sqlmap-users Mailing List for sqlmap (Page 100)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-07 22:10:05
|
Hi Ryan, On 7 April 2011 21:36, Ryan Sears <rd...@mt...> wrote: > ... > First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! Thank you. > ... > Also what do you guys think of possibly having the --dump option do something like --dump-all flag but with just a single database if you supply it with the -D argument? Just a thought (although maybe I'm missing something). Done. Find it committed in r3583. --dump-all switch now parses the -D switch in order to dump all tables' entries for only user's specified database(s). Like -C and -T, -D accepts also more values, comma-separated so for instance you can tell sqlmap to dump all tables' entries for two databases only. Cheers, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Ryan S. <rd...@mt...> - 2011-04-07 21:42:14
|
Holy crap. The award for quickest turn-around time for a feature request goes to Miroslav! One word. Awesome! Thanks again! Ryan ----- Original Message ----- From: "Miroslav Stampar" <mir...@gm...> To: "Ryan Sears" <rd...@mt...> Cc: sql...@li... Sent: Thursday, April 7, 2011 5:40:12 PM GMT -05:00 US/Canada Eastern Subject: Re: [sqlmap-users] DNS queries for every test? hi there again. find the DNS caching mechanism implemented with the latest commit r3582 (big thanks goes to Andres Riancho for suggesting a way to do it). kr On Thu, Apr 7, 2011 at 10:51 PM, Miroslav Stampar <mir...@gm...> wrote: > On Thu, Apr 7, 2011 at 10:36 PM, Ryan Sears <rd...@mt...> wrote: >> Hi there, >> >> First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! > > :) > >> >> It seems as though sqlmap (latest SVN revision) doesn't cache DNS information though, causing a fraction of latency on every request. Is anyone else noticing this? I may just have a mis-configuration somewhere, but I've scoured around the config files and documentation and can't seem to find anything about it. Even when I put the hostname in the /etc/hosts file to try to bypass this latency, it still makes the query. Is there any way to stop it from doing this? Obviously it's not that big a deal, but when you're making 1,000 requests to a web-app, hitting the DNS server first every time does put on significant overhead for something that could be cached after the first query. >> >> I'm not sure if this is something that python itself is doing, or something in the code that makes it happen (I'm guessing the former). Ideas? > > it's a python thing, but it would be a good idea to circumvent it > somehow. we'll do it (hopefully) and report back. > >> >> Also what do you guys think of possibly having the --dump option do something like --dump-all flag but with just a single database if you supply it with the -D argument? Just a thought (although maybe I'm missing something). > > good idea. we'll probably do it (after internal agreement). > >> >> Thanks! >> Ryan > > kr > >> >> ------------------------------------------------------------------------------ >> Xperia(TM) PLAY >> It's a major breakthrough. An authentic gaming >> smartphone on the nation's most reliable network. >> And it wants your games. >> http://p.sf.net/sfu/verizon-sfdev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-07 21:40:21
|
hi there again. find the DNS caching mechanism implemented with the latest commit r3582 (big thanks goes to Andres Riancho for suggesting a way to do it). kr On Thu, Apr 7, 2011 at 10:51 PM, Miroslav Stampar <mir...@gm...> wrote: > On Thu, Apr 7, 2011 at 10:36 PM, Ryan Sears <rd...@mt...> wrote: >> Hi there, >> >> First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! > > :) > >> >> It seems as though sqlmap (latest SVN revision) doesn't cache DNS information though, causing a fraction of latency on every request. Is anyone else noticing this? I may just have a mis-configuration somewhere, but I've scoured around the config files and documentation and can't seem to find anything about it. Even when I put the hostname in the /etc/hosts file to try to bypass this latency, it still makes the query. Is there any way to stop it from doing this? Obviously it's not that big a deal, but when you're making 1,000 requests to a web-app, hitting the DNS server first every time does put on significant overhead for something that could be cached after the first query. >> >> I'm not sure if this is something that python itself is doing, or something in the code that makes it happen (I'm guessing the former). Ideas? > > it's a python thing, but it would be a good idea to circumvent it > somehow. we'll do it (hopefully) and report back. > >> >> Also what do you guys think of possibly having the --dump option do something like --dump-all flag but with just a single database if you supply it with the -D argument? Just a thought (although maybe I'm missing something). > > good idea. we'll probably do it (after internal agreement). > >> >> Thanks! >> Ryan > > kr > >> >> ------------------------------------------------------------------------------ >> Xperia(TM) PLAY >> It's a major breakthrough. An authentic gaming >> smartphone on the nation's most reliable network. >> And it wants your games. >> http://p.sf.net/sfu/verizon-sfdev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-07 21:32:19
|
We unhidden the --technique switch and made it stable. User's manual updated with details on how to use it. PS: we're nearly ready to release 0.9 stable, stay tuned! Bernardo On 1 March 2011 01:02, David Guimaraes <sk...@gm...> wrote: > --technique also, for sure. > > On Mon, Feb 28, 2011 at 9:38 PM, <bu...@gm...> wrote: >> >> On 02/28/2011 04:30 PM, Bernardo Damele A. G. wrote: >> > Hi, >> > >> > We have been updating the user's manual recently and we ask now for >> > your help to review it. It is not completely updated with all of the >> > 0.9 changes yet, many parts are marked as TODO, but we would like to >> > read from you feedback, grammar fixes, what should be better >> > explained, etc sooner rather than later. >> > >> > You will certainly notice that from over 80 pages now it's around 40. >> > This is because we got rid of all the useless examples and kept the >> > only really necessary ones now. I expect the manual to be around 50 >> > pages when fully updated. >> >> Don't forget to mention this feature: >> http://sourceforge.net/mailarchive/message.php?msg_id=26217333 >> >> probably something for chapter 5.5.1. >> >> >> ------------------------------------------------------------------------------ >> Free Software Download: Index, Search & Analyze Logs and other IT data in >> Real-Time with Splunk. Collect, index and harness all the fast moving IT >> data >> generated by your applications, servers and devices whether physical, >> virtual >> or in the cloud. Deliver compliance at lower cost and gain new business >> insights. http://p.sf.net/sfu/splunk-dev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > David Gomes Guimarães > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT > data > generated by your applications, servers and devices whether physical, > virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Steve P. <ste...@gm...> - 2011-04-07 21:06:38
|
On 04/07/2011 04:36 PM, Ryan Sears wrote: > Hi there, > > First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! > I'll second this. Burp Pro and Metasploit are up there too. There are few security testing tools that keep getting better after they are "good enough" as there's always a sexy new project on the horizon. Thanks for putting in the ongoing effort required to take the tool from decent to awesome! Steve -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | |
|
From: Miroslav S. <mir...@gm...> - 2011-04-07 21:06:03
|
thx. nicely done at the socket level. kr On Thu, Apr 7, 2011 at 10:59 PM, Andres Riancho <and...@gm...> wrote: > Check xurllib.py, that's where we fixed that issue in w3af > > -- > Andres Riancho > > El abr 7, 2011 5:51 p.m., "Miroslav Stampar" <mir...@gm...> > escribió: > > On Thu, Apr 7, 2011 at 10:36 PM, Ryan Sears <rd...@mt...> wrote: >> Hi there, >> >> First of all I ... > > it's a python thing, but it would be a good idea to circumvent it > somehow. we'll do it (hopefully) and report back. > >> >> Also what do you guys think of possibly having the --dump option do >> something like --dump-all f... > > good idea. we'll probably do it (after internal agreement). > >> >> Thanks! >> Ryan > > kr > >> >> >> ------------------------------------------------------------------------------ >> Xperia(TM) PLA... > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's... -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Andres R. <and...@gm...> - 2011-04-07 20:59:26
|
Check xurllib.py, that's where we fixed that issue in w3af -- Andres Riancho El abr 7, 2011 5:51 p.m., "Miroslav Stampar" <mir...@gm...> escribió: On Thu, Apr 7, 2011 at 10:36 PM, Ryan Sears <rd...@mt...> wrote: > Hi there, > > First of all I ... it's a python thing, but it would be a good idea to circumvent it somehow. we'll do it (hopefully) and report back. > > Also what do you guys think of possibly having the --dump option do something like --dump-all f... good idea. we'll probably do it (after internal agreement). > > Thanks! > Ryan kr > > ------------------------------------------------------------------------------ > Xperia(TM) PLA... -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ Xperia(TM) PLAY It's... |
|
From: Miroslav S. <mir...@gm...> - 2011-04-07 20:51:27
|
On Thu, Apr 7, 2011 at 10:36 PM, Ryan Sears <rd...@mt...> wrote: > Hi there, > > First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! :) > > It seems as though sqlmap (latest SVN revision) doesn't cache DNS information though, causing a fraction of latency on every request. Is anyone else noticing this? I may just have a mis-configuration somewhere, but I've scoured around the config files and documentation and can't seem to find anything about it. Even when I put the hostname in the /etc/hosts file to try to bypass this latency, it still makes the query. Is there any way to stop it from doing this? Obviously it's not that big a deal, but when you're making 1,000 requests to a web-app, hitting the DNS server first every time does put on significant overhead for something that could be cached after the first query. > > I'm not sure if this is something that python itself is doing, or something in the code that makes it happen (I'm guessing the former). Ideas? it's a python thing, but it would be a good idea to circumvent it somehow. we'll do it (hopefully) and report back. > > Also what do you guys think of possibly having the --dump option do something like --dump-all flag but with just a single database if you supply it with the -D argument? Just a thought (although maybe I'm missing something). good idea. we'll probably do it (after internal agreement). > > Thanks! > Ryan kr > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Ryan S. <rd...@mt...> - 2011-04-07 20:36:50
|
Hi there, First of all I have to say that I think this is one of, if not THE favorite penetration testing tool in my collection. It saves a ridiculous amount of time, and is remarkably stable. Great job, and I hope you keep up the amazing work! It seems as though sqlmap (latest SVN revision) doesn't cache DNS information though, causing a fraction of latency on every request. Is anyone else noticing this? I may just have a mis-configuration somewhere, but I've scoured around the config files and documentation and can't seem to find anything about it. Even when I put the hostname in the /etc/hosts file to try to bypass this latency, it still makes the query. Is there any way to stop it from doing this? Obviously it's not that big a deal, but when you're making 1,000 requests to a web-app, hitting the DNS server first every time does put on significant overhead for something that could be cached after the first query. I'm not sure if this is something that python itself is doing, or something in the code that makes it happen (I'm guessing the former). Ideas? Also what do you guys think of possibly having the --dump option do something like --dump-all flag but with just a single database if you supply it with the -D argument? Just a thought (although maybe I'm missing something). Thanks! Ryan |
|
From: Miroslav S. <mir...@gm...> - 2011-04-07 13:56:17
|
hi m4l1c3. thank you for your report. find it fixed in the latest commit. kr On Thu, Apr 7, 2011 at 3:11 PM, m4l1c3 <mal...@gm...> wrote: > sqlmap version: 0.9-dev (r3577) > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -g ****************** ext:aspx --dbs --batch -o > --text-only --level 3 --risk 2 > Technique: UNION > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 364, in start > elif not checkDynParam(place, parameter, value): > File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 582, in > checkDynParam > payload = agent.payload(place, parameter, value, getUnicode(randInt)) > File "/pentest/database/sqlmap-dev/lib/core/agent.py", line 112, in > payload > retValue = paramString.replace(origValue, > self.addPayloadDelimiters(newValue)) > AttributeError: 'NoneType' object has no attribute 'replace' > > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: m4l1c3 <mal...@gm...> - 2011-04-07 13:11:46
|
sqlmap version: 0.9-dev (r3577)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -g ****************** ext:aspx --dbs --batch -o
--text-only --level 3 --risk 2
Technique: UNION
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
364, in start
elif not checkDynParam(place, parameter, value):
File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 582, in
checkDynParam
payload = agent.payload(place, parameter, value, getUnicode(randInt))
File "/pentest/database/sqlmap-dev/lib/core/agent.py", line 112, in
payload
retValue = paramString.replace(origValue,
self.addPayloadDelimiters(newValue))
AttributeError: 'NoneType' object has no attribute 'replace'
|
|
From: Miroslav S. <mir...@gm...> - 2011-04-05 06:16:32
|
hi Mauricio. the assumption is that you are using the latest v0.9/dev. if you are getting only "boolean-based blind" as the result of detection phase then that's the only technique that can be used in further steps. but, if you are getting more of techniques, then they'll be used in their speed order - 1) UNION, 2) ERROR, 3) BLIND, 4) TIMED, 5) STACKED all techniques can be used for all enumerations in case that you are not getting UNION technique as a result of the detection phase then it would be good to use something like: --level=3 --risk=2 (more techniques and boundary prefixes/suffixes will be used) in the default run there will be a test against a UNION based injection up to 10 columns, but with higher level it will test more (e.g. --level=2 --> 1-10 & 10-20; --level=3 --> 1-10 & 10-20 & 20-30). in case that you know number of columns to be between 10 and 15 you can use default settings and only put --union-cols=10-15 one more thing about information_schema database. assumption is that the MySQL DBMS is > 4 and that there are no read restrictions on it. kr On Tue, Apr 5, 2011 at 7:56 AM, Mauricio Velazco <mau...@gm...> wrote: > Hey all. > > First id like to congratulate the team for the great tool and for sharing. > Im testing sqlmap on a local script i've created. > > When i try to fingerprint the DBMS sqlmap starts using : > > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > > to do it. So its using a sqli blind technique to fetch the contents. I know > that this script supports UNION based inyections which would be much faster > to do. so my question is > > 1) Does sqlmap have a funcionality to fingerprint the contents of > information_schema.tables and information_schema.colums via a UNION based > inyection in order to get the databases, tables and columns ? > > 2) If so, which are the parameters to use ? > > Thanks in Advance, > > Mauricio > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Mauricio V. <mau...@gm...> - 2011-04-05 05:56:17
|
Hey all.
First id like to congratulate the team for the great tool and for sharing.
Im testing sqlmap on a local script i've created.
When i try to fingerprint the DBMS sqlmap starts using :
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
to do it. So its using a sqli blind technique to fetch the contents. I know
that this script supports UNION based inyections which would be much faster
to do. so my question is
1) Does sqlmap have a funcionality to fingerprint the contents of
information_schema.tables and information_schema.colums via a UNION based
inyection in order to get the databases, tables and columns ?
2) If so, which are the parameters to use ?
Thanks in Advance,
Mauricio
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-04 14:52:31
|
Hi, Miroslav will be in London later this month and we are thinking about having a sqlmap users' meet up down town. The possible date is Tuesday 26th (a w/ after InfoSec marketing/sales blokes' gathering) from 8:00pm @ The Phoenix[1] located at 37 Cavendish Square, W1G0PP, London, UK. See the map here[2]. To tease the alcoholics.. and I bet there're a lot drunken kiddies in here ;) ..From the pub's homepage: """ EVERY TUESDAY Wine Night From 6pm Just because we love you, we decided to bring you something a little special on a Tuesday night! After 6pm ALL of our wine is reduced! Any bottle under £14 is just £7.95 & Any bottle over £14 is just £11.95 So leave the 'house' at home and try something new! All our bar staff will be more than happy to recommend something, they're nice like that! """ [1] http://www.phoenixcavendishsquare.co.uk/ [2] http://bit.ly/f6ZLcg (same pub of DC4420, yeah!) Look forward to see you around! Cheers, Bernardo -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Miroslav S. <mir...@gm...> - 2011-04-04 09:25:32
|
hi Jorge once again. that python 2.5 vs 2.6 stuff you've noticed. you haven't mentioned that you've (probably) seen error message from sqlmap: "unsupported feature on versions of Python before 2.6" thing is that python standard package SSL is not available prior to python v2.6 and that's why there is no HTTPs support on 2.5. hence that error message. kr On Mon, Apr 4, 2011 at 11:04 AM, Miroslav Stampar <mir...@gm...> wrote: > hi Jorge. > > you are using --ignore-proxy together with --proxy :)))) > > they can't work together. please retry without --ignore-proxy > > kr > > On Mon, Apr 4, 2011 at 11:00 AM, Jorge Santos > <jor...@ho...> wrote: >> Hi Miroslav, >> >> Please disregard my last message. >> >> I am running python2.5 (Python 2.5.4) and python2.6(Python 2.6.2) from >> ubuntu 9.04. >> sqlmap version is 0.9 revision 3555. >> >> >> With python2.5 it doesn't give me any errors, but it does not go through the >> proxy >> With python2.6 I still get the same error: >> [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to >> retry the request >> >> My command line: >> python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request >> --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy >> >> Best Regards >> >> JS >> >> ________________________________ >> From: jor...@ho... >> To: mir...@gm... >> Date: Mon, 4 Apr 2011 08:52:46 +0000 >> CC: sql...@li... >> Subject: Re: [sqlmap-users] https request through proxy not working >> >> Hi Miroslav, >> >> It's working now, but with python 2.5. With python2.6 it still gives the >> same error. Thing is, I didn't test it with pithon2.6 the first time. >> >> These are my versions of Python from samurai-wtf-0.9 (Ubuntu 9.04): >> Python 2.5.4 >> Python 2.6.2 >> >> Best Regards >> >>> Date: Fri, 1 Apr 2011 14:10:17 +0200 >>> From: mir...@gm... >>> To: jor...@ho... >>> CC: sql...@li... >>> Subject: Re: [sqlmap-users] https request through proxy not working >>> >>> hi >>> >>> find it "updated" with the latest commit. >>> >>> kr >>> >>> On Fri, Apr 1, 2011 at 1:17 PM, Miroslav Stampar >>> <mir...@gm...> wrote: >>> > hi Jorge. >>> > >>> > well, maybe there is some problem in the request file itself or in our >>> > parsing of it. >>> > >>> > could you please post it or send it privately. >>> > >>> > KR >>> > >>> > On Fri, Apr 1, 2011 at 1:07 PM, Jorge Santos >>> > <jor...@ho...> wrote: >>> >> Hi All, >>> >> >>> >> I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https >>> >> target through a proxy (webscarame or cntlm) I get a >>> >> [CRITICAL] unable to connect to the target url or proxy, sqlmap is >>> >> going to >>> >> retry the request >>> >> >>> >> If the target is http, it works OK. >>> >> >>> >> My command line is: >>> >> >>> >> python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request >>> >> --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy >>> >> >>> >> Any thoughts? >>> >> >>> >> Thanks in advance >>> >> >>> >> JS >>> >> >>> >> >>> >> ------------------------------------------------------------------------------ >>> >> Create and publish websites with WebMatrix >>> >> Use the most popular FREE web apps or write code yourself; >>> >> WebMatrix provides all the features you need to develop and >>> >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >>> >> >>> >> _______________________________________________ >>> >> sqlmap-users mailing list >>> >> sql...@li... >>> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >>> >> >>> > >>> > >>> > >>> > -- >>> > Miroslav Stampar >>> > >>> > E-mail: miroslav.stampar (at) gmail.com >>> > PGP Key ID: 0xB5397B1B >>> > >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail: miroslav.stampar (at) gmail.com >>> PGP Key ID: 0xB5397B1B >>> >>> >>> ------------------------------------------------------------------------------ >>> Create and publish websites with WebMatrix >>> Use the most popular FREE web apps or write code yourself; >>> WebMatrix provides all the features you need to develop and >>> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> ------------------------------------------------------------------------------ >> Create and publish websites with WebMatrix Use the most popular FREE web >> apps or write code yourself; WebMatrix provides all the features you need to >> develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >> _______________________________________________ sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-04 09:04:28
|
hi Jorge. you are using --ignore-proxy together with --proxy :)))) they can't work together. please retry without --ignore-proxy kr On Mon, Apr 4, 2011 at 11:00 AM, Jorge Santos <jor...@ho...> wrote: > Hi Miroslav, > > Please disregard my last message. > > I am running python2.5 (Python 2.5.4) and python2.6(Python 2.6.2) from > ubuntu 9.04. > sqlmap version is 0.9 revision 3555. > > > With python2.5 it doesn't give me any errors, but it does not go through the > proxy > With python2.6 I still get the same error: > [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to > retry the request > > My command line: > python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request > --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy > > Best Regards > > JS > > ________________________________ > From: jor...@ho... > To: mir...@gm... > Date: Mon, 4 Apr 2011 08:52:46 +0000 > CC: sql...@li... > Subject: Re: [sqlmap-users] https request through proxy not working > > Hi Miroslav, > > It's working now, but with python 2.5. With python2.6 it still gives the > same error. Thing is, I didn't test it with pithon2.6 the first time. > > These are my versions of Python from samurai-wtf-0.9 (Ubuntu 9.04): > Python 2.5.4 > Python 2.6.2 > > Best Regards > >> Date: Fri, 1 Apr 2011 14:10:17 +0200 >> From: mir...@gm... >> To: jor...@ho... >> CC: sql...@li... >> Subject: Re: [sqlmap-users] https request through proxy not working >> >> hi >> >> find it "updated" with the latest commit. >> >> kr >> >> On Fri, Apr 1, 2011 at 1:17 PM, Miroslav Stampar >> <mir...@gm...> wrote: >> > hi Jorge. >> > >> > well, maybe there is some problem in the request file itself or in our >> > parsing of it. >> > >> > could you please post it or send it privately. >> > >> > KR >> > >> > On Fri, Apr 1, 2011 at 1:07 PM, Jorge Santos >> > <jor...@ho...> wrote: >> >> Hi All, >> >> >> >> I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https >> >> target through a proxy (webscarame or cntlm) I get a >> >> [CRITICAL] unable to connect to the target url or proxy, sqlmap is >> >> going to >> >> retry the request >> >> >> >> If the target is http, it works OK. >> >> >> >> My command line is: >> >> >> >> python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request >> >> --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy >> >> >> >> Any thoughts? >> >> >> >> Thanks in advance >> >> >> >> JS >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Create and publish websites with WebMatrix >> >> Use the most popular FREE web apps or write code yourself; >> >> WebMatrix provides all the features you need to develop and >> >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >> >> >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sql...@li... >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> > >> > >> > >> > -- >> > Miroslav Stampar >> > >> > E-mail: miroslav.stampar (at) gmail.com >> > PGP Key ID: 0xB5397B1B >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> >> >> ------------------------------------------------------------------------------ >> Create and publish websites with WebMatrix >> Use the most popular FREE web apps or write code yourself; >> WebMatrix provides all the features you need to develop and >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > ------------------------------------------------------------------------------ > Create and publish websites with WebMatrix Use the most popular FREE web > apps or write code yourself; WebMatrix provides all the features you need to > develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > _______________________________________________ sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Jorge S. <jor...@ho...> - 2011-04-04 09:00:35
|
Hi Miroslav, Please disregard my last message. I am running python2.5 (Python 2.5.4) and python2.6(Python 2.6.2) from ubuntu 9.04. sqlmap version is 0.9 revision 3555. With python2.5 it doesn't give me any errors, but it does not go through the proxy With python2.6 I still get the same error: [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request My command line: python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy Best Regards JS From: jor...@ho... To: mir...@gm... Date: Mon, 4 Apr 2011 08:52:46 +0000 CC: sql...@li... Subject: Re: [sqlmap-users] https request through proxy not working Hi Miroslav, It's working now, but with python 2.5. With python2.6 it still gives the same error. Thing is, I didn't test it with pithon2.6 the first time. These are my versions of Python from samurai-wtf-0.9 (Ubuntu 9.04): Python 2.5.4 Python 2.6.2 Best Regards > Date: Fri, 1 Apr 2011 14:10:17 +0200 > From: mir...@gm... > To: jor...@ho... > CC: sql...@li... > Subject: Re: [sqlmap-users] https request through proxy not working > > hi > > find it "updated" with the latest commit. > > kr > > On Fri, Apr 1, 2011 at 1:17 PM, Miroslav Stampar > <mir...@gm...> wrote: > > hi Jorge. > > > > well, maybe there is some problem in the request file itself or in our > > parsing of it. > > > > could you please post it or send it privately. > > > > KR > > > > On Fri, Apr 1, 2011 at 1:07 PM, Jorge Santos <jor...@ho...> wrote: > >> Hi All, > >> > >> I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https > >> target through a proxy (webscarame or cntlm) I get a > >> [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to > >> retry the request > >> > >> If the target is http, it works OK. > >> > >> My command line is: > >> > >> python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request > >> --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy > >> > >> Any thoughts? > >> > >> Thanks in advance > >> > >> JS > >> > >> ------------------------------------------------------------------------------ > >> Create and publish websites with WebMatrix > >> Use the most popular FREE web apps or write code yourself; > >> WebMatrix provides all the features you need to develop and > >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > >> > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail: miroslav.stampar (at) gmail.com > > PGP Key ID: 0xB5397B1B > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > Create and publish websites with WebMatrix > Use the most popular FREE web apps or write code yourself; > WebMatrix provides all the features you need to develop and > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Jorge S. <jor...@ho...> - 2011-04-04 08:52:56
|
Hi Miroslav, It's working now, but with python 2.5. With python2.6 it still gives the same error. Thing is, I didn't test it with pithon2.6 the first time. These are my versions of Python from samurai-wtf-0.9 (Ubuntu 9.04): Python 2.5.4 Python 2.6.2 Best Regards > Date: Fri, 1 Apr 2011 14:10:17 +0200 > From: mir...@gm... > To: jor...@ho... > CC: sql...@li... > Subject: Re: [sqlmap-users] https request through proxy not working > > hi > > find it "updated" with the latest commit. > > kr > > On Fri, Apr 1, 2011 at 1:17 PM, Miroslav Stampar > <mir...@gm...> wrote: > > hi Jorge. > > > > well, maybe there is some problem in the request file itself or in our > > parsing of it. > > > > could you please post it or send it privately. > > > > KR > > > > On Fri, Apr 1, 2011 at 1:07 PM, Jorge Santos <jor...@ho...> wrote: > >> Hi All, > >> > >> I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https > >> target through a proxy (webscarame or cntlm) I get a > >> [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to > >> retry the request > >> > >> If the target is http, it works OK. > >> > >> My command line is: > >> > >> python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request > >> --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy > >> > >> Any thoughts? > >> > >> Thanks in advance > >> > >> JS > >> > >> ------------------------------------------------------------------------------ > >> Create and publish websites with WebMatrix > >> Use the most popular FREE web apps or write code yourself; > >> WebMatrix provides all the features you need to develop and > >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > >> > >> _______________________________________________ > >> sqlmap-users mailing list > >> sql...@li... > >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >> > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail: miroslav.stampar (at) gmail.com > > PGP Key ID: 0xB5397B1B > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > Create and publish websites with WebMatrix > Use the most popular FREE web apps or write code yourself; > WebMatrix provides all the features you need to develop and > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Miroslav S. <mir...@gm...> - 2011-04-03 15:06:55
|
hi m4l1c3. looking at your report together with previous ones related i've realized that this had to properly fixed. i believe that the last commit should solve this kind of problems, together with proper sending of localized data. please try with the latest commit (r3552) and report back if the problem persists. kr On Sun, Apr 3, 2011 at 2:33 PM, m4l1c3 <mal...@gm...> wrote: > sqlmap version: 0.9-dev (r3551) > Python version: 2.5.2 > Operating system: posix > Command line: ./sqlmap.py -g ****************************** --dbs --batch -o > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line > 273, in start > checkNullConnection() > File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 777, in > checkNullConnection > page, headers = Request.getPage(method=HTTPMETHOD.HEAD) > File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 216, in > getPage > conn = urllib2.urlopen(req) > File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen > return _opener.open(url, data) > File "/usr/lib/python2.5/urllib2.py", line 381, in open > response = self._open(req, data) > File "/usr/lib/python2.5/urllib2.py", line 399, in _open > '_open', req) > File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain > result = func(*args) > File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line > 210, in http_open > return self.do_open(HTTPConnection, req) > File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line > 181, in do_open > self._start_connection(h, req) > File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line > 140, in _start_connection > h.endheaders() > File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line > 342, in endheaders > self._send_output() > File "/usr/lib/python2.5/httplib.py", line 732, in _send_output > self.send(msg) > File "/usr/lib/python2.5/httplib.py", line 711, in send > self.sock.sendall(str) > File "<string>", line 1, in sendall > UnicodeEncodeError: 'ascii' codec can't encode characters in position 28-39: > ordinal not in range(128) > > [*] shutting down at: 23:20:16 > > > ------------------------------------------------------------------------------ > Create and publish websites with WebMatrix > Use the most popular FREE web apps or write code yourself; > WebMatrix provides all the features you need to develop and > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: m4l1c3 <mal...@gm...> - 2011-04-03 12:33:29
|
sqlmap version: 0.9-dev (r3551)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -g ****************************** --dbs --batch -o
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
273, in start
checkNullConnection()
File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 777, in
checkNullConnection
page, headers = Request.getPage(method=HTTPMETHOD.HEAD)
File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 216, in
getPage
conn = urllib2.urlopen(req)
File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
return _opener.open(url, data)
File "/usr/lib/python2.5/urllib2.py", line 381, in open
response = self._open(req, data)
File "/usr/lib/python2.5/urllib2.py", line 399, in _open
'_open', req)
File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
result = func(*args)
File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
210, in http_open
return self.do_open(HTTPConnection, req)
File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
181, in do_open
self._start_connection(h, req)
File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
140, in _start_connection
h.endheaders()
File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
342, in endheaders
self._send_output()
File "/usr/lib/python2.5/httplib.py", line 732, in _send_output
self.send(msg)
File "/usr/lib/python2.5/httplib.py", line 711, in send
self.sock.sendall(str)
File "<string>", line 1, in sendall
UnicodeEncodeError: 'ascii' codec can't encode characters in position 28-39:
ordinal not in range(128)
[*] shutting down at: 23:20:16
|
|
From: Miroslav S. <mir...@gm...> - 2011-04-01 12:10:24
|
hi find it "updated" with the latest commit. kr On Fri, Apr 1, 2011 at 1:17 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Jorge. > > well, maybe there is some problem in the request file itself or in our > parsing of it. > > could you please post it or send it privately. > > KR > > On Fri, Apr 1, 2011 at 1:07 PM, Jorge Santos <jor...@ho...> wrote: >> Hi All, >> >> I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https >> target through a proxy (webscarame or cntlm) I get a >> [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to >> retry the request >> >> If the target is http, it works OK. >> >> My command line is: >> >> python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request >> --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy >> >> Any thoughts? >> >> Thanks in advance >> >> JS >> >> ------------------------------------------------------------------------------ >> Create and publish websites with WebMatrix >> Use the most popular FREE web apps or write code yourself; >> WebMatrix provides all the features you need to develop and >> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-01 11:17:24
|
hi Jorge. well, maybe there is some problem in the request file itself or in our parsing of it. could you please post it or send it privately. KR On Fri, Apr 1, 2011 at 1:07 PM, Jorge Santos <jor...@ho...> wrote: > Hi All, > > I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https > target through a proxy (webscarame or cntlm) I get a > [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to > retry the request > > If the target is http, it works OK. > > My command line is: > > python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request > --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy > > Any thoughts? > > Thanks in advance > > JS > > ------------------------------------------------------------------------------ > Create and publish websites with WebMatrix > Use the most popular FREE web apps or write code yourself; > WebMatrix provides all the features you need to develop and > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-04-01 11:15:52
|
hi
quick fixed the crash part. but not sure why you are getting all those
'None(s)'. if you want to send some more info you can contact me
privately. have you tried to research the content of -t traffic.txt?
kr
On Fri, Apr 1, 2011 at 12:56 PM, Kirill Morozov <l0...@l0...> wrote:
> [14:47:15] [INFO] testing MySQL
> [14:47:15] [INFO] confirming MySQL
> [14:47:16] [INFO] the back-end DBMS is MySQL
> [14:47:16] [INFO] fetching banner
> web application technology: Apache 2.0.63, PHP 5.2.17
> back-end DBMS: MySQL >= 5.0.0
> [14:47:16] [INFO] fetching banner
> banner: 'None'
> [14:47:17] [INFO] fetching current user
> current user: 'None'
> [14:47:17] [INFO] fetching current database
> current database: 'None'
> [14:47:18] [INFO] testing if current user is DBA
> [14:47:18] [INFO] fetching current user
> [14:47:18] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the bug,
> fix it accordingly and get back to you.
> sqlmap version: 0.9-dev (r3544)
> Python version: 2.6.5
> Operating system: posix
> Command line: ./sqlmap.py -g *********************************** -c
> sqlmap-lrd.conf --batch
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
> Traceback (most recent call last):
> File "./sqlmap.py", line 82, in main
> start()
> File "/root/sqlmap-dev/lib/controller/controller.py", line 442, in start
> action()
> File "/root/sqlmap-dev/lib/controller/action.py", line 70, in action
> conf.dumper.dba(conf.dbmsHandler.isDba())
> File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 145, in isDba
> query = queries[Backend.getIdentifiedDbms()].is_dba.query %
> kb.data.currentUser.split("@")[0]
> AttributeError: 'NoneType' object has no attribute 'split'
>
> --
> Kirill Morozov
> KIMO2-RIPE, RHCE
>
>
>
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself;
> WebMatrix provides all the features you need to develop and
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B
|
|
From: Jorge S. <jor...@ho...> - 2011-04-01 11:07:56
|
Hi All, I'm running sqlmap-0.9 rev 3162. When trying to use sqlmap for an https target through a proxy (webscarame or cntlm) I get a [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request If the target is http, it works OK. My command line is: python sqlmap.py -r /home/samurai/Desktop/tmp3/conversations/7-request --proxy "http://127.0.0.1:8008" --current-db -v 3 --ignore-proxy Any thoughts? Thanks in advance JS |
|
From: Kirill M. <l0...@l0...> - 2011-04-01 10:56:22
|
[14:47:15] [INFO] testing MySQL
[14:47:15] [INFO] confirming MySQL
[14:47:16] [INFO] the back-end DBMS is MySQL
[14:47:16] [INFO] fetching banner
web application technology: Apache 2.0.63, PHP 5.2.17
back-end DBMS: MySQL >= 5.0.0
[14:47:16] [INFO] fetching banner
banner: 'None'
[14:47:17] [INFO] fetching current user
current user: 'None'
[14:47:17] [INFO] fetching current database
current database: 'None'
[14:47:18] [INFO] testing if current user is DBA
[14:47:18] [INFO] fetching current user
[14:47:18] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3544)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -g *********************************** -c
sqlmap-lrd.conf --batch
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/root/sqlmap-dev/lib/controller/controller.py", line 442, in start
action()
File "/root/sqlmap-dev/lib/controller/action.py", line 70, in action
conf.dumper.dba(conf.dbmsHandler.isDba())
File "/root/sqlmap-dev/plugins/generic/enumeration.py", line 145, in isDba
query = queries[Backend.getIdentifiedDbms()].is_dba.query %
kb.data.currentUser.split("@")[0]
AttributeError: 'NoneType' object has no attribute 'split'
--
Kirill Morozov
KIMO2-RIPE, RHCE
|
48 messages has been excluded from this view by a project administrator.
