[sqlmap-users] bug report

2011-03-24 Thread m4l1c3 
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u

--batch -o --tables -D **
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
424, in start
action()
  File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 91, in
action
conf.dumper.dbTables(conf.dbmsHandler.getTables())
  File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
827, in getTables
for db, table in value:
ValueError: too many values to unpack

--fingerprint is successful
--banner is successful
--
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] forms bug

2011-03-26 Thread m4l1c3 
sqlmap version: 0.9-dev (r3498)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u  --dbs
--batch -o --forms
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 74, in main
init(cmdLineOptions)
  File "/pentest/database/sqlmap-dev/lib/core/option.py", line 1461, in init
__findPageForms()
  File "/pentest/database/sqlmap-dev/lib/core/option.py", line 443, in
__findPageForms
forms = ParseResponse(response, backwards_compat=False)
  File "/pentest/database/sqlmap-dev/extra/clientform/clientform.py", line
1064, in ParseResponse
return _ParseFileEx(response, response.geturl(), *args, **kwds)[1:]
AttributeError: 'unicode' object has no attribute 'geturl'
--
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-03-26 Thread m4l1c3 
[22:01:34] [CRITICAL] unhandled exception in sqlmap/0.9-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sqlmap-users@lists.sourceforge.net the following text and any information
required to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 0.9-dev (r3498)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -g *** ext:aspx --batch -o --dump
-C ***
Technique: TIME
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
424, in start
action()
  File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, in
action
conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
  File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
1237, in dumpTable
self.searchColumn()
  File
"/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line
336, in searchColumn
dbs[db][tbl].update(kb.data.cachedColumns[db][tbl])
KeyError: u'dt_addtosourcecontrol'
--
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] dumping bug

2011-03-28 Thread m4l1c3 
sqlmap version: 0.9-dev (r3513)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u ***
--batch -o --tables -D **
Technique: ERROR
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
447, in start
action()
  File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 91, in
action
conf.dumper.dbTables(conf.dbmsHandler.getTables())
  File "/pentest/database/sqlmap-dev/lib/core/dump.py", line 169, in
dbTables
maxlength = max(maxlength, len(normalizeUnicode(table)))
TypeError: object of type 'NoneType' has no len()

[*] shutting down at: 20:53:10
--
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-04-03 Thread m4l1c3 
sqlmap version: 0.9-dev (r3551)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -g ** --dbs --batch -o
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
273, in start
checkNullConnection()
  File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 777, in
checkNullConnection
page, headers = Request.getPage(method=HTTPMETHOD.HEAD)
  File "/pentest/database/sqlmap-dev/lib/request/connect.py", line 216, in
getPage
conn = urllib2.urlopen(req)
  File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
return _opener.open(url, data)
  File "/usr/lib/python2.5/urllib2.py", line 381, in open
response = self._open(req, data)
  File "/usr/lib/python2.5/urllib2.py", line 399, in _open
'_open', req)
  File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
result = func(*args)
  File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
210, in http_open
return self.do_open(HTTPConnection, req)
  File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
181, in do_open
self._start_connection(h, req)
  File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
140, in _start_connection
h.endheaders()
  File "/pentest/database/sqlmap-dev/extra/keepalive/keepalive.py", line
342, in endheaders
self._send_output()
  File "/usr/lib/python2.5/httplib.py", line 732, in _send_output
self.send(msg)
  File "/usr/lib/python2.5/httplib.py", line 711, in send
self.sock.sendall(str)
  File "", line 1, in sendall
UnicodeEncodeError: 'ascii' codec can't encode characters in position 28-39:
ordinal not in range(128)

[*] shutting down at: 23:20:16
--
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-04-07 Thread m4l1c3 
sqlmap version: 0.9-dev (r3577)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -g ** ext:aspx --dbs --batch -o
--text-only --level 3 --risk 2
Technique: UNION
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 82, in main
start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
364, in start
elif not checkDynParam(place, parameter, value):
  File "/pentest/database/sqlmap-dev/lib/controller/checks.py", line 582, in
checkDynParam
payload = agent.payload(place, parameter, value, getUnicode(randInt))
  File "/pentest/database/sqlmap-dev/lib/core/agent.py", line 112, in
payload
retValue = paramString.replace(origValue,
self.addPayloadDelimiters(newValue))
AttributeError: 'NoneType' object has no attribute 'replace'
--
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-04-15 Thread m4l1c3 
sqlmap version: 1.0-dev (r3674)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -u ***
--batch --dump -C ***
Technique: BOOLEAN
Back-end DBMS: Microsoft SQL Server (fingerprinted)
Traceback (most recent call last):
  File "./sqlmap.py", line 83, in main
start()
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line
467, in start
action()
  File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 103, in
action
conf.dumper.dbTableValues(conf.dbmsHandler.dumpTable())
  File "/pentest/database/sqlmap-dev/plugins/generic/enumeration.py", line
1238, in dumpTable
self.searchColumn()
  File
"/pentest/database/sqlmap-dev/plugins/dbms/mssqlserver/enumeration.py", line
320, in searchColumn
query = query % (db, db, db, db, db, db)
TypeError: not all arguments converted during string formatting
--
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] new bug

2011-04-15 Thread m4l1c3 
I removed my sqlmap-dev folder, and svn'd the latest.

Here's the output of ./sqlmap.py --update

Traceback (most recent call last):
  File "./sqlmap.py", line 27, in 
from lib.controller.controller import start
  File "/pentest/database/sqlmap-dev/lib/controller/controller.py", line 12,
in 
from lib.controller.action import action
  File "/pentest/database/sqlmap-dev/lib/controller/action.py", line 10, in

from lib.controller.handler import setHandler
  File "/pentest/database/sqlmap-dev/lib/controller/handler.py", line 10, in

from lib.core.common import Backend
  File "/pentest/database/sqlmap-dev/lib/core/common.py", line 49, in

from lib.core.convert import htmlunescape
  File "/pentest/database/sqlmap-dev/lib/core/convert.py", line 24, in

from extra.safe2bin.safe2bin import safecharencode
ImportError: No module named safe2bin.safe2bin
--
Benefiting from Server Virtualization: Beyond Initial Workload 
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve 
application availability and disaster protection. Learn more about boosting 
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-04-26 Thread m4l1c3 
Target login page is like:  Type a number into a field, a login appears.  I
log in, and spider with burpsuite.  250mb log file (too much?)

sqlmap version: 1.0-dev (r3770)
Python version: 2.5.2
Operating system: posix
Command line: ./sqlmap.py -l /stough/log --batch --dbs
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "./sqlmap.py", line 75, in main
init(cmdLineOptions)
  File "/pentest/database/sqlmap-dev/lib/core/option.py", line 1600, in init
__setMultipleTargets()
  File "/pentest/database/sqlmap-dev/lib/core/option.py", line 332, in
__setMultipleTargets
__feedTargetsDict(conf.list, addedTargetUrls)
  File "/pentest/database/sqlmap-dev/lib/core/option.py", line 296, in
__feedTargetsDict
content = content.replace("\r", "")
MemoryError
--
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] Latest commit breaks sqlmap?

2011-06-18 Thread m4l1c3 
with no switches:

Traceback (most recent call last):
  File "./sqlmap.py", line 27, in 
from lib.controller.controller import start
  File "/pentest/database/sqlmap/lib/controller/controller.py", line
13, in 
from lib.controller.action import action
  File "/pentest/database/sqlmap/lib/controller/action.py", line 10, in 
from lib.controller.handler import setHandler
  File "/pentest/database/sqlmap/lib/controller/handler.py", line 29,
in 
from plugins.dbms.mysql import MySQLMap
  File "/pentest/database/sqlmap/plugins/dbms/mysql/__init__.py", line
15, in 
from plugins.dbms.mysql.filesystem import Filesystem
  File "/pentest/database/sqlmap/plugins/dbms/mysql/filesystem.py",
line 18, in 
from lib.techniques.union.use import unionUse
ImportError: No module named union.use

--
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] RuntimeError: maximum recursion depth exceeded

2011-06-22 Thread m4l1c3 
I"m getting a lot of this:

[07:08:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4161),
retry your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sqlmap-users@lists.sourceforge.net the following text and any
information required to reproduce the bug. The developers will try to
reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4161)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u https://*** --batch --dbs
Technique: None
Back-end DBMS: None (identified)


iterate(node, instance)
  File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
  File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
  File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
  File "/pentest/database/sqlmap/lib/core/option.py", line 338, in iterate
iterate(node, instance)
  File "/pentest/database/sqlmap/lib/core/option.py", line 333, in iterate
instance = DictObject()
RuntimeError: maximum recursion depth exceeded

--
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] Oracle dumping

2011-07-21 Thread m4l1c3 
I"ve always had trouble dumping Oracle databases.  I can usually see the
Databases and columns, whether they come down via Union or time-based or
whatever.  But when it comes down to:

./sqlmap.py URL:/parameters/etc/?id=3 --dump -T public -D not_sensitive

I get errors indicating there might only be one entry, and sqlmap fails to
detect it.  I can brute some table names, but this occurs every time I
encounter an Oracle database.

Has SQL Injection simply not progressed that far?  I've tried --level 5 and
--risk 3 just to be sure.

I'm glad to email some personal detail to help.

Thanks for the quick help, you've never disappointed.
--
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-11-13 Thread m4l1c3 
hi again

sqlmap version: 1.0-dev (r4503)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u

--batch --dbs --technique=BU --random-agent --threads 10 --crawl 3 --level
2 --risk 2 --smart
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 508,
in start
percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) /
len(kb.originalPage))
  File "/pentest/database/sqlmap/lib/core/common.py", line 1589, in
getFilteredPageContent
retVal =
re.sub(r"(?s)||%s" %
(r"|<[^>]+>|\t|\n|\r" if onlyText else ""), " ", page, flags=re.I)
TypeError: sub() got an unexpected keyword argument 'flags'
--
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-11-13 Thread m4l1c3 
sqlmap version: 1.0-dev (r4503)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u 
--batch --dbs --technique=BU --random-agent --threads 10 --forms --level 2
--risk 2 --smart
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 508,
in start
percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) /
len(kb.originalPage))
  File "/pentest/database/sqlmap/lib/core/common.py", line 1589, in
getFilteredPageContent
retVal =
re.sub(r"(?s)||%s" %
(r"|<[^>]+>|\t|\n|\r" if onlyText else ""), " ", page, flags=re.I)
TypeError: sub() got an unexpected keyword argument 'flags'
--
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] bug report

2011-11-13 Thread m4l1c3 
New commit works perfectly, thanks.

On Sun, Nov 13, 2011 at 12:53 PM, m4l1c3  wrote:

> hi again
>
> sqlmap version: 1.0-dev (r4503)
> Python version: 2.6.5
> Operating system: posix
> Command line: ./sqlmap.py -u
> 
> --batch --dbs --technique=BU --random-agent --threads 10 --crawl 3 --level
> 2 --risk 2 --smart
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
>   File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
> start()
>   File "/pentest/database/sqlmap/lib/controller/controller.py", line 508,
> in start
> percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) /
> len(kb.originalPage))
>   File "/pentest/database/sqlmap/lib/core/common.py", line 1589, in
> getFilteredPageContent
> retVal =
> re.sub(r"(?s)||%s" %
> (r"|<[^>]+>|\t|\n|\r" if onlyText else ""), " ", page, flags=re.I)
> TypeError: sub() got an unexpected keyword argument 'flags'
>
>
--
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-11-21 Thread m4l1c3 
sqlmap version: 1.0-dev (r4525)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 328,
in start
if not checkConnection(suppressOutput=conf.forms) or not checkString()
or not checkRegexp():
  File "/pentest/database/sqlmap/lib/controller/checks.py", line 950, in
checkConnection
page, _ = Request.queryPage(content=True, noteResponseTime=False)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 697, in
queryPage
page, headers, code = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, referer=referer, silent=silent, method=method,
auxHeaders=auxHeaders, response=response, raise404=raise404,
ignoreTimeout=timeBasedCompare)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 358, in
getPage
return Connect.__getPageProxy(**kwargs)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 77, in
__getPageProxy
return Connect.getPage(**kwargs)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 169, in
getPage
url = asciifyUrl(url)
  File "/pentest/database/sqlmap/lib/core/common.py", line 3036, in
asciifyUrl
hostname = parts.hostname.encode('idna')
  File "/usr/lib/python2.6/encodings/idna.py", line 164, in encode
result.append(ToASCII(label))
  File "/usr/lib/python2.6/encodings/idna.py", line 73, in ToASCII
raise UnicodeError("label empty or too long")
UnicodeError: label empty or too long
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-11-21 Thread m4l1c3 
[INFO]s have been removed.

sqlmap version: 1.0-dev (r4525)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u  --dbs
--technique=U --level 3 --risk 3 --batch --smart --crawl 3 --threads 3
--forms --random-agent
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/lib/core/threads.py", line 109, in
runThreads
threadFunction()
  File "/pentest/database/sqlmap/lib/utils/crawler.py", line 97, in
crawlThread
findPageForms(content, current, False, True)
  File "/pentest/database/sqlmap/lib/core/common.py", line 3115, in
findPageForms
data = urldecode(data, kb.pageEncoding) if data and
urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data
TypeError: argument of type 'instance' is not iterable

After this, the scan progresses normally with occasional errors like:

[ERROR] thread 2: argument of type 'instance' is not iterable

[ERROR] thread 0: argument of type 'instance' is not iterable

[ERROR] thread 1: argument of type 'instance' is not iterable

With no --threads parameter, sqlmap dumps the entire aforementioned error,
less the thread n lines.
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-11-22 Thread m4l1c3 
sqlmap version: 1.0-dev (r4541)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ** --batch --dbs
--forms --crawl 3 --smart --technique=U
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/_sqlmap.py", line 77, in main
init(cmdLineOptions)
  File "/pentest/database/sqlmap/lib/core/option.py", line 1875, in init
__setCrawler()
  File "/pentest/database/sqlmap/lib/core/option.py", line 429, in
__setCrawler
crawler.getTargetUrls()
  File "/pentest/database/sqlmap/lib/utils/crawler.py", line 118, in
getTargetUrls
runThreads(numThreads, crawlThread)
  File "/pentest/database/sqlmap/lib/core/threads.py", line 184, in
runThreads
conf.hashDB.flush(True)
AttributeError: 'NoneType' object has no attribute 'flush'
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-11-22 Thread m4l1c3 
sqlmap version: 1.0-dev (r4542)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***
--batch --privileges --forms --technique=U -pXX --dump -T ** -D

Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 580,
in start
action()
  File "/pentest/database/sqlmap/lib/controller/action.py", line 109, in
action
conf.dbmsHandler.dumpTable()
  File "/pentest/database/sqlmap/plugins/generic/enumeration.py", line
1774, in dumpTable
attackDumpedTable()
  File "/pentest/database/sqlmap/lib/utils/hash.py", line 366, in
attackDumpedTable
results = dictionaryAttack(attack_dict)
  File "/pentest/database/sqlmap/lib/utils/hash.py", line 721, in
dictionaryAttack
conf.hashDB.write(hash_, word)
  File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 79, in write
self.flush()
  File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 94, in flush
self.beginTransaction()
  File "/pentest/database/sqlmap/lib/utils/hashdb.py", line 111, in
beginTransaction
self.cursor.execute('BEGIN TRANSACTION')
OperationalError: cannot start a transaction within a transaction

This error seemed to occur after the cracking press had successfully
completed.
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report: dumps not saved with r4542

2011-11-22 Thread m4l1c3 
Command:
./sqlmap.py -u "http://www..XXX:80/SOME.php"; --forms --technique=U
-pNULL --dump -T TABLE01  -D DB

The command completes with no errors, and the contents are dumped to
console (abbreviated, as normal), however; the /output/domain/dump/
directory remains empty.  Need traffic.log?
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] bug report: dumps not saved with r4542

2011-11-22 Thread m4l1c3 
Update:

Command:
./sqlmap.py -u "http://www..org:80/php"; --forms --batch
--technique=U -pfield --dump-all --exclude-sysdbs > DUMP

This produces normal. "trimmed" dumps to console.

Then, after cracking hashes:

[INFO] cracked password 'password1' for user 'user1'

[INFO] current status: X... \
[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4542)
sqlmap version: 1.0-dev (r4542)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u ***
--forms --batch --technique=U -pX --dump-all --exclude-sysdbs
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)

Update complete.
Many thanks/props/blessings

On Tue, Nov 22, 2011 at 11:49 PM, m4l1c3  wrote:

> Command:
> ./sqlmap.py -u "http://www..XXX:80/SOME.php"; --forms
> --technique=U -pNULL --dump -T TABLE01  -D DB
>
> The command completes with no errors, and the contents are dumped to
> console (abbreviated, as normal), however; the /output/domain/dump/
> directory remains empty.  Need traffic.log?
>
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] bug report: dumps not saved with r4542

2011-11-23 Thread m4l1c3 
Updated to 4543.  Dumps still not saved to /output/domain/dump/

Please ignore the previous > DUMP redirection.

On Wed, Nov 23, 2011 at 12:54 AM, m4l1c3  wrote:

> Update:
>
> Command:
> ./sqlmap.py -u "http://www..org:80/php"; --forms --batch
> --technique=U -pfield --dump-all --exclude-sysdbs > DUMP
>
> This produces normal. "trimmed" dumps to console.
>
> Then, after cracking hashes:
>
> [INFO] cracked password 'password1' for user 'user1'
>
> [INFO] current status: X... \
> [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4542)
> sqlmap version: 1.0-dev (r4542)
> Python version: 2.6.5
> Operating system: posix
> Command line: ./sqlmap.py -u ***
> --forms --batch --technique=U -pX --dump-all --exclude-sysdbs
> Technique: UNION
> Back-end DBMS: MySQL (fingerprinted)
>
> Update complete.
> Many thanks/props/blessings
>
> On Tue, Nov 22, 2011 at 11:49 PM, m4l1c3  wrote:
>
>> Command:
>> ./sqlmap.py -u "http://www..XXX:80/SOME.php"; --forms
>> --technique=U -pNULL --dump -T TABLE01  -D DB
>>
>> The command completes with no errors, and the contents are dumped to
>> console (abbreviated, as normal), however; the /output/domain/dump/
>> directory remains empty.  Need traffic.log?
>>
>
>
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-12-04 Thread m4l1c3 
sqlmap version: 1.0-dev (r4574)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u * --batch --dbs --forms --crawl 2
--technique=BU --threads 10 --level 3 --risk 2 --smart --random-agent --tor
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/_sqlmap.py", line 86, in main
start()
  File "/pentest/database/sqlmap/lib/controller/controller.py", line 456,
in start
if not checkDynParam(place, parameter, value):
  File "/pentest/database/sqlmap/lib/controller/checks.py", line 665, in
checkDynParam
dynResult = Request.queryPage(payload, place, raise404=False)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 711, in
queryPage
page, headers, code = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, referer=referer, silent=silent, method=method,
auxHeaders=auxHeaders, response=response, raise404=raise404,
ignoreTimeout=timeBasedCompare)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 373, in
getPage
return Connect.__getPageProxy(**kwargs)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 80, in
__getPageProxy
return Connect.getPage(**kwargs)
  File "/pentest/database/sqlmap/lib/request/connect.py", line 302, in
getPage
conn = urllib2.urlopen(req)
  File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
  File "/usr/lib/python2.6/urllib2.py", line 391, in open
response = self._open(req, data)
  File "/usr/lib/python2.6/urllib2.py", line 409, in _open
'_open', req)
  File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
  File "/usr/lib/python2.6/urllib2.py", line 1161, in http_open
return self.do_open(httplib.HTTPConnection, req)
  File "/usr/lib/python2.6/urllib2.py", line 1133, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
  File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
  File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
  File "/usr/lib/python2.6/httplib.py", line 716, in connect
self.timeout)
  File "/pentest/database/sqlmap/extra/socks/socks.py", line 410, in
create_connection
except error as _:
NameError: global name 'error' is not defined
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

[sqlmap-users] bug report

2011-12-04 Thread m4l1c3 
sqlmap version: 1.0-dev (r4574)
Python version: 2.6.5
Operating system: posix
Command line: ./sqlmap.py -u * --batch --dbs --forms
--crawl 3 --technique=U --threads 10 --level 3 --risk 2 --smart
--random-agent --tor
Technique: None
Back-end DBMS: None (identified)
Traceback (most recent call last):
  File "/pentest/database/sqlmap/lib/core/threads.py", line 123, in
runThreads
threadFunction()
  File "/pentest/database/sqlmap/lib/utils/crawler.py", line 61, in
crawlThread
content = Request.getPage(url=current, crawling=True, raise404=False)[0]
  File "/pentest/database/sqlmap/lib/request/connect.py", line 302, in
getPage
conn = urllib2.urlopen(req)
  File "/usr/lib/python2.6/urllib2.py", line 126, in urlopen
return _opener.open(url, data, timeout)
  File "/usr/lib/python2.6/urllib2.py", line 391, in open
response = self._open(req, data)
  File "/usr/lib/python2.6/urllib2.py", line 409, in _open
'_open', req)
  File "/usr/lib/python2.6/urllib2.py", line 369, in _call_chain
result = func(*args)
  File "/usr/lib/python2.6/urllib2.py", line 1161, in http_open
return self.do_open(httplib.HTTPConnection, req)
  File "/usr/lib/python2.6/urllib2.py", line 1133, in do_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
  File "/usr/lib/python2.6/httplib.py", line 910, in request
self._send_request(method, url, body, headers)
  File "/usr/lib/python2.6/httplib.py", line 947, in _send_request
self.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 904, in endheaders
self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 776, in _send_output
self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 735, in send
self.connect()
  File "/usr/lib/python2.6/httplib.py", line 716, in connect
self.timeout)
  File "/pentest/database/sqlmap/extra/socks/socks.py", line 410, in
create_connection
except error as _:
NameError: global name 'error' is not defined
[21:37:24] [WARNING] no usable links found (with GET parameters)


Thanks, everyone, for your continued efforts to develop this program.
--
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users