works like a charm! Thanks for the quick update.
>
> Kind regards,
> Miroslav Stampar
>
> On Wed, May 30, 2018 at 12:49 PM, Brandon Perry <mailto:bperry.volat...@gmail.com>> wrote:
> I’ve come across a SQL injection that uppercases the input, so that 0x
>
I’ve come across a SQL injection that uppercases the input, so that 0x
becomes 0X. This isn’t a valid hex value in MySQL since 0X is required to
use a lowercase x. I attempted to use a quick —eval argument to change the
syntax from 0x to X’’, but the single quotes in the X’' syntax end u
I’m currently exploiting a recent vulnerability announced in Foreman versions
1.9+ through 1.16.1. The available techniques are boolean, time, and
error-based.
Error based is the fastest obviously, but it seems like it could be faster.
Currently, it performs an error-based exfil in a similar wa
Put quotes around your URL . The & is being interpreted by bash and ending your
URL early.
> On Nov 14, 2017, at 2:21 PM, Oleg V. Melnichuk wrote:
>
> Hi
>
> I have several sites under the nginx server with different server_name
> in a virtual machine with one IP address. Under this IP in the
perspective.
Thanks for the insight.
>
> Bye
>
> On Wed, Aug 16, 2017 at 12:36 AM, Brandon Perry <mailto:bperry.volat...@gmail.com>> wrote:
> Looking at some later requests, it appears that dumping a row from a table is
> performed this way (each column is concated togethe
concat statement
(selecting 10 rows per request for instance, instead just one).
Just thoughts.
> On Aug 15, 2017, at 4:04 PM, Brandon Perry wrote:
>
> Currently, it seems that sqlmap will use a payload such as the following is a
> UNIONable parameter is found that can only return one
Currently, it seems that sqlmap will use a payload such as the following is a
UNIONable parameter is found that can only return one row in order for data to
be exfil’ed.
-16301 UNION ALL SELECT NULL,NULL,(SELECT
CONCAT(0x71787a7871,IFNULL(CAST(schema_name AS CHAR),0x20),0x716a706271) FROM
INFO
> On Feb 27, 2017, at 4:28 PM, Brandon Perry wrote:
>
> Hi, testing —randomize for the first time.
>
> I have an injection that is certainly boolean-injectable as I can exploit by
> hand, but the content of the response can change if the url requested seems
> to
Hi, testing —randomize for the first time.
I have an injection that is certainly boolean-injectable as I can exploit by
hand, but the content of the response can change if the url requested seems to
have been hit before.
For instance, if I do GET /fdsa/1%20or%201=1, 100 bytes are returned. If I
> On Feb 13, 2017, at 10:39 AM, Rodrigo Zanatta Silva
> wrote:
>
> How can I disable the sqlmap doing 30 connections before start doing time
> attack?
You have to build a statistical model of how quickly the requests generally
return to ensure accuracy during a timing attack. You can’t get a
> On Dec 19, 2016, at 5:10 PM, Mark M. wrote:
>
> Right, that makes sense. But at the same time, this is a valid injection (I
> can reproduce it manually). Perhaps there's information I can provide to
> someone that would help improve the tool so it would catch this particular
> case and ot
You can add —proxy and make sqlmap pass all requests through burpsuite or
another proxy so you can see what the difference is between the requests sqlmap
creates and the ones you make by hand are.
> On Dec 4, 2016, at 8:27 AM, Miroslav Stampar
> wrote:
>
> This is a straigthforward case. You
What command and arguments are you using exactly?
Sent from a phone
> On Dec 4, 2016, at 8:06 AM, Daniele Bianchin wrote:
>
> Hi!
> I have an issue with sqlmap.
> I created my own fake login in order to test blind sql injection but
> everytime i make a test sqlmap says it isn't exploitable.
>
You can write a burp rule that rewrites a specific value that you set in the
SOAP body with an incrementing integer as sqlmap is exploiting the sqlinjection
(it wouldn’t realize the parameter needed to be incremented).
You can use —proxy to send sqlmap through burp.
> On Aug 18, 2016, at 2:02 P
Nov 16, 2015 7:53 PM, "Miroslav Stampar"
> wrote:
>
>> Please run with -v 3 to see what sqlmap does. It doesn't iterate serially
>> for all characters. It uses binary search. On average it requires cca. 5-6
>> requests per char.
>>
>> Bye
>> On No
Also, obviously password hashes and the like are not english, so this would
mostly be useful potentially for table/column name enumeration.
On Mon, Nov 16, 2015 at 12:28 PM, Brandon Perry
wrote:
> The other night, I was performing a boolean-based attack. I realised that
> iterating from a
The other night, I was performing a boolean-based attack. I realised that
iterating from a-zA-Z0-9 as bytes to compare on the SQL server could be
optimized, but only for Latin/English languages, so not sure how useful
this would be.
During boolean-based blind attacks, would it be useful to use a c
>
> On Oct 19, 2015 7:05 PM, "Brandon Perry" <mailto:bperry.volat...@gmail.com>> wrote:
> Just curious, how do you expect a user to set a specific content type? Is
> there are argument I am missing, or is --headers the expected way?
>
> On Mon, Oct 19
or your sample.
>
> Bye
>
> On Mon, Oct 19, 2015 at 4:04 PM, Brandon Perry
> wrote:
>
>> Yes, I can, but it will have to be when I get home this evening.
>>
>> FWIW, I am interacting with the sqlmap API, so not passing it a request
>> file. I am building the SO
re was no content-type from the beginning).
>
> Can you please send a sample request file and/or used sqlmap options.
>
> Bye
>
> On Mon, Oct 19, 2015 at 4:00 PM, Brandon Perry
> wrote:
>
>> The actual request is a SOAP payload, which requires a content type of
&g
encoded, while you
> want payload to not be url encoded.
>
> Bye
>
> On Sun, Oct 18, 2015 at 11:35 AM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Will patch it later today.
>>
>> Bye
>> On Oct 17, 2015 04:32, "Brandon P
I tracked it down to ./lib/request/connect.py, line 726.
contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
I am specifying a content type explicitly with —headers, so commenting this
line out allowed sqlmap to detect the injections (the server returns 50x if the
co
;>>>>>>> Just run java- jar WebGoat-6.0.1-war-exec.jar
>>>>>>>> And you can login at localhost:8080/WebGoat with name webgoat and
>>>>>>>> password webgoat
>>>>>>>> The request file posted earlier is from Blind
< specifically, which is where the between tamper script is
useful.
There are a lot of tamper scripts, maybe it’s a space (space2comment), not the
< or > characters. Try different techniques if available. I have no idea about
the internals of webgoat.
> Thanks,
> Vojta
>
> Dne
You should look in the logs of the web server and see what they say.
I bet you need --tamper=between
Sent from a phone
> On Oct 8, 2015, at 10:33 AM, Vojtěch Polášek wrote:
>
> Greetings,
> I tried to verify Sqlmap's functionality by running it against Webgoat
> version 6.0.1. You can try it y
There is not as far as I know, but there is no reason why you can't open up
multiple instances of sqlmap dumping specifics parts of the database you
want.
On Fri, Sep 25, 2015 at 12:01 PM, Tobias Glemser
wrote:
> Hi List,
>
> does anybobdy know a way to disable the "multi-threading is considered
Could you use --eval for this instead?
On Wed, Sep 16, 2015 at 10:17 AM, Vincent Malguy wrote:
> Hi,
>
> I am new to tamper scripts and I have to forge some custom headers to pass
> a API authentication.
> I need to get the http METHOD (get, post …) use by the next sqlmap
> resquest and the exac
;t realise sqlmap would try this, I thought it required a UNION-based
detection before trying. I can play around with this.
>
> Thoughts?
>
> Kind regards
>
> On Fri, Sep 11, 2015 at 8:43 PM, Brandon Perry
> wrote:
>
>> I have had this idea for a while, and
> On Sep 13, 2015, at 8:35 PM, Brandon Perry wrote:
>
>
>> On Sep 13, 2015, at 8:30 PM, Johnathon Doe > <mailto:hood3dro...@gmail.com>> wrote:
>>
>> Sounds cool, but kind of an edge case. I'm just interested to understand
>> more if you don
nd --technique=T does it work to identify
> the time based injection (i.e. ./sqpmap.py --url http//somesite.com/
> <http://somesite.com/> --data 'bar=foo"+union+select+null,null,null,null*'
> --technique=T --banner)?
This was by hand.
>
> On Fri, Sep 11, 2015 at
I have had this idea for a while, and I finally came across an injection
that this was useful for me.
Due to logic in the application, a generic UNION tacked on the end of the
query doesn't work.
However, a payload of:
blah=foo"+union+select+null,null,null,null,sleep(5)--%20
does result in a re
That might be a bug, not sure.
On Wed, Aug 19, 2015 at 1:04 PM, Guilherme Scombatti wrote:
> Same result: [18:03:21] [CRITICAL] invalid target URL
>
> On Wed, Aug 19, 2015 at 3:00 PM, Brandon Perry
> wrote:
>
>> Yes, \!
>>
>> On Wed, Aug 19, 2015 at 12:58 PM, G
Yes, \!
On Wed, Aug 19, 2015 at 12:58 PM, Guilherme Scombatti <
guiscomba...@gmail.com> wrote:
> with single quotes the result is:
> [17:54:41] [CRITICAL] invalid target URL
>
> how I escape? \ ?
>
> On Wed, Aug 19, 2015 at 2:55 PM, Brandon Perry
> wrote:
>
&
"; -p pg --level=5 --risk=3
> --dbms=oracle --dbs
> *-bash: !PKG_ZP?pg=1: event not found*
> [ec2-user@ip sqlmap-master]$
>
>
> On Wed, Aug 19, 2015 at 2:47 PM, Brandon Perry
> wrote:
>
>> Use single quotes or escape it.
>>
>> On Wed, Aug 19, 2015 at 1
Use single quotes or escape it.
On Wed, Aug 19, 2015 at 12:42 PM, Guilherme Scombatti <
guiscomba...@gmail.com> wrote:
> Hi,
>
> I'm having a problem. I have this url: http://site.com:8081/evsys/*!*
> PKG_ZP?pg=1&pi=S
>
> When I execute sqlmap in this url the return is:
> -bash: !PKG_ZP?pg=1: eve
t URL is stable",
> "level": "INFO",
> "time": "14:14:53"
> },
> {
> "message": "target URL is stable",
> "level": "INFO",
>
You can drive sqlmap via the REST API. in the root of the project is a
sqlmapapi.py file which starts a web server.
You can create any content you need, then pass the request which you want
to fuzz to sqlmap via the API to get results.
On Tue, Aug 11, 2015 at 9:13 AM, Vojtěch Polášek wrote:
> G
Oh shit I should have read the email more carefully. Testenv, not sqlmap.
Ignore me.
Sent from a phone
> On Jul 22, 2015, at 9:07 AM, Miroslav Stampar
> wrote:
>
> Hi.
>
> No, but if someone is interested to do it we would be more than happy to
> accept/use it.
>
> Kind regards,
> Miroslav
Iirc Kali has docker images and ships with sqlmap
Sent from a phone
> On Jul 22, 2015, at 9:07 AM, Miroslav Stampar
> wrote:
>
> Hi.
>
> No, but if someone is interested to do it we would be more than happy to
> accept/use it.
>
> Kind regards,
> Miroslav Stampar
>
>> On Wed, Jul 22, 2015
--file-write allows you to write a file, and has the ability to check if
the file was written by testing the size of the file to the file locally
you have written to ensure it was written ~correctly.
On Wed, Jul 1, 2015 at 10:02 AM, Peter Laboratra
wrote:
> Hi All,
>
> Need help in uploading a n
ideas?
>
> Kind regards,
> Guo
>
>
> 发件人: Brandon Perry [mailto:bperry.volat...@gmail.com]
> 发送时间: 2015年6月12日 21:37
> 收件人: guoyangjuan
> 抄送: sqlmap-users@lists.sourceforge.net; Longxiang
> 主题: Re: [sqlmap-users] Cannot identify JSON parameters
>
> --data="{&qu
--data="{"apn":"requestApn","language":"zh_CN"}"
That is not the correct way to specify JSON, should use outer single quotes.
--data='{"apn":"requestApn","language":"zh_CN"}'
On Fri, Jun 12, 2015 at 4:29 AM, guoyangjuan wrote:
> Hi,
>
>
>
> I'm using sqlmap/1.0-dev-nongit-20150608 to test the
That could work.
On Thu, May 28, 2015 at 2:24 PM, Chris Oakley
wrote:
> "Flex is hard because you have to update the integer that tells flex how
> long a string is"
>
> It might be possible to address this with the --eval option
>
> On 28 May 2015 at 14:59, Brando
with different sized usernames to find the
integer that you will need to manipulate during exploitation.
On Thu, May 28, 2015 at 1:59 PM, Brandon Perry
wrote:
> Flex is hard because you have to update the integer that tells flex how
> long a string is, unless I am mistaken.
>
> If n
Flex is hard because you have to update the integer that tells flex how
long a string is, unless I am mistaken.
If not, you could try with the * marker to tell sqlmap exactly where the
injection point is.
On Thu, May 28, 2015 at 1:21 PM, Christopher Downs <
chris.do...@chromeriver.com> wrote:
>
Also, when testing, ensure a space is following the comment directly,
otherwise the comment syntax will be malformed. You are testing against a
mssql db, so I think the valid comment syntax will be --
On Tue, Apr 28, 2015 at 9:07 AM, Brandon Perry
wrote:
> Technically, it shouldn't*
&g
Technically, it shouldn't*
On Tue, Apr 28, 2015 at 9:07 AM, Brandon Perry
wrote:
> The injections I see like those are all suffixed with the start of a
> comment (# or --). So, technically it should matter if single quotes are
> used in the latter part of the boolean clause.
&g
eturns response A)
> PackageSelection' AND '1'='2 (returns response B)
>
> In a nutshell, it doesn't appear to be trying single quotes and values
> in the ' AND '1'='1 pattern. But i would have thought this is a pretty
> typical format for
It's a GET, so there wouldn't be a content type, unless I am mistaken.
Alistair, have you tried --risk=3 with --level=5 yet?
Sent from a phone
> On Apr 28, 2015, at 7:13 AM, Miroslav Stampar
> wrote:
>
> Can you please send the unredacted content of request.txt to my address?
>
> If not, th
ameter used to hold anti-CSRF token
> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
>
> In case the csrf token needs to be refreshed for each injection (when
> injecting into forms and other typical POST injections and such).
>
> On Mon, Apr 20, 2015 at 1:22
However, that being said, I have run into this before and had to write my
own exploits to fully exploit the vulnerability.
On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry
wrote:
> There is a second order parameter, it could be used to perform this. It
> would be requested after ever in
There is a second order parameter, it could be used to perform this. It
would be requested after ever injected request were sent.
On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek wrote:
> Greetings,
> I am testing an application which I suspect to log me out if I don't
> send certain post reques
Looks like someone typoed 'utf-8'...
On Mon, Mar 23, 2015 at 9:04 PM, Connor . wrote:
> [21:50:23] [WARNING] unknown web page charset 'urf-8'. Please report by
> e-mail t
> o sqlmap-users@lists.sourceforge.net .
>
>
> --
[skipUrlEncode] =>
>> [referer] =>
>> [liveTest] =>
>> [purgeOutput] =>
>> [retries] => 3
>> [authPrivate] =>
>> [extensiveFp] =>
>> [dumpT
Can you set the proxy argument to go through burp suite to see exactly what
sqlmap is sending when those options are set?
Sent from a phone
> On Mar 2, 2015, at 6:21 PM, Johnathon Doe wrote:
>
> I am working on PHP front-end to leverage the REST API to drive
> functionality, having some issue
--+
> | id | name | surname |
> ++----+-+
> | 1 | luther | blissett|
> | 2 | fluffy | bunny |
> | 3 | wu | ming|
>
perfectly valid 0x7474747474, while in
> case of False its called with errorneous regexp 0x28 ('parentheses not
> balanced').
>
> Bye
>
>> On Sat, Feb 21, 2015 at 8:21 PM, Brandon Perry
>> wrote:
>> Have an injection that I can use RLIKE to induce a
Have an injection that I can use RLIKE to induce a 500 error, but it only works
in some circumstances. Enumerating the DATABASE() value works, as well as the
current user, but enumerating values from the database tables fails. Even as
root on the box, the RLIKE query fails to throw an exception
to achieve. I would suggest
> you to find one working UNION payload and report back.
>
> Bye
>
> On Mon, Feb 9, 2015 at 12:08 AM, Brandon Perry
> wrote:
>
>> The application could be requiring one of the columns to be in a certain
>> format (perhaps a date, or seri
The application could be requiring one of the columns to be in a certain
format (perhaps a date, or serialized object) in order to be brought to the
UI. Just sending and int/string or a NULL causes the SQL query to succeed,
but the app throws an error due to the data not being formatted as expected
Only if you aren't using a time based payload
Sent from a phone
> On Feb 4, 2015, at 14:25, a dehqan wrote:
>
> Hi
>
> Can we use Thread witch while dumping database ?
>
> I mean it an be the only way to have faster dump ?
>
> Regards
> --
>
> On Wed, Feb 4, 2015 at 6:53 PM, is2reg wrote:
>
>> try --sql-shell
>>
>> 2015-02-04
>> --
>> is2reg
>> --
>> *发件人:*a dehqan
>> *发送时间:*2015-02-04 23:20
>> *主题:*Re: [sqlm
hread or any other option to make it faster ?
>>
>> On Wed, Feb 4, 2015 at 6:45 PM, Brandon Perry
>> wrote:
>>
>>> --dump then grep?
>>>
>>>
>>> On Wed, Feb 4, 2015 at 9:11 AM, a dehqan wrote:
>>>
>>>> Hi
>>&
--dump then grep?
On Wed, Feb 4, 2015 at 9:11 AM, a dehqan wrote:
> Hi
>
> Guys , is there any way to search based on fileds value on sqlmap ?
>
> for exmample how to search in all databases for column with value of
> 1232434345 ?
>
>
> Regards
>
>
>
Works like a charm, man. Thanks a bunch. :)
On Mon, Feb 2, 2015 at 3:17 PM, Brandon Perry
wrote:
> Trying now.
>
> On Mon, Feb 2, 2015 at 3:07 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Fixed. Please update to the latest revision to have it patc
Trying now.
On Mon, Feb 2, 2015 at 3:07 PM, Miroslav Stampar wrote:
> Fixed. Please update to the latest revision to have it patched.
>
> Bye
>
> On Mon, Feb 2, 2015 at 9:45 PM, Brandon Perry
> wrote:
>
>> I think it has to do with Accept specifically.
>>
>
working on privately in my free time, so
willing to send any traffic information/commands off list.
On Mon, Feb 2, 2015 at 2:30 PM, Brandon Perry
wrote:
> Ah! Let me try.
>
> On Mon, Feb 2, 2015 at 2:29 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> --
; Bye
>
> On Mon, Feb 2, 2015 at 6:33 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> I'll take a look in couple of hours and let you know.
>>
>> Bye
>> On Feb 1, 2015 4:27 PM, "Brandon Perry"
>> wrote:
>>
>>
Hello!
I am attempting to override the Accept header with Accept: application/json
(currently is text/html).
When I use -r, I don't have a problem, but wanting to specify a single
command instead of command + request to reproduce. Using --headers='Accept:
application/json' doesn't override the de
Could try —prefix=“where “ although %23 is a hex encoded #.
> On Dec 28, 2014, at 12:07 PM, is2reg wrote:
>
> Hi,
> the payload is :
>
> %20where%201=2%20UNION%20SELECT%201,2,3,4,5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%23
>
> Can't replace "where" with "and", and c
efix is for)
Thanks!
On Mon, Dec 15, 2014 at 2:39 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
>
> Looking into traffic file I don't see "obvious" trails of SQLi. If you are
> satisfied with your findings I won't look any further.
>
> By
_deleted '
The only problem is that the union-char is 'f', when I was hoping it would
be 0x66. When I capture the request and replace 'f' with 0x66, the
injection works. Looks like ' is a bad char.
On Mon, Dec 15, 2014 at 11:29 AM, Brandon Perry
wrote:
>
&g
y: Apache 2.4.7, PHP 5.5.9
back-end DBMS: MySQL >= 5.0.0
[09:55:03] [INFO] fetched data logged to text files under
'/home/bperry/.sqlmap/output/172.31.16.26'
[*] shutting down at 09:55:03
bperry@ubuntu:~/tools/sqlmap$
On Mon, Dec 15, 2014 at 11:46 AM, Brandon Perry
wrote:
>
> Sor
x66647361 LIMIT
1,1#&mid=1
1[split]fdsa[split]in_deleted UNION ALL SELECT 0x66647361 LIMIT 1,1#[split]
Hope this helps.
On Mon, Dec 15, 2014 at 11:01 AM, Brandon Perry
wrote:
>
> Here is the console output. Attached is the traffic log in a zip:
>
> bperry@ubuntu:~/tools/sqlmap$ ./
Hello!
Playing around with the following vulnerabivlity:
http://www.exploit-db.com/exploits/35505/
Using a payload such as 'action=getMailMessage&tray=in_deleted = 1 UNION
(SELECT user_pass FROM wp_users WHERE ID=1) LIMIT 1, 1 -- &mid=1' does
result in a response from the server with the hash o
Open up a netcat listener and make xp_cmdshell telnet into it as a test.
On Sunday, December 7, 2014, Rodrigo Zanatta Silva <
rodrigozanattasi...@gmail.com> wrote:
> yeah... but... What I did make sense? I tested and for any value it only
> delay for the else value.
>
> I can't read any file unti
I have actually worked around this with some burp suite trickery (rewriting
http verb) and using --proxy with sqlmap... Not ideal.
Sent from a computer
> On Nov 18, 2014, at 8:45 PM, Travis Altman wrote:
>
> Is there anyway to supply another http method besides get or post? I have an
> app t
Nope, shouldn't have anything to do with it. How do you know it is exploitable?
You also haven't tried upping the level with --level=5 which is different from
risk
Sent from a computer
> On Oct 25, 2014, at 1:41 AM, a dehqan wrote:
>
> Hi
>
>
> Thanks;
>
> Yes of course it's exploitable .
I have had this happen when an ORDER BY is usable, and the results of the
ORDER BY differed from one injection to the next over a period of a few
days.
On Sun, Aug 17, 2014 at 8:48 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi.
>
> Entries are resumed one by one as they are stor
Can you write to /tmp?
Pick a directory you KNOW you should be able to write to, and ensure you
can write to that first.
Also, maybe SELinux/AppArmor are getting in the way.
On Fri, Aug 15, 2014 at 9:52 AM, Omara wrote:
> Brandon Perry writes:
>
> >
> >
> &g
ely easier than figuring out
what your permissions really should be.
On Thu, Aug 14, 2014 at 10:34 PM, M Omara wrote:
> Brandon Perry writes:
>
> >
> >
> > Does the mysql user have write permissions on the web server? A properly
> configured web server where chown www-
Could you use the --eval on the param that is injectable and replace FROM
with from?
On Fri, Aug 15, 2014 at 1:20 AM, Michael Bachmann
wrote:
> Hi Community
>
> I got a special case where i need to change the upper-case "FROM" to the
> lower-case "from" in the payload to evade the filter. So i
Does the mysql user have write permissions on the web server? A properly
configured web server where chown www-data:www-data was done, as opposed to
chmod 777 on the web dir, which is an improper configuration, will not
allow the mysql user to write to the web root.
On Wed, Aug 13, 2014 at 6:47
I am not sure if sqlmap is capable of this, but I have found inserting the
filtered character in the middle of its hex-encoded counterpart (in your
case %2.E for instance) can bypass similar filters.
This only works if the param is url-decoded after the filter is performed
on the string.
On Sun,
Looks like a permissions issue on the filesystem, not an issue with sqlmap,
no?
OSError: [Errno 13] Permission denied: '/usr/share/sqlmap/output'
On Sun, Aug 3, 2014 at 5:51 AM, Santhosh Kumar wrote:
> pls help me to solve this problemunhandled exception in sqlmap
> Add star Santhosh Kum
There is a root MySQL user that is disparate from the root system user.
On Tue, Jul 22, 2014 at 4:53 AM, Sharma, Vivek
wrote:
> Hi All,
>
>
>
> While trying out the sql shell option, I saw that sql-map spawns a
> sql-shell for me, great!
>
>
>
> The vulnerable application was running on a low
How many threads are you using? Maybe just use a single one?
On Wed, Jul 9, 2014 at 10:32 AM, Matthew H wrote:
> Hi,
>
> I'm working on a Oracle target when I get select query result or dump
> something the order of columns are not in same order, I got a schema also
> but each is different.
>
>
Are you on the same version?
Sent from a computer
> On Jun 23, 2014, at 10:55 AM, "Buttbuddiie ." wrote:
>
> So I came across an annoying problem. There was a database with 10k users. I
> can only dump 500 of those users on windows using Python 2.7 newest version.
> My friend however who is o
I was also able to shave off about 100 bytes using --remove-section=.note
and --remove-section=.comment as arguments to strip FWIW.
On Sat, Jun 21, 2014 at 1:25 PM, Brandon Perry
wrote:
> So, attempting to compile the 64-bit UDF for pgsql 9.1, my shared lib is
> coming up greater tha
gt; Bernardo
>
>
> On Thursday, June 19, 2014, Brandon Perry
> wrote:
>
>> So, reading the source for the pgsql udf here:
>>
>>
>> https://github.com/sqlmapproject/udfhack/blob/master/linux/64/lib_postgresqludf_sys/lib_postgresqludf_sys.c
>>
>> I
://www.akkadia.org/drepper/selinux-mem.html
I am going to pull down the udfhack code and try it in a CentOS VM with
SELinux enabled and see what happens. If it performs how I expect, would
this be a useful addition to the UDF?
On Tue, Jun 17, 2014 at 2:22 PM, Brandon Perry
wrote:
> Hey Berna
Hey Bernardo,
Any update to this?
On Sat, Jun 14, 2014 at 4:16 AM, Bernardo Damele A. G. <
bernardo.dam...@gmail.com> wrote:
> I will be fixing this shortly.
>
> Bernardo
>
>
> On Saturday, June 14, 2014, Brandon Perry
> wrote:
>
>> Hello!
>>
>&
Hello!
I have run into a small issue, it seems that the 9.1 pgsql udf wasn't
compiled/checked into source control.
brandons-imac:sqlmap bperry$ find . | grep postgresqludf
./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
./udf/postgresq
Increase your --risk to 3. OR payloads aren't run on the default risk level
IIRC.
Sent from a computer
> On Jun 11, 2014, at 3:29 PM, Gordon Madarm wrote:
>
> I've never been very successful using sqlmap, perhaps someone can help point
> out what I'm missing. For example, when using IBM's int
my mind ;)
>
> Kind regards,
> Miroslav Stampar
>
> [1] https://github.com/sqlmapproject/sqlmap/issues/431
>
>
> On Tue, Apr 15, 2014 at 2:53 AM, Brandon Perry
> wrote:
>
>> Looking in lib/core/option.py it seems to parsing the correct header fwiw.
>>
>
Looking in lib/core/option.py it seems to parsing the correct header fwiw.
On Mon, Apr 14, 2014 at 7:44 PM, Brandon Perry wrote:
> Hey!
>
> I have a PUT request in a file, passing it to sqlmap with -r, but sqlmap
> is POSTing the data, and that verb isn't allowed. :( Curre
Hey!
I have a PUT request in a file, passing it to sqlmap with -r, but sqlmap is
POSTing the data, and that verb isn't allowed. :( Currently on latest. I
confirmed this by proxying through burp suite and seeing it was a POST.
Would it help if I provided the request I am making?
--
http://volati
Specify an absolute path to the request file.
On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit wrote:
> hello all,
> im getting this error while running the sqlmap with following request
> file. the error displays "parsing HTTP request from
> 'payment_form_submit.txt'
> [04:22:54] [CRITICAL] the sp
com> wrote:
> Always happy when issues are resolved by themselves :)
>
> Bye
>
>
> On Sun, Mar 30, 2014 at 4:01 PM, Brandon Perry
> wrote:
>
>> Oh, it looks like I am an idiot, this was supposed to be over SSL, but I
>> was not passing --force-ssl.
>>
Oh, it looks like I am an idiot, this was supposed to be over SSL, but I
was not passing --force-ssl.
Sorry for the spam.
On Sun, Mar 30, 2014 at 8:49 AM, Brandon Perry wrote:
> FWIW --parse-errors also doesn't seem to affect the output during a scan
> on the URL.
>
>
> On
1 - 100 of 149 matches
Mail list logo
