Hi, Am 30.08.2013 12:15, schrieb Miroslav Stampar: > > Does your original case use GET parameters? That could be a bug in sqlmap > (appending to GET while there is no GET in the first place).
No, it only contains COOKIE parameters. Kind regards, Sebastian Nerz > > Kind regards, > Miroslav Stampar > > > On Fri, Aug 30, 2013 at 12:09 PM, Sebastian Nerz > <sebastian.n...@syss.de>wrote: > >> Hi there, >> >> sqlmap is dying, when it should handle unicode. What I am doing is the >> following: >> >> x is a parameter on a website, normally it contains base16(base64(binary >> hash)). I am testing this parameter by submitting an empty parameter x >> and --eval. In --eval I am concatenating my original values (u'\x...') >> with the payload, encode it as base64 and overwrite the parameter. >> Everything is working fine - IF and only if I overwrite every temporary >> variable. >> Apparently sqlmap is trying to concat the new variables to the list of >> parameters and failing because they are unicode. Maybe some checking >> could be done? >> >> Best regards, >> >> Sebastian Nerz >> >> [11:59:51] [CRITICAL] unhandled exception in sqlmap/1.0-dev-7cb3ea2, >> retry your run with the latest development version from the GitHub >> repository. If the exception persists, please send by e-mail to >> 'sqlmap-users@lists.sourceforge.net' or open a new issue at >> 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following >> text and any information required to reproduce the bug. The developers >> will try to reproduce the bug, fix it accordingly and get back to you. >> sqlmap version: 1.0-dev-7cb3ea2 >> Python version: 2.7.4 >> Operating system: posix >> Command line: /home/snerz/Downloads/sqlmap/sqlmap.py --eval=** -l >> /tmp/sql5 --level=5 --risk=3 -p X --proxy=********************* >> --force-ssl --drop-set-cookie --answer=this URL=y,proceed=c >> Technique: None >> Back-end DBMS: None (identified) >> Traceback (most recent call last): >> File "/home/snerz/Downloads/sqlmap/sqlmap.py", line 95, in main >> start() >> File "/home/snerz/Downloads/sqlmap/lib/controller/controller.py", line >> 363, in start >> if not checkConnection(suppressOutput=conf.forms) or not >> checkString() or not checkRegexp(): >> File "/home/snerz/Downloads/sqlmap/lib/controller/checks.py", line >> 1195, in checkConnection >> page, _ = Request.queryPage(content=True, noteResponseTime=False) >> File "/home/snerz/Downloads/sqlmap/lib/request/connect.py", line 787, >> in queryPage >> get += "%s%s=%s" % (delimiter, name, value) >> TypeError: unsupported operand type(s) for +=: 'NoneType' and 'unicode' >> >> >> >> ------------------------------------------------------------------------------ >> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! >> Discover the easy way to master current and previous Microsoft technologies >> and advance your career. Get an incredible 1,500+ hours of step-by-step >> tutorial videos with LearnDevNow. Subscribe today and save! >> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > -- Sebastian Nerz Dipl.-Inform. IT-Security Consultant mailto:sebastian.n...@syss.de ___________________________________________________________ SySS GmbH Wohlboldstraße 8 72072 Tübingen Germany Voice: +49 7071 407856-31 Fax: +49 7071 407856-19 WWW: http://www.syss.de PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 Geschaeftsfuehrer Sebastian Schreiber Registergericht: Amtsgericht Stuttgart / HRB 382420 Steuernummer: 86118 / 55809
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
