Thread: [sqlmap-users] List of things
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Kasper F. <th...@ma...> - 2010-03-15 18:18:04
|
Hello SQLMAP users. I have just been using the tools for an hour or so, and I came up with many suggestions and or error outputs from the program. I ran svn version 1483 [latest] [SUGGESTION / BUG] While using the Google dorks, it can be quite annoying that the program escapes when a page returns 404. Example: [18:51:44] [INFO] testing url http://<host>/site.aspx?p=12446 [18:51:44] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\ses ' as session file [18:51:44] [INFO] testing connection to the target url [18:51:44] [INFO] testing if the url is stable, wait a few seconds [18:51:46] [INFO] url is stable [18:51:46] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [18:51:46] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [18:51:46] [INFO] testing if Cookie parameter 'ASP.NET_SessionId' is dynamic [18:51:47] [WARNING] Cookie parameter 'ASP.NET_SessionId' is not dynamic [18:51:47] [INFO] testing if GET parameter 'p' is dynamic [18:51:47] [ERROR] page not found [*] shutting down at: 18:51:47 I guess that the server returned 404, which of course can be valid since p is properly a "page" parameter. So, we can drop this url, but don't stop the whole google dorks progress. [SUGGESTION] Another suggestion was being able to give some input, while sqlmap is trying a server, that makes sqlmap go to the next. Sometimes servers are just slow, unresposive or have so many cookie parameters that you just want to go on. It might be by pressing 's' for skip, just something. [BUG] Infinite connection redirection: [19:05:41] [INFO] testing url <host>?p=4220 [19:05:41] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file [19:05:41] [INFO] testing connection to the target url [19:05:45] [INFO] connection redirected, going to use <host> as target address [19:05:45] [INFO] testing if the url is stable, wait a few seconds [19:05:48] [INFO] url is stable [19:05:48] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [19:05:49] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [19:05:49] [INFO] testing if Cookie parameter 'phpbb3_dto_k' is dynamic [19:05:50] [WARNING] Cookie parameter 'phpbb3_dto_k' is not dynamic [19:05:50] [INFO] testing if Cookie parameter 'phpbb3_dto_u' is dynamic [19:05:53] [WARNING] Cookie parameter 'phpbb3_dto_u' is not dynamic [19:05:53] [INFO] testing if Cookie parameter 'phpbb3_dto_sid' is dynamic [19:05:55] [WARNING] Cookie parameter 'phpbb3_dto_sid' is not dynamic [19:05:55] [INFO] testing if GET parameter 'p' is dynamic [19:05:57] [INFO] connection redirected, going to use <host> as target address [19:05:59] [INFO] connection redirected, going to use <host> as target address [19:06:00] [INFO] connection redirected, going to use <host> as target address [19:06:01] [INFO] connection redirected, going to use <host> as target address [19:06:02] [INFO] connection redirected, going to use <host> as target address [19:06:10] [INFO] connection redirected, going to use <host> as target address [19:06:12] [INFO] connection redirected, going to use <host> as target address [19:06:13] [INFO] connection redirected, going to use <host> as target address [19:06:14] [INFO] connection redirected, going to use <host> as target address [19:06:16] [INFO] connection redirected, going to use <host> as target address [19:06:17] [INFO] connection redirected, going to use <host> as target address [19:06:18] [INFO] connection redirected, going to use <host> as target address [19:06:19] [INFO] connection redirected, going to use <host> as target address [19:06:20] [INFO] connection redirected, going to use <host> as target address [19:06:21] [INFO] connection redirected, going to use <host> as target address [19:06:22] [INFO] connection redirected, going to use <host> as target address [19:06:24] [INFO] connection redirected, going to use <host> as target address [19:06:26] [INFO] connection redirected, going to use <host> as target address [19:06:28] [INFO] connection redirected, going to use <host> as target address [19:06:29] [INFO] connection redirected, going to use <host> as target address [19:06:30] [INFO] connection redirected, going to use <host> as target address [19:06:32] [INFO] connection redirected, going to use <host> as target address [BUG] Unknown bug... [19:08:30] [INFO] testing if the url is stable, wait a few seconds [19:08:36] [WARNING] connection timed out to the target url or proxy, skipping to next url [19:08:36] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher, if no dynamic nor injectable parameters are detected, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on [19:08:36] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [19:08:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 194, i n start elif not checkDynParam(place, parameter, value): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 260, in ch eckDynParam dynResult1 = Request.queryPage(payload, place) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 296, in quer yPage return comparison(page, headers, getSeqMatcher) File "C:\Users\foens\Desktop\sqlmap\lib\request\comparison.py", line 72, in co mparison ratio = round(conf.seqMatcher.ratio(), 3) File "C:\Python26\lib\difflib.py", line 660, in ratio self.get_matching_blocks(), 0) File "C:\Python26\lib\difflib.py", line 482, in get_matching_blocks la, lb = len(self.a), len(self.b) TypeError: object of type 'NoneType' has no len() [*] shutting down at: 19:08:38 [BUG] Also, it seems that there has been introduced a bug in lastest svn in regards to url redirection (as it is mentioned in the logs): [18:54:02] [INFO] testing url http://<host>/?page=66 [18:54:02] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file [18:54:02] [INFO] testing connection to the target url [18:54:03] [INFO] connection redirected, going to use /index.php as target addre ss [18:54:03] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 141, i n start if not checkConnection() or not checkString() or not checkRegexp(): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 387, in ch eckConnection page, _ = Request.getPage() File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: /index.php?page=66 [*] shutting down at: 18:54:03 I keep getting some of these. More below: [19:04:15] [INFO] testing connection to the target url [19:04:15] [INFO] connection redirected, going to use /site.aspx as target addre ss [19:04:15] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 141, i n start if not checkConnection() or not checkString() or not checkRegexp(): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 387, in ch eckConnection page, _ = Request.getPage() File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: /site.aspx?p=146 [*] shutting down at: 19:04:15 [19:12:09] [INFO] connection redirected, going to use weblinks.php as target add ress [19:12:09] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the comman d line and the following text and send by e-mail to sql...@li...urcefor ge.net. The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 194, i n start elif not checkDynParam(place, parameter, value): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 260, in ch eckDynParam dynResult1 = Request.queryPage(payload, place) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 291, in quer yPage page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, si lent=silent) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: weblinks.php?cat_id=3732&%3Bweblink_id=68 [*] shutting down at: 19:12:09 [19:10:36] [INFO] testing if Cookie parameter 'ASPSESSIONIDSQDCTTSB' is dynamic [19:10:36] [WARNING] Cookie parameter 'ASPSESSIONIDSQDCTTSB' is not dynamic [19:10:36] [INFO] testing if GET parameter 'FORUM_ID' is dynamic [19:10:37] [INFO] connection redirected, going to use default.asp as target address [19:10:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: win32 Traceback (most recent call last): File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main start() File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", line 194, i n start elif not checkDynParam(place, parameter, value): File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line 260, in ch eckDynParam dynResult1 = Request.queryPage(payload, place) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 291, in quer yPage page, headers = Connect.getPage(get=get, post=post, cookie=cookie, ua=ua, si lent=silent) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 135, in getP age return Connect.__getPageProxy(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 53, in __get PageProxy return Connect.getPage(**kwargs) File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line 126, in getP age conn = urllib2.urlopen(req) File "C:\Python26\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data, timeout) File "C:\Python26\lib\urllib2.py", line 381, in open protocol = req.get_type() File "C:\Python26\lib\urllib2.py", line 242, in get_type raise ValueError, "unknown url type: %s" % self.__original ValueError: unknown url type: default.asp?FORUM_ID=8899 [*] shutting down at: 19:10:37 Greetings from Kasper |
|
From: Kasper F. <th...@ma...> - 2010-06-09 12:31:18
|
Hello SQLMAP users.
Is there a problem using an old session file with new svn version?
I get this:
sqlmap/0.9-dev - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[*] starting at: 14:17:25
[14:17:25] [INFO] using 'bla' as session file
[14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
File "./sqlmap.py", line 89, in main
start()
File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in
start
setupTargetEnv()
File "/home/foens/sqlmap/lib/core/target.py", line 258, in setupTargetEnv
__setOutputResume()
File "/home/foens/sqlmap/lib/core/target.py", line 130, in
__setOutputResume
for line in readSessionFP.readlines(): # xreadlines doesn't return
unicode strings when codec.open() is used
File "/usr/lib/python2.5/codecs.py", line 626, in readlines
return self.reader.readlines(sizehint)
File "/usr/lib/python2.5/codecs.py", line 535, in readlines
data = self.read()
File "/usr/lib/python2.5/codecs.py", line 424, in read
newchars, decodedbytes = self.decode(data, self.errors)
UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position
3397: unexpected code byte
[*] shutting down at: 14:17:25
|
|
From: Miroslav S. <mir...@gm...> - 2010-06-09 12:54:27
|
Hi. As you can conclude, we've modified sqlmap for full unicode support and expect (not too many hopefully :) this kind of "unpredicted fails". Could you be so kind and send some kind of excerpt or whole session file (privately) with the containing "problematic" part. Kind regards. On Wed, Jun 9, 2010 at 2:16 PM, Kasper Føns <th...@ma...> wrote: > Hello SQLMAP users. > > Is there a problem using an old session file with new svn version? > > I get this: > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 14:17:25 > > [14:17:25] [INFO] using 'bla' as session file > > [14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy > the command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.9-dev > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in > start > setupTargetEnv() > File "/home/foens/sqlmap/lib/core/target.py", line 258, in setupTargetEnv > __setOutputResume() > File "/home/foens/sqlmap/lib/core/target.py", line 130, in > __setOutputResume > for line in readSessionFP.readlines(): # xreadlines doesn't return > unicode strings when codec.open() is used > File "/usr/lib/python2.5/codecs.py", line 626, in readlines > return self.reader.readlines(sizehint) > File "/usr/lib/python2.5/codecs.py", line 535, in readlines > data = self.read() > File "/usr/lib/python2.5/codecs.py", line 424, in read > newchars, decodedbytes = self.decode(data, self.errors) > UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position > 3397: unexpected code byte > > [*] shutting down at: 14:17:25 > > ------------------------------------------------------------------------------ > ThinkGeek and WIRED's GeekDad team up for the Ultimate > GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the > lucky parental unit. See the prize list and enter to win: > http://p.sf.net/sfu/thinkgeek-promo > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2010-06-09 14:51:55
|
Hi again. Thank you very much for pointing us to this direction. It seems that we haven't pay enough attention to HTTP content charset encoding in previous. Now, with the latest commit, we take care of the declared HTTP response charset encoding and properly decode it to unicode. This means that previously all session/log files were stored with improper encoding (ASCII without proper decoding) which results in some cases to disaster (euro sign is 0x80 in cp1252, while 0x20ac in Unicode, and "improper" in ASCII -> in plain speak: if the declared page's charset was declared to cp1252 and we store it in plain ASCII as 0x80, in final we get sh.t). To finalize, latest commit is a major bug fix. So, please update. Sorry Kasper, your problem with those crashes isn't solved with this one, but we'll try to find something out for this too. KR On Wed, Jun 9, 2010 at 3:07 PM, Kasper Føns <th...@ma...> wrote: > Hi Miro. > > I think this part would knock sqlmap down. > > It should have been an ø. > (image of ø: http://www.xn--srensen-q1a.dk/charmap.jpg) > > /Kasper > > On 09-06-2010 14:54, Miroslav Stampar wrote: >> >> Hi. >> >> As you can conclude, we've modified sqlmap for full unicode support >> and expect (not too many hopefully :) this kind of "unpredicted >> fails". >> >> Could you be so kind and send some kind of excerpt or whole session >> file (privately) with the containing "problematic" part. >> >> Kind regards. >> >> On Wed, Jun 9, 2010 at 2:16 PM, Kasper Føns<th...@ma...> wrote: >> >>> >>> Hello SQLMAP users. >>> >>> Is there a problem using an old session file with new svn version? >>> >>> I get this: >>> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >>> http://sqlmap.sourceforge.net >>> >>> [*] starting at: 14:17:25 >>> >>> [14:17:25] [INFO] using 'bla' as session file >>> >>> [14:17:25] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >>> the command line and the following text and send by e-mail to >>> sql...@li.... The developer will fix it as soon as >>> possible: >>> sqlmap version: 0.9-dev >>> Python version: 2.5.2 >>> Operating system: posix >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 89, in main >>> start() >>> File "/home/foens/sqlmap/lib/controller/controller.py", line 152, in >>> start >>> setupTargetEnv() >>> File "/home/foens/sqlmap/lib/core/target.py", line 258, in >>> setupTargetEnv >>> __setOutputResume() >>> File "/home/foens/sqlmap/lib/core/target.py", line 130, in >>> __setOutputResume >>> for line in readSessionFP.readlines(): # xreadlines doesn't return >>> unicode strings when codec.open() is used >>> File "/usr/lib/python2.5/codecs.py", line 626, in readlines >>> return self.reader.readlines(sizehint) >>> File "/usr/lib/python2.5/codecs.py", line 535, in readlines >>> data = self.read() >>> File "/usr/lib/python2.5/codecs.py", line 424, in read >>> newchars, decodedbytes = self.decode(data, self.errors) >>> UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position >>> 3397: unexpected code byte >>> >>> [*] shutting down at: 14:17:25 >>> >>> >>> ------------------------------------------------------------------------------ >>> ThinkGeek and WIRED's GeekDad team up for the Ultimate >>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the >>> lucky parental unit. See the prize list and enter to win: >>> http://p.sf.net/sfu/thinkgeek-promo >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
){kind=link}
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-03-16 12:30:02
|
Hi Kasper, On Mon, Mar 15, 2010 at 18:17, Kasper Føns <th...@ma...> wrote: > ... > [SUGGESTION / BUG] > ... > I guess that the server returned 404, which of course can be valid since > p is properly a "page" parameter. > So, we can drop this url, but don't stop the whole google dorks progress. Fixed and committed. > [SUGGESTION] > Another suggestion was being able to give some input, while sqlmap is > trying a server, that makes sqlmap go to the next. > Sometimes servers are just slow, unresposive or have so many cookie > parameters that you just want to go on. > It might be by pressing 's' for skip, just something. We have it already in the TODO list, it will probably come for version 1.0. > [BUG] > Infinite connection redirection: > ... This will be fixed soon. > [BUG] > Unknown bug... > [19:08:30] [INFO] testing if the url is stable, wait a few seconds > [19:08:36] [WARNING] connection timed out to the target url or proxy, > skipping to next url > [19:08:36] [WARNING] url is not stable, sqlmap will base the page > comparison on a sequence matcher, if no dynamic nor injectable > parameters are detected, refer > to user's manual paragraph 'Page comparison' and provide a string or > regular expression to match on > [19:08:36] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic > [19:08:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy > the comman > d line and the following text and send by e-mail to > sql...@li...urcefor > ge.net. The developer will fix it as soon as possible: > sqlmap version: 0.9-dev > Python version: 2.6.4 > Operating system: win32 > Traceback (most recent call last): > File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main > start() > File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", > line 194, i > n start > elif not checkDynParam(place, parameter, value): > File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line > 260, in ch > eckDynParam > dynResult1 = Request.queryPage(payload, place) > File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line > 296, in quer > yPage > return comparison(page, headers, getSeqMatcher) > File "C:\Users\foens\Desktop\sqlmap\lib\request\comparison.py", line > 72, in co > mparison > ratio = round(conf.seqMatcher.ratio(), 3) > File "C:\Python26\lib\difflib.py", line 660, in ratio > self.get_matching_blocks(), 0) > File "C:\Python26\lib\difflib.py", line 482, in get_matching_blocks > la, lb = len(self.a), len(self.b) > TypeError: object of type 'NoneType' has no len() Can you please provide us with further details? What's the command line you used? Can you also provide us (privately if you prefer) the full output with -v5? > [BUG] > Also, it seems that there has been introduced a bug in lastest svn in > regards to url redirection (as it is mentioned in the logs): > ... Indeed, it has. This will also be fixed soon. -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Kasper F. <th...@ma...> - 2010-03-16 15:16:06
|
Hi Bernardo. You are seriously fast! Blazingly! I can't give you more output to the command, since I actually don't remember what it was :'( If it comes up again, I will be sure to send you the full output with -v 5. But your just fast! Thanks /Kasper On 16-03-2010 13:22, Bernardo Damele A. G. wrote: > Hi Kasper, > > On Mon, Mar 15, 2010 at 18:17, Kasper Føns<th...@ma...> wrote: > >> ... >> [SUGGESTION / BUG] >> ... >> I guess that the server returned 404, which of course can be valid since >> p is properly a "page" parameter. >> So, we can drop this url, but don't stop the whole google dorks progress. >> > Fixed and committed. > > >> [SUGGESTION] >> Another suggestion was being able to give some input, while sqlmap is >> trying a server, that makes sqlmap go to the next. >> Sometimes servers are just slow, unresposive or have so many cookie >> parameters that you just want to go on. >> It might be by pressing 's' for skip, just something. >> > We have it already in the TODO list, it will probably come for version 1.0. > > >> [BUG] >> Infinite connection redirection: >> ... >> > This will be fixed soon. > > >> [BUG] >> Unknown bug... >> [19:08:30] [INFO] testing if the url is stable, wait a few seconds >> [19:08:36] [WARNING] connection timed out to the target url or proxy, >> skipping to next url >> [19:08:36] [WARNING] url is not stable, sqlmap will base the page >> comparison on a sequence matcher, if no dynamic nor injectable >> parameters are detected, refer >> to user's manual paragraph 'Page comparison' and provide a string or >> regular expression to match on >> [19:08:36] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic >> [19:08:37] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy >> the comman >> d line and the following text and send by e-mail to >> sql...@li...urcefor >> ge.net. The developer will fix it as soon as possible: >> sqlmap version: 0.9-dev >> Python version: 2.6.4 >> Operating system: win32 >> Traceback (most recent call last): >> File "C:\Users\foens\Desktop\sqlmap\sqlmap.py", line 77, in main >> start() >> File "C:\Users\foens\Desktop\sqlmap\lib\controller\controller.py", >> line 194, i >> n start >> elif not checkDynParam(place, parameter, value): >> File "C:\Users\foens\Desktop\sqlmap\lib\controller\checks.py", line >> 260, in ch >> eckDynParam >> dynResult1 = Request.queryPage(payload, place) >> File "C:\Users\foens\Desktop\sqlmap\lib\request\connect.py", line >> 296, in quer >> yPage >> return comparison(page, headers, getSeqMatcher) >> File "C:\Users\foens\Desktop\sqlmap\lib\request\comparison.py", line >> 72, in co >> mparison >> ratio = round(conf.seqMatcher.ratio(), 3) >> File "C:\Python26\lib\difflib.py", line 660, in ratio >> self.get_matching_blocks(), 0) >> File "C:\Python26\lib\difflib.py", line 482, in get_matching_blocks >> la, lb = len(self.a), len(self.b) >> TypeError: object of type 'NoneType' has no len() >> > Can you please provide us with further details? What's the command > line you used? Can you also provide us (privately if you prefer) the > full output with -v5? > > >> [BUG] >> Also, it seems that there has been introduced a bug in lastest svn in >> regards to url redirection (as it is mentioned in the logs): >> ... >> > Indeed, it has. This will also be fixed soon. > > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X