sqlmap-users

[sqlmap-users] error while trying to get error page information (500)

[Ahmed S. <ah...@is...>]

sqlmap version: 0.9-dev (r3225)
Python version: 2.7
Operating system: posix
Command line: ./sqlmap.py -u ************************************
--method=POST --data=email=test&pass=test&keepcookies=1&login=1 --level=3
Technique: UNION
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
    start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 356, in
start
    injection = checkSqlInjection(place, parameter, value)
  File "/pentest/database/sqlmap/lib/controller/checks.py", line 375, in
checkSqlInjection
    reqPayload, vector = unionTest(comment, place, parameter, value, prefix,
suffix)
  File "/pentest/database/sqlmap/lib/techniques/inband/union/test.py", line
196, in unionTest
    validPayload, vector = __unionTestByCharBruteforce(comment, place,
parameter, value, prefix, suffix)
  File "/pentest/database/sqlmap/lib/techniques/inband/union/test.py", line
170, in __unionTestByCharBruteforce
    count = __findUnionCharCount(comment, place, parameter, value, prefix,
suffix)
  File "/pentest/database/sqlmap/lib/techniques/inband/union/test.py", line
70, in __findUnionCharCount
    if abs(max_ - min_) < MIN_STATISTICAL_RANGE:
TypeError: unsupported operand type(s) for -: 'float' and 'NoneType'

[*] shutting down at: 22:11:56


-- 

   - Ahmed Shawky El-Antry
   - Pen-tester, Programmer and System administrator
   - lnxg33k owner "http://lnxg33k.wordpress.com"
   - Isecur1ty team "http://www.isecur1ty.org"
   - Twitter @lnxg33k

Re: [sqlmap-users] error while trying to get error page information (500)

[Miroslav S. <mir...@gm...>]

hi Ahmed.

thank you for your report. at the end we were able to reproduce it.
find the fix in the latest revision (r3226)

kr

On Fri, Feb 4, 2011 at 9:17 PM, Ahmed Shawky <ah...@is...> wrote:
> sqlmap version: 0.9-dev (r3225)
> Python version: 2.7
> Operating system: posix
> Command line: ./sqlmap.py -u ************************************
> --method=POST --data=email=test&pass=test&keepcookies=1&login=1 --level=3
> Technique: UNION
> Back-end DBMS: Microsoft SQL Server (fingerprinted)
> Traceback (most recent call last):
>   File "./sqlmap.py", line 82, in main
>     start()
>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 356, in
> start
>     injection = checkSqlInjection(place, parameter, value)
>   File "/pentest/database/sqlmap/lib/controller/checks.py", line 375, in
> checkSqlInjection
>     reqPayload, vector = unionTest(comment, place, parameter, value, prefix,
> suffix)
>   File "/pentest/database/sqlmap/lib/techniques/inband/union/test.py", line
> 196, in unionTest
>     validPayload, vector = __unionTestByCharBruteforce(comment, place,
> parameter, value, prefix, suffix)
>   File "/pentest/database/sqlmap/lib/techniques/inband/union/test.py", line
> 170, in __unionTestByCharBruteforce
>     count = __findUnionCharCount(comment, place, parameter, value, prefix,
> suffix)
>   File "/pentest/database/sqlmap/lib/techniques/inband/union/test.py", line
> 70, in __findUnionCharCount
>     if abs(max_ - min_) < MIN_STATISTICAL_RANGE:
> TypeError: unsupported operand type(s) for -: 'float' and 'NoneType'
> [*] shutting down at: 22:11:56
>
> --
>
> Ahmed Shawky El-Antry
> Pen-tester, Programmer and System administrator
> lnxg33k owner "http://lnxg33k.wordpress.com"
> Isecur1ty team "http://www.isecur1ty.org"
> Twitter @lnxg33k
>
> ------------------------------------------------------------------------------
> The modern datacenter depends on network connectivity to access resources
> and provide services. The best practices for maximizing a physical server's
> connectivity to a physical network are well understood - see how these
> rules translate into the virtual world?
> http://p.sf.net/sfu/oracle-sfdevnlfb
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
Alternate: miroslav.stampar (at) mail.ru
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia