Thread: [sqlmap-users] Bug
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Ümit S. <uem...@gm...> - 2009-01-22 14:05:49
|
uemitlaptop:~/Documents/Downloads/sqlmap-0.6.3 uemit$ python sqlmap.py
-u "192.168.1.39/testAPPs/news.php?datum=2007-01-01"
--string='Willkommen' --union-use --os-shell
/Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/core/convert.py:27:
DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5
/Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/core/convert.py:28:
DeprecationWarning: the sha module is deprecated; use the hashlib
module instead
import sha
sqlmap version: 0.6.3
Python version: 2.6.1
Operating system: darwin
Traceback (most recent call last):
File "sqlmap.py", line 81, in main
start()
File "/Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/controller/controller.py",
line 267, in start
action()
File "/Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/controller/action.py",
line 134, in action
conf.dbmsHandler.osShell()
File "/Users/uemit/Documents/Downloads/sqlmap-0.6.3/plugins/dbms/mysql.py",
line 473, in osShell
page, _ = Request.getPage(url=uploaderUrl, multipart=multipartParams)
ValueError: too many values to unpack
|
|
From: Brandon <bmu...@gm...> - 2010-03-14 01:05:49
|
sqlmap version: 0.7 Python version: 2.6.1 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 84, in main File "lib\controller\controller.pyc", line 263, in start File "lib\controller\action.pyc", line 140, in action File "plugins\generic\takeover.pyc", line 295, in osShell File "plugins\generic\takeover.pyc", line 187, in __webBackdoorInit File "lib\request\connect.pyc", line 131, in getPage File "urllib2.pyc", line 124, in urlopen File "urllib2.pyc", line 383, in open File "urllib2.pyc", line 401, in _open File "urllib2.pyc", line 361, in _call_chain File "urllib2.pyc", line 1130, in http_open File "urllib2.pyc", line 1087, in do_open File "httplib.pyc", line 656, in __init__ File "httplib.pyc", line 668, in _set_hostport InvalidURL: nonnumeric port: '80\home\httpd\html\themobilebroker.com \public_html' I hope you fix this problem |
|
From: Miroslav S. <mir...@gm...> - 2010-03-14 07:13:33
|
Hi. This looks like a problem fixed in development version some time ago. Please try to check out the latest development version from our repository: https://svn.sqlmap.org/sqlmap/trunk/sqlmap. As you are probably Windows user (as can be seen from the bug report you've sent) you can try to check it out with TortoiseSVN. The other option is to wait for the next official release which is coming very soon :) Kind regards. On 14.3.2010 2:05, Brandon wrote: > sqlmap version: 0.7 > Python version: 2.6.1 > Operating system: win32 > Traceback (most recent call last): > File "sqlmap.py", line 84, in main > File "lib\controller\controller.pyc", line 263, in start > File "lib\controller\action.pyc", line 140, in action > File "plugins\generic\takeover.pyc", line 295, in osShell > File "plugins\generic\takeover.pyc", line 187, in __webBackdoorInit > File "lib\request\connect.pyc", line 131, in getPage > File "urllib2.pyc", line 124, in urlopen > File "urllib2.pyc", line 383, in open > File "urllib2.pyc", line 401, in _open > File "urllib2.pyc", line 361, in _call_chain > File "urllib2.pyc", line 1130, in http_open > File "urllib2.pyc", line 1087, in do_open > File "httplib.pyc", line 656, in __init__ > File "httplib.pyc", line 668, in _set_hostport > InvalidURL: nonnumeric port: '80\home\httpd\html\themobilebroker.com > <http://themobilebroker.com>\public_html' > I hope you fix this problem > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: Daliev I. <da...@ya...> - 2010-04-02 08:37:43
|
Hello SQLMAP users. Version: sqlmap/0.8-rc7 When using partial (single row) inband sql injection with mssql sqlmap uses construction like this field1=field1_value union all select top 1 some_field from some_table where some_field not in (select top N some_field from some_table) Microsoft says that unordered result set with top clause are nondeterministic. Even more, results obtained with different N are the same. May be it's better to use skip/limit clause or something like this field1=field1_value union all select top 1 some_field from some_table where some_field not in (select top N some_field from some_table order by 1) and some_field in (select top N+1 some_field from some_table order by 1) Regards, Daliev Ilya |
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-04-09 15:51:26
|
Fixed wherever possible and committed. Thanks for reporting. Bernardo On Fri, Apr 2, 2010 at 09:36, Daliev Ilya <da...@ya...> wrote: > Hello SQLMAP users. > > Version: sqlmap/0.8-rc7 > When using partial (single row) inband sql injection with mssql sqlmap uses > construction like this > > field1=field1_value union all select top 1 some_field from some_table where > some_field not in (select top N some_field from some_table) > > Microsoft says that unordered result set with top clause are nondeterministic. > Even more, results obtained with different N are the same. May be it's better > to use skip/limit clause or something like this > > field1=field1_value union all select top 1 some_field from some_table where > some_field not in (select top N some_field from some_table order by 1) and > some_field in (select top N+1 some_field from some_table order by 1) > > > Regards, Daliev Ilya > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: David G. <sk...@gm...> - 2010-06-10 14:30:31
|
$ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns
[11:22:01] [INFO] retrieving the length of query output
[11:22:01] [INFO] retrieved: 10
[11:22:03] [INFO] retrieved: lancamento
[11:22:03] [INFO] retrieving the length of query output
[11:22:03] [INFO] retrieved:
[11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon
as possible:
sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
File "./sqlmap.py", line 89, in main
start()
File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start
action()
File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action
conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns())
File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line
955, in getColumns
colType = inject.getValue(query, inband=False)
File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue
value = __goInferenceProxy(expression, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar)
File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in
__goInferenceProxy
outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, resumeValue=resumeValue,
charsetType=charsetType, firstChar=firstChar, lastChar=lastChar)
File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in
__goInferenceFields
output = __goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar)
File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference
_, length, _ = queryOutputLength(expression, payload)
File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in
queryOutputLength
count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
431, in bisection
val = getChar(index, asciiTbl)
File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line
210, in getChar
charTbl = xrange(maxChar + 1, (maxChar + 1) << 8)
OverflowError: long int too large to convert to int
[*] shutting down at: 11:22:17
$ svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1759
Node Kind: directory
Schedule: normal
Last Changed Author: inquisb
Last Changed Rev: 1759
Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010)
--
David Gomes Guimarães
|
|
From: Miroslav S. <mir...@gm...> - 2010-06-10 15:02:06
|
We've made some modifications regarding your bug report. Could you please try to run it again with the latest repository version? Thanks On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote: > $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns > > [11:22:01] [INFO] retrieving the length of query output > [11:22:01] [INFO] retrieved: 10 > [11:22:03] [INFO] retrieved: lancamento > [11:22:03] [INFO] retrieving the length of query output > [11:22:03] [INFO] retrieved: > [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy > the command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon > as possible: > sqlmap version: 0.9-dev > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start > action() > File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action > conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns()) > File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line > 955, in getColumns > colType = inject.getValue(query, inband=False) > File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue > value = __goInferenceProxy(expression, fromUser, expected, batch, > resumeValue, unpack, charsetType, firstChar, lastChar) > File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in > __goInferenceProxy > outputs = __goInferenceFields(expression, expressionFields, > expressionFieldsList, payload, expected, resumeValue=resumeValue, > charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) > File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in > __goInferenceFields > output = __goInference(payload, expressionReplaced, charsetType, > firstChar, lastChar) > File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference > _, length, _ = queryOutputLength(expression, payload) > File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in > queryOutputLength > count, length = bisection(payload, lengthExprUnescaped, charsetType=2) > File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line > 431, in bisection > val = getChar(index, asciiTbl) > File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line > 210, in getChar > charTbl = xrange(maxChar + 1, (maxChar + 1) << 8) > OverflowError: long int too large to convert to int > > [*] shutting down at: 11:22:17 > > $ svn info > Path: . > URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap > Repository Root: https://svn.sqlmap.org/sqlmap > Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb > Revision: 1759 > Node Kind: directory > Schedule: normal > Last Changed Author: inquisb > Last Changed Rev: 1759 > Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010) > > > -- > David Gomes Guimarães > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: David G. <sk...@gm...> - 2010-06-10 16:19:28
|
... [12:57:17] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento [12:57:17] [INFO] retrieving the length of query output [12:57:17] [INFO] retrieved: [12:57:18] [INFO] retrieved: [12:57:19] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado [12:57:19] [INFO] retrieving the length of query output [12:57:19] [INFO] retrieved: 6 [12:57:20] [INFO] retrieved: bpchar [12:57:20] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': preco_promocional [12:57:20] [INFO] retrieving the length of query output [12:57:20] [INFO] retrieved: [12:57:21] [INFO] retrieved: [12:57:22] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao [12:57:22] [INFO] retrieving the length of query output [12:57:22] [INFO] retrieved: 7 [12:57:24] [INFO] retrieved: varchar [12:57:24] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn [12:57:24] [INFO] retrieving the length of query output [12:57:24] [INFO] retrieved: 7 [12:57:25] [INFO] retrieved: varchar [12:57:25] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro [12:57:25] [INFO] retrieving the length of query output [12:57:25] [INFO] retrieved: [12:57:25] [INFO] retrieved: [12:57:27] [INFO] read from file '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora [12:57:27] [INFO] retrieving the length of query output [12:57:27] [INFO] retrieved: 7 [12:57:28] [INFO] retrieved: varchar Database: public Table: livro [15 columns] +-------------------+---------+ | Column | Type | +-------------------+---------+ | ano | int4 | | autor | varchar | | dt_cadastro | | | edicao | varchar | | editora | varchar | | esgotado | bpchar | | id_area | int4 | | id_livro | int4 | | isbn | varchar | | lancamento | | | paginas | int4 | | preco | float4 | | preco_promocional | | | release | text | | titulo | varchar | +-------------------+---------+ $ svn info Path: . URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap Repository Root: https://svn.sqlmap.org/sqlmap Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb Revision: 1763 Node Kind: directory Schedule: normal Last Changed Author: inquisb Last Changed Rev: 1763 Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010) This is ok now (despite for some reason, it failed to retrieve the column type "dt_cadastro", "lancamento", and "preco_promocional") Thanks for solving this in so short notice. On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar <mir...@gm...> wrote: > We've made some modifications regarding your bug report. Could you > please try to run it again with the latest repository version? > > Thanks > > On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote: >> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns >> >> [11:22:01] [INFO] retrieving the length of query output >> [11:22:01] [INFO] retrieved: 10 >> [11:22:03] [INFO] retrieved: lancamento >> [11:22:03] [INFO] retrieving the length of query output >> [11:22:03] [INFO] retrieved: >> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >> the command line and the following text and send by e-mail to >> sql...@li.... The developer will fix it as soon >> as possible: >> sqlmap version: 0.9-dev >> Python version: 2.5.2 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 89, in main >> start() >> File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start >> action() >> File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action >> conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns()) >> File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line >> 955, in getColumns >> colType = inject.getValue(query, inband=False) >> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue >> value = __goInferenceProxy(expression, fromUser, expected, batch, >> resumeValue, unpack, charsetType, firstChar, lastChar) >> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in >> __goInferenceProxy >> outputs = __goInferenceFields(expression, expressionFields, >> expressionFieldsList, payload, expected, resumeValue=resumeValue, >> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) >> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in >> __goInferenceFields >> output = __goInference(payload, expressionReplaced, charsetType, >> firstChar, lastChar) >> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference >> _, length, _ = queryOutputLength(expression, payload) >> File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in >> queryOutputLength >> count, length = bisection(payload, lengthExprUnescaped, charsetType=2) >> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >> 431, in bisection >> val = getChar(index, asciiTbl) >> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >> 210, in getChar >> charTbl = xrange(maxChar + 1, (maxChar + 1) << 8) >> OverflowError: long int too large to convert to int >> >> [*] shutting down at: 11:22:17 >> >> $ svn info >> Path: . >> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >> Repository Root: https://svn.sqlmap.org/sqlmap >> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >> Revision: 1759 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: inquisb >> Last Changed Rev: 1759 >> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010) >> >> >> -- >> David Gomes Guimarães >> >> ------------------------------------------------------------------------------ >> ThinkGeek and WIRED's GeekDad team up for the Ultimate >> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >> lucky parental unit. See the prize list and enter to win: >> http://p.sf.net/sfu/thinkgeek-promo >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > -- David Gomes Guimarães |
|
From: David G. <sk...@gm...> - 2010-06-10 17:17:12
|
Mirolav, my mistake. The problem is that apache is cutting the URI because of the internal configuration of the server (maximum size is limited by the apache policy URI LimitRequestLine). As you can see, the problem occurs only in columns that have big name, so the encode (with chr() in postgresql) is much greater. As the php script allows me to use the POST method for the same purpose(which is limited by the policy post_max_size in php.ini, which has a value far greater(=~8MB) than that limited by LimitRequestLine), I could successfully perform the dump. [13:52:41] [INFO] fetching columns for table 'livro' on database 'public' Database: public Table: livro [15 columns] +-------------------+---------+ | Column | Type | +-------------------+---------+ | ano | int4 | | autor | varchar | | dt_cadastro | date | | edicao | varchar | | editora | varchar | | esgotado | bpchar | | id_area | int4 | | id_livro | int4 | | isbn | varchar | | lancamento | bpchar | | paginas | int4 | | preco | float4 | | preco_promocional | float4 | | release | text | | titulo | varchar | +-------------------+---------+ Thanks anyway! =) On Thu, Jun 10, 2010 at 1:24 PM, Miroslav Stampar <mir...@gm...> wrote: > It would be most helpful if you could send me what should be there (if > you could do it manually it would be most helpful). > > KR > > On Thu, Jun 10, 2010 at 6:19 PM, David Guimaraes <sk...@gm...> wrote: >> ... >> [12:57:17] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento >> [12:57:17] [INFO] retrieving the length of query output >> [12:57:17] [INFO] retrieved: >> [12:57:18] [INFO] retrieved: >> [12:57:19] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado >> [12:57:19] [INFO] retrieving the length of query output >> [12:57:19] [INFO] retrieved: 6 >> [12:57:20] [INFO] retrieved: bpchar >> [12:57:20] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': >> preco_promocional >> [12:57:20] [INFO] retrieving the length of query output >> [12:57:20] [INFO] retrieved: >> [12:57:21] [INFO] retrieved: >> [12:57:22] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao >> [12:57:22] [INFO] retrieving the length of query output >> [12:57:22] [INFO] retrieved: 7 >> [12:57:24] [INFO] retrieved: varchar >> [12:57:24] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn >> [12:57:24] [INFO] retrieving the length of query output >> [12:57:24] [INFO] retrieved: 7 >> [12:57:25] [INFO] retrieved: varchar >> [12:57:25] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro >> [12:57:25] [INFO] retrieving the length of query output >> [12:57:25] [INFO] retrieved: >> [12:57:25] [INFO] retrieved: >> [12:57:27] [INFO] read from file >> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora >> [12:57:27] [INFO] retrieving the length of query output >> [12:57:27] [INFO] retrieved: 7 >> [12:57:28] [INFO] retrieved: varchar >> Database: public >> Table: livro >> [15 columns] >> +-------------------+---------+ >> | Column | Type | >> +-------------------+---------+ >> | ano | int4 | >> | autor | varchar | >> | dt_cadastro | | >> | edicao | varchar | >> | editora | varchar | >> | esgotado | bpchar | >> | id_area | int4 | >> | id_livro | int4 | >> | isbn | varchar | >> | lancamento | | >> | paginas | int4 | >> | preco | float4 | >> | preco_promocional | | >> | release | text | >> | titulo | varchar | >> +-------------------+---------+ >> >> $ svn info >> Path: . >> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >> Repository Root: https://svn.sqlmap.org/sqlmap >> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >> Revision: 1763 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: inquisb >> Last Changed Rev: 1763 >> Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010) >> >> This is ok now (despite for some reason, it failed to retrieve the >> column type "dt_cadastro", "lancamento", and "preco_promocional") >> >> Thanks for solving this in so short notice. >> >> On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> We've made some modifications regarding your bug report. Could you >>> please try to run it again with the latest repository version? >>> >>> Thanks >>> >>> On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote: >>>> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns >>>> >>>> [11:22:01] [INFO] retrieving the length of query output >>>> [11:22:01] [INFO] retrieved: 10 >>>> [11:22:03] [INFO] retrieved: lancamento >>>> [11:22:03] [INFO] retrieving the length of query output >>>> [11:22:03] [INFO] retrieved: >>>> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >>>> the command line and the following text and send by e-mail to >>>> sql...@li.... The developer will fix it as soon >>>> as possible: >>>> sqlmap version: 0.9-dev >>>> Python version: 2.5.2 >>>> Operating system: posix >>>> Traceback (most recent call last): >>>> File "./sqlmap.py", line 89, in main >>>> start() >>>> File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start >>>> action() >>>> File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action >>>> conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns()) >>>> File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line >>>> 955, in getColumns >>>> colType = inject.getValue(query, inband=False) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue >>>> value = __goInferenceProxy(expression, fromUser, expected, batch, >>>> resumeValue, unpack, charsetType, firstChar, lastChar) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in >>>> __goInferenceProxy >>>> outputs = __goInferenceFields(expression, expressionFields, >>>> expressionFieldsList, payload, expected, resumeValue=resumeValue, >>>> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in >>>> __goInferenceFields >>>> output = __goInference(payload, expressionReplaced, charsetType, >>>> firstChar, lastChar) >>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference >>>> _, length, _ = queryOutputLength(expression, payload) >>>> File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in >>>> queryOutputLength >>>> count, length = bisection(payload, lengthExprUnescaped, charsetType=2) >>>> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >>>> 431, in bisection >>>> val = getChar(index, asciiTbl) >>>> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >>>> 210, in getChar >>>> charTbl = xrange(maxChar + 1, (maxChar + 1) << 8) >>>> OverflowError: long int too large to convert to int >>>> >>>> [*] shutting down at: 11:22:17 >>>> >>>> $ svn info >>>> Path: . >>>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >>>> Repository Root: https://svn.sqlmap.org/sqlmap >>>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >>>> Revision: 1759 >>>> Node Kind: directory >>>> Schedule: normal >>>> Last Changed Author: inquisb >>>> Last Changed Rev: 1759 >>>> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010) >>>> >>>> >>>> -- >>>> David Gomes Guimarães >>>> >>>> ------------------------------------------------------------------------------ >>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate >>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >>>> lucky parental unit. See the prize list and enter to win: >>>> http://p.sf.net/sfu/thinkgeek-promo >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> >> >> >> >> -- >> David Gomes Guimarães >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > -- David Gomes Guimarães |
|
From: Miroslav S. <mir...@gm...> - 2010-06-10 20:25:47
|
Nevertheless, in the associated commit we've put a limitation to this kind of situations so there shouldn't be any more errors like you've reported: "OverflowError: long int too large to convert to int". Thanks for report. Kind regards. On Thu, Jun 10, 2010 at 7:16 PM, David Guimaraes <sk...@gm...> wrote: > Mirolav, my mistake. The problem is that apache is cutting the URI > because of the internal configuration of the server (maximum size is > limited by the apache policy URI LimitRequestLine). As you can see, > the problem occurs only in columns that have big name, so the encode > (with chr() in postgresql) is much greater. > > As the php script allows me to use the POST method for the same > purpose(which is limited by the policy post_max_size in php.ini, which > has a value far greater(=~8MB) than that limited by LimitRequestLine), > I could successfully perform the dump. > > [13:52:41] [INFO] fetching columns for table 'livro' on database 'public' > Database: public > Table: livro > [15 columns] > +-------------------+---------+ > | Column | Type | > +-------------------+---------+ > | ano | int4 | > | autor | varchar | > | dt_cadastro | date | > | edicao | varchar | > | editora | varchar | > | esgotado | bpchar | > | id_area | int4 | > | id_livro | int4 | > | isbn | varchar | > | lancamento | bpchar | > | paginas | int4 | > | preco | float4 | > | preco_promocional | float4 | > | release | text | > | titulo | varchar | > +-------------------+---------+ > > Thanks anyway! =) > > On Thu, Jun 10, 2010 at 1:24 PM, Miroslav Stampar > <mir...@gm...> wrote: >> It would be most helpful if you could send me what should be there (if >> you could do it manually it would be most helpful). >> >> KR >> >> On Thu, Jun 10, 2010 at 6:19 PM, David Guimaraes <sk...@gm...> wrote: >>> ... >>> [12:57:17] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': lancamento >>> [12:57:17] [INFO] retrieving the length of query output >>> [12:57:17] [INFO] retrieved: >>> [12:57:18] [INFO] retrieved: >>> [12:57:19] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': esgotado >>> [12:57:19] [INFO] retrieving the length of query output >>> [12:57:19] [INFO] retrieved: 6 >>> [12:57:20] [INFO] retrieved: bpchar >>> [12:57:20] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': >>> preco_promocional >>> [12:57:20] [INFO] retrieving the length of query output >>> [12:57:20] [INFO] retrieved: >>> [12:57:21] [INFO] retrieved: >>> [12:57:22] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': edicao >>> [12:57:22] [INFO] retrieving the length of query output >>> [12:57:22] [INFO] retrieved: 7 >>> [12:57:24] [INFO] retrieved: varchar >>> [12:57:24] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': isbn >>> [12:57:24] [INFO] retrieving the length of query output >>> [12:57:24] [INFO] retrieved: 7 >>> [12:57:25] [INFO] retrieved: varchar >>> [12:57:25] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': dt_cadastro >>> [12:57:25] [INFO] retrieving the length of query output >>> [12:57:25] [INFO] retrieved: >>> [12:57:25] [INFO] retrieved: >>> [12:57:27] [INFO] read from file >>> '/home/skys/sqlmap-dev/output/www.vulnsite.com/session': editora >>> [12:57:27] [INFO] retrieving the length of query output >>> [12:57:27] [INFO] retrieved: 7 >>> [12:57:28] [INFO] retrieved: varchar >>> Database: public >>> Table: livro >>> [15 columns] >>> +-------------------+---------+ >>> | Column | Type | >>> +-------------------+---------+ >>> | ano | int4 | >>> | autor | varchar | >>> | dt_cadastro | | >>> | edicao | varchar | >>> | editora | varchar | >>> | esgotado | bpchar | >>> | id_area | int4 | >>> | id_livro | int4 | >>> | isbn | varchar | >>> | lancamento | | >>> | paginas | int4 | >>> | preco | float4 | >>> | preco_promocional | | >>> | release | text | >>> | titulo | varchar | >>> +-------------------+---------+ >>> >>> $ svn info >>> Path: . >>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >>> Repository Root: https://svn.sqlmap.org/sqlmap >>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >>> Revision: 1763 >>> Node Kind: directory >>> Schedule: normal >>> Last Changed Author: inquisb >>> Last Changed Rev: 1763 >>> Last Changed Date: 2010-06-10 12:34:28 -0300 (Thu, 10 Jun 2010) >>> >>> This is ok now (despite for some reason, it failed to retrieve the >>> column type "dt_cadastro", "lancamento", and "preco_promocional") >>> >>> Thanks for solving this in so short notice. >>> >>> On Thu, Jun 10, 2010 at 12:01 PM, Miroslav Stampar >>> <mir...@gm...> wrote: >>>> We've made some modifications regarding your bug report. Could you >>>> please try to run it again with the latest repository version? >>>> >>>> Thanks >>>> >>>> On Thu, Jun 10, 2010 at 4:24 PM, David Guimaraes <sk...@gm...> wrote: >>>>> $ ./sqlmap -c arquivo.conf --threads 10 -D editora -T livro --columns >>>>> >>>>> [11:22:01] [INFO] retrieving the length of query output >>>>> [11:22:01] [INFO] retrieved: 10 >>>>> [11:22:03] [INFO] retrieved: lancamento >>>>> [11:22:03] [INFO] retrieving the length of query output >>>>> [11:22:03] [INFO] retrieved: >>>>> [11:22:17] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >>>>> the command line and the following text and send by e-mail to >>>>> sql...@li.... The developer will fix it as soon >>>>> as possible: >>>>> sqlmap version: 0.9-dev >>>>> Python version: 2.5.2 >>>>> Operating system: posix >>>>> Traceback (most recent call last): >>>>> File "./sqlmap.py", line 89, in main >>>>> start() >>>>> File "/home/skys/sqlmap-dev/lib/controller/controller.py", line 268, in start >>>>> action() >>>>> File "/home/skys/sqlmap-dev/lib/controller/action.py", line 114, in action >>>>> conf.dumper.dbTableColumns(conf.dbmsHandler.getColumns()) >>>>> File "/home/skys/sqlmap-dev/plugins/generic/enumeration.py", line >>>>> 955, in getColumns >>>>> colType = inject.getValue(query, inband=False) >>>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 374, in getValue >>>>> value = __goInferenceProxy(expression, fromUser, expected, batch, >>>>> resumeValue, unpack, charsetType, firstChar, lastChar) >>>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 304, in >>>>> __goInferenceProxy >>>>> outputs = __goInferenceFields(expression, expressionFields, >>>>> expressionFieldsList, payload, expected, resumeValue=resumeValue, >>>>> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar) >>>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 92, in >>>>> __goInferenceFields >>>>> output = __goInference(payload, expressionReplaced, charsetType, >>>>> firstChar, lastChar) >>>>> File "/home/skys/sqlmap-dev/lib/request/inject.py", line 51, in __goInference >>>>> _, length, _ = queryOutputLength(expression, payload) >>>>> File "/home/skys/sqlmap-dev/lib/utils/resume.py", line 91, in >>>>> queryOutputLength >>>>> count, length = bisection(payload, lengthExprUnescaped, charsetType=2) >>>>> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >>>>> 431, in bisection >>>>> val = getChar(index, asciiTbl) >>>>> File "/home/skys/sqlmap-dev/lib/techniques/blind/inference.py", line >>>>> 210, in getChar >>>>> charTbl = xrange(maxChar + 1, (maxChar + 1) << 8) >>>>> OverflowError: long int too large to convert to int >>>>> >>>>> [*] shutting down at: 11:22:17 >>>>> >>>>> $ svn info >>>>> Path: . >>>>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >>>>> Repository Root: https://svn.sqlmap.org/sqlmap >>>>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >>>>> Revision: 1759 >>>>> Node Kind: directory >>>>> Schedule: normal >>>>> Last Changed Author: inquisb >>>>> Last Changed Rev: 1759 >>>>> Last Changed Date: 2010-06-10 11:15:32 -0300 (Thu, 10 Jun 2010) >>>>> >>>>> >>>>> -- >>>>> David Gomes Guimarães >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate >>>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >>>>> lucky parental unit. See the prize list and enter to win: >>>>> http://p.sf.net/sfu/thinkgeek-promo >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> >>>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>>> Mobile: +385921010204 (HR 0921010204) >>>> PGP Key ID: 0xB5397B1B >>>> >>> >>> >>> >>> -- >>> David Gomes Guimarães >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> > > > > -- > David Gomes Guimarães > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: David G. <sk...@gm...> - 2010-09-01 00:59:40
|
$ ./sqlmap.py -u "http://vulnsite/site/vulnphp.php?id=179" -p id
--union-test --string "XXX" -D XXX_uk -T eventos --dump
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[*] starting at: 21:47:55
[21:47:55] [INFO] using '/path/sqlmap8/output/vulnsite/session' as session file
[21:47:55] [INFO] resuming string match 'XXX' from session file
[21:47:55] [INFO] resuming injection point 'GET' from session file
[21:47:55] [INFO] resuming injection parameter 'id' from session file
[21:47:55] [INFO] resuming injection type 'numeric' from session file
[21:47:55] [INFO] resuming 0 number of parenthesis from session file
[21:47:55] [INFO] resuming back-end DBMS 'mysql 5' from session file
[21:47:55] [INFO] resuming union comment '#' from session file
[21:47:55] [INFO] resuming union count 8 from session file
[21:47:55] [INFO] resuming union position 3 from session file
[21:48:00] [INFO] testing connection to the target url
[21:48:02] [INFO] testing for parenthesis on injectable parameter
[21:48:02] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.2.14, Apache 2.2.16
back-end DBMS: MySQL 5
[21:48:02] [INFO] fetching columns for table 'eventos' on database 'XXX_uk'
[21:48:03] [INFO] fetching entries for table 'eventos' on database 'XXX_uk'
[21:48:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon
as possible:
sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
File "./sqlmap.py", line 89, in main
start()
File "/pentest/database/sqlmap8/lib/controller/controller.py", line
278, in start
action()
File "/pentest/database/sqlmap8/lib/controller/action.py", line 117, in action
conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
File "/pentest/database/sqlmap8/plugins/generic/enumeration.py",
line 1067, in dumpTable
colEntry = entry[index]
IndexError: list index out of range
[*] shutting down at: 21:48:05
$ svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1836
Node Kind: directory
Schedule: normal
Last Changed Author: stamparm
Last Changed Rev: 1836
Last Changed Date: 2010-08-31 11:31:17 -0300 (Tue, 31 Aug 2010)
--
David Gomes Guimarães
|
|
From: Miroslav S. <mir...@gm...> - 2010-09-01 09:19:10
|
fixed (hopefully) and committed On Wed, Sep 1, 2010 at 2:59 AM, David Guimaraes <sk...@gm...> wrote: > $ ./sqlmap.py -u "http://vulnsite/site/vulnphp.php?id=179" -p id > --union-test --string "XXX" -D XXX_uk -T eventos --dump > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 21:47:55 > > [21:47:55] [INFO] using '/path/sqlmap8/output/vulnsite/session' as session file > [21:47:55] [INFO] resuming string match 'XXX' from session file > [21:47:55] [INFO] resuming injection point 'GET' from session file > [21:47:55] [INFO] resuming injection parameter 'id' from session file > [21:47:55] [INFO] resuming injection type 'numeric' from session file > [21:47:55] [INFO] resuming 0 number of parenthesis from session file > [21:47:55] [INFO] resuming back-end DBMS 'mysql 5' from session file > [21:47:55] [INFO] resuming union comment '#' from session file > [21:47:55] [INFO] resuming union count 8 from session file > [21:47:55] [INFO] resuming union position 3 from session file > [21:48:00] [INFO] testing connection to the target url > [21:48:02] [INFO] testing for parenthesis on injectable parameter > [21:48:02] [INFO] the back-end DBMS is MySQL > > web application technology: PHP 5.2.14, Apache 2.2.16 > back-end DBMS: MySQL 5 > > [21:48:02] [INFO] fetching columns for table 'eventos' on database 'XXX_uk' > [21:48:03] [INFO] fetching entries for table 'eventos' on database 'XXX_uk' > > [21:48:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy > the command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon > as possible: > sqlmap version: 0.9-dev > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/pentest/database/sqlmap8/lib/controller/controller.py", line > 278, in start > action() > File "/pentest/database/sqlmap8/lib/controller/action.py", line 117, in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/pentest/database/sqlmap8/plugins/generic/enumeration.py", > line 1067, in dumpTable > colEntry = entry[index] > IndexError: list index out of range > > [*] shutting down at: 21:48:05 > > $ svn info > Path: . > URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap > Repository Root: https://svn.sqlmap.org/sqlmap > Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb > Revision: 1836 > Node Kind: directory > Schedule: normal > Last Changed Author: stamparm > Last Changed Rev: 1836 > Last Changed Date: 2010-08-31 11:31:17 -0300 (Tue, 31 Aug 2010) > > -- > David Gomes Guimarães > > ------------------------------------------------------------------------------ > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: <nig...@em...> - 2010-09-11 08:35:11
|
sqlmap version: 0.8 Python version: 2.6.2 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 77, in main File "lib\controller\controller.pyc", line 259, in start File "lib\controller\action.pyc", line 114, in action File "plugins\generic\enumeration.pyc", line 1369, in dumpTable File "lib\request\inject.pyc", line 373, in getValue File "lib\request\inject.pyc", line 123, in __goInferenceProxy File "lib\utils\resume.pyc", line 130, in resume UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 4: ordinal not in range(128) |
|
From: Miroslav S. <mir...@gm...> - 2010-09-12 12:29:35
|
please update to the latest 0.9-dev version from our SVN repository (svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev) because we've done lots of work regarding this kind of stuff since v0.8. kind regards. On Sat, Sep 11, 2010 at 10:35 AM, <nig...@em...> wrote: > sqlmap version: 0.8 > Python version: 2.6.2 > Operating system: win32 > Traceback (most recent call last): > File "sqlmap.py", line 77, in main > File "lib\controller\controller.pyc", line 259, in start > File "lib\controller\action.pyc", line 114, in action > File "plugins\generic\enumeration.pyc", line 1369, in dumpTable > File "lib\request\inject.pyc", line 373, in getValue > File "lib\request\inject.pyc", line 123, in __goInferenceProxy > File "lib\utils\resume.pyc", line 130, in resume > UnicodeDecodeError: 'ascii' codec can't decode byte 0x80 in position 4: ordinal not in range(128) > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: <nig...@em...> - 2010-11-12 17:59:20
|
C:\pentest\sqlmap.0.9>sqlmap -u "http://www.site.com/dvds.php?dvdId=4&isOn=1" --auth-type=basic --auth-cred=user:pass -f -b [18:50:12] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: nt Traceback (most recent call last): File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main start() File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 261, in start injType = checkSqlInjection(place, parameter, value, parenthesis) File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 94, in checkSqlInjection falseResult = Request.queryPage(payload, place) File "C:\pentest\sqlmap.0.9\lib\request\connect.py", line 383, in queryPage page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=au xHeaders, response=response, raise404=raise404) File "C:\pentest\sqlmap.0.9\lib\request\connect.py", line 218, in getPage page = conn.read() File "C:\Python26\lib\socket.py", line 329, in read data = self._sock.recv(rbufsize) File "C:\Python26\lib\httplib.py", line 518, in read return self._read_chunked(amt) File "C:\Python26\lib\httplib.py", line 561, in _read_chunked raise IncompleteRead(''.join(value)) IncompleteRead: IncompleteRead(1284 bytes read) [*] shutting down at: 18:50:12 |
|
From: Miroslav S. <mir...@gm...> - 2010-11-12 22:56:23
|
hi nightman. thank you for your report. plz update to have it patched. kr On Fri, Nov 12, 2010 at 6:59 PM, <nig...@em...> wrote: > C:\pentest\sqlmap.0.9>sqlmap -u "http://www.site.com/dvds.php?dvdId=4&isOn=1" --auth-type=basic --auth-cred=user:pass -f -b > > [18:50:12] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversio > n repository. If the exception persists, please send by e-mail to sql...@li... the command line, the followi > ng text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\sqlmap.0.9\sqlmap.py", line 79, in main > start() > File "C:\pentest\sqlmap.0.9\lib\controller\controller.py", line 261, in start > injType = checkSqlInjection(place, parameter, value, parenthesis) > File "C:\pentest\sqlmap.0.9\lib\controller\checks.py", line 94, in checkSqlInjection > falseResult = Request.queryPage(payload, place) > File "C:\pentest\sqlmap.0.9\lib\request\connect.py", line 383, in queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=au > xHeaders, response=response, raise404=raise404) > File "C:\pentest\sqlmap.0.9\lib\request\connect.py", line 218, in getPage > page = conn.read() > File "C:\Python26\lib\socket.py", line 329, in read > data = self._sock.recv(rbufsize) > File "C:\Python26\lib\httplib.py", line 518, in read > return self._read_chunked(amt) > File "C:\Python26\lib\httplib.py", line 561, in _read_chunked > raise IncompleteRead(''.join(value)) > IncompleteRead: IncompleteRead(1284 bytes read) > > [*] shutting down at: 18:50:12 > > ------------------------------------------------------------------------------ > Centralized Desktop Delivery: Dell and VMware Reference Architecture > Simplifying enterprise desktop deployment and management using > Dell EqualLogic storage and VMware View: A highly scalable, end-to-end > client virtualization framework. Read more! > http://p.sf.net/sfu/dell-eql-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: <nig...@em...> - 2011-01-11 00:28:19
|
Hi, I found a new bug ;) C:\pentest\p\sqlmap-0.9-1>sqlmap -u "http://xxxxxxx.xxx/favorites.php?id=1219&action=0&t=p&u=2433" --auth-type=basic --auth-cred=xxxx:xxxx -a C:\user-agents.txt --level 5 --risk 3 --dump -D xxxxxx -T user -C xxxxx,xxxx,xxxx [01:08:12] [WARNING] Ctrl+C detected in dumping phase recognized possible password hash values. do you want to use dictionary attack on retrieved table it ems? [Y/n/q] y [01:08:17] [INFO] using hash method: 'md5_generic_passwd' what's the dictionary's location? [C:\pentest\p\sqlmap-0.9-1\t xt\wordlist.txt] [01:08:20] [INFO] loading dictionary from: 'C:\pentest\p\sqlma p-0.9-1\txt\wordlist.txt' [01:08:22] [INFO] starting dictionary attack (md5_generic_passwd) [01:12:45] [INFO] 278133/277952 words (100%) [01:12:45] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest developm ent version from the Subversion repository. If the exception persists, please send by e-mail to sqlm ap-...@li... the command line, the following text and any information needed to re produce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to yo u. sqlmap version: 0.9-dev Python version: 2.6.6 Operating system: nt Traceback (most recent call last): File "C:\pentest\p\sqlmap-0.9-1\sqlmap.py", line 83, in main start() File "C:\pentest\p\sqlmap-0.9-1\lib\controller\controller.py ", line 405, in start action() File "C:\pentest\p\sqlmap-0.9-1\lib\controller\action.py", l ine 107, in action conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) File "C:\pentest\p\sqlmap-0.9-1\plugins\generic\enumeration. py", line 1383, in dumpTable attackDumpedTable() File "C:\pentest\p\sqlmap-0.9-1\lib\utils\hash.py", line 248 , in attackDumpedTable results = dictionaryAttack(attack_dict) File "C:\pentest\p\sqlmap-0.9-1\lib\utils\hash.py", line 351 , in dictionaryAttack current = __functions__[hash_regex](password = word, uppercase = False) File "C:\pentest\p\sqlmap-0.9-1\lib\utils\hash.py", line 170 , in md5_generic_passwd retVal = md5(password).hexdigest() UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: ordinal not in range(128) [*] shutting down at: 01:12:46 |
|
From: Miroslav S. <mir...@gm...> - 2011-01-11 12:28:28
|
hi nightman. thx again for a bug report. could you please update to the latest revision and try it again. now there should be a "critical" message like this: [13:22:26] [CRITICAL] there was a problem while hashing entry: 'blalblalb'. Please report by e-mail to sql...@li.... i am would really like to know which entry was giving you problems :) kr On Tue, Jan 11, 2011 at 1:28 AM, <nig...@em...> wrote: > Hi, > > I found a new bug ;) > > C:\pentest\p\sqlmap-0.9-1>sqlmap -u " > http://xxxxxxx.xxx/favorites.php?id=1219&action=0&t=p&u=2433" > --auth-type=basic --auth-cred=xxxx:xxxx -a C:\user-agents.txt --level 5 > --risk 3 --dump -D xxxxxx -T user -C xxxxx,xxxx,xxxx > > [01:08:12] [WARNING] Ctrl+C detected in dumping phase > recognized possible password hash values. do you want to use dictionary > attack on retrieved table it > ems? [Y/n/q] y > [01:08:17] [INFO] using hash method: 'md5_generic_passwd' > what's the dictionary's location? [C:\pentest\p\sqlmap-0.9-1\t > xt\wordlist.txt] > [01:08:20] [INFO] loading dictionary from: 'C:\pentest\p\sqlma > p-0.9-1\txt\wordlist.txt' > [01:08:22] [INFO] starting dictionary attack (md5_generic_passwd) > [01:12:45] [INFO] 278133/277952 words (100%) > [01:12:45] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest developm > ent version from the Subversion repository. If the exception persists, > please send by e-mail to sqlm > ap-...@li... the command line, the following text and > any information needed to re > produce the bug. The developers will try to reproduce the bug, fix it > accordingly and get back to yo > u. > sqlmap version: 0.9-dev > Python version: 2.6.6 > Operating system: nt > Traceback (most recent call last): > File "C:\pentest\p\sqlmap-0.9-1\sqlmap.py", line 83, in main > > start() > File "C:\pentest\p\sqlmap-0.9-1\lib\controller\controller.py > ", line 405, in start > action() > File "C:\pentest\p\sqlmap-0.9-1\lib\controller\action.py", l > ine 107, in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "C:\pentest\p\sqlmap-0.9-1\plugins\generic\enumeration. > py", line 1383, in dumpTable > attackDumpedTable() > File "C:\pentest\p\sqlmap-0.9-1\lib\utils\hash.py", line 248 > , in attackDumpedTable > results = dictionaryAttack(attack_dict) > File "C:\pentest\p\sqlmap-0.9-1\lib\utils\hash.py", line 351 > , in dictionaryAttack > current = __functions__[hash_regex](password = word, uppercase = False) > File "C:\pentest\p\sqlmap-0.9-1\lib\utils\hash.py", line 170 > , in md5_generic_passwd > retVal = md5(password).hexdigest() > UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: > ordinal not in range(128) > > > [*] shutting down at: 01:12:46 > > > ------------------------------------------------------------------------------ > Gaining the trust of online customers is vital for the success of any > company > that requires sensitive data to be transmitted over the Web. Learn how to > best implement a security strategy that keeps consumers' information secure > and instills the confidence they need to proceed with transactions. > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: David G. <sk...@gm...> - 2011-04-11 18:42:10
|
[15:39:33] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r3637)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py --proxy http://127.0.0.1:8118/ -u
***************************************************** --data
nmgp_parms=nmcpfcad?#? -p nmgp_parms -v 3 --level 5 --risk 3 --sql-query
select * from **************** where Nomecad like 'nome%aki%' --fresh
Technique: ERROR
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
File "./sqlmap.py", line 82, in main
start()
File "/home/david/sqlmap-dev/lib/controller/controller.py", line 460, in
start
action()
File "/home/david/sqlmap-dev/lib/controller/action.py", line 112, in
action
conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query))
File "/home/david/sqlmap-dev/plugins/generic/enumeration.py", line 2056,
in sqlQuery
output = inject.getValue(query, fromUser=True)
File "/home/david/sqlmap-dev/lib/request/inject.py", line 409, in getValue
query = expandAsteriskForColumns(query)
File "/home/david/sqlmap-dev/lib/core/common.py", line 1047, in
expandAsteriskForColumns
columnsStr = ", ".join([column for column in columns])
TypeError: sequence item 0: expected string, NoneType found
[*] shutting down at: 15:39:33
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-11 21:44:44
|
I could not reproduce the bug, however I think I might have fixed it in r3638. Can you please give it a try again and report? Thank you, Bernardo On 11 April 2011 19:41, David Guimaraes <sk...@gm...> wrote: > [15:39:33] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r3637) > Python version: 2.6.5 > Operating system: posix > Command line: ./sqlmap.py --proxy http://127.0.0.1:8118/ -u > ***************************************************** --data > nmgp_parms=nmcpfcad?#? -p nmgp_parms -v 3 --level 5 --risk 3 --sql-query > select * from **************** where Nomecad like 'nome%aki%' --fresh > Technique: ERROR > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 82, in main > start() > File "/home/david/sqlmap-dev/lib/controller/controller.py", line 460, in > start > action() > File "/home/david/sqlmap-dev/lib/controller/action.py", line 112, in > action > conf.dumper.query(conf.query, conf.dbmsHandler.sqlQuery(conf.query)) > File "/home/david/sqlmap-dev/plugins/generic/enumeration.py", line 2056, > in sqlQuery > output = inject.getValue(query, fromUser=True) > File "/home/david/sqlmap-dev/lib/request/inject.py", line 409, in getValue > query = expandAsteriskForColumns(query) > File "/home/david/sqlmap-dev/lib/core/common.py", line 1047, in > expandAsteriskForColumns > columnsStr = ", ".join([column for column in columns]) > TypeError: sequence item 0: expected string, NoneType found > [*] shutting down at: 15:39:33 > > > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Chris O. <chr...@gm...> - 2011-07-11 11:10:15
|
[12:09:23] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4253), r
etry your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to sqlmap
-u...@li... the following text and any information re
quired to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4253)
Python version: 2.7.1
Operating system: nt
Command line: sqlmap.py -u *******************************************
********* --data username=foo&password=bar&login-php-submit-button=Log
in -p username --passwords
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "sqlmap.py", line 86, in main
start()
File "C:\Program Files\sqlmap-0.9\lib\controller\controller.py", lin
e 554, in start
action()
File "C:\Program Files\sqlmap-0.9\lib\controller\action.py", line 77
, in action
conf.dbmsHandler.getPasswordHashes(), "password hash")
File "C:\Program Files\sqlmap-0.9\plugins\generic\enumeration.py", l
ine 395, in getPasswordHashes
attackCachedUsersPasswords()
File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 240, in a
ttackCachedUsersPasswords
results = dictionaryAttack(kb.data.cachedUsersPasswords)
File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 507, in d
ictionaryAttack
p.start()
File "C:\Python27\lib\multiprocessing\process.py", line 104, in star
t
self._popen = Popen(self)
File "C:\Python27\lib\multiprocessing\forking.py", line 244, in __in
it__
dump(process_obj, to_child, HIGHEST_PROTOCOL)
File "C:\Python27\lib\multiprocessing\forking.py", line 167, in dump
ForkingPickler(file, protocol).dump(obj)
File "C:\Python27\lib\pickle.py", line 224, in dump
self.save(obj)
File "C:\Python27\lib\pickle.py", line 331, in save
self.save_reduce(obj=obj, *rv)
File "C:\Python27\lib\pickle.py", line 419, in save_reduce
save(state)
File "C:\Python27\lib\pickle.py", line 286, in save
f(self, obj) # Call unbound method with explicit self
File "C:\Python27\lib\pickle.py", line 649, in save_dict
self._batch_setitems(obj.iteritems())
File "C:\Python27\lib\pickle.py", line 681, in _batch_setitems
save(v)
File "C:\Python27\lib\pickle.py", line 286, in save
f(self, obj) # Call unbound method with explicit self
File "C:\Python27\lib\pickle.py", line 748, in save_global
(obj, module, name))
PicklingError: Can't pickle <function bruteProcess at 0x01783CF0>: it'
s not found as lib.utils.hash.bruteProcess
[*] shutting down at 12:09:23
C:\Program Files\sqlmap-0.9>Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:\Python27\lib\multiprocessing\forking.py", line 347, in main
self = load(from_parent)
File "C:\Python27\lib\pickle.py", line 1378, in load
return Unpickler(file).load()
File "C:\Python27\lib\pickle.py", line 858, in load
dispatch[key](self)
File "C:\Python27\lib\pickle.py", line 880, in load_eof
raise EOFError
EOFError
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-07-11 23:34:07
|
Hi, This is fixed now. Thanks for reporting. Bernardo On 11 July 2011 12:10, Chris Oakley <chr...@gm...> wrote: > [12:09:23] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4253), r > etry your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to sqlmap > -u...@li... the following text and any information re > quired to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4253) > Python version: 2.7.1 > Operating system: nt > Command line: sqlmap.py -u ******************************************* > ********* --data username=foo&password=bar&login-php-submit-button=Log > in -p username --passwords > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 86, in main > start() > File "C:\Program Files\sqlmap-0.9\lib\controller\controller.py", lin > e 554, in start > action() > File "C:\Program Files\sqlmap-0.9\lib\controller\action.py", line 77 > , in action > conf.dbmsHandler.getPasswordHashes(), "password hash") > File "C:\Program Files\sqlmap-0.9\plugins\generic\enumeration.py", l > ine 395, in getPasswordHashes > attackCachedUsersPasswords() > File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 240, in a > ttackCachedUsersPasswords > results = dictionaryAttack(kb.data.cachedUsersPasswords) > File "C:\Program Files\sqlmap-0.9\lib\utils\hash.py", line 507, in d > ictionaryAttack > p.start() > File "C:\Python27\lib\multiprocessing\process.py", line 104, in star > t > self._popen = Popen(self) > File "C:\Python27\lib\multiprocessing\forking.py", line 244, in __in > it__ > dump(process_obj, to_child, HIGHEST_PROTOCOL) > File "C:\Python27\lib\multiprocessing\forking.py", line 167, in dump > > ForkingPickler(file, protocol).dump(obj) > File "C:\Python27\lib\pickle.py", line 224, in dump > self.save(obj) > File "C:\Python27\lib\pickle.py", line 331, in save > self.save_reduce(obj=obj, *rv) > File "C:\Python27\lib\pickle.py", line 419, in save_reduce > save(state) > File "C:\Python27\lib\pickle.py", line 286, in save > f(self, obj) # Call unbound method with explicit self > File "C:\Python27\lib\pickle.py", line 649, in save_dict > self._batch_setitems(obj.iteritems()) > File "C:\Python27\lib\pickle.py", line 681, in _batch_setitems > save(v) > File "C:\Python27\lib\pickle.py", line 286, in save > f(self, obj) # Call unbound method with explicit self > File "C:\Python27\lib\pickle.py", line 748, in save_global > (obj, module, name)) > PicklingError: Can't pickle <function bruteProcess at 0x01783CF0>: it' > s not found as lib.utils.hash.bruteProcess > > [*] shutting down at 12:09:23 > > > C:\Program Files\sqlmap-0.9>Traceback (most recent call last): > File "<string>", line 1, in <module> > File "C:\Python27\lib\multiprocessing\forking.py", line 347, in main > > self = load(from_parent) > File "C:\Python27\lib\pickle.py", line 1378, in load > return Unpickler(file).load() > File "C:\Python27\lib\pickle.py", line 858, in load > dispatch[key](self) > File "C:\Python27\lib\pickle.py", line 880, in load_eof > raise EOFError > EOFError -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-01-22 14:54:24
|
Hi Ümit, On Thu, Jan 22, 2009 at 14:05, Ümit Seren <uem...@gm...> wrote: > ... > /Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/core/convert.py:27: > DeprecationWarning: the md5 module is deprecated; use hashlib instead > import md5 > /Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/core/convert.py:28: > DeprecationWarning: the sha module is deprecated; use the hashlib > module instead > import sha I will deal with this Python warning message soon. > sqlmap version: 0.6.3 > Python version: 2.6.1 > Operating system: darwin > Traceback (most recent call last): > File "sqlmap.py", line 81, in main > start() > File "/Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/controller/controller.py", > line 267, in start > action() > File "/Users/uemit/Documents/Downloads/sqlmap-0.6.3/lib/controller/action.py", > line 134, in action > conf.dbmsHandler.osShell() > File "/Users/uemit/Documents/Downloads/sqlmap-0.6.3/plugins/dbms/mysql.py", > line 473, in osShell > page, _ = Request.getPage(url=uploaderUrl, multipart=multipartParams) > ValueError: too many values to unpack This has been fixed weeks ago in the sqlmap subversion trunk version. Feel free to svn checkout and give a try to the upcoming 0.6.4 version. However, I am going to release the new version very soon, stay tuned! Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X