Thread: [sqlmap-users] (no subject)
Brought to you by:
inquisb
From: Uran T. <ura...@ku...> - 2009-02-13 13:32:31
|
Hello, I'm contacting you because regarding to the application, you are the founder and wanted to notify about an error I just received. While executing sqlmap.exe -u sometarget , it gives the following error: sqlmap/0.6.4 coded by Bernardo Damele A. G. <ber...@gm...> and Daniele Bellucci <dan...@gm...> [*] starting at: 12:53:32 [12:53:32] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the command line and the following text and send by e-mail to sql...@li...urceforge .net. The developers will fix it as soon as possible: sqlmap version: 0.6.4 Python version: 2.5.4 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 78, in main File "lib\core\option.pyc", line 771, in init File "lib\parse\queriesfile.pyc", line 219, in queriesParser File "xml\sax\__init__.pyc", line 33, in parse File "xml\sax\expatreader.pyc", line 107, in parse File "xml\sax\xmlreader.pyc", line 119, in parse File "xml\sax\expatreader.pyc", line 111, in prepareParser UnicodeEncodeError: 'ascii' codec can't encode character u'\xa0' in position 28: ordinal not in range(128) [*] shutting down at: 12:53:32 Uran Thaqi, NOC Network System Administrator Kujtesa Internet Services Tel: +381 (0)38 542 170; 542 171; Fax: +381 (0)38 549 761 www.kujtesa.com e-mail: ura...@ku... |
From: <al...@gm...> - 2009-04-21 10:39:46
|
C:\Programme\sqlmap-0.6.4_exe>sqlmap.exe -u http://uid:pw...@do...d -f sqlmap/0.6.4 coded by Bernardo Damele A. G. <ber...@gm...> and Daniele Bellucci <dan...@gm...> [*] starting at: 12:35:27 [12:35:27] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the command line and the following text and send by e-mail to sql...@li...urceforge .net. The developers will fix it as soon as possible: sqlmap version: 0.6.4 Python version: 2.5.4 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 81, in main File "lib\controller\controller.pyc", line 142, in start File "lib\core\target.pyc", line 216, in initTargetEnv File "lib\core\common.pyc", line 566, in parseTargetUrl ValueError: invalid literal for int() with base 10: 'sch...@te...m sung.de' [*] shutting down at: 12:35:27 C:\Programme\sqlmap-0.6.4_exe> -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 |
From: Bernardo D. A. G. <ber...@gm...> - 2009-04-21 11:39:22
|
Hi, sqlmap does not support the http://uid:pw...@do...d syntax to authenticate to a site. Instead use the --auth-type and --auth-cred options to provide authentication type and credentials. Please refer to the user's manual for further information. Regards, Bernardo On Tue, Apr 21, 2009 at 11:39, <al...@gm...> wrote: > C:\Programme\sqlmap-0.6.4_exe>sqlmap.exe -u http://uid:pw...@do...d -f > > sqlmap/0.6.4 coded by Bernardo Damele A. G. <ber...@gm...> > and Daniele Bellucci <dan...@gm...> > > [*] starting at: 12:35:27 > > [12:35:27] [ERROR] unhandled exception in sqlmap/0.6.4, please copy the command > line and the following text and send by e-mail to sql...@li...urceforge > .net. The developers will fix it as soon as possible: > sqlmap version: 0.6.4 > Python version: 2.5.4 > Operating system: win32 > Traceback (most recent call last): > File "sqlmap.py", line 81, in main > File "lib\controller\controller.pyc", line 142, in start > File "lib\core\target.pyc", line 216, in initTargetEnv > File "lib\core\common.pyc", line 566, in parseTargetUrl > ValueError: invalid literal for int() with base 10: 'sch...@te...m > sung.de' > > [*] shutting down at: 12:35:27 > ... -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
From: Sarah K. <sk...@gm...> - 2009-12-16 05:06:29
|
sk...@gm... |
From: Bjørn Ø. <bo...@ds...> - 2010-06-03 08:10:19
|
Hey Sqlmap, Im using your windows version of SQLmap, is it possible to search for a specific row in the table, so let us say row with the name John Doo? Also it has a problem when its retrieving data it just stops retrieve but still proceed trying to retrieve without any data output. Is it only a windows problem, it will export like 7 rows of data and then just stop. Best regards Bjørn Ørving Future Creative Manager - Gryphon Security gryphon.dk Bo...@ds... 22 19 37 21 |
From: Bernardo D. A. G. <ber...@gm...> - 2010-06-09 21:52:58
|
Bjørn, 2010/6/3 Bjørn Ørving <bo...@ds...>: > ... > I’m using your windows version of SQLmap, is it possible to search for a > specific row in the table, so let us say row with the name John Doo? No, it's not. Such full-text search functionality is a bit tricky to implement, I am trying to figure out the best way to implement so. Suggestions are welcome, as usual. In the meantime, you can grab a copy of the development version from the Subversion repository where I implement this feature (--search) for searching databases (with -D), tables (with -T) or columns (with -C) containing in the name one or more (comma separated) patterns. > Also it > has a problem when it’s retrieving data it just stops retrieve but still > proceed trying to retrieve without any data output. Is it only a windows > problem, it will export like 7 rows of data and then just stop. Never experienced such a problem, can you please provide with the output of -v 5, privately if you prefer? Regards -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
From: dragoun d. <dra...@gm...> - 2010-08-01 17:51:55
|
./sqlmap.py -u http://mywebsite/directory/page.asp?id=17 --method=GET -f --union-use --reg-read --------------------- [18:47:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 89, in main start() File "/pentest/database/sqlmap/lib/controller/controller.py", line 268, in start action() File "/pentest/database/sqlmap/lib/controller/action.py", line 67, in action print "%s\n" % conf.dbmsHandler.getFingerprint() File "/pentest/database/sqlmap/plugins/dbms/access/fingerprint.py", line 120, in getFingerprint actVer = formatDBMSfp() + " (%s)" % (self.__sandBoxCheck()) File "/pentest/database/sqlmap/lib/core/common.py", line 157, in formatDBMSfp return "%s %s" % (kb.dbms, " and ".join([version for version in versions])) TypeError: sequence item 0: expected string, NoneType found [*] shutting down at: 18:47:25 |
From: Miroslav S. <mir...@gm...> - 2010-08-08 22:22:39
|
Thank you for your report. Found and fixed. Kind regards. On Sun, Aug 1, 2010 at 7:51 PM, dragoun dash <dra...@gm...> wrote: > ./sqlmap.py -u http://mywebsite/directory/page.asp?id=17 --method=GET > -f --union-use --reg-read > > --------------------- > [18:47:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy > the command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon > as possible: > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line > 268, in start > action() > File "/pentest/database/sqlmap/lib/controller/action.py", line 67, in action > print "%s\n" % conf.dbmsHandler.getFingerprint() > File "/pentest/database/sqlmap/plugins/dbms/access/fingerprint.py", > line 120, in getFingerprint > actVer = formatDBMSfp() + " (%s)" % (self.__sandBoxCheck()) > File "/pentest/database/sqlmap/lib/core/common.py", line 157, in formatDBMSfp > return "%s %s" % (kb.dbms, " and ".join([version for version in versions])) > TypeError: sequence item 0: expected string, NoneType found > > [*] shutting down at: 18:47:25 > > ------------------------------------------------------------------------------ > The Palm PDK Hot Apps Program offers developers who use the > Plug-In Development Kit to bring their C/C++ apps to Palm for a share > of $1 Million in cash or HP Products. Visit us here for more details: > http://p.sf.net/sfu/dev2dev-palm > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: <nig...@em...> - 2010-10-16 14:58:59
|
sqlmap -u "http://Website.com/content.php?show=videos§ion=12&gallery=28" -f -b -o [16:43:59] [INFO] testing connection to the target url [16:44:01] [INFO] testing NULL connection to the target url [16:44:03] [INFO] testing if the url is stable, wait a few seconds [16:44:06] [INFO] url is stable [16:44:06] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [16:45:13] [INFO] confirming that User-Agent parameter 'User-Agent' is dynamic [16:45:13] [CRITICAL] connection timed out to the target url, sqlmap is going to retry the request [16:45:14] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mai l to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: nt Traceback (most recent call last): File "C:\pentest\p\sqlmap.0.9\sqlmap.py", line 78, in main start() File "C:\pentest\p\sqlmap.0.9\lib\controller\controller.py", line 230, in start elif not checkDynParam(place, parameter, value): File "C:\pentest\p\sqlmap.0.9\lib\controller\checks.py", line 135, in checkDynParam dynResult2 = Request.queryPage(payload, place) File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 339, in queryPage page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=au xHeaders, response=response, raise404=raise404) File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 252, in getPage return Connect.__getPageProxy(**kwargs) File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 42, in __getPageProxy return Connect.getPage(**kwargs) File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 164, in getPage conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 126, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 391, in open response = self._open(req, data) File "C:\Python26\lib\urllib2.py", line 409, in _open '_open', req) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\pentest\p\sqlmap.0.9\extra\keepalive\keepalive.py", line 204, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\p\sqlmap.0.9\extra\keepalive\keepalive.py", line 154, in do_open self._start_connection(h, req) File "C:\pentest\p\sqlmap.0.9\extra\keepalive\keepalive.py", line 129, in _start_connection h.putrequest('GET', req.get_selector()) File "C:\Python26\lib\httplib.py", line 814, in putrequest raise CannotSendRequest() CannotSendRequest [*] shutting down at: 16:45:14 |
From: Miroslav S. <mir...@gm...> - 2010-10-16 21:32:22
|
hi. thank you for your report. updated version should handle this issue (connection time outs are not welcome, while expected from time to time, but keepalive module shouldn't crash like this when reusing connection instance - fixed). kind regards. On Sat, Oct 16, 2010 at 4:58 PM, <nig...@em...> wrote: > sqlmap -u "http://Website.com/content.php?show=videos§ion=12&gallery=28" -f -b -o > [16:43:59] [INFO] testing connection to the target url > [16:44:01] [INFO] testing NULL connection to the target url > [16:44:03] [INFO] testing if the url is stable, wait a few seconds > [16:44:06] [INFO] url is stable > [16:44:06] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic > [16:45:13] [INFO] confirming that User-Agent parameter 'User-Agent' is dynamic > [16:45:13] [CRITICAL] connection timed out to the target url, sqlmap is going to retry the request > > [16:45:14] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mai > l to sql...@li.... The developer will fix it as soon as possible: > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\p\sqlmap.0.9\sqlmap.py", line 78, in main > start() > File "C:\pentest\p\sqlmap.0.9\lib\controller\controller.py", line 230, in start > elif not checkDynParam(place, parameter, value): > File "C:\pentest\p\sqlmap.0.9\lib\controller\checks.py", line 135, in checkDynParam > dynResult2 = Request.queryPage(payload, place) > File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 339, in queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=au > xHeaders, response=response, raise404=raise404) > File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 252, in getPage > return Connect.__getPageProxy(**kwargs) > File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 42, in __getPageProxy > return Connect.getPage(**kwargs) > File "C:\pentest\p\sqlmap.0.9\lib\request\connect.py", line 164, in getPage > conn = urllib2.urlopen(req) > File "C:\Python26\lib\urllib2.py", line 126, in urlopen > return _opener.open(url, data, timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\p\sqlmap.0.9\extra\keepalive\keepalive.py", line 204, in http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\p\sqlmap.0.9\extra\keepalive\keepalive.py", line 154, in do_open > self._start_connection(h, req) > File "C:\pentest\p\sqlmap.0.9\extra\keepalive\keepalive.py", line 129, in _start_connection > h.putrequest('GET', req.get_selector()) > File "C:\Python26\lib\httplib.py", line 814, in putrequest > raise CannotSendRequest() > CannotSendRequest > > [*] shutting down at: 16:45:14 > > ------------------------------------------------------------------------------ > Download new Adobe(R) Flash(R) Builder(TM) 4 > The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly > Flex(R) Builder(TM)) enable the development of rich applications that run > across multiple browsers and platforms. Download your free trials today! > http://p.sf.net/sfu/adobe-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
From: <nig...@em...> - 2010-12-24 22:05:46
|
sqlmap -u "http://xxxxxxxxxx.xxx/xxxxx/content.php?show=videos§ion=1&videoset=323" -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --auth-type=basic --auth-cred=xxxxx:xxxxx --level 5 --risk 3 -o --tables -D xxxxx This is only a small part of the error. My cmd window can´t show the hole error message. The window buffer in layout settings is to small ^^ But i think it was always the same error message. ;) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in do_open return self.parent.error('http', req, r, r.status, r.reason, r.msg) File "C:\Python26\lib\urllib2.py", line 429, in error result = self._call_chain(*args) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 url, req, headers) File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) File "C:\Python26\lib\urllib2.py", line 391, in open response = self._open(req, data) File "C:\Python26\lib\urllib2.py", line 409, in _open '_open', req) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in do_open return self.parent.error('http', req, r, r.status, r.reason, r.msg) File "C:\Python26\lib\urllib2.py", line 429, in error result = self._call_chain(*args) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 url, req, headers) File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed return self.retry_http_basic_auth(host, req, realm) File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth return self.parent.open(req, timeout=req.timeout) File "C:\Python26\lib\urllib2.py", line 391, in open response = self._open(req, data) File "C:\Python26\lib\urllib2.py", line 409, in _open '_open', req) File "C:\Python26\lib\urllib2.py", line 369, in _call_chain result = func(*args) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in http_open return self.do_open(HTTPConnection, req) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 180, in do_open r = h.getresponse() File "C:\Python26\lib\httplib.py", line 984, in getresponse method=self._method) File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 233, in __init__ httplib.HTTPResponse.__init__(self, sock, debuglevel, method) File "C:\Python26\lib\httplib.py", line 330, in __init__ self.fp = sock.makefile('rb', 0) File "C:\Python26\lib\socket.py", line 210, in makefile return _fileobject(self._sock, mode, bufsize) RuntimeError: maximum recursion depth exceeded [*] shutting down at: 22:35:52 |
From: Miroslav S. <mir...@gm...> - 2010-12-26 09:05:30
|
Hi nightman. This is probably related to this: http://bugs.python.org/issue8797, http://mercurial.selenic.com/bts/issue2179 I'll try to find some kind of patch for this one. KR p.s. just one question. were those credentials used in this example valid/OK/good because one of titles was "Recursion in urllib when pushing with incorrect password". On Fri, Dec 24, 2010 at 11:05 PM, <nig...@em...> wrote: > sqlmap -u " > http://xxxxxxxxxx.xxx/xxxxx/content.php?show=videos§ion=1&videoset=323" > -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --auth-type=basic > --auth-cred=xxxxx:xxxxx --level 5 --risk 3 -o --tables -D xxxxx > > This is only a small part of the error. My cmd window can´t show the hole > error message. The window buffer in layout settings is to small ^^ But i > think it was always the same error message. ;) > > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 180, in > do_open > r = h.getresponse() > File "C:\Python26\lib\httplib.py", line 984, in getresponse > method=self._method) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 233, in > __init__ > httplib.HTTPResponse.__init__(self, sock, debuglevel, method) > File "C:\Python26\lib\httplib.py", line 330, in __init__ > self.fp = sock.makefile('rb', 0) > File "C:\Python26\lib\socket.py", line 210, in makefile > return _fileobject(self._sock, mode, bufsize) > RuntimeError: maximum recursion depth exceeded > > [*] shutting down at: 22:35:52 > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
From: Miroslav S. <mir...@gm...> - 2010-12-26 09:33:04
|
Hi. Find the issue "patched" in the latest commit. It seems that this was a known python bug (http://bugs.python.org/issue8797). Kind regards. On Fri, Dec 24, 2010 at 11:05 PM, <nig...@em...> wrote: > sqlmap -u " > http://xxxxxxxxxx.xxx/xxxxx/content.php?show=videos§ion=1&videoset=323" > -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --auth-type=basic > --auth-cred=xxxxx:xxxxx --level 5 --risk 3 -o --tables -D xxxxx > > This is only a small part of the error. My cmd window can´t show the hole > error message. The window buffer in layout settings is to small ^^ But i > think it was always the same error message. ;) > > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 205, in > do_open > return self.parent.error('http', req, r, r.status, r.reason, r.msg) > File "C:\Python26\lib\urllib2.py", line 429, in error > result = self._call_chain(*args) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\Python26\lib\urllib2.py", line 855, in http_error_401 > url, req, headers) > File "C:\Python26\lib\urllib2.py", line 833, in http_error_auth_reqed > return self.retry_http_basic_auth(host, req, realm) > File "C:\Python26\lib\urllib2.py", line 843, in retry_http_basic_auth > return self.parent.open(req, timeout=req.timeout) > File "C:\Python26\lib\urllib2.py", line 391, in open > response = self._open(req, data) > File "C:\Python26\lib\urllib2.py", line 409, in _open > '_open', req) > File "C:\Python26\lib\urllib2.py", line 369, in _call_chain > result = func(*args) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 208, in > http_open > return self.do_open(HTTPConnection, req) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 180, in > do_open > r = h.getresponse() > File "C:\Python26\lib\httplib.py", line 984, in getresponse > method=self._method) > File "C:\pentest\sqlmap.0.9-1\extra\keepalive\keepalive.py", line 233, in > __init__ > httplib.HTTPResponse.__init__(self, sock, debuglevel, method) > File "C:\Python26\lib\httplib.py", line 330, in __init__ > self.fp = sock.makefile('rb', 0) > File "C:\Python26\lib\socket.py", line 210, in makefile > return _fileobject(self._sock, mode, bufsize) > RuntimeError: maximum recursion depth exceeded > > [*] shutting down at: 22:35:52 > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
From: <nig...@em...> - 2011-01-08 06:18:05
|
<body bgcolor="#ffffff" background="https://img.web.de/v/p.gif" class="bgRepeatYes" style="background-repeat: repeat; background-color: rgb(255, 255, 255); color: rgb(0, 0, 0); font-family: verdana,geneva; font-size: 9pt; padding-left: 0px;"><div style="min-height: 200px; background-image: url(https://img.web.de/v/p.gif); background-repeat: repeat; background-color: #ffffff; font-family: verdana,geneva; font-size: 9pt; padding-left: 0px;"><span style="font-size: 9pt;"><span style="font-family: verdana,geneva;"><span style="background-color: transparent;"><span style="color: #000000;"><span style="color: #000000;">hi<br />I know its my fault, but a message with the file is locked or not ready looks better ;) <br /><br /></span></span></span></span></span>sqlmap -u "http://xxxxxxx.xxx/retrievePhoto.php?fid=236" --auth-type=basic --auth-cred=xxxx:xxxx -a C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 --dump -D xxxx -T xxxxx --threads=3<br /><br />[01:08:43] [INFO] read from file 'C:\pentest\sqlmap.0.9-1\output\xxxxx.xxx\session':<br />[01:08:44] [WARNING] Ctrl+C detected in dumping phase<br /><br />[01:08:44] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio<br />n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi<br />ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get<br />back to you.<br />sqlmap version: 0.9-dev<br />Python version: 2.6.5<br />Operating system: nt<br />Traceback (most recent call last):<br /> File "C:\pentest\sqlmap.0.9-1\sqlmap.py", line 83, in main<br /> start()<br /> File "C:\pentest\sqlmap.0.9-1\lib\controller\controller.py", line 404, in start<br /> action()<br /> File "C:\pentest\sqlmap.0.9-1\lib\controller\action.py", line 107, in action<br /> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())<br /> File "C:\pentest\sqlmap.0.9-1\lib\core\dump.py", line 262, in dbTableValues<br /> dumpFP = codecs.open(dumpFileName, "wb", conf.dataEncoding)<br /> File "C:\Python26\lib\codecs.py", line 870, in open<br /> file = __builtin__.open(filename, mode, buffering)<br />IOError: [Errno 13] Permission denied: u'C:\\pentest\\sqlmap.0.9-1\\output\\xxxxx.xxx\\dump\\xxxx\\xxxxx.csv'<br /><br />[*] shutting down at: 01:08:44</div></body> |
From: Miroslav S. <mir...@gm...> - 2011-01-08 09:30:26
|
hi nightman. this looks strange. i am able to reproduce it only when i open that dumping file with some other locking process (like MS Word). i've made some updates but can't reproduce it in a normal run (also with Ctrl+C). could you please try to reproduce it on your side and research what could be wrong? kr On Sat, Jan 8, 2011 at 7:17 AM, <nig...@em...> wrote: > hi > I know its my fault, but a message with the file is locked or not ready > looks better ;) > > sqlmap -u "http://xxxxxxx.xxx/retrievePhoto.php?fid=236" > --auth-type=basic --auth-cred=xxxx:xxxx -a > C:\pentest\sqlmap.0.9\txt\user-agents.txt --level 5 --risk 3 --dump -D xxxx > -T xxxxx --threads=3 > > [01:08:43] [INFO] read from file > 'C:\pentest\sqlmap.0.9-1\output\xxxxx.xxx\session': > [01:08:44] [WARNING] Ctrl+C detected in dumping phase > > [01:08:44] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversio > n repository. If the exception persists, please send by e-mail to > sql...@li... the command line, the followi > ng text and any information needed to reproduce the bug. The developers > will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\sqlmap.0.9-1\sqlmap.py", line 83, in main > start() > File "C:\pentest\sqlmap.0.9-1\lib\controller\controller.py", line 404, in > start > action() > File "C:\pentest\sqlmap.0.9-1\lib\controller\action.py", line 107, in > action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "C:\pentest\sqlmap.0.9-1\lib\core\dump.py", line 262, in > dbTableValues > dumpFP = codecs.open(dumpFileName, "wb", conf.dataEncoding) > File "C:\Python26\lib\codecs.py", line 870, in open > file = __builtin__.open(filename, mode, buffering) > IOError: [Errno 13] Permission denied: > u'C:\\pentest\\sqlmap.0.9-1\\output\\xxxxx.xxx\\dump\\xxxx\\xxxxx.csv' > > [*] shutting down at: 01:08:44 > > > ------------------------------------------------------------------------------ > Gaining the trust of online customers is vital for the success of any > company > that requires sensitive data to be transmitted over the Web. Learn how to > best implement a security strategy that keeps consumers' information secure > and instills the confidence they need to proceed with transactions. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
From: Andreas C. (MegaHz) <me...@me...> - 2011-01-10 16:54:46
|
hi there, is there any documentation of sqlmap's new features? thanks |
From: Miroslav S. <mir...@gm...> - 2011-01-11 09:52:19
|
Hi Andreas. Now the best documentation currently is the help listing you can get with -h. We've focused lately on implementation, rather that documentation, and we'll need to "fix" this soon. You can expect full documentation with 0.9 final version which will be released soon. In short words, most of updates we've made are automatic ones (not directly modifiable by user), so there shouldn't been "different switches you need to use" with default (>90%) program run. KR p.s. some of great features we've made in last half year: new detection engine with error/blind/stacked/time/union tests and payloads for data retrieval (all are tested by default, except union which needs to be turned on with --union-test), MS Access enumeration and data retrieval, optimization switches, automatic dictionary attack on detected hashes (mysql, mysql_old, oracle, oracle_old, mssql, mssql_old, postgres, md5, sha1) - included wordlist with compiled entries from tens of excellent sources, common table/column brute force enumeration for DBMSes which don't have information_schema (old MySQL & MS Access) with our own compiled entries, lots of bug fixes,... On Mon, Jan 10, 2011 at 5:54 PM, Andreas Constantinides (MegaHz) < me...@me...> wrote: > hi there, > > is there any documentation of sqlmap's new features? > > thanks > > > > ------------------------------------------------------------------------------ > Gaining the trust of online customers is vital for the success of any > company > that requires sensitive data to be transmitted over the Web. Learn how to > best implement a security strategy that keeps consumers' information secure > and instills the confidence they need to proceed with transactions. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
From: <nig...@em...> - 2011-06-29 17:05:49
|
I tryed to upload the webbackdoor with no Knowledge of the webserver document root. The result is a Bug. [18:52:39] [INFO] heuristics detected web page charset 'ascii' sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: n Type: AND/OR time-based blind Title: MySQL > 5.0.11 OR time-based blind Payload: n=-5351' OR 1181=SLEEP(5) AND 'DBAH'='DBAH&vurl=http://website.com/content/video16/ 001Ccmg.avi&cmd=altern --- [18:52:39] [INFO] the back-end DBMS is MySQL web server operating system: Linux Fedora 5 (Bordeaux) web application technology: Apache 2.2.0, PHP 5.1.6 back-end DBMS: MySQL 5 [18:52:39] [INFO] going to use a web backdoor for command prompt [18:52:39] [INFO] fingerprinting the back-end DBMS operating system [18:52:40] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait.. [18:52:47] [INFO] the back-end DBMS operating system is Linux [18:52:47] [INFO] trying to upload the file stager which web application language does the web server support? [1] ASP [2] ASPX [3] PHP (default) [4] JSP > 3 [18:52:53] [WARNING] unable to retrieve the web server document root please provide the web server document root [/var/www/]: [18:55:06] [INFO] retrieved web server full paths: '/members/video.php' please provide any additional web server full path to try to upload the agent [Enter for None]: [18:55:15] [WARNING] HTTP error codes detected during testing: 403 (Forbidden) - 1 times [18:55:15] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4198), retry your run with the latest developmen t version from the Subversion repository. If the exception persists, please send by e-mail to sqlmap-users@lis ts.sourceforge.net the following text and any information required to reproduce the bug. The developers will t ry to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev (r4198) Python version: 2.7.1 Operating system: nt Command line: C:\pentest\p\sqlmap.0.9-1\sqlmap.py -u http://website.com/members/video.php?n=769&vurl= ************************************************************************************************************** ************************************************************************************************************** ************************************************************************************************************** ************************************************************************************************************** *************************************************************************************************** --auth-type=basic --auth-cred=mstier07:mstier --random-agent --retries=6 --level 5 --risk 3 --os-shell Technique: TIME Back-end DBMS: MySQL (fingerprinted) Traceback (most recent call last): File "C:\pentest\p\sqlmap.0.9-1\sqlmap.py", line 86, in main start() File "C:\pentest\p\sqlmap.0.9-1\lib\controller\controller.py", line 551, in start action() File "C:\pentest\p\sqlmap.0.9-1\lib\controller\action.py", line 139, in action conf.dbmsHandler.osShell() File "C:\pentest\p\sqlmap.0.9-1\plugins\generic\takeover.py", line 81, in osShell self.initEnv(web=web) File "C:\pentest\p\sqlmap.0.9-1\lib\takeover\abstraction.py", line 151, in initEnv self.webInit() File "C:\pentest\p\sqlmap.0.9-1\lib\takeover\web.py", line 240, in webInit uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 278, in getPage conn = urllib2.urlopen(req) File "C:\Python27\lib\urllib2.py", line 126, in urlopen return _opener.open(url, data, timeout) File "C:\Python27\lib\urllib2.py", line 392, in open response = self._open(req, data) File "C:\Python27\lib\urllib2.py", line 410, in _open '_open', req) File "C:\Python27\lib\urllib2.py", line 370, in _call_chain result = func(*args) File "C:\Python27\lib\urllib2.py", line 1186, in http_open return self.do_open(httplib.HTTPConnection, req) File "C:\Python27\lib\urllib2.py", line 1127, in do_open h = http_class(host, timeout=req.timeout) # will parse host:port File "C:\Python27\lib\httplib.py", line 681, in __init__ self._set_hostport(host, port) File "C:\Python27\lib\httplib.py", line 706, in _set_hostport raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) InvalidURL: nonnumeric port: '80\' [*] shutting down at 18:55:15 |
From: Miroslav S. <mir...@gm...> - 2011-06-29 17:47:16
|
hi nightman. thank you fpr your report and find it fixed in the latest commit. also, i've realized this moment that our "masking" logic for command line exceptions was broken for a month or two. sorry people. it should be fixed now (automatic masking of things like --auth-cred, -u... should be working just fine). kr On Wed, Jun 29, 2011 at 7:05 PM, <nig...@em...> wrote: > I tryed to upload the webbackdoor with no Knowledge of the webserver document root. The result is a Bug. > > [18:52:39] [INFO] heuristics detected web page charset 'ascii' > sqlmap identified the following injection points with a total of 0 HTTP(s) requests: > --- > Place: GET > Parameter: n > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 OR time-based blind > Payload: n=-5351' OR 1181=SLEEP(5) AND 'DBAH'='DBAH&vurl=http://website.com/content/video16/ > 001Ccmg.avi&cmd=altern > --- > > [18:52:39] [INFO] the back-end DBMS is MySQL > web server operating system: Linux Fedora 5 (Bordeaux) > web application technology: Apache 2.2.0, PHP 5.1.6 > back-end DBMS: MySQL 5 > [18:52:39] [INFO] going to use a web backdoor for command prompt > [18:52:39] [INFO] fingerprinting the back-end DBMS operating system > [18:52:40] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please > wait.. > [18:52:47] [INFO] the back-end DBMS operating system is Linux > [18:52:47] [INFO] trying to upload the file stager > which web application language does the web server support? > [1] ASP > [2] ASPX > [3] PHP (default) > [4] JSP >> 3 > [18:52:53] [WARNING] unable to retrieve the web server document root > please provide the web server document root [/var/www/]: > [18:55:06] [INFO] retrieved web server full paths: '/members/video.php' > please provide any additional web server full path to try to upload the agent [Enter for None]: > [18:55:15] [WARNING] HTTP error codes detected during testing: > 403 (Forbidden) - 1 times > > [18:55:15] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4198), retry your run with the latest developmen > t version from the Subversion repository. If the exception persists, please send by e-mail to sqlmap-users@lis > ts.sourceforge.net the following text and any information required to reproduce the bug. The developers will t > ry to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4198) > Python version: 2.7.1 > Operating system: nt > Command line: C:\pentest\p\sqlmap.0.9-1\sqlmap.py -u http://website.com/members/video.php?n=769&vurl= > ************************************************************************************************************** > ************************************************************************************************************** > ************************************************************************************************************** > ************************************************************************************************************** > *************************************************************************************************** > --auth-type=basic --auth-cred=mstier07:mstier --random-agent --retries=6 --level 5 --risk 3 --os-shell > Technique: TIME > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "C:\pentest\p\sqlmap.0.9-1\sqlmap.py", line 86, in main > start() > File "C:\pentest\p\sqlmap.0.9-1\lib\controller\controller.py", line 551, in start > action() > File "C:\pentest\p\sqlmap.0.9-1\lib\controller\action.py", line 139, in action > conf.dbmsHandler.osShell() > File "C:\pentest\p\sqlmap.0.9-1\plugins\generic\takeover.py", line 81, in osShell > self.initEnv(web=web) > File "C:\pentest\p\sqlmap.0.9-1\lib\takeover\abstraction.py", line 151, in initEnv > self.webInit() > File "C:\pentest\p\sqlmap.0.9-1\lib\takeover\web.py", line 240, in webInit > uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 278, in getPage > conn = urllib2.urlopen(req) > File "C:\Python27\lib\urllib2.py", line 126, in urlopen > return _opener.open(url, data, timeout) > File "C:\Python27\lib\urllib2.py", line 392, in open > response = self._open(req, data) > File "C:\Python27\lib\urllib2.py", line 410, in _open > '_open', req) > File "C:\Python27\lib\urllib2.py", line 370, in _call_chain > result = func(*args) > File "C:\Python27\lib\urllib2.py", line 1186, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "C:\Python27\lib\urllib2.py", line 1127, in do_open > h = http_class(host, timeout=req.timeout) # will parse host:port > File "C:\Python27\lib\httplib.py", line 681, in __init__ > self._set_hostport(host, port) > File "C:\Python27\lib\httplib.py", line 706, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > InvalidURL: nonnumeric port: '80\' > > [*] shutting down at 18:55:15 > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
From: MulyyaLinkerDark E. <sle...@gm...> - 2011-07-22 01:31:03
|
command : home/****/public_html/ (on --os-shell) ================================================ sqlmap version: 0.8 Python version: 2.6.2 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 77, in main File "lib\controller\controller.pyc", line 259, in start File "lib\controller\action.pyc", line 141, in action File "plugins\generic\takeover.pyc", line 98, in osShell File "lib\takeover\abstraction.pyc", line 155, in initEnv File "lib\takeover\web.pyc", line 189, in webInit File "lib\request\connect.pyc", line 126, in getPage File "urllib2.pyc", line 124, in urlopen File "urllib2.pyc", line 383, in open File "urllib2.pyc", line 401, in _open File "urllib2.pyc", line 361, in _call_chain File "urllib2.pyc", line 1130, in http_open File "urllib2.pyc", line 1087, in do_open File "httplib.pyc", line 656, in __init__ File "httplib.pyc", line 668, in _set_hostport InvalidURL: nonnumeric port: '80home' [*] shutting down at: 08:28:15 |
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-22 09:22:58
|
Please, update to the latest development version from subversion repository to have it fixed since long time. Bernardo On 22 July 2011 02:30, MulyyaLinkerDark Evilfingers <sle...@gm...> wrote: > command : home/****/public_html/ (on --os-shell) > > ================================================ > sqlmap version: 0.8 > Python version: 2.6.2 > Operating system: win32 > Traceback (most recent call last): > File "sqlmap.py", line 77, in main > File "lib\controller\controller.pyc", line 259, in start > File "lib\controller\action.pyc", line 141, in action > File "plugins\generic\takeover.pyc", line 98, in osShell > File "lib\takeover\abstraction.pyc", line 155, in initEnv > File "lib\takeover\web.pyc", line 189, in webInit > File "lib\request\connect.pyc", line 126, in getPage > File "urllib2.pyc", line 124, in urlopen > File "urllib2.pyc", line 383, in open > File "urllib2.pyc", line 401, in _open > File "urllib2.pyc", line 361, in _call_chain > File "urllib2.pyc", line 1130, in http_open > File "urllib2.pyc", line 1087, in do_open > File "httplib.pyc", line 656, in __init__ > File "httplib.pyc", line 668, in _set_hostport > InvalidURL: nonnumeric port: '80home' > > [*] shutting down at: 08:28:15 > > ------------------------------------------------------------------------------ > 10 Tips for Better Web Security > Learn 10 ways to better secure your business today. Topics covered include: > Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, > security Microsoft Exchange, secure Instant Messaging, and much more. > http://www.accelacomm.com/jaw/sfnl/114/51426210/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
From: Derick N. <nya...@ya...> - 2011-09-10 07:24:12
|
Okay cool. what's new in Sqlmap. can someone show me? |
From: Miroslav S. <mir...@gm...> - 2011-09-11 16:10:49
|
hi Derick. you can take a look at CHANGELOG for some quick info on new things: https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog kind regards On Sat, Sep 10, 2011 at 9:24 AM, Derick Nyarko <nya...@ya...> wrote: > Okay cool. what's new in Sqlmap. can someone show me? > ------------------------------------------------------------------------------ > Malware Security Report: Protecting Your Business, Customers, and the > Bottom Line. Protect your business and customers by understanding the > threat from malware and how it can impact your online business. > http://www.accelacomm.com/jaw/sfnl/114/51427462/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Bernardo D. A. G. <ber...@gm...> - 2011-09-12 14:17:56
|
You can also follow twitter.com/sqlmap and svn log. Bernardo On 11 September 2011 17:10, Miroslav Stampar <mir...@gm...> wrote: > hi Derick. > > you can take a look at CHANGELOG for some quick info on new things: > https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog > > kind regards > > On Sat, Sep 10, 2011 at 9:24 AM, Derick Nyarko <nya...@ya...> wrote: >> Okay cool. what's new in Sqlmap. can someone show me? >> ------------------------------------------------------------------------------ >> Malware Security Report: Protecting Your Business, Customers, and the >> Bottom Line. Protect your business and customers by understanding the >> threat from malware and how it can impact your online business. >> http://www.accelacomm.com/jaw/sfnl/114/51427462/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > ------------------------------------------------------------------------------ > Using storage to extend the benefits of virtualization and iSCSI > Virtualization increases hardware utilization and delivers a new level of > agility. Learn what those decisions are and how to modernize your storage > and backup environments for virtualization. > http://www.accelacomm.com/jaw/sfnl/114/51434361/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
From: Shadow F. <sha...@gm...> - 2012-02-14 02:33:42
|
[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4009), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev (r4009) Python version: 2.6.5 Operating system: posix Command line: sqlmap.py -u ************************************************************** --proxy= http://00000:80 --random-agent -D ********* -T **** -C ************* --dump --start=1 --stop=20 Technique: UNION Back-end DBMS: MySQL (fingerprinted) Traceback (most recent call last): File "sqlmap.py", line 86, in main start() File "/pentest/database/sqlmap/lib/controller/controller.py", line 539, in start action() File "/pentest/database/sqlmap/lib/controller/action.py", line 109, in action conf.dbmsHandler.dumpTable() File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line 1551, in dumpTable entries = inject.getValue(query, blind=False, dump=True) File "/pentest/database/sqlmap/lib/request/inject.py", line 434, in getValue value = __goInband(query, expected, sort, resumeValue, unpack, dump) File "/pentest/database/sqlmap/lib/request/inject.py", line 386, in __goInband output = unionUse(expression, unpack=unpack, dump=dump) File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py", line 332, in unionUse runThreads(numThreads, unionThread) File "/pentest/database/sqlmap/lib/core/threads.py", line 62, in runThreads threadFunction() File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py", line 302, in unionThread output = __oneShotUnionUse(limitedExpr, unpack) File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py", line 79, in __oneShotUnionUse extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \ File "/pentest/database/sqlmap/lib/core/common.py", line 2514, in removeReflectiveValues if regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)[0].lower() in content.lower(): # fast optimization check UnicodeDecodeError: 'ascii' codec can't decode byte 0x96 in position 90: ordinal not in range(128) [*] shutting down at: 04:32:26 |