Hi.
Does your original case use GET parameters? That could be a bug in sqlmap
(appending to GET while there is no GET in the first place).
Kind regards,
Miroslav Stampar
On Fri, Aug 30, 2013 at 12:09 PM, Sebastian Nerz <sebastian.n...@syss.de>wrote:
> Hi there,
>
> sqlmap is dying, when it should handle unicode. What I am doing is the
> following:
>
> x is a parameter on a website, normally it contains base16(base64(binary
> hash)). I am testing this parameter by submitting an empty parameter x
> and --eval. In --eval I am concatenating my original values (u'\x...')
> with the payload, encode it as base64 and overwrite the parameter.
> Everything is working fine - IF and only if I overwrite every temporary
> variable.
> Apparently sqlmap is trying to concat the new variables to the list of
> parameters and failing because they are unicode. Maybe some checking
> could be done?
>
> Best regards,
>
> Sebastian Nerz
>
> [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2,
> retry your run with the latest development version from the GitHub
> repository. If the exception persists, please send by e-mail to
> 'sqlmap-users@lists.sourceforge.net' or open a new issue at
> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following
> text and any information required to reproduce the bug. The developers
> will try to reproduce the bug, fix it accordingly and get back to you.
> sqlmap version: 1.0-dev-7cb3ea2
> Python version: 2.7.4
> Operating system: posix
> Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l
> /tmp/sql5 --level=5 --risk=3 -p X --proxy=*********************
> --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c
> Technique: None
> Back-end DBMS: None (identified)
> Traceback (most recent call last):
> File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main
> start()
> File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line
> 363, in start
> if not checkConnection(suppressOutput=conf.forms) or not
> checkString() or not checkRegexp():
> File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line
> 1195, in checkConnection
> page, _ = Request.queryPage(content=True, noteResponseTime=False)
> File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787,
> in queryPage
> get += "%s%s=%s" % (delimiter, name, value)
> TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode'
>
>
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
