sqlmap-users Mailing List for sqlmap (Page 67)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-11 22:53:37
|
Lol. Sorry :) On Feb 11, 2012 11:36 PM, "Steven Pinkham" <ste...@gm...> wrote: > Miroslav Stampar wrote: > ... > > Kune retards > > Cell phone messages are the best kind of messages. ;-) > > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID CD31CAFB | > > > |
|
From: Steven P. <ste...@gm...> - 2012-02-11 22:37:04
|
Miroslav Stampar wrote: ... > Kune retards Cell phone messages are the best kind of messages. ;-) -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | |
|
From: godjil <ar...@so...> - 2012-02-11 10:06:17
|
[13:48:38] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4739),
retry your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any
information required to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4739)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***************************************
--threads 3 --level 5 --risk 3 --dbms mysql --random-agent --dump-all
Technique: TIME
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/home/godjil/Dropbox/hack/sqlmap/_sqlmap.py", line 83, in main
start()
File "/home/godjil/Dropbox/hack/sqlmap/lib/controller/controller.py",
line 566, in start
action()
File "/home/godjil/Dropbox/hack/sqlmap/lib/controller/action.py", line
112, in action
conf.dbmsHandler.dumpAll()
File
"/home/godjil/Dropbox/hack/sqlmap/plugins/generic/enumeration.py", line
1805, in dumpAll
self.getTables()
File
"/home/godjil/Dropbox/hack/sqlmap/plugins/generic/enumeration.py", line
832, in getTables
dbs = self.getDbs()
File
"/home/godjil/Dropbox/hack/sqlmap/plugins/generic/enumeration.py", line
757, in getDbs
count = inject.getValue(query, inband=False, error=False,
expected=EXPECTED.INT, charsetType=2)
File "/home/godjil/Dropbox/hack/sqlmap/lib/request/inject.py", line
471, in getValue
value = __goInferenceProxy(query, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar, dump)
File "/home/godjil/Dropbox/hack/sqlmap/lib/request/inject.py", line
324, in __goInferenceProxy
outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, resumeValue=resumeValue,
charsetType=charsetType, firstChar=firstChar, lastChar=lastChar,
dump=dump)
File "/home/godjil/Dropbox/hack/sqlmap/lib/request/inject.py", line
103, in __goInferenceFields
output = __goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar, dump)
File "/home/godjil/Dropbox/hack/sqlmap/lib/request/inject.py", line
66, in __goInference
count, value = bisection(payload, expression, length, charsetType,
firstChar, lastChar, dump)
File
"/home/godjil/Dropbox/hack/sqlmap/lib/techniques/blind/inference.py",
line 503, in bisection
val = getChar(index, asciiTbl)
File
"/home/godjil/Dropbox/hack/sqlmap/lib/techniques/blind/inference.py",
line 265, in getChar
if timeBasedCompare and not validateChar(idx, retVal):
File
"/home/godjil/Dropbox/hack/sqlmap/lib/techniques/blind/inference.py",
line 173, in validateChar
queriesCount[0] += 1
NameError: global name 'queriesCount' is not defined
[*] shutting down at 13:48:38
Best regards.
Softcase system administrator
Kochetkov Artem
ad...@so...
+7 495 988-34-56
+7 903 590-87-82
Wanna be free? use Linux.
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-11 08:42:35
|
Ok. Will look into that later. This moment not around computer. Kune retards On Feb 11, 2012 1:55 AM, "Iago Sousa" <146...@gm...> wrote: > I received this message in sqlmap (r4739): > GET parameter *** is vulnerable. Do you want to keep testing the others? > [Y/n] > > I think that message would make more sense: "Do you want to skip testing > the others?" > > Because If you choose the default value (Y) it skip the tests, do not > continue. > > It's all. > > []'s > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Miroslav S. <mir...@gm...> - 2012-02-11 08:41:21
|
Hi. Payload is a must because it's usable from practical point of view. It can be copy pasted into the browser and used right away. Vector is just a form how to make a payload. Sorry, but the final decision is like the way it is. Kind regards, Miroslav Stampar On Feb 10, 2012 9:15 PM, "Till Maas" <ope...@ti...> wrote: > Hi Miroslav, > > On Fri, Feb 10, 2012 at 03:59:39PM +0100, Miroslav Stampar wrote: > > > Basically, IMO average user doesn't care about anything but the data > > retrieval. But, nevertheless, find this "patch" included with the latest > > commit (r4735). You'll be able to see the vector if you use greater > verbose > > mode than the default 1 (e.g. -v 2). > > thank you for including the patch. But I would like to propose to change > payload and vector in the output. To me it looks more useful to display > the vector instead of the payload in a normal use case. The Payload > usually does not make it clear how a certain injection works and what it > does without the information what the vector is. Therefore I do not see > much value for the average user to see the payload without the vector. > But the vector is useful without knowing the payload imho, because the > actual values used for the payload are imho mainly useful for debugging. > > So my proposal is to show the vector instead of the payload by default > and only the payload if the verbosity is greater than 1. Or do you know > use cases for average users to know the payload? > > Regards > Till > |
|
From: Iago S. <146...@gm...> - 2012-02-11 00:54:58
|
I received this message in sqlmap (r4739): GET parameter *** is vulnerable. Do you want to keep testing the others? [Y/n] I think that message would make more sense: "Do you want to skip testing the others?" Because If you choose the default value (Y) it skip the tests, do not continue. It's all. []'s |
|
From: Till M. <ope...@ti...> - 2012-02-10 20:31:51
|
Hi Miroslav, On Fri, Feb 10, 2012 at 03:59:39PM +0100, Miroslav Stampar wrote: > Basically, IMO average user doesn't care about anything but the data > retrieval. But, nevertheless, find this "patch" included with the latest > commit (r4735). You'll be able to see the vector if you use greater verbose > mode than the default 1 (e.g. -v 2). thank you for including the patch. But I would like to propose to change payload and vector in the output. To me it looks more useful to display the vector instead of the payload in a normal use case. The Payload usually does not make it clear how a certain injection works and what it does without the information what the vector is. Therefore I do not see much value for the average user to see the payload without the vector. But the vector is useful without knowing the payload imho, because the actual values used for the payload are imho mainly useful for debugging. So my proposal is to show the vector instead of the payload by default and only the payload if the verbosity is greater than 1. Or do you know use cases for average users to know the payload? Regards Till |
|
From: Miroslav S. <mir...@gm...> - 2012-02-10 14:59:49
|
Hi Till. Basically, IMO average user doesn't care about anything but the data retrieval. But, nevertheless, find this "patch" included with the latest commit (r4735). You'll be able to see the vector if you use greater verbose mode than the default 1 (e.g. -v 2). Kind regards, Miroslav Stampar On Thu, Feb 9, 2012 at 10:59 PM, Till Maas <ope...@ti...> wrote: > Hi, > > sqlmap currently only shows by default the payload that was used to > identify > a certain injection method. There usually information like random numbers > are included. To better understand what sqlmap is doing I want to propose > to > include the raw payload also known as vector in the info. Please see the > attached patch for this. > > Kind regards > Till > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-02-08 13:41:35
|
Hi Anastasios.
Thank you for your report and find it fixed with the latest commit (r4729).
Kind regards,
Miroslav Stampar
On Mon, Feb 6, 2012 at 11:42 PM, Anastasios Monachos
<ana...@gm...>wrote:
> [00:35:35] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4718), retry
> your run with the latest development version from the Subversion
> repository. If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4718)
> Python version: 2.7.1
> Operating system: posix
> Command line: ./sqlmap.py -u ***************************** -p
> acc--cookie=****************************** -b
> Technique: None
> Back-end DBMS: IBM DB2 (fingerprinted)
> Traceback (most recent call last):
> File "/svn/sqlmap/_sqlmap.py", line 83, in main
> start()
> File "/svn/sqlmap/lib/controller/controller.py", line 563, in start
> action()
> File "/svn/sqlmap/lib/controller/action.py", line 61, in action
> conf.dumper.banner(conf.dbmsHandler.getBanner())
> File "/svn/sqlmap/plugins/generic/enumeration.py", line 106, in getBanner
> if Backend.isDbms(DBMS.DB2) and
> int(Backend.getVersion().split(".")[0]) < 9:
> ValueError: invalid literal for int() with base 10: 'Unknown'
>
> [*] shutting down at 00:35:35
>
>
> Thanks!
> --
> AM (secuid0)
> Key ID: 0x5EB17EE7
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-07 14:43:44
|
Hi Johnny.
Thank you for your report and find it fixed with the latest r4723.
Kind regards,
Miroslav Stampar
On Tue, Feb 7, 2012 at 1:50 PM, Johnny Venter <Joh...@zo...>wrote:
> Received the following error:
>
> [07:46:41] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4722), retry
> your run with the latest development version from the Subversion
> repository. If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4722)
> Python version: 2.6.1
> Operating system: posix
> Command line: ./sqlmap.py -u *** --dbms=oracle
> Technique: UNION
> Back-end DBMS: Oracle (identified)
> Traceback (most recent call last):
> File "/sqlmap-dev/_sqlmap.py", line 83, in main
> start()
> File "/sqlmap-dev/lib/controller/controller.py", line 461, in start
> injection = checkSqlInjection(place, parameter, value)
> File "/sqlmap-dev/lib/controller/checks.py", line 421, in
> checkSqlInjection
> reqPayload, vector = unionTest(comment, place, parameter, value,
> prefix, suffix)
> File "/sqlmap-dev/lib/techniques/union/test.py", line 297, in unionTest
> validPayload, vector = __unionTestByCharBruteforce(comment, place,
> parameter, value, prefix, suffix)
> File "/sqlmap-dev/lib/techniques/union/test.py", line 257, in
> __unionTestByCharBruteforce
> count = __findUnionCharCount(comment, place, parameter, value, prefix,
> suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else
> PAYLOAD.WHERE.NEGATIVE)
> File "/sqlmap-dev/lib/techniques/union/test.py", line 110, in
> __findUnionCharCount
> query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix,
> kb.uChar)
> File "/sqlmap-dev/lib/core/agent.py", line 579, in forgeInbandQuery
> if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and
> inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
> NameError: global name 'FROM_TABLE' is not defined
>
> [*] shutting down at 07:46:41
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Johnny V. <Joh...@zo...> - 2012-02-07 12:50:18
|
Received the following error:
[07:46:41] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4722), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4722)
Python version: 2.6.1
Operating system: posix
Command line: ./sqlmap.py -u *** --dbms=oracle
Technique: UNION
Back-end DBMS: Oracle (identified)
Traceback (most recent call last):
File "/sqlmap-dev/_sqlmap.py", line 83, in main
start()
File "/sqlmap-dev/lib/controller/controller.py", line 461, in start
injection = checkSqlInjection(place, parameter, value)
File "/sqlmap-dev/lib/controller/checks.py", line 421, in checkSqlInjection
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
File "/sqlmap-dev/lib/techniques/union/test.py", line 297, in unionTest
validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
File "/sqlmap-dev/lib/techniques/union/test.py", line 257, in __unionTestByCharBruteforce
count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE)
File "/sqlmap-dev/lib/techniques/union/test.py", line 110, in __findUnionCharCount
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
File "/sqlmap-dev/lib/core/agent.py", line 579, in forgeInbandQuery
if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
NameError: global name 'FROM_TABLE' is not defined
[*] shutting down at 07:46:41 |
|
From: Miroslav S. <mir...@gm...> - 2012-02-07 11:41:35
|
Hi all.
Could somebody please provide (in private) with some example where this is
manifesting:
Traceback (most recent call last):
File "/usr/local/lib/python2.6/logging/__init__.py", line 799, in emit
stream.write(fs % msg.encode("UTF-8"))
Thing is that this is a known issue for some time, but as it's happening at
the low level it's hard to reproduce (no usual stack trace).
Kind regards,
Miroslav Stampar
|
|
From: Anastasios M. <ana...@gm...> - 2012-02-06 22:43:05
|
[00:35:35] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4718), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4718)
Python version: 2.7.1
Operating system: posix
Command line: ./sqlmap.py -u ***************************** -p
acc--cookie=****************************** -b
Technique: None
Back-end DBMS: IBM DB2 (fingerprinted)
Traceback (most recent call last):
File "/svn/sqlmap/_sqlmap.py", line 83, in main
start()
File "/svn/sqlmap/lib/controller/controller.py", line 563, in start
action()
File "/svn/sqlmap/lib/controller/action.py", line 61, in action
conf.dumper.banner(conf.dbmsHandler.getBanner())
File "/svn/sqlmap/plugins/generic/enumeration.py", line 106, in getBanner
if Backend.isDbms(DBMS.DB2) and int(Backend.getVersion().split(".")[0])
< 9:
ValueError: invalid literal for int() with base 10: 'Unknown'
[*] shutting down at 00:35:35
Thanks!
--
AM (secuid0)
Key ID: 0x5EB17EE7
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-05 17:26:19
|
Hi Lorenzo. You are using fairly outdated version. Please checkout the latest v1.0-dev from our repository. Search for more info at official page www.sqlmap.org. Kind regards, Miroslav Stampar On Feb 5, 2012 2:05 PM, "Lorenzo Mainardi" <lor...@gm...> wrote: > [14:02:47] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developers will fix it as soon > as possible: > sqlmap version: 0.6.4 > Python version: 2.7.2+ > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 78, in main > init(cmdLineOptions) > File "/usr/share/sqlmap/lib/core/option.py", line 770, in init > update() > File "/usr/share/sqlmap/lib/core/update.py", line 349, in update > __updateSqlmap() > File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap > logger.errMsg(errMsg) > AttributeError: 'Logger' object has no attribute 'errMsg' > > [*] shutting down at: 14:02:47 > > -- > LORENZO MAINARDI > http://about.me/lormayna > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Anastasios M. <ana...@gm...> - 2012-02-05 13:26:34
|
Looks fixed in r4717 try http://downloads.sourceforge.net/sqlmap/sqlmap-0.9.tar.gz or fetch the dev, svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmapsqlmap-dev On 5 February 2012 15:04, Lorenzo Mainardi <lor...@gm...> wrote: > [14:02:47] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developers will fix it as soon > as possible: > sqlmap version: 0.6.4 > Python version: 2.7.2+ > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 78, in main > init(cmdLineOptions) > File "/usr/share/sqlmap/lib/core/option.py", line 770, in init > update() > File "/usr/share/sqlmap/lib/core/update.py", line 349, in update > __updateSqlmap() > File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap > logger.errMsg(errMsg) > AttributeError: 'Logger' object has no attribute 'errMsg' > > [*] shutting down at: 14:02:47 > > -- > LORENZO MAINARDI > http://about.me/lormayna > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- AM (secuid0) Key ID: 0x5EB17EE7 |
|
From: Lorenzo M. <lor...@gm...> - 2012-02-05 13:04:31
|
[14:02:47] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developers will fix it as soon
as possible:
sqlmap version: 0.6.4
Python version: 2.7.2+
Operating system: linux2
Traceback (most recent call last):
File "/usr/bin/sqlmap", line 78, in main
init(cmdLineOptions)
File "/usr/share/sqlmap/lib/core/option.py", line 770, in init
update()
File "/usr/share/sqlmap/lib/core/update.py", line 349, in update
__updateSqlmap()
File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap
logger.errMsg(errMsg)
AttributeError: 'Logger' object has no attribute 'errMsg'
[*] shutting down at: 14:02:47
--
LORENZO MAINARDI
http://about.me/lormayna
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-01 10:46:22
|
Hi again. This was "patched" with the latest r4702, but nevertheless, I would like to see what's causing this. You are more then welcome to send a traffic file of that problematic run. Kind regards, Miroslav Stampar 2012/2/1 Miroslav Stampar <mir...@gm...> > Hi. > > This one is an interesting case. It appears that it returns multiple > results for the same query in the output web page result. Problem is that > we are already watching for "duplicates" but this is something new. > > Could you please return traffic file for that same program run with > appended options: -t traffic.txt --fresh-queries? > > Kind regards, > Miroslav Stampar > > 2012/1/31 朱冯贶天 <zh...@ho...> > >> Hello, >> >> I met with a bug when I was using sqlmap. It suggested that I sent by >> email with feedback to you. >> >> >> Debug info is : >> >> [23:14:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your >> run with >> the latest development version from the Subversion repository. If the >> exception >> persists, please send by e-mail to sql...@li...the follo >> wing text and any information required to reproduce the bug. The >> developers will >> try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev >> Python version: 2.7.1 >> Operating system: nt >> Command line: sqlmap.py -u >> ***************************************************** >> ************** -v 3 --text-only -o --threads=10 -D ** --start 1 --stop 5 >> --dump >> Technique: UNION >> Back-end DBMS: Oracle (fingerprinted) >> Traceback (most recent call last): >> File "D:\temp_workspace\PyLearning\src\sqlmap\_sqlmap.py", line 83, in >> main >> start() >> File >> "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\controller.py", l >> ine 563, in start >> action() >> File >> "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\action.py", line >> 109, in action >> conf.dbmsHandler.dumpTable() >> File >> "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", >> line 1558, in dumpTable >> self.getColumns(onlyColNames=True) >> File >> "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", >> line 1138, in getColumns >> value = inject.getValue(query, blind=False) >> File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", >> line 435 >> , in getValue >> value = __goInband(query, expected, unique, resumeValue, unpack, dump) >> File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", >> line 383 >> , in __goInband >> output = unionUse(expression, unpack=unpack, dump=dump) >> File >> "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\union\use.py", li >> ne 254, in unionUse >> elif count and not count.isdigit(): >> AttributeError: 'BigArray' object has no attribute 'isdigit' >> >> [*] shutting down at 23:14:12 >> >> >> Glad to hear from you. >> >> Thank you. >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-02-01 10:37:24
|
Hi. This one is an interesting case. It appears that it returns multiple results for the same query in the output web page result. Problem is that we are already watching for "duplicates" but this is something new. Could you please return traffic file for that same program run with appended options: -t traffic.txt --fresh-queries? Kind regards, Miroslav Stampar 2012/1/31 朱冯贶天 <zh...@ho...> > Hello, > > I met with a bug when I was using sqlmap. It suggested that I sent by > email with feedback to you. > > > Debug info is : > > [23:14:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with > the latest development version from the Subversion repository. If the > exception > persists, please send by e-mail to sql...@li...the follo > wing text and any information required to reproduce the bug. The > developers will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.1 > Operating system: nt > Command line: sqlmap.py -u > ***************************************************** > ************** -v 3 --text-only -o --threads=10 -D ** --start 1 --stop 5 > --dump > Technique: UNION > Back-end DBMS: Oracle (fingerprinted) > Traceback (most recent call last): > File "D:\temp_workspace\PyLearning\src\sqlmap\_sqlmap.py", line 83, in > main > start() > File > "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\controller.py", l > ine 563, in start > action() > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\action.py", > line > 109, in action > conf.dbmsHandler.dumpTable() > File > "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", > line 1558, in dumpTable > self.getColumns(onlyColNames=True) > File > "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", > line 1138, in getColumns > value = inject.getValue(query, blind=False) > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", > line 435 > , in getValue > value = __goInband(query, expected, unique, resumeValue, unpack, dump) > File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", > line 383 > , in __goInband > output = unionUse(expression, unpack=unpack, dump=dump) > File > "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\union\use.py", li > ne 254, in unionUse > elif count and not count.isdigit(): > AttributeError: 'BigArray' object has no attribute 'isdigit' > > [*] shutting down at 23:14:12 > > > Glad to hear from you. > > Thank you. > > > > > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-02-01 10:00:23
|
Hi.
That crash should be fixed with the latest commit (r4700).
Kind regards,
Miroslav Stampar
On Tue, Jan 31, 2012 at 3:32 PM, Miroslav Stampar <
mir...@gm...> wrote:
> Hi.
>
> Sorry to you and to all, but I won't be able to go through all the issues
> today. I'll try to do it tomorrow morning.
>
> Kind regards,
> Miroslav Stampar
> On Jan 31, 2012 3:27 PM, "black zero" <tim...@gm...> wrote:
>
>> Not working postgresql DB select and extract tables "auto selected name
>> public database" and columns in value query what is problem?
>>
>> i'm changed plugins/dbms/postgresql/fingerprint.py
>> if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
>> conf.db = "public"
>>
>> but this is not the solution
>> What should be done? thanks :)
>>
>> sqlmap version: 1.0-dev (r4697)
>> Python version: 2.7.2+
>> Operating system: posix
>> Command line: sqlmap.py -u
>> ********************************************************** --user-agent
>> Googlebot --technique U --dbms postgresql --string Proxy -v 3 --threads 5
>> --sql-shell
>> Technique: UNION
>> Back-end DBMS: PostgreSQL (fingerprinted)
>> Traceback (most recent call last):
>> File "/home/z00/sqlmap-dev/_sqlmap.py", line 83, in main
>> start()
>> File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 563, in
>> start
>> action()
>> File "/home/z00/sqlmap-dev/lib/controller/action.py", line 121, in
>> action
>> conf.dbmsHandler.sqlShell()
>> File "/home/z00/sqlmap-dev/plugins/generic/enumeration.py", line 2455,
>> in sqlShell
>> output = self.sqlQuery(query)
>> File "/home/z00/sqlmap-dev/plugins/generic/enumeration.py", line 2401,
>> in sqlQuery
>> output = inject.getValue(query, fromUser=True)
>> File "/home/z00/sqlmap-dev/lib/request/inject.py", line 435, in getValue
>> value = __goInband(query, expected, unique, resumeValue, unpack, dump)
>> File "/home/z00/sqlmap-dev/lib/request/inject.py", line 383, in
>> __goInband
>> output = unionUse(expression, unpack=unpack, dump=dump)
>> File "/home/z00/sqlmap-dev/lib/techniques/union/use.py", line 232, in
>> unionUse
>> untilOrderChar = countedExpression.index(" ORDER BY ")
>> ValueError: substring not found
>>
>> [*] shutting down at 16:17:43
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Keep Your Developer Skills Current with LearnDevNow!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-d2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2012-02-01 09:30:47
|
Hi. You've most probably forgot to enclose the -u inside double quotes, like this: python sqlmap.py -u "...index.php?site=x&id=2" -p id Kind regards, Miroslav Stampar On Wed, Feb 1, 2012 at 10:23 AM, Aaaa Bbbb <rps...@ho...>wrote: > Hi... > > I would like to choose the parameter to be tested, i have a url > index.php?site=x&id=2, i would like to test just the "id" parameter, > i've tried "-p id" but i received the error "[WARNING] the testable > parameter 'id' you provided is not inside the GET". > > Thx for your help, sorry for my bad english. > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Aaaa B. <rps...@ho...> - 2012-02-01 09:23:39
|
Hi... I would like to choose the parameter to be tested, i have a url index.php?site=x&id=2, i would like to test just the "id" parameter, i've tried "-p id" but i received the error "[WARNING] the testable parameter 'id' you provided is not inside the GET". Thx for your help, sorry for my bad english. |
|
From: 朱冯贶天 <zh...@ho...> - 2012-01-31 15:25:13
|
Hello, I met with a bug when I was using sqlmap. It suggested that I sent by email with feedback to you. Debug info is : [23:14:12] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.sqlmap version: 1.0-devPython version: 2.7.1Operating system: ntCommand line: sqlmap.py -u ******************************************************************* -v 3 --text-only -o --threads=10 -D ** --start 1 --stop 5 --dumpTechnique: UNIONBack-end DBMS: Oracle (fingerprinted)Traceback (most recent call last): File "D:\temp_workspace\PyLearning\src\sqlmap\_sqlmap.py", line 83, in main start() File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\controller.py", line 563, in start action() File "D:\temp_workspace\PyLearning\src\sqlmap\lib\controller\action.py", line109, in action conf.dbmsHandler.dumpTable() File "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", line 1558, in dumpTable self.getColumns(onlyColNames=True) File "D:\temp_workspace\PyLearning\src\sqlmap\plugins\generic\enumeration.py", line 1138, in getColumns value = inject.getValue(query, blind=False) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", line 435, in getValue value = __goInband(query, expected, unique, resumeValue, unpack, dump) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\request\inject.py", line 383, in __goInband output = unionUse(expression, unpack=unpack, dump=dump) File "D:\temp_workspace\PyLearning\src\sqlmap\lib\techniques\union\use.py", line 254, in unionUse elif count and not count.isdigit():AttributeError: 'BigArray' object has no attribute 'isdigit' [*] shutting down at 23:14:12 Glad to hear from you. Thank you. |
|
From: Miroslav S. <mir...@gm...> - 2012-01-31 14:32:18
|
Hi.
Sorry to you and to all, but I won't be able to go through all the issues
today. I'll try to do it tomorrow morning.
Kind regards,
Miroslav Stampar
On Jan 31, 2012 3:27 PM, "black zero" <tim...@gm...> wrote:
> Not working postgresql DB select and extract tables "auto selected name
> public database" and columns in value query what is problem?
>
> i'm changed plugins/dbms/postgresql/fingerprint.py
> if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
> conf.db = "public"
>
> but this is not the solution
> What should be done? thanks :)
>
> sqlmap version: 1.0-dev (r4697)
> Python version: 2.7.2+
> Operating system: posix
> Command line: sqlmap.py -u
> ********************************************************** --user-agent
> Googlebot --technique U --dbms postgresql --string Proxy -v 3 --threads 5
> --sql-shell
> Technique: UNION
> Back-end DBMS: PostgreSQL (fingerprinted)
> Traceback (most recent call last):
> File "/home/z00/sqlmap-dev/_sqlmap.py", line 83, in main
> start()
> File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 563, in
> start
> action()
> File "/home/z00/sqlmap-dev/lib/controller/action.py", line 121, in action
> conf.dbmsHandler.sqlShell()
> File "/home/z00/sqlmap-dev/plugins/generic/enumeration.py", line 2455,
> in sqlShell
> output = self.sqlQuery(query)
> File "/home/z00/sqlmap-dev/plugins/generic/enumeration.py", line 2401,
> in sqlQuery
> output = inject.getValue(query, fromUser=True)
> File "/home/z00/sqlmap-dev/lib/request/inject.py", line 435, in getValue
> value = __goInband(query, expected, unique, resumeValue, unpack, dump)
> File "/home/z00/sqlmap-dev/lib/request/inject.py", line 383, in
> __goInband
> output = unionUse(expression, unpack=unpack, dump=dump)
> File "/home/z00/sqlmap-dev/lib/techniques/union/use.py", line 232, in
> unionUse
> untilOrderChar = countedExpression.index(" ORDER BY ")
> ValueError: substring not found
>
> [*] shutting down at 16:17:43
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
|
From: black z. <tim...@gm...> - 2012-01-31 14:26:53
|
Not working postgresql DB select and extract tables "auto selected name
public database" and columns in value query what is problem?
i'm changed plugins/dbms/postgresql/fingerprint.py
if conf.db not in PGSQL_SYSTEM_DBS and conf.db != "public":
conf.db = "public"
but this is not the solution
What should be done? thanks :)
sqlmap version: 1.0-dev (r4697)
Python version: 2.7.2+
Operating system: posix
Command line: sqlmap.py -u
********************************************************** --user-agent
Googlebot --technique U --dbms postgresql --string Proxy -v 3 --threads 5
--sql-shell
Technique: UNION
Back-end DBMS: PostgreSQL (fingerprinted)
Traceback (most recent call last):
File "/home/z00/sqlmap-dev/_sqlmap.py", line 83, in main
start()
File "/home/z00/sqlmap-dev/lib/controller/controller.py", line 563, in
start
action()
File "/home/z00/sqlmap-dev/lib/controller/action.py", line 121, in action
conf.dbmsHandler.sqlShell()
File "/home/z00/sqlmap-dev/plugins/generic/enumeration.py", line 2455, in
sqlShell
output = self.sqlQuery(query)
File "/home/z00/sqlmap-dev/plugins/generic/enumeration.py", line 2401, in
sqlQuery
output = inject.getValue(query, fromUser=True)
File "/home/z00/sqlmap-dev/lib/request/inject.py", line 435, in getValue
value = __goInband(query, expected, unique, resumeValue, unpack, dump)
File "/home/z00/sqlmap-dev/lib/request/inject.py", line 383, in __goInband
output = unionUse(expression, unpack=unpack, dump=dump)
File "/home/z00/sqlmap-dev/lib/techniques/union/use.py", line 232, in
unionUse
untilOrderChar = countedExpression.index(" ORDER BY ")
ValueError: substring not found
[*] shutting down at 16:17:43
|
|
From: Miroslav S. <mir...@gm...> - 2012-01-30 12:56:35
|
Hi David. Thank you for your report and find it fixed with the latest commit (r4693). Kind regards, Miroslav Stampar On Mon, Jan 30, 2012 at 12:22 PM, David Alvarez <dav...@gm...>wrote: > Hi Miroslav, > > Thank you for your response! > > "INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests. > great! > > Now, I report you an unhandled exception found during the test: > *[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you.* > *sqlmap version: 1.0-dev (r4692)* > *Python version: 2.6.6* > *Operating system: posix* > *Command line: sqlmap.py -u > ************************************************************************************************************************************************************************* > --data ******************************************************* -p param > --cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1 > --safe-url=*************************************** --tables* > *Technique: BOOLEAN* > *Back-end DBMS: IBM DB2 (fingerprinted)* > *Traceback (most recent call last):* > * File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main* > * start()* > * File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563, > in start * > * action()* > * File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in > action * > * conf.dumper.dbTables(conf.dbmsHandler.getTables())* > * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833, > in getTables* > * dbs = self.getDbs()* > * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777, > in getDbs* > * db = inject.getValue(query, inband=False, error=False)* > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in > getValue* > * value = __goInferenceProxy(query, fromUser, expected, batch, > resumeValue, unpack, charsetType, firstChar, lastChar, dump)* > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in > __goInferenceProxy* > * outputs = __goInferenceFields(expression, expressionFields, > expressionFieldsList, payload, expected, resumeValue=resumeValue, > charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) > * > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in > __goInferenceFields* > * output = __goInference(payload, expressionReplaced, charsetType, > firstChar, lastChar, dump)* > * File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in > __goInference * > * count, value = bisection(payload, expression, length, charsetType, > firstChar, lastChar, dump)* > * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line > 497, in bisection* > * val = getChar(index, asciiTbl)* > * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line > 214, in getChar* > * unescapedCharValue = unescaper.unescape(markingValue % > decodeIntToUnicode(posValue))* > *TypeError: %c requires int or char* > > Kind Regards, > David Alvarez > > On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi David. >> >> Fact is that we rely that DBMS won't return a proper character on a >> request for "substring" on non-valid index and that works ok for most of >> today's DBMSes. >> >> But, also we do have a check for these kind of cases. If there is more >> than some predefined number of spaces at the end of the retrieved value we >> just abruptly abort with that value, trim spaces from the end and continue >> on with the next item. >> >> Thing is that that "breaking" value is currently (r4692) set to 10 and if >> you think that's too high for your case you are more than welcome to adjust >> it to your needs. Just go to the lib/core/settings.py and change line: >> >> INFERENCE_BLANK_BREAK = 10 >> >> to something more appropriate for your needs (e.g. 3) >> >> Kind regards, >> Miroslav Stampar >> >> On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez < >> dav...@gm...> wrote: >> >>> Hello, >>> >>> There is a sql injection in an IBM DB2 9.1. I'm using an AND >>> boolean-based blind injection. The problem is that sqlmap doesn't check >>> properly the end of the string and go in loop getting space chars as result. >>> >>> I'm using the latest version of sqlmap (r4690). >>> >>> How could I resolve it? >>> >>> Regards, >>> David Alvarez >>> >>> >>> ------------------------------------------------------------------------------ >>> Try before you buy = See our experts in action! >>> The most comprehensive online learning library for Microsoft developers >>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >>> Metro Style Apps, more. Free future releases when you subscribe now! >>> http://p.sf.net/sfu/learndevnow-dev2 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > -- Miroslav Stampar http://about.me/stamparm |
48 messages has been excluded from this view by a project administrator.
