s0md3v / sqlmate Goto Github PK

when sqlmate try to bypass thats what i get

Traceback (most recent call last):
File "sqlmate", line 367, in
bypass()
File "sqlmate", line 271, in bypass
find(url, i_title, original)
File "sqlmate", line 226, in find
brute(username, passwd, menu, option, name, form_number, i_title, original) #Calls the bruteforce function
File "sqlmate", line 259, in brute
print '\n\033[1;32m[+]\033[0m ' + login
NameError: global name 'login' is not defined

word of truth "by far that's the best script until now i'm testing"

CVE-2018-18074 - High Severity Vulnerability

Vulnerable Library - requests-2.9.1-py2.py3-none-any.whl

Python HTTP for Humans.

Library home page: https://files.pythonhosted.org/packages/b8/f7/3bb4d18c234a8ce7044d5ee2e1082b7d72bf6c550afb8d51ae266dea56f1/requests-2.9.1-py2.py3-none-any.whl

Path to dependency file: /sqlmate/requirements.txt

Path to vulnerable library: teSource-ArchiveExtractor_58d5b1a3-882f-4d6a-a9cc-cfbeab782756/20190505155042_80940/20190505155030_depth_0/requests-2.9.1-py2.py3-none-any/requests

Dependency Hierarchy:

• ❌ requests-2.9.1-py2.py3-none-any.whl (Vulnerable Library)

Vulnerability Details

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Publish Date: 2018-10-09

URL: CVE-2018-18074

CVSS 3 Score Details (9.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-18074

Release Date: 2018-10-09

Fix Resolution: 2.20.0

Step up your Open Source Security Game with WhiteSource here

trying to install this program on osx -- i have both python version 2 and 3 and pip 2 & 3 installed but keep getting errors:

iMac% pip3 install requirements.txt
Collecting requirements.txt
Could not find a version that satisfies the requirement requirements.txt (from versions: )
No matching distribution found for requirements.txt
iMac% man pip
No manual entry for pip
iMac% pwd
/Users/kimberly/Documents/GitHub/sqlmate
iMac% ls
LICENSE paths.txt sqlmate
README.md requirements.txt venv
iMac% pip install requirements.txt
Collecting requirements.txt
Could not find a version that satisfies the requirement requirements.txt (from versions: )
No matching distribution found for requirements.txt
iMac%
not sure how to proceed. many thanks

[>] Finding targets for my mate, SQLmap

From cffi callback <function _verify_callback at 0x7f79deff8cf8>:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 309, in wrapper
_lib.X509_up_ref(x509)
AttributeError: 'module' object has no attribute 'X509_up_ref'
Traceback (most recent call last):
File "sqlmate", line 360, in
google(dork, number)
File "sqlmate", line 67, in google
r = requests.get(url)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 72, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 519, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
root@kali:~/Desktop/sqlmate#

Notes from doing an install on a fresh Ubuntu 16.04 VPS:

1. pip wasn't installed:

   • apt install python-pip

2. lxml wasn't installed:

   • pip install lxml

Traceback (most recent call last):
  File "sqlmate", line 367, in <module>
    bypass()
  File "sqlmate", line 266, in bypass
    soup =  BeautifulSoup(data, 'lxml') #Pareses the response with beuatiful soup
  File "/usr/local/lib/python2.7/dist-packages/bs4/__init__.py", line 156, in __init__
    % ",".join(features))
bs4.FeatureNotFound: Couldn't find a tree builder with the features you requested: lxml. Do you need to install a parser library?

3. no control matching 'username'
   • haven't worked in Python extensively or recently
   • seems that we passed "if username:" but then failed for missing control
     • perhaps something failed to load? could not reproduce in pdb

Traceback (most recent call last):
  File "sqlmate", line 367, in <module>
    bypass()
  File "sqlmate", line 271, in bypass
    find(url, i_title, original)
  File "sqlmate", line 226, in find
    brute(username, passwd, menu, option, name, form_number, i_title, original) #Calls the bruteforce function
  File "sqlmate", line 234, in brute
    br.form[username] = "'or' '='"
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_form.py", line 2780, in __setitem__
    control = self.find_control(name)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_form.py", line 3101, in find_control
    return self._find_control(name, type, kind, id, label, predicate, nr)
  File "/usr/local/lib/python2.7/dist-packages/mechanize/_form.py", line 3185, in _find_control
    raise ControlNotFoundError("no control matching "+description)
mechanize._form.ControlNotFoundError: no control matching name 'username'

After "Let me try to bypass logins" it just closes the tool

Hello, when executing the sqlmate python command, the following error appears:

root@kali:~/sqlmate# python sqlmate
Traceback (most recent call last):
File "sqlmate", line 4, in
from bs4 import BeautifulSoup
File "/usr/local/lib/python2.7/dist-packages/bs4/init.py", line 30, in
from .builder import builder_registry, ParserRejectedMarkup
File "/usr/local/lib/python2.7/dist-packages/bs4/builder/init.py", line 314, in
from . import _html5lib
File "/usr/local/lib/python2.7/dist-packages/bs4/builder/_html5lib.py", line 70, in
class TreeBuilderForHtml5lib(html5lib.treebuilders._base.TreeBuilder):
AttributeError: 'module' object has no attribute '_base'

I already did the pip install -r requirements.txt command, but still the problem continued, how to solve this problem?
Thank you very much in advance.

Seems like a really awesome tool. I'm having problems with it completing though. The script begins to pull links and find admin panels then just stops. I've ran it several times.

snip
.....
[-] http://www.hr.dmh.go.th/hr/stat/click_paths.asp?hit_id=475
[-] http://www.dmh.go.th/PoliticCrisis/stat/click_paths.asp?hit_id=6508
[-] http://www.dmh.go.th/PoliticCrisis/stat/click_paths.asp?hit_id=520
[-] http://www.dmh.go.th/PoliticCrisis/stat/click_paths.asp?hit_id=5986
[-] http://www.dmh.go.th/PoliticCrisis/stat/click_paths.asp?hit_id=4974
[-] http://www.dmh.go.th/PoliticCrisis/stat/click_paths.asp?hit_id=5011
[-] http://www.dmh.go.th/politiccrisis/stat/click_paths.asp?hit_id=2333

[>] You will also need their admin panels right? Wait a minute..

[>]Let me try to bypass logins. I want to show SQLmap that I am not a noob.

emily@kali:~/sqlmate$
....
snip

Thanks

hey, can you also add tor/proxy support?

thanks