sqlmap-users Mailing List for sqlmap (Page 81)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2011-08-29 12:49:41
|
hi Andres. with the latest r4366 commit there is a new switch implemented '--randomize' by your request. example of usage: -u "www.site.com/vuln.php?id=1&id2=2&id3=3" --randomize=id2 it will automatically randomize parameter value for id2 in further requests regarding it's "template type" integer values inside will be replaced by random integer values in every further request, lower char value will be replaced by random lower char value, upper char... this is the simplest solution for preventing "template" of the original parameter value e.g. "As...@fA..." could be replaced with "Or...@wY..." or e.g. "1234#aaaa!DKWE" could be replaced with "4823#dsjs!KVEW" kind regards 2011/8/20 Andres Tarascó Acuña <ata...@gm...>: > hi there! > > I would like to suggest a feature that I think many of you will find it > useful. The idea is to allow sqlmap or an sqlmap tamper script to create > random data on each request, against targeted parameters, to bypass unique > key restrictions. afaik there is no way to achieve this with latest > release. > > For example, a registration form, can trigger an sql injection that can only > be exploited when some previous checks are bypassed, like some parameters > being inserted into the database. Under these scenario, each request must > contain unique data on some parameters to be able to attack the backend. > > Several "random data" generator could be supported, like > integers,alphanumeric , and emails strings. > Example: > ./sqlmap.py -u http://host/register.php > --data="login=a@a.com&pass=f00&lang=en" -p lang --random-email=login > Its just an idea :) > btw, without using the -p flag to target an specific parameter, is there any > way to tell sqlmap to avoid testing a parameter? > > Thanks, > > Andres > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: anonymous a. <tm...@2c...> - 2011-08-27 14:03:46
|
<div>Subject. The latest revision.</div> |
|
From: Christian R. <Chr...@cr...> - 2011-08-24 16:14:14
|
Hi there,
I just updated to the last revision (4365) and tried to attack a Microsoft SQL Server 2005 via AND/OR time-based blind or MS stacked queries.
The module which analysed which dba is there gets stuck with MSSQL (if I force --dbms=mssql). Otherwise it finds a Postgres-DB (which obviously can't be because of the attack vector). I think there
might be something broken.
I reverted to #4233 which is working and correctly detects MSSQL.
Greetings,
Christian
----snip----
GET parameter 'meetingKey' is vulnerable. Do you want to keep testing the others? [y/N]
sqlmap identified the following injection points with a total of 47 HTTP(s) requests:
---
Place: GET
Parameter: meetingKey
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: passcode=&meetingKey='; WAITFOR DELAY '0:0:5';-- AND 'yUTW'='yUTW
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: passcode=&meetingKey=' WAITFOR DELAY '0:0:5'-- AND 'PowX'='PowX
---
[17:33:51] [INFO] testing Microsoft SQL Server
[17:33:51] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries
[17:34:12] [INFO] confirming Microsoft SQL Server
<stuck here, Wireshark shows useless attack vectors (just the Waitfor Delay)>
----snip----
|
|
From: Preth H. <pre...@gm...> - 2011-08-24 00:25:42
|
Hi, i have some unexpected troubles with the latest version of SQLMap (0.9).
I hope this can help you to keep developing your t00l :)
-------------------- error log --------------------------------
[19:14:37] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with
the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.7.1+
Operating system: posix
Command line: ./sqlmap.py -u
**************************************************************************************
--file-read=/etc/passwd
Technique: STACKED
Back-end DBMS: PostgreSQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File
"/home/preth00nker/Descargas/sqlmap-latest/sqlmap/lib/controller/controller.py",
line 447, in start
action()
File
"/home/preth00nker/Descargas/sqlmap-latest/sqlmap/lib/controller/action.py",
line 123, in action
conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
File
"/home/preth00nker/Descargas/sqlmap-latest/sqlmap/plugins/generic/filesystem.py",
line 301, in readFile
fileContent = self.__unhexString(fileContent)
File
"/home/preth00nker/Descargas/sqlmap-latest/sqlmap/plugins/generic/filesystem.py",
line 43, in __unhexString
if len(hexStr) % 2 != 0:
TypeError: object of type 'NoneType' has no len()
[*] shutting down at: 19:14:37
-------------------- eof --------------------------------
greets
|
|
From: Miroslav S. <mir...@gm...> - 2011-08-23 21:41:48
|
yea, you did you naughty naughty... :) thx for reporting. fixed kr On Tue, Aug 23, 2011 at 10:56 PM, machak machakowitz <mma...@gm...> wrote: > Hmmm...did i do this?...:p... > > [22:37:32] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4357), retry > your run with the latest development versi > on from the Subversion repository. If the exception persists, please send by > e-mail to sql...@li...urceforge > .net the following text and any information required to reproduce the bug. > The developers will try to reproduce the b > ug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4357) > Python version: 2.7.1 > Operating system: nt > Command line: C:\Users\Giga\Desktop\sqlmap1\sqlmap.py -u > ************************************************************ > ************************ -o --random-agent --dbms=mysql --level 3 > Technique: UNION > Back-end DBMS: MySQL (identified) > Traceback (most recent call last): > File "C:\Users\Giga\Desktop\sqlmap1\sqlmap.py", line 86, in main > start() > File "C:\Users\Giga\Desktop\sqlmap1\lib\controller\controller.py", line 460, > in start > injection = checkSqlInjection(place, parameter, value) > File "C:\Users\Giga\Desktop\sqlmap1\lib\controller\checks.py", line 408, in > checkSqlInjection > reqPayload, vector = unionTest(comment, place, parameter, value, prefix, > suffix) > File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 290, > in unionTest > validPayload, vector = __unionTestByCharBruteforce(comment, place, > parameter, value, prefix, suffix) > File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 257, > in __unionTestByCharBruteforce > count = __findUnionCharCount(comment, place, parameter, value, prefix, > suffix) > File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 150, > in __findUnionCharCount > if not re.search(r'>\s*%s\s*<' % kb.uChar, page): > File "C:\Python27\lib\re.py", line 142, in search > return _compile(pattern, flags).search(string) > TypeError: expected string or buffer > > [*] shutting down at 22:37:33 > > > > ------------------------------------------------------------------------------ > EMC VNX: the world's simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: machak m. <mma...@gm...> - 2011-08-23 20:56:53
|
Hmmm...did i do this?...:p... [22:37:32] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4357), retry your run with the latest development versi on from the Subversion repository. If the exception persists, please send by e-mail to sql...@li...urceforge .net the following text and any information required to reproduce the bug. The developers will try to reproduce the b ug, fix it accordingly and get back to you. sqlmap version: 1.0-dev (r4357) Python version: 2.7.1 Operating system: nt Command line: C:\Users\Giga\Desktop\sqlmap1\sqlmap.py -u ************************************************************ ************************ -o --random-agent --dbms=mysql --level 3 Technique: UNION Back-end DBMS: MySQL (identified) Traceback (most recent call last): File "C:\Users\Giga\Desktop\sqlmap1\sqlmap.py", line 86, in main start() File "C:\Users\Giga\Desktop\sqlmap1\lib\controller\controller.py", line 460, in start injection = checkSqlInjection(place, parameter, value) File "C:\Users\Giga\Desktop\sqlmap1\lib\controller\checks.py", line 408, in checkSqlInjection reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix) File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 290, in unionTest validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 257, in __unionTestByCharBruteforce count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix) File "C:\Users\Giga\Desktop\sqlmap1\lib\techniques\union\test.py", line 150, in __findUnionCharCount if not re.search(r'>\s*%s\s*<' % kb.uChar, page): File "C:\Python27\lib\re.py", line 142, in search return _compile(pattern, flags).search(string) TypeError: expected string or buffer [*] shutting down at 22:37:33 |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-08-23 07:58:13
|
Not long. It should not freeze. You can force it with --os switch if you want. To better debug the issue please send privately the -v3 output and if possible the -t traffic.log file. Bernardo Damele A. G. This message was sent from a smartphone On 22 Aug 2011, at 22:54, Ahmed Shawky <ah...@is...> wrote: what's the expected time for sqlmap to fingerprint the back-end DBMS operating system ? it freezes when i use --os-shell flag -- - Ahmed Shawky El-Antry - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Ahmed S. <ah...@is...> - 2011-08-22 21:54:37
|
what's the expected time for sqlmap to fingerprint the back-end DBMS operating system ? it freezes when i use --os-shell flag -- - Ahmed Shawky El-Antry - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k |
|
From: Miroslav S. <mir...@gm...> - 2011-08-22 20:27:09
|
hi blueBoy. short answer is yes longer answer is: all retrieved data is "safe-char" encoded so any form of binary data should be retrievable through sqlmap. afterwards you can use /extra/safe2bin/safe2bin.py to unencode that safe format to original binary one. disclaimer: i can imagine at least few cases where everything could go wrong, like charset/collation incompatibility between web application connector and backend DBMS :) kr On Tue, Aug 23, 2011 at 7:45 AM, blueBoy <blu...@gm...> wrote: > Can we use sqlmap to retrieve blob data type Eg. image > if yes is it possible in all dbms like oracle,mssql,mysql etc. > > > Regards. > > > ------------------------------------------------------------------------------ > uberSVN's rich system and user administration capabilities and model > configuration take the hassle out of deploying and managing Subversion and > the tools developers use with it. Learn more about uberSVN and get a free > download at: http://p.sf.net/sfu/wandisco-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: blueBoy <blu...@gm...> - 2011-08-22 20:21:40
|
Can we use sqlmap to retrieve blob data type Eg. image if yes is it possible in all dbms like oracle,mssql,mysql etc. Regards. |
|
From: Miroslav S. <mir...@gm...> - 2011-08-20 20:01:17
|
hi blueBoy there was really a bug :). find it fixed in the latest commit. kr On Sun, Aug 21, 2011 at 6:59 AM, blueBoy <blu...@gm...> wrote: > During my recent pen-test of oracle database, if found out that sqlmap > is just returning top row of the queries executed. > For example: > sql] select name from table1 > output: busher > First row of the table1 > > Although there are over 100 names in the column. > But if modify the query to the following > > sql] select name from table1 where name like 'x%' > output: xandros > > Using Verbose option sqlmap shows:the SQL query used returns 11 entries > But only 1 row is displayed > Now how can i get more than 1 row of the query. > > I have updated sqlmap today itself but problem still persists. > > Regards, > Alea. > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: blueBoy <blu...@gm...> - 2011-08-20 19:35:34
|
During my recent pen-test of oracle database, if found out that sqlmap
is just returning top row of the queries executed.
For example:
sql] select name from table1
output: busher
First row of the table1
Although there are over 100 names in the column.
But if modify the query to the following
sql] select name from table1 where name like 'x%'
output: xandros
Using Verbose option sqlmap shows:the SQL query used returns 11 entries
But only 1 row is displayed
Now how can i get more than 1 row of the query.
I have updated sqlmap today itself but problem still persists.
Regards,
Alea.
|
|
From: Andres T. A. <ata...@gm...> - 2011-08-20 13:34:16
|
hi there! I would like to suggest a feature that I think many of you will find it useful. The idea is to allow sqlmap or an sqlmap tamper script to create random data on each request, against targeted parameters, to bypass unique key restrictions. afaik there is no way to achieve this with latest release. For example, a registration form, can trigger an sql injection that can only be exploited when some previous checks are bypassed, like some parameters being inserted into the database. Under these scenario, each request must contain unique data on some parameters to be able to attack the backend. Several "random data" generator could be supported, like integers,alphanumeric , and emails strings. Example: ./sqlmap.py -u http://host/register.php --data="login=a@a.com&pass=f00&lang=en" -p lang --random-email=login Its just an idea :) btw, without using the -p flag to target an specific parameter, is there any way to tell sqlmap to avoid testing a parameter? Thanks, Andres |
|
From: Miroslav S. <mir...@gm...> - 2011-08-20 12:19:12
|
yea, he contacted us already yesterday and the thing that sticks out is that he used sqlmap version >> "0.8-1" << :))) lots of things changed in the mean time kr On Sat, Aug 20, 2011 at 1:51 PM, Wagner Elias <we...@co...> wrote: > http://andrewpetukhov.blogspot.com/2011/08/building-benchmark-for-sql-injection.html > > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Wagner E. <we...@co...> - 2011-08-20 12:15:13
|
http://andrewpetukhov.blogspot.com/2011/08/building-benchmark-for-sql-injection.html |
|
From: Miroslav S. <mir...@gm...> - 2011-08-20 05:44:25
|
Hi. We need more data. Something like -t traffic or anything. Everything seems to work well on our testing environment. Kr On 20.8.2011. 01:42, "Liran Mimoni" <rea...@gm...> wrote: > Hi > > updated to r4356 but each website I put (even ones that already had data > from them from the previous version) each time it wont fetch the db's > > sometimes it's http 403 errors, 500 errors (mysql) and sometimes no output > at all |
|
From: Miroslav S. <mir...@gm...> - 2011-08-20 05:40:49
|
Hi Because of ethical point of view you won't get answer to this question from us devs Kr On 20.8.2011. 01:50, "Liran Mimoni" <rea...@gm...> wrote: > I want to run the google feature that will be total automated, means it wont > ask me anything, it will try to fetch all the data from any website it will > found without asking me for anything > > is it possible ? |
|
From: Ahmed S. <ah...@is...> - 2011-08-20 00:55:18
|
use these flags: --dump-all --batch On Sat, Aug 20, 2011 at 1:52 AM, Sherif El-Deeb <arc...@gm...>wrote: > --batch? > On Aug 20, 2011 2:50 AM, "Liran Mimoni" <rea...@gm...> wrote: > > I want to run the google feature that will be total automated, means it > wont > > ask me anything, it will try to fetch all the data from any website it > will > > found without asking me for anything > > > > is it possible ? > > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- - Ahmed Shawky El-Antry - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k |
|
From: Sherif El-D. <arc...@gm...> - 2011-08-19 23:52:39
|
--batch? On Aug 20, 2011 2:50 AM, "Liran Mimoni" <rea...@gm...> wrote: > I want to run the google feature that will be total automated, means it wont > ask me anything, it will try to fetch all the data from any website it will > found without asking me for anything > > is it possible ? |
|
From: Liran M. <rea...@gm...> - 2011-08-19 23:50:30
|
I want to run the google feature that will be total automated, means it wont ask me anything, it will try to fetch all the data from any website it will found without asking me for anything is it possible ? |
|
From: Liran M. <rea...@gm...> - 2011-08-19 23:41:48
|
Hi updated to r4356 but each website I put (even ones that already had data from them from the previous version) each time it wont fetch the db's sometimes it's http 403 errors, 500 errors (mysql) and sometimes no output at all |
|
From: Miroslav S. <mir...@gm...> - 2011-08-18 08:13:43
|
p.s. nevertheless, some temporary data storage could be introduced for large tables. nothing formatted, nothing spectacular, nothing "final" just a plain dumb temporary storage in case of large table dumps. will do something :) kr On Thu, Aug 18, 2011 at 10:09 AM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > there was an important fix (r4354) related to this same problem. > > there was really a problem going on where connection dropping was > causing loss of all data. > > the problem was reintroduced when I've done some (single and multi > threading generic) refactoring a month or two ago. my fault. sorry. > > kr > > On Thu, Aug 18, 2011 at 10:01 AM, anonymous anonymous <tm...@2c...> wrote: >> Hi! Can you add this feature to sqlmap please? Because sometimes when huge >> databases are in dumping and server halts down or in some other situatuons >> sqlmap not writes database in csv and all 100-200mb database is losing. >> Please! >> ------------------------------------------------------------------------------ >> Get a FREE DOWNLOAD! and learn more about uberSVN rich system, >> user administration capabilities and model configuration. Take >> the hassle out of deploying and managing Subversion and the >> tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-08-18 08:10:05
|
hi. there was an important fix (r4354) related to this same problem. there was really a problem going on where connection dropping was causing loss of all data. the problem was reintroduced when I've done some (single and multi threading generic) refactoring a month or two ago. my fault. sorry. kr On Thu, Aug 18, 2011 at 10:01 AM, anonymous anonymous <tm...@2c...> wrote: > Hi! Can you add this feature to sqlmap please? Because sometimes when huge > databases are in dumping and server halts down or in some other situatuons > sqlmap not writes database in csv and all 100-200mb database is losing. > Please! > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: anonymous a. <tm...@2c...> - 2011-08-18 08:01:36
|
<div>Hi! Can you add this feature to sqlmap please? Because sometimes when huge databases are in dumping and server halts down or in some other situatuons sqlmap not writes database in csv and all 100-200mb database is losing. Please!</div> |
|
From: Miroslav S. <mir...@gm...> - 2011-08-17 21:14:27
|
hi. have you tried either: A) --union-cols=15-25 and/or B) --level=3 ? default --level=1 test goes up to 10 columns in UNION injections (if ORDER BY can't be exploited) kr On Wed, Aug 17, 2011 at 11:10 PM, This LittlePiggy <thi...@ho...> wrote: > sqlmap/1.0-dev (r4351) > found this > > Place: GET > Parameter: id > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: id=155 AND SLEEP(5) > --- > against > web application technology: Apache, PHP 5.2.8 > back-end DBMS: MySQL 5.0.11 > banner: '5.0.77' > > but the exploit was agonizingly slow. > testing each other individual technique --technique=BEUS at default level > and risk produced no positives > > > mysqlat0r found what it terms, 'method get, with single parameter, > 'numerical without comments' positive and could quickly catalog dbs and > dump full tables > here is an example of it's exploit url > http://127.0.0.1/news/edumacation/salsandvinablals/2011/individittiual09.php?id=-666%20UNION%20ALL%20SELECT%20null, > concat(0x585858535441525444554D50585858,ID,0x7C7C7C, > user_login,0x7C7C7C,user_pass,0x7C7C7C,user_nicename,0x7C7C7C,user_email, > 0x7C7C7C,user_url,0x7C7C7C,user_registered,0x7C7C7C,user_activation_key,0x7C7C7C, > user_status,0x7C7C7C,display_name,0x7C7C7C,0x585858454E4444554D50585858), > null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20redridinghood_OSyummy2k11.wp_users%20LIMIT%200,10& > > full source for mysqlat0r available here > http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r > > > my previous experience has been that mysqlat0r only is able to exploit what > it claims to have found about 10% of the time. > > > it would be nice if sqlmap would continue to test the other techniques even > after finding a positive, and show you a list of available positives > in subsequent passes, as some are much faster, or have better features. > particularly when processing a dork resultset. > > i have seen it ask if i want to continue after a positive, but it doesn't > seem to actually attempt each of the other techniques, but just skipped to > the next result set item. I'll retest that. > i have been able to force it with the BEUST flags, and select the preferred > one at runtime, but the UI for doing so is a little clumsy. > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
48 messages has been excluded from this view by a project administrator.
