sqlmap-users Mailing List for sqlmap (Page 90)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2011-06-18 22:42:51
|
quote from that same paragraph: " 10.5.5 504 Gateway Timeout The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server specified by the URI (e.g. HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed to access in attempting to complete the request. " it clearly says that 504 is a general timeout without specific "cause". it says that it can be caused by remote server, DNS,... thing is that we don't know what's causing it (neither that 504 says the source as stated from that paragraph) and we need to treat it as any other timeout. also, i don't see any problems with that approach. if you have other idea you are more than welcome to share. kr On Sun, Jun 19, 2011 at 12:21 AM, <bu...@gm...> wrote: > > If the proxy returns 504 the hostname is probably not existing, > but in anyway the response came not from the upstream target (specified > in -u) and should not interpreted as such. > http://tools.ietf.org/html/rfc2616#section-10.5.5 > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-18 22:21:55
|
If the proxy returns 504 the hostname is probably not existing, but in anyway the response came not from the upstream target (specified in -u) and should not interpreted as such. http://tools.ietf.org/html/rfc2616#section-10.5.5 |
|
From: Miroslav S. <mir...@gm...> - 2011-06-18 15:36:11
|
hi. i've just came home and updated to the latest revision and everything works here too. kr On Sat, Jun 18, 2011 at 4:43 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Can you please run: > > ls -l lib/techniques/* > > Here it broke nothing. svn update please. > > B > > On 18 June 2011 15:40, m4l1c3 <mal...@gm...> wrote: >> with no switches: >> >> Traceback (most recent call last): >> File "./sqlmap.py", line 27, in <module> >> from lib.controller.controller import start >> File "/pentest/database/sqlmap/lib/controller/controller.py", line >> 13, in <module> >> from lib.controller.action import action >> File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in <module> >> from lib.controller.handler import setHandler >> File "/pentest/database/sqlmap/lib/controller/handler.py", line 29, >> in <module> >> from plugins.dbms.mysql import MySQLMap >> File "/pentest/database/sqlmap/plugins/dbms/mysql/__init__.py", line >> 15, in <module> >> from plugins.dbms.mysql.filesystem import Filesystem >> File "/pentest/database/sqlmap/plugins/dbms/mysql/filesystem.py", >> line 18, in <module> >> from lib.techniques.union.use import unionUse >> ImportError: No module named union.use >> >> ------------------------------------------------------------------------------ >> EditLive Enterprise is the world's most technically advanced content >> authoring tool. Experience the power of Track Changes, Inline Image >> Editing and ensure content is compliant with Accessibility Checking. >> http://p.sf.net/sfu/ephox-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-06-18 14:43:26
|
Can you please run: ls -l lib/techniques/* Here it broke nothing. svn update please. B On 18 June 2011 15:40, m4l1c3 <mal...@gm...> wrote: > with no switches: > > Traceback (most recent call last): > File "./sqlmap.py", line 27, in <module> > from lib.controller.controller import start > File "/pentest/database/sqlmap/lib/controller/controller.py", line > 13, in <module> > from lib.controller.action import action > File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in <module> > from lib.controller.handler import setHandler > File "/pentest/database/sqlmap/lib/controller/handler.py", line 29, > in <module> > from plugins.dbms.mysql import MySQLMap > File "/pentest/database/sqlmap/plugins/dbms/mysql/__init__.py", line > 15, in <module> > from plugins.dbms.mysql.filesystem import Filesystem > File "/pentest/database/sqlmap/plugins/dbms/mysql/filesystem.py", > line 18, in <module> > from lib.techniques.union.use import unionUse > ImportError: No module named union.use > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: m4l1c3 <mal...@gm...> - 2011-06-18 14:40:09
|
with no switches:
Traceback (most recent call last):
File "./sqlmap.py", line 27, in <module>
from lib.controller.controller import start
File "/pentest/database/sqlmap/lib/controller/controller.py", line
13, in <module>
from lib.controller.action import action
File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in <module>
from lib.controller.handler import setHandler
File "/pentest/database/sqlmap/lib/controller/handler.py", line 29,
in <module>
from plugins.dbms.mysql import MySQLMap
File "/pentest/database/sqlmap/plugins/dbms/mysql/__init__.py", line
15, in <module>
from plugins.dbms.mysql.filesystem import Filesystem
File "/pentest/database/sqlmap/plugins/dbms/mysql/filesystem.py",
line 18, in <module>
from lib.techniques.union.use import unionUse
ImportError: No module named union.use
|
|
From: Miroslav S. <mir...@gm...> - 2011-06-18 11:09:56
|
hi Gianluca. i believe this was fixed some time ago. could you please update to the latest v1.0-dev from our repository and try again? kr (if you experience problems with --update please do the svn update) On Sat, Jun 18, 2011 at 12:36 PM, Gianluca Brindisi <g...@br...> wrote: > Hello everybody, > I was trying to perform a column search and I stumbled into this bug: > > sqlmap version: 0.9 (r3630) > Python version: 2.6.5 > Operating system: posix > Command line: sqlmap.py --tor -u > ****************************************************************** -v > 1 -c sqlmap.conf --form --search -C ******** > Technique: BOOLEAN > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 82, in main > start() > File "/home/g/sqlmap/lib/controller/controller.py", line 447, in start > action() > File "/home/g/sqlmap/lib/controller/action.py", line 109, in action > conf.dbmsHandler.search() > File "/home/g/sqlmap/plugins/generic/enumeration.py", line 2022, in search > self.searchColumn() > File "/home/g/sqlmap/plugins/dbms/mssqlserver/enumeration.py", line > 320, in searchColumn > query = query % (db, db, db, db, db, db) > TypeError: not all arguments converted during string formatting > > What should I do? Do you need further informations to reproduce it? > > Thanks, > G > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Gianluca B. <g...@br...> - 2011-06-18 11:03:59
|
Hello everybody, I was trying to perform a column search and I stumbled into this bug: sqlmap version: 0.9 (r3630) Python version: 2.6.5 Operating system: posix Command line: sqlmap.py --tor -u ****************************************************************** -v 1 -c sqlmap.conf --form --search -C ******** Technique: BOOLEAN Back-end DBMS: Microsoft SQL Server (fingerprinted) Traceback (most recent call last): File "sqlmap.py", line 82, in main start() File "/home/g/sqlmap/lib/controller/controller.py", line 447, in start action() File "/home/g/sqlmap/lib/controller/action.py", line 109, in action conf.dbmsHandler.search() File "/home/g/sqlmap/plugins/generic/enumeration.py", line 2022, in search self.searchColumn() File "/home/g/sqlmap/plugins/dbms/mssqlserver/enumeration.py", line 320, in searchColumn query = query % (db, db, db, db, db, db) TypeError: not all arguments converted during string formatting What should I do? Do you need further informations to reproduce it? Thanks, G |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 22:05:35
|
hi and welcome all new users. "I´m sending this parameters: a=b&c='&d='" thing is that if you expect "this tool" to be able to do something more than a mere error message parsing, first of all you'll have to provide it with valid parameters (untainted with sql injection chars). with the latest commit you'll be warned like this: $ python sqlmap.py -u "www.test.com?id1=1'&id2=2)" sqlmap/1.0-dev (r4089) - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 23:59:08 [23:59:08] [CRITICAL] you have provided parameters with most probably leftovers from manual sql injection tests (;()'). please, remove them so sqlmap could be a ble to do a valid run. [*] shutting down at 23:59:08 kr On Fri, Jun 17, 2011 at 8:00 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi andre. > > It looks to me like you haven't specified valid value for the affected > parameter. > > Could you please send the value itself? > > Kr > > Sent from smartphone > > Sent from smartphone > > On 17.6.2011. 19:54, "André Silva" <and...@gm...> wrote: >> Hello, >> >> I´m scanning a url and i have tested with other tools and the >> vulnerability >> exists. >> >> The scan ends premature with this error: >> >> [CRITICAL] Unenclosed ' in '(SELECT (CASE WHEN (4277=4277) THEN ' ELSE >> 1/(SELECT 0) END))' >> >> It looks me like a bug. >> >> Best regards, > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 18:00:30
|
Hi andre. It looks to me like you haven't specified valid value for the affected parameter. Could you please send the value itself? Kr Sent from smartphone Sent from smartphone On 17.6.2011. 19:54, "André Silva" <and...@gm...> wrote: > Hello, > > I´m scanning a url and i have tested with other tools and the vulnerability > exists. > > The scan ends premature with this error: > > [CRITICAL] Unenclosed ' in '(SELECT (CASE WHEN (4277=4277) THEN ' ELSE > 1/(SELECT 0) END))' > > It looks me like a bug. > > Best regards, |
|
From: André S. <and...@gm...> - 2011-06-17 17:53:37
|
Hello, I´m scanning a url and i have tested with other tools and the vulnerability exists. The scan ends premature with this error: [CRITICAL] Unenclosed ' in '(SELECT (CASE WHEN (4277=4277) THEN ' ELSE 1/(SELECT 0) END))' It looks me like a bug. Best regards, |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 15:21:53
|
hi again. please retest it now. i hope that "leakage" is "plugged" now ;) kr On Fri, Jun 17, 2011 at 4:54 PM, Miroslav Stampar <mir...@gm...> wrote: > hi buawig. > > thank you for this fight. it really appears that we can easily solve > this one but "chocking" sockets getaddrinfo in case of proxy which > will solve DNS requests in case of HTTP proxy and TOR leaks. > > this means that i was appereantly under wrong impression. i admit :) > > but, good luck in finding "python proxy example code that doesn't leak > DNS queries". you'll need it :) > > will commit in a few. > > kr > > On Fri, Jun 17, 2011 at 4:47 PM, <bu...@gm...> wrote: >> Miroslav Stampar wrote: >>> second, are you using some plugins (like FoxyProxy) or just entered >>> proxy address manually into settings? >> >> no plugins, manual settings used to configure proxy. >> Do you see DNS queries if you configure your browser to use a http proxy? >> >>> also, have you tried to issue >>> some new random address like www.asdasdasdasdas.com (maybe your IP >>> address was in DNS cache) >> >> I used a http://asdfasdfasdfas.com/ and i was surprised that it exists ;) >> >>>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>>> this is 'unfixable'. >>> >>> i like this one :) >>> >>> please, be so kind find the patch and adjust. we'll be more than happy >>> to incorporate it. >> >> Well, after all it looks like you still don't believe me. >> I'll try to find some python proxy example code that doesn't leak DNS >> queries - so we can talk about facts instead of opinions. >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:54:40
|
hi buawig. thank you for this fight. it really appears that we can easily solve this one but "chocking" sockets getaddrinfo in case of proxy which will solve DNS requests in case of HTTP proxy and TOR leaks. this means that i was appereantly under wrong impression. i admit :) but, good luck in finding "python proxy example code that doesn't leak DNS queries". you'll need it :) will commit in a few. kr On Fri, Jun 17, 2011 at 4:47 PM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> second, are you using some plugins (like FoxyProxy) or just entered >> proxy address manually into settings? > > no plugins, manual settings used to configure proxy. > Do you see DNS queries if you configure your browser to use a http proxy? > >> also, have you tried to issue >> some new random address like www.asdasdasdasdas.com (maybe your IP >> address was in DNS cache) > > I used a http://asdfasdfasdfas.com/ and i was surprised that it exists ;) > >>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>> this is 'unfixable'. >> >> i like this one :) >> >> please, be so kind find the patch and adjust. we'll be more than happy >> to incorporate it. > > Well, after all it looks like you still don't believe me. > I'll try to find some python proxy example code that doesn't leak DNS > queries - so we can talk about facts instead of opinions. > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-17 14:47:53
|
Miroslav Stampar wrote: > second, are you using some plugins (like FoxyProxy) or just entered > proxy address manually into settings? no plugins, manual settings used to configure proxy. Do you see DNS queries if you configure your browser to use a http proxy? > also, have you tried to issue > some new random address like www.asdasdasdasdas.com (maybe your IP > address was in DNS cache) I used a http://asdfasdfasdfas.com/ and i was surprised that it exists ;) >> Pidgin recently fixed a DNS leak in their implementation. I don't think >> this is 'unfixable'. > > i like this one :) > > please, be so kind find the patch and adjust. we'll be more than happy > to incorporate it. Well, after all it looks like you still don't believe me. I'll try to find some python proxy example code that doesn't leak DNS queries - so we can talk about facts instead of opinions. |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:44:52
|
ok. i'll try to make a little experiment and kill off the automatic socket DNS requests in case of proxying. i really can't find this moment what the RFCs tell about this issue. kr On Fri, Jun 17, 2011 at 4:37 PM, Miroslav Stampar <mir...@gm...> wrote: > minor clarification: > "first of all, sqlmap doesn't issue DNS requests." > > this means that we don't do it manually. socket module does it. > > kr > > On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar > <mir...@gm...> wrote: >> On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: >>> Miroslav Stampar wrote: >>>> hi buawig. >>>> >>>> well, sure there is a misunderstanding here :) >>>> >>>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>>> >>>> quote: >>>> "Even when connecting via a proxy your browser needs to get the IP >>>> address for the web site domain. Generally it will directly query the >>>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>>> queries go through your proxy." >>>> >>>> there has to be a DNS request when dealing with HTTP proxy. >>> >>> This is only true if the HTTP Proxy is entered/specified as a hostname >>> and not as an IP address. >>> >>> I just checked this for firefox. Firefox doesn't issue any DNS request >>> when configured to use a HTTP proxy, so why should sqlmap need to issue >>> a DNS request? >> >> first of all, sqlmap doesn't issue DNS requests. >> >> you have the code, it's open source after all, and you can check it yourself. >> >> second, are you using some plugins (like FoxyProxy) or just entered >> proxy address manually into settings? also, have you tried to issue >> some new random address like www.asdasdasdasdas.com (maybe your IP >> address was in DNS cache) >> >>> >>>> about DNS leaks with TOR. we are aware of this issue and there is no >>>> easy way out of it. believe me. I've spent three days searching and >>>> implementing and there is NO easy way out of it. we can try to search >>>> and use things like "tor-resolve" but it will work just for minor >>>> number of cases (users which prepare environment for it). >>> >>> Pidgin recently fixed a DNS leak in their implementation. I don't think >>> this is 'unfixable'. >> >> i like this one :) >> >> please, be so kind find the patch and adjust. we'll be more than happy >> to incorporate it. >> >> kr >> >>> >>> >>> >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:37:28
|
minor clarification: "first of all, sqlmap doesn't issue DNS requests." this means that we don't do it manually. socket module does it. kr On Fri, Jun 17, 2011 at 4:31 PM, Miroslav Stampar <mir...@gm...> wrote: > On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: >> Miroslav Stampar wrote: >>> hi buawig. >>> >>> well, sure there is a misunderstanding here :) >>> >>> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >>> >>> quote: >>> "Even when connecting via a proxy your browser needs to get the IP >>> address for the web site domain. Generally it will directly query the >>> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >>> queries go through your proxy." >>> >>> there has to be a DNS request when dealing with HTTP proxy. >> >> This is only true if the HTTP Proxy is entered/specified as a hostname >> and not as an IP address. >> >> I just checked this for firefox. Firefox doesn't issue any DNS request >> when configured to use a HTTP proxy, so why should sqlmap need to issue >> a DNS request? > > first of all, sqlmap doesn't issue DNS requests. > > you have the code, it's open source after all, and you can check it yourself. > > second, are you using some plugins (like FoxyProxy) or just entered > proxy address manually into settings? also, have you tried to issue > some new random address like www.asdasdasdasdas.com (maybe your IP > address was in DNS cache) > >> >>> about DNS leaks with TOR. we are aware of this issue and there is no >>> easy way out of it. believe me. I've spent three days searching and >>> implementing and there is NO easy way out of it. we can try to search >>> and use things like "tor-resolve" but it will work just for minor >>> number of cases (users which prepare environment for it). >> >> Pidgin recently fixed a DNS leak in their implementation. I don't think >> this is 'unfixable'. > > i like this one :) > > please, be so kind find the patch and adjust. we'll be more than happy > to incorporate it. > > kr > >> >> >> >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:31:14
|
On Fri, Jun 17, 2011 at 4:25 PM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> hi buawig. >> >> well, sure there is a misunderstanding here :) >> >> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy >> >> quote: >> "Even when connecting via a proxy your browser needs to get the IP >> address for the web site domain. Generally it will directly query the >> DNS servers. If you are using a Socks 5 proxy, you can have the DNS >> queries go through your proxy." >> >> there has to be a DNS request when dealing with HTTP proxy. > > This is only true if the HTTP Proxy is entered/specified as a hostname > and not as an IP address. > > I just checked this for firefox. Firefox doesn't issue any DNS request > when configured to use a HTTP proxy, so why should sqlmap need to issue > a DNS request? first of all, sqlmap doesn't issue DNS requests. you have the code, it's open source after all, and you can check it yourself. second, are you using some plugins (like FoxyProxy) or just entered proxy address manually into settings? also, have you tried to issue some new random address like www.asdasdasdasdas.com (maybe your IP address was in DNS cache) > >> about DNS leaks with TOR. we are aware of this issue and there is no >> easy way out of it. believe me. I've spent three days searching and >> implementing and there is NO easy way out of it. we can try to search >> and use things like "tor-resolve" but it will work just for minor >> number of cases (users which prepare environment for it). > > Pidgin recently fixed a DNS leak in their implementation. I don't think > this is 'unfixable'. i like this one :) please, be so kind find the patch and adjust. we'll be more than happy to incorporate it. kr > > > > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <bu...@gm...> - 2011-06-17 14:26:17
|
Miroslav Stampar wrote: > hi buawig. > > well, sure there is a misunderstanding here :) > > http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy > > quote: > "Even when connecting via a proxy your browser needs to get the IP > address for the web site domain. Generally it will directly query the > DNS servers. If you are using a Socks 5 proxy, you can have the DNS > queries go through your proxy." > > there has to be a DNS request when dealing with HTTP proxy. This is only true if the HTTP Proxy is entered/specified as a hostname and not as an IP address. I just checked this for firefox. Firefox doesn't issue any DNS request when configured to use a HTTP proxy, so why should sqlmap need to issue a DNS request? > about DNS leaks with TOR. we are aware of this issue and there is no > easy way out of it. believe me. I've spent three days searching and > implementing and there is NO easy way out of it. we can try to search > and use things like "tor-resolve" but it will work just for minor > number of cases (users which prepare environment for it). Pidgin recently fixed a DNS leak in their implementation. I don't think this is 'unfixable'. |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:15:25
|
hi Fabio. for some reason SVN started to ask credentials in some instances. please do the: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev to checkout the latest development revision manually to circumvent this problem (also, no more crashing like this in the latest commit). kr On Fri, Jun 17, 2011 at 3:39 PM, Fabio Mello <fab...@gm...> wrote: > Guys, > > I´ve just tried to do a update and get the follow error message: > > [19:14:27] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with > the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > > sqlmap version: 0.9 (r3630) > > Python version: 2.6.5 > > Operating system: posix > > Command line: ./sqlmap.py --update > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 74, in main > # Store original command line options for possible later restoration > File "/pentest/web/scanners/sqlmap/lib/core/option.py", line 1590, in init > update() > File "/pentest/web/scanners/sqlmap/lib/core/update.py", line 71, in update > client.update(rootDir) > ClientError: callback_get_login required > [*] shutting down at: 19:14:27 > > The sqlmap applications doesn´t work anymore. > I´m using the BackTrack 5 (just for your information). > > Tks, > > -- > Fabio Mello > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 14:11:28
|
hi buawig. well, sure there is a misunderstanding here :) http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy quote: "Even when connecting via a proxy your browser needs to get the IP address for the web site domain. Generally it will directly query the DNS servers. If you are using a Socks 5 proxy, you can have the DNS queries go through your proxy." there has to be a DNS request when dealing with HTTP proxy. about DNS leaks with TOR. we are aware of this issue and there is no easy way out of it. believe me. I've spent three days searching and implementing and there is NO easy way out of it. we can try to search and use things like "tor-resolve" but it will work just for minor number of cases (users which prepare environment for it). also, remember that solution I was doing for web based nslookup. i still have the code, but it would be a decision on a user to trust it or not. kr On Fri, Jun 17, 2011 at 3:41 PM, <bu...@gm...> wrote: > Miroslav Stampar wrote: >> hi David. >> >> you won't be able to redirect DNS requests through HTTP(s) proxy for sure. > > I think there is a misunderstanding here. > > If you configure an application to route its HTTP(s) requests through a > proxy the application itself should not generate any DNS requests. > The application will also not send DNS requests to the proxy. > > The application - in this case sqlmap - should just ask the proxy to > send a HTTP request to example.com, the proxy will take care of DNS > resolution. > > I just tried sqlmap with --proxy and this is in my opinion a bug because > sqlmap issues DNS queries even if --proxy is used. > > This bug can be quite serious for the guys using > --tor > or > --proxy http://localhost:8118 > because sqlmap will leak DNS queries to the local DNS server. > > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Fabio M. <fab...@gm...> - 2011-06-17 13:43:39
|
Guys,
I´ve just tried to do a update and get the follow error message:
[19:14:27] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with
the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.6.5
Operating system: posix
Command line: *./sqlmap.py --update*
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 74, in main
# Store original command line options for possible later restoration
File "/pentest/web/scanners/sqlmap/lib/core/option.py", line 1590, in init
update()
File "/pentest/web/scanners/sqlmap/lib/core/update.py", line 71, in update
client.update(rootDir)
ClientError: callback_get_login required
[*] shutting down at: 19:14:27
The sqlmap applications doesn´t work anymore.
I´m using the BackTrack 5 (just for your information).
Tks,
--
Fabio Mello
|
|
From: <bu...@gm...> - 2011-06-17 13:42:14
|
Miroslav Stampar wrote: > hi David. > > you won't be able to redirect DNS requests through HTTP(s) proxy for sure. I think there is a misunderstanding here. If you configure an application to route its HTTP(s) requests through a proxy the application itself should not generate any DNS requests. The application will also not send DNS requests to the proxy. The application - in this case sqlmap - should just ask the proxy to send a HTTP request to example.com, the proxy will take care of DNS resolution. I just tried sqlmap with --proxy and this is in my opinion a bug because sqlmap issues DNS queries even if --proxy is used. This bug can be quite serious for the guys using --tor or --proxy http://localhost:8118 because sqlmap will leak DNS queries to the local DNS server. |
|
From: Miroslav S. <mir...@gm...> - 2011-06-17 11:45:10
|
hi David. you won't be able to redirect DNS requests through HTTP(s) proxy for sure. but, there are three ways how you can solve this problem of yours: 1) do the nslookup of the hosts ip address manually and just use the ip address instead or 2) find the hosts file for your platform (e.g. /etc/hosts or c:\Windows\System32\drivers\etc\hosts) and manually enter IP addresses of wanted servers or 3) use proxychains (http://proxychains.sourceforge.net/) - this is the best way if you want everything to be fully automated (e.g. proxychains python sqlmap.py -u ....). read the manual there, install it, configure it and use it. that's pretty it :) kr p.s. please, do the SVN update to upgrade to the latest v1.0-dev from our repository On Fri, Jun 17, 2011 at 12:07 PM, David Alvarez <dav...@gm...> wrote: > Hello, > I am in a scenario where all web traffic is managed by a proxy, my local DNS > is not able to resolve external domain names, so I have installed a local > proxy to authenticate into the corporate proxy. The web browser uses my > local proxy at 127.0.0.1:8080 > sqlmap give me an error because it can't resolve the domain name, because it > is using my local DNS, instead of ask to proxy: > $>python sqlmap.py -u 'https://myserver/myapp/...?param1' -p param1 --proxy > http://127.0.0.1:8080 > sqlmap/0.9 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > [*] starting at: 11:54:28 > [11:54:29] [INFO] using 'path' as session file > [11:54:29] [CRITICAL] host 'myserver' does not exist > [*] shutting down at: 11:54:29 > Is there an option to not try to resolve the domain name and send requests > through the proxy?How could I resolve this problem? > Thank you very much. > Kind Regards, > David Alvarez > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: David A. <dav...@gm...> - 2011-06-17 10:07:44
|
Hello, I am in a scenario where all web traffic is managed by a proxy, my local DNS is not able to resolve external domain names, so I have installed a local proxy to authenticate into the corporate proxy. The web browser uses my local proxy at 127.0.0.1:8080 sqlmap give me an error because it can't resolve the domain name, because it is using my local DNS, instead of ask to proxy: $>python sqlmap.py -u 'https://myserver/myapp/...?param1' -p param1 --proxy http://127.0.0.1:8080 sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:54:28 [11:54:29] [INFO] using 'path' as session file [11:54:29] [CRITICAL] host 'myserver' does not exist [*] shutting down at: 11:54:29 Is there an option to not try to resolve the domain name and send requests through the proxy?How could I resolve this problem? Thank you very much. Kind Regards, David Alvarez |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-06-16 10:07:40
|
Hi Joseph,
Thanks for reporting. We dealt with the traceback and will investigate
further why the SVN server asks for credentials from time to time.
Bernardo
On 15 June 2011 20:40, Joseph Smith <jos...@gm...> wrote:
> I keep getting this error when trying to update.
>
> sqlmap version: 0.9 (r3630)
> Python version: 2.6.5
> Operating system: posix
> Command line: sqlmap.py --update
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
> File "sqlmap.py", line 74, in main
> dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"),
> forceOutput=True)
> File "/pentest/database/sqlmap/lib/core/option.py", line 1590, in init
> update()
> File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update
> client.update(rootDir)
> ClientError: callback_get_login required
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: Unavailable
|
|
From: Miroslav S. <mir...@gm...> - 2011-06-16 08:10:06
|
hi Ryan. thx for the report. there was a bug indeed involved here. find it fixed in the last commit. kr p.s. you are all more then welcome to report any unusual behavior like this one. if you are scared that you'll be ridiculed by sarcastic me :) or someone else on a mailing list you can always contact either me privatelly or both of us via de...@sq.... On Thu, Jun 16, 2011 at 12:03 AM, Ryan Sears <rd...@mt...> wrote: > Nice! > > That seems like a nifty feature for sure! > > I'm also a bit confused on the config files, maybe you can clarify? Even when I specify -C sqlmap.conf it doesn't seem to be honoring the options I have set. There's a few different options that I basically ALWAYS use, and it'd be nice to have it just permanently turn on things like --random-agent, as well as risk/level parameters as well. Who knows, I could just be missing something... > > Also I noticed that no matter how many threads you specify (<3) it sticks it to 3 no matter what, anyone else noticing it? > > Thanks, and as always great work guys :-D > > Ryan > ----- Original Message ----- > From: "Miroslav Stampar" <mir...@gm...> > To: "SqlMap List" <sql...@li...> > Sent: Wednesday, June 15, 2011 7:55:45 AM GMT -05:00 US/Canada Eastern > Subject: [sqlmap-users] New feature: mnemonics > > Hi boys and girls. > > We are introducing new (experimental) feature called mnemonics (-z option). > > All of you who are a hard core users of sqlmap and/or you are tired of > writing down long sausages in sqlmap's command line you could enjoy > this one. > > Comparison: > A) normal > ./sqlmap.py --batch --banner --dump -D=testdb -T=users --technique=E > -u="http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" > > B1) with mnemonics > ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" > -z "bat,ban,du,D=testdb,T=users,tec=E" > > B2) with mnemonics > ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" > --batch --dump -z "ban,D=testdb,T=users,tec=E" > > C) possible real life example: > ./sqlmap.py -u "http://.....?id=1" -z "bat,ban,to,ra,le=3,ri=3" > > instead of: > ./sqlmap.py -u "http://.....?id=1" --batch --banner --tor > --random-agent --level=3 --risk=3 > > (one of many possible equivalents is e.g.: ./sqlmap.py -u > "http://.....?id=1" -z "bat,bann,tor,rand,lev=3,ri=3") > > Trick is that you are writing as shorter names as possible of wanted > parameters. Mnemonics are splitted with ',' char and values are > explicitly set (if needed) by writing equation mark. In case of > ambiguities parameter with the shortest name will be used (e.g. du > will be resolved to dump because dump is shorter than dump-all) > > This is all prone to changes and we are opened for suggestions. > > KR > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
48 messages has been excluded from this view by a project administrator.
