Thread: [sqlmap-users] Bug?
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Brandon <bmu...@gm...> - 2010-03-19 05:30:37
|
I am having a problem auditing the cat param. It appears it audits the param before it but totally ignores the params after it and shuts down. C:\sqlmap8>sqlmap -u vulnsite.org/ks.php?mode=cat&cat=26 -v 1 \ -p "mode,cat" sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 01:25:31 [01:25:31] [INFO] using 'C:\sqlmap8\output\vulnsite.org\session' as session file [01:25:31] [INFO] testing connection to the target url [01:25:33] [INFO] testing if the url is stable, wait a few seconds [01:25:39] [INFO] url is stable [01:25:39] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [01:25:41] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [01:25:41] [INFO] testing if GET parameter 'mode' is dynamic [01:25:48] [WARNING] GET parameter 'mode' is not dynamic [*] shutting down at: 01:25:48 'cat' is not recognized as an internal or external command, operable program or batch file. I do the command just like in the manual and it still doesn't work |
|
From: Daniele R. <dan...@ya...> - 2011-06-03 09:54:20
|
I did this thing under windows: create a /x41 (10000 bytes) file (called sqlmap.conf) I gave it to sqlmap with -c and i got this: C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:43:52 [*] shutting down at: 11:43:52 Traceback (most recent call last): File "sqlmap.py", line 126, in <module> main() File "sqlmap.py", line 111, in main errMsg = unhandledExceptionMessage() File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in unhandledEx ceptionMessage errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % Backend.getDbms() if Backend.getDbms() is not None else "%s (identified)" % Backend.getIdentifiedDbm s()) File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in getIdentifie dDbms elif conf.dbms is not None: File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in __getattr__ raise sqlmapDataException, "unable to access item '%s'" % item lib.core.exception.sqlmapDataException: unable to access item 'dbms' C:\pentest-vulnass\sqlmap> Maybe you can find this useful. Daniele regards |
|
From: Miroslav S. <mir...@gm...> - 2011-06-03 10:13:53
|
hi Daniele. first of all ROFLMAO :) if you wanted to fuzz the sqlmap to become famous then... i can't find appropriate words. only problem is that you'll need to find a way how to execute fuzzed python code. we'll patch this one just for the lulz good luck and thanks for all the fish :) kr On Fri, Jun 3, 2011 at 11:54 AM, Daniele Rivetti <dan...@ya...> wrote: > I did this thing under windows: create a /x41 (10000 bytes) file (called > sqlmap.conf) I gave it to sqlmap with -c and i got this: > C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf > > sqlmap/0.9 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 11:43:52 > > > > [*] shutting down at: 11:43:52 > > Traceback (most recent call last): > File "sqlmap.py", line 126, in <module> > main() > File "sqlmap.py", line 111, in main > errMsg = unhandledExceptionMessage() > File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in > unhandledEx > ceptionMessage > errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % > Backend.getDbms() if > Backend.getDbms() is not None else "%s (identified)" % > Backend.getIdentifiedDbm > s()) > File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in > getIdentifie > dDbms > elif conf.dbms is not None: > File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in > __getattr__ > > raise sqlmapDataException, "unable to access item '%s'" % item > lib.core.exception.sqlmapDataException: unable to access item 'dbms' > > C:\pentest-vulnass\sqlmap> > > Maybe you can find this useful. > Daniele > regards > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Discover what all the cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-06-03 11:06:31
|
hi Daniele. please forgive for my rudeness. it was only matter of time before someone will try to do bad things to sqlmap with things like: 'a'*10000. this is the only PoC i could find for python based programs and it requires ancient Python version and usage of os.path.realpath function: http://www.securiteam.com/exploits/5BP0D2KI0C.html we use it only at two places - grep for os.path.realpath(__file__), and it's hardly imaginable that it could be exploited in that manner. nevertheless, thank you for your report and find it fixed in the latest commit. kr On Fri, Jun 3, 2011 at 12:13 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Daniele. > > first of all ROFLMAO :) > > if you wanted to fuzz the sqlmap to become famous then... i can't find > appropriate words. only problem is that you'll need to find a way how > to execute fuzzed python code. > > we'll patch this one just for the lulz > > good luck and thanks for all the fish :) > > kr > > On Fri, Jun 3, 2011 at 11:54 AM, Daniele Rivetti > <dan...@ya...> wrote: >> I did this thing under windows: create a /x41 (10000 bytes) file (called >> sqlmap.conf) I gave it to sqlmap with -c and i got this: >> C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf >> >> sqlmap/0.9 - automatic SQL injection and database takeover tool >> http://sqlmap.sourceforge.net >> >> [*] starting at: 11:43:52 >> >> >> >> [*] shutting down at: 11:43:52 >> >> Traceback (most recent call last): >> File "sqlmap.py", line 126, in <module> >> main() >> File "sqlmap.py", line 111, in main >> errMsg = unhandledExceptionMessage() >> File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in >> unhandledEx >> ceptionMessage >> errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % >> Backend.getDbms() if >> Backend.getDbms() is not None else "%s (identified)" % >> Backend.getIdentifiedDbm >> s()) >> File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in >> getIdentifie >> dDbms >> elif conf.dbms is not None: >> File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in >> __getattr__ >> >> raise sqlmapDataException, "unable to access item '%s'" % item >> lib.core.exception.sqlmapDataException: unable to access item 'dbms' >> >> C:\pentest-vulnass\sqlmap> >> >> Maybe you can find this useful. >> Daniele >> regards >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment with vRanger. >> Installation's a snap, and flexible recovery options mean your data is safe, >> secure and there when you need it. Discover what all the cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Alessandro T. <ale...@lo...> - 2010-03-19 09:13:35
|
The bug is human, missing quotes. Il giorno 19/mar/2010 06:31, "Brandon" <bmu...@gm...> ha scritto: I am having a problem auditing the cat param. It appears it audits the param before it but totally ignores the params after it and shuts down. C:\sqlmap8>sqlmap -u vulnsite.org/ks.php?mode=cat&cat=26 -v 1 \ -p "mode,cat" sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 01:25:31 [01:25:31] [INFO] using 'C:\sqlmap8\output\vulnsite.org\session' as session file [01:25:31] [INFO] testing connection to the target url [01:25:33] [INFO] testing if the url is stable, wait a few seconds [01:25:39] [INFO] url is stable [01:25:39] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [01:25:41] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [01:25:41] [INFO] testing if GET parameter 'mode' is dynamic [01:25:48] [WARNING] GET parameter 'mode' is not dynamic [*] shutting down at: 01:25:48 'cat' is not recognized as an internal or external command, operable program or batch file. I do the command just like in the manual and it still doesn't work ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X