > val = getChar(index, asciiTbl) > File > "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\blind\inference.p > y", line 212, in getChar > maxChar = maxValue = charTbl[-1] > IndexError: list index out of range > > > Best regards > > zhfkt > > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: 朱冯贶天 <zh...@ho...> - 2012-03-01 08:25:15
|
I met with bug again >.< Debug info is: [16:17:32] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4821), retry yourrun with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.sqlmap version: 1.0-dev (r4821)Python version: 2.7.1Operating system: ntCommand line: sqlmap.py -u ********************************************************** -v 3 --risk 3 --text-only -o --threads=10 --data calendar.id=201&calendar.studentType.id=5&calendar.year=2011-2012&calendar.term=2&classroom.name=&classroom.configType.id=&classroom.schoolDistrict.id=&classroom.building.id=&depart.id= --sql-shellTechnique: TIMEBack-end DBMS: Oracle (fingerprinted)Traceback (most recent call last): File "D:\temp_workspace\PyLearning\src\sqlmap\_sqlmap.py", line 82, in main start() File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\controller.py", line 573, in start action() File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\action.py", line121, in action conf.dbmsHandler.sqlShell() File "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", line 2432, in sqlShell output = self.sqlQuery(query) File "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", line 2378, in sqlQuery output = inject.getValue(query, fromUser=True) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", line 432, in getValue value = __goInferenceProxy(query, fromUser, expected, batch, unpack, charsetType, firstChar, lastChar, dump) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", line 216, in __goInferenceProxy count = __goInference(payload, countedExpression, 2, firstChar, lastChar) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", line 66, in __goInference count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\blind\inference.py", line 489, in bisection val = getChar(index, asciiTbl) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\blind\inference.py", line 212, in getChar maxChar = maxValue = charTbl[-1]IndexError: list index out of range Best regards zhfkt |
|
From: Miroslav S. <mir...@gm...> - 2012-02-25 22:40:03
|
Hi. Thank you for your report and find it fixed with the latest commit (r4806). Kind regards, Miroslav Stampar On Sat, Feb 25, 2012 at 5:19 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > Will fix it ASAP. > > Kind regards > On Feb 25, 2012 2:26 PM, "Duarte Silva" <dua...@se...> > wrote: > >> Hi there, >> >> update to the last revision, got this bug while testing. >> >> sqlmap version: 1.0-dev (r4805) >> Python version: 2.7.2 >> Operating system: posix >> Command line: sqlmap.py -- >> url=******************************************************* -- >> proxy=********************* --random-agent --threads=3 --timeout=90 -- >> retries=10 --current-user --current-db --privileges >> Technique: None >> Back-end DBMS: None (identified) >> Traceback (most recent call last): >> File "/home/duartesilva/environment/sqlmap/_sqlmap.py", line 82, in main >> start() >> File "/home/duartesilva/environment/sqlmap/lib/controller/controller.py", >> line 341, in start >> setupTargetEnv() >> File "/home/duartesilva/environment/sqlmap/lib/core/target.py", line >> 416, in >> setupTargetEnv >> __resumeHashDBValues() >> File "/home/duartesilva/environment/sqlmap/lib/core/target.py", line >> 216, in >> __resumeHashDBValues >> kb.xpCmdshellAvailable = >> hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) >> or kb.xpCmdshellAvailable >> AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE' >> >> Regards, >> Duarte Silva >> >> ------------------------------------------------------------------------------ >> Virtualization & Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-02-25 22:39:45
|
Hi. Thank you for your report and find it fixed with the latest commit (r4806). Kind regards, Miroslav Stampar On Sat, Feb 25, 2012 at 7:22 PM, HGroup VN <hgr...@gm...> wrote: > [01:20:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4805), retry > your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4805) > Python version: 2.7.2+ > Operating system: posix > > Technique: None > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "/home/user/Desktop/sqlmap/_sqlmap.py", line 82, in main > start() > File "/home/user/Desktop/sqlmap/lib/controller/controller.py", line 341, > in start > setupTargetEnv() > File "/home/user/Desktop/sqlmap/lib/core/target.py", line 416, in > setupTargetEnv > __resumeHashDBValues() > File "/home/user/Desktop/sqlmap/lib/core/target.py", line 216, in > __resumeHashDBValues > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable > AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE' > > [*] shutting down at 01:20:50 > > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Ahmed S. <ah...@is...> - 2012-02-25 21:13:00
|
till the development team handle this issue edit line 216 in /home/user/Desktop/sqlmap/lib/controller/controller.py from kb.xpCmdshellAvailable =hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable to try: kb.xpCmdshellAvailable =hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable except AttributeError: pass On 2/25/12, Ahmed Shawky <ah...@is...> wrote: > till the development team handle this issue > edit line 216 in /home/user/Desktop/sqlmap/lib/controller/controller.py > from > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or > kb.xpCmdshellAvailable > > to > try: > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or > kb.xpCmdshellAvailable > except AttributeError: > pass > > > On 2/25/12, HGroup VN <hgr...@gm...> wrote: >> [01:20:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4805), >> retry >> your run with the latest development version from the Subversion >> repository. If the exception persists, please send by e-mail to >> sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the >> bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev (r4805) >> Python version: 2.7.2+ >> Operating system: posix >> >> Technique: None >> Back-end DBMS: MySQL (fingerprinted) >> Traceback (most recent call last): >> File "/home/user/Desktop/sqlmap/_sqlmap.py", line 82, in main >> start() >> File "/home/user/Desktop/sqlmap/lib/controller/controller.py", line >> 341, >> in start >> setupTargetEnv() >> File "/home/user/Desktop/sqlmap/lib/core/target.py", line 416, in >> setupTargetEnv >> __resumeHashDBValues() >> File "/home/user/Desktop/sqlmap/lib/core/target.py", line 216, in >> __resumeHashDBValues >> kb.xpCmdshellAvailable = >> hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or >> kb.xpCmdshellAvailable >> AttributeError: class HASHDB_KEYS has no attribute >> 'XP_CMDSHELL_AVAILABLE' >> >> [*] shutting down at 01:20:50 >> > > > -- > > > - Ahmed Shawky El-Antry > - lnxg33k owner "http://lnxg33k.wordpress.com" > - Isecur1ty team member"http://www.isecur1ty.org" > - Twitter @lnxg33k > -- - Ahmed Shawky El-Antry - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k |
|
From: HGroup VN <hgr...@gm...> - 2012-02-25 18:23:14
|
[01:20:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4805), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4805)
Python version: 2.7.2+
Operating system: posix
Technique: None
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/home/user/Desktop/sqlmap/_sqlmap.py", line 82, in main
start()
File "/home/user/Desktop/sqlmap/lib/controller/controller.py", line 341,
in start
setupTargetEnv()
File "/home/user/Desktop/sqlmap/lib/core/target.py", line 416, in
setupTargetEnv
__resumeHashDBValues()
File "/home/user/Desktop/sqlmap/lib/core/target.py", line 216, in
__resumeHashDBValues
kb.xpCmdshellAvailable =
hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable
AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE'
[*] shutting down at 01:20:50
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-25 16:19:06
|
Hi. Will fix it ASAP. Kind regards On Feb 25, 2012 2:26 PM, "Duarte Silva" <dua...@se...> wrote: > Hi there, > > update to the last revision, got this bug while testing. > > sqlmap version: 1.0-dev (r4805) > Python version: 2.7.2 > Operating system: posix > Command line: sqlmap.py -- > url=******************************************************* -- > proxy=********************* --random-agent --threads=3 --timeout=90 -- > retries=10 --current-user --current-db --privileges > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "/home/duartesilva/environment/sqlmap/_sqlmap.py", line 82, in main > start() > File "/home/duartesilva/environment/sqlmap/lib/controller/controller.py", > line 341, in start > setupTargetEnv() > File "/home/duartesilva/environment/sqlmap/lib/core/target.py", line 416, > in > setupTargetEnv > __resumeHashDBValues() > File "/home/duartesilva/environment/sqlmap/lib/core/target.py", line 216, > in > __resumeHashDBValues > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) > or kb.xpCmdshellAvailable > AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE' > > Regards, > Duarte Silva > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Duarte S. <dua...@se...> - 2012-02-25 13:26:11
|
Hi there,
update to the last revision, got this bug while testing.
sqlmap version: 1.0-dev (r4805)
Python version: 2.7.2
Operating system: posix
Command line: sqlmap.py --
url=******************************************************* --
proxy=********************* --random-agent --threads=3 --timeout=90 --
retries=10 --current-user --current-db --privileges
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "/home/duartesilva/environment/sqlmap/_sqlmap.py", line 82, in main
start()
File "/home/duartesilva/environment/sqlmap/lib/controller/controller.py",
line 341, in start
setupTargetEnv()
File "/home/duartesilva/environment/sqlmap/lib/core/target.py", line 416, in
setupTargetEnv
__resumeHashDBValues()
File "/home/duartesilva/environment/sqlmap/lib/core/target.py", line 216, in
__resumeHashDBValues
kb.xpCmdshellAvailable = hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE)
or kb.xpCmdshellAvailable
AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE'
Regards,
Duarte Silva |
|
From: Miroslav S. <mir...@gm...> - 2012-02-23 13:31:47
|
Hi.
Could you please retry with the latest revision together with
--flush-session?
If the problem persists could you please send privately a traffic.txt file
taken by that same command with appended -t traffic.txt --flush-session (or
--fresh-queries)?
Kind regards,
Miroslav Stampar
2012/2/21 朱冯贶天 <zh...@ho...>
> I met with the bug again. Debug info is:
>
> sqlmap version: 1.0-dev (r4770)
> Python version: 2.7.1
> Operating system: nt
> Command line: sqlmap.py -u
> *****************************************************
> ************************************************************** -v 3
> --text-only
> -o --threads=10 --drop-set-cookie --cookie
> *************************************
>
> ********************************************************************************
>
> ********************************************************************************
>
> ********************************************************************************
> ************************************** -D ************* --dump --risk 3
> Technique: ERROR
> Back-end DBMS: Microsoft SQL Server (fingerprinted)
> Traceback (most recent call last):
> File "D:\temp_workspace\PyLearning\src\sqlmap\_sqlmap.py", line 83, in
> main
> start()
> File
> "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\controller.py", l
> ine 565, in start
> action()
> File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\action.py",
> line
> 109, in action
> conf.dbmsHandler.dumpTable()
> File
> "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py",
> line 1762, in dumpTable
> conf.dumper.dbTableValues(kb.data.dumpedTable)
> File "D:\temp_workspace\PyLearning\src\sqlmap\lib\core\dump.py", line
> 458, in
> dbTableValues
> if re.search("^[\ *]*$", value):
> File "C:\Program Files\Python27\lib\re.py", line 142, in search
> return _compile(pattern, flags).search(string)
> TypeError: expected string or buffer
>
>
> Glad to hear from you.
> Thank you.
>
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-22 09:30:15
|
Hi buawig. As UNION ALL SELECT is usable only when joining two datasets (like in FULL inband/union injection) with the latest commit (r4776), UNION SELECT is used automatically in partial inband/union injection (solving your problem and maybe some other related) (e.g. id=-1 UNION SELECT ....) as there is no need for UNION ALL SELECT there (first dataset is dropped by that negative and/or random value). Kind regards, Miroslav Stampar p.s. more info about the difference between the two: http://blog.sqlauthority.com/2007/03/10/sql-server-union-vs-union-all-which-is-better-for-performance/ On Tue, Feb 21, 2012 at 9:12 PM, <bu...@gm...> wrote: > Hi, > > recently I had a union based sqli vulnerability that sqlmap was not able > to detect (I'm not sure if I used --level=4 but I think so). > > After having a look at sqlmap's requests by routing them through a proxy > I saw that the only difference between my manual tests and sqlmap's was > that sqlmap used "union all select" and I used "union select" > and it was only detectable/exploitable using "union select". > > My quick and dirty 'fix' was to do a automatic on-the-fly search and > replace of sqlmap's traffic with burp (replacing "union all select" with > "union select"), but I wanted to share this case with you and I thought > you might want to add some "union select" testcases if there are none. > (I'm sorry I don't remember the DBMS in question - it probably was mssql > but I'm not sure anymore.) > > kind regards, > buawig > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-02-22 06:46:20
|
P.s. http://support.microsoft.com/kb/240872 This is a classic permission error. I am more than keen to see how Havij does this. Waiting for your reply Kind regards, Miroslav Stampar On Feb 22, 2012 7:38 AM, "Miroslav Stampar" <mir...@gm...> wrote: > Hi. > > As there is no DBUSERNAME in the request I would say that the request is > not the problem here. Now, I am interested how Havij manages it though. > > Is there a way for you to provide me privately with either: target url or > untouched traffic file together with Burp log for Havij run against that > target? > > Without more info I won't be able to help you more > > Kind regards, > Miroslav Stampar > On Feb 21, 2012 10:25 PM, "John Booth" <sql...@ho...> wrote: > >> DBUSERNAME = database user name >> >> DATABASENAME = name of the current database >> >> >> let me know if this is not helpful or if you need the snippet of html >> (which is just the hopepage) >> >> >> HTTP request [#1]: >> >> POST /index.asp?action=auth HTTP/1.1 >> >> Accept-Encoding: identity >> >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> >> Host: site.com >> >> Accept-language: en-us,en;q=0.5 >> >> Pragma: no-cache >> >> Cache-control: no-cache,no-store >> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> >> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) >> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24 >> >> Connection: close >> >> >> UN=admin&PW=admin&x=0&y=0 >> >> >> HTTP response [#1] (200 OK): >> >> Content-length: 7091 >> >> X-powered-by: ASP.NET >> >> Set-cookie: sitecom=0; path=/, >> ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/ >> >> Age: 6 >> >> Uri: http://site.com:80/index.asp?action=auth >> >> Server: Microsoft-IIS/6.0 >> >> Connection: close >> >> Cache-control: private >> >> Date: Tue, 21 Feb 2012 21:15:23 GMT >> >> Content-type: text/html >> >> >> >> ** >> >> >> HTML OF HOMEPAGE - if relevant will add >> >> >> ** >> >> >> >> ############################################################################ >> >> >> HTTP request [#2]: >> >> POST /index.asp?action=auth HTTP/1.1 >> >> Accept-Encoding: identity >> >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> >> Host: site.com >> >> Accept-language: en-us,en;q=0.5 >> >> Pragma: no-cache >> >> Cache-control: no-cache,no-store >> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> >> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) >> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24 >> >> Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0 >> >> Connection: close >> >> >> UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2 >> 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN >> NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2 >> 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0 >> >> >> HTTP response [#2] (500 Internal Server Error): >> >> Content-length: 480 >> >> X-powered-by: ASP.NET >> >> Set-cookie: sitecom=0; path=/ >> >> Age: 2 >> >> Uri: http://www.site.com:80/index.asp?action=auth >> >> Server: Microsoft-IIS/6.0 >> >> Connection: close >> >> Cache-control: private, no-store >> >> Date: Tue, 21 Feb 2012 21:15:28 GMT >> >> Content-type: text/html >> >> >> >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> >> >> <html> >> >> <head> >> >> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> >> >> >> <font face="Arial" size=2> >> >> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial" >> size=2>error '80004005'</font> >> >> <p> >> >> <font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in >> database 'DATABASENAME'.</font> >> >> <p> >> >> <font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>, >> line 16</font> >> >> >> >> ############################################################################ >> >> >> |
48 messages has been excluded from this view by a project administrator.
