sqlmap-users Mailing List for sqlmap (Page 99)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2011-04-17 15:52:19
|
hi. i've tried this moment (via anonymous) and it worked ok. could you please try to go to the web page at that same url using your browser and tell what's happening? in normal case browser shouldn't ask you for credentials. kr On Sun, Apr 17, 2011 at 3:18 PM, Mines <ab...@mi...> wrote: > Hi, > It seems sqlmap svn server needs credentials to checkout using commandline > svn from: > > https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap > > > Any ideas? > > Thanks. > > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about boosting > the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Mines <ab...@mi...> - 2011-04-17 13:18:52
|
Hi, It seems sqlmap svn server needs credentials to checkout using commandline svn from: https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap Any ideas? Thanks. |
|
From: Miroslav S. <mir...@gm...> - 2011-04-15 20:20:22
|
lol. sorry. my bad :) On Fri, Apr 15, 2011 at 6:26 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Fixed, r3684 - svn update please. > > Bernardo > > > On 15 April 2011 16:05, m4l1c3 <mal...@gm...> wrote: >> I removed my sqlmap-dev folder, and svn'd the latest. >> >> Here's the output of ./sqlmap.py --update >> >> Traceback (most recent call last): >> File "./sqlmap.py", line 27, in <module> >> from lib.controller.controller import start >> File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line 12, >> in <module> >> from lib.controller.action import action >> File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 10, in >> <module> >> from lib.controller.handler import setHandler >> File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line 10, in >> <module> >> from lib.core.common import Backend >> File "/pentest/database/sqlmap-dev/lib/core/common.py", line 49, in >> <module> >> from lib.core.convert import htmlunescape >> File "/pentest/database/sqlmap-dev/lib/core/convert.py", line 24, in >> <module> >> from extra.safe2bin.safe2bin import safecharencode >> ImportError: No module named safe2bin.safe2bin >> >> >> ------------------------------------------------------------------------------ >> Benefiting from Server Virtualization: Beyond Initial Workload >> Consolidation -- Increasing the use of server virtualization is a top >> priority.Virtualization can reduce costs, simplify management, and improve >> application availability and disaster protection. Learn more about boosting >> the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about boosting > the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-15 16:26:26
|
Fixed, r3684 - svn update please. Bernardo On 15 April 2011 16:05, m4l1c3 <mal...@gm...> wrote: > I removed my sqlmap-dev folder, and svn'd the latest. > > Here's the output of ./sqlmap.py --update > > Traceback (most recent call last): > File "./sqlmap.py", line 27, in <module> > from lib.controller.controller import start > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line 12, > in <module> > from lib.controller.action import action > File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 10, in > <module> > from lib.controller.handler import setHandler > File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line 10, in > <module> > from lib.core.common import Backend > File "/pentest/database/sqlmap-dev/lib/core/common.py", line 49, in > <module> > from lib.core.convert import htmlunescape > File "/pentest/database/sqlmap-dev/lib/core/convert.py", line 24, in > <module> > from extra.safe2bin.safe2bin import safecharencode > ImportError: No module named safe2bin.safe2bin > > > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about boosting > the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: m4l1c3 <mal...@gm...> - 2011-04-15 15:05:14
|
I removed my sqlmap-dev folder, and svn'd the latest.
Here's the output of ./sqlmap.py --update
Traceback (most recent call last):
File "./sqlmap.py", line 27, in <module>
from lib.controller.controller import start
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line 12,
in <module>
from lib.controller.action import action
File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 10, in
<module>
from lib.controller.handler import setHandler
File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line 10, in
<module>
from lib.core.common import Backend
File "/pentest/database/sqlmap-dev/lib/core/common.py", line 49, in
<module>
from lib.core.convert import htmlunescape
File "/pentest/database/sqlmap-dev/lib/core/convert.py", line 24, in
<module>
from extra.safe2bin.safe2bin import safecharencode
ImportError: No module named safe2bin.safe2bin
|
|
From: Miroslav S. <mir...@gm...> - 2011-04-15 14:16:05
|
hi nightman. sorry. we were aware of this thing but haven't "patched" the problem for error and union techniques - until this moment. i believe that the last commit should fix further problems related. kr On Fri, Apr 15, 2011 at 4:03 PM, <nig...@em...> wrote: > Hi, > > I have a Problem when i dumped a DB, from time to time sqlmap lost the > connection to the target, but Sqlmap does not write the data already > received into a csv. Why? > > greetz Nightman > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about boosting > the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: <nig...@em...> - 2011-04-15 14:04:04
|
<html><head></head><body bgcolor='#FFFFFF' style='font-size:12px;background-color:#FFFFFF;font-family:Verdana, Arial, sans-serif;'>Hi,<br/><br/>I have a Problem when i dumped a DB, from time to time sqlmap lost the connection to the target, but Sqlmap does not write the data already received into a csv. Why?<br/><br/>greetz Nightman</body></html> |
|
From: Miroslav S. <mir...@gm...> - 2011-04-15 13:58:45
|
hi all. maybe of you have probably noticed that we've included in last few days "safe encoding" of otherwise "unsafe" and/or "ugly" characters for terminal printing. you can notice those in dumping of values by their safehex representation, like for example: "\x07test\x14bla\xf5" or "\nthis is a newline test\nwith\ttab". this way we are covering dumping of binary data columns together with preservation of "sanity" of the user itself and his own terminal environment. now, this moment we've also included a tool for decoding this kind of stuff so you can convert it back to it's original (binary) form. you can find it inside extra\safe2bin folder, and usage of it is pretty simple: [.../extra/safe2bin] python safe2bin.py -i dump.txt -o dump.txt.bin kr -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-15 11:32:59
|
thank you for your report. find it fixed in latest revision. kr On Fri, Apr 15, 2011 at 12:54 PM, m4l1c3 <mal...@gm...> wrote: > sqlmap version: 1.0-dev (r3674) > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -u > *********************************************** --batch --dump -C ******* > Technique: BOOLEAN > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 83, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 467, in start > action() > File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, > in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line > 1238, in dumpTable > self.searchColumn() > File > "/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line > 320, in searchColumn > query = query % (db, db, db, db, db, db) > TypeError: not all arguments converted during string formatting > > > > > > ------------------------------------------------------------------------------ > Benefiting from Server Virtualization: Beyond Initial Workload > Consolidation -- Increasing the use of server virtualization is a top > priority.Virtualization can reduce costs, simplify management, and improve > application availability and disaster protection. Learn more about boosting > the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: m4l1c3 <mal...@gm...> - 2011-04-15 10:54:10
|
sqlmap version: 1.0-dev (r3674)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u ***********************************************
--batch --dump -C *******
Technique: BOOLEAN
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
467, in start
action()
File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, in
action
conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
1238, in dumpTable
self.searchColumn()
File
"/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line
320, in searchColumn
query = query % (db, db, db, db, db, db)
TypeError: not all arguments converted during string formatting
|
|
From: Miroslav S. <mir...@gm...> - 2011-04-14 14:35:14
|
hi all. minor update. all of you who tried to dump big tables into sqlite3 db using --replicate switch you have probably noticed that it was pretty slow. now, the speed is vastly improved with the last commit (r3667). enjoy :) kr -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-13 14:48:39
|
hi Kirill i've stumbled upon one case where every approximately 3-4 times (non-deterministic) i get the same garbled output (-T help_topic -D mysql). it's probably something about the content itself. I'll investigate further and let you know. kr On Wed, Apr 13, 2011 at 1:07 AM, Miroslav Stampar <mir...@gm...> wrote: > hi again. > > i've done a minor just in case update to prevent this kind of > behavior. it would be good if you could retest. > > kr > > On Wed, Apr 13, 2011 at 12:47 AM, Miroslav Stampar > <mir...@gm...> wrote: >> hi Kirill. >> >> can you confirm that this is reproducable? >> >> also, it would be helpful to know which switches have you used in >> previous run, because you've sent screenshot of a run without any >> injection points found. >> >> kr >> >> On Tue, Apr 12, 2011 at 10:03 PM, Kirill Morozov <l0...@l0...> wrote: >>> Hi, >>> with lastest svn release i have a problem. >>> If time-base blind is found - all output after this is broken, i mean, no >>> '\r' with new line. >>> Screenshot attached. >>> -- >>> Kirill Morozov >>> KIMO2-RIPE, RHCE >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Forrester Wave Report - Recovery time is now measured in hours and minutes >>> not days. Key insights are discussed in the 2010 Forrester Wave Report as >>> part of an in-depth evaluation of disaster recovery service providers. >>> Forrester found the best-in-class provider in terms of services and vision. >>> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-13 09:00:00
|
Hi James, On 11 April 2011 22:05, <ja...@ev...> wrote: > hi, > > wow, sqlmap has gotten really pretty over the past year: > > [20:54:44] [INFO] the SQL query used returns 39154 entries > [21:07:05] [INFO] retrieved: 4416/39154 entries (11%) > > one thing that might be nifty is a retrived records per second > counter. > purely cosmetic but might be nice, > anyone else care? Honestly, I don't. That 'retrieved: ... entries (XX%)' message is only in partial UNION query SQL injection technique, so a corner case and I see no real benefit in showing the average per minute. Cheers, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Miroslav S. <mir...@gm...> - 2011-04-12 23:07:50
|
hi again. i've done a minor just in case update to prevent this kind of behavior. it would be good if you could retest. kr On Wed, Apr 13, 2011 at 12:47 AM, Miroslav Stampar <mir...@gm...> wrote: > hi Kirill. > > can you confirm that this is reproducable? > > also, it would be helpful to know which switches have you used in > previous run, because you've sent screenshot of a run without any > injection points found. > > kr > > On Tue, Apr 12, 2011 at 10:03 PM, Kirill Morozov <l0...@l0...> wrote: >> Hi, >> with lastest svn release i have a problem. >> If time-base blind is found - all output after this is broken, i mean, no >> '\r' with new line. >> Screenshot attached. >> -- >> Kirill Morozov >> KIMO2-RIPE, RHCE >> >> >> >> ------------------------------------------------------------------------------ >> Forrester Wave Report - Recovery time is now measured in hours and minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and vision. >> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-12 22:48:02
|
hi Kirill. can you confirm that this is reproducable? also, it would be helpful to know which switches have you used in previous run, because you've sent screenshot of a run without any injection points found. kr On Tue, Apr 12, 2011 at 10:03 PM, Kirill Morozov <l0...@l0...> wrote: > Hi, > with lastest svn release i have a problem. > If time-base blind is found - all output after this is broken, i mean, no > '\r' with new line. > Screenshot attached. > -- > Kirill Morozov > KIMO2-RIPE, RHCE > > > > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-12 10:01:26
|
Hi Kevin, On 9 April 2011 17:00, Kevin Johnson <kjo...@se...> wrote: > *** I was subscribed under a different email *** > > Hi all, > > First let me say thanks for SQLMap. It is a great tool and I use it constantly! Welcome! > The reason for this email is that I am doing a webcast next week and I will be > talking about SQLMap. I thought it would make sense to ask if there was > anything specific you would want to see covered? I am focusing on > exploitation in the talk. You can either list the major features or you could be more precise and detail the niche ones. Personally, I would kick off with a brief overview (actively developed since 2006, open source - GPLv2, wide enthusiastic community, very good users' feedback, lovely developers ;)) then a three-points core features (see from homepage) and real world scenarios where it really helped. You can grab some ideas from the user's manual - it is updated as of 0.9 stable released two days ago. Niche features that you could talk about, if you feel confident, are --predict-output, --tamper, --common-*, --udf-inject and since you're going to focus on exploitation I would certainly recommend --os-pwn. These are all documented in the user's manual, some have examples in there too. Good luck! -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-11 21:44:44
|
I could not reproduce the bug, however I think I might have fixed it in r3638. Can you please give it a try again and report? Thank you, Bernardo On 11 April 2011 19:41, David Guimaraes <sk...@gm...> wrote: > [15:39:33] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r3637) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py --proxy http://127.0.0.1:8118/ -u > ***************************************************** --data > nmgp_parms=nmcpfcad?#? -p nmgp_parms -v 3 --level 5 --risk 3 --sql-query > select * from **************** where Nomecad like 'nome%aki%' --fresh > Technique: ERROR > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/home/david/sqlmap-dev/lib/controller/controller.py", line 460, in > start > action() > File "/home/david/sqlmap-dev/lib/controller/action.py", line 112, in > action > conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query)) > File "/home/david/sqlmap-dev/plugins/generic/enumeration.py", line 2056, > in sqlQuery > output = inject.getValue(query, fromUser=True) > File "/home/david/sqlmap-dev/lib/request/inject.py", line 409, in getValue > query = expandAsteriskForColumns(query) > File "/home/david/sqlmap-dev/lib/core/common.py", line 1047, in > expandAsteriskForColumns > columnsStr = ", ".join([column for column in columns]) > TypeError: sequence item 0: expected string, NoneType found > [*] shutting down at: 15:39:33 > > > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: <ja...@ev...> - 2011-04-11 21:32:06
|
hi, wow, sqlmap has gotten really pretty over the past year: [20:54:44] [INFO] the SQL query used returns 39154 entries [21:07:05] [INFO] retrieved: 4416/39154 entries (11%) one thing that might be nifty is a retrived records per second counter. purely cosmetic but might be nice, anyone else care? james |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-11 20:09:48
|
Sorry, it is not documented. I will update it soon. Thanks for the note. Bernardo Damele A. G. This message was sent from a smartphone On 11 Apr 2011, at 19:18, "bu...@gm..." <bu...@gm...> wrote: > On 03/01/2011 11:07 AM, Bernardo Damele A. G. wrote: >> Thanks for reminding that. We will certainly add it to the manual. >> >> Bernardo Damele A. G. > > Chapter 5.5.1 does not mention that possibility[1], where in the manual > [2] can I find it? > > [1] http://sourceforge.net/mailarchive/message.php?msg_id=26217333 > [2] http://sqlmap.sourceforge.net/doc/README.pdf > > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: David G. <sk...@gm...> - 2011-04-11 18:42:10
|
[15:39:33] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3637)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py --proxy http://127.0.0.1:8118/ -u
***************************************************** --data
nmgp_parms=nmcpfcad?#? -p nmgp_parms -v 3 --level 5 --risk 3 --sql-query
select * from **************** where Nomecad like 'nome%aki%' --fresh
Technique: ERROR
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/home/david/sqlmap-dev/lib/controller/controller.py", line 460, in
start
action()
File "/home/david/sqlmap-dev/lib/controller/action.py", line 112, in
action
conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
File "/home/david/sqlmap-dev/plugins/generic/enumeration.py", line 2056,
in sqlQuery
output = inject.getValue(query, fromUser=True)
File "/home/david/sqlmap-dev/lib/request/inject.py", line 409, in getValue
query = expandAsteriskForColumns(query)
File "/home/david/sqlmap-dev/lib/core/common.py", line 1047, in
expandAsteriskForColumns
columnsStr = ", ".join([column for column in columns])
TypeError: sequence item 0: expected string, NoneType found
[*] shutting down at: 15:39:33
|
|
From: <bu...@gm...> - 2011-04-11 18:18:16
|
On 03/01/2011 11:07 AM, Bernardo Damele A. G. wrote: > Thanks for reminding that. We will certainly add it to the manual. > > Bernardo Damele A. G. Chapter 5.5.1 does not mention that possibility[1], where in the manual [2] can I find it? [1] http://sourceforge.net/mailarchive/message.php?msg_id=26217333 [2] http://sqlmap.sourceforge.net/doc/README.pdf |
|
From: Miroslav S. <mir...@gm...> - 2011-04-11 12:14:53
|
Hi,
We are glad to release sqlmap version 0.9.
Thanks to anyone of you that contributed with really appreciated and
useful feedback.
Changes
=======
Some of the new features include:
* Rewritten SQL injection detection engine (Bernardo and Miroslav).
* Support to directly connect to the database without passing via a
SQL injection, -d switch (Bernardo and Miroslav).
* Added full support for both time-based blind SQL injection and
error-based SQL injection techniques (Bernardo and Miroslav).
* Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
* Implemented support for Firebird (Bernardo and Miroslav).
* Implemented support for Microsoft Access, Sybase and SAP MaxDB
(Miroslav).
* Added support to tamper injection data with --tamper switch (Bernardo
and Miroslav).
* Added automatic recognition of password hashes format and support to
crack them with a dictionary-based attack (Miroslav).
* Added support to fetch unicode data (Bernardo and Miroslav).
* Added support to use persistent HTTP(s) connection for speed
improvement, --keep-alive switch (Miroslav).
* Implemented several optimization switches to speed up the exploitation
of SQL injections (Bernardo and Miroslav).
* Support to parse and test forms on target url, --forms switch
(Bernardo and Miroslav).
* Added switches to brute-force tables names and columns names with a
dictionary attack, --common-tables and --common-columns. Useful for
instance when system table 'information_schema' is not available on
MySQL (Miroslav).
Complete list of changes at
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.
Download
========
You can download it in two formats:
* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.9.tar.gz
* Source zip compressed, http://downloads.sourceforge.net/sqlmap/sqlmap-0.9.zip
Documentation
=============
* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf
* Conferences' material (whitepaper and slides):
http://sqlmap.sourceforge.net/#docs
Happy hacking!
--
Miroslav Stampar
E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B
|
|
From: Kevin J. <kjo...@se...> - 2011-04-09 16:00:49
|
*** I was subscribed under a different email *** Hi all, First let me say thanks for SQLMap. It is a great tool and I use it constantly! The reason for this email is that I am doing a webcast next week and I will be talking about SQLMap. I thought it would make sense to ask if there was anything specific you would want to see covered? I am focusing on exploitation in the talk. Thanks in advance, Kevin ---- Kevin Johnson Security Consultant Secure Ideas http://www.secureideas.net office - 904-639-6709 cell - 904-403-8024 |
|
From: Ahmed S. <ah...@is...> - 2011-04-08 08:32:21
|
damn it, these guys are so fast :) On Fri, Apr 8, 2011 at 12:15 AM, Ryan Sears <rd...@mt...> wrote: > Hey Bernardo, > > Wow. I gotta say, I'm very impressed with your turn-around time. A lot of > times good tools go un-maintained, but you guys are clearly passionate about > your work, which is absolutely amazing! > > Great work guys, > Ryan > > ----- Original Message ----- > From: "Bernardo Damele A. G." <ber...@gm...> > To: "Ryan Sears" <rd...@mt...> > Cc: sql...@li... > Sent: Thursday, April 7, 2011 6:09:57 PM GMT -05:00 US/Canada Eastern > Subject: Re: [sqlmap-users] DNS queries for every test? > > Hi Ryan, > > On 7 April 2011 21:36, Ryan Sears <rd...@mt...> wrote: > > ... > > First of all I have to say that I think this is one of, if not THE > favorite penetration testing tool in my collection. It saves a ridiculous > amount of time, and is remarkably stable. Great job, and I hope you keep up > the amazing work! > > Thank you. > > > ... > > Also what do you guys think of possibly having the --dump option do > something like --dump-all flag but with just a single database if you supply > it with the -D argument? Just a thought (although maybe I'm missing > something). > > Done. Find it committed in r3583. --dump-all switch now parses the -D > switch in order to dump all tables' entries for only user's specified > database(s). > Like -C and -T, -D accepts also more values, comma-separated so for > instance you can tell sqlmap to dump all tables' entries for two > databases only. > > Cheers, > Bernardo > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- - Ahmed Shawky El-Antry - Pen-tester, Programmer and System administrator - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k |
|
From: Ryan S. <rd...@mt...> - 2011-04-07 22:15:40
|
Hey Bernardo, Wow. I gotta say, I'm very impressed with your turn-around time. A lot of times good tools go un-maintained, but you guys are clearly passionate about your work, which is absolutely amazing! Great work guys, Ryan ----- Original Message ----- From: "Bernardo Damele A. G." <ber...@gm...> To: "Ryan Sears" <rd...@mt...> Cc: sql...@li... Sent: Thursday, April 7, 2011 6:09:57 PM GMT -05:00 US/Canada Eastern Subject: Re: [sqlmap-users] DNS queries for every test? Hi Ryan, On 7 April 2011 21:36, Ryan Sears <rd...@mt...> wrote: > ... > First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! Thank you. > ... > Also what do you guys think of possibly having the --dump option do something like --dump-all flag but with just a single database if you supply it with the -D argument? Just a thought (although maybe I'm missing something). Done. Find it committed in r3583. --dump-all switch now parses the -D switch in order to dump all tables' entries for only user's specified database(s). Like -C and -T, -D accepts also more values, comma-separated so for instance you can tell sqlmap to dump all tables' entries for two databases only. Cheers, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
48 messages has been excluded from this view by a project administrator.
