Thread: [sqlmap-users] sqlmap bug
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Joe <jo...@sh...> - 2009-01-31 17:08:32
|
I'm having problems with sqlmap. I've confirmed the bug manually with union all select, but sqlmap is still reporting it as a blind hole. Additionally: I get this message: [17:39:46] [WARNING] missing database parameter, sqlmap is going to use the current database to enumerate table 'roller_fantasy' columns [17:39:46] [INFO] fetching current database [17:39:46] [INFO] query: UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR(79,114,82,88,78,80),IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32)),CHAR(117,108,90,77,81,80)), NULL, NULL# %23 [17:39:46] [WARNING] for some reasons it was not possible to retrieve the query output through inband SQL injection technique, sqlmap is going blind [17:39:46] [INFO] query: IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32)) [17:39:46] [INFO] retrieved: [17:39:46] [ERROR] unhandled exception in sqlmap/0. 6.3, please copy the command line and the following text and send by e-mail to sql...@li.... The developers will fix it as soon as possible: sqlmap version: 0.6.3 Python version: 2.5.1 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 81, in main File "lib\controller\controller.pyc", line 267, in start File "lib\controller\action.pyc", line 111, in action File "plugins\generic\enumeration.pyc", line 734, in getColumns File "plugins\generic\enumeration.pyc", line 114, in getCurrentDb File "lib\request\inject.pyc", line 329, in getValue File "lib\request\inject.pyc", line 265, in __goInferenceProxy File "lib\request\inject.pyc", line 88, in __goInferenceFields File "lib\request\inject.pyc", line 60, in __goInference File "lib\techniques\blind\inference.pyc", line 233, in bisection File "lib\techniques\blind\inference.pyc", line 102, in getChar ValueError: incomplete format [*] shutting down at: 17:39:46 I hope it helps. -Joe |
|
From: <ja...@ev...> - 2010-05-18 23:47:55
|
[19:10:35] [INFO] resuming back-end DBMS 'microsoft sql server 2000' from
session file
[19:10:35] [INFO] resuming union comment '--' from session file
[19:10:35] [INFO] resuming union count 3 from session file
[19:10:35] [INFO] testing connection to the target url
[19:10:36] [INFO] testing for parenthesis on injectable parameter
[19:10:36] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000
do you want to retrieve the SQL statement output? [Y/n] y
[19:10:38] [INFO] fetching SQL query output: ''SELECT
OptIn,FirstName,LastName,HomePhone,Zip,Email,DateCreated FROM Customer
WHERE DateCreated LIKE '%2009%''
[19:10:38] [INFO] the SQL query provided has more than a field. sqlmap
will now unpack it into distinct queries to be able to retrieve the output
even if we are going blind
can the SQL query provided return multiple entries? [Y/n] y
[19:10:39] [INFO] retrieving the length of query output
[19:10:39] [ERROR] Unenclosed ' in 'LTRIM(STR(LEN(COUNT('SELECT OptIn))))'
[*] shutting down at: 19:10:39
sqlmap/0.9-dev -- latest svn
also, does --threads work when executing a --sql-query or anything in a
--sql-shell?
thx
|
|
From: linux m. <lin...@gm...> - 2010-06-19 11:29:05
|
Whats up guys ? thats me Ahmed I faced this error a lot while using SQLmap on Ubuntu 10.04 and i hop you will fix it soon :D ========================================--------------------------------------------------------------------------- root@ubuntu:/pentest/sqlmap# ./sqlmap.py --dump-all -g "site: http://XXX.com/cc/ ext:php" sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 17:21:23 [17:21:23] [INFO] first request to Google to get the session cookie [17:21:23] [INFO] using Google result page #1 [17:21:25] [INFO] sqlmap got 1 results for your Google dork expression, all of them are testable targets [17:21:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 89, in main start() File "/pentest/sqlmap/lib/controller/controller.py", line 138, in start test = readInput(message, default="Y") File "/pentest/sqlmap/lib/core/common.py", line 462, in readInput data = raw_input(message) UnicodeEncodeError: 'ascii' codec can't encode character u'\xbb' in position 66017: ordinal not in range(128) [*] shutting down at: 17:21:25 root@ubuntu:/pentest/sqlmap# |
|
From: Miroslav S. <mir...@gm...> - 2010-06-23 07:28:26
|
Hi. This should be fixed now. Could you please try to run it with the latest version from our SVN repository. Thanks. On Sat, Jun 19, 2010 at 1:28 PM, linux man <lin...@gm...> wrote: > Whats up guys ? thats me Ahmed > I faced this error a lot while using SQLmap on Ubuntu 10.04 and i hop you > will fix it soon :D > ========================================--------------------------------------------------------------------------- > > root@ubuntu:/pentest/sqlmap# ./sqlmap.py --dump-all -g > "site:http://XXX.com/cc/ ext:php" > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 17:21:23 > > [17:21:23] [INFO] first request to Google to get the session cookie > [17:21:23] [INFO] using Google result page #1 > [17:21:25] [INFO] sqlmap got 1 results for your Google dork expression, all > of them are testable targets > > [17:21:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/pentest/sqlmap/lib/controller/controller.py", line 138, in start > test = readInput(message, default="Y") > File "/pentest/sqlmap/lib/core/common.py", line 462, in readInput > data = raw_input(message) > UnicodeEncodeError: 'ascii' codec can't encode character u'\xbb' in position > 66017: ordinal not in range(128) > > [*] shutting down at: 17:21:25 > > root@ubuntu:/pentest/sqlmap# > > > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: Johnny V. <Joh...@zo...> - 2012-02-07 12:50:18
Attachments:
PGP.sig
|
Received the following error:
[07:46:41] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4722), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4722)
Python version: 2.6.1
Operating system: posix
Command line: ./sqlmap.py -u *** --dbms=oracle
Technique: UNION
Back-end DBMS: Oracle (identified)
Traceback (most recent call last):
File "/sqlmap-dev/_sqlmap.py", line 83, in main
start()
File "/sqlmap-dev/lib/controller/controller.py", line 461, in start
injection = checkSqlInjection(place, parameter, value)
File "/sqlmap-dev/lib/controller/checks.py", line 421, in checkSqlInjection
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
File "/sqlmap-dev/lib/techniques/union/test.py", line 297, in unionTest
validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
File "/sqlmap-dev/lib/techniques/union/test.py", line 257, in __unionTestByCharBruteforce
count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE)
File "/sqlmap-dev/lib/techniques/union/test.py", line 110, in __findUnionCharCount
query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar)
File "/sqlmap-dev/lib/core/agent.py", line 579, in forgeInbandQuery
if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
NameError: global name 'FROM_TABLE' is not defined
[*] shutting down at 07:46:41 |
|
From: Miroslav S. <mir...@gm...> - 2012-02-07 14:43:44
|
Hi Johnny.
Thank you for your report and find it fixed with the latest r4723.
Kind regards,
Miroslav Stampar
On Tue, Feb 7, 2012 at 1:50 PM, Johnny Venter <Joh...@zo...>wrote:
> Received the following error:
>
> [07:46:41] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4722), retry
> your run with the latest development version from the Subversion
> repository. If the exception persists, please send by e-mail to
> sql...@li... the following text and any information
> required to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev (r4722)
> Python version: 2.6.1
> Operating system: posix
> Command line: ./sqlmap.py -u *** --dbms=oracle
> Technique: UNION
> Back-end DBMS: Oracle (identified)
> Traceback (most recent call last):
> File "/sqlmap-dev/_sqlmap.py", line 83, in main
> start()
> File "/sqlmap-dev/lib/controller/controller.py", line 461, in start
> injection = checkSqlInjection(place, parameter, value)
> File "/sqlmap-dev/lib/controller/checks.py", line 421, in
> checkSqlInjection
> reqPayload, vector = unionTest(comment, place, parameter, value,
> prefix, suffix)
> File "/sqlmap-dev/lib/techniques/union/test.py", line 297, in unionTest
> validPayload, vector = __unionTestByCharBruteforce(comment, place,
> parameter, value, prefix, suffix)
> File "/sqlmap-dev/lib/techniques/union/test.py", line 257, in
> __unionTestByCharBruteforce
> count = __findUnionCharCount(comment, place, parameter, value, prefix,
> suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else
> PAYLOAD.WHERE.NEGATIVE)
> File "/sqlmap-dev/lib/techniques/union/test.py", line 110, in
> __findUnionCharCount
> query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix,
> kb.uChar)
> File "/sqlmap-dev/lib/core/agent.py", line 579, in forgeInbandQuery
> if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and
> inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):
> NameError: global name 'FROM_TABLE' is not defined
>
> [*] shutting down at 07:46:41
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
|
From: bockor <bo...@ya...> - 2014-09-14 17:42:28
|
<div>sqlmap version: 1.0-dev<br />Python version: 2.7.6<br />Operating system: posix<br />Command line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5 --random-agent -g ********************<br />Technique: None<br />Back-end DBMS: None (identified)<br />Traceback (most recent call last):<br /> File "./sqlmap.py", line 95, in main<br /> start()<br /> File "/home/bockor/sqlmap/lib/controller/controller.py", line 311, in start<br /> message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")<br /> File "/home/bockor/sqlmap/thirdparty/pagerank/pagerank.py", line 18, in get_pagerank<br /> _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url))<br /> File "/usr/lib/python2.7/urllib.py", line 1288, in quote<br /> return ''.join(map(quoter, s))<br />KeyError: u'\xc3'<br /><br /></div> |
|
From: Miroslav S. <mir...@gm...> - 2014-09-17 08:19:46
|
Fixed with https://github.com/sqlmapproject/sqlmap/commit/ffa7e2f6e905a5bd0aeab98b51f512529e5024e0#diff-ee248665d16721810ef658a78e5d83a2 On Sun, Sep 14, 2014 at 7:29 PM, bockor <bo...@ya...> wrote: > sqlmap version: 1.0-dev > Python version: 2.7.6 > Operating system: posix > Command line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5 > --random-agent -g ******************** > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 95, in main > start() > File "/home/bockor/sqlmap/lib/controller/controller.py", line 311, in > start > message = "URL %d:\n%s %s%s" % (hostCount, conf.method or > HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if > conf.googleDork and conf.pageRank else "") > File "/home/bockor/sqlmap/thirdparty/pagerank/pagerank.py", line 18, in > get_pagerank > _ = ' > http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' > % (check_hash(hash_url(url)), urllib.quote(url)) > File "/usr/lib/python2.7/urllib.py", line 1288, in quote > return ''.join(map(quoter, s)) > KeyError: u'\xc3' > > > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: bockor <bo...@ya...> - 2014-09-17 11:09:44
|
Thanks! 17.09.2014, 12:19, "Miroslav Stampar" <mir...@gm...>: > Fixed with https://github.com/sqlmapproject/sqlmap/commit/ffa7e2f6e905a5bd0aeab98b51f512529e5024e0#diff-ee248665d16721810ef658a78e5d83a2 > > On Sun, Sep 14, 2014 at 7:29 PM, bockor <bo...@ya...> wrote: >> sqlmap version: 1.0-dev >> Python version: 2.7.6 >> Operating system: posix >> Command line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5 --random-agent -g ******************** >> Technique: None >> Back-end DBMS: None (identified) >> Traceback (most recent call last): >> File "./sqlmap.py", line 95, in main >> start() >> File "/home/bockor/sqlmap/lib/controller/controller.py", line 311, in start >> message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "") >> File "/home/bockor/sqlmap/thirdparty/pagerank/pagerank.py", line 18, in get_pagerank >> _ = 'http://toolbarqueries.google.com/tbr?client=navclient-auto&features=Rank&ch=%s&q=info:%s' % (check_hash(hash_url(url)), urllib.quote(url)) >> File "/usr/lib/python2.7/urllib.py", line 1288, in quote >> return ''.join(map(quoter, s)) >> KeyError: u'\xc3' >> >> ------------------------------------------------------------------------------ >> Want excitement? >> Manually upgrade your production database. >> When you want reliability, choose Perforce >> Perforce version control. Predictably reliable. >> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- > Miroslav Stampar > http://about.me/stamparm |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-02-01 10:02:20
|
Hi Joe, Joe wrote: > I'm having problems with sqlmap. I've confirmed the bug manually with > union all select, but sqlmap is still reporting it as a blind hole. Did you check manually for the UNION query SQL injection using only NULL chars or did you really confirm it by inject a string or number in one/some of the NULLs? > Additionally: I get this message: > ... > File "lib\techniques\blind\inference.pyc", line 233, in bisection > File "lib\techniques\blind\inference.pyc", line 102, in getChar Try with the latest development release from subversion repository and let us know. By the way, in this latest release you can also choose the technique to detect the UNION injection, with option --union-tech, please refer to the updated user's manual for details. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-02-01 10:17:29
|
Hi Joe, Joe wrote: > Bernardo Damele A. G. wrote: >> Did you check manually for the UNION query SQL injection using only NULL >> chars or did you really confirm it by inject a string or number in >> one/some of the NULLs? > Yup. But again, the app only uses the first returned row. I did both > and 2=1 union all select null,null,null,etc > and > and 2=1 union all select 1,2,3,etc > And both worked fine. Support for partial UNION query SQL injection has been added already in sqlmap 0.6.3, but not exactly in this way. I will implement also this way to exploit partial UNION. Thanks for the idea. > I will. This user manual ... is it in the svn? Yes, in all versions, it's the doc/README.pdf file, but you can read it also online from the homepage link. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X