gmane.comp.security.sqlmap

Re: Not url-encoding POST-data possible?

Miroslav Stampar — 2012-05-24T23:47:32

;)

On Fri, May 25, 2012 at 1:34 AM, André Silva <andreoaz-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: Not url-encoding POST-data possible?

André Silva — 2012-05-24T23:34:46

Bernado / Miroslav,

The SqlMap is indeed an amazing open source sotware.

Bug fixes, implementation of new features....

Thanks guys
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: Not url-encoding POST-data possible?

Miroslav Stampar — 2012-05-24T23:11:38

Hi Thomas.

With the latest r5076 you'll get a new switch '--skip-urlencode' which
tells sqlmap to skip URL encoding of POST data.

Kind regards,
Miroslav Stampar

On Thu, May 24, 2012 at 11:56 AM, Miroslav Stampar <
miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: Bug with IPv6 addresses

Miroslav Stampar — 2012-05-24T22:12:32

Hi.

IPv6 support is now up and running with the latest r5075.

Kind regards,
Miroslav Stampar

On Thu, May 24, 2012 at 12:00 PM, Miroslav Stampar <
miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: File Read Bug Again

Miroslav Stampar — 2012-05-24T17:45:57

Hi nightman.

Thank you again and find it fixed with the latest commit

Kind regards

On Thu, May 24, 2012 at 1:07 PM, <nightman-htSm2yLGOjU< at >public.gmane.org> wrote:

File Read Bug Again

2012-05-24T11:07:34

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: Bug with IPv6 addresses

Miroslav Stampar — 2012-05-24T10:00:07

Hi.

To be honest, we haven't tried usage of IPv6 addresses, but you are the
messenger that we should start :)

We'll see what can be done and keep you posted.

Kind regards,
Miroslav Stampar
On May 23, 2012 8:15 PM, "rmillet" <rmillet42-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: Not url-encoding POST-data possible?

Miroslav Stampar — 2012-05-24T09:56:36

Hi.

There is no such option, but something will be done (e.g.
--skip-urlencode). Will keep you updated.

Kind regards
On May 23, 2012 9:56 PM, "Thomas Schreiber" <ts2112-gM/Ye1E23mwN+BqQ9rBEUg< at >public.gmane.org> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Not url-encoding POST-data possible?

Thomas Schreiber — 2012-05-23T19:56:14

Hi,

can I tell sqlmap to not url-encode POST-data?

In my case a php webservice complains about not getting a '<' as first
character:

   Warning: simplexml_load_string(): Entity: line 1: parser error : Start
tag expected, '<' not found in...
   Warning: simplexml_load_string(): %3Crequest...

The reason is, that sqlmap sends the payload url-encoded:

   %3CRequest%3E%3CID%3E111*%3C/ID>%3C%2FRequest%3E

Trying the same request in burp without urlencoding like this:

   <Request><ID>111*</ID></Request>

does not produce the error

Thanks!

Thomas


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Re: Bug with IPv6 addresses

Ahmed Shawky — 2012-05-23T18:23:05

I think : is a delimiter used by the regex in sqlmap.
Try to encode the the URL with some encoder like fullurl

On Wed, May 23, 2012 at 8:14 PM, rmillet <rmillet42-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org>wrote:

Bug with IPv6 addresses

rmillet — 2012-05-23T18:14:18

Hi all,

sqlmap hangs when using with an IPv6 address:
 ./sqlmap.py -u 'http://[::1]/?p=42'


Here is the traceback displayed on keyboard interrupt:

Traceback (most recent call last):
  File "./sqlmap.py", line 19, in <module>
    main()
  File "/sqlmap/_sqlmap.py", line 110, in main
    errMsg = unhandledExceptionMessage()
  File "/sqlmap/lib/core/common.py", line 2557, in unhandledExceptionMessage
    return maskSensitiveData(errMsg)
  File "/sqlmap/lib/core/common.py", line 2568, in maskSensitiveData
    while extractRegexResult(regex, retVal):
  File "/sqlmap/lib/core/common.py", line 2159, in extractRegexResult
    retVal = match.group("result")
KeyboardInterrupt



Regards,

rmillet42
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: sqlmap bug report

André Silva — 2012-05-23T11:02:59

Bob,

Shoudl always include sqlmap mailing-list

AS

2012/5/23 Bob <stock.lots-9uewiaClKEY< at >public.gmane.org>

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: File Read BUG

Miroslav Stampar — 2012-05-18T08:32:31

Hi nightman.

Thank you for your report and find it fixed with the latest r5059.

Kind regards,
Miroslav Stampar

On Fri, May 18, 2012 at 8:09 AM, <nightman-htSm2yLGOjU< at >public.gmane.org> wrote:

File Read BUG

2012-05-18T06:09:28

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: sqlmap unhandeld exception

Miroslav Stampar — 2012-05-14T13:47:54

Hi Devon.

Thank you for your report and this could be fixed now with the latest r5057.

Kind regards,
Miroslav Stampar

On Sun, May 13, 2012 at 5:57 PM, Devon <devon.mitchell-YDxpq3io04c< at >public.gmane.org> wrote:

sqlmap unhandeld exception

Devon — 2012-05-13T15:57:43

Hello,

I received this error using sqlmap.  It has been working great on the rest of the database, it must have encountered something it did not like in this table.

[15:42:32] [ERROR] thread MainThread: unhandled exception in sqlmap/1.0-dev (r4974), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4974)
Python version: 2.7.1+
Operating system: posix
Command line: /opt/sqlmap/sqlmap.py --random-agent --threads=5 -u ******************** -u ********************:80/bannerclick.php?adid=34 --technique=U -D ************ --dump
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "/opt/sqlmap/lib/core/threads.py", line 131, in runThreads
    threadFunction()
  File "/opt/sqlmap/lib/techniques/union/use.py", line 301, in unionThread
    output = __oneShotUnionUse(limitedExpr, unpack, True)
  File "/opt/sqlmap/lib/techniques/union/use.py", line 73, in __oneShotUnionUse
    page, headers = Request.queryPage(payload, content=True, raise404=False)
  File "/opt/sqlmap/lib/request/connect.py", line 712, in queryPage
    page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
  File "/opt/sqlmap/lib/request/connect.py", line 311, in getPage
    conn = urllib2.urlopen(req)
  File "/usr/lib/python2.7/urllib2.py", line 126, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 397, in open
    response = meth(req, response)
  File "/usr/lib/python2.7/urllib2.py", line 510, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.7/urllib2.py", line 429, in error
    result = self._call_chain(*args)
  File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
    result = func(*args)
  File "/opt/sqlmap/lib/request/redirecthandler.py", line 81, in http_error_302
    redurl = urlparse.urljoin(conf.url, redurl)
  File "/usr/lib/python2.7/urlparse.py", line 287, in urljoin
    return urlunparse((scheme, netloc, '/'.join(segments),
UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 65: ordinal not in range(128)
                                                                                                                                                                                              
[15:42:33] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4974), retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sqlmap-users-5NWGOfrQmnc< at >public.gmane.orgurceforge.net the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4974)
Python version: 2.7.1+
Operating system: posix
Command line: /opt/sqlmap/sqlmap.py --random-agent --threads=5 -u ******************** -u ********************:80/bannerclick.php?adid=34 --technique=U -D ************ --dump
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "/opt/sqlmap/_sqlmap.py", line 82, in main
    start()
  File "/opt/sqlmap/lib/controller/controller.py", line 573, in start
    action()
  File "/opt/sqlmap/lib/controller/action.py", line 109, in action
    conf.dbmsHandler.dumpTable()
  File "/opt/sqlmap/plugins/generic/enumeration.py", line 1616, in dumpTable
    entries = inject.getValue(query, blind=False, dump=True)
  File "/opt/sqlmap/lib/request/inject.py", line 417, in getValue
    value = __goInband(query, expected, unique, unpack, dump)
  File "/opt/sqlmap/lib/request/inject.py", line 364, in __goInband
    output = unionUse(expression, unpack=unpack, dump=dump)
  File "/opt/sqlmap/lib/techniques/union/use.py", line 344, in unionUse
    value = __oneShotUnionUse(expression, unpack)
  File "/opt/sqlmap/lib/techniques/union/use.py", line 73, in __oneShotUnionUse
    page, headers = Request.queryPage(payload, content=True, raise404=False)
  File "/opt/sqlmap/lib/request/connect.py", line 712, in queryPage
    page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare)
  File "/opt/sqlmap/lib/request/connect.py", line 311, in getPage
    conn = urllib2.urlopen(req)
  File "/usr/lib/python2.7/urllib2.py", line 126, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 397, in open
    response = meth(req, response)
  File "/usr/lib/python2.7/urllib2.py", line 510, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.7/urllib2.py", line 429, in error
    result = self._call_chain(*args)
  File "/usr/lib/python2.7/urllib2.py", line 369, in _call_chain
    result = func(*args)
  File "/opt/sqlmap/lib/request/redirecthandler.py", line 81, in http_error_302
    redurl = urlparse.urljoin(conf.url, redurl)
  File "/usr/lib/python2.7/urlparse.py", line 287, in urljoin
    return urlunparse((scheme, netloc, '/'.join(segments),
UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 65: ordinal not in range(128)

[*] shutting down at 15:42:33


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: Expired TLS certificate

Bernardo Damele A. G. — 2012-05-09T12:44:51

Hi,

We have renewed the SSL certificate now.

Bernardo


On 7 May 2012 15:56, Miroslav Stampar <miroslav.stampar-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote:

Re: SQL in output

Miroslav Stampar — 2012-05-09T10:41:42

Hi.

Which version do you run?

Kind regards
On May 9, 2012 12:30 PM, "Steit Slings" <steit-Au+jM+4sXUS+7MnjYRcVTA< at >public.gmane.org> wrote:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

SQL in output

Steit Slings — 2012-05-09T10:11:25

Hai All,

I'm using sqlmap to retreive data. In some cases I get a result with SQL
in the output like:

.......30,125yf' at line 13<hr />SELECT \n\t\t\t\t\t* \n\t\t\t\t\tFROM
account_users..........

What am i doing wrong?

Steit!

Re: Get pattern used to determine injection success

Korius — 2012-05-08T11:31:42

Get yourself the burp proxy
(http://portswigger.net/burp/downloadfree.html), configure sqlmap to use
the proxy (via the '--proxy' parameter) and check the requests that
passed through the proxy.

Cheers
Dennis


Am 08.05.2012 12:45, schrieb Lukas Rist:


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Re: Get pattern used to determine injection success

Miroslav Stampar — 2012-05-08T10:45:33

Hi.

Decision is based on a technique used:

A) boolean - similar response on A=A, non similar response on A<>B
B) error - used test query string has to be inside the response (e.g. A:1:B)
C) union - same as B
D) stacked - delay on A=A, no delay on A<>B
E) time-based - same as D

False positives are detected by using a simple arithmetic operations
in cases A/D/E

Please, use -v 3 as much as possible to see what is sqlmap doing.
Also, please take a look into the source code - after all, it's an
open source

Kind regards

On Tue, May 8, 2012 at 12:37 PM, Lukas Rist <glaslos-Re5JQEeQqe8AvxtiuMwx3w< at >public.gmane.org> wrote: