Hi David.
Thank you for your report and find it fixed with the latest commit (r4693).
Kind regards,
Miroslav Stampar
On Mon, Jan 30, 2012 at 12:22 PM, David Alvarez
<david.alvare...@gmail.com>wrote:
> Hi Miroslav,
>
> Thank you for your response!
>
> "INFERENCE_BLANK_BREAK" was very usefull to reduce the number of requests.
> great!
>
> Now, I report you an unhandled exception found during the test:
> *[CRITICAL] unhandled exception in sqlmap/1.0-dev (r4692), retry your run
> with the latest development version from the Subversion repository. If the
> exception persists, please send by e-mail to
> sqlmap-users@lists.sourceforge.net the following text and any information
> required to reproduce the bug. The developers will try to reproduce the
> bug, fix it accordingly and get back to you.*
> *sqlmap version: 1.0-dev (r4692)*
> *Python version: 2.6.6*
> *Operating system: posix*
> *Command line: sqlmap.py -u
> *************************************************************************************************************************************************************************
> --data ******************************************************* -p param
> --cookie=****** --proxy http://127.0.0.1:1234 --safe-freq=1
> --safe-url=*************************************** --tables*
> *Technique: BOOLEAN*
> *Back-end DBMS: IBM DB2 (fingerprinted)*
> *Traceback (most recent call last):*
> * File "/home/user/sqlmap-dev/_sqlmap.py", line 83, in main*
> * start()*
> * File "/home/user/sqlmap-dev/lib/controller/controller.py", line 563,
> in start *
> * action()*
> * File "/home/user/sqlmap-dev/lib/controller/action.py", line 91, in
> action *
> * conf.dumper.dbTables(conf.dbmsHandler.getTables())*
> * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 833,
> in getTables*
> * dbs = self.getDbs()*
> * File "/home/user/sqlmap-dev/plugins/generic/enumeration.py", line 777,
> in getDbs*
> * db = inject.getValue(query, inband=False, error=False)*
> * File "/home/user/sqlmap-dev/lib/request/inject.py", line 457, in
> getValue*
> * value = __goInferenceProxy(query, fromUser, expected, batch,
> resumeValue, unpack, charsetType, firstChar, lastChar, dump)*
> * File "/home/user/sqlmap-dev/lib/request/inject.py", line 324, in
> __goInferenceProxy*
> * outputs = __goInferenceFields(expression, expressionFields,
> expressionFieldsList, payload, expected, resumeValue=resumeValue,
> charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
> *
> * File "/home/user/sqlmap-dev/lib/request/inject.py", line 103, in
> __goInferenceFields*
> * output = __goInference(payload, expressionReplaced, charsetType,
> firstChar, lastChar, dump)*
> * File "/home/user/sqlmap-dev/lib/request/inject.py", line 66, in
> __goInference *
> * count, value = bisection(payload, expression, length, charsetType,
> firstChar, lastChar, dump)*
> * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line
> 497, in bisection*
> * val = getChar(index, asciiTbl)*
> * File "/home/user/sqlmap-dev/lib/techniques/blind/inference.py", line
> 214, in getChar*
> * unescapedCharValue = unescaper.unescape(markingValue %
> decodeIntToUnicode(posValue))*
> *TypeError: %c requires int or char*
>
> Kind Regards,
> David Alvarez
>
> On Mon, Jan 30, 2012 at 11:07 AM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Hi David.
>>
>> Fact is that we rely that DBMS won't return a proper character on a
>> request for "substring" on non-valid index and that works ok for most of
>> today's DBMSes.
>>
>> But, also we do have a check for these kind of cases. If there is more
>> than some predefined number of spaces at the end of the retrieved value we
>> just abruptly abort with that value, trim spaces from the end and continue
>> on with the next item.
>>
>> Thing is that that "breaking" value is currently (r4692) set to 10 and if
>> you think that's too high for your case you are more than welcome to adjust
>> it to your needs. Just go to the lib/core/settings.py and change line:
>>
>> INFERENCE_BLANK_BREAK = 10
>>
>> to something more appropriate for your needs (e.g. 3)
>>
>> Kind regards,
>> Miroslav Stampar
>>
>> On Fri, Jan 27, 2012 at 6:53 PM, David Alvarez <
>> david.alvare...@gmail.com> wrote:
>>
>>> Hello,
>>>
>>> There is a sql injection in an IBM DB2 9.1. I'm using an AND
>>> boolean-based blind injection. The problem is that sqlmap doesn't check
>>> properly the end of the string and go in loop getting space chars as result.
>>>
>>> I'm using the latest version of sqlmap (r4690).
>>>
>>> How could I resolve it?
>>>
>>> Regards,
>>> David Alvarez
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Try before you buy = See our experts in action!
>>> The most comprehensive online learning library for Microsoft developers
>>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>>> Metro Style Apps, more. Free future releases when you subscribe now!
>>> http://p.sf.net/sfu/learndevnow-dev2
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
