sqlmap-users

[sqlmap-users] mssql file read error

[Владимир Г. <war...@gm...>]

[08:59:47] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
reque
sts:
---
Place: GET
Parameter: b2mid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE clause
    Payload: id=24410 AND 7218=7218

    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: id=24410 ; WAITFOR DELAY '0:0:5';--
---

[08:59:48] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[08:59:48] [INFO] fetching file: 'c:/boot.ini'
[08:59:51] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 6 times

[08:59:51] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with
 the latest development version from the Subversion repository. If the
exception
 persists, please send by e-mail to sql...@li... the
comma
nd line, the following text and any information needed to reproduce the bug.
The
 developers will try to reproduce the bug, fix it accordingly and get back
to yo
u.
sqlmap version: 0.9-dev (r2971)
Python version: 2.6.6
Operating system: nt
Traceback (most recent call last):
  File "sqlmap.py", line 83, in main
    start()
  File "C:\DSU\soft\sqlmap\lib\controller\controller.py", line 413, in start
    action()
  File "C:\DSU\soft\sqlmap\lib\controller\action.py", line 122, in action
    conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
  File "C:\DSU\soft\sqlmap\plugins\generic\filesystem.py", line 266, in
readFile

    fileContent = self.stackedReadFile(rFile)
  File "C:\DSU\soft\sqlmap\plugins\dbms\mssqlserver\filesystem.py", line 95,
in
stackedReadFile
    if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
NameError: global name 'PAYLOAD' is not defined

[*] shutting down at: 08:59:51

Re: [sqlmap-users] mssql file read error

[Bernardo D. A. G. <ber...@gm...>]

Fixed and committed.

On 15 January 2011 07:01, Владимир Гопиенко <war...@gm...> wrote:
> [08:59:47] [INFO] testing connection to the target url
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> reque
> sts:
> ---
> Place: GET
> Parameter: b2mid
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE clause
>     Payload: id=24410 AND 7218=7218
>
>     Type: stacked queries
>     Title: Microsoft SQL Server/Sybase stacked queries
>     Payload: id=24410 ; WAITFOR DELAY '0:0:5';--
> ---
>
> [08:59:48] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows 2003
> web application technology: ASP.NET, Microsoft IIS 6.0, ASP
> back-end DBMS: Microsoft SQL Server 2000
> [08:59:48] [INFO] fetching file: 'c:/boot.ini'
> [08:59:51] [WARNING] HTTP error codes detected during testing:
> 500 (Internal Server Error) - 6 times
>
> [08:59:51] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
> with
>  the latest development version from the Subversion repository. If the
> exception
>  persists, please send by e-mail to sql...@li... the
> comma
> nd line, the following text and any information needed to reproduce the bug.
> The
>  developers will try to reproduce the bug, fix it accordingly and get back
> to yo
> u.
> sqlmap version: 0.9-dev (r2971)
> Python version: 2.6.6
> Operating system: nt
> Traceback (most recent call last):
>   File "sqlmap.py", line 83, in main
>     start()
>   File "C:\DSU\soft\sqlmap\lib\controller\controller.py", line 413, in start
>     action()
>   File "C:\DSU\soft\sqlmap\lib\controller\action.py", line 122, in action
>     conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
>   File "C:\DSU\soft\sqlmap\plugins\generic\filesystem.py", line 266, in
> readFile
>
>     fileContent = self.stackedReadFile(rFile)
>   File "C:\DSU\soft\sqlmap\plugins\dbms\mssqlserver\filesystem.py", line 95,
> in
> stackedReadFile
>     if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
> NameError: global name 'PAYLOAD' is not defined
>
> [*] shutting down at: 08:59:51
>
> ------------------------------------------------------------------------------
> Protect Your Site and Customers from Malware Attacks
> Learn about various malware tactics and how to avoid them. Understand
> malware threats, the impact they can have on your business, and how you
> can protect your company and customers by using code signing.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F