Re: [sqlmap-users] SQL Injection Pointer *
Hi Ulisses. It's on a TODO list along with custom header injections. We'll inform you when it will be available. Until then cheers :) Kind regards, Miroslav Stampar On Tue, Jul 3, 2012 at 6:42 AM, Ulisses Castro wrote: > Hello my friends, > > I'm looking for SQL injection pointer like in GET/POST with "*", but > this time in Cookie, injection pointer works with Cookie injection?? > > Thanks and keep the good work! > > Best wishes, > Ulisses > > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
[sqlmap-users] another bug....
sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 16:35:06 [16:35:06] [INFO] setting file for logging HTTP traffic [16:35:06] [INFO] first request to Google to get the session cookie [16:35:07] [INFO] using Google result page #1 [16:35:16] [INFO] heuristics detected web page charset 'ISO-8859-2' do you want to scan only results containing GET parameters? [Y/n] [16:35:18] [INFO] sqlmap got 104 results for your Google dork expression, 28 of them are testable targets [16:35:18] [INFO] sqlmap got a total of 28 targets [16:35:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the Subversion repository. If the exception persists, please send by e-mail to sqlmap-users@lists.sourceforge.net the follo wing text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev Python version: 2.7.2 Operating system: nt Command line: C:\Users\Andrea\Desktop\sqlmap\sqlmap.py -g ** main.php?id= -p --random-agent -o --keep-alive --null-connection --threads=10 --dbms=access --p refix= --suffix= --os= --dbs --parse-errors -t ./SQM/TRAFFIC/trafico.txt --beep --page-rank --smart Technique: None Back-end DBMS: Microsoft Access (identified) Traceback (most recent call last): File "C:\Users\Andrea\Desktop\sqlmap\_sqlmap.py", line 81, in main start() File "C:\Users\Andrea\Desktop\sqlmap\lib\controller\controller.py", line 294, in start message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, ta rgetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and con f.pageRank else "") UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 784: ordina l not in range(128) [*] shutting down at 16:35:19 C:\Users\Andrea\Desktop\sqlmap> -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
[sqlmap-users] ms sql database names' enum
I've met dozens of practical cases when --dbs switch becomes useless with --dbms=mssql (can't say precisely, but maybe <2008 versions). The only workaround proved itself useful is retrieval of db_name(i++) using --sql-shell while other standart techniques were totally useless. Another reason i decided to compose this miserable letter is that i would like to see debug information on how page is being parsed in order to determine exact string or regexp or whatever sqlmap uses to pick up context output or to determine the boolean value for positive logical answer. Uploading specific files for mssql would be great too, because currently i choose another commercial products which are ugly, heavy, gui and windows only in order to execute os commands (that thing appeared to be broken in almost every semi-complicated case while worked fine on some fucking retarded pangolin\webcruiser\e.t.c. tools) or upload something over designed and accessible routines of ms sql in certain cases. Maybe i'm missing some concepts , but the first thing i've mentioned above deserves your attention for sure. Thanks :* -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Re: [sqlmap-users] ms sql database names' enum
Hi Henry, On 3 July 2012 01:01, Henry Waves wrote: > I've met dozens of practical cases when --dbs switch becomes useless > with --dbms=mssql (can't say precisely, but maybe <2008 versions). The > only workaround proved itself useful is retrieval of db_name(i++) using > --sql-shell while other standart techniques were totally useless. We have been notified already that there might be a bug with --dbs and --tables on MSSQL (particularly version 2008). We will look closely in the upcoming weeks into reproducing this bug, if any, across all MSSQL versions. I have opened issue #55[1] for the time being and will keep you posted there with comments. > Another reason i decided to compose this miserable letter is that i > would like to see debug information on how page is being parsed in order > to determine exact string or regexp or whatever sqlmap uses to pick up > context output or to determine the boolean value for positive logical > answer. If you run sqlmap with -v 3 not only you see all injected SQLi payloads, but following detection, it shows you also the exact vector used to identify the vulnerable and exploitable SQLi technique. > Uploading specific files for mssql would be great too, because > currently i choose another commercial products which are ugly, heavy, > gui and windows only in order to execute os commands (that thing > appeared to be broken in almost every semi-complicated case while worked > fine on some fucking retarded pangolin\webcruiser\e.t.c. tools) or > upload something over designed and accessible routines of ms sql in > certain cases. Maybe i'm missing some concepts , but the first thing > i've mentioned above deserves your attention for sure. Thanks :* We have got support to interact with the underlying file system since 2009. Relevant switches are --file-read, --file-write and --file-dest. --tmp-path might also be of use here, check the user's manual for details and examples. I am not aware at the moment of any bug related to these switches, but please go ahead and open an issue[2] with details to reproduce the bug, if any. I have recently retested all these switched across all three supported DBMS (MSSQL, PgSQL and MySQL) and they all worked fine. [1] https://github.com/sqlmapproject/sqlmap/issues/55 [2] https://github.com/sqlmapproject/sqlmap/issues/new -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Re: [sqlmap-users] ERROR SQLMAPge
Hi Diego, Can you please rerun your command using sqlmap latest development version from Git[1]? If the bug persists, let us know. [1] https://github.com/sqlmapproject/sqlmap Cheers, Bernardo On 30 June 2012 07:20, diego system wrote: > Dear. > > I have a doubt time to do an audit the following error appeared and I do not > know how to solve it I need your help to clarify the error that happened > when I was studying and doing a test here in the company, which has prompted > me. > > I am forwarding you the error in TXT if possible send me a position as you. > > Thank you all and I look forward to. > > att, > > > Diego R. Pereira > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Re: [sqlmap-users] ms sql database names' enum
Hi Henry. Find "SELECT DB_NAME(i++)" mechanism implemented with the latest commit (27fdccc) as a fallback in case that standard one fails. Kind regards, Miroslav Stampar On Tue, Jul 3, 2012 at 2:01 AM, Henry Waves wrote: > I've met dozens of practical cases when --dbs switch becomes useless > with --dbms=mssql (can't say precisely, but maybe <2008 versions). The > only workaround proved itself useful is retrieval of db_name(i++) using > --sql-shell while other standart techniques were totally useless. > Another reason i decided to compose this miserable letter is that i > would like to see debug information on how page is being parsed in order > to determine exact string or regexp or whatever sqlmap uses to pick up > context output or to determine the boolean value for positive logical > answer. Uploading specific files for mssql would be great too, because > currently i choose another commercial products which are ugly, heavy, > gui and windows only in order to execute os commands (that thing > appeared to be broken in almost every semi-complicated case while worked > fine on some fucking retarded pangolin\webcruiser\e.t.c. tools) or > upload something over designed and accessible routines of ms sql in > certain cases. Maybe i'm missing some concepts , but the first thing > i've mentioned above deserves your attention for sure. Thanks :* > > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Re: [sqlmap-users] another bug....
Hi Pedrito. Thank you for your report. Apparently --page-rank was not working properly for some time because Google changed some logic behind it. With the latest commit (40fc648) everything should be up and running (no more crashes). Kind regards, Miroslav Stampar On Mon, Jul 2, 2012 at 11:36 PM, Pedrito Perez <0ark1an...@gmail.com> wrote: > > sqlmap/1.0-dev - automatic SQL injection and database takeover tool > http://www.sqlmap.org > > [!] legal disclaimer: usage of sqlmap for attacking targets without prior > mutual > consent is illegal. It is the end user's responsibility to obey all > applicable > local, state and federal laws. Authors assume no liability and are not > responsib > le for any misuse or damage caused by this program > > [*] starting at 16:35:06 > > [16:35:06] [INFO] setting file for logging HTTP traffic > [16:35:06] [INFO] first request to Google to get the session cookie > [16:35:07] [INFO] using Google result page #1 > [16:35:16] [INFO] heuristics detected web page charset 'ISO-8859-2' > do you want to scan only results containing GET parameters? [Y/n] > > [16:35:18] [INFO] sqlmap got 104 results for your Google dork expression, > 28 of > them are testable targets > [16:35:18] [INFO] sqlmap got a total of 28 targets > > [16:35:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your > run with > the latest development version from the Subversion repository. If the > exception > persists, please send by e-mail to sqlmap-users@lists.sourceforge.netthe > follo > wing text and any information required to reproduce the bug. The > developers will > try to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev > Python version: 2.7.2 > Operating system: nt > Command line: C:\Users\Andrea\Desktop\sqlmap\sqlmap.py -g ** > main.php?id= -p > --random-agent -o --keep-alive --null-connection --threads=10 > --dbms=access --p > refix= --suffix= --os= --dbs --parse-errors -t ./SQM/TRAFFIC/trafico.txt > --beep > --page-rank --smart > Technique: None > Back-end DBMS: Microsoft Access (identified) > Traceback (most recent call last): > File "C:\Users\Andrea\Desktop\sqlmap\_sqlmap.py", line 81, in main > start() > File "C:\Users\Andrea\Desktop\sqlmap\lib\controller\controller.py", line > 294, > in start > message = "url %d:\n%s %s%s" % (hostCount, conf.method or > HTTPMETHOD.GET, ta > rgetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork > and con > f.pageRank else "") > UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 784: > ordina > l not in range(128) > > [*] shutting down at 16:35:19 > > > C:\Users\Andrea\Desktop\sqlmap> > > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
[sqlmap-users] (no subject)
Hello sqlMap I thought of an improvement, because when you retrieve the databases (or tables or columns) does not enumerate the number of the item? == current sqlMap == [22:15:39] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2005 [22:15:39] [INFO] fetching columns for table 'myTable' in database 'mystore' [22:15:49] [WARNING] reflective value(s) found and filtering out [22:15:49] [INFO] the SQL query used returns 253 entries [22:16:00] [INFO] retrieved: citta [22:16:07] [INFO] retrieved: varchar [22:16:13] [INFO] retrieved: cognome [22:16:22] [INFO] retrieved: nvarchar == my idea (modify in green) == [22:15:39] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2005 [22:15:39] [INFO] fetching columns for table 'myTable' in database 'mystore' [22:15:49] [WARNING] reflective value(s) found and filtering out [22:15:49] [INFO] the SQL query used returns 253 entries [22:16:00] [INFO] retrieved #1: citta [22:16:07] [INFO] retrieved #2: varchar [22:16:13] [INFO] retrieved #3: cognome [22:16:22] [INFO] retrieved #4: nvarchar lot a kiss -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
