hi Daniele. please forgive for my rudeness. it was only matter of time before someone will try to do bad things to sqlmap with things like: 'a'*10000.
this is the only PoC i could find for python based programs and it requires ancient Python version and usage of os.path.realpath function: http://www.securiteam.com/exploits/5BP0D2KI0C.html we use it only at two places - grep for os.path.realpath(__file__), and it's hardly imaginable that it could be exploited in that manner. nevertheless, thank you for your report and find it fixed in the latest commit. kr On Fri, Jun 3, 2011 at 12:13 PM, Miroslav Stampar <miroslav.stam...@gmail.com> wrote: > hi Daniele. > > first of all ROFLMAO :) > > if you wanted to fuzz the sqlmap to become famous then... i can't find > appropriate words. only problem is that you'll need to find a way how > to execute fuzzed python code. > > we'll patch this one just for the lulz > > good luck and thanks for all the fish :) > > kr > > On Fri, Jun 3, 2011 at 11:54 AM, Daniele Rivetti > <daniele.rive...@yahoo.com> wrote: >> I did this thing under windows: create a /x41 (10000 bytes) file (called >> sqlmap.conf) I gave it to sqlmap with -c and i got this: >> C:\pentest-vulnass\sqlmap>python sqlmap.py -c sqlmap.conf >> >> sqlmap/0.9 - automatic SQL injection and database takeover tool >> http://sqlmap.sourceforge.net >> >> [*] starting at: 11:43:52 >> >> >> >> [*] shutting down at: 11:43:52 >> >> Traceback (most recent call last): >> File "sqlmap.py", line 126, in <module> >> main() >> File "sqlmap.py", line 111, in main >> errMsg = unhandledExceptionMessage() >> File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 2361, in >> unhandledEx >> ceptionMessage >> errMsg += "Back-end DBMS: %s" % ("%s (fingerprinted)" % >> Backend.getDbms() if >> Backend.getDbms() is not None else "%s (identified)" % >> Backend.getIdentifiedDbm >> s()) >> File "C:\pentest-vulnass\sqlmap\lib\core\common.py", line 364, in >> getIdentifie >> dDbms >> elif conf.dbms is not None: >> File "C:\pentest-vulnass\sqlmap\lib\core\datatype.py", line 40, in >> __getattr__ >> >> raise sqlmapDataException, "unable to access item '%s'" % item >> lib.core.exception.sqlmapDataException: unable to access item 'dbms' >> >> C:\pentest-vulnass\sqlmap> >> >> Maybe you can find this useful. >> Daniele >> regards >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment with vRanger. >> Installation's a snap, and flexible recovery options mean your data is safe, >> secure and there when you need it. Discover what all the cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
