Bernardo Damele A. G. | 4 Oct 13:27 2012
Picon

Re: Oracle PL/SQL Stacked Queries Question

Hi Chris,

On 3 October 2012 21:33, Chris Oakley
<christopher.oakley@...> wrote:
> Hi All
>
> When I get an injection for an Oracle system on the back end, I can use
> --sql-shell with no problems.  However, if I try to use stacked queries
> here, I get an error message from SQLMap saying that I can't do that unless
> stacked queries are enabled, which as far as I know you can't do with
> Oracle, so that makes sense.

Web application programming languages like PHP, ASP, ASP.NET and JSP
have obviously functions to query Oracle (or rely on ODBC/JDBC or
similar drivers). Regardless, they do not interpret and stack up
separate queries sequentially when semi-colon (;) is provided hence
stacked queries SQL injection by default won't work.
However, when the SQL injection is within a Oracle function and PL/SQL
code is allowed, you can stack queries sequentially. We have an open
ticket to deal with this,
https://github.com/sqlmapproject/sqlmap/issues/16

> However, I've been reading and it seems (I could be wrong here, still
> playing) that from 8i to 11g R2 there are packages which allow execution of
> anonymous PL/SQL blocks - dbms_xmlquery.newcontext() and
> dbms_xmlquery.getxml().  These are accessible to public by default.  So an
> injection might be ?id=1 and (select dbms_xmlquery.newcontext('various;
> stacked; queries;') from dual) is not null --  I've looked at SQLMaps
> queries through a proxy and I don't think it does anything like this.
> Again, I'm just reading up on this now so I could well be off base here.
(Continue reading)

Chris Oakley | 3 Oct 22:33 2012
Picon

Oracle PL/SQL Stacked Queries Question

Hi All

When I get an injection for an Oracle system on the back end, I can use --sql-shell with no problems.  However, if I try to use stacked queries here, I get an error message from SQLMap saying that I can't do that unless stacked queries are enabled, which as far as I know you can't do with Oracle, so that makes sense. 

However, I've been reading and it seems (I could be wrong here, still playing) that from 8i to 11g R2 there are packages which allow execution of anonymous PL/SQL blocks - dbms_xmlquery.newcontext() and dbms_xmlquery.getxml().  These are accessible to public by default.  So an injection might be ?id=1 and (select dbms_xmlquery.newcontext('various; stacked; queries;') from dual) is not null --  I've looked at SQLMaps queries through a proxy and I don't think it does anything like this.  Again, I'm just reading up on this now so I could well be off base here.

Ultimately, I'm trying to use the injection to gain DBA privs.  I'm playing around manually at the moment but wondered if this is something SQLMap could potentially do and doesn't (or I'm totally wrong!)

Regards

Chris

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Chris Oakley | 4 Oct 14:27 2012
Picon

Re: Oracle PL/SQL Stacked Queries Question

Hi Bernardo

Thanks for a very comprehensive reply.

Your ticket #16 is something I'm going to be doing very soon, I need more practice with this.  I'll check out some of those aux modules too.

The David Litchfield papers linked from one of your tickets is also interesting reading.  The user has the following privs:

SELECT * FROM session_privs; [11]:
[*] CREATE CLUSTER
[*] CREATE INDEXTYPE
[*] CREATE OPERATOR
[*] CREATE PROCEDURE
[*] CREATE SEQUENCE
[*] CREATE SESSION
[*] CREATE SYNONYM
[*] CREATE TABLE
[*] CREATE TRIGGER
[*] CREATE TYPE
[*] UNLIMITED TABLESPACE

So I think something should be possible here.

Regards

Chris

On 4 October 2012 12:27, Bernardo Damele A. G. <bernardo.damele-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
Hi Chris,

On 3 October 2012 21:33, Chris Oakley <christopher.oakley-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi All
>
> When I get an injection for an Oracle system on the back end, I can use
> --sql-shell with no problems.  However, if I try to use stacked queries
> here, I get an error message from SQLMap saying that I can't do that unless
> stacked queries are enabled, which as far as I know you can't do with
> Oracle, so that makes sense.

Web application programming languages like PHP, ASP, ASP.NET and JSP
have obviously functions to query Oracle (or rely on ODBC/JDBC or
similar drivers). Regardless, they do not interpret and stack up
separate queries sequentially when semi-colon (;) is provided hence
stacked queries SQL injection by default won't work.
However, when the SQL injection is within a Oracle function and PL/SQL
code is allowed, you can stack queries sequentially. We have an open
ticket to deal with this,
https://github.com/sqlmapproject/sqlmap/issues/16

> However, I've been reading and it seems (I could be wrong here, still
> playing) that from 8i to 11g R2 there are packages which allow execution of
> anonymous PL/SQL blocks - dbms_xmlquery.newcontext() and
> dbms_xmlquery.getxml().  These are accessible to public by default.  So an
> injection might be ?id=1 and (select dbms_xmlquery.newcontext('various;
> stacked; queries;') from dual) is not null --  I've looked at SQLMaps
> queries through a proxy and I don't think it does anything like this.
> Again, I'm just reading up on this now so I could well be off base here.

Correct. There're a few tricks as far as I am aware to stack queries
in Oracle. This is one of those. sqlmap does not implement yet any of
these.

> Ultimately, I'm trying to use the injection to gain DBA privs.  I'm playing
> around manually at the moment but wondered if this is something SQLMap could
> potentially do and doesn't (or I'm totally wrong!)

Depending on the Oracle release and its version, you can leverage
different PL/SQL injection in default functions/triggers to escalate
your privileges to DBA. Metasploit has auxiliary modules for a number
of these vulnerabilities, see here
https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/sqli/oracle.
Look at the source code and forge your SQLi payload accordingly.
We have an open ticket to automate DBA privilege escalation on Oracle,
https://github.com/sqlmapproject/sqlmap/issues/29.

--
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
kyle easter | 5 Oct 01:29 2012
Picon

SQLmap on Microsoft Access

I do not really know how to use SQL map on MS access backend


I'm trying to test a website, But I'm stuck here 

sqlmap identified the following injection points with a total of 20 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=32 AND 1922=1922

I would understand what to do if this was just a normal php server, and bring up the tables but this obviously is not the same.

Can someone please help me?

Regards!
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Miroslav Stampar | 7 Oct 19:46 2012
Picon

Re: SQLmap on Microsoft Access

Hi Kyle.


You can find examples here [1] and here [2]. In short, in one run you'll need --tables to brute force table names and in other(s) --dump -T <table_name> to dump table of interest.

Kind regards,
Miroslav Stampar


On Fri, Oct 5, 2012 at 1:29 AM, kyle easter <kyle.easter93 <at> gmail.com> wrote:
I do not really know how to use SQL map on MS access backend

I'm trying to test a website, But I'm stuck here 

sqlmap identified the following injection points with a total of 20 HTTP(s) requests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=32 AND 1922=1922

I would understand what to do if this was just a normal php server, and bring up the tables but this obviously is not the same.

Can someone please help me?

Regards!

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmnc@public.gmane.orgurceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users




--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Karel Marhoul | 7 Oct 13:37 2012
Picon

SQLmap -l option bug

Hello, I came across a bug while using sqlmap with -l parameter. I have 
burp log file with following content (only one request to https port):

======================================================
12:40:22  https://www.xxx.cz:443  [81.91.80.92]
======================================================
GET

/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 
HTTP/1.1
Host: www.xxx.cz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 
Firefox/15.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://www.xxx.cz/
Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; 
__utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 
theme_cookie=life; 
e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; 
__utmc=148540003
Cache-Control: max-age=0

======================================================

Then I start sqlmap this way:

./sqlmap.py -l /root/burp.log --batch --threads=10 --scope=www.xxx.cz

And sqlmap instead of sending request to https (443) port it will use 
http (80) port instead:

---------------------------------------------------------
[13:21:55] [INFO] using regular expression 'www.xxx.cz' for filtering 
targets
[13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets list
[13:21:55] [INFO] url 1:
GET 
http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; 
__utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 
theme_cookie=life; 
e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; 
__utmc=148540003
do you want to test this url? [Y/n/q]
 > Y
[snip]
---------------------------------------------------------

Could you please fix this?

Regards

Karel Marhoul

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
Alton Johnson | 7 Oct 23:25 2012
Picon

sqlmap SQL blind time-based injection (MySQL)

In my situation, my vulnerable parameter is Referer in the HTTP
headers. I am able to enumerate the username and database name
manually, but can someone explain or point me to an article that gives
details about sqlmap and time-based with mysql? Here is an example of
how I was able to enumerate the name. I'm unsure if there's any
"custom" way of getting sqlmap work with this.

Code:
GET /vulnwebapp/index.php?id=2 HTTP/1.1
Host: 192.168.127.133
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML,
like Gecko) Chrome/22.0.1229.79 Safari/537.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: '+IF(SUBSTRING(USER(),1,1)='r',SLEEP(5),1)+'
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

FYI, I'm testing this on a vulnerable web app hosted by myself. So
with the above request, the page sleeps because the first character of
the current username is "r", which eventually allows me to change 1,1
to 2,1 and so forth until I figure out that the username is "root."

Is there any way to get sqlmap to assist with this type of attack?

Thanks,

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
Miroslav Stampar | 9 Oct 10:26 2012
Picon

Re: sqlmap SQL blind time-based injection (MySQL)

Hi Alton.


Please update to the latest revision and run sqlmap with the: -p referer.

Kind regards,
Miroslav Stampar

On Sun, Oct 7, 2012 at 11:25 PM, Alton Johnson <alton.jx-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
In my situation, my vulnerable parameter is Referer in the HTTP
headers. I am able to enumerate the username and database name
manually, but can someone explain or point me to an article that gives
details about sqlmap and time-based with mysql? Here is an example of
how I was able to enumerate the name. I'm unsure if there's any
"custom" way of getting sqlmap work with this.

Code:
GET /vulnwebapp/index.php?id=2 HTTP/1.1
Host: 192.168.127.133
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML,
like Gecko) Chrome/22.0.1229.79 Safari/537.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: '+IF(SUBSTRING(USER(),1,1)='r',SLEEP(5),1)+'
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

FYI, I'm testing this on a vulnerable web app hosted by myself. So
with the above request, the page sleeps because the first character of
the current username is "r", which eventually allows me to change 1,1
to 2,1 and so forth until I figure out that the username is "root."

Is there any way to get sqlmap to assist with this type of attack?

Thanks,

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmnc@public.gmane.orgurceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users



--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Miroslav Stampar | 9 Oct 10:30 2012
Picon

Re: SQLmap -l option bug

Hi Karel.


Strictly speaking there is no bug here. If you take a look carefully into the HTTP request inside you'll see that there is no mention of either HTTPS nor 443 inside the request itself. It seems like the request came from the https page (referer header), but landed toward the HTTP land.

I would suggest you to just try to append the :443 to the Host header value (Host: www.xxx.cz -> Host: www.xxx.cz:443)

Kind regards,
Miroslav Stampar

On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul <rezorcinol <at> seznam.cz> wrote:
Hello, I came across a bug while using sqlmap with -l parameter. I have
burp log file with following content (only one request to https port):

======================================================
12:40:22  https://www.xxx.cz:443  [81.91.80.92]
======================================================
GET
/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
HTTP/1.1
Host: www.xxx.cz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101
Firefox/15.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://www.xxx.cz/
Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20;
__utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
theme_cookie=life;
e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0;
__utmc=148540003
Cache-Control: max-age=0

======================================================

Then I start sqlmap this way:

./sqlmap.py -l /root/burp.log --batch --threads=10 --scope=www.xxx.cz

And sqlmap instead of sending request to https (443) port it will use
http (80) port instead:

---------------------------------------------------------
[13:21:55] [INFO] using regular expression 'www.xxx.cz' for filtering
targets
[13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets list
[13:21:55] [INFO] url 1:
GET
http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20;
__utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
theme_cookie=life;
e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0;
__utmc=148540003
do you want to test this url? [Y/n/q]
 > Y
[snip]
---------------------------------------------------------

Could you please fix this?

Regards

Karel Marhoul

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users-5NWGOfrQmnc@public.gmane.orgurceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users



--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
Miroslav Stampar | 9 Oct 10:49 2012
Picon

Re: SQLmap -l option bug

Hi again.


It's a preamble, but the request itself is down below. We process requests, not preambles. As we need to support generic LOG files, we are "hunting" for requests itself.

If somebody could confirm that Burp really strips any HTTPS "tips" from the requests and just puts those in preambles (like in your case), I'll gladly do the "patching".

Kind regards,
Miroslav Stampar

On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul <rezorcinol <at> seznam.cz> wrote:
Hello Miroslav, there is a mention of port 443 in the request "preamble", see:

>     ======================================================
>     12:40:22 https://www.xxx.cz:443  [81.91.80.92]
>     ======================================================

That specific request came from HTTPS page and landed toward HTTP, I'm sure of that.

I suggest sqlmap log parser should first look at the port in the request preamble and then send the request to this port - is that possible to implement?

Regards

Karel

On 9.10.2012 10:30, Miroslav Stampar wrote:
Hi Karel.

Strictly speaking there is no bug here. If you take a look carefully
into the HTTP request inside you'll see that there is no mention of
either HTTPS nor 443 inside the request itself. It seems like the
request came from the https page (referer header), but landed toward the
HTTP land.

I would suggest you to just try to append the :443 to the Host header
value (Host: www.xxx.cz <http://www.xxx.cz> -> Host: www.xxx.cz:443
<http://www.xxx.cz:443>)

Kind regards,
Miroslav Stampar

On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul <rezorcinol-9Vj9tDbzfuSlVyrhU4qvOw@public.gmane.org
<mailto:rezorcinol-9Vj9tDbzfuSlVyrhU4qvOw@public.gmane.org>> wrote:

    Hello, I came across a bug while using sqlmap with -l parameter. I have
    burp log file with following content (only one request to https port):

    ======================================================
    12:40:22 https://www.xxx.cz:443  [81.91.80.92]
    ======================================================
    GET
    /index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
    HTTP/1.1
    Host: www.xxx.cz <http://www.xxx.cz>
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101
    Firefox/15.0.1
    Accept: image/png,image/*;q=0.8,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: keep-alive
    Referer: https://www.xxx.cz/
    Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20;
    __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
    theme_cookie=life;
    e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0;
    __utmc=148540003
    Cache-Control: max-age=0

    ======================================================

    Then I start sqlmap this way:

    ./sqlmap.py -l /root/burp.log --batch --threads=10
    --scope=www.xxx.cz <http://www.xxx.cz>

    And sqlmap instead of sending request to https (443) port it will use
    http (80) port instead:

    ---------------------------------------------------------
    [13:21:55] [INFO] using regular expression 'www.xxx.cz
    <http://www.xxx.cz>' for filtering
    targets
    [13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets
    list
    [13:21:55] [INFO] url 1:
    GET
    http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
    Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20;
    __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
    theme_cookie=life;
    e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0;
    __utmc=148540003
    do you want to test this url? [Y/n/q]
      > Y
    [snip]
    ---------------------------------------------------------

    Could you please fix this?

    Regards

    Karel Marhoul

    ------------------------------------------------------------------------------
    Don't let slow site performance ruin your business. Deploy New Relic APM
    Deploy New Relic app performance management and know exactly
    what is happening inside your Ruby, Python, PHP, Java, and .NET app
    Try New Relic at no cost today and get our sweet Data Nerd shirt too!
    http://p.sf.net/sfu/newrelic-dev2dev
    _______________________________________________
    sqlmap-users mailing list
    sqlmap-users <at> lists.sourceforge.net
    <mailto:sqlmap-users <at> lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/sqlmap-users




--
Miroslav Stampar
http://about.me/stamparm




--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@...
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Gmane