Thread: [sqlmap-users] bugs
Brought to you by:
inquisb
From: <ja...@ev...> - 2009-08-20 01:27:33
|
Hi, Newest SVN. Python is rather old on this box, I'd be willing to upgrade and retry if this error isnt reproduceable. [17:44:45] [WARNING] the functionality requested might not work because the session user is not a database administrator [17:44:45] [INFO] checking if xp_cmdshell extended procedure is available, wait.. xp_cmdshell extended procedure does not seem to be available. Do you want sqlmap to try to re-enable it? [Y/n] y [17:45:05] [ERROR] unhandled exception in sqlmap/0.8-dev1, please copy the command line and the following text and send by e-mail to sql...@li.... The developer will fix it as soon as possible: sqlmap version: 0.8-dev1 Python version: 2.4.4 Operating system: linux2 Traceback (most recent call last): File "./sqlhax", line 84, in main start() File "/nfs/sqlmap/lib/controller/controller.py", line 263, in start action() File "/nfs/sqlmap/lib/controller/action.py", line 140, in action conf.dbmsHandler.osShell() File "/nfs/sqlmap/plugins/generic/takeover.py", line 300, in osShell self.initEnv() File "/nfs/sqlmap/lib/takeover/abstraction.py", line 168, in initEnv self.xpCmdshellInit(mandatory) File "/nfs/sqlmap/lib/takeover/xp_cmdshell.py", line 181, in xpCmdshellInit self.__xpCmdshellConfigure(1) File "/nfs/sqlmap/lib/takeover/xp_cmdshell.py", line 106, in __xpCmdshellConfigure if kb.dbmsVersion[0] in ( "2005", "2008" ): IndexError: list index out of range Also, for anyone on the list who is actually interested check out this cheat sheet, its pretty awesome. http://pentestmonkey.net/blog/mysql-sql-injection-cheat-sheet/ Cheers, James |
From: PentestXss <pen...@12...> - 2014-10-13 09:24:53
|
[17:18:14] [CRITICAL] unhandled exception occurred in sqlmap/1.0-dev-nongit-20141013. It is recommended to retry your run with the latest development version from official GitHub repository at 'https://github.com/sqlmapproject/sqlmap'. If the exception persists, please open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' (or less preferably send by e-mail to 'sql...@li...') with the following text and any other information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you sqlmap version: 1.0-dev Python version: 2.6.5 Operating system: posix Command line: sqlmap.py --url=**************************************************** --random-agent --threads=5 --dbms=mssqlserver --current-user --current-db -v 3 --os-shell Back-end DBMS: Microsoft SQL Server (fingerprinted) Traceback (most recent call last): File "sqlmap.py", line 97, in main start() File "/root/sqlmap-dev/lib/controller/controller.py", line 585, in start action() File "/root/sqlmap-dev/lib/controller/action.py", line 160, in action conf.dbmsHandler.osShell() File "/root/sqlmap-dev/plugins/generic/takeover.py", line 83, in osShell self.shell() File "/root/sqlmap-dev/lib/takeover/abstraction.py", line 144, in shell self.runCmd(command) File "/root/sqlmap-dev/lib/takeover/abstraction.py", line 86, in runCmd output = self.evalCmd(cmd) File "/root/sqlmap-dev/lib/takeover/abstraction.py", line 66, in evalCmd retVal = self.xpCmdshellEvalCmd(cmd, first, last) File "/root/sqlmap-dev/lib/takeover/xp_cmdshell.py", line 229, in xpCmdshellEvalCmd if not (output[0] or "").strip(): AttributeError: 'list' object has no attribute 'strip' |
From: Miroslav S. <mir...@gm...> - 2014-10-13 10:00:59
|
Hi. It should be fixed now. Bye On Mon, Oct 13, 2014 at 11:24 AM, PentestXss <pen...@12...> wrote: > [17:18:14] [CRITICAL] unhandled exception occurred in > sqlmap/1.0-dev-nongit-20141013. It is recommended to retry your run with > the latest development version from official GitHub repository at ' > https://github.com/sqlmapproject/sqlmap'. If the exception persists, > please open a new issue at ' > https://github.com/sqlmapproject/sqlmap/issues/new' (or less preferably > send by e-mail to 'sql...@li...') with the > following text and any other information required to reproduce the bug. The > developers will try to reproduce the bug, fix it accordingly and get back > to you > sqlmap version: 1.0-dev > Python version: 2.6.5 > Operating system: posix > Command line: sqlmap.py > --url=**************************************************** --random-agent > --threads=5 --dbms=mssqlserver --current-user --current-db -v 3 --os-shell > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 97, in main > start() > File "/root/sqlmap-dev/lib/controller/controller.py", line 585, in start > action() > File "/root/sqlmap-dev/lib/controller/action.py", line 160, in action > conf.dbmsHandler.osShell() > File "/root/sqlmap-dev/plugins/generic/takeover.py", line 83, in osShell > self.shell() > File "/root/sqlmap-dev/lib/takeover/abstraction.py", line 144, in shell > self.runCmd(command) > File "/root/sqlmap-dev/lib/takeover/abstraction.py", line 86, in runCmd > output = self.evalCmd(cmd) > File "/root/sqlmap-dev/lib/takeover/abstraction.py", line 66, in evalCmd > retVal = self.xpCmdshellEvalCmd(cmd, first, last) > File "/root/sqlmap-dev/lib/takeover/xp_cmdshell.py", line 229, in > xpCmdshellEvalCmd > if not (output[0] or "").strip(): > AttributeError: 'list' object has no attribute 'strip' > > > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://p.sf.net/sfu/Zoho > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Bernardo D. A. G. <ber...@gm...> - 2009-09-13 21:45:27
|
Hi James, On Thu, Aug 20, 2009 at 02:00, <ja...@ev...> wrote: > ... > sqlmap version: 0.8-dev1 > Python version: 2.4.4 > Operating system: linux2 > Traceback (most recent call last): > File "./sqlhax", line 84, in main > start() > File "/nfs/sqlmap/lib/controller/controller.py", line 263, > in start > action() > File "/nfs/sqlmap/lib/controller/action.py", line 140, in > action > conf.dbmsHandler.osShell() > File "/nfs/sqlmap/plugins/generic/takeover.py", line 300, > in osShell > self.initEnv() > File "/nfs/sqlmap/lib/takeover/abstraction.py", line 168, > in initEnv > self.xpCmdshellInit(mandatory) > File "/nfs/sqlmap/lib/takeover/xp_cmdshell.py", line 181, > in xpCmdshellInit > self.__xpCmdshellConfigure(1) > File "/nfs/sqlmap/lib/takeover/xp_cmdshell.py", line 106, > in __xpCmdshellConfigure > if kb.dbmsVersion[0] in ( "2005", "2008" ): > IndexError: list index out of range This happens because for some reason, sqlmap was not able to identify the version of MSSQL some lines before. You can force the dbms version if you know it with the --dbms option. Simply provide --dbms "mssql 200X". > Also, for anyone on the list who is actually interested check out this > cheat sheet, its pretty awesome. > > http://pentestmonkey.net/blog/mysql-sql-injection-cheat-sheet/ You can also have a look on my links on http://delicious.com/inquis/sqlinjection. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |