sqlmap-users Mailing List for sqlmap (Page 75)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Jacco v. T. <jac...@gm...> - 2011-11-28 18:30:07
|
[13:27:26] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4552), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4552)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py -u *********************************************
--tor --random-agent --exclude-sysdb --dbms=mysql --level=5 --risk=5
--technique=B -o --sql-query=select name,password from abc_user
Technique: BOOLEAN
Back-end DBMS: MySQL (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/sqlmap/_sqlmap.py", line 86, in main
start()
File "/pentest/database/sqlmap/sqlmap/lib/controller/controller.py", line
478, in start
injection = checkSqlInjection(place, parameter, value)
File "/pentest/database/sqlmap/sqlmap/lib/controller/checks.py", line
344, in checkSqlInjection
trueResult = Request.queryPage(reqPayload, place, raise404=False)
File "/pentest/database/sqlmap/sqlmap/lib/request/connect.py", line 709,
in queryPage
page, headers, code = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, referer=referer, silent=silent, method=method,
auxHeaders=auxHeaders, response=response, raise404=raise404,
ignoreTimeout=timeBasedCompare)
File "/pentest/database/sqlmap/sqlmap/lib/request/connect.py", line 301,
in getPage
conn = urllib2.urlopen(req)
File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.6/urllib2.py", line 391, in open
response = self._open(req, data)
File "/usr/lib/python2.6/urllib2.py", line 409, in _open
'_open', req)
File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
File "/pentest/database/sqlmap/sqlmap/extra/keepalive/keepalive.py", line
209, in http_open
return self.do_open(HTTPConnection, req)
File "/pentest/database/sqlmap/sqlmap/extra/keepalive/keepalive.py", line
182, in do_open
self._start_connection(h, req)
File "/pentest/database/sqlmap/sqlmap/extra/keepalive/keepalive.py", line
141, in _start_connection
h.endheaders()
File "/pentest/database/sqlmap/sqlmap/extra/keepalive/keepalive.py", line
336, in endheaders
self._send_output()
File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
File "/pentest/database/sqlmap/sqlmap/extra/keepalive/keepalive.py", line
339, in send
httplib.HTTPConnection.send(self, unicodeencode(str, kb.pageEncoding))
File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
File "/usr/lib/python2.6/httplib.py", line 716, in connect
self.timeout)
File "/usr/lib/python2.6/socket.py", line 507, in create_connection
sock.connect(sa)
File "/pentest/database/sqlmap/sqlmap/extra/socks/socks.py", line 369, in
connect
self.__negotiatesocks5(destpair[0], destpair[1])
File "/pentest/database/sqlmap/sqlmap/extra/socks/socks.py", line 236, in
__negotiatesocks5
raise Socks5Error((ord(resp[1:2]), _socks5errors[ord(resp[1:2])]))
Socks5Error: (1, 'general SOCKS server failure')
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-28 11:13:43
|
Hi Jacco.
Thank you for your report and find it fixed in the latest revision (r4551).
Kind regards
On Mon, Nov 28, 2011 at 9:36 AM, Jacco van Tuijl <jac...@gm...>wrote:
> [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4550), retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4550)
> Python version: 2.6.5
> Operating system: posix
> Command line: sqlmap.py -u *********************************************
> --tor --random-agent --exclude-sysdb --dbms=mysql -o --sql-query=select
> name,password from user
> Technique: TIME
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "/pentest/database/sqlmap/sqlmap/_sqlmap.py", line 86, in main
> start()
> File "/pentest/database/sqlmap/sqlmap/lib/controller/controller.py",
> line 580, in start
> action()
> File "/pentest/database/sqlmap/sqlmap/lib/controller/action.py", line
> 118, in action
> conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
> File "/pentest/database/sqlmap/sqlmap/plugins/generic/enumeration.py",
> line 2379, in sqlQuery
> output = inject.getValue(query, fromUser=True)
> File "/pentest/database/sqlmap/sqlmap/lib/request/inject.py", line 470,
> in getValue
> value = __goInferenceProxy(query, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar, dump)
> File "/pentest/database/sqlmap/sqlmap/lib/request/inject.py", line 238,
> in __goInferenceProxy
> count = __goInference(payload, countedExpression, 2, firstChar,
> lastChar)
> File "/pentest/database/sqlmap/sqlmap/lib/request/inject.py", line 67,
> in __goInference
> count, value = bisection(payload, expression, length, charsetType,
> firstChar, lastChar, dump)
> File
> "/pentest/database/sqlmap/sqlmap/lib/techniques/blind/inference.py", line
> 504, in bisection
> val = getChar(index, asciiTbl)
> File
> "/pentest/database/sqlmap/sqlmap/lib/techniques/blind/inference.py", line
> 219, in getChar
> result = Request.queryPage(forgedPayload,
> timeBasedCompare=timeBasedCompare, raise404=False)
> File "/pentest/database/sqlmap/sqlmap/lib/request/connect.py", line 666,
> in queryPage
> Connect.queryPage(content=True)
> File "/pentest/database/sqlmap/sqlmap/lib/request/connect.py", line 562,
> in queryPage
> if place != PLACE.URI or ('?' in value and value.find('?') <
> value.find(payload)):
> TypeError: argument of type 'NoneType' is not iterable
>
> [*] shutting down at 03:33:25
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Jacco v. T. <jac...@gm...> - 2011-11-28 08:36:32
|
[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4550), retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4550)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py -u *********************************************
--tor --random-agent --exclude-sysdb --dbms=mysql -o --sql-query=select
name,password from user
Technique: TIME
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/pentest/database/sqlmap/sqlmap/_sqlmap.py", line 86, in main
start()
File "/pentest/database/sqlmap/sqlmap/lib/controller/controller.py", line
580, in start
action()
File "/pentest/database/sqlmap/sqlmap/lib/controller/action.py", line
118, in action
conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
File "/pentest/database/sqlmap/sqlmap/plugins/generic/enumeration.py",
line 2379, in sqlQuery
output = inject.getValue(query, fromUser=True)
File "/pentest/database/sqlmap/sqlmap/lib/request/inject.py", line 470,
in getValue
value = __goInferenceProxy(query, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar, dump)
File "/pentest/database/sqlmap/sqlmap/lib/request/inject.py", line 238,
in __goInferenceProxy
count = __goInference(payload, countedExpression, 2, firstChar,
lastChar)
File "/pentest/database/sqlmap/sqlmap/lib/request/inject.py", line 67, in
__goInference
count, value = bisection(payload, expression, length, charsetType,
firstChar, lastChar, dump)
File "/pentest/database/sqlmap/sqlmap/lib/techniques/blind/inference.py",
line 504, in bisection
val = getChar(index, asciiTbl)
File "/pentest/database/sqlmap/sqlmap/lib/techniques/blind/inference.py",
line 219, in getChar
result = Request.queryPage(forgedPayload,
timeBasedCompare=timeBasedCompare, raise404=False)
File "/pentest/database/sqlmap/sqlmap/lib/request/connect.py", line 666,
in queryPage
Connect.queryPage(content=True)
File "/pentest/database/sqlmap/sqlmap/lib/request/connect.py", line 562,
in queryPage
if place != PLACE.URI or ('?' in value and value.find('?') <
value.find(payload)):
TypeError: argument of type 'NoneType' is not iterable
[*] shutting down at 03:33:25
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-25 08:50:17
|
Hi. There is a difference between FULL and PARTIAL union injections. With full you can get the content of whole table with one query, while in partial you have to go row by row. There should be no difference between 0.9 and 1.0 in retrieveing Kind regards On Fri, Nov 25, 2011 at 2:59 AM, Iago Sousa <146...@gm...> wrote: > It's normal? > > In sqlmap0.9, some websites we could get information by union, like > group_concat; it took all the information inside the DB with one query. > > In sqlmap1.0/dev, it's very slow, gettin' info one-by-one char; I've that > use 2 or more threads. > > My english is not so good, I'm learning yet. > -- > Iago Sousa > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Iago S. <146...@gm...> - 2011-11-25 01:59:34
|
It's normal? In sqlmap0.9, some websites we could get information by union, like group_concat; it took all the information inside the DB with one query. In sqlmap1.0/dev, it's very slow, gettin' info one-by-one char; I've that use 2 or more threads. My english is not so good, I'm learning yet. -- Iago Sousa |
|
From: Iago S. <146...@gm...> - 2011-11-24 12:16:37
|
Great! On Wed, Nov 23, 2011 at 7:20 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi everybody. > > This moment there was a commit switching TOR support from HTTP proxy > (e.g.: Polipo, Privoxy,...) to SOCKS proxy (directly toward TOR service). > > This was done because of two important things: > 1) HTTP proxies between TOR and the user tend to do mischievousness deeds, > like filtering some "suspicious" spam-like page content or stripping pages. > Anyway, this was doing very bad things toward sqlmap in some cases (to be > exact, Privoxy is really the worst example) > > 2) Maybe the most important "why" is the tendency of some of those HTTP > proxies to somehow loose the "use Tor's SOCKS proxy at localhost:9050" > every here and there completely leaving you without the "anonymity" that > TOR offers. This was causing major headache to me and to be honest, I don't > want anyone to loose "privacy" because of this kind of Polipo or Privoxy > behavior. Hence the switch --check-tor which was added for you to be able > to check for yourself if you were "loosing" the anonymity because of > similar behavior. With SOCKS proxy utilization sqlmap will now directly > communicate with the TOR service giving you the best anonymity. > > So, I would just ask you all who like to use --tor switch to really test > it thoroughly and report any bugs you encounter. This way we'll be able to > stabilize it to the greatest extent. > > Kind regards > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Iago Sousa |
|
From: Miroslav S. <mir...@gm...> - 2011-11-23 21:20:52
|
Hi everybody. This moment there was a commit switching TOR support from HTTP proxy (e.g.: Polipo, Privoxy,...) to SOCKS proxy (directly toward TOR service). This was done because of two important things: 1) HTTP proxies between TOR and the user tend to do mischievousness deeds, like filtering some "suspicious" spam-like page content or stripping pages. Anyway, this was doing very bad things toward sqlmap in some cases (to be exact, Privoxy is really the worst example) 2) Maybe the most important "why" is the tendency of some of those HTTP proxies to somehow loose the "use Tor's SOCKS proxy at localhost:9050" every here and there completely leaving you without the "anonymity" that TOR offers. This was causing major headache to me and to be honest, I don't want anyone to loose "privacy" because of this kind of Polipo or Privoxy behavior. Hence the switch --check-tor which was added for you to be able to check for yourself if you were "loosing" the anonymity because of similar behavior. With SOCKS proxy utilization sqlmap will now directly communicate with the TOR service giving you the best anonymity. So, I would just ask you all who like to use --tor switch to really test it thoroughly and report any bugs you encounter. This way we'll be able to stabilize it to the greatest extent. Kind regards -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2011-11-23 14:30:03
|
Hi. Do you get message like "15:26:04] [INFO] Table 'DB.TABLE' dumped to CSV file '/home/.../sqlmap/output/.../dump/DB/TABLE.csv'"? Thing is that I can't reproduce it so I'll need more information. Traffic file will be ok together with the console output with -v 3. Kind regards On Wed, Nov 23, 2011 at 12:47 PM, m4l1c3 <mal...@gm...> wrote: > Updated to 4543. Dumps still not saved to /output/domain/dump/ > > Please ignore the previous > DUMP redirection. > > On Wed, Nov 23, 2011 at 12:54 AM, m4l1c3 <mal...@gm...> wrote: > >> Update: >> >> Command: >> ./sqlmap.py -u "http://www.XXXXXXXX.org:80/XXXXphp" --forms --batch >> --technique=U -pfield --dump-all --exclude-sysdbs > DUMP >> >> This produces normal. "trimmed" dumps to console. >> >> Then, after cracking hashes: >> >> [INFO] cracked password 'password1' for user 'user1' >> >> [INFO] current status: XXXXX... \ >> [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4542) >> sqlmap version: 1.0-dev (r4542) >> Python version: 2.6.5 >> Operating system: posix >> Command line: ./sqlmap.py -u *************************************** >> --forms --batch --technique=U -pXXXXX --dump-all --exclude-sysdbs >> Technique: UNION >> Back-end DBMS: MySQL (fingerprinted) >> >> Update complete. >> Many thanks/props/blessings >> >> On Tue, Nov 22, 2011 at 11:49 PM, m4l1c3 <mal...@gm...> wrote: >> >>> Command: >>> ./sqlmap.py -u "http://www.XXXXXXXX.XXX:80/SOME.php" --forms >>> --technique=U -pNULL --dump -T TABLE01 -D DB >>> >>> The command completes with no errors, and the contents are dumped to >>> console (abbreviated, as normal), however; the /output/domain/dump/ >>> directory remains empty. Need traffic.log? >>> >> >> > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: m4l1c3 <mal...@gm...> - 2011-11-23 11:47:15
|
Updated to 4543. Dumps still not saved to /output/domain/dump/ Please ignore the previous > DUMP redirection. On Wed, Nov 23, 2011 at 12:54 AM, m4l1c3 <mal...@gm...> wrote: > Update: > > Command: > ./sqlmap.py -u "http://www.XXXXXXXX.org:80/XXXXphp" --forms --batch > --technique=U -pfield --dump-all --exclude-sysdbs > DUMP > > This produces normal. "trimmed" dumps to console. > > Then, after cracking hashes: > > [INFO] cracked password 'password1' for user 'user1' > > [INFO] current status: XXXXX... \ > [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4542) > sqlmap version: 1.0-dev (r4542) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u *************************************** > --forms --batch --technique=U -pXXXXX --dump-all --exclude-sysdbs > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > > Update complete. > Many thanks/props/blessings > > On Tue, Nov 22, 2011 at 11:49 PM, m4l1c3 <mal...@gm...> wrote: > >> Command: >> ./sqlmap.py -u "http://www.XXXXXXXX.XXX:80/SOME.php" --forms >> --technique=U -pNULL --dump -T TABLE01 -D DB >> >> The command completes with no errors, and the contents are dumped to >> console (abbreviated, as normal), however; the /output/domain/dump/ >> directory remains empty. Need traffic.log? >> > > |
|
From: Miroslav S. <mir...@gm...> - 2011-11-23 08:05:20
|
Hi.
It should be fixed in r4543.
Kind regards
On Wed, Nov 23, 2011 at 5:37 AM, m4l1c3 <mal...@gm...> wrote:
> sqlmap version: 1.0-dev (r4542)
> Python version: 2.6.5
> Operating system: posix
> Command line: ./sqlmap.py -u ***************************************
> --batch --privileges --forms --technique=U -pXXXXXX --dump -T ****** -D
> ****************
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line 580,
> in start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 109, in
> action
> conf.dbmsHandler.dumpTable()
> File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line
> 1774, in dumpTable
> attackDumpedTable()
> File "/pentest/database/sqlmap/lib/utils/hash.py", line 366, in
> attackDumpedTable
> results = dictionaryAttack(attack_dict)
> File "/pentest/database/sqlmap/lib/utils/hash.py", line 721, in
> dictionaryAttack
> conf.hashDB.write(hash_, word)
> File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 79, in write
> self.flush()
> File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 94, in flush
> self.beginTransaction()
> File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 111, in
> beginTransaction
> self.cursor.execute('BEGIN TRANSACTION')
> OperationalError: cannot start a transaction within a transaction
>
> This error seemed to occur after the cracking press had successfully
> completed.
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: m4l1c3 <mal...@gm...> - 2011-11-23 05:54:31
|
Update: Command: ./sqlmap.py -u "http://www.XXXXXXXX.org:80/XXXXphp" --forms --batch --technique=U -pfield --dump-all --exclude-sysdbs > DUMP This produces normal. "trimmed" dumps to console. Then, after cracking hashes: [INFO] cracked password 'password1' for user 'user1' [INFO] current status: XXXXX... \ [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4542) sqlmap version: 1.0-dev (r4542) Python version: 2.6.5 Operating system: posix Command line: ./sqlmap.py -u *************************************** --forms --batch --technique=U -pXXXXX --dump-all --exclude-sysdbs Technique: UNION Back-end DBMS: MySQL (fingerprinted) Update complete. Many thanks/props/blessings On Tue, Nov 22, 2011 at 11:49 PM, m4l1c3 <mal...@gm...> wrote: > Command: > ./sqlmap.py -u "http://www.XXXXXXXX.XXX:80/SOME.php" --forms > --technique=U -pNULL --dump -T TABLE01 -D DB > > The command completes with no errors, and the contents are dumped to > console (abbreviated, as normal), however; the /output/domain/dump/ > directory remains empty. Need traffic.log? > |
|
From: m4l1c3 <mal...@gm...> - 2011-11-23 04:49:44
|
Command: ./sqlmap.py -u "http://www.XXXXXXXX.XXX:80/SOME.php" --forms --technique=U -pNULL --dump -T TABLE01 -D DB The command completes with no errors, and the contents are dumped to console (abbreviated, as normal), however; the /output/domain/dump/ directory remains empty. Need traffic.log? |
|
From: m4l1c3 <mal...@gm...> - 2011-11-23 04:37:23
|
sqlmap version: 1.0-dev (r4542)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***************************************
--batch --privileges --forms --technique=U -pXXXXXX --dump -T ****** -D
****************
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 580,
in start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 109, in
action
conf.dbmsHandler.dumpTable()
File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line
1774, in dumpTable
attackDumpedTable()
File "/pentest/database/sqlmap/lib/utils/hash.py", line 366, in
attackDumpedTable
results = dictionaryAttack(attack_dict)
File "/pentest/database/sqlmap/lib/utils/hash.py", line 721, in
dictionaryAttack
conf.hashDB.write(hash_, word)
File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 79, in write
self.flush()
File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 94, in flush
self.beginTransaction()
File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 111, in
beginTransaction
self.cursor.execute('BEGIN TRANSACTION')
OperationalError: cannot start a transaction within a transaction
This error seemed to occur after the cracking press had successfully
completed.
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-23 02:53:00
|
Hi m4l1c3. Thank you for your report and find it fixed and committed in the last revision (r4542). Kind regards On Wed, Nov 23, 2011 at 2:36 AM, m4l1c3 <mal...@gm...> wrote: > sqlmap version: 1.0-dev (r4541) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u ************************** --batch --dbs > --forms --crawl 3 --smart --technique=U > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "/pentest/database/sqlmap/_sqlmap.py", line 77, in main > init(cmdLineOptions) > File "/pentest/database/sqlmap/lib/core/option.py", line 1875, in init > __setCrawler() > File "/pentest/database/sqlmap/lib/core/option.py", line 429, in > __setCrawler > crawler.getTargetUrls() > File "/pentest/database/sqlmap/lib/utils/crawler.py", line 118, in > getTargetUrls > runThreads(numThreads, crawlThread) > File "/pentest/database/sqlmap/lib/core/threads.py", line 184, in > runThreads > conf.hashDB.flush(True) > AttributeError: 'NoneType' object has no attribute 'flush' > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: m4l1c3 <mal...@gm...> - 2011-11-23 01:36:42
|
sqlmap version: 1.0-dev (r4541)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ************************** --batch --dbs
--forms --crawl 3 --smart --technique=U
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 77, in main
init(cmdLineOptions)
File "/pentest/database/sqlmap/lib/core/option.py", line 1875, in init
__setCrawler()
File "/pentest/database/sqlmap/lib/core/option.py", line 429, in
__setCrawler
crawler.getTargetUrls()
File "/pentest/database/sqlmap/lib/utils/crawler.py", line 118, in
getTargetUrls
runThreads(numThreads, crawlThread)
File "/pentest/database/sqlmap/lib/core/threads.py", line 184, in
runThreads
conf.hashDB.flush(True)
AttributeError: 'NoneType' object has no attribute 'flush'
|
|
From: Johnny V. <Joh...@zo...> - 2011-11-22 16:46:51
|
Webscarab can save output for. Also, you can try ZAP from OWASP. On Nov 21, 2011, at 11:00 PM, Bob Simonoff wrote: > > Miroslav, thanks, that is exactly the problem. Unfortunately, when I download the latest version, svn exits on me when my virus checker complains about one of the exe files it determined was a virus. I will have to learn svn to see if I can have it download everything but that file. > > I am using burpsuite as a proxy. I guess I could copy/paste everything into a response file, but as Miroslav says, that would give the same result (but would be much easier. So thanks, I may have to play with that. Burpsuite unfortunately does have logging with the free version anymore. > > Thanks everyone else too. I will try those if I can not get the latest version working. > > Bob > > ----- Original Message ----- > From: Miroslav Stampar > To: Brandon Perry > Cc: sql...@li... > Sent: Monday, November 21, 2011 4:20 PM > Subject: Re: [sqlmap-users] %26 as part of a POST parameter name on MSWindows > > Hi Brandon. > > It's a bit complicated. That %26 coincidentally decoded to the default delimiter value '&' so that probably caused problems in your case with sqlmap. > > Please update to the latest revision and try it again. > > Kind regards, > Miroslav Stampar > > On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bpe...@gm...> wrote: > You may also grab a copy of the free edition of BurpSuite, record the > POST response, and save that to a file. > > Then use the -r flag and pass the burp response to sqlmap. Will be > easier to work with. > > On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry > <bpe...@gm...> wrote: > > I would say just use a virtual machine. Grab a copy of backtrack, > > update sqlmap, and start from there. > > > > VirtualBox is a free, open source virtualization suite that runs on > > windows. You will have a much better time interacting with sqlmap. > > > > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146...@gm...> wrote: > >> What is the fld? > >> > >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <bo...@si...> > >> wrote: > >>> > >>> I have been asked to test a web site for SQL injection. The website uses > >>> POST and the parameter names all have the 3 characters %26 (percent 26) as a > >>> separator. This makes thinks difficult, since I am running sqlmap from > >>> windows. First windows is trying to substitute %2 as the second argument of > >>> the command line, but python is also at play here. I have not found an > >>> escape sequence that allows both windows and python to be happy. I have > >>> tried various combinations of ^, \, and %% to no avail. > >>> > >>> So an example of post data would be: > >>> --data="fld%26First=Bob&fld%26Last=Jones" > >>> > >>> Can anyone provide a recommendation? > >>> > >>> Thanks > >>> Bob > >>> > >>> Apologies if this appears twice, I had trouble with my subscription > >>> > >>> ------------------------------------------------------------------------------ > >>> All the data continuously generated in your IT infrastructure > >>> contains a definitive record of customers, application performance, > >>> security threats, fraudulent activity, and more. Splunk takes this > >>> data and makes sense of it. IT sense. And common sense. > >>> http://p.sf.net/sfu/splunk-novd2d > >>> _______________________________________________ > >>> sqlmap-users mailing list > >>> sql...@li... > >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> > >> > >> > >> > >> -- > >> Iago Sousa > >> > >> > >> ------------------------------------------------------------------------------ > >> All the data continuously generated in your IT infrastructure > >> contains a definitive record of customers, application performance, > >> security threats, fraudulent activity, and more. Splunk takes this > >> data and makes sense of it. IT sense. And common sense. > >> http://p.sf.net/sfu/splunk-novd2d > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > > > > > > > > -- > > http://volatile-minds.blogspot.com -- blog > > http://www.volatileminds.net -- website > > > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d_______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Miroslav S. <mir...@gm...> - 2011-11-22 07:00:35
|
Hi Andres.
That strange part is actually a "heuristic" check. It's "injected" into the
parameter value to see if there would be a DBMS specific error message.
It's really a standard procedure.
Now, could you please explain why is it bothering you?
Kind regards,
Miroslav Stampar
On Tue, Nov 22, 2011 at 2:24 AM, Andres Ferraro <an...@an...>wrote:
> Hi Folks,
>
> Whenever I use sqlmap injecting into cookies, with just
> --technique=BT, even when I set --prefix="" and --suffix="" and really
> no matter what I do I get the following
>
> 1- Connectivity test - All fine
> 2 - Check to see if the URL is stable - All fine here
> 3 - [PAYLOAD] 1pre ('""')'"))suff
> 4 - normal injection stuff...
>
> Where "pre" is whatever I set as prefix (including blank) and "suff"
> if my suffix string.
>
> Is there any way to stop the "('""')'"))" string from going out??
> I've tried everything I could think of, even removed all payloads and
> delimiters from payloads.xml.
>
> Any clue?
>
> ps: The really weird part is those characters (the parenthesis and
> quotes) would change depending on the contents of the payloads.xml
> file, yet would never go away.
>
> --
> Best regards,
> Andres mailto:an...@an...
>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-22 06:58:35
|
Hi m4l1c3. Thank you for your report. This last bug is fixed. About the first one. Could you please send the URL used? Thing is that it seems to be incompatible with standard IDNA encoding and that's kind of strange. Kind regards, Miroslav Stampar On Tue, Nov 22, 2011 at 4:44 AM, m4l1c3 <mal...@gm...> wrote: > [INFO]s have been removed. > > sqlmap version: 1.0-dev (r4525) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u ************************************ --dbs > --technique=U --level 3 --risk 3 --batch --smart --crawl 3 --threads 3 > --forms --random-agent > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "/pentest/database/sqlmap/lib/core/threads.py", line 109, in > runThreads > threadFunction() > File "/pentest/database/sqlmap/lib/utils/crawler.py", line 97, in > crawlThread > findPageForms(content, current, False, True) > File "/pentest/database/sqlmap/lib/core/common.py", line 3115, in > findPageForms > data = urldecode(data, kb.pageEncoding) if data and > urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data > TypeError: argument of type 'instance' is not iterable > > After this, the scan progresses normally with occasional errors like: > > [ERROR] thread 2: argument of type 'instance' is not iterable > > [ERROR] thread 0: argument of type 'instance' is not iterable > > [ERROR] thread 1: argument of type 'instance' is not iterable > > With no --threads parameter, sqlmap dumps the entire aforementioned error, > less the thread n lines. > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Brandon P. <bpe...@gm...> - 2011-11-22 03:58:13
|
TBH, running tools like sqlmap (and metasploit for example) on windows where AV is very prevalent can become very tedious. It may be worth your while to run Linux within a virtual machine to perform these tasks. You don't have to worry about Windows getting in the way of your productivity. On Mon, Nov 21, 2011 at 10:00 PM, Bob Simonoff <bo...@si...> wrote: > > Miroslav, thanks, that is exactly the problem. Unfortunately, when I > download the latest version, svn exits on me when my virus checker complains > about one of the exe files it determined was a virus. I will have to learn > svn to see if I can have it download everything but that file. > > I am using burpsuite as a proxy. I guess I could copy/paste everything into > a response file, but as Miroslav says, that would give the same result (but > would be much easier. So thanks, I may have to play with that. Burpsuite > unfortunately does have logging with the free version anymore. > > Thanks everyone else too. I will try those if I can not get the latest > version working. > > Bob > > > ----- Original Message ----- > From: Miroslav Stampar > To: Brandon Perry > Cc: sql...@li... > Sent: Monday, November 21, 2011 4:20 PM > Subject: Re: [sqlmap-users] %26 as part of a POST parameter name on > MSWindows > Hi Brandon. > It's a bit complicated. That %26 coincidentally decoded to the default > delimiter value '&' so that probably caused problems in your case with > sqlmap. > Please update to the latest revision and try it again. > Kind regards, > Miroslav Stampar > > On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bpe...@gm...> > wrote: >> >> You may also grab a copy of the free edition of BurpSuite, record the >> POST response, and save that to a file. >> >> Then use the -r flag and pass the burp response to sqlmap. Will be >> easier to work with. >> >> On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry >> <bpe...@gm...> wrote: >> > I would say just use a virtual machine. Grab a copy of backtrack, >> > update sqlmap, and start from there. >> > >> > VirtualBox is a free, open source virtualization suite that runs on >> > windows. You will have a much better time interacting with sqlmap. >> > >> > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146...@gm...> wrote: >> >> What is the fld? >> >> >> >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <bo...@si...> >> >> wrote: >> >>> >> >>> I have been asked to test a web site for SQL injection. The website >> >>> uses >> >>> POST and the parameter names all have the 3 characters %26 (percent >> >>> 26) as a >> >>> separator. This makes thinks difficult, since I am running sqlmap from >> >>> windows. First windows is trying to substitute %2 as the second >> >>> argument of >> >>> the command line, but python is also at play here. I have not found >> >>> an >> >>> escape sequence that allows both windows and python to be happy. I >> >>> have >> >>> tried various combinations of ^, \, and %% to no avail. >> >>> >> >>> So an example of post data would be: >> >>> --data="fld%26First=Bob&fld%26Last=Jones" >> >>> >> >>> Can anyone provide a recommendation? >> >>> >> >>> Thanks >> >>> Bob >> >>> >> >>> Apologies if this appears twice, I had trouble with my subscription >> >>> >> >>> >> >>> ------------------------------------------------------------------------------ >> >>> All the data continuously generated in your IT infrastructure >> >>> contains a definitive record of customers, application performance, >> >>> security threats, fraudulent activity, and more. Splunk takes this >> >>> data and makes sense of it. IT sense. And common sense. >> >>> http://p.sf.net/sfu/splunk-novd2d >> >>> _______________________________________________ >> >>> sqlmap-users mailing list >> >>> sql...@li... >> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> >> >> >> >> >> >> >> >> -- >> >> Iago Sousa >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> All the data continuously generated in your IT infrastructure >> >> contains a definitive record of customers, application performance, >> >> security threats, fraudulent activity, and more. Splunk takes this >> >> data and makes sense of it. IT sense. And common sense. >> >> http://p.sf.net/sfu/splunk-novd2d >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sql...@li... >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> > >> > >> > >> > -- >> > http://volatile-minds.blogspot.com -- blog >> > http://www.volatileminds.net -- website >> > >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a definitive record of customers, application performance, >> security threats, fraudulent activity, and more. Splunk takes this >> data and makes sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-novd2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Miroslav Stampar > http://about.me/stamparm > > ________________________________ > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > > ________________________________ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Bob S. <bo...@si...> - 2011-11-22 03:55:14
|
Miroslav, thanks, that is exactly the problem. Unfortunately, when I download the latest version, svn exits on me when my virus checker complains about one of the exe files it determined was a virus. I will have to learn svn to see if I can have it download everything but that file.
I am using burpsuite as a proxy. I guess I could copy/paste everything into a response file, but as Miroslav says, that would give the same result (but would be much easier. So thanks, I may have to play with that. Burpsuite unfortunately does have logging with the free version anymore.
Thanks everyone else too. I will try those if I can not get the latest version working.
Bob
----- Original Message -----
From: Miroslav Stampar
To: Brandon Perry
Cc: sql...@li...
Sent: Monday, November 21, 2011 4:20 PM
Subject: Re: [sqlmap-users] %26 as part of a POST parameter name on MSWindows
Hi Brandon.
It's a bit complicated. That %26 coincidentally decoded to the default delimiter value '&' so that probably caused problems in your case with sqlmap.
Please update to the latest revision and try it again.
Kind regards,
Miroslav Stampar
On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bpe...@gm...> wrote:
You may also grab a copy of the free edition of BurpSuite, record the
POST response, and save that to a file.
Then use the -r flag and pass the burp response to sqlmap. Will be
easier to work with.
On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry
<bpe...@gm...> wrote:
> I would say just use a virtual machine. Grab a copy of backtrack,
> update sqlmap, and start from there.
>
> VirtualBox is a free, open source virtualization suite that runs on
> windows. You will have a much better time interacting with sqlmap.
>
> On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146...@gm...> wrote:
>> What is the fld?
>>
>> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <bo...@si...>
>> wrote:
>>>
>>> I have been asked to test a web site for SQL injection. The website uses
>>> POST and the parameter names all have the 3 characters %26 (percent 26) as a
>>> separator. This makes thinks difficult, since I am running sqlmap from
>>> windows. First windows is trying to substitute %2 as the second argument of
>>> the command line, but python is also at play here. I have not found an
>>> escape sequence that allows both windows and python to be happy. I have
>>> tried various combinations of ^, \, and %% to no avail.
>>>
>>> So an example of post data would be:
>>> --data="fld%26First=Bob&fld%26Last=Jones"
>>>
>>> Can anyone provide a recommendation?
>>>
>>> Thanks
>>> Bob
>>>
>>> Apologies if this appears twice, I had trouble with my subscription
>>>
>>> ------------------------------------------------------------------------------
>>> All the data continuously generated in your IT infrastructure
>>> contains a definitive record of customers, application performance,
>>> security threats, fraudulent activity, and more. Splunk takes this
>>> data and makes sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-novd2d
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>
>>
>>
>> --
>> Iago Sousa
>>
>>
>> ------------------------------------------------------------------------------
>> All the data continuously generated in your IT infrastructure
>> contains a definitive record of customers, application performance,
>> security threats, fraudulent activity, and more. Splunk takes this
>> data and makes sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-novd2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
|
|
From: m4l1c3 <mal...@gm...> - 2011-11-22 03:44:57
|
[INFO]s have been removed.
sqlmap version: 1.0-dev (r4525)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ************************************ --dbs
--technique=U --level 3 --risk 3 --batch --smart --crawl 3 --threads 3
--forms --random-agent
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/lib/core/threads.py", line 109, in
runThreads
threadFunction()
File "/pentest/database/sqlmap/lib/utils/crawler.py", line 97, in
crawlThread
findPageForms(content, current, False, True)
File "/pentest/database/sqlmap/lib/core/common.py", line 3115, in
findPageForms
data = urldecode(data, kb.pageEncoding) if data and
urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data
TypeError: argument of type 'instance' is not iterable
After this, the scan progresses normally with occasional errors like:
[ERROR] thread 2: argument of type 'instance' is not iterable
[ERROR] thread 0: argument of type 'instance' is not iterable
[ERROR] thread 1: argument of type 'instance' is not iterable
With no --threads parameter, sqlmap dumps the entire aforementioned error,
less the thread n lines.
|
|
From: Andres F. <an...@an...> - 2011-11-22 02:26:52
|
Hi Folks,
Whenever I use sqlmap injecting into cookies, with just
--technique=BT, even when I set --prefix="" and --suffix="" and really
no matter what I do I get the following
1- Connectivity test - All fine
2 - Check to see if the URL is stable - All fine here
3 - [PAYLOAD] 1pre ('""')'"))suff
4 - normal injection stuff...
Where "pre" is whatever I set as prefix (including blank) and "suff"
if my suffix string.
Is there any way to stop the "('""')'"))" string from going out??
I've tried everything I could think of, even removed all payloads and
delimiters from payloads.xml.
Any clue?
ps: The really weird part is those characters (the parenthesis and
quotes) would change depending on the contents of the payloads.xml
file, yet would never go away.
--
Best regards,
Andres mailto:an...@an...
|
|
From: m4l1c3 <mal...@gm...> - 2011-11-22 02:04:07
|
sqlmap version: 1.0-dev (r4525)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***********************
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line 328,
in start
if not checkConnection(suppressOutput=conf.forms) or not checkString()
or not checkRegexp():
File "/pentest/database/sqlmap/lib/controller/checks.py", line 950, in
checkConnection
page, _ = Request.queryPage(content=True, noteResponseTime=False)
File "/pentest/database/sqlmap/lib/request/connect.py", line 697, in
queryPage
page, headers, code = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, referer=referer, silent=silent, method=method,
auxHeaders=auxHeaders, response=response, raise404=raise404,
ignoreTimeout=timeBasedCompare)
File "/pentest/database/sqlmap/lib/request/connect.py", line 358, in
getPage
return Connect.__getPageProxy(**kwargs)
File "/pentest/database/sqlmap/lib/request/connect.py", line 77, in
__getPageProxy
return Connect.getPage(**kwargs)
File "/pentest/database/sqlmap/lib/request/connect.py", line 169, in
getPage
url = asciifyUrl(url)
File "/pentest/database/sqlmap/lib/core/common.py", line 3036, in
asciifyUrl
hostname = parts.hostname.encode('idna')
File "/usr/lib/python2.6/encodings/idna.py", line 164, in encode
result.append(ToASCII(label))
File "/usr/lib/python2.6/encodings/idna.py", line 73, in ToASCII
raise UnicodeError("label empty or too long")
UnicodeError: label empty or too long
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-21 22:01:40
|
Hi Brandon.
Thank you for your report. It should be "patched" with the latest commit.
Kind regards
On Mon, Nov 21, 2011 at 8:32 PM, Brandon Perry <bpe...@gm...>wrote:
> Hi, The phpass detection is working excellently. Would like to report
> these:
>
> [13:27:24] [CRITICAL] there was a problem while hashing entry:
> '<>@\xc2\xa3\xc2\xa7\xe2\x82\xac{[]}'. Please report by e-mail to
> sql...@li...
> [13:27:26] [CRITICAL] there was a problem while hashing entry:
> '-/\xe0\xb8\x88---/\xe0\xb8\x88--'. Please report by e-mail to
> sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x96-\xe0\xb8\x96\xe0\xb8\x84\xe0\xb8\x88\xe0\xb8\xb8'.
> Please report by e-mail to sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x96/\xe0\xb8\x95\xe0\xb8\x88\xe0\xb8\xa0'. Please report by
> e-mail to sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb9\x85\xe0\xb8\x88\xe0\xb8\xb6-\xe0\xb8\x88'. Please report by
> e-mail to sql...@li...
> [13:27:27] [CRITICAL] there was a problem while hashing entry:
> '-\xe0\xb8\x88\xe0\xb9\x85\xe0\xb9\x85\xe0\xb8\x84\xe0\xb8\xa0//'.
> Please report by e-mail to sql...@li...
> [13:27:30] [CRITICAL] there was a problem while hashing entry:
> '!"\xc2\xb7$%&/()'. Please report by e-mail to
> sql...@li...
> [13:27:30] [CRITICAL] there was a problem while hashing entry:
> '!"\xc2\xa3$%^&*('. Please report by e-mail to
> sql...@li...
> [13:27:31] [CRITICAL] there was a problem while hashing entry:
> '!\xc2\xa7&\xc2\xa7!)!/'. Please report by e-mail to
> sql...@li...
> [13:27:32] [CRITICAL] there was a problem while hashing entry:
> '!@\xc2\xa3$%^&'. Please report by e-mail to
> sql...@li...
> [13:27:33] [CRITICAL] there was a problem while hashing entry:
> '!\xc2\xa3$"%*'. Please report by e-mail to
> sql...@li...
> [13:27:35] [CRITICAL] there was a problem while hashing entry:
> '/-/\xe0\xb8\x96-/'. Please report by e-mail to
> sql...@li...
> [13:27:35] [CRITICAL] there was a problem while hashing entry:
> '/-\xe0\xb9\x85\xe0\xb9\x85/\xe0\xb8\x96\xe0\xb9\x85\xe0\xb8\xb8'.
> Please report by e-mail to sql...@li...
>
> I have a custom password list I am using and have enabled common
> prefix checking as well.
>
> On Mon, Nov 21, 2011 at 3:25 AM, Miroslav Stampar
> <mir...@gm...> wrote:
> > Aha. I haven't noticed it was yours code :). Thank you for this nice
> piece
> > of code.
> > Kind regards
> >
> > On Mon, Nov 21, 2011 at 10:17 AM, Ulisses Castro <uss...@gm...>
> > wrote:
> >>
> >> Good to see that code helped sqlmap, thanks for the reference Miroslav!
> >>
> >> Nice update.
> >>
> >> Cheers,
> >> Ulisses Castro
> >>
> >> On Sun, Nov 20, 2011 at 5:03 PM, Miroslav Stampar
> >> <mir...@gm...> wrote:
> >> > Hi Brandon.
> >> >
> >> > You can find it implemented in the last revision (r4511).
> >> >
> >> > Kind regards,
> >> > Miroslav Stampar
> >> >
> >> > On Sat, Nov 19, 2011 at 10:09 PM, Brandon Perry
> >> > <bpe...@gm...>
> >> > wrote:
> >> >>
> >> >> Absolutely.
> >> >>
> >> >> Thanks for the response.
> >> >>
> >> >> On Sat, Nov 19, 2011 at 3:00 PM, Miroslav Stampar
> >> >> <mir...@gm...> wrote:
> >> >> > Hi Brandon.
> >> >> >
> >> >> > It will be implemented these days, although don't expect it to be
> too
> >> >> > fast
> >> >> > (compared to the regular MD5 or similar) as it usually uses lots of
> >> >> > MD5
> >> >> > rounds.
> >> >> >
> >> >> > Kind regards
> >> >> >
> >> >> > On Nov 19, 2011 9:05 AM, "Brandon Perry" <
> bpe...@gm...>
> >> >> > wrote:
> >> >> >>
> >> >> >> Are there any plans to add phpass hash detection and cracking
> >> >> >> facilities to sqlmap?
> >> >> >>
> >> >> >> A python script to crack them is here, for reference
> >> >> >>
> >> >> >> http://dl.packetstormsecurity.net/Crackers/phpassbrute.py.txt
> >> >> >>
> >> >> >> --
> >> >> >> http://volatile-minds.blogspot.com -- blog
> >> >> >> http://www.volatileminds.net -- website
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> ------------------------------------------------------------------------------
> >> >> >> All the data continuously generated in your IT infrastructure
> >> >> >> contains a definitive record of customers, application
> performance,
> >> >> >> security threats, fraudulent activity, and more. Splunk takes this
> >> >> >> data and makes sense of it. IT sense. And common sense.
> >> >> >> http://p.sf.net/sfu/splunk-novd2d
> >> >> >> _______________________________________________
> >> >> >> sqlmap-users mailing list
> >> >> >> sql...@li...
> >> >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> http://volatile-minds.blogspot.com -- blog
> >> >> http://www.volatileminds.net -- website
> >> >
> >> >
> >> >
> >> > --
> >> > Miroslav Stampar
> >> > http://about.me/stamparm
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > All the data continuously generated in your IT infrastructure
> >> > contains a definitive record of customers, application performance,
> >> > security threats, fraudulent activity, and more. Splunk takes this
> >> > data and makes sense of it. IT sense. And common sense.
> >> > http://p.sf.net/sfu/splunk-novd2d
> >> > _______________________________________________
> >> > sqlmap-users mailing list
> >> > sql...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >> >
> >> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
> >
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-21 21:20:48
|
Hi Brandon. It's a bit complicated. That %26 coincidentally decoded to the default delimiter value '&' so that probably caused problems in your case with sqlmap. Please update to the latest revision and try it again. Kind regards, Miroslav Stampar On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bpe...@gm...>wrote: > You may also grab a copy of the free edition of BurpSuite, record the > POST response, and save that to a file. > > Then use the -r flag and pass the burp response to sqlmap. Will be > easier to work with. > > On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry > <bpe...@gm...> wrote: > > I would say just use a virtual machine. Grab a copy of backtrack, > > update sqlmap, and start from there. > > > > VirtualBox is a free, open source virtualization suite that runs on > > windows. You will have a much better time interacting with sqlmap. > > > > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146...@gm...> wrote: > >> What is the fld? > >> > >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <bo...@si...> > >> wrote: > >>> > >>> I have been asked to test a web site for SQL injection. The website > uses > >>> POST and the parameter names all have the 3 characters %26 (percent > 26) as a > >>> separator. This makes thinks difficult, since I am running sqlmap from > >>> windows. First windows is trying to substitute %2 as the second > argument of > >>> the command line, but python is also at play here. I have not found an > >>> escape sequence that allows both windows and python to be happy. I have > >>> tried various combinations of ^, \, and %% to no avail. > >>> > >>> So an example of post data would be: > >>> --data="fld%26First=Bob&fld%26Last=Jones" > >>> > >>> Can anyone provide a recommendation? > >>> > >>> Thanks > >>> Bob > >>> > >>> Apologies if this appears twice, I had trouble with my subscription > >>> > >>> > ------------------------------------------------------------------------------ > >>> All the data continuously generated in your IT infrastructure > >>> contains a definitive record of customers, application performance, > >>> security threats, fraudulent activity, and more. Splunk takes this > >>> data and makes sense of it. IT sense. And common sense. > >>> http://p.sf.net/sfu/splunk-novd2d > >>> _______________________________________________ > >>> sqlmap-users mailing list > >>> sql...@li... > >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> > >> > >> > >> > >> -- > >> Iago Sousa > >> > >> > >> > ------------------------------------------------------------------------------ > >> All the data continuously generated in your IT infrastructure > >> contains a definitive record of customers, application performance, > >> security threats, fraudulent activity, and more. Splunk takes this > >> data and makes sense of it. IT sense. And common sense. > >> http://p.sf.net/sfu/splunk-novd2d > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > > > > > > > > -- > > http://volatile-minds.blogspot.com -- blog > > http://www.volatileminds.net -- website > > > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
48 messages has been excluded from this view by a project administrator.
