sqlmap-users Mailing List for sqlmap (Page 89)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-06-22 16:07:00
|
Hi, Tomorrow at 5:15PM GMT+1, Miroslav will be presenting at EuroPython 2011 conference in Firenze, Italy. The talk is titled "sqlmap - security development in python". Abstract follows: """ The "sqlmap" is one of the largest, widely used and most active Python projects in the IT security community (more than 2000 commits in one year period with community of over 100 active testers). It combines its developers' strong security knowledge together with analytical, mathematical and Python development skills to provide IT professionals with vibrant features. Talk would be consisted of several parts: short introduction to project and developers, developing and testing environment, programming cycle, program's workflow, technologies used, common pitfalls and how we've circumvent them, usage of mathematical models, optimizations, project's future goals. The significant part of this talk would be the immediate insight into the developing process of probably the world's most advanced open-source Python IT security project today. """ Reference: http://ep2011.europython.eu/conference/talks/sqlmap-security-developing-in-python. Don't miss it if you are there, it will be a blast! :) Good luck Miroslav, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Miroslav S. <mir...@gm...> - 2011-06-22 15:24:28
|
hi m4l1c3. could you please update and retry with the latest commit? kr On Wed, Jun 22, 2011 at 5:16 PM, m4l1c3 <mal...@gm...> wrote: > I"m getting a lot of this: > > [07:08:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4161), > retry your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any > information required to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4161) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u https://*************************** --batch --dbs > Technique: None > Back-end DBMS: None (identified) > > > iterate(node, instance) > File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate > iterate(node, instance) > File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate > iterate(node, instance) > File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate > iterate(node, instance) > File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate > iterate(node, instance) > File "/pentest/database/sqlmap/lib/core/option.py", line 333, in iterate > instance = DictObject() > RuntimeError: maximum recursion depth exceeded > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: m4l1c3 <mal...@gm...> - 2011-06-22 15:16:56
|
I"m getting a lot of this:
[07:08:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4161),
retry your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any
information required to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4161)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u https://*************************** --batch --dbs
Technique: None
Back-end DBMS: None (identified)
iterate(node, instance)
File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
File "/pentest/database/sqlmap/lib/core/option.py", line 333, in iterate
instance = DictObject()
RuntimeError: maximum recursion depth exceeded
|
|
From: Miroslav S. <mir...@gm...> - 2011-06-22 09:17:32
|
hi all. just to make official. this was fixed few days ago. thanks goes to Nicolas for reporting this bug. kr On Mon, Jun 20, 2011 at 9:20 PM, Nicolas Krassas <kr...@de...> wrote: > Hi Miroslav, i still believe there is a problem with unicode chars, > > root@fr:~/sqlmap# ./sqlmap.py -u "http://www.XXdomainXX" --crawl > > sqlmap/1.0-dev (r4143) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Authors assume no liability and > are not responsible for any misuse or damage caused by this program > > [*] starting at 22:14:48 > > [22:14:48] [INFO] setting crawling options > please enter maximum depth [Enter for 1 (default)] 3 > [22:14:51] [INFO] starting crawler > [22:14:51] [INFO] searching for links with depth 1 > [22:14:53] [INFO] searching for links with depth 2 > > [22:14:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4143), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4143) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u http://www.XXdomainXX --crawl > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > init(cmdLineOptions) > File "/root/sqlmap/lib/core/option.py", line 1827, in init > __setCrawler() > File "/root/sqlmap/lib/core/option.py", line 407, in __setCrawler > crawler.getTargetUrls(depth) > File "/root/sqlmap/lib/utils/crawler.py", line 96, in getTargetUrls > runThreads(numThreads, crawlThread) > File "/root/sqlmap/lib/core/threads.py", line 97, in runThreads > threadFunction() > File "/root/sqlmap/lib/utils/crawler.py", line 59, in crawlThread > soup = BeautifulSoup(content) > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1522, in > __init__ > BeautifulStoneSoup.__init__(self, *args, **kwargs) > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1147, in > __init__ > self._feed(isHTML=isHTML) > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1189, in > _feed > SGMLParser.feed(self, markup) > File "/usr/lib/python2.6/sgmllib.py", line 104, in feed > self.goahead(0) > File "/usr/lib/python2.6/sgmllib.py", line 143, in goahead > k = self.parse_endtag(i) > File "/usr/lib/python2.6/sgmllib.py", line 320, in parse_endtag > self.finish_endtag(tag) > File "/usr/lib/python2.6/sgmllib.py", line 358, in finish_endtag > method = getattr(self, 'end_' + tag) > UnicodeEncodeError: 'ascii' codec can't encode character u'\xae' in position > 4: ordinal not in range(128) > > [*] shutting down at 22:14:59 > > Thanks again for your fast resolutions i believe sqlmap is unique on this. > > Regards, > Nicolas > > On Mon, Jun 20, 2011 at 4:20 PM, Miroslav Stampar > <mir...@gm...> wrote: >> >> hi Nicolas. >> >> it should be fixed in the latest commit. >> >> kr >> >> On Mon, Jun 20, 2011 at 2:29 PM, Nicolas Krassas <kr...@de...> >> wrote: >> > Greetings, >> > >> > I encountered the problem below whilst trying to check the new feature >> > "crawl". Also in a different website sqlmap with crawl option enabled >> > and no >> > other tuning parameters successfully DOS apache service to a load of >> > 100++. >> > >> > root@fr:~/sqlmap# ./sqlmap.py -u "http://www.XXdomainXX.com" --crawl >> > >> > sqlmap/1.0-dev (r4137) - automatic SQL injection and database >> > takeover >> > tool >> > http://sqlmap.sourceforge.net >> > >> > [!] legal disclaimer: usage of sqlmap for attacking targets without >> > prior >> > mutual consent is illegal. It is the end user's responsibility to obey >> > all >> > applicable local, state and federal laws. Authors assume no liability >> > and >> > are not responsible for any misuse or damage caused by this program >> > >> > [*] starting at 15:24:16 >> > >> > [15:24:16] [INFO] setting crawling options >> > please enter maximum depth [Enter for 1 (default)] 3 >> > [15:24:23] [INFO] starting crawler >> > >> > [15:24:58] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4137), >> > retry >> > your run with the latest development version from the Subversion >> > repository. >> > If the exception persists, please send by e-mail to >> > sql...@li... the following text and any >> > information >> > required to reproduce the bug. The developers will try to reproduce the >> > bug, >> > fix it accordingly and get back to you. >> > sqlmap version: 1.0-dev (r4137) >> > Python version: 2.6.5 >> > Operating system: posix >> > Command line: ./sqlmap.py -u http://www.XXdomainXX.com --crawl >> > Technique: None >> > Back-end DBMS: None (identified) >> > Traceback (most recent call last): >> > File "./sqlmap.py", line 77, in main >> > init(cmdLineOptions) >> > File "/root/sqlmap/lib/core/option.py", line 1823, in init >> > __setCrawler() >> > File "/root/sqlmap/lib/core/option.py", line 407, in __setCrawler >> > crawler.getTargetUrls(depth) >> > File "/root/sqlmap/lib/utils/crawler.py", line 78, in getTargetUrls >> > runThreads(numThreads, crawlThread) >> > File "/root/sqlmap/lib/core/threads.py", line 97, in runThreads >> > threadFunction() >> > File "/root/sqlmap/lib/utils/crawler.py", line 57, in crawlThread >> > soup = BeautifulSoup(content) >> > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1519, >> > in >> > __init__ >> > BeautifulStoneSoup.__init__(self, *args, **kwargs) >> > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1144, >> > in >> > __init__ >> > self._feed(isHTML=isHTML) >> > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1186, >> > in >> > _feed >> > SGMLParser.feed(self, markup) >> > File "/usr/lib/python2.6/sgmllib.py", line 104, in feed >> > self.goahead(0) >> > File "/usr/lib/python2.6/sgmllib.py", line 143, in goahead >> > k = self.parse_endtag(i) >> > File "/usr/lib/python2.6/sgmllib.py", line 320, in parse_endtag >> > self.finish_endtag(tag) >> > File "/usr/lib/python2.6/sgmllib.py", line 358, in finish_endtag >> > method = getattr(self, 'end_' + tag) >> > UnicodeEncodeError: 'ascii' codec can't encode characters in position >> > 4-5: >> > ordinal not in range(128) >> > >> > [*] shutting down at 15:24:58 >> > >> > Regards, >> > Nicolas >> > >> > >> > ------------------------------------------------------------------------------ >> > EditLive Enterprise is the world's most technically advanced content >> > authoring tool. Experience the power of Track Changes, Inline Image >> > Editing and ensure content is compliant with Accessibility Checking. >> > http://p.sf.net/sfu/ephox-dev2dev >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-22 09:07:21
|
hi Steven. find it "patched" with the last commit. kr On Wed, Jun 22, 2011 at 4:27 AM, Steven Pinkham <ste...@gm...> wrote: > Miroslav Stampar wrote: >> p.s. >> >> with the last update (r4153) only run with non-80 ports will result in >> :port scheme (which is comformant to >> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html). >> >> this should be the best way to solve this issue. >> >> thank you for your report >> >> kr > > Note that port 443 is also optional for https urls. > > Don't have any knowledge of whether the optional use of :443 causes > problems in the real world or not. > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID CD31CAFB | > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Steven P. <ste...@gm...> - 2011-06-22 02:27:56
|
Miroslav Stampar wrote: > p.s. > > with the last update (r4153) only run with non-80 ports will result in > :port scheme (which is comformant to > http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html). > > this should be the best way to solve this issue. > > thank you for your report > > kr Note that port 443 is also optional for https urls. Don't have any knowledge of whether the optional use of :443 causes problems in the real world or not. -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | |
|
From: Miroslav S. <mir...@gm...> - 2011-06-21 20:57:28
|
p.s. with the last update (r4153) only run with non-80 ports will result in :port scheme (which is comformant to http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html). this should be the best way to solve this issue. thank you for your report kr On Tue, Jun 21, 2011 at 10:48 PM, Miroslav Stampar <mir...@gm...> wrote: > hi David. > > it should be "patched" with the latest commit. > > thing is that some web servers don't act good with Host:port scheme, > hence the behavior you've noticed. this is prone to changes and we are > opened for suggestions. > > kr > > On Tue, Jun 21, 2011 at 10:39 PM, David Rhoades > <dav...@ma...> wrote: >> I'm using sqlmap/1.0-dev (r4149). >> The HTTP Host header is missing the port number when the target is on a >> non-standard port, such as http://target:8080. >> >> Here is an example targeting OWASP's Insecure Web App >> (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). >> >> $ ./sqlmap.py --url >> "http://localhost:8080/insecure/public/Login.jsp?login=cjones&pass=chris" >> --cookie "JSESSIONID=8A4000EFEEA92B193D8DF284F6D22777" --dbs -v 6 >> >> === >> [16:29:53] [TRAFFIC OUT] HTTP request [#1]: >> GET /insecure/public/Login.jsp?login=cjones&pass=chris HTTP/1.1 >> Accept-Encoding: identity >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> Host: localhost >> Accept-language: en-us,en;q=0.5 >> Pragma: no-cache >> Cache-control: no-cache,no-store >> Cookie: JSESSIONID=8A4000EFEEA92B193D8DF284F6D22788 >> User-agent: sqlmap/1.0-dev (r4149) (http://sqlmap.sourceforge.net) >> Connection: close >> === >> >> That request goes to the correct place on port 8080 (a sniffer or MITM proxy >> shows this to be the case) but the Host header only says, "Host: localhost" >> rather than "Host: localhost:8080". In this case the web server >> (Apache-Coyote/1.1) is using the Host header to form the Location header in >> the reply to HTTP 302 redirect the user to another page after successfully >> logging in. Because the Host header is missing the port the Location header >> mistakenly says the host is localhost rather than localhost:8080, so sqlmap >> attempts to follow that link which is the wrong site (wrong port anyway). >> >> === >> HTTP/1.1 302 Moved Temporarily >> Set-Cookie: JSESSIONID=71B3FFFCA9EC2F65A998D3E555864109; Path=/insecure >> Location: http://localhost/insecure/secure/index.jsp >> Content-Type: text/html;charset=ISO-8859-1 >> Content-Length: 0 >> Date: Tue, 21 Jun 2011 16:21:57 GMT >> Server: Apache-Coyote/1.1 >> Connection: close >> === >> >> I also see the same behavior when using sqlmap against Hacme Casino >> (http://sourceforge.net/scm/?type=cvs&group_id=143089) which uses Mongrel >> 1.1.5 as its server. Hacme Casino is on port 3000. >> >> This is probably not a big deal in the real world because it's not clear if >> any other servers reference the Host header when making Location headers. >> Also, most people are probably targeting standard ports (80 and 443). But >> still, it would be great to get this fixed so we can continue to use sqlmap >> in our training labs (we have targets on non-standard ports). >> >> <semi-shameless plug> >> If you would like to see this behavior for yourself checkout the Web >> Security Dojo since it has sqlmap, InsecureWebApp, and Hacme Casino >> pre-installed (along with other goodies). http://dojo.mavensecurity.com >> I only mention that to aid in debugging sqlmap. :) >> </semi-shameless plug> >> >> -----------------------------------------------------<>< >> David Rhoades >> Maven Security Consulting Inc (www.MavenSecurity.com) >> Current Timezone: GMT-4 (Wilmington, DE) >> >> >> >> ------------------------------------------------------------------------------ >> EditLive Enterprise is the world's most technically advanced content >> authoring tool. Experience the power of Track Changes, Inline Image >> Editing and ensure content is compliant with Accessibility Checking. >> http://p.sf.net/sfu/ephox-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-21 20:48:48
|
hi David. it should be "patched" with the latest commit. thing is that some web servers don't act good with Host:port scheme, hence the behavior you've noticed. this is prone to changes and we are opened for suggestions. kr On Tue, Jun 21, 2011 at 10:39 PM, David Rhoades <dav...@ma...> wrote: > I'm using sqlmap/1.0-dev (r4149). > The HTTP Host header is missing the port number when the target is on a > non-standard port, such as http://target:8080. > > Here is an example targeting OWASP's Insecure Web App > (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). > > $ ./sqlmap.py --url > "http://localhost:8080/insecure/public/Login.jsp?login=cjones&pass=chris" > --cookie "JSESSIONID=8A4000EFEEA92B193D8DF284F6D22777" --dbs -v 6 > > === > [16:29:53] [TRAFFIC OUT] HTTP request [#1]: > GET /insecure/public/Login.jsp?login=cjones&pass=chris HTTP/1.1 > Accept-Encoding: identity > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > Host: localhost > Accept-language: en-us,en;q=0.5 > Pragma: no-cache > Cache-control: no-cache,no-store > Cookie: JSESSIONID=8A4000EFEEA92B193D8DF284F6D22788 > User-agent: sqlmap/1.0-dev (r4149) (http://sqlmap.sourceforge.net) > Connection: close > === > > That request goes to the correct place on port 8080 (a sniffer or MITM proxy > shows this to be the case) but the Host header only says, "Host: localhost" > rather than "Host: localhost:8080". In this case the web server > (Apache-Coyote/1.1) is using the Host header to form the Location header in > the reply to HTTP 302 redirect the user to another page after successfully > logging in. Because the Host header is missing the port the Location header > mistakenly says the host is localhost rather than localhost:8080, so sqlmap > attempts to follow that link which is the wrong site (wrong port anyway). > > === > HTTP/1.1 302 Moved Temporarily > Set-Cookie: JSESSIONID=71B3FFFCA9EC2F65A998D3E555864109; Path=/insecure > Location: http://localhost/insecure/secure/index.jsp > Content-Type: text/html;charset=ISO-8859-1 > Content-Length: 0 > Date: Tue, 21 Jun 2011 16:21:57 GMT > Server: Apache-Coyote/1.1 > Connection: close > === > > I also see the same behavior when using sqlmap against Hacme Casino > (http://sourceforge.net/scm/?type=cvs&group_id=143089) which uses Mongrel > 1.1.5 as its server. Hacme Casino is on port 3000. > > This is probably not a big deal in the real world because it's not clear if > any other servers reference the Host header when making Location headers. > Also, most people are probably targeting standard ports (80 and 443). But > still, it would be great to get this fixed so we can continue to use sqlmap > in our training labs (we have targets on non-standard ports). > > <semi-shameless plug> > If you would like to see this behavior for yourself checkout the Web > Security Dojo since it has sqlmap, InsecureWebApp, and Hacme Casino > pre-installed (along with other goodies). http://dojo.mavensecurity.com > I only mention that to aid in debugging sqlmap. :) > </semi-shameless plug> > > -----------------------------------------------------<>< > David Rhoades > Maven Security Consulting Inc (www.MavenSecurity.com) > Current Timezone: GMT-4 (Wilmington, DE) > > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: David R. <dav...@ma...> - 2011-06-21 20:40:19
|
I'm using sqlmap/1.0-dev (r4149). The HTTP Host header is missing the port number when the target is on a non-standard port, such as http://target:8080. Here is an example targeting OWASP's Insecure Web App (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). $ ./sqlmap.py --url "http://localhost:8080/insecure/public/Login.jsp?login=cjones&pass=chris" --cookie "JSESSIONID=8A4000EFEEA92B193D8DF284F6D22777" --dbs -v 6 === [16:29:53] [TRAFFIC OUT] HTTP request [#1]: GET /insecure/public/Login.jsp?login=cjones&pass=chris HTTP/1.1 Accept-Encoding: identity Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: localhost Accept-language: en-us,en;q=0.5 Pragma: no-cache Cache-control: no-cache,no-store Cookie: JSESSIONID=8A4000EFEEA92B193D8DF284F6D22788 User-agent: sqlmap/1.0-dev (r4149) (http://sqlmap.sourceforge.net) Connection: close === That request goes to the correct place on port 8080 (a sniffer or MITM proxy shows this to be the case) but the Host header only says, "Host: localhost" rather than "Host: localhost:8080". In this case the web server (Apache-Coyote/1.1) is using the Host header to form the Location header in the reply to HTTP 302 redirect the user to another page after successfully logging in. Because the Host header is missing the port the Location header mistakenly says the host is localhost rather than localhost:8080, so sqlmap attempts to follow that link which is the wrong site (wrong port anyway). === HTTP/1.1 302 Moved Temporarily Set-Cookie: JSESSIONID=71B3FFFCA9EC2F65A998D3E555864109; Path=/insecure Location: http://localhost/insecure/secure/index.jsp Content-Type: text/html;charset=ISO-8859-1 Content-Length: 0 Date: Tue, 21 Jun 2011 16:21:57 GMT Server: Apache-Coyote/1.1 Connection: close === I also see the same behavior when using sqlmap against Hacme Casino (http://sourceforge.net/scm/?type=cvs&group_id=143089) which uses Mongrel 1.1.5 as its server. Hacme Casino is on port 3000. This is probably not a big deal in the real world because it's not clear if any other servers reference the Host header when making Location headers. Also, most people are probably targeting standard ports (80 and 443). But still, it would be great to get this fixed so we can continue to use sqlmap in our training labs (we have targets on non-standard ports). <semi-shameless plug> If you would like to see this behavior for yourself checkout the Web Security Dojo since it has sqlmap, InsecureWebApp, and Hacme Casino pre-installed (along with other goodies). http://dojo.mavensecurity.com I only mention that to aid in debugging sqlmap. :) </semi-shameless plug> -----------------------------------------------------<>< David Rhoades Maven Security Consulting Inc (www.MavenSecurity.com) Current Timezone: GMT-4 (Wilmington, DE) |
|
From: Anastasios M. <ana...@gm...> - 2011-06-21 20:25:17
|
Hello, excellent response as always:) Tried Burp 1.3.08 and ZAP 1.3.0 also just set a local ncat listener to check if any traffic will come through but nothing sent using r4151, sqlmap/0.9 worked fine though. Thanks! On 21 June 2011 23:08, Miroslav Stampar <mir...@gm...> wrote: > hi Anastasios. > > this is probably related to the "DNS leakage patch" which was done > recently. > > could you please tell which "proxy tool" are you using (if any)? i've > tried with Burp and Tor and everything worked fine. > > kr > > On Tue, Jun 21, 2011 at 10:01 PM, Anastasios Monachos > <ana...@gm...> wrote: > > Hi all, > > > > Not sure if the problem relates with the one described in a previous post > by > > David Alvarez, however, again, the traffic never goes through my proxy > using > > the command below, this does not seem to happen for sqlmap/0.9 > > > > [secuid0] /opt/pentest/svn/sqlmap $ ./sqlmap.py -u > > "http://www.xxxxxxxxx.xxxx/xyz/qwe/page.asp?par1=2&par2=2&par3=62" -p > par3 > > --dbs --random-agent --proxy "http://127.0.0.1:8080" > > > > sqlmap/1.0-dev (r4151) - automatic SQL injection and database > takeover > > tool > > http://sqlmap.sourceforge.net > > > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > > mutual consent is illegal. It is the end user's responsibility to obey > all > > applicable local, state and federal laws. Authors assume no liability and > > are not responsible for any misuse or damage caused by this program > > > > [*] starting at 22:46:49 > > > > [22:37:49] [DEBUG] cleaning up configuration parameters > > [22:37:49] [DEBUG] setting the HTTP timeout > > [22:37:49] [DEBUG] loading random HTTP User-Agent header(s) from file > > '/opt/pentest/svn/sqlmap/txt/user-agents.txt' > > [22:37:49] [INFO] fetched random HTTP User-Agent header from file > > '/opt/pentest/svn/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; > > Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060918 Firefox/2.0 > > [22:37:49] [DEBUG] setting the HTTP method to GET > > [22:37:49] [DEBUG] setting the HTTP proxy to pass by all HTTP requests > > [22:37:49] [DEBUG] creating HTTP requests opener object > > [22:37:49] [INFO] using > > '/opt/pentest/svn/sqlmap/output/www.xxxxxxxxx.xxx/session' as session > file > > [22:37:49] [INFO] resuming injection data from session file > > [22:37:49] [INFO] resuming back-end DBMS 'microsoft sql server 20xx' from > > session file > > [22:37:49] [INFO] testing connection to the target url > > [22:37:49] [CRITICAL] unable to connect to the target url or proxy, > sqlmap > > is going to retry the request > > [22:37:49] [WARNING] if the problem persists please check that the > provided > > target url is valid. If it is, you can try to rerun with the > --random-agent > > switch turned on and/or proxy switches (--ignore-proxy, --proxy,...) > > [22:37:50] [CRITICAL] unable to connect to the target url or proxy, > sqlmap > > is going to retry the request > > [22:37:51] [CRITICAL] unable to connect to the target url or proxy, > sqlmap > > is going to retry the request > > [22:37:52] [CRITICAL] unable to connect to the target url or proxy > > > > [*] shutting down at 22:46:52 > > > > > > Thanks! > > -- > > AM (secuid0) > > Key ID: 0x5EB17EE7 > > > > > ------------------------------------------------------------------------------ > > EditLive Enterprise is the world's most technically advanced content > > authoring tool. Experience the power of Track Changes, Inline Image > > Editing and ensure content is compliant with Accessibility Checking. > > http://p.sf.net/sfu/ephox-dev2dev > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar (@stamparm) > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- AM (secuid0) Key ID: 0x5EB17EE7 |
|
From: Miroslav S. <mir...@gm...> - 2011-06-21 20:08:41
|
hi Anastasios. this is probably related to the "DNS leakage patch" which was done recently. could you please tell which "proxy tool" are you using (if any)? i've tried with Burp and Tor and everything worked fine. kr On Tue, Jun 21, 2011 at 10:01 PM, Anastasios Monachos <ana...@gm...> wrote: > Hi all, > > Not sure if the problem relates with the one described in a previous post by > David Alvarez, however, again, the traffic never goes through my proxy using > the command below, this does not seem to happen for sqlmap/0.9 > > [secuid0] /opt/pentest/svn/sqlmap $ ./sqlmap.py -u > "http://www.xxxxxxxxx.xxxx/xyz/qwe/page.asp?par1=2&par2=2&par3=62" -p par3 > --dbs --random-agent --proxy "http://127.0.0.1:8080" > > sqlmap/1.0-dev (r4151) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Authors assume no liability and > are not responsible for any misuse or damage caused by this program > > [*] starting at 22:46:49 > > [22:37:49] [DEBUG] cleaning up configuration parameters > [22:37:49] [DEBUG] setting the HTTP timeout > [22:37:49] [DEBUG] loading random HTTP User-Agent header(s) from file > '/opt/pentest/svn/sqlmap/txt/user-agents.txt' > [22:37:49] [INFO] fetched random HTTP User-Agent header from file > '/opt/pentest/svn/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060918 Firefox/2.0 > [22:37:49] [DEBUG] setting the HTTP method to GET > [22:37:49] [DEBUG] setting the HTTP proxy to pass by all HTTP requests > [22:37:49] [DEBUG] creating HTTP requests opener object > [22:37:49] [INFO] using > '/opt/pentest/svn/sqlmap/output/www.xxxxxxxxx.xxx/session' as session file > [22:37:49] [INFO] resuming injection data from session file > [22:37:49] [INFO] resuming back-end DBMS 'microsoft sql server 20xx' from > session file > [22:37:49] [INFO] testing connection to the target url > [22:37:49] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [22:37:49] [WARNING] if the problem persists please check that the provided > target url is valid. If it is, you can try to rerun with the --random-agent > switch turned on and/or proxy switches (--ignore-proxy, --proxy,...) > [22:37:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [22:37:51] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [22:37:52] [CRITICAL] unable to connect to the target url or proxy > > [*] shutting down at 22:46:52 > > > Thanks! > -- > AM (secuid0) > Key ID: 0x5EB17EE7 > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Anastasios M. <ana...@gm...> - 2011-06-21 20:01:59
|
Hi all,
Not sure if the problem relates with the one described in a previous post by
David Alvarez, however, again, the traffic never goes through my proxy using
the command below, this does not seem to happen for sqlmap/0.9
[secuid0] /opt/pentest/svn/sqlmap $ ./sqlmap.py -u "
http://www.xxxxxxxxx.xxxx/xyz/qwe/page.asp?par1=2&par2=2&par3=62" -p par3
--dbs --random-agent --proxy "http://127.0.0.1:8080"
sqlmap/1.0-dev (r4151) - automatic SQL injection and database takeover
tool
http://sqlmap.sourceforge.net
[!] legal disclaimer: usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Authors assume no liability and
are not responsible for any misuse or damage caused by this program
[*] starting at 22:46:49
[22:37:49] [DEBUG] cleaning up configuration parameters
[22:37:49] [DEBUG] setting the HTTP timeout
[22:37:49] [DEBUG] loading random HTTP User-Agent header(s) from file
'/opt/pentest/svn/sqlmap/txt/user-agents.txt'
[22:37:49] [INFO] fetched random HTTP User-Agent header from file
'/opt/pentest/svn/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.8.1) Gecko/20060918 Firefox/2.0
[22:37:49] [DEBUG] setting the HTTP method to GET
[22:37:49] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
[22:37:49] [DEBUG] creating HTTP requests opener object
[22:37:49] [INFO] using
'/opt/pentest/svn/sqlmap/output/www.xxxxxxxxx.xxx/session' as session file
[22:37:49] [INFO] resuming injection data from session file
[22:37:49] [INFO] resuming back-end DBMS 'microsoft sql server 20xx' from
session file
[22:37:49] [INFO] testing connection to the target url
[22:37:49] [CRITICAL] unable to connect to the target url or proxy, sqlmap
is going to retry the request
[22:37:49] [WARNING] if the problem persists please check that the provided
target url is valid. If it is, you can try to rerun with the --random-agent
switch turned on and/or proxy switches (--ignore-proxy, --proxy,...)
[22:37:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap
is going to retry the request
[22:37:51] [CRITICAL] unable to connect to the target url or proxy, sqlmap
is going to retry the request
[22:37:52] [CRITICAL] unable to connect to the target url or proxy
[*] shutting down at 22:46:52
Thanks!
--
AM (secuid0)
Key ID: 0x5EB17EE7
|
|
From: Miroslav S. <mir...@gm...> - 2011-06-20 21:33:29
|
p.s.: there were few really nasty bugs involved. now it should be pretty stable kr On Mon, Jun 20, 2011 at 1:43 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi all. > > With the last commit you'll find --crawl (multithreaded) switch implemented. > > Example of usage: > python sqlmap.py -u www.site.com --crawl > > It's a basic HTML scrapping crawler based on BeautifulSoup module. > > KR > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Nicolas K. <kr...@de...> - 2011-06-20 19:20:24
|
Hi Miroslav, i still believe there is a problem with unicode chars,
root@fr:~/sqlmap# ./sqlmap.py -u "http://www.XXdomainXX" --crawl
sqlmap/1.0-dev (r4143) - automatic SQL injection and database takeover
tool
http://sqlmap.sourceforge.net
[!] legal disclaimer: usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Authors assume no liability and
are not responsible for any misuse or damage caused by this program
[*] starting at 22:14:48
[22:14:48] [INFO] setting crawling options
please enter maximum depth [Enter for 1 (default)] 3
[22:14:51] [INFO] starting crawler
[22:14:51] [INFO] searching for links with depth 1
[22:14:53] [INFO] searching for links with depth 2
[22:14:59] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4143), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4143)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u http://www.XXdomainXX --crawl
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 77, in main
init(cmdLineOptions)
File "/root/sqlmap/lib/core/option.py", line 1827, in init
__setCrawler()
File "/root/sqlmap/lib/core/option.py", line 407, in __setCrawler
crawler.getTargetUrls(depth)
File "/root/sqlmap/lib/utils/crawler.py", line 96, in getTargetUrls
runThreads(numThreads, crawlThread)
File "/root/sqlmap/lib/core/threads.py", line 97, in runThreads
threadFunction()
File "/root/sqlmap/lib/utils/crawler.py", line 59, in crawlThread
soup = BeautifulSoup(content)
File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1522, in
__init__
BeautifulStoneSoup.__init__(self, *args, **kwargs)
File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1147, in
__init__
self._feed(isHTML=isHTML)
File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1189, in
_feed
SGMLParser.feed(self, markup)
File "/usr/lib/python2.6/sgmllib.py", line 104, in feed
self.goahead(0)
File "/usr/lib/python2.6/sgmllib.py", line 143, in goahead
k = self.parse_endtag(i)
File "/usr/lib/python2.6/sgmllib.py", line 320, in parse_endtag
self.finish_endtag(tag)
File "/usr/lib/python2.6/sgmllib.py", line 358, in finish_endtag
method = getattr(self, 'end_' + tag)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xae' in position
4: ordinal not in range(128)
[*] shutting down at 22:14:59
Thanks again for your fast resolutions i believe sqlmap is unique on this.
Regards,
Nicolas
On Mon, Jun 20, 2011 at 4:20 PM, Miroslav Stampar <
mir...@gm...> wrote:
> hi Nicolas.
>
> it should be fixed in the latest commit.
>
> kr
>
> On Mon, Jun 20, 2011 at 2:29 PM, Nicolas Krassas <kr...@de...>
> wrote:
> > Greetings,
> >
> > I encountered the problem below whilst trying to check the new feature
> > "crawl". Also in a different website sqlmap with crawl option enabled and
> no
> > other tuning parameters successfully DOS apache service to a load of
> 100++.
> >
> > root@fr:~/sqlmap# ./sqlmap.py -u "http://www.XXdomainXX.com" --crawl
> >
> > sqlmap/1.0-dev (r4137) - automatic SQL injection and database
> takeover
> > tool
> > http://sqlmap.sourceforge.net
> >
> > [!] legal disclaimer: usage of sqlmap for attacking targets without prior
> > mutual consent is illegal. It is the end user's responsibility to obey
> all
> > applicable local, state and federal laws. Authors assume no liability and
> > are not responsible for any misuse or damage caused by this program
> >
> > [*] starting at 15:24:16
> >
> > [15:24:16] [INFO] setting crawling options
> > please enter maximum depth [Enter for 1 (default)] 3
> > [15:24:23] [INFO] starting crawler
> >
> > [15:24:58] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4137),
> retry
> > your run with the latest development version from the Subversion
> repository.
> > If the exception persists, please send by e-mail to
> > sql...@li... the following text and any
> information
> > required to reproduce the bug. The developers will try to reproduce the
> bug,
> > fix it accordingly and get back to you.
> > sqlmap version: 1.0-dev (r4137)
> > Python version: 2.6.5
> > Operating system: posix
> > Command line: ./sqlmap.py -u http://www.XXdomainXX.com --crawl
> > Technique: None
> > Back-end DBMS: None (identified)
> > Traceback (most recent call last):
> > File "./sqlmap.py", line 77, in main
> > init(cmdLineOptions)
> > File "/root/sqlmap/lib/core/option.py", line 1823, in init
> > __setCrawler()
> > File "/root/sqlmap/lib/core/option.py", line 407, in __setCrawler
> > crawler.getTargetUrls(depth)
> > File "/root/sqlmap/lib/utils/crawler.py", line 78, in getTargetUrls
> > runThreads(numThreads, crawlThread)
> > File "/root/sqlmap/lib/core/threads.py", line 97, in runThreads
> > threadFunction()
> > File "/root/sqlmap/lib/utils/crawler.py", line 57, in crawlThread
> > soup = BeautifulSoup(content)
> > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1519, in
> > __init__
> > BeautifulStoneSoup.__init__(self, *args, **kwargs)
> > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1144, in
> > __init__
> > self._feed(isHTML=isHTML)
> > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1186, in
> > _feed
> > SGMLParser.feed(self, markup)
> > File "/usr/lib/python2.6/sgmllib.py", line 104, in feed
> > self.goahead(0)
> > File "/usr/lib/python2.6/sgmllib.py", line 143, in goahead
> > k = self.parse_endtag(i)
> > File "/usr/lib/python2.6/sgmllib.py", line 320, in parse_endtag
> > self.finish_endtag(tag)
> > File "/usr/lib/python2.6/sgmllib.py", line 358, in finish_endtag
> > method = getattr(self, 'end_' + tag)
> > UnicodeEncodeError: 'ascii' codec can't encode characters in position
> 4-5:
> > ordinal not in range(128)
> >
> > [*] shutting down at 15:24:58
> >
> > Regards,
> > Nicolas
> >
> >
> ------------------------------------------------------------------------------
> > EditLive Enterprise is the world's most technically advanced content
> > authoring tool. Experience the power of Track Changes, Inline Image
> > Editing and ensure content is compliant with Accessibility Checking.
> > http://p.sf.net/sfu/ephox-dev2dev
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>
|
|
From: <ja...@ev...> - 2011-06-20 17:09:05
|
Hi, This is easily accomplished with already available tools. ex: route add -host 1.1.1.1 dev eth0:0 gw your_gw cheers james On Mon, 20 Jun 2011 19:05:07 +0200, Miroslav Stampar wrote: > ok. > > you probably need something like: > > http://www.thegoldfish.org/2009/05/python-httpconnection-bound-to-network-interface/ > > we'll see what can be done (these days) > > kr > > On Mon, Jun 20, 2011 at 6:55 PM, Miroslav Stampar > <mir...@gm...> wrote: >> hi Kirill. >> >> you mean something like -e eth0? >> >> kr >> >> On Mon, Jun 20, 2011 at 5:24 PM, Kirill Morozov <l0...@l0...> >> wrote: >>> Hi, >>> it would be very useful if i could specify another source ip >>> address from >>> interface for sqlmap http requests. >>> >>> -- >>> Kirill Morozov >>> KIMO2-RIPE, RHCE >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> EditLive Enterprise is the world's most technically advanced >>> content >>> authoring tool. Experience the power of Track Changes, Inline Image >>> Editing and ensure content is compliant with Accessibility >>> Checking. >>> http://p.sf.net/sfu/ephox-dev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Miroslav S. <mir...@gm...> - 2011-06-20 17:05:18
|
ok. you probably need something like: http://www.thegoldfish.org/2009/05/python-httpconnection-bound-to-network-interface/ we'll see what can be done (these days) kr On Mon, Jun 20, 2011 at 6:55 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Kirill. > > you mean something like -e eth0? > > kr > > On Mon, Jun 20, 2011 at 5:24 PM, Kirill Morozov <l0...@l0...> wrote: >> Hi, >> it would be very useful if i could specify another source ip address from >> interface for sqlmap http requests. >> >> -- >> Kirill Morozov >> KIMO2-RIPE, RHCE >> >> >> >> ------------------------------------------------------------------------------ >> EditLive Enterprise is the world's most technically advanced content >> authoring tool. Experience the power of Track Changes, Inline Image >> Editing and ensure content is compliant with Accessibility Checking. >> http://p.sf.net/sfu/ephox-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-20 16:56:06
|
hi Kirill. you mean something like -e eth0? kr On Mon, Jun 20, 2011 at 5:24 PM, Kirill Morozov <l0...@l0...> wrote: > Hi, > it would be very useful if i could specify another source ip address from > interface for sqlmap http requests. > > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Kirill M. <l0...@l0...> - 2011-06-20 16:18:12
|
Hi, it would be very useful if i could specify another source ip address from interface for sqlmap http requests. -- Kirill Morozov KIMO2-RIPE, RHCE |
|
From: Miroslav S. <mir...@gm...> - 2011-06-20 13:21:07
|
hi Nicolas. it should be fixed in the latest commit. kr On Mon, Jun 20, 2011 at 2:29 PM, Nicolas Krassas <kr...@de...> wrote: > Greetings, > > I encountered the problem below whilst trying to check the new feature > "crawl". Also in a different website sqlmap with crawl option enabled and no > other tuning parameters successfully DOS apache service to a load of 100++. > > root@fr:~/sqlmap# ./sqlmap.py -u "http://www.XXdomainXX.com" --crawl > > sqlmap/1.0-dev (r4137) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Authors assume no liability and > are not responsible for any misuse or damage caused by this program > > [*] starting at 15:24:16 > > [15:24:16] [INFO] setting crawling options > please enter maximum depth [Enter for 1 (default)] 3 > [15:24:23] [INFO] starting crawler > > [15:24:58] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4137), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4137) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -u http://www.XXdomainXX.com --crawl > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 77, in main > init(cmdLineOptions) > File "/root/sqlmap/lib/core/option.py", line 1823, in init > __setCrawler() > File "/root/sqlmap/lib/core/option.py", line 407, in __setCrawler > crawler.getTargetUrls(depth) > File "/root/sqlmap/lib/utils/crawler.py", line 78, in getTargetUrls > runThreads(numThreads, crawlThread) > File "/root/sqlmap/lib/core/threads.py", line 97, in runThreads > threadFunction() > File "/root/sqlmap/lib/utils/crawler.py", line 57, in crawlThread > soup = BeautifulSoup(content) > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1519, in > __init__ > BeautifulStoneSoup.__init__(self, *args, **kwargs) > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1144, in > __init__ > self._feed(isHTML=isHTML) > File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1186, in > _feed > SGMLParser.feed(self, markup) > File "/usr/lib/python2.6/sgmllib.py", line 104, in feed > self.goahead(0) > File "/usr/lib/python2.6/sgmllib.py", line 143, in goahead > k = self.parse_endtag(i) > File "/usr/lib/python2.6/sgmllib.py", line 320, in parse_endtag > self.finish_endtag(tag) > File "/usr/lib/python2.6/sgmllib.py", line 358, in finish_endtag > method = getattr(self, 'end_' + tag) > UnicodeEncodeError: 'ascii' codec can't encode characters in position 4-5: > ordinal not in range(128) > > [*] shutting down at 15:24:58 > > Regards, > Nicolas > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Nicolas K. <kr...@de...> - 2011-06-20 12:55:07
|
Greetings, I encountered the problem below whilst trying to check the new feature "crawl". Also in a different website sqlmap with crawl option enabled and no other tuning parameters successfully DOS apache service to a load of 100++. root@fr:~/sqlmap# ./sqlmap.py -u "http://www.XXdomainXX.com" --crawl sqlmap/1.0-dev (r4137) - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 15:24:16 [15:24:16] [INFO] setting crawling options please enter maximum depth [Enter for 1 (default)] 3 [15:24:23] [INFO] starting crawler [15:24:58] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4137), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev (r4137) Python version: 2.6.5 Operating system: posix Command line: ./sqlmap.py -u http://www.XXdomainXX.com --crawl Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "./sqlmap.py", line 77, in main init(cmdLineOptions) File "/root/sqlmap/lib/core/option.py", line 1823, in init __setCrawler() File "/root/sqlmap/lib/core/option.py", line 407, in __setCrawler crawler.getTargetUrls(depth) File "/root/sqlmap/lib/utils/crawler.py", line 78, in getTargetUrls runThreads(numThreads, crawlThread) File "/root/sqlmap/lib/core/threads.py", line 97, in runThreads threadFunction() File "/root/sqlmap/lib/utils/crawler.py", line 57, in crawlThread soup = BeautifulSoup(content) File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1519, in __init__ BeautifulStoneSoup.__init__(self, *args, **kwargs) File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1144, in __init__ self._feed(isHTML=isHTML) File "/root/sqlmap/extra/beautifulsoup/beautifulsoup.py", line 1186, in _feed SGMLParser.feed(self, markup) File "/usr/lib/python2.6/sgmllib.py", line 104, in feed self.goahead(0) File "/usr/lib/python2.6/sgmllib.py", line 143, in goahead k = self.parse_endtag(i) File "/usr/lib/python2.6/sgmllib.py", line 320, in parse_endtag self.finish_endtag(tag) File "/usr/lib/python2.6/sgmllib.py", line 358, in finish_endtag method = getattr(self, 'end_' + tag) UnicodeEncodeError: 'ascii' codec can't encode characters in position 4-5: ordinal not in range(128) [*] shutting down at 15:24:58 Regards, Nicolas |
|
From: André S. <and...@gm...> - 2011-06-20 12:12:33
|
Sirs, I got a question: I´m receiving this error from an sqlmap " --os-shel"l command on a MSSQL database. [13:06:03] [CRITICAL] unable to prompt for an interactive operating system shell via the back-end DBMS because stacked queries SQL injection is not supported Using the same url but from internal network i got the disered shell [13:08:46] [INFO] going to use xp_cmdshell extended procedure for operating system command execution [13:08:46] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER os-shell> exit Is this a normal? BR 2011/6/20 Miroslav Stampar <mir...@gm...> > Hi all. > > With the last commit you'll find --crawl (multithreaded) switch > implemented. > > Example of usage: > python sqlmap.py -u www.site.com --crawl > > It's a basic HTML scrapping crawler based on BeautifulSoup module. > > KR > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Miroslav S. <mir...@gm...> - 2011-06-20 11:43:51
|
Hi all. With the last commit you'll find --crawl (multithreaded) switch implemented. Example of usage: python sqlmap.py -u www.site.com --crawl It's a basic HTML scrapping crawler based on BeautifulSoup module. KR -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: David A. <dav...@gm...> - 2011-06-20 08:05:37
|
Hi, @buawig Thank you for your help. You understood me! @Miroslav Thank you very much for the patch kind regards From: Miroslav Stampar <miroslav.stampar@...<http://gmane.org/get-address.php?address=miroslav.stampar%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org> > Subject: Re: sqlmap through proxy<http://news.gmane.org/find-root.php?message_id=%3cBANLkTinzosjQ04uiRX3x0srZFPGrUCmouw%40mail.gmail.com%3e> Newsgroups: gmane.comp.security.sqlmap<http://news.gmane.org/gmane.comp.security.sqlmap> Date: 2011-06-19 09:54:19 GMT (22 hours and 4 minutes ago) hi buawig. find it "patched" in the latest commit. kind regards On Sun, Jun 19, 2011 at 1:33 AM, <buawig@... <http://gmane.org/get-address.php?address=buawig%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org>> wrote: > Miroslav Stampar wrote: >> quote from that same paragraph: >> >> " >> 10.5.5 504 Gateway Timeout >> >> The server, while acting as a gateway or proxy, did not receive a >> timely response from the upstream server specified by the URI (e.g. >> HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed >> to access in attempting to complete the request. >> " >> >> it clearly says that 504 is a general timeout without specific >> "cause". it says that it can be caused by remote server, DNS,... > > Yes I read the paragraph that I linked. ;) > > >> thing is that we don't know what's causing it (neither that 504 says >> the source as stated from that paragraph) and we need to treat it as >> any other timeout. also, i don't see any problems with that approach. > > You probably misunderstood me or I was not clear enough. > The important thing was > "the response came not from the upstream target specified in -u and > should not interpreted as such" > > If sqlmap would treat 504 'as any other timeout' then I wouldn't have > posted the link because that is what I'm expecting - sqlmap should treat > 504 like timeouts, but it does not seam to treat it as a timeout at all: > > test on a _*non*_ existing domain with proxy while the proxy returns 504 > +html page (status page): > > [INFO] testing connection to the target url > [INFO] heuristics detected web page charset 'ascii' > [WARNING] the web server responded with an HTTP error code which could > interfere with the results of the tests > [INFO] testing if the url is stable, wait a few seconds > [WARNING] url is not stable, sqlmap will base the page comparison on a > sequence matcher. If no dynamic nor injectable parameters are detected, > or in case of junk results, refer to user's manual paragraph 'Page > comparison' and provide a string or regular expression to match on > how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] > > >From this output I guess sqlmap interprets the html page from the proxy > (504 status page) as if it were the page from the target and starts > testing. The question is, why does it start testing when it doesn't > reach the target? > > It probably should look like this: > > [INFO] testing connection to the target url > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), > sqlmap is going to retry the request > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, > sqlmap is going to retry the request > > [*] shutting down... > > sqlmap should not interpret the html page from the proxy as an html page > from a target if the proxy returns 504 (the reason does not really matter). > > > In future everyone will return 504 to avoid sqlmap scans ;) > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@... <http://gmane.org/get-address.php?address=sqlmap%2dusers%2d5NWGOfrQmneRv%2bLV9MX5uipxlwaOVQ5f%40public.gmane.org> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar On Fri, Jun 17, 2011 at 4:11 PM, Miroslav Stampar < mir...@gm...> wrote: > hi buawig. > > well, sure there is a misunderstanding here :) > > http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy > > quote: > "Even when connecting via a proxy your browser needs to get the IP > address for the web site domain. Generally it will directly query the > DNS servers. If you are using a Socks 5 proxy, you can have the DNS > queries go through your proxy." > > there has to be a DNS request when dealing with HTTP proxy. > > about DNS leaks with TOR. we are aware of this issue and there is no > easy way out of it. believe me. I've spent three days searching and > implementing and there is NO easy way out of it. we can try to search > and use things like "tor-resolve" but it will work just for minor > number of cases (users which prepare environment for it). > > also, remember that solution I was doing for web based nslookup. i > still have the code, but it would be a decision on a user to trust it > or not. > > kr > > On Fri, Jun 17, 2011 at 3:41 PM, <bu...@gm...> wrote: > > Miroslav Stampar wrote: > >> hi David. > >> > >> you won't be able to redirect DNS requests through HTTP(s) proxy for > sure. > > > > I think there is a misunderstanding here. > > > > If you configure an application to route its HTTP(s) requests through a > > proxy the application itself should not generate any DNS requests. > > The application will also not send DNS requests to the proxy. > > > > The application - in this case sqlmap - should just ask the proxy to > > send a HTTP request to example.com, the proxy will take care of DNS > > resolution. > > > > I just tried sqlmap with --proxy and this is in my opinion a bug because > > sqlmap issues DNS queries even if --proxy is used. > > > > This bug can be quite serious for the guys using > > --tor > > or > > --proxy http://localhost:8118 > > because sqlmap will leak DNS queries to the local DNS server. > > > > > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Miroslav S. <mir...@gm...> - 2011-06-19 09:54:28
|
hi buawig. find it "patched" in the latest commit. kind regards On Sun, Jun 19, 2011 at 1:33 AM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> quote from that same paragraph: >> >> " >> 10.5.5 504 Gateway Timeout >> >> The server, while acting as a gateway or proxy, did not receive a >> timely response from the upstream server specified by the URI (e.g. >> HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed >> to access in attempting to complete the request. >> " >> >> it clearly says that 504 is a general timeout without specific >> "cause". it says that it can be caused by remote server, DNS,... > > Yes I read the paragraph that I linked. ;) > > >> thing is that we don't know what's causing it (neither that 504 says >> the source as stated from that paragraph) and we need to treat it as >> any other timeout. also, i don't see any problems with that approach. > > You probably misunderstood me or I was not clear enough. > The important thing was > "the response came not from the upstream target specified in -u and > should not interpreted as such" > > If sqlmap would treat 504 'as any other timeout' then I wouldn't have > posted the link because that is what I'm expecting - sqlmap should treat > 504 like timeouts, but it does not seam to treat it as a timeout at all: > > test on a _non_ existing domain with proxy while the proxy returns 504 > +html page (status page): > > [INFO] testing connection to the target url > [INFO] heuristics detected web page charset 'ascii' > [WARNING] the web server responded with an HTTP error code which could > interfere with the results of the tests > [INFO] testing if the url is stable, wait a few seconds > [WARNING] url is not stable, sqlmap will base the page comparison on a > sequence matcher. If no dynamic nor injectable parameters are detected, > or in case of junk results, refer to user's manual paragraph 'Page > comparison' and provide a string or regular expression to match on > how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] > > >From this output I guess sqlmap interprets the html page from the proxy > (504 status page) as if it were the page from the target and starts > testing. The question is, why does it start testing when it doesn't > reach the target? > > It probably should look like this: > > [INFO] testing connection to the target url > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), > sqlmap is going to retry the request > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, > sqlmap is going to retry the request > > [*] shutting down... > > sqlmap should not interpret the html page from the proxy as an html page > from a target if the proxy returns 504 (the reason does not really matter). > > > In future everyone will return 504 to avoid sqlmap scans ;) > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-18 23:33:29
|
Miroslav Stampar wrote: > quote from that same paragraph: > > " > 10.5.5 504 Gateway Timeout > > The server, while acting as a gateway or proxy, did not receive a > timely response from the upstream server specified by the URI (e.g. > HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed > to access in attempting to complete the request. > " > > it clearly says that 504 is a general timeout without specific > "cause". it says that it can be caused by remote server, DNS,... Yes I read the paragraph that I linked. ;) > thing is that we don't know what's causing it (neither that 504 says > the source as stated from that paragraph) and we need to treat it as > any other timeout. also, i don't see any problems with that approach. You probably misunderstood me or I was not clear enough. The important thing was "the response came not from the upstream target specified in -u and should not interpreted as such" If sqlmap would treat 504 'as any other timeout' then I wouldn't have posted the link because that is what I'm expecting - sqlmap should treat 504 like timeouts, but it does not seam to treat it as a timeout at all: test on a _non_ existing domain with proxy while the proxy returns 504 +html page (status page): [INFO] testing connection to the target url [INFO] heuristics detected web page charset 'ascii' [WARNING] the web server responded with an HTTP error code which could interfere with the results of the tests [INFO] testing if the url is stable, wait a few seconds [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] >From this output I guess sqlmap interprets the html page from the proxy (504 status page) as if it were the page from the target and starts testing. The question is, why does it start testing when it doesn't reach the target? It probably should look like this: [INFO] testing connection to the target url [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), sqlmap is going to retry the request [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, sqlmap is going to retry the request [*] shutting down... sqlmap should not interpret the html page from the proxy as an html page from a target if the proxy returns 504 (the reason does not really matter). In future everyone will return 504 to avoid sqlmap scans ;) |
48 messages has been excluded from this view by a project administrator.
