Hi Miroslav,

Thank you for your response!

"INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests.
great!

Now, I report you an unhandled exception found during the test:
*[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sqlmap-users@lists.sourceforge.net the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.*
*sqlmap version: 1.0-dev (r4692)*
*Python version: 2.6.6*
*Operating system: posix*
*Command line: sqlmap.py -u
*************************************************************************************************************************************************************************
--data ******************************************************* -p param
--cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1
--safe-url=*************************************** --tables*
*Technique: BOOLEAN*
*Back-end DBMS: IBM DB2 (fingerprinted)*
*Traceback (most recent call last):*
*  File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main*
*    start()*
*  File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563, in
start *
*    action()*
*  File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in
action *
*    conf.dumper.dbTables(conf.dbmsHandler.getTables())*
*  File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833,
in getTables*
*    dbs = self.getDbs()*
*  File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777,
in getDbs*
*    db = inject.getValue(query, inband=False, error=False)*
*  File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in getValue
*
*    value = __goInferenceProxy(query, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar, dump)*
*  File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in
__goInferenceProxy*
*    outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, resumeValue=resumeValue,
charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)*
*  File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in
__goInferenceFields*
*    output = __goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar, dump)*
*  File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in
__goInference *
*    count, value = bisection(payload, expression, length, charsetType,
firstChar, lastChar, dump)*
*  File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line
497, in bisection*
*    val = getChar(index, asciiTbl)*
*  File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line
214, in getChar*
*    unescapedCharValue = unescaper.unescape(markingValue %
decodeIntToUnicode(posValue))*
*TypeError: %c requires int or char*

Kind Regards,
David Alvarez

On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:

> Hi David.
>
> Fact is that we rely that DBMS won't return a proper character on a
> request for "substring" on non-valid index and that works ok for most of
> today's DBMSes.
>
> But, also we do have a check for these kind of cases. If there is more
> than some predefined number of spaces at the end of the retrieved value we
> just abruptly abort with that value, trim spaces from the end and continue
> on with the next item.
>
> Thing is that that "breaking" value is currently (r4692) set to 10 and if
> you think that's too high for your case you are more than welcome to adjust
> it to your needs. Just go to the lib/core/settings.py and change line:
>
> INFERENCE_BLANK_BREAK = 10
>
> to something more appropriate for your needs (e.g. 3)
>
> Kind regards,
> Miroslav Stampar
>
>  On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez <david.alvare...@gmail.com
> > wrote:
>
>>  Hello,
>>
>> There is a sql injection in an IBM DB2 9.1. I'm using an AND
>> boolean-based blind injection. The problem is that sqlmap doesn't check
>> properly the end of the string and go in loop getting space chars as result.
>>
>> I'm using the latest version of sqlmap (r4690).
>>
>> How could I resolve it?
>>
>> Regards,
>> David Alvarez
>>
>>
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to