Re: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

Tue, 17 Jun 2014 03:01:32 -0700 

this should help:

 <http://www.notsosecure.com/blog/2013/09/12/pwning-postgres-9-1/> 
http://www.notsosecure.com/blog/2013/09/12/pwning-postgres-9-1/

 

 

Founder/Director

NotSoSecure Limited,

9, Old Forge Way,

Sawston,

CB223BZ

www.notsosecure.com <http://www.notsosecure.com/>  

 

Upcoming events:

The Art of Exploiting Injection Flaws 
<http://blackhat.com/us-14/training/the-art-of-exploiting-injection-flaws.html> 
. 2 days hands-on training Black Hat 2014, Las Vegas

Advanced Android and iOS Exploitation 
<http://www.eventbrite.co.uk/e/advanced-android-and-ios-exploitation-tickets-11837214427>
 : 3 days hands-on training in London

 

From: Brandon Perry [mailto:bperry.volat...@gmail.com] 
Sent: 14 June 2014 04:54
To: sqlmap users
Subject: [sqlmap-users] 64-bit pgsql 9.1 udf missing?

 

Hello!

 

I have run into a small issue, it seems that the 9.1 pgsql udf wasn't 
compiled/checked into source control.

 

brandons-imac:sqlmap bperry$ find . | grep postgresqludf

./udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so

./udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so

./udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so

./udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll

./udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll

./udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll

./udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll

brandons-imac:sqlmap bperry$

 

You can see that:

 

./udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so

 

is missing. This leads to the following error. Anything I can do to help, let 
me know:

 

what is the back-end database management system architecture?

[1] 32-bit (default)

[2] 64-bit

> 2

[22:48:43] [INFO] checking if UDF 'sys_eval' already exist

[22:48:43] [INFO] checking if UDF 'sys_exec' already exist

 

[22:48:43] [CRITICAL] unhandled exception in sqlmap/1.0-dev-f558b80, retry your 
run with the latest development version from the GitHub repository. If the 
exception persists, please send by e-mail to 
'sqlmap-users@lists.sourceforge.net <mailto:sqlmap-users@lists.sourceforge.net> 
' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' 
with the following text and any information required to reproduce the bug. The 
developers will try to reproduce the bug, fix it accordingly and get back to 
you.

sqlmap version: 1.0-dev-f558b80

Python version: 2.7.5

Operating system: posix

Command line: ./sqlmap.py -r /Users/bperry/tmp/req.req --level=5 --risk=3 
--dbms=postgresql -o --os-shell

Technique: TIME

Back-end DBMS: PostgreSQL (fingerprinted)

Traceback (most recent call last):

  File "./sqlmap.py", line 95, in main

    start()

  File "/Users/bperry/projects/sqlmap/lib/controller/controller.py", line 585, 
in start

    action()

  File "/Users/bperry/projects/sqlmap/lib/controller/action.py", line 160, in 
action

    conf.dbmsHandler.osShell()

  File "/Users/bperry/projects/sqlmap/plugins/generic/takeover.py", line 80, in 
osShell

    self.initEnv(web=web)

  File "/Users/bperry/projects/sqlmap/lib/takeover/abstraction.py", line 198, 
in initEnv

    success = self.udfInjectSys()

  File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 184, in 
udfInjectSys

    return self.udfInjectCore(self.sysUdfs)

  File "/Users/bperry/projects/sqlmap/lib/takeover/udf.py", line 149, in 
udfInjectCore

    written = self.writeFile(self.udfLocalFile, self.udfRemoteFile, "binary", 
forceCheck=True)

  File "/Users/bperry/projects/sqlmap/plugins/generic/filesystem.py", line 270, 
in writeFile

    written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck)

  File "/Users/bperry/projects/sqlmap/plugins/dbms/postgresql/filesystem.py", 
line 37, in stackedWriteFile

    wFileSize = os.path.getsize(wFile)

  File 
"/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/genericpath.py",
 line 49, in getsize

    return os.stat(filename).st_size

OSError: [Errno 2] No such file or directory: 
'/Users/bperry/projects/sqlmap/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so'

 

[*] shutting down at 22:48:43

 

 

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website 


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to