sqlmap says that integer casting is probable, hence to not expect SQLi
findings. Integer casting is an usual way how to fight SQLi.
Bye
On Feb 22, 2016 16:40, "aurel labroue" wrote:
> Hi,
> I'm trying to run nmap on the Blind SQL challenge from DVWA website (lvl
> low), and i get this error that
Hi
This time I tried --flush-session as well and now it is showing that the
parameter is not injectable; however when I'm using old session with (-s
old_sessionfile.sqlite) it is not showing this.
Observed similar issue when few days back I tried to sqlinject same
vulnerable parameter using sqlma
In your case, 404 is indication that file has not been found in the
expected place.
Now I see that the temporary file path is not being "refreshed" by the
--fresh-queries. Please rerun the whole case with the --flush-session
Bye
p.s. in your case sqlmap tried to upload the file to the trashy loc
Hi,
Thanks for your reply.
This time I tried with --fresh-queries without specific --techniques.
why am I getting error "page not found (404)" again and again? Does it
indicate that file is being written but is deleted by Anti-Virus control or
something and that's why while calling the uploaded f
Hi.
1) First of all, please don't restrain sqlmap to only use "stacked" SQLi.
That way you'll kill the possibility to get perfectly valid results with
other techniques
2) In current state, you've got some "trashy" characters (because of
combination of laggy connection and stacked SQLi), like: "D:/
Hi Alex.
This looks like you had some disk IO issue. Are you able to reproduce this?
Kind regards,
Miroslav Stampar
On Fri, Jul 11, 2014 at 3:46 AM, Alex Gerth wrote:
> sqlmap version: 1.0-dev
> Python version: 2.7.3
> Operating system: posix
> Command line: ./sqlmap -u **
Hi.
Thank you for your report and find it fixed now.
Bye
On Tue, May 13, 2014 at 12:57 PM, kifo wrote:
> In --os-shell, check php(4) , check custom location(2) and not write
> nothing and push intro.
>
> This is the error:
>
>
> [06:53:20] [INFO] the back-end DBMS is MySQL
> web server opera
Hi.
Thank you for your report. It should be patched now.
Kind regards,
Miroslav Stampar
On Fri, May 9, 2014 at 8:12 PM, wrote:
> [20:09:37] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your
> run with the latest development version from the GitH
> ub repository. If the exception pe
With sqlmap you can try --file-write. If that doesn't work Google for other
methods.
Bye
On Apr 30, 2014 11:53 AM, "Sabin Ranjit" wrote:
> how can i do it in MySQL then? I have current-user and password retrieved.
>
> thanks.
>
>
> On Tue, Apr 29, 2014 at 9:13 PM, Miroslav Stampar <
> miroslav.s
how can i do it in MySQL then? I have current-user and password retrieved.
thanks.
On Tue, Apr 29, 2014 at 9:13 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> As the error suggests, you are limited to only regular queries. In your
> case, you are using INTO. That requires stacked
As the error suggests, you are limited to only regular queries. In your
case, you are using INTO. That requires stacked queries, usually not
available in MySQL.
Bye
On Apr 29, 2014 12:06 PM, "Sabin Ranjit" wrote:
> hi,
> im getting the error like this when i try to upload a hex in the sql-shel
hi Miroslav,
the work around from Brandon did work. I faced this in the latest kali 1.06
and also in the case of window 8.
thanks for your reply. :)
regards,
sabin
On Mon, Apr 7, 2014 at 11:28 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi.
>
> This seems to be a known issue in
Hi.
This seems to be a known issue in Kali's (and similar) pre-installed sqlmap
package.
If this work around from Brandon doesn't work out for you please copy the
request.txt to the /tmp directory and checkout/run the latest revision like
described here:
1) cd /tmp
2) git clone https://github.co
Specify an absolute path to the request file.
On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit wrote:
> hello all,
> im getting this error while running the sqlmap with following request
> file. the error displays "parsing HTTP request from
> 'payment_form_submit.txt'
> [04:22:54] [CRITICAL] the sp
Hi.
Please remove the sqlmap directory and retrieve it with:
git clone https://github.com/sqlmapproject/sqlmap.git
Kind regards,
Miroslav Stampar
On Mon, Sep 2, 2013 at 3:49 AM, Jeff Samuel wrote:
> Hi, when running sqlmap –update i´m getting the following error:
>
> ** **
>
> (btw, I´m
r, and is precisely this function that
> is making the injection a false positive, I think. I thought enough of
> something to get around it, including, I believe, some to use this form of
> defense against sql injection.
>
> ----------
> Date: Wed, 12 J
about the target.
Kind regards,
Miroslav Stampar
On Jun 12, 2013 9:13 PM, "Jonatah Romero" wrote:
It is a false positive because of filters sanitize, or some function decode ()
making sure the ID explicitly safe? Or some other reason?
Date: Wed, 12 Jun 2013 06:02:23 +0200
Subjec
lters sanitize, or some function
> decode () making sure the ID explicitly safe? Or some other reason?
>
> --
> Date: Wed, 12 Jun 2013 06:02:23 +0200
> Subject: Re: [sqlmap-users] error or bug
> From: miroslav.stam...@gmail.com
> To: j
It is a false positive because of filters sanitize, or some function decode ()
making sure the ID explicitly safe? Or some other reason?
Date: Wed, 12 Jun 2013 06:02:23 +0200
Subject: Re: [sqlmap-users] error or bug
From: miroslav.stam...@gmail.com
To: jonatah-rom...@hotmail.com
CC: sqlmap-users
Hi.
It's a false positive.
Kind regards,
Miroslav Stampar
On Jun 12, 2013 2:42 AM, "Jonatah Romero"
wrote:
> Hello guys, i made 3 attempts injection, all 3 have unequal information,
> one said there was no injection, the other said through heuristics to be
> Firebird DBMS, and the DBMS be anoth
Hi.
Problem found and "patched". Please update to the latest revision and retry
it again (preferably with --flush-session or at least --fresh-queries).
Kind regards,
Miroslav Stampar
On Mon, Apr 1, 2013 at 7:57 PM, Gerardo Iglesias Galvan wrote:
> When trying to enumerate columns names from a
Hi Florian.
Thank you for your report. It should be ok now.
Bye
On Fri, Jan 25, 2013 at 2:45 AM, Florian Strankowski wrote:
> sqlmap version: 1.0-dev-aed833c
> Python version: 2.6.6
> Operating system: posix
> Command line: ./sqlmap.py -u *
> --headers=x
Hi.
You are using fairly outdated version. Please update to the latest revision
and retry it again. You can visit our official homepage at
http://sqlmap.org/ and read under "Download" section for more instructions.
Kind regards,
Miroslav Stampar
On Sat, Oct 27, 2012 at 9:09 AM, Võ Hoàng Bảo Ngọc
Hi Joshua.
This was fixed yesterday [1]. Please update to the latest revision and try
it again.
Kind regards,
Miroslav Stampar
[1] https://github.com/sqlmapproject/sqlmap/issues/214
On Wed, Oct 24, 2012 at 7:36 AM, Joshua Rogers wrote:
> [16:35:30] [CRITICAL] unhandled exception in sqlmap/1.0
You may just rm -rf sqlmap and reclone. :-\
On Jul 13, 2012 11:32 AM, "Iago Sousa" <146050...@gmail.com> wrote:
> Git shows the same error.
>
> On Fri, Jul 13, 2012 at 3:24 PM, Brandon Perry
> wrote:
>
>> Now run git pull
>> On Jul 13, 2012 11:23 AM, "Iago Sousa" <146050...@gmail.com> wrote:
>>
>
Git shows the same error.
On Fri, Jul 13, 2012 at 3:24 PM, Brandon Perry wrote:
> Now run git pull
> On Jul 13, 2012 11:23 AM, "Iago Sousa" <146050...@gmail.com> wrote:
>
>> I think my git is crazy.
>>
>> root@bt:/pentest/database/sqlmap# git reset --hard HEAD
>> HEAD is now at 25eca9d finally go
Now run git pull
On Jul 13, 2012 11:23 AM, "Iago Sousa" <146050...@gmail.com> wrote:
> I think my git is crazy.
>
> root@bt:/pentest/database/sqlmap# git reset --hard HEAD
> HEAD is now at 25eca9d finally got this working on MSSQL 2005: commands
> can now be executed as another user (BULK INSERT m
I think my git is crazy.
root@bt:/pentest/database/sqlmap# git reset --hard HEAD
HEAD is now at 25eca9d finally got this working on MSSQL 2005: commands can
now be executed as another user (BULK INSERT must be used in such case, see
comments in the code) - issue #34
On Fri, Jul 13, 2012 at 3:16 P
If you haven't made any changes to the source, you can git reset --hard HEAD
On Jul 13, 2012 11:12 AM, "Iago Sousa" <146050...@gmail.com> wrote:
> Yes, "Already on 'master'" show me when I put -f.
>
> On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> But
Yes, "Already on 'master'" show me when I put -f.
On Fri, Jul 13, 2012 at 3:00 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> But have you tried with -f?
> On Jul 13, 2012 7:51 PM, "Iago Sousa" <146050...@gmail.com> wrote:
>
>> Already on 'master'
>> Your branch is behind 'origin/mas
But have you tried with -f?
On Jul 13, 2012 7:51 PM, "Iago Sousa" <146050...@gmail.com> wrote:
> Already on 'master'
> Your branch is behind 'origin/master' by 79 commits, and can be
> fast-forwarded.
>
> On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>>
Already on 'master'
Your branch is behind 'origin/master' by 79 commits, and can be
fast-forwarded.
On Fri, Jul 13, 2012 at 2:47 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi Iago.
>
> Try with:
> git checkout -f master
>
> Kind regards,
> Miroslav Stampar
>
> On Fri, Jul 13, 201
Hi Iago.
Try with:
git checkout -f master
Kind regards,
Miroslav Stampar
On Fri, Jul 13, 2012 at 7:43 PM, Iago Sousa <146050...@gmail.com> wrote:
> I receive that error when I try to update with 'git pull'.
>
> error: Untracked working tree file 'extra/ansistrm/__init__.py' would be
> overwritt
Hi Bernado.
It's working well, you hear an error when I send to support.
Thank you very much.
> Date: Tue, 3 Jul 2012 10:53:05 +0100
> Subject: Re: [sqlmap-users] ERROR SQLMAPge
> From: bernardo.dam...@gmail.com
> To: diego_backtr...@hotmail.com
> CC: sqlmap-users@lists.sourc
Hi Diego,
Can you please rerun your command using sqlmap latest development
version from Git[1]?
If the bug persists, let us know.
[1] https://github.com/sqlmapproject/sqlmap
Cheers,
Bernardo
On 30 June 2012 07:20, diego system wrote:
> Dear.
>
> I have a doubt time to do an audit the followi
lect @@version.
>
> now question is how do i embed a string inside another string delimited
> with quotes? Looks like double quotes is not working.doubling quote ''
> looks like not working always
>
> --
> *From:* Adi Mutu
> *To
@@version; master..sp_configure ''xp_cmdshell'',1
Any possibility to give the string from ascii codes as in mysql?
From: Miroslav Stampar
To: Adi Mutu
Cc: "sqlmap-users@lists.sourceforge.net"
Sent: Thursday, June 21, 201
r:
>
> OLE DB error trace [Non-interface error: OLE DB provider unable to process
> object, since the object has no columnsProviderName='SQLOLEDB', Query=exec
> sp_addextendedproc "xp_cmdshell","xp_log70.dll" '].
>
>
> --
Thursday, June 21, 2012 11:45 AM
Subject: Re: [sqlmap-users] error with ms sql
tried, same stuff.
I've tried to reenable xp_cmdshell first with
master..sp_configure 'show advanced options',1
reconfigure
master..sp_configure 'xp_cmdshell',1
reconfigure
and got the
#x27;, Query=exec sp_addextendedproc
"xp_cmdshell","xp_log70.dll" '].
From: Miroslav Stampar
To: Adi Mutu
Cc: "sqlmap-users@lists.sourceforge.net"
Sent: Thursday, June 21, 2012 11:26 AM
Subject: Re: [sqlmap-users] error with ms sql
try with master..
the same
> error.
>
> Kind Regards,
> A.
>
> --
> *From:* Miroslav Stampar
> *To:* Adi Mutu
> *Cc:* "sqlmap-users@lists.sourceforge.net" <
> sqlmap-users@lists.sourceforge.net>
> *Sent:* Thursday, June 21, 2012 11:11 AM
&g
Hi Miroslav,
got db_name master and tried with master.resultabcd but i get the same error.
Kind Regards,
A.
From: Miroslav Stampar
To: Adi Mutu
Cc: "sqlmap-users@lists.sourceforge.net"
Sent: Thursday, June 21, 2012 11:11 AM
Subject: Re: [sq
p.s. find the current database name and prepend to the resultbcd (e.g.
'SELECT output FROM currentdb.resultbcd')
p.p.s. SELECT DB_NAME() <- should work for retrieving current db name via
that OPENROWSET
On Thu, Jun 21, 2012 at 10:11 AM, Miroslav Stampar <
miroslav.stam...@gmail.com
Hi Adi.
You could try prepending the database name to the resultbcd. It seems that
in case of linked server(s) doing that fixes the mentioned problem
(Reference:
http://cadarsh.blogspot.com/2011/02/deferred-prepare-could-not-be-completed.html?showComment=1336571978284#c7393130515903351466
)
Kind
Hi Nico.
Please update to the latest revision (v1.0-dev r5111) from our repository
to have it fixed and up to date (you are currently using pretty outdated
version):
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
Kind regards,
Miroslav Stampar
On Wed, Jun 6, 2012 at 9:07 AM,
Hi godjil.
Thank you for your report. It has been fixed yesterday as it has been
reported by other user too.
Kind regards,
Miroslav Stampar
On Sat, Feb 11, 2012 at 10:50 AM, godjil wrote:
> [13:48:38] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4739),
> retry your run with the latest de
Hi Iago.
This is a clearly "only Python 3" version of pymsql you are using.
If you go to:
https://github.com/petehunt/PyMySQL/blob/master/pymysql/connections.pyyou'll
see that there "import ConfigParser" is used which is compatible
with required Python v2.
This whole mess is a result of "The Con
It looks to me like a network connection problem. The SVN server is up to me.
Bernardo
On 6 January 2012 16:23, ryan cartner wrote:
> sqlmap version: 1.0-dev (r4009)
> Python version: 2.6.5
> Operating system: posix
> Command line: sqlmap.py --update
> Technique: None
> Back-end DBMS: None (ide
Jacco,
This has been fixed a few weeks ago.
Thanks for reporting.
Bernardo
On 8 December 2011 12:56, Jacco van Tuijl wrote:
> running sqlmap in backtrack 5 it gives me the following error:
>
> sqlmap version: 1.0-dev (r4577)
> Python version: 2.6.5
> Operating system: posix
> Command line: sql
Hi,
try the following command before executing the update
$ svn cleanup
Regards,
Duarte Silva
On Saturday 31 December 2011 18:27:49 IRC Boy wrote:
> hey , i got some error. :
>
>
>
>
> root@bt:# ./sqlmap.py --update
>
> sqlmap/1.0-dev (r4009) - automatic SQL injection and database take
Hi.
Find it fixed in the latest commit. There shouldn't be such large session
files in future.
Now, please before you try it again just do the following (just strip the
rest after for example first 20 lines from the original session file):
head -20 > tmp
mv tmp
Kind regards,
Miroslav Stampar
Hi.
This is odd ass now SQLite is used for SQL responses. Could.you please take
a look into it (at least 'tail' of it) and report what's stored inside?
Kind regards
On Dec 10, 2011 2:14 PM, "CoeTs7" wrote:
> hi, veryone:
> first thanks for the improvement the dev team have done. Again i met
>
Hi Liang.
First of all please update to the latest v1.0-dev from our repository
to have it up to date:
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
Second of all, in those kind of cases, where you have connection
timeouts FIRST THING you start the sqlmap, and you are absolut
hi Olu.
thank you for your report and find it fixed in the latest commit.
kind regards,
Miroslav Stampar
On Sat, Sep 24, 2011 at 10:14 PM, Oluseyi Akindeinde
wrote:
> Hi,
>
> Just received this error trying to dump a sybase db.
>
> 21:13:02] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r43
hi.
this should be fixed for some time in latest v1.0-dev in our SVN repository.
please do the:
$ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev
to have it up to date.
kind regards,
Miroslav Stampar
On Thu, Sep 22, 2011 at 11:28 AM, le ha thanh wrote:
> Hi,
> I were using
Hi Brad,
Please find it fixed now.
Thanks for reporting.
Bernardo
On 2 August 2011 04:11, Brad Merrell wrote:
> [WARNING] unknown charset 'th'. Please report by e-mail to
> sqlmap-users@lists.sourceforge.net.
>
> Website: http://www.dutchiefanclub.com/newsdetail.php?id=66
> ---
Hi Alessio,
This should be fixed now.
Thanks for reporting.
Bernardo
On 1 August 2011 14:03, Alessio Dalla Piazza
wrote:
> Hi :)
> Thanks for adding my name in doc/THANKS :)
>
> The latest error is correct but in dump db i have another error:
>
> [14:59:06] [INFO] fetching entries for table '*
hi Alessio.
it should be fixed with the latest commit. thank you for your report.
kr
On Mon, Aug 1, 2011 at 11:57 AM, Alessio Dalla Piazza
wrote:
>
> Hello :D
> I have latest svn revision of sqlmap but i have an error:
>
> [11:55:51] [INFO] the back-end DBMS is Microsoft Access
> web server ope
hi Gianluca.
to be honest, i am getting pissed at multiprocessing library more and more :).
i didn't know that they have problems with MacOSX and FreeBSD until
recently (including this error report).
please update to the latest revision (commited few secs ago) and try to rerun.
kr
On Wed, Jul
hi Kirill.
Thank you for your report and find it fixed in the last commit.
Kr
On Tue, Jun 7, 2011 at 12:47 AM, Kirill Morozov wrote:
>
> [02:45:36] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4027), retry
> your run with the latest development version from the Subversion repository.
> If
hi Devon.
could you please try to update to the latest revision and report back?
i believe i've found the faulty part.
kr
On Sun, May 15, 2011 at 10:53 PM, Devon Mitchell
wrote:
> I've been having a lot of these recently:
> sqlmap version: 1.0-dev (r3893)
> Python version: 2.7.1+
> Operating sy
hi Jacco.
could you please retry with the latest revision and report back the
results? an update (r3778) has been commited this moment regarding
this bug report.
kr
On Wed, Apr 27, 2011 at 11:49 AM, Jacco van Tuijl
wrote:
> [11:08:16] [WARNING] HTTP error codes detected during testing:
> 403 (F
62 matches
Mail list logo
