sqlmap-users

[sqlmap-users] Unknown Encoding

[mitchell <mit...@tu...>]

Hello,

First, good job on the SOAP-based requests improvement! I am really looking
forward to test this feature in a test.

I was using sqlmap against the site of a customer with a Cyrillic encoding
the other day, and it produced the following error:

------------------------------------------------
# ./sqlmap.py -u 'http://url.com/script.php?id=1'

    sqlmap/0.9-dev - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 06:19:48

[06:19:48] [INFO] using '/pentest/database/sqlmap/output/www.url.com/session'
as session file
[06:19:48] [INFO] testing connection to the target url

[06:19:49] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.9-dev
Python version: 2.6.5
Operating system: posix
Traceback (most recent call last):
  File "./sqlmap.py", line 89, in main
    start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in
start
    if not checkConnection() or not checkString() or not checkRegexp():
  File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in
checkConnection
    page, _ = Request.getPage()
  File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in
getPage
    page = decodePage(page, responseHeaders.get("Content-Encoding"),
responseHeaders.get("Content-Type"))
  File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in
decodePage
    page = unicode(page, contentType.split('charset=')[-1])     #don't use
getUnicode here. it needs to stay as is.
LookupError: unknown encoding: cp-1251

[*] shutting down at: 06:19:49

===========

# svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 1775
Node Kind: directory
Schedule: normal
Last Changed Author: inquisb
Last Changed Rev: 1775
Last Changed Date: 2010-06-25 16:24:43 +0300 (Fri, 25 Jun 2010)
------------------------------------------------

I can recreate the error with the last update of sqlmap, as of several
minutes ago.

It seems that sqlmap is getting the encoding of the page from the HTTP
response, which in this case is

<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">

The encoding in python is 'cp1251', hence the lookup error.

Maybe sqlmap can keep a dictionary of "encoding translations", so that it
can translate encodings when there is dash in the encoding returned in the
response?

Cheers!

# mitchell

Re: [sqlmap-users] Unknown Encoding

[Bernardo D. A. G. <ber...@gm...>]

Miroslav fixed this bug and committed the patch. It's in svn.
Thanks for reporting.

Bernardo


On Wed, Jun 30, 2010 at 11:31, mitchell <mit...@tu...> wrote:
> Hello,
> First, good job on the SOAP-based requests improvement! I am really looking
> forward to test this feature in a test.
> I was using sqlmap against the site of a customer with a Cyrillic encoding
> the other day, and it produced the following error:
> ------------------------------------------------
> # ./sqlmap.py -u 'http://url.com/script.php?id=1'
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
> [*] starting at: 06:19:48
> [06:19:48] [INFO] using
> '/pentest/database/sqlmap/output/www.url.com/session' as session file
> [06:19:48] [INFO] testing connection to the target url
> [06:19:49] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the
> command line and the following text and send by e-mail to
> sql...@li.... The developer will fix it as soon as
> possible:
> sqlmap version: 0.9-dev
> Python version: 2.6.5
> Operating system: posix
> Traceback (most recent call last):
>   File "./sqlmap.py", line 89, in main
>     start()
>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in
> start
>     if not checkConnection() or not checkString() or not checkRegexp():
>   File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in
> checkConnection
>     page, _ = Request.getPage()
>   File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in
> getPage
>     page = decodePage(page, responseHeaders.get("Content-Encoding"),
> responseHeaders.get("Content-Type"))
>   File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in
> decodePage
>     page = unicode(page, contentType.split('charset=')[-1])     #don't use
> getUnicode here. it needs to stay as is.
> LookupError: unknown encoding: cp-1251
> [*] shutting down at: 06:19:49
> ===========
> # svn info
> Path: .
> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
> Repository Root: https://svn.sqlmap.org/sqlmap
> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
> Revision: 1775
> Node Kind: directory
> Schedule: normal
> Last Changed Author: inquisb
> Last Changed Rev: 1775
> Last Changed Date: 2010-06-25 16:24:43 +0300 (Fri, 25 Jun 2010)
> ------------------------------------------------
> I can recreate the error with the last update of sqlmap, as of several
> minutes ago.
> It seems that sqlmap is getting the encoding of the page from the HTTP
> response, which in this case is
> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
> The encoding in python is 'cp1251', hence the lookup error.
> Maybe sqlmap can keep a dictionary of "encoding translations", so that it
> can translate encodings when there is dash in the encoding returned in the
> response?
> Cheers!
> # mitchell
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F