Thread: [sqlmap-users] Unable to fingerprint dbms
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: -insane- <in...@gm...> - 2011-01-12 16:57:22
|
Unable to fingerprint any dbms. If i use earlier versions it works.
sqlmap identified the following injection points with a total of 0
HTTP(s) requests:
---
Place: GET
Parameter: xxx
Type: boolean-based blind
Title: AND boolean-based blind - WHERE clause
Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 AND
8933=8933&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
Type: UNION query
Title: MySQL NULL UNION query - 1 to 3 columns
Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 UNION ALL SELECT NULL,
NULL, NULL, CHAR(75,101,105,110), NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, NULL,
NULL#&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
---
[17:51:28] [INFO] testing MySQL
[17:51:28] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your
run with the latest development version from the Subversion repository.
If the exception persists, please send by e-mail to
sql...@li... the command line, the following text
and any information needed to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r2946)
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
File "/pentest/database/sqlmap/sqlmap.py", line 83, in main
start()
File "/pentest/database/sqlmap/lib/controller/controller.py", line
407, in start
action()
File "/pentest/database/sqlmap/lib/controller/action.py", line 31, in
action
setHandler()
File "/pentest/database/sqlmap/lib/controller/handler.py", line 103,
in setHandler
if handler.checkDbms():
File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py",
line 175, in checkDbms
result =
inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
File "/pentest/database/sqlmap/lib/request/inject.py", line 504, in
checkBooleanExpression
return getValue(unescaper.unescape(expression),
expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
File "/pentest/database/sqlmap/lib/request/inject.py", line 421, in
getValue
value = __goInband(forgeCaseExpression, expected, sort, resumeValue,
unpack, dump)
File "/pentest/database/sqlmap/lib/request/inject.py", line 379, in
__goInband
output = unionUse(expression, resetCounter=True, unpack=unpack,
dump=dump)
File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py",
line 214, in unionUse
query = agent.forgeInbandQuery(expression, exprPosition=vector[0],
count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
File "/pentest/database/sqlmap/lib/core/agent.py", line 542, in
forgeInbandQuery
inbandQuery += conf.uChar
TypeError: cannot concatenate 'str' and 'NoneType' objects
[*] shutting down at: 17:51:28
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-12 17:33:05
|
Which command line di you run?
Bernardo
On 12 January 2011 16:57, -insane- <in...@gm...> wrote:
> Unable to fingerprint any dbms. If i use earlier versions it works.
>
> sqlmap identified the following injection points with a total of 0
> HTTP(s) requests:
> ---
> Place: GET
> Parameter: xxx
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE clause
> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 AND
> 8933=8933&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
>
> Type: UNION query
> Title: MySQL NULL UNION query - 1 to 3 columns
> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 UNION ALL SELECT NULL,
> NULL, NULL, CHAR(75,101,105,110), NULL, NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL, NULL, NULL,
> NULL#&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
> ---
>
> [17:51:28] [INFO] testing MySQL
>
> [17:51:28] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your
> run with the latest development version from the Subversion repository.
> If the exception persists, please send by e-mail to
> sql...@li... the command line, the following text
> and any information needed to reproduce the bug. The developers will try
> to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 0.9-dev (r2946)
> Python version: 2.5.2
> Operating system: posix
> Traceback (most recent call last):
> File "/pentest/database/sqlmap/sqlmap.py", line 83, in main
> start()
> File "/pentest/database/sqlmap/lib/controller/controller.py", line
> 407, in start
> action()
> File "/pentest/database/sqlmap/lib/controller/action.py", line 31, in
> action
> setHandler()
> File "/pentest/database/sqlmap/lib/controller/handler.py", line 103,
> in setHandler
> if handler.checkDbms():
> File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py",
> line 175, in checkDbms
> result =
> inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
> File "/pentest/database/sqlmap/lib/request/inject.py", line 504, in
> checkBooleanExpression
> return getValue(unescaper.unescape(expression),
> expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 421, in
> getValue
> value = __goInband(forgeCaseExpression, expected, sort, resumeValue,
> unpack, dump)
> File "/pentest/database/sqlmap/lib/request/inject.py", line 379, in
> __goInband
> output = unionUse(expression, resetCounter=True, unpack=unpack,
> dump=dump)
> File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py",
> line 214, in unionUse
> query = agent.forgeInbandQuery(expression, exprPosition=vector[0],
> count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
> File "/pentest/database/sqlmap/lib/core/agent.py", line 542, in
> forgeInbandQuery
> inbandQuery += conf.uChar
> TypeError: cannot concatenate 'str' and 'NoneType' objects
>
> [*] shutting down at: 17:51:28
>
>
> ------------------------------------------------------------------------------
> Protect Your Site and Customers from Malware Attacks
> Learn about various malware tactics and how to avoid them. Understand
> malware threats, the impact they can have on your business, and how you
> can protect your company and customers by using code signing.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-01-13 09:41:48
|
Fixed and committed.
Bernardo
On 12 January 2011 17:32, Bernardo Damele A. G.
<ber...@gm...> wrote:
> Which command line di you run?
>
> Bernardo
>
>
> On 12 January 2011 16:57, -insane- <in...@gm...> wrote:
>> Unable to fingerprint any dbms. If i use earlier versions it works.
>>
>> sqlmap identified the following injection points with a total of 0
>> HTTP(s) requests:
>> ---
>> Place: GET
>> Parameter: xxx
>> Type: boolean-based blind
>> Title: AND boolean-based blind - WHERE clause
>> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 AND
>> 8933=8933&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
>>
>> Type: UNION query
>> Title: MySQL NULL UNION query - 1 to 3 columns
>> Payload: id=995&xxx=1&xxx=xxx.php&xxx=283935 UNION ALL SELECT NULL,
>> NULL, NULL, CHAR(75,101,105,110), NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL, NULL, NULL, NULL, NULL, NULL, NULL,
>> NULL#&xxx=aGVsbHNpY2h0aWdlcyBLYXJ0ZW5sZWdlbiBvaG5lIFZvcmFiaW5mb3JtYXRpb24
>> ---
>>
>> [17:51:28] [INFO] testing MySQL
>>
>> [17:51:28] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your
>> run with the latest development version from the Subversion repository.
>> If the exception persists, please send by e-mail to
>> sql...@li... the command line, the following text
>> and any information needed to reproduce the bug. The developers will try
>> to reproduce the bug, fix it accordingly and get back to you.
>> sqlmap version: 0.9-dev (r2946)
>> Python version: 2.5.2
>> Operating system: posix
>> Traceback (most recent call last):
>> File "/pentest/database/sqlmap/sqlmap.py", line 83, in main
>> start()
>> File "/pentest/database/sqlmap/lib/controller/controller.py", line
>> 407, in start
>> action()
>> File "/pentest/database/sqlmap/lib/controller/action.py", line 31, in
>> action
>> setHandler()
>> File "/pentest/database/sqlmap/lib/controller/handler.py", line 103,
>> in setHandler
>> if handler.checkDbms():
>> File "/pentest/database/sqlmap/plugins/dbms/mysql/fingerprint.py",
>> line 175, in checkDbms
>> result =
>> inject.checkBooleanExpression("CONNECTION_ID()=CONNECTION_ID()")
>> File "/pentest/database/sqlmap/lib/request/inject.py", line 504, in
>> checkBooleanExpression
>> return getValue(unescaper.unescape(expression),
>> expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
>> File "/pentest/database/sqlmap/lib/request/inject.py", line 421, in
>> getValue
>> value = __goInband(forgeCaseExpression, expected, sort, resumeValue,
>> unpack, dump)
>> File "/pentest/database/sqlmap/lib/request/inject.py", line 379, in
>> __goInband
>> output = unionUse(expression, resetCounter=True, unpack=unpack,
>> dump=dump)
>> File "/pentest/database/sqlmap/lib/techniques/inband/union/use.py",
>> line 214, in unionUse
>> query = agent.forgeInbandQuery(expression, exprPosition=vector[0],
>> count=vector[1], comment=vector[2], prefix=vector[3], suffix=vector[4])
>> File "/pentest/database/sqlmap/lib/core/agent.py", line 542, in
>> forgeInbandQuery
>> inbandQuery += conf.uChar
>> TypeError: cannot concatenate 'str' and 'NoneType' objects
>>
>> [*] shutting down at: 17:51:28
>>
>>
>> ------------------------------------------------------------------------------
>> Protect Your Site and Customers from Malware Attacks
>> Learn about various malware tactics and how to avoid them. Understand
>> malware threats, the impact they can have on your business, and how you
>> can protect your company and customers by using code signing.
>> http://p.sf.net/sfu/oracle-sfdevnl
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X