Hi there, sqlmap is dying, when it should handle unicode. What I am doing is the following:
x is a parameter on a website, normally it contains base16(base64(binary hash)). I am testing this parameter by submitting an empty parameter x and --eval. In --eval I am concatenating my original values (u'\x...') with the payload, encode it as base64 and overwrite the parameter. Everything is working fine - IF and only if I overwrite every temporary variable. Apparently sqlmap is trying to concat the new variables to the list of parameters and failing because they are unicode. Maybe some checking could be done? Best regards, Sebastian Nerz [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sqlmap-users@lists.sourceforge.net' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev-7cb3ea2 Python version: 2.7.4 Operating system: posix Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main start() File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line 363, in start if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line 1195, in checkConnection page, _ = Request.queryPage(content=True, noteResponseTime=False) File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, in queryPage get += "%s%s=%s" % (delimiter, name, value) TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode'
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
