./sqlmap.py --proxy=http://127.0.0.1:8118 --random-agent --technique=BSU
--url='https://target.host/www/Buggy.aspx?1stParam=329057&2ndParam=1692468&3rdParam=10037'
--threads=4 --dbms=mssql --os=windows -p1stParam,2ndParam,3rdParam
sqlmap/1.0-dev-6b826ef - automatic SQL injection and database
takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without
prior mutual consent is illegal. It is the end user's responsibility to
obey all applicable local, state and federal laws. Developers assume no
liability and are not responsible for any misuse or damage caused by
this program
[*] starting at 02:51:21
[02:51:21] [INFO] fetched random HTTP User-Agent header from file
'/root/sqlmap-git/txt/user-agents.txt': Opera/9.52 (X11; Linux i686; U; fr)
[02:51:21] [INFO] testing connection to the target URL
[02:51:24] [INFO] testing if the target URL is stable. This can take a
couple of seconds
[02:51:27] [WARNING] target URL is not stable. sqlmap will base the page
comparison on a sequence matcher. If no dynamic nor injectable
parameters are detected, or in case of junk results, refer to user's
manual paragraph 'Page comparison' and provide a string or regular
expression to match on
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit]
sqlmap got a 302 redirect to 'http://www.target.host/www/Error.html'. Do
you want to follow? [Y/n]
[02:51:33] [INFO] heuristics detected web page charset 'UTF-8'
[02:51:33] [WARNING] heuristic (basic) test shows that GET parameter
'1stParam' might not be injectable
[02:51:33] [INFO] testing for SQL injection on GET parameter '1stParam'
[02:51:33] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:52:08] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[02:52:08] [WARNING] time-based comparison needs larger statistical
model. Making a few dummy requests, please wait..
[02:52:21] [CRITICAL] there is considerable lagging in connection
response(s). Please use as high value for option '--time-sec' as
possible (e.g. 10 or more)
[02:52:24] [WARNING] HTTP error codes detected during run:
403 (Forbidden) - 10 times
[02:52:24] [CRITICAL] unhandled exception in sqlmap/1.0-dev-6b826ef,
retry your run with the latest development version from the GitHub
repository. If the exception persists, please send by e-mail to
'sqlmap-users@lists.sourceforge.net' or open a new issue at
'https://github.com/sqlmapproject/sqlmap/issues/new' with the following
text and any information required to reproduce the bug. The developers
will try to reproduce the bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev-6b826ef
Python version: 2.7.4
Operating system: posix
Command line: ./sqlmap.py --proxy=********************* --random-agent
--technique=BSU
--url=**********************************************************************************************************************
--threads=4 --dbms=mssql --os=windows -p1stParam,2ndParam,3rdParam
Technique: None
Back-end DBMS: Microsoft SQL Server (identified)
Traceback (most recent call last):
File "./sqlmap.py", line 95, in main
start()
File "/root/sqlmap-git/lib/controller/controller.py", line 481, in start
injection = checkSqlInjection(place, parameter, value)
File "/root/sqlmap-git/lib/controller/checks.py", line 438, in
checkSqlInjection
trueResult = Request.queryPage(reqPayload, place,
timeBasedCompare=True, raise404=False)
File "/root/sqlmap-git/lib/request/connect.py", line 857, in queryPage
page, headers, code = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, referer=referer, host=host, silent=silent,
method=method, auxHeaders=auxHeaders, response=response,
raise404=raise404, ignoreTimeout=timeBasedCompare)
File "/root/sqlmap-git/lib/request/connect.py", line 373, in getPage
conn = urllib2.urlopen(req)
File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
return _opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 410, in open
response = meth(req, response)
File "/usr/lib/python2.7/urllib2.py", line 523, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib/python2.7/urllib2.py", line 442, in error
result = self._call_chain(*args)
File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
result = func(*args)
File "/root/sqlmap-git/lib/request/redirecthandler.py", line 115, in
http_error_302
req.headers[HTTP_HEADER.COOKIE] =
headers[HTTP_HEADER.SET_COOKIE].split(conf.cDel or
DEFAULT_COOKIE_DELIMITER)[0]
NameErrorr: global name 'conf' is not defined
[*] shutting down at 02:52:24
# Adding --risk=3 --level=5 --dop-set-cookie results the same at the
following step (crash occurs on a constant basis):
[03:04:47] [INFO] setting file for logging HTTP traffic
[03:04:47] [INFO] fetched random HTTP User-Agent header from file
'/root/sqlmap-git/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux
x86_64; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.222.1
Safari/532.2
[03:04:47] [INFO] testing connection to the target URL
[03:04:51] [INFO] testing if the target URL is stable. This can take a
couple of seconds
[03:04:57] [WARNING] target URL is not stable. sqlmap will base the page
comparison on a sequence matcher. If no dynamic nor injectable
parameters are detected, or in case of junk results, refer to user's
manual paragraph 'Page comparison' and provide a string or regular
expression to match on
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit]
sqlmap got a 302 redirect to 'http://www.target.host/www/Error.html'. Do
you want to follow? [Y/n]
[03:05:04] [CRITICAL] Ka-boom
Last traffic log request/response:
############################################################################
HTTP request [#3]:
GET
/www/Buggy.aspx?i1stParam=329057%5B%22%2C%2C%5B.%22%5B%27%2C&2ndParam=1692468&3rdParam=10037
HTTP/1.1
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.3.154.9 Safari/525.19
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: www.target.host
Pragma: no-cache
Cache-control: no-cache,no-store
Connection: close
HTTP redirect [#3] (302 Redirect):
Content-length: 149
X-aspnet-version: 2.0.50727
Content-encoding: gzip
Set-cookie: ISS-Targ=TesteAB=B; domain=target.host; path=/
X-powered-by: ASP.NET
Vary: Accept-Encoding, User-Agent
Server: Microsoft-IIS/7.0
Connection: Keep-Alive
X-server: DALLAS011
Location: http://www.target.host/www/Error.html
Cache-control: private
Date: Wed, 31 Jul 2013 19:01:57 GMT
Content-type: text/html; charset=UTF-8
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a
HREF="http://www.target.host/www/Error.html";>here</a></body>
############################################################################
EOF
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
