hi. this should be fixed for some time in latest v1.0-dev in our SVN repository.
please do the: $ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev to have it up to date. kind regards, Miroslav Stampar On Thu, Sep 22, 2011 at 11:28 AM, le ha thanh <lehath...@yahoo.com> wrote: > Hi, > I were using sqlmap to check a demo website and got the below error message > twice. > I run sqlmap with wizard and set the scanner to highest level and risk. The > test was run in BackTrack 5, VMWare player 3.1.4, the vm settings are: 1Gb > RAM, 20Gb extendable HDD with NAT in Windows 7 Ultimate installed on T43, > 2Gb RAM, 40Gb HDD. I was using wireless connection when run this test. > Please check! Many thanks. > > =========================================================================== > > > # python sqlmap.py --wizard > > sqlmap/0.9 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 14:34:01 > > Please enter full target URL (-u): http://demo.testfire.net/subscribe.aspx > POST data (--data) [Enter for None]: > txtEmail=a...@comp.com&btnSubmit=Subscribe > Injection difficulty (--level/--risk). Please choose: > [1] Normal (default) > [2] Medium > [3] Hard >> 3 > Enumeration (--banner/--current-user/etc). Please choose: > [1] Basic (default) > [2] Smart > [3] All >> 3 > > sqlmap is running, please wait.. > > sqlmap identified the following injection points with a total of 4653 > HTTP(s) requests: > --- > Place: > POST > Parameter: btnSubmit > Type: boolean-based blind > Title: OR boolean-based blind - WHERE or HAVING clause > Payload: txtEmail=a...@comp.com&btnSubmit=-6204) OR NOT 5551=5551 AND > (7686=7686 > --- > > web server operating system: Windows 2003 > web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 > back-end DBMS: Microsoft Access > banner: 'None' > > current user: 'None' > > current database: 'None' > > > [16:32:14] [CRITICAL] unhandled exception in sqlmap/0.9, retry your run with > the latest development version from the Subversion repository. If the > exception persists, please send by e-mail to > sqlmap-users@lists.sourceforge.net the following text and any information > required to reproduce the bug. The developers will try to reproduce the bug, > fix it accordingly and get back to you. > sqlmap version: 0.9 (r3630) > Python version: 2.6.5 > Operating system: posix > Command line: sqlmap.py --wizard > Technique: BOOLEAN > Back-end DBMS: Microsoft Access (fingerprinted) > Traceback (most recent call last): > File "sqlmap.py", line 82, in main > start() > File "/pentest/web/scanners/sqlmap/lib/controller/controller.py", line > 447, in start > action() > File "/pentest/web/scanners/sqlmap/lib/controller/action.py", line 70, in > action > conf.dumper.dba(conf.dbmsHandler.isDba()) > File "/pentest/web/scanners/sqlmap/plugins/generic/enumeration.py", line > 149, in isDba > query = queries[Backend.getIdentifiedDbms()].is_dba.query > File "/pentest/web/scanners/sqlmap/extra/xmlobject/xmlobject.py", line > 372, in __getattr__ > raise AttributeError(attr) > AttributeError: query > > [*] shutting down at: 16:32:14 > > Ha Thanh > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
