Hi Miroslav,
Thank you for your response!
"INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests.
great!
Now, I report you an unhandled exception found during the test:
*[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sqlmap-users@lists.sourceforge.net the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.*
*sqlmap version: 1.0-dev (r4692)*
*Python version: 2.6.6*
*Operating system: posix*
*Command line: sqlmap.py -u
*************************************************************************************************************************************************************************
--data ******************************************************* -p param
--cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1
--safe-url=*************************************** --tables*
*Technique: BOOLEAN*
*Back-end DBMS: IBM DB2 (fingerprinted)*
*Traceback (most recent call last):*
* File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main*
* start()*
* File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563, in
start *
* action()*
* File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in
action *
* conf.dumper.dbTables(conf.dbmsHandler.getTables())*
* File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833,
in getTables*
* dbs = self.getDbs()*
* File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777,
in getDbs*
* db = inject.getValue(query, inband=False, error=False)*
* File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in getValue
*
* value = __goInferenceProxy(query, fromUser, expected, batch,
resumeValue, unpack, charsetType, firstChar, lastChar, dump)*
* File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in
__goInferenceProxy*
* outputs = __goInferenceFields(expression, expressionFields,
expressionFieldsList, payload, expected, resumeValue=resumeValue,
charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)*
* File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in
__goInferenceFields*
* output = __goInference(payload, expressionReplaced, charsetType,
firstChar, lastChar, dump)*
* File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in
__goInference *
* count, value = bisection(payload, expression, length, charsetType,
firstChar, lastChar, dump)*
* File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line
497, in bisection*
* val = getChar(index, asciiTbl)*
* File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line
214, in getChar*
* unescapedCharValue = unescaper.unescape(markingValue %
decodeIntToUnicode(posValue))*
*TypeError: %c requires int or char*
Kind Regards,
David Alvarez
On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi David.
>
> Fact is that we rely that DBMS won't return a proper character on a
> request for "substring" on non-valid index and that works ok for most of
> today's DBMSes.
>
> But, also we do have a check for these kind of cases. If there is more
> than some predefined number of spaces at the end of the retrieved value we
> just abruptly abort with that value, trim spaces from the end and continue
> on with the next item.
>
> Thing is that that "breaking" value is currently (r4692) set to 10 and if
> you think that's too high for your case you are more than welcome to adjust
> it to your needs. Just go to the lib/core/settings.py and change line:
>
> INFERENCE_BLANK_BREAK = 10
>
> to something more appropriate for your needs (e.g. 3)
>
> Kind regards,
> Miroslav Stampar
>
> On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez <david.alvare...@gmail.com
> > wrote:
>
>> Hello,
>>
>> There is a sql injection in an IBM DB2 9.1. I'm using an AND
>> boolean-based blind injection. The problem is that sqlmap doesn't check
>> properly the end of the string and go in loop getting space chars as result.
>>
>> I'm using the latest version of sqlmap (r4690).
>>
>> How could I resolve it?
>>
>> Regards,
>> David Alvarez
>>
>>
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
