Thread: Re: [sqlmap-users] SQLMap Bug
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-10 23:11:33
|
Hi Marc-Andre', Marc-André Laverdière wrote: > ... > I'm having the following problem on a vanilla install on my Ubuntu 8.10 box: > > sqlmap -u="http://localhost:8180/securibench-micro/" > > sqlmap/0.6.2 coded by Bernardo Damele A. G. <ber...@gm...> > and Daniele Bellucci <dan...@gm...> > > [*] starting at: 15:09:51 > > [15:09:51] [ERROR] unhandled exception in sqlmap/0.6.2, please copy the > command line and the following text and send by e-mail to > ber...@gm.... I will fix it as soon as possible: > sqlmap version: 0.6.2 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "/usr/bin/sqlmap", line 74, in main > start() > File "/usr/share/sqlmap/lib/controller/controller.py", line 125, in start > initTargetEnv() > File "/usr/share/sqlmap/lib/core/target.py", line 200, in initTargetEnv > parseTargetUrl() > File "/usr/share/sqlmap/lib/core/common.py", line 502, in parseTargetUrl > conf.port = int(__hostnamePort[1]) > ValueError: invalid literal for int() with base 10: '' The syntax is -u "http://localhost:8180/securibench-micro/" or --url="http://localhost:8180/securibench-micro/". Refer to the user's manual and sqlmap.py -h next time. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Andres R. <and...@gm...> - 2008-11-11 14:00:38
|
Bernardo, On Mon, Nov 10, 2008 at 9:11 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi Marc-Andre', > > Marc-André Laverdière wrote: >> ... >> I'm having the following problem on a vanilla install on my Ubuntu 8.10 box: >> >> sqlmap -u="http://localhost:8180/securibench-micro/" >> >> sqlmap/0.6.2 coded by Bernardo Damele A. G. <ber...@gm...> >> and Daniele Bellucci <dan...@gm...> >> >> [*] starting at: 15:09:51 >> >> [15:09:51] [ERROR] unhandled exception in sqlmap/0.6.2, please copy the >> command line and the following text and send by e-mail to >> ber...@gm.... I will fix it as soon as possible: >> sqlmap version: 0.6.2 >> Python version: 2.5.2 >> Operating system: linux2 >> Traceback (most recent call last): >> File "/usr/bin/sqlmap", line 74, in main >> start() >> File "/usr/share/sqlmap/lib/controller/controller.py", line 125, in start >> initTargetEnv() >> File "/usr/share/sqlmap/lib/core/target.py", line 200, in initTargetEnv >> parseTargetUrl() >> File "/usr/share/sqlmap/lib/core/common.py", line 502, in parseTargetUrl >> conf.port = int(__hostnamePort[1]) >> ValueError: invalid literal for int() with base 10: '' > > The syntax is -u "http://localhost:8180/securibench-micro/" or > --url="http://localhost:8180/securibench-micro/". > > Refer to the user's manual and sqlmap.py -h next time. I agree that this is the classical "RTFM", but sqlmap shouldn't show a traceback in this case. The correct behaviour here should have been something like: print 'The port you selected (value: %s) is invalid' % __hostnamePort[1] Also, you should change [ERROR] unhandled exception in sqlmap/0.6.2, please copy the command line and the following text and send by e-mail to ber...@gm... with this: [ERROR] unhandled exception in sqlmap/0.6.2, please copy the command line and the following text and send by e-mail to sql...@li... > Cheers, > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework |
|
From: Bernardo D. A. G. <ber...@gm...> - 2008-11-11 14:08:42
|
Hi Andres, On Tue, Nov 11, 2008 at 14:00, Andres Riancho <and...@gm...> wrote: > ... > I agree that this is the classical "RTFM", but sqlmap shouldn't show a > traceback in this case. The correct behaviour here should have been > something like: > > print 'The port you selected (value: %s) is invalid' % __hostnamePort[1] I am using optparse to parse command line parameters, it's handled automatically. Giving -u="http://..." takes '=http' as target url which is clearly wrong. Nothing I can/want to fix/change here. > ... > [ERROR] unhandled exception in sqlmap/0.6.2, please copy the command > line and the following text and send by e-mail to > sql...@li... Done! Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) PGP Key ID: 0x05F5A30F |
|
From: Daniele B. <dan...@gm...> - 2008-11-11 14:15:16
|
I agree with Bernardo, users shall read documentation before using the tool .. and if the find something wrong they can ask questions. But it's important they read the documentation before posting strange questione to any mailinglist (eg: pen-test) but this! D. On Tue, Nov 11, 2008 at 3:08 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi Andres, > > On Tue, Nov 11, 2008 at 14:00, Andres Riancho <and...@gm...> wrote: >> ... >> I agree that this is the classical "RTFM", but sqlmap shouldn't show a >> traceback in this case. The correct behaviour here should have been >> something like: >> >> print 'The port you selected (value: %s) is invalid' % __hostnamePort[1] > > I am using optparse to parse command line parameters, it's handled > automatically. Giving -u="http://..." takes '=http' as target url > which is clearly wrong. Nothing I can/want to fix/change here. > >> ... >> [ERROR] unhandled exception in sqlmap/0.6.2, please copy the command >> line and the following text and send by e-mail to >> sql...@li... > > Done! > > Cheers, > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) > PGP Key ID: 0x05F5A30F > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Marc-André L. <mar...@at...> - 2008-11-12 04:38:07
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys! Sorry for causing a thread without me wanting to. As a sidenote, its just basic usability to distinguish between a system failure (stack trace) and an improper set of usage parameters. I'm 100% with Andres on this. I wouldn't have sent you a bug report if the output said "RFTM" instead of telling me to send you a bug report... I think the time taken to change that will be lesser than the time you'll spend dealing with RFTM cases... Daniele Bellucci wrote: > I agree with Bernardo, users shall read documentation before using the > tool .. and if the find something wrong they can ask questions. But > it's important they read the documentation before posting strange > questione to any mailinglist (eg: pen-test) but this! > > D. > > > > > On Tue, Nov 11, 2008 at 3:08 PM, Bernardo Damele A. G. > <ber...@gm...> wrote: >> Hi Andres, >> >> On Tue, Nov 11, 2008 at 14:00, Andres Riancho <and...@gm...> wrote: >>> ... >>> I agree that this is the classical "RTFM", but sqlmap shouldn't show a >>> traceback in this case. The correct behaviour here should have been >>> something like: >>> >>> print 'The port you selected (value: %s) is invalid' % __hostnamePort[1] >> I am using optparse to parse command line parameters, it's handled >> automatically. Giving -u="http://..." takes '=http' as target url >> which is clearly wrong. Nothing I can/want to fix/change here. >> >>> ... >>> [ERROR] unhandled exception in sqlmap/0.6.2, please copy the command >>> line and the following text and send by e-mail to >>> sql...@li... >> Done! >> >> Cheers, >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) >> PGP Key ID: 0x05F5A30F >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> - -- Marc-André Laverdière Software Security Researcher Innovation Labs, Tata Consultancy Services Hyderabad, India -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkaXWEACgkQ1pcTV+tDOi4+5QCdFw2nDM4E91oJNtobhtlTT+Xl DjcAnjL4XjQaSzER4bO5q4Q3h3p7T7eC =pTR/ -----END PGP SIGNATURE----- |
|
From: Andres R. <and...@gm...> - 2008-11-12 11:15:04
|
Marc, On Wed, Nov 12, 2008 at 2:36 AM, Marc-André Laverdière <mar...@at...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi guys! > > Sorry for causing a thread without me wanting to. > As a sidenote, its just basic usability to distinguish between a system > failure (stack trace) and an improper set of usage parameters. I'm 100% > with Andres on this. +1 > I wouldn't have sent you a bug report if the output said "RFTM" instead > of telling me to send you a bug report... +1 > I think the time taken to change that will be lesser than the time > you'll spend dealing with RFTM cases... +1, +1 ,+1, +1 ;) > Daniele Bellucci wrote: >> I agree with Bernardo, users shall read documentation before using the >> tool .. and if the find something wrong they can ask questions. But >> it's important they read the documentation before posting strange >> questione to any mailinglist (eg: pen-test) but this! >> >> D. >> >> >> >> >> On Tue, Nov 11, 2008 at 3:08 PM, Bernardo Damele A. G. >> <ber...@gm...> wrote: >>> Hi Andres, >>> >>> On Tue, Nov 11, 2008 at 14:00, Andres Riancho <and...@gm...> wrote: >>>> ... >>>> I agree that this is the classical "RTFM", but sqlmap shouldn't show a >>>> traceback in this case. The correct behaviour here should have been >>>> something like: >>>> >>>> print 'The port you selected (value: %s) is invalid' % __hostnamePort[1] >>> I am using optparse to parse command line parameters, it's handled >>> automatically. Giving -u="http://..." takes '=http' as target url >>> which is clearly wrong. Nothing I can/want to fix/change here. >>> >>>> ... >>>> [ERROR] unhandled exception in sqlmap/0.6.2, please copy the command >>>> line and the following text and send by e-mail to >>>> sql...@li... >>> Done! >>> >>> Cheers, >>> -- >>> Bernardo Damele A. G. >>> >>> E-mail / Jabber: bernardo.damele (at) gmail.com >>> Mobiles: +39-3493821385 (IT), +44-(0)7788962949 (UK) >>> PGP Key ID: 0x05F5A30F >>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>> Build the coolest Linux based applications with Moblin SDK & win great prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> > > > - -- > Marc-André Laverdière > Software Security Researcher > Innovation Labs, Tata Consultancy Services > Hyderabad, India > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkkaXWEACgkQ1pcTV+tDOi4+5QCdFw2nDM4E91oJNtobhtlTT+Xl > DjcAnjL4XjQaSzER4bO5q4Q3h3p7T7eC > =pTR/ > -----END PGP SIGNATURE----- > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X