Hi,
I were using sqlmap to check a demo website and got the below error message
twice.
I run sqlmap with wizard and set the scanner to highest level and risk. The
test was run in BackTrack 5, VMWare player 3.1.4, the vm settings are: 1Gb RAM,
20Gb extendable HDD with NAT in Windows 7 Ultimate installed on T43, 2Gb RAM,
40Gb HDD. I was using wireless connection when run this test.
Please check! Many thanks.
===========================================================================
# python sqlmap.py --wizard
sqlmap/0.9 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[*] starting at: 14:34:01
Please enter full target URL (-u): http://demo.testfire.net/subscribe.aspx
POST data (--data) [Enter for None]: txtEmail=a...@comp.com&btnSubmit=Subscribe
Injection difficulty (--level/--risk). Please choose:
[1] Normal (default)
[2] Medium
[3] Hard
> 3
Enumeration (--banner/--current-user/etc). Please choose:
[1] Basic (default)
[2] Smart
[3] All
> 3
sqlmap is running, please wait..
sqlmap identified the following injection points with a total of 4653 HTTP(s)
requests:
---
Place:
POST
Parameter: btnSubmit
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: txtEmail=a...@comp.com&btnSubmit=-6204) OR NOT 5551=5551 AND
(7686=7686
---
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft Access
banner: 'None'
current user: 'None'
current database: 'None'
[16:32:14] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with
the latest development version from the Subversion repository. If the exception
persists, please send by e-mail to sqlmap-users@lists.sourceforge.net the
following text and any information required to reproduce the bug. The
developers will try to reproduce the bug, fix it accordingly and get back to
you.
sqlmap version: 0.9 (r3630)
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py --wizard
Technique: BOOLEAN
Back-end DBMS: Microsoft Access (fingerprinted)
Traceback (most recent call last):
File "sqlmap.py", line 82, in main
start()
File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", line 447,
in start
action()
File "/pentest/web/scanners/sqlmap/lib/controller/action.py", line 70, in
action
conf.dumper.dba(conf.dbmsHandler.isDba())
File "/pentest/web/scanners/sqlmap/plugins/generic/enumeration.py", line 149,
in isDba
query = queries[Backend.getIdentifiedDbms()].is_dba.query
File "/pentest/web/scanners/sqlmap/extra/xmlobject/xmlobject.py", line 372,
in __getattr__
raise AttributeError(attr)
AttributeError: query
[*] shutting down at: 16:32:14
Ha Thanh
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
