Thread: [sqlmap-users] Sqlmap: DBMS Microsoft SQL Server 2005 --current-db ERROR
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Pavel S. <sap...@gm...> - 2010-10-08 17:42:56
|
Hello there, I got another error with sqlmap-0.9dev: $ python sqlmap.py -u "http://www.cssd.cz/vyhledat/?slovo=hledat" -v 1 -a "./txt/user-agents.txt" --current-db --threads 3 [*] starting at: 19:21:53 [19:21:53] [INFO] fetched random HTTP User-Agent header from file './txt/user-agents.txt': Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0 [19:21:53] [INFO] using '/home/unkq/sqlmap/output/www.cssd.cz/session' as session file [19:21:53] [INFO] resuming match ratio '0.9' from session file [19:21:53] [INFO] resuming injection point 'GET' from session file [19:21:53] [INFO] resuming injection parameter 'slovo' from session file [19:21:53] [INFO] resuming injection type 'stringdouble' from session file [19:21:53] [INFO] resuming 2 number of parenthesis from session file [19:21:53] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from session file [19:21:53] [INFO] testing connection to the target url [19:21:58] [INFO] testing for parenthesis on injectable parameter [19:21:58] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: Apache back-end DBMS: Microsoft SQL Server 2005 [19:21:58] [INFO] fetching current database [19:21:58] [INFO] retrieving the length of query output [19:21:58] [INFO] retrieved: 816555554554444447411111114444455444444121445455444511111 [19:31:43] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.9-dev Python version: 2.6.4 Operating system: posix Traceback (most recent call last): File "sqlmap.py", line 96, in main start() File "/home/unkq/sqlmap/lib/controller/controller.py", line 281, in start action() File "/home/unkq/sqlmap/lib/controller/action.py", line 89, in action conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb()) File "/home/unkq/sqlmap/plugins/generic/enumeration.py", line 131, in getCurrentDb kb.data.currentDb = inject.getValue(query) File "/home/unkq/sqlmap/lib/request/inject.py", line 374, in getValue value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) File "/home/unkq/sqlmap/lib/request/inject.py", line 120, in __goInferenceProxy output = resume(expression, payload) File "/home/unkq/sqlmap/lib/utils/resume.py", line 164, in resume if len(resumedValue) == int(length): ValueError: invalid literal for int() with base 10: '816555554554444447411\x02111114444455444444\x02\x021\x02214454554445111\x0211' [*] shutting down at: 19:31:43 |
|
From: Miroslav S. <mir...@gm...> - 2010-10-09 00:24:10
|
hi. could you please send me privately content of a file: /home/unkq/sqlmap/output/www.cssd.cz/session for further analysis. also, please retry your testing with usage of flag: --flush-session. kind regards. On Fri, Oct 8, 2010 at 7:42 PM, Pavel Saparov <sap...@gm...> wrote: > Hello there, I got another error with sqlmap-0.9dev: > > $ python sqlmap.py -u "http://www.cssd.cz/vyhledat/?slovo=hledat" -v 1 -a > "./txt/user-agents.txt" --current-db --threads 3 > > [*] starting at: 19:21:53 > > [19:21:53] [INFO] fetched random HTTP User-Agent header from file > './txt/user-agents.txt': Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) > Gecko/20060130 SeaMonkey/1.0 > [19:21:53] [INFO] using '/home/unkq/sqlmap/output/www.cssd.cz/session' as > session file > [19:21:53] [INFO] resuming match ratio '0.9' from session file > [19:21:53] [INFO] resuming injection point 'GET' from session file > [19:21:53] [INFO] resuming injection parameter 'slovo' from session file > [19:21:53] [INFO] resuming injection type 'stringdouble' from session file > [19:21:53] [INFO] resuming 2 number of parenthesis from session file > [19:21:53] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from > session file > [19:21:53] [INFO] testing connection to the target url > [19:21:58] [INFO] testing for parenthesis on injectable parameter > [19:21:58] [INFO] the back-end DBMS is Microsoft SQL Server > > web application technology: Apache > back-end DBMS: Microsoft SQL Server 2005 > [19:21:58] [INFO] fetching current database > [19:21:58] [INFO] retrieving the length of query output > [19:21:58] [INFO] retrieved: > 816555554554444447411111114444455444444121445455444511111 > > [19:31:43] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.9-dev > Python version: 2.6.4 > Operating system: posix > Traceback (most recent call last): > File "sqlmap.py", line 96, in main > start() > File "/home/unkq/sqlmap/lib/controller/controller.py", line 281, in start > action() > File "/home/unkq/sqlmap/lib/controller/action.py", line 89, in action > conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb()) > File "/home/unkq/sqlmap/plugins/generic/enumeration.py", line 131, in > getCurrentDb > kb.data.currentDb = inject.getValue(query) > File "/home/unkq/sqlmap/lib/request/inject.py", line 374, in getValue > value = __goInferenceProxy(expression, fromUser, expected, batch, > resumeValue, unpack, charsetType, firstChar, lastChar) > File "/home/unkq/sqlmap/lib/request/inject.py", line 120, in > __goInferenceProxy > output = resume(expression, payload) > File "/home/unkq/sqlmap/lib/utils/resume.py", line 164, in resume > if len(resumedValue) == int(length): > ValueError: invalid literal for int() with base 10: > '816555554554444447411\x02111114444455444444\x02\x021\x02214454554445111\x0211' > > [*] shutting down at: 19:31:43 > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2010-10-09 00:26:40
|
also, i've tried your attack "vector" and couldn't find any results with that site. is there any other way to retest it? kr On Sat, Oct 9, 2010 at 2:24 AM, Miroslav Stampar <mir...@gm...> wrote: > hi. > > could you please send me privately content of a file: > /home/unkq/sqlmap/output/www.cssd.cz/session > for further analysis. > > also, please retry your testing with usage of flag: --flush-session. > > kind regards. > > On Fri, Oct 8, 2010 at 7:42 PM, Pavel Saparov <sap...@gm...> wrote: >> Hello there, I got another error with sqlmap-0.9dev: >> >> $ python sqlmap.py -u "http://www.cssd.cz/vyhledat/?slovo=hledat" -v 1 -a >> "./txt/user-agents.txt" --current-db --threads 3 >> >> [*] starting at: 19:21:53 >> >> [19:21:53] [INFO] fetched random HTTP User-Agent header from file >> './txt/user-agents.txt': Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) >> Gecko/20060130 SeaMonkey/1.0 >> [19:21:53] [INFO] using '/home/unkq/sqlmap/output/www.cssd.cz/session' as >> session file >> [19:21:53] [INFO] resuming match ratio '0.9' from session file >> [19:21:53] [INFO] resuming injection point 'GET' from session file >> [19:21:53] [INFO] resuming injection parameter 'slovo' from session file >> [19:21:53] [INFO] resuming injection type 'stringdouble' from session file >> [19:21:53] [INFO] resuming 2 number of parenthesis from session file >> [19:21:53] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from >> session file >> [19:21:53] [INFO] testing connection to the target url >> [19:21:58] [INFO] testing for parenthesis on injectable parameter >> [19:21:58] [INFO] the back-end DBMS is Microsoft SQL Server >> >> web application technology: Apache >> back-end DBMS: Microsoft SQL Server 2005 >> [19:21:58] [INFO] fetching current database >> [19:21:58] [INFO] retrieving the length of query output >> [19:21:58] [INFO] retrieved: >> 816555554554444447411111114444455444444121445455444511111 >> >> [19:31:43] [CRITICAL] unhandled exception in sqlmap/0.9-dev, please copy the >> command line and the following text and send by e-mail to >> sql...@li.... The developer will fix it as soon as >> possible: >> sqlmap version: 0.9-dev >> Python version: 2.6.4 >> Operating system: posix >> Traceback (most recent call last): >> File "sqlmap.py", line 96, in main >> start() >> File "/home/unkq/sqlmap/lib/controller/controller.py", line 281, in start >> action() >> File "/home/unkq/sqlmap/lib/controller/action.py", line 89, in action >> conf.dumper.currentDb(conf.dbmsHandler.getCurrentDb()) >> File "/home/unkq/sqlmap/plugins/generic/enumeration.py", line 131, in >> getCurrentDb >> kb.data.currentDb = inject.getValue(query) >> File "/home/unkq/sqlmap/lib/request/inject.py", line 374, in getValue >> value = __goInferenceProxy(expression, fromUser, expected, batch, >> resumeValue, unpack, charsetType, firstChar, lastChar) >> File "/home/unkq/sqlmap/lib/request/inject.py", line 120, in >> __goInferenceProxy >> output = resume(expression, payload) >> File "/home/unkq/sqlmap/lib/utils/resume.py", line 164, in resume >> if len(resumedValue) == int(length): >> ValueError: invalid literal for int() with base 10: >> '816555554554444447411\x02111114444455444444\x02\x021\x02214454554445111\x0211' >> >> [*] shutting down at: 19:31:43 >> >> ------------------------------------------------------------------------------ >> Beautiful is writing same markup. Internet Explorer 9 supports >> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. >> Spend less time writing and rewriting code and more time creating great >> experiences on the web. Be a part of the beta today. >> http://p.sf.net/sfu/beautyoftheweb >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X