Thread: [sqlmap-users] bug
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Gabriel eu <mes...@gm...> - 2009-05-14 13:13:37
|
cmd: ./sqlmap.py -u " http://www.amazontech2008.com.br/espanhol/index.php?conteudo=integra&numero=97&titulo=Uma%20refdorma%20atrasada" -p numero --union-use --read-file '/home/amazonte/public_html/admin/login.php sqlmap version: 0.7rc1 Python version: 2.5 Operating system: linux2 Traceback (most recent call last): File "./sqlmap.py", line 81, in main start() File "/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/lib/controller/controller.py", line 265, in start action() File "/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/lib/controller/action.py", line 130, in action dumper.string("%s file saved to" % conf.rFile, conf.dbmsHandler.readFile(conf.rFile), sort=False) File "/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/plugins/generic/filesystem.py", line 304, in readFile fileContent = self.__unhexString(fileContent) File "/home/gabriel/exploits/sql_injection/sqlmap-0.7rc1/plugins/generic/filesystem.py", line 77, in __unhexString unhexStr = binascii.unhexlify(hexStr) TypeError: Odd-length string |
|
From: <un...@we...> - 2009-05-17 12:01:12
|
sqlmap -u "http://gesichterparty.de/index.php?modul=magazin&action=show_channel&magazin_channel_id=6&magazin_subchannel_id=17" --timeout 120 --string "Was in den USA bereits seit den 80er Jahren" -p "magazin_subchannel_id" --columns -D gesichterparty -T user sqlmap version: 0.6.4 Python version: 2.5.4 Operating system: win32 Traceback (most recent call last): File "sqlmap.py", line 81, in main File "lib\controller\controller.pyc", line 255, in start File "lib\controller\action.pyc", line 114, in action File "plugins\generic\enumeration.pyc", line 833, in getColumns File "lib\request\inject.pyc", line 364, in getValue File "lib\request\inject.pyc", line 297, in __goInferenceProxy File "lib\request\inject.pyc", line 100, in __goInferenceFields File "lib\request\inject.pyc", line 60, in __goInference File "lib\techniques\blind\inference.pyc", line 231, in bisection File "lib\techniques\blind\inference.pyc", line 102, in getChar File "lib\request\connect.pyc", line 268, in queryPage File "lib\request\connect.pyc", line 163, in getPage File "socket.pyc", line 304, in read File "httplib.pyc", line 509, in read File "httplib.pyc", line 554, in _read_chunked File "httplib.pyc", line 604, in _safe_read IncompleteRead: ['ef="/index.php?modul=magazin&action=show_channel&magaz in_channel_id=1">Highlights</a></li><li><a href="/index.php?modul=magazin&ac tion=show_channel&magazin_channel_id=4">Entertainment</a></li><li><a href="/ index.php?modul=magazin&action=show_channel&magazin_channel_id=5">Lifest yle</a></li><li><a href="/index.php?modul=magazin&action=show_channel&ma gazin_channel_id=6">Sport & Fun</a></li><li><a href="/index.php?modul=magazi n&action=show_channel&magazin_channel_id=2">Events</a></li><li><a href=" /index.php?modul=magazin&action=show_channel&magazin_channel_id=3">Start Up</a></li><li><a href="/index.php?modul=magazin&action=show_channel&mag azin_channel_id=7">CoolArts</a></li><li><a href="/index.php?modul=magazin&ac tion=show_channel&magazin_channel_id=5&magazin_subchannel_id=30">GP-Mode l</a></li><li><a href="http://twitter.com/DieRedaktion">Twitter</a></li></ul><ul class="submenu sub-gptv" id="submenu_7" onmouseover="YAHOO.gp.menu.show(7);"><l i><a href="/gptv/onair">GP.TV live</a></li><li><a href="/gptv/offair">GP.TV</a>< /li><li><a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?i d=294353995">GP.TV Podcast</a></li><li><a href="/gptv/archiv/">Sendungsarchiv</a ></li><li><a href="/index.php?modul=group&group_id=241169">TV-Gruppe</a></li ><li><a href="/index.php?modul=board&action=viewboard&board_id=81">TV-Fo rum</a></li></ul><ul class="submenu sub-gp2go" id="submenu_8" onmouseover="YAHOO .gp.menu.show(8);"><li><a href="/index.php?modul=cms&cms_id=125">GP2GO</a></li>< li><a href="/index.php?modul=cms&cms_id=127">So geht\'s</a></li><li><a href="/in dex.php?modul=cms&cms_id=128">FAQ</a></li></ul><ul class="submenu sub-region" id ="submenu_9" onmouseover="YAHOO.gp.menu.show(9);"><li><a href="javascript:YAHOO. gp.regionselector.onSelect();">Wähle Deine Region</a></li></ul></div>\n<div id="gp-breadcrumb"><p class="breadcrumb"><a href="/index.php?modul=magazin" tit le="Magazin">Magazin</a><a href="/index.php?modul=magazin&action=show_channel&ma gazin_channel_id=6" title="Sport & Fun">Sport & Fun</a><span class="here">Wie fu nktioniert...?</span></p></div></div>\n\n\n</div>\n</div>\n\n<div id="custom-doc " class="yui-t6">\n<div id="bd">\n<div id="yui-main">\n<div class="yui-b">\n<!-- div class="yui-g" -->\n<div id="gp-content">\n<!-- google_ad_section_start -->\ n<div class="yui-u">\n<div id="article-headline" style="background-color:#008f01 ">\n <span class="channel">Sport & Fun</span> -\n <span class="subchannel" >Aktuelles</span>\n\n</div>\n\n<div id="article-abstract">\n\n\n<a style="float: left;" href="/index.php?modul=magazin&action=show_article&magazin_article_id=23 50">\n<img src="http://ec2-75-101-197-147.compute-1.amazonaws.com/images/cache/m agazin_image/V4/2A/V42AvdmdKPo,16.jpg" class="alignleft"\n width="356 " height="192"\n />\n</a>\n\n<div class="abstract-content">\n <a href= "/index.php?modul=magazin&action=show_article&magazin_article_id=2350">\n <h2 >Gro\xc3\x9fer Preis von Spanien in Barc'] |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-05-18 19:21:27
|
Hi, On Sun, May 17, 2009 at 13:01, <un...@we...> wrote: > ... > sqlmap version: 0.6.4 > Python version: 2.5.4 > Operating system: win32 > Traceback (most recent call last): > ... > File "httplib.pyc", line 509, in read > File "httplib.pyc", line 554, in _read_chunked > File "httplib.pyc", line 604, in _safe_read > IncompleteRead: ['ef="/index.php?modul=magazin&action=show_channel&magaz > ... It looks like this is a known bug in Python standard library httplib. I could catch this exception, but this would not solve the problem. Give it a try with the latest stable Python 2.6. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
|
From: dang tu <tud...@gm...> - 2009-08-24 01:16:42
|
[12:04:58] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[12:05:00] [WARNING] Cookie parameter 'jsessionid' is not dynamic
[12:05:04] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the
command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon as
possible:
sqlmap version: 0.7rc1
Python version: 2.5.2
Operating system: linux2
Traceback (most recent call last):
File "./sqlmap.py", line 81, in main
start()
File
"/space/backtrack/microverse/s/sqlmap/SQLMAP-0.6.4-BT1/pentest/database/sqlmap/lib/controller/controller.py",
line 264, in start
File
"/space/backtrack/microverse/s/sqlmap/SQLMAP-0.6.4-BT1/pentest/database/sqlmap/lib/core/target.py",
line 234, in createTargetDirs
File
"/space/backtrack/microverse/s/sqlmap/SQLMAP-0.6.4-BT1/pentest/database/sqlmap/lib/core/dump.py",
line 62, in setOutputFile
IOError: [Errno 13] Permission denied: '/pentest/database/sqlmap/output/
www.tas.com.vn/log'
[*] shutting down at: 12:05:04
|
|
From: Patrick W. <pa...@au...> - 2009-08-25 10:40:48
|
If you read the error - permission denied to write file... fixing your folder permissions would help! Though I would advise against using SQL injection against the Vietnam Stock Trading Platform without legal permission. -Patrick On Mon, Aug 24, 2009 at 11:16 AM, dang tu <tud...@gm...> wrote: > [12:04:58] [WARNING] User-Agent parameter 'User-Agent' is not dynamic > [12:05:00] [WARNING] Cookie parameter 'jsessionid' is not dynamic > [12:05:04] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.7rc1 > Python version: 2.5.2 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlmap.py", line 81, in main > start() > File > "/space/backtrack/microverse/s/sqlmap/SQLMAP-0.6.4-BT1/pentest/database/sqlmap/lib/controller/controller.py", > line 264, in start > File > "/space/backtrack/microverse/s/sqlmap/SQLMAP-0.6.4-BT1/pentest/database/sqlmap/lib/core/target.py", > line 234, in createTargetDirs > File > "/space/backtrack/microverse/s/sqlmap/SQLMAP-0.6.4-BT1/pentest/database/sqlmap/lib/core/dump.py", > line 62, in setOutputFile > IOError: [Errno 13] Permission denied: '/pentest/database/sqlmap/output/ > www.tas.com.vn/log' > > [*] shutting down at: 12:05:04 > > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus > on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: x <dee...@ma...> - 2011-01-03 20:27:56
|
cmd: sqlmap.py -u "http://www.rscomputerhandel.de/index.php?option=com_content&view=section&layout=blog&id=31&Itemid=88&lang=de" error: [17:54:17] [WARNING] HTTP error codes detected during testing: 404 (Not Found) - 48 times, 500 (Internal Server Error) - 47 times [17:54:17] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sql...@li... the comma nd line, the following text and any information needed to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to yo u. sqlmap version: 0.9-dev (r2888) Python version: 2.7 Operating system: nt Traceback (most recent call last): File "C:\sqlmap\sqlmap.py", line 83, in main start() File "C:\sqlmap\lib\controller\controller.py", line 335, in star t elif not checkDynParam(place, parameter, value): File "C:\sqlmap\lib\controller\checks.py", line 540, in checkDyn Param dynResult = Request.queryPage(payload, place, raise404=False) File "C:\sqlmap\lib\request\connect.py", line 454, in queryPage page, headers = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, response=response, r aise404=raise404, ignoreTimeout=timeBasedCompare) File "C:\sqlmap\lib\request\connect.py", line 276, in getPage responseMsg += getUnicode(logHeaders) UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 69: ordinal not in range(128) [*] shutting down at: 17:54:17 |
|
From: Miroslav S. <mir...@gm...> - 2011-01-03 22:04:42
|
hi x. thank you for your report. it resulted in a pretty important update. kind regards. On Mon, Jan 3, 2011 at 9:27 PM, x <dee...@ma...> wrote: > cmd: > > sqlmap.py -u > " > http://www.rscomputerhandel.de/index.php?option=com_content&view=section&layout=blog&id=31&Itemid=88&lang=de > " > > > error: > > [17:54:17] [WARNING] HTTP error codes detected during testing: > 404 (Not Found) - 48 times, 500 (Internal Server Error) - 47 times > > [17:54:17] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your > run with > the latest development version from the Subversion repository. If the > exception > persists, please send by e-mail to sql...@li... > the comma > nd line, the following text and any information needed to reproduce the > bug. The > developers will try to reproduce the bug, fix it accordingly and get > back to yo > u. > sqlmap version: 0.9-dev (r2888) > Python version: 2.7 > Operating system: nt > Traceback (most recent call last): > File "C:\sqlmap\sqlmap.py", line 83, in main > start() > File "C:\sqlmap\lib\controller\controller.py", line 335, in star > t > elif not checkDynParam(place, parameter, value): > File "C:\sqlmap\lib\controller\checks.py", line 540, in checkDyn > Param > dynResult = Request.queryPage(payload, place, raise404=False) > File "C:\sqlmap\lib\request\connect.py", line 454, in queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, > ua=ua, silent=silent, method=method, auxHeaders=auxHeaders, > response=response, r > aise404=raise404, ignoreTimeout=timeBasedCompare) > File "C:\sqlmap\lib\request\connect.py", line 276, in getPage > responseMsg += getUnicode(logHeaders) > UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 69: > ordinal > not in range(128) > > [*] shutting down at: 17:54:17 > > > ------------------------------------------------------------------------------ > Learn how Oracle Real Application Clusters (RAC) One Node allows customers > to consolidate database storage, standardize their database environment, > and, > should the need arise, upgrade to a full multi-node Oracle RAC database > without downtime or disruption > http://p.sf.net/sfu/oracle-sfdevnl > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
|
From: Ben G. <ggs...@ho...> - 2011-05-31 14:46:34
|
./sqlmap.py -u http://www.yello.co.th/th/hot_item.php?cat1=mechandise sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 22:44:04 [22:44:04] [INFO] using '/pentest/database/sqlmap/output/www.yello.co.th/session' as session file[22:44:04] [INFO] testing connection to the target url [22:44:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible:sqlmap version: 0.9-devPython version: 2.5.2Operating system: posixTraceback (most recent call last): File "./sqlmap.py", line 89, in main start() File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in start if not checkConnection() or not checkString() or not checkRegexp(): File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in checkConnection page, _ = Request.getPage() File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in getPage page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in decodePage page = unicode(page, contentType.split('charset=')[-1]) #don't use getUnicode here. it needs to stay as is.LookupError: unknown encoding: windows-874 [*] shutting down at: 22:44:05 |
|
From: Miroslav S. <mir...@gm...> - 2011-05-31 14:51:35
|
hi Ben. thank you for your report and please don't send real sites here. will fix and report back. kr On Tue, May 31, 2011 at 4:46 PM, Ben Gan <ggs...@ho...> wrote: > ./sqlmap.py -u http://www.yello.co.th/th/hot_item.php?cat1=mechandise > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > [*] starting at: 22:44:04 > [22:44:04] [INFO] using > '/pentest/database/sqlmap/output/www.yello.co.th/session' as session file > [22:44:04] [INFO] testing connection to the target url > [22:44:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the > command line and the following text and send by e-mail to > sql...@li.... The developer will fix it as soon as > possible: > sqlmap version: 0.9-dev > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 89, in main > start() > File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in > start > if not checkConnection() or not checkString() or not checkRegexp(): > File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in > checkConnection > page, _ = Request.getPage() > File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in > getPage > page = decodePage(page, responseHeaders.get("Content-Encoding"), > responseHeaders.get("Content-Type")) > File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in > decodePage > page = unicode(page, contentType.split('charset=')[-1]) #don't use > getUnicode here. it needs to stay as is. > LookupError: unknown encoding: windows-874 > [*] shutting down at: 22:44:05 > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Data protection magic? > Nope - It's vRanger. Get your free trial download today. > http://p.sf.net/sfu/quest-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-31 14:53:47
|
sorry. now i see that you are using outdated version 0.9-dev while the current version is 1.0-dev. please update and try again. kr On Tue, May 31, 2011 at 4:51 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Ben. > > thank you for your report and please don't send real sites here. will > fix and report back. > > kr > > On Tue, May 31, 2011 at 4:46 PM, Ben Gan <ggs...@ho...> wrote: >> ./sqlmap.py -u http://www.yello.co.th/th/hot_item.php?cat1=mechandise >> sqlmap/0.9-dev - automatic SQL injection and database takeover tool >> http://sqlmap.sourceforge.net >> [*] starting at: 22:44:04 >> [22:44:04] [INFO] using >> '/pentest/database/sqlmap/output/www.yello.co.th/session' as session file >> [22:44:04] [INFO] testing connection to the target url >> [22:44:05] [ERROR] unhandled exception in sqlmap/0.9-dev, please copy the >> command line and the following text and send by e-mail to >> sql...@li.... The developer will fix it as soon as >> possible: >> sqlmap version: 0.9-dev >> Python version: 2.5.2 >> Operating system: posix >> Traceback (most recent call last): >> File "./sqlmap.py", line 89, in main >> start() >> File "/pentest/database/sqlmap/lib/controller/controller.py", line 154, in >> start >> if not checkConnection() or not checkString() or not checkRegexp(): >> File "/pentest/database/sqlmap/lib/controller/checks.py", line 395, in >> checkConnection >> page, _ = Request.getPage() >> File "/pentest/database/sqlmap/lib/request/connect.py", line 192, in >> getPage >> page = decodePage(page, responseHeaders.get("Content-Encoding"), >> responseHeaders.get("Content-Type")) >> File "/pentest/database/sqlmap/lib/request/basic.py", line 107, in >> decodePage >> page = unicode(page, contentType.split('charset=')[-1]) #don't use >> getUnicode here. it needs to stay as is. >> LookupError: unknown encoding: windows-874 >> [*] shutting down at: 22:44:05 >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment with vRanger. >> Installation's a snap, and flexible recovery options mean your data is safe, >> secure and there when you need it. Data protection magic? >> Nope - It's vRanger. Get your free trial download today. >> http://p.sf.net/sfu/quest-sfdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Dark-Net J. <dan...@ho...> - 2011-11-13 20:48:44
|
Command line: ./sqlmap.py -u **************************************************** --forms --dbs -o --batch
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
File "/home/*******/Desktop/sqlmap/last/sqlmap/_sqlmap.py", line 86, in main
start()
File "/home/********/Desktop/sqlmap/last/sqlmap/lib/controller/controller.py", line 334, in start
checkNullConnection()
File "/home/*********/Desktop/sqlmap/last/sqlmap/lib/controller/checks.py", line 913, in checkNullConnection
page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD)
File "/home/*********/Desktop/sqlmap/last/sqlmap/lib/request/connect.py", line 280, in getPage
requestMsg += "\n\n%s" % post
UnicodeDecodeError: 'ascii' codec can't decode byte 0xef in position 11: ordinal not in range(128)
[*] shutting down at 22:42:39
|
|
From: Miroslav S. <mir...@gm...> - 2011-11-14 11:30:31
|
Hi Jer0nomo. Could you please retry with the latest revision (r4505) - committed this moment? Kind regards, Miroslav Stampar On Sun, Nov 13, 2011 at 9:48 PM, Dark-Net Jer0nomo <dan...@ho...>wrote: > Command line: ./sqlmap.py -u > **************************************************** --forms --dbs -o > --batch > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "/home/*******/Desktop/sqlmap/last/sqlmap/_sqlmap.py", line 86, in > main > start() > File > "/home/********/Desktop/sqlmap/last/sqlmap/lib/controller/controller.py", > line 334, in start > checkNullConnection() > File > "/home/*********/Desktop/sqlmap/last/sqlmap/lib/controller/checks.py", line > 913, in checkNullConnection > page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD) > File > "/home/*********/Desktop/sqlmap/last/sqlmap/lib/request/connect.py", line > 280, in getPage > requestMsg += "\n\n%s" % post > UnicodeDecodeError: 'ascii' codec can't decode byte 0xef in position 11: > ordinal not in range(128) > > [*] shutting down at 22:42:39 > > > > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Fernando P. <fer...@gm...> - 2011-12-16 00:17:48
|
21:15:08] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.1.2
back-end DBMS: MySQL 5.0
[21:15:08] [INFO] fetching database names
[21:15:11] [CRITICAL] unhandled exception in sqlmap/0.9, retry your
run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any
information required to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 0.9 (r3630)
Python version: 2.7.2
Operating system: posix
Command line: sqlmap.py
--url=************************************************************
--level 2 --dbs
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "sqlmap.py", line 82, in main
start()
File "/root/soft/sqlmap/sqlmap/lib/controller/controller.py", line
447, in start
action()
File "/root/soft/sqlmap/sqlmap/lib/controller/action.py", line 88, in action
conf.dumper.dbs(conf.dbmsHandler.getDbs())
File "/root/soft/sqlmap/sqlmap/plugins/generic/enumeration.py", line
681, in getDbs
value = inject.getValue(query, blind=False)
File "/root/soft/sqlmap/sqlmap/lib/request/inject.py", line 432, in getValue
value = __goInband(query, expected, sort, resumeValue, unpack, dump)
File "/root/soft/sqlmap/sqlmap/lib/request/inject.py", line 384, in __goInband
output = unionUse(expression, unpack=unpack, dump=dump)
File "/root/soft/sqlmap/sqlmap/lib/techniques/inband/union/use.py",
line 235, in unionUse
for num in xrange(startLimit, stopLimit):
TypeError: an integer is required
|
|
From: Miroslav S. <mir...@gm...> - 2011-12-16 09:39:50
|
Hi Fernando. Please checkout the latest revision from our SVN repository (v1.0-dev) to have it up to date: svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev Kind regards, Miroslav Stampar On Fri, Dec 16, 2011 at 1:17 AM, Fernando Parodi <fer...@gm...>wrote: > 21:15:08] [INFO] the back-end DBMS is MySQL > web server operating system: Windows 2008 > web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.1.2 > back-end DBMS: MySQL 5.0 > [21:15:08] [INFO] fetching database names > > [21:15:11] [CRITICAL] unhandled exception in sqlmap/0.9, retry your > run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any > information required to reproduce the bug. The developers will try to > reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 0.9 (r3630) > Python version: 2.7.2 > Operating system: posix > Command line: sqlmap.py > --url=************************************************************ > --level 2 --dbs > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 82, in main > start() > File "/root/soft/sqlmap/sqlmap/lib/controller/controller.py", line > 447, in start > action() > File "/root/soft/sqlmap/sqlmap/lib/controller/action.py", line 88, in > action > conf.dumper.dbs(conf.dbmsHandler.getDbs()) > File "/root/soft/sqlmap/sqlmap/plugins/generic/enumeration.py", line > 681, in getDbs > value = inject.getValue(query, blind=False) > File "/root/soft/sqlmap/sqlmap/lib/request/inject.py", line 432, in > getValue > value = __goInband(query, expected, sort, resumeValue, unpack, dump) > File "/root/soft/sqlmap/sqlmap/lib/request/inject.py", line 384, in > __goInband > output = unionUse(expression, unpack=unpack, dump=dump) > File "/root/soft/sqlmap/sqlmap/lib/techniques/inband/union/use.py", > line 235, in unionUse > for num in xrange(startLimit, stopLimit): > TypeError: an integer is required > > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: HGroup VN <hgr...@gm...> - 2012-02-25 18:23:14
|
[01:20:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4805), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4805)
Python version: 2.7.2+
Operating system: posix
Technique: None
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/home/user/Desktop/sqlmap/_sqlmap.py", line 82, in main
start()
File "/home/user/Desktop/sqlmap/lib/controller/controller.py", line 341,
in start
setupTargetEnv()
File "/home/user/Desktop/sqlmap/lib/core/target.py", line 416, in
setupTargetEnv
__resumeHashDBValues()
File "/home/user/Desktop/sqlmap/lib/core/target.py", line 216, in
__resumeHashDBValues
kb.xpCmdshellAvailable =
hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable
AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE'
[*] shutting down at 01:20:50
|
|
From: Ahmed S. <ah...@is...> - 2012-02-25 21:13:00
|
till the development team handle this issue edit line 216 in /home/user/Desktop/sqlmap/lib/controller/controller.py from kb.xpCmdshellAvailable =hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable to try: kb.xpCmdshellAvailable =hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable except AttributeError: pass On 2/25/12, Ahmed Shawky <ah...@is...> wrote: > till the development team handle this issue > edit line 216 in /home/user/Desktop/sqlmap/lib/controller/controller.py > from > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or > kb.xpCmdshellAvailable > > to > try: > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or > kb.xpCmdshellAvailable > except AttributeError: > pass > > > On 2/25/12, HGroup VN <hgr...@gm...> wrote: >> [01:20:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4805), >> retry >> your run with the latest development version from the Subversion >> repository. If the exception persists, please send by e-mail to >> sql...@li... the following text and any information >> required to reproduce the bug. The developers will try to reproduce the >> bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev (r4805) >> Python version: 2.7.2+ >> Operating system: posix >> >> Technique: None >> Back-end DBMS: MySQL (fingerprinted) >> Traceback (most recent call last): >> File "/home/user/Desktop/sqlmap/_sqlmap.py", line 82, in main >> start() >> File "/home/user/Desktop/sqlmap/lib/controller/controller.py", line >> 341, >> in start >> setupTargetEnv() >> File "/home/user/Desktop/sqlmap/lib/core/target.py", line 416, in >> setupTargetEnv >> __resumeHashDBValues() >> File "/home/user/Desktop/sqlmap/lib/core/target.py", line 216, in >> __resumeHashDBValues >> kb.xpCmdshellAvailable = >> hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or >> kb.xpCmdshellAvailable >> AttributeError: class HASHDB_KEYS has no attribute >> 'XP_CMDSHELL_AVAILABLE' >> >> [*] shutting down at 01:20:50 >> > > > -- > > > - Ahmed Shawky El-Antry > - lnxg33k owner "http://lnxg33k.wordpress.com" > - Isecur1ty team member"http://www.isecur1ty.org" > - Twitter @lnxg33k > -- - Ahmed Shawky El-Antry - lnxg33k owner "http://lnxg33k.wordpress.com" - Isecur1ty team member"http://www.isecur1ty.org" - Twitter @lnxg33k |
|
From: Miroslav S. <mir...@gm...> - 2012-02-25 22:39:45
|
Hi. Thank you for your report and find it fixed with the latest commit (r4806). Kind regards, Miroslav Stampar On Sat, Feb 25, 2012 at 7:22 PM, HGroup VN <hgr...@gm...> wrote: > [01:20:50] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4805), retry > your run with the latest development version from the Subversion > repository. If the exception persists, please send by e-mail to > sql...@li... the following text and any information > required to reproduce the bug. The developers will try to reproduce the > bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4805) > Python version: 2.7.2+ > Operating system: posix > > Technique: None > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "/home/user/Desktop/sqlmap/_sqlmap.py", line 82, in main > start() > File "/home/user/Desktop/sqlmap/lib/controller/controller.py", line 341, > in start > setupTargetEnv() > File "/home/user/Desktop/sqlmap/lib/core/target.py", line 416, in > setupTargetEnv > __resumeHashDBValues() > File "/home/user/Desktop/sqlmap/lib/core/target.py", line 216, in > __resumeHashDBValues > kb.xpCmdshellAvailable = > hashDBRetrieve(HASHDB_KEYS.XP_CMDSHELL_AVAILABLE) or kb.xpCmdshellAvailable > AttributeError: class HASHDB_KEYS has no attribute 'XP_CMDSHELL_AVAILABLE' > > [*] shutting down at 01:20:50 > > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Ahmed S. <ah...@is...> - 2012-07-01 03:19:54
|
sqlmap version: 1.0-dev
Python version: 2.7.2+
Operating system: posix
Command line: ./sqlmap.py -u ************************* --data
username=&password=&priv=null&submit=Login+to+the+matrix -p priv
--technique U --union-col 8 --dbms mysql --random-agent -v 3 --batch
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "/home/lnxg33k/pentest/database/sqlmap/_sqlmap.py", line 79, in main
start()
File
"/home/lnxg33k/pentest/database/sqlmap/lib/controller/controller.py", line
556, in start
__showInjections()
File
"/home/lnxg33k/pentest/database/sqlmap/lib/controller/controller.py", line
150, in __showInjections
conf.dumper.technic(header, data)
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/dump.py", line 111,
in technic
self.string(header, data)
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/dump.py", line 77,
in string
data = self._formatString(getUnicode(data))
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/dump.py", line 64,
in _formatString
return restoreDumpMarkedChars(getUnicode(inpStr))
File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py", line
840, in restoreDumpMarkedChars
retVal = retVal.replace(DUMP_NEWLINE_MARKER,
"\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t")
NameError: global name 'DUMP_NEWLINE_MARKER' is not defined
--
lnxg33k@lnxg33k(~/pentest/database/sqlmap(master)):$ git rev-parse --verify
HEAD
21d9ae0a2c09e418b8430306cf134adfac46f4a5
--
- Ahmed Shawky El-Antry
- lnxg33k owner "http://lnxg33k.wordpress.com"
- Isecur1ty team member"http://www.isecur1ty.org"
- Twitter @lnxg33k
|
|
From: Miroslav S. <mir...@gm...> - 2012-07-01 09:06:56
|
Hi Ahmed. Thank you for your report and find it fixed with the latest commit. Kind regards, MIroslav Stampar On Sun, Jul 1, 2012 at 4:57 AM, Ahmed Shawky <ah...@is...> wrote: > sqlmap version: 1.0-dev > Python version: 2.7.2+ > Operating system: posix > Command line: ./sqlmap.py -u ************************* --data > username=&password=&priv=null&submit=Login+to+the+matrix -p priv > --technique U --union-col 8 --dbms mysql --random-agent -v 3 --batch > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "/home/lnxg33k/pentest/database/sqlmap/_sqlmap.py", line 79, in main > start() > File > "/home/lnxg33k/pentest/database/sqlmap/lib/controller/controller.py", line > 556, in start > __showInjections() > File > "/home/lnxg33k/pentest/database/sqlmap/lib/controller/controller.py", line > 150, in __showInjections > conf.dumper.technic(header, data) > File "/home/lnxg33k/pentest/database/sqlmap/lib/core/dump.py", line 111, > in technic > self.string(header, data) > File "/home/lnxg33k/pentest/database/sqlmap/lib/core/dump.py", line 77, > in string > data = self._formatString(getUnicode(data)) > File "/home/lnxg33k/pentest/database/sqlmap/lib/core/dump.py", line 64, > in _formatString > return restoreDumpMarkedChars(getUnicode(inpStr)) > File "/home/lnxg33k/pentest/database/sqlmap/lib/core/common.py", line > 840, in restoreDumpMarkedChars > retVal = retVal.replace(DUMP_NEWLINE_MARKER, > "\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t") > NameError: global name 'DUMP_NEWLINE_MARKER' is not defined > > > -- > lnxg33k@lnxg33k(~/pentest/database/sqlmap(master)):$ git rev-parse > --verify HEAD > 21d9ae0a2c09e418b8430306cf134adfac46f4a5 > > -- > > - Ahmed Shawky El-Antry > - lnxg33k owner "http://lnxg33k.wordpress.com" > - Isecur1ty team member"http://www.isecur1ty.org" > - Twitter @lnxg33k > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: ahmed a. <ad...@7r...> - 2013-01-31 13:29:09
|
i got this bug please fix it [04:04:05] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the GitHub repository. If the exception per sists, please send by e-mail to 'sql...@li...' or open a n ew issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the follow ing text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev Python version: 2.7.3 Operating system: nt Command line: C:\Users\run\sqlmap\sqlmap.py -u ********************************* ******************************************************************************** *********************************** -D ********* -T ********* --dump --level 3 - -proxy ************************** Technique: UNION Back-end DBMS: MySQL (fingerprinted) Traceback (most recent call last): File "C:\Users\run\sqlmap\_sqlmap.py", line 73, in main start() File "C:\Users\run\sqlmap\lib\controller\controller.py", line 569, in start action() File "C:\Users\run\sqlmap\lib\controller\action.py", line 126, in action conf.dbmsHandler.dumpTable() File "C:\Users\run\sqlmap\plugins\generic\entries.py", line 323, in dumpTable conf.dumper.dbTableValues(kb.data.dumpedTable) File "C:\Users\run\sqlmap\lib\core\dump.py", line 483, in dbTableValues mimetype = magic.from_buffer(value, mime=True) File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 104, in from_buffer m = _get_magic_type(mime) File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 95, in _get_magic_t ype return _get_magic_mime() File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 84, in _get_magic_m ime _magic_mime = Magic(mime=True) File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 50, in __init__ self.cookie = magic_open(flags) NameError: global name 'magic_open' is not defined NameError: global name 'magic_open' is not defined [*] shutting down at 04:04:05 Exception AttributeError: "Magic instance has no attribute 'cookie'" in <bound m ethod Magic.__del__ of <thirdparty.magic.magic.Magic instance at 0x0000000003797 588>> ignored |
|
From: Miroslav S. <mir...@gm...> - 2013-01-31 22:17:43
|
Hi. This is fixed two weeks ago [1]. Bye [1] https://github.com/sqlmapproject/sqlmap/issues/351 On Jan 31, 2013 9:48 PM, "ahmed atif" <ad...@7r...> wrote: > i got this bug please fix it > > [04:04:05] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with > the latest development version from the GitHub repository. If the > exception per > sists, please send by e-mail to 'sql...@li...' or > open a n > ew issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the > follow > ing text and any information required to reproduce the bug. The developers > will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.3 > Operating system: nt > Command line: C:\Users\run\sqlmap\sqlmap.py -u > ********************************* > > ******************************************************************************** > *********************************** -D ********* -T ********* --dump > --level 3 - > -proxy ************************** > Technique: UNION > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "C:\Users\run\sqlmap\_sqlmap.py", line 73, in main > start() > File "C:\Users\run\sqlmap\lib\controller\controller.py", line 569, in > start > action() > File "C:\Users\run\sqlmap\lib\controller\action.py", line 126, in action > conf.dbmsHandler.dumpTable() > File "C:\Users\run\sqlmap\plugins\generic\entries.py", line 323, in > dumpTable > conf.dumper.dbTableValues(kb.data.dumpedTable) > File "C:\Users\run\sqlmap\lib\core\dump.py", line 483, in dbTableValues > mimetype = magic.from_buffer(value, mime=True) > File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 104, in > from_buffer > > m = _get_magic_type(mime) > File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 95, in > _get_magic_t > ype > return _get_magic_mime() > File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 84, in > _get_magic_m > ime > _magic_mime = Magic(mime=True) > File "C:\Users\run\sqlmap\thirdparty\magic\magic.py", line 50, in > __init__ > self.cookie = magic_open(flags) > NameError: global name 'magic_open' is not defined > > NameError: global name 'magic_open' is not defined > > [*] shutting down at 04:04:05 > > Exception AttributeError: "Magic instance has no attribute 'cookie'" in > <bound m > ethod Magic.__del__ of <thirdparty.magic.magic.Magic instance at > 0x0000000003797 > 588>> ignored > > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_jan > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Stiefenhofer, M. <M.S...@r-...> - 2009-05-18 07:50:31
Attachments:
smime.p7s
|
People, For the good of this list and the developer(s) of sqlmap - please don't post any real world exploits here. At least anonymize your targets! I'm not a lawyer, but bugfixing this issue could surely be treated as crime abatement. Sorry to suggest that, but maybe it's time for some ethical rules for this list? -marek |
|
From: Christian E. E. <c_e...@ya...> - 2009-05-18 10:36:12
|
I Agree. This isn't ethical at all.
Another solution should be to moderate this list.
---
Christian Eric Edjenguele
IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect
mobile (IT): +39 3408580513
----- Messaggio originale -----
> Da: "Stiefenhofer, Marek" <M.S...@r-...>
> A: Gabriel eu <mes...@gm...>; sql...@li...
> Inviato: Lunedì 18 maggio 2009, 9:17:51
> Oggetto: Re: [sqlmap-users] bug
>
> People,
>
> For the good of this list and the developer(s) of sqlmap - please don't
> post any real world exploits here. At least anonymize your targets!
> I'm not a lawyer, but bugfixing this issue could surely be treated as
> crime abatement.
>
> Sorry to suggest that, but maybe it's time for some ethical rules for
> this list?
>
> -marek
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-05-18 23:31:07
|
Hi Gabriel, On Thu, May 14, 2009 at 14:10, Gabriel eu <mes...@gm...> wrote: > cmd: ./sqlmap.py -u > "http://.../?conteudo=integra&numero=97&titulo=Uma%20refdorma%20atrasada" > -p numero --union-use --read-file > '.../login.php >... > unhexStr = binascii.unhexlify(hexStr) > TypeError: Odd-length string It looks like the enumerated hexadecimal encoded file content is not a pair number so it can not be converted back to its original value on the attacker side. Use -s option to save the file content in the session file if possible and get back to me privately. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X