sqlmap-users — sqlmap users mailing list

[sqlmap-users] error

[Kirill M. <l0...@l0...>]

[02:45:36] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4027), retry
your run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4027)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -m target.txt --random-agent --batch
Technique: None
Back-end DBMS: Microsoft Access (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 86, in main
    start()
  File "/root/sqlmap-dev/lib/controller/controller.py", line 424, in start
    elif not checkDynParam(place, parameter, value):
  File "/root/sqlmap-dev/lib/controller/checks.py", line 642, in
checkDynParam
    dynResult = Request.queryPage(payload, place, raise404=False)
  File "/root/sqlmap-dev/lib/request/connect.py", line 608, in queryPage
    return comparison(page, getRatioValue, pageLength)
  File "/root/sqlmap-dev/lib/request/comparison.py", line 77, in comparison
    seqMatcher.a = seqMatcher.a.encode(kb.pageEncoding or
DEFAULT_PAGE_ENCODING)
UnicodeEncodeError: 'latin-1' codec can't encode character u'\u2019' in
position 28004: ordinal not in range(256)

-- 
Kirill Morozov
KIMO2-RIPE, RHCE

Re: [sqlmap-users] Struggling with an injection

[Miroslav S. <mir...@gm...>]

appendix:

"When I get in, I can't extract data.  I can get verification that I'm
a DBA, but little to nothing else"
and
"why I would get no data returned?"

for all of you who experience these symptoms here and there, there are
two possibilities:
a) there is something actually wrong with sqlmap and please refer to
the last mail what to do to help us out
b) queries are filtered by some kind of WAF (e.g. @@version works but
everything else fails)

kr


On Mon, Jun 6, 2011 at 12:11 PM, Miroslav Stampar
<mir...@gm...> wrote:
> hi Matt
>
> On Sat, Jun 4, 2011 at 10:47 PM, Matt Gardenghi <mtg...@gm...> wrote:
>> Hello,
>>
>> I've been testing a non-production app from a black-box perspective.  The
>> only SQLi I've found is from the login page.  I can bypass the login by
>> dropping something like: 1' or 1=1-- into the password field.
>> Unfortunately, sqlmap doesn't find this vulnerability.  Well, that's not
>> quite true.  I eventually, dumped my Burp proxy log into a file and had
>> sqlmap target it.  The POST file is icky (IIS7.5 ASP and tons of weird data
>> running around).   Still after repeated tests, sqlmap eventually found this
>> vulnerability as a time based SQLi.
>>
>> I don't understand why sqlmap cannot locate the vulnerability via the
>> stacked query or simply that it bypasses the login page.  When I get in, I
>> can't extract data.  I can get verification that I'm a DBA, but little to
>> nothing else.  With --sql-shell, I can run 'SELECT @@version' and sqlmap
>> returns a blank data set; if the query is bogus, it returns an error.  So,
>> for some reason, no data is returned.
>> Would anyone be able to give me some pointers on a) why sqlmap doesn't see
>> this injection properly, and b) why I would get no data returned?
>
> no problem.
>
> in this kind of situations rule of thumb goes like this:
> 1) try to exploit it manually
> 2) if you succeed in 1) then please report back and we'll be more than
> happy to make a fix
> 3) if you don't succeed with 1) then please collect as much data as
> you can with -v 3 and -t traffic.txt, inspect it yourself and try to
> find something that could explain the faulty sqlmap's behavior
> 4) if you are not very skillful with 2) or 3) you can always send some
> more data (traffic.txt, debug output of -v 3, target url) privately
> via email
>
> kr
>
> p.s. personally, i admire people that do 1) and 2) by themself and report back.
>
>> Thanks,
>>
>> --
>> Matt Gardenghi
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with vRanger.
>> Installation's a snap, and flexible recovery options mean your data is safe,
>> secure and there when you need it. Discover what all the cheering's about.
>> Get your free trial download today.
>> http://p.sf.net/sfu/quest-dev2dev2
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] Struggling with an injection

[Miroslav S. <mir...@gm...>]

hi Matt

On Sat, Jun 4, 2011 at 10:47 PM, Matt Gardenghi <mtg...@gm...> wrote:
> Hello,
>
> I've been testing a non-production app from a black-box perspective.  The
> only SQLi I've found is from the login page.  I can bypass the login by
> dropping something like: 1' or 1=1-- into the password field.
> Unfortunately, sqlmap doesn't find this vulnerability.  Well, that's not
> quite true.  I eventually, dumped my Burp proxy log into a file and had
> sqlmap target it.  The POST file is icky (IIS7.5 ASP and tons of weird data
> running around).   Still after repeated tests, sqlmap eventually found this
> vulnerability as a time based SQLi.
>
> I don't understand why sqlmap cannot locate the vulnerability via the
> stacked query or simply that it bypasses the login page.  When I get in, I
> can't extract data.  I can get verification that I'm a DBA, but little to
> nothing else.  With --sql-shell, I can run 'SELECT @@version' and sqlmap
> returns a blank data set; if the query is bogus, it returns an error.  So,
> for some reason, no data is returned.
> Would anyone be able to give me some pointers on a) why sqlmap doesn't see
> this injection properly, and b) why I would get no data returned?

no problem.

in this kind of situations rule of thumb goes like this:
1) try to exploit it manually
2) if you succeed in 1) then please report back and we'll be more than
happy to make a fix
3) if you don't succeed with 1) then please collect as much data as
you can with -v 3 and -t traffic.txt, inspect it yourself and try to
find something that could explain the faulty sqlmap's behavior
4) if you are not very skillful with 2) or 3) you can always send some
more data (traffic.txt, debug output of -v 3, target url) privately
via email

kr

p.s. personally, i admire people that do 1) and 2) by themself and report back.

> Thanks,
>
> --
> Matt Gardenghi
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] sqlmap --update error

[Miroslav S. <mir...@gm...>]

hi Fabio

you are using fairly outdated version (0.6). please checkout the
latest revision from our repository to have it updated (1.0-dev):

svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

kr

On Sun, Jun 5, 2011 at 3:53 AM, Fabio Portes <fab...@pr...> wrote:
>
> ortes@lpt-rj-015:~/Documents/Proof/Ágora/scan-1106$ sudo sqlmap --update
>
>     sqlmap/0.6.4 coded by Bernardo Damele A. G. <ber...@gm...>
>                       and Daniele Bellucci <dan...@gm...>
>
> [*] starting at: 22:51:37
>
> [22:51:37] [INFO] updating sqlmap
> [22:51:38] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developers will fix it as soon
> as possible:
> sqlmap version: 0.6.4
> Python version: 2.7.1+
> Operating system: linux2
> Traceback (most recent call last):
>   File "/usr/bin/sqlmap", line 78, in main
>     init(cmdLineOptions)
>   File "/usr/share/sqlmap/lib/core/option.py", line 770, in init
>     update()
>   File "/usr/share/sqlmap/lib/core/update.py", line 349, in update
>     __updateSqlmap()
>   File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap
>     logger.errMsg(errMsg)
> AttributeError: 'Logger' object has no attribute 'errMsg'
>
> [*] shutting down at: 22:51:38
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] backdoor file permission

[Miroslav S. <mir...@gm...>]

hi again.

sorry, i was out of town (without source code) and haven't noticed
that we already do support this in this kind of cases.

also, i've tried to against our testing environment and both methods
do the job correctly.

this means that maybe in your case we do have some bug/problem.

kr

On Sun, Jun 5, 2011 at 4:41 PM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi. We can provide this as a alternative and warn the user that file will
> contain some garbage at the beggining. Just a reminder, it won't be suffice
> in most number of cases (i can't wait reports with complaints related). Kr
>
> On 5.6.2011. 16:26, "Sergio Charpinel Jr." <ser...@gm...>
> wrote:
>> Miroslav,
>>
>> In my case, I can access the file uploader, but I can't upload any files
>> (even text files) from the file uploader.
>> I agree I can't upload bin files in this case, but what about php files or
>> text files? The gargabe at the beggning will not affect them, I think.
>>
>> Is that any way to upload these files in the same way as the file stager
>> via
>> sqlmap?
>>
>> Thanks.
>>
>> 2011/6/5 Miroslav Stampar <mir...@gm...>
>>
>>> Hi sergio.
>>>
>>> Answer to your question is NO. Why? Because while injecting file uploader
>>> you'll get few chars of garbage (at least in union injection case) at the
>>> start of file which are of not so importance for the uploader script
>>> itself,
>>> and the file itself must be textual. Uploading any arbitrary file,
>>> without
>>> garbage at the beggining, especially binary, is not possible via sql
>>> injection.
>>>
>>> Kr
>>> On 5.6.2011. 06:12, "Sergio Charpinel Jr." <ser...@gm...>
>>> wrote:
>>> > Hi,
>>> >
>>> > In a pentest, I could upload the web file stager but not the web
>>> backdoor.
>>> > Why this happens? I mean, isn't it possible to upload the backdoor in
>>> > the
>>> > same way the file stagger is uploaded?
>>> >
>>> > Thanks in advance.
>>> >
>>> > --
>>> > Sergio Roberto Charpinel Jr.
>>>
>>
>>
>>
>> --
>> Sergio Roberto Charpinel Jr.
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] backdoor file permission

[Miroslav S. <mir...@gm...>]

Hi. We can provide this as a alternative and warn the user that file will
contain some garbage at the beggining. Just a reminder, it won't be suffice
in most number of cases (i can't wait reports with complaints related). Kr
On 5.6.2011. 16:26, "Sergio Charpinel Jr." <ser...@gm...>
wrote:
> Miroslav,
>
> In my case, I can access the file uploader, but I can't upload any files
> (even text files) from the file uploader.
> I agree I can't upload bin files in this case, but what about php files or
> text files? The gargabe at the beggning will not affect them, I think.
>
> Is that any way to upload these files in the same way as the file stager
via
> sqlmap?
>
> Thanks.
>
> 2011/6/5 Miroslav Stampar <mir...@gm...>
>
>> Hi sergio.
>>
>> Answer to your question is NO. Why? Because while injecting file uploader
>> you'll get few chars of garbage (at least in union injection case) at the
>> start of file which are of not so importance for the uploader script
itself,
>> and the file itself must be textual. Uploading any arbitrary file,
without
>> garbage at the beggining, especially binary, is not possible via sql
>> injection.
>>
>> Kr
>> On 5.6.2011. 06:12, "Sergio Charpinel Jr." <ser...@gm...>
>> wrote:
>> > Hi,
>> >
>> > In a pentest, I could upload the web file stager but not the web
>> backdoor.
>> > Why this happens? I mean, isn't it possible to upload the backdoor in
the
>> > same way the file stagger is uploaded?
>> >
>> > Thanks in advance.
>> >
>> > --
>> > Sergio Roberto Charpinel Jr.
>>
>
>
>
> --
> Sergio Roberto Charpinel Jr.

Re: [sqlmap-users] backdoor file permission

[Sergio C. Jr. <ser...@gm...>]

Miroslav,

In my case, I can access the file uploader, but I can't upload any files
(even text files) from the file uploader.
I agree I can't upload bin files in this case, but what about php files or
text files? The gargabe at the beggning will not affect them, I think.

Is that any way to upload these files in the same way as the file stager via
sqlmap?

Thanks.

2011/6/5 Miroslav Stampar <mir...@gm...>

> Hi sergio.
>
> Answer to your question is NO. Why? Because while injecting file uploader
> you'll get few chars of garbage (at least in union injection case) at the
> start of file which are of not so importance for the uploader script itself,
> and the file itself must be textual. Uploading any arbitrary file, without
> garbage at the beggining, especially binary, is not possible via sql
> injection.
>
> Kr
> On 5.6.2011. 06:12, "Sergio Charpinel Jr." <ser...@gm...>
> wrote:
> > Hi,
> >
> > In a pentest, I could upload the web file stager but not the web
> backdoor.
> > Why this happens? I mean, isn't it possible to upload the backdoor in the
> > same way the file stagger is uploaded?
> >
> > Thanks in advance.
> >
> > --
> > Sergio Roberto Charpinel Jr.
>



-- 
Sergio Roberto Charpinel Jr.

Re: [sqlmap-users] backdoor file permission

[Miroslav S. <mir...@gm...>]

Hi sergio.

Answer to your question is NO. Why? Because while injecting file uploader
you'll get few chars of garbage (at least in union injection case) at the
start of file which are of not so importance for the uploader script itself,
and the file itself must be textual. Uploading any arbitrary file, without
garbage at the beggining, especially binary, is not possible via sql
injection.

Kr
On 5.6.2011. 06:12, "Sergio Charpinel Jr." <ser...@gm...>
wrote:
> Hi,
>
> In a pentest, I could upload the web file stager but not the web backdoor.
> Why this happens? I mean, isn't it possible to upload the backdoor in the
> same way the file stagger is uploaded?
>
> Thanks in advance.
>
> --
> Sergio Roberto Charpinel Jr.

[sqlmap-users] Data Dumping Problem

[<nig...@em...>]

Hy

I have a problem with data dumping.

When i run this  sqlmap -u "http://website.com/vuln.php" --cookie="cookies" --random-agent --retries=6 --level 5 --risk 3 --dump -D database -T table

Place: GET
Parameter: id
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: section=502&action=view_all_albums&id=83389 AND (SELECT 8070 FROM(SELECT COUNT(*),CONCAT(CHAR(58,106,115,109,58),(SELECT (CASE WHEN (8070=8070) THEN 1 ELSE 0 END)),CHAR(58,103,103,97,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 11 to 20 columns
    Payload: section=502&action=view_all_albums&id=-5690 UNION ALL SELECT NULL, CONCAT(CHAR(58,106,115,109,58),IFNULL(CAST(CHAR(82,121,113,115,106,81,100,117,77,99) AS CHAR),CHAR(32)),CHAR(58,103,103,97,58)), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: section=502&action=view_all_albums&id=83389 AND SLEEP(5

sqlmap runs normal shows me the data. Now the Problem when i break up in the middle of dumping sqlmap don´t save the already received data in a csv only the first received data from the DB found in the csv.

if I wait to sqlmap finished  the dumping, is all ok and i find all data in the csv. In an earlier version of sqlmap the data from a stoped dumping still found in the csv.

PS i know my english is terrible. But i hope you understand my problem. ;)

Re: [sqlmap-users] backdoor file permission

[Bernardo D. A. G. <ber...@gm...>]

Hi Sergio,

sqlmap uses the file stager to upload the web backdoor. Can you try to
access the file stager from your browser? If so, can you upload it
from there?
Please, run again with -v3 --parse-errors and send us the full output,
privately if you prefer, so we can debug it properly.

Cheers,

Bernardo Damele A. G.

This message was sent from a smartphone

On 5 Jun 2011, at 05:12, "Sergio Charpinel Jr."
<ser...@gm...> wrote:

> Hi,
>
> In a pentest, I could upload the web file stager but not the web backdoor. Why this happens? I mean, isn't it possible to upload the backdoor in the same way the file stagger is uploaded?
>
> Thanks in advance.
>
> --
> Sergio Roberto Charpinel Jr.
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] backdoor file permission

[Sergio C. Jr. <ser...@gm...>]

Hi,

In a pentest, I could upload the web file stager but not the web backdoor.
Why this happens? I mean, isn't it possible to upload the backdoor in the
same way the file stagger is uploaded?

Thanks in advance.

-- 
Sergio Roberto Charpinel Jr.

[sqlmap-users] sqlmap --update error

[Fabio P. <fab...@pr...>]

ortes@lpt-rj-015:~/Documents/Proof/Ágora/scan-1106$ sudo sqlmap --update

     sqlmap/0.6.4 coded by Bernardo Damele A. G. <ber...@gm...>
                       and Daniele Bellucci <dan...@gm...>

[*] starting at: 22:51:37

[22:51:37] [INFO] updating sqlmap
[22:51:38] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the 
command line and the following text and send by e-mail to 
sql...@li.... The developers will fix it as soon 
as possible:
sqlmap version: 0.6.4
Python version: 2.7.1+
Operating system: linux2
Traceback (most recent call last):
   File "/usr/bin/sqlmap", line 78, in main
     init(cmdLineOptions)
   File "/usr/share/sqlmap/lib/core/option.py", line 770, in init
     update()
   File "/usr/share/sqlmap/lib/core/update.py", line 349, in update
     __updateSqlmap()
   File "/usr/share/sqlmap/lib/core/update.py", line 246, in __updateSqlmap
     logger.errMsg(errMsg)
AttributeError: 'Logger' object has no attribute 'errMsg'

[*] shutting down at: 22:51:38

[sqlmap-users] Struggling with an injection

[Matt G. <mtg...@gm...>]

Hello,

I've been testing a non-production app from a black-box perspective.  The
only SQLi I've found is from the login page.  I can bypass the login by
dropping something like: 1' or 1=1-- into the password field.
Unfortunately, sqlmap doesn't find this vulnerability.  Well, that's not
quite true.  I eventually, dumped my Burp proxy log into a file and had
sqlmap target it.  The POST file is icky (IIS7.5 ASP and tons of weird data
running around).   Still after repeated tests, sqlmap eventually found this
vulnerability as a time based SQLi.

I don't understand why sqlmap cannot locate the vulnerability via the
stacked query or simply that it bypasses the login page.  When I get in, I
can't extract data.  I can get verification that I'm a DBA, but little to
nothing else.  With --sql-shell, I can run 'SELECT @@version' and sqlmap
returns a blank data set; if the query is bogus, it returns an error.  So,
for some reason, no data is returned.

Would anyone be able to give me some pointers on a) why sqlmap doesn't see
this injection properly, and b) why I would get no data returned?

Thanks,

-- 
Matt Gardenghi

[sqlmap-users] --file-write suggestion

[Ahmed S. <ah...@is...>]

hey sqlmap user :) .
while using sqlmap  with --file-write flag against DVWA i noticed that the
uploaded files' size is always incremented by 4 bytes
 the data sent to the server is encoded in ascii hex so i suggest to add 0a
after encoding the data to be something like
0x0a74657374

thanks in advance
-- 

   - Ahmed Shawky El-Antry
   - Pen-tester, Programmer and System administrator
   - lnxg33k owner "http://lnxg33k.wordpress.com"
   - Isecur1ty team member"http://www.isecur1ty.org"
   - Twitter @lnxg33k

Re: [sqlmap-users] Bug?

[Miroslav S. <mir...@gm...>]

hi Daniele.

please forgive for my rudeness. it was only matter of time before
someone will try to do bad things to sqlmap with things like:
'a'*10000.

this is the only PoC i could find for python based programs and it
requires ancient Python version and usage of os.path.realpath
function:
http://www.securiteam.com/exploits/5BP0D2KI0C.html

we use it only at two places - grep for os.path.realpath(__file__),
and it's hardly imaginable that it could be exploited in that manner.

nevertheless, thank you for your report and find it fixed in the latest commit.

kr

On Fri, Jun 3, 2011 at 12:13 PM, Miroslav Stampar
<mir...@gm...> wrote:
> hi Daniele.
>
> first of all ROFLMAO :)
>
> if you wanted to fuzz the sqlmap to become famous then... i can't find
> appropriate words. only problem is that you'll need to find a way how
> to execute fuzzed python code.
>
> we'll patch this one just for the lulz
>
> good luck and thanks for all the fish :)
>
> kr
>
> On Fri, Jun 3, 2011 at 11:54 AM, Daniele Rivetti
> <dan...@ya...> wrote:
>> I did this thing under windows: create a /x41 (10000 bytes) file (called
>> sqlmap.conf)  I gave it to  sqlmap with -c and i got this:
>> C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf
>>
>>     sqlmap/0.9 - automatic SQL injection and database takeover tool
>>     http://sqlmap.sourceforge.net
>>
>> [*] starting at: 11:43:52
>>
>>
>>
>> [*] shutting down at: 11:43:52
>>
>> Traceback (most recent call last):
>>   File "sqlmap.py", line 126, in <module>
>>     main()
>>   File "sqlmap.py", line 111, in main
>>     errMsg = unhandledExceptionMessage()
>>   File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in
>> unhandledEx
>> ceptionMessage
>>     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" %
>> Backend.getDbms() if
>>  Backend.getDbms() is not None else "%s (identified)" %
>> Backend.getIdentifiedDbm
>> s())
>>   File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in
>> getIdentifie
>> dDbms
>>     elif conf.dbms is not None:
>>   File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in
>> __getattr__
>>
>>     raise sqlmapDataException, "unable to access item '%s'" % item
>> lib.core.exception.sqlmapDataException: unable to access item 'dbms'
>>
>> C:\pentest-vulnass\sqlmap>
>>
>> Maybe you can find this useful.
>> Daniele
>> regards
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with vRanger.
>> Installation's a snap, and flexible recovery options mean your data is safe,
>> secure and there when you need it. Discover what all the cheering's about.
>> Get your free trial download today.
>> http://p.sf.net/sfu/quest-dev2dev2
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] Bug?

[Miroslav S. <mir...@gm...>]

hi Daniele.

first of all ROFLMAO :)

if you wanted to fuzz the sqlmap to become famous then... i can't find
appropriate words. only problem is that you'll need to find a way how
to execute fuzzed python code.

we'll patch this one just for the lulz

good luck and thanks for all the fish :)

kr

On Fri, Jun 3, 2011 at 11:54 AM, Daniele Rivetti
<dan...@ya...> wrote:
> I did this thing under windows: create a /x41 (10000 bytes) file (called
> sqlmap.conf)  I gave it to  sqlmap with -c and i got this:
> C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf
>
>     sqlmap/0.9 - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
>
> [*] starting at: 11:43:52
>
>
>
> [*] shutting down at: 11:43:52
>
> Traceback (most recent call last):
>   File "sqlmap.py", line 126, in <module>
>     main()
>   File "sqlmap.py", line 111, in main
>     errMsg = unhandledExceptionMessage()
>   File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in
> unhandledEx
> ceptionMessage
>     errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" %
> Backend.getDbms() if
>  Backend.getDbms() is not None else "%s (identified)" %
> Backend.getIdentifiedDbm
> s())
>   File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in
> getIdentifie
> dDbms
>     elif conf.dbms is not None:
>   File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in
> __getattr__
>
>     raise sqlmapDataException, "unable to access item '%s'" % item
> lib.core.exception.sqlmapDataException: unable to access item 'dbms'
>
> C:\pentest-vulnass\sqlmap>
>
> Maybe you can find this useful.
> Daniele
> regards
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

[sqlmap-users] Bug?

[Daniele R. <dan...@ya...>]

I did this thing under windows: create a /x41 (10000 bytes) file (called sqlmap.conf)  I gave it to  sqlmap with -c and i got this:

C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf

    sqlmap/0.9 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 11:43:52



[*] shutting down at: 11:43:52

Traceback (most recent call last):
  File "sqlmap.py", line 126, in <module>
    main()
  File "sqlmap.py", line 111, in main
    errMsg = unhandledExceptionMessage()
  File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in unhandledEx
ceptionMessage
    errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if
 Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbm
s())
  File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in getIdentifie
dDbms
    elif conf.dbms is not None:
  File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in __getattr__

    raise sqlmapDataException, "unable to access item '%s'" % item
lib.core.exception.sqlmapDataException: unable to access item 'dbms'

C:\pentest-vulnass\sqlmap>


Maybe you can find this useful.

Daniele

regards

[sqlmap-users] sqlmap

[Miroslav S. <mir...@gm...>]

hi all.

last few days i've put lots of posts at
http://unconciousmind.blogspot.com/ where you can take a look of
sqlmap's runs against some popular damn vulnerable LEGAL targets.

also, in future there will be ttyrec's of every following run/post.

kr

-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] grafical way

[<chr...@gm...>]

Gui? Pffft ;)
------------------

-----Original Message-----
From: Miroslav Stampar <mir...@gm...>
Date: Wed, 1 Jun 2011 15:46:00 
To: Ahmed Shawky<ah...@is...>
Cc: sql...@li...<sql...@li...>
Subject: Re: [sqlmap-users] grafical way

hi Daniele.

until this moment we wanted to make a really good program, even run in
console mode, that would do the job right.

eventually in some near future there will be GUI, we promise. until
that moment you'll need to hurt your finger joints some more :)

kr

On Wed, Jun 1, 2011 at 3:38 PM, Ahmed Shawky <ah...@is...> wrote:
> use sqlmap with --wizard flag
> ./sqlmap --wizard
> On Wed, Jun 1, 2011 at 3:14 PM, Daniele Rivetti <dan...@ya...>
> wrote:
>>
>> Hi. I'm actually using your tool. Very nice and very well written. But
>> sometimes i had hard time to complete command line parameters. (i'm quite
>> lazy). What about writing something graphical to improve it?
>> daniele
>>
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with
>> vRanger.
>> Installation's a snap, and flexible recovery options mean your data is
>> safe,
>> secure and there when you need it. Data protection magic?
>> Nope - It's vRanger. Get your free trial download today.
>> http://p.sf.net/sfu/quest-sfdev2dev
>>_______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
>
> Ahmed Shawky El-Antry
> Pen-tester, Programmer and System administrator
> lnxg33k owner "http://lnxg33k.wordpress.com"
> Isecur1ty team member"http://www.isecur1ty.org"
> Twitter @lnxg33k
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
>_______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger. 
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today. 
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
sqlmap-users mailing list
sql...@li...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] grafical way

[Miroslav S. <mir...@gm...>]

hi Daniele.

until this moment we wanted to make a really good program, even run in
console mode, that would do the job right.

eventually in some near future there will be GUI, we promise. until
that moment you'll need to hurt your finger joints some more :)

kr

On Wed, Jun 1, 2011 at 3:38 PM, Ahmed Shawky <ah...@is...> wrote:
> use sqlmap with --wizard flag
> ./sqlmap --wizard
> On Wed, Jun 1, 2011 at 3:14 PM, Daniele Rivetti <dan...@ya...>
> wrote:
>>
>> Hi. I'm actually using your tool. Very nice and very well written. But
>> sometimes i had hard time to complete command line parameters. (i'm quite
>> lazy). What about writing something graphical to improve it?
>> daniele
>>
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with
>> vRanger.
>> Installation's a snap, and flexible recovery options mean your data is
>> safe,
>> secure and there when you need it. Data protection magic?
>> Nope - It's vRanger. Get your free trial download today.
>> http://p.sf.net/sfu/quest-sfdev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
>
> Ahmed Shawky El-Antry
> Pen-tester, Programmer and System administrator
> lnxg33k owner "http://lnxg33k.wordpress.com"
> Isecur1ty team member"http://www.isecur1ty.org"
> Twitter @lnxg33k
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] grafical way

[Ahmed S. <ah...@is...>]

use sqlmap with --wizard flag
./sqlmap --wizard

On Wed, Jun 1, 2011 at 3:14 PM, Daniele Rivetti
<dan...@ya...>wrote:

> Hi. I'm actually using your tool. Very nice and very well written. But
> sometimes i had hard time to complete command line parameters. (i'm quite
> lazy). What about writing something graphical to improve it?
>
> daniele
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with
> vRanger.
> Installation's a snap, and flexible recovery options mean your data is
> safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 

   - Ahmed Shawky El-Antry
   - Pen-tester, Programmer and System administrator
   - lnxg33k owner "http://lnxg33k.wordpress.com"
   - Isecur1ty team member"http://www.isecur1ty.org"
   - Twitter @lnxg33k

[sqlmap-users] grafical way

[Daniele R. <dan...@ya...>]

Hi. I'm actually using your tool. Very nice and very well written. But sometimes i had hard time to complete command line parameters. (i'm quite lazy). What about writing something graphical to improve it?

daniele

Re: [sqlmap-users] bug

[Miroslav S. <mir...@gm...>]

sorry.

now i see that you are using outdated version 0.9-dev while the
current version is 1.0-dev.

please update and try again.

kr

On Tue, May 31, 2011 at 4:51 PM, Miroslav Stampar
<mir...@gm...> wrote:
> hi Ben.
>
> thank you for your report and please don't send real sites here. will
> fix and report back.
>
> kr
>
> On Tue, May 31, 2011 at 4:46 PM, Ben Gan <ggs...@ho...> wrote:
>>  ./sqlmap.py -u http://www.yello.co.th/th/hot_item.php?cat1=mechandise
>>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>>     http://sqlmap.sourceforge.net
>> [*] starting at: 22:44:04
>> [22:44:04] [INFO] using
>> '/pentest/database/sqlmap/output/www.yello.co.th/session' as session file
>> [22:44:04] [INFO] testing connection to the target url
>> [22:44:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
>> command line and the following text and send by e-mail to
>> sql...@li.... The developer will fix it as soon as
>> possible:
>> sqlmap version: 0.9-dev
>> Python version: 2.5.2
>> Operating system: posix
>> Traceback (most recent call last):
>>   File "./sqlmap.py", line 89, in main
>>     start()
>>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in
>> start
>>     if not checkConnection() or not checkString() or not checkRegexp():
>>   File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in
>> checkConnection
>>     page, _ = Request.getPage()
>>   File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in
>> getPage
>>     page = decodePage(page, responseHeaders.get("Content-Encoding"),
>> responseHeaders.get("Content-Type"))
>>   File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in
>> decodePage
>>     page = unicode(page, contentType.split('charset=')[-1])     #don't use
>> getUnicode here. it needs to stay as is.
>> LookupError: unknown encoding: windows-874
>> [*] shutting down at: 22:44:05
>>
>> ------------------------------------------------------------------------------
>> Simplify data backup and recovery for your virtual environment with vRanger.
>> Installation's a snap, and flexible recovery options mean your data is safe,
>> secure and there when you need it. Data protection magic?
>> Nope - It's vRanger. Get your free trial download today.
>> http://p.sf.net/sfu/quest-sfdev2dev
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] bug

[Miroslav S. <mir...@gm...>]

hi Ben.

thank you for your report and please don't send real sites here. will
fix and report back.

kr

On Tue, May 31, 2011 at 4:46 PM, Ben Gan <ggs...@ho...> wrote:
>  ./sqlmap.py -u http://www.yello.co.th/th/hot_item.php?cat1=mechandise
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
> [*] starting at: 22:44:04
> [22:44:04] [INFO] using
> '/pentest/database/sqlmap/output/www.yello.co.th/session' as session file
> [22:44:04] [INFO] testing connection to the target url
> [22:44:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.9-dev
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in
> start
>     if not checkConnection() or not checkString() or not checkRegexp():
>   File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in
> checkConnection
>     page, _ = Request.getPage()
>   File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in
> getPage
>     page = decodePage(page, responseHeaders.get("Content-Encoding"),
> responseHeaders.get("Content-Type"))
>   File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in
> decodePage
>     page = unicode(page, contentType.split('charset=')[-1])     #don't use
> getUnicode here. it needs to stay as is.
> LookupError: unknown encoding: windows-874
> [*] shutting down at: 22:44:05
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

[sqlmap-users] bug

[Ben G. <ggs...@ho...>]

 ./sqlmap.py -u http://www.yello.co.th/th/hot_item.php?cat1=mechandise
    sqlmap/0.9-dev - automatic SQL injection and database takeover tool    http://sqlmap.sourceforge.net
[*] starting at: 22:44:04
[22:44:04] [INFO] using '/pentest/database/sqlmap/output/www.yello.co.th/session' as session file[22:44:04] [INFO] testing connection to the target url
[22:44:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible:sqlmap version: 0.9-devPython version: 2.5.2Operating system: posixTraceback (most recent call last):  File "./sqlmap.py", line 89, in main    start()  File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in start    if not checkConnection() or not checkString() or not checkRegexp():  File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in checkConnection    page, _ = Request.getPage()  File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in getPage    page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))  File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in decodePage    page = unicode(page, contentType.split('charset=')[-1])     #don't use getUnicode here. it needs to stay as is.LookupError: unknown encoding: windows-874
[*] shutting down at: 22:44:05