Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run Exploit Failes #44

Closed
mcpacosy opened this issue Mar 2, 2013 · 5 comments
Closed

Run Exploit Failes #44

mcpacosy opened this issue Mar 2, 2013 · 5 comments

Comments

@mcpacosy
Copy link

mcpacosy commented Mar 2, 2013

Hi!

I'm trying to run your tool BBQSQL. First I tried to install it using the current version from github and after that I installed it with "pip install bbqsql". The program starts, I enter the URL and finally select "5) Run Exploit" and I get an error. The error for both the github and the pip version is almost identical and looks like this:

Traceback (most recent call last):
  File "/usr/local/bin/bbqsql", line 16, in <module>
    bbqMenu()
  File "/usr/local/lib/python2.6/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in __init__
    bbq = bbqsql.BlindSQLi(**attack_config)
  File "/usr/local/lib/python2.6/dist-packages/bbqsql/lib/api.py", line 128, in __init__
    self.requester = requester_type(comparison_attr=comparison_attr, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/bbqsql/lib/requester.py", line 122, in __init__
    self.session = requests.session(*args,**kwargs)
TypeError: session() takes no arguments (2 given)​

I'm using BackTrack 5 RC2 (32 bit) and the following packages are installed:

root@bt:~# pip install bbqsql
Requirement already satisfied: bbqsql in /usr/local/lib/python2.6/dist-packages
Requirement already satisfied: gevent in /usr/local/lib/python2.6/dist-packages/gevent-0.13.8-py2.6-linux-i686.egg (from bbqsql)
Requirement already satisfied: requests in /usr/local/lib/python2.6/dist-packages/requests-1.1.0-py2.6.egg (from bbqsql)
Requirement already satisfied: argparse in /usr/local/lib/python2.6/dist-packages/argparse-1.2.1-py2.6.egg (from bbqsql)
Requirement already satisfied: greenlet in /usr/local/lib/python2.6/dist-packages/greenlet-0.4.0-py2.6-linux-i686.egg (from gevent->bbqsql)
Installing collected packages: argparse, bbqsql, gevent, greenlet, requests
Successfully installed bbqsql

Thank you and kind regards,
Martin
@sbehrens
Copy link
Contributor

sbehrens commented Mar 3, 2013

You have to specify the method of the request. Either GET or POST. If you did specify the method can you export your config and send it to me?

Scott

Sent from my iPhone

On Mar 2, 2013, at 2:41 PM, "mcpacosy" notifications@github.com wrote:

Hi!

I'm trying to run your tool BBQSQL. First I tried to install it using the current version from github and after that I installed it with "pip install bbqsql". The program starts, I enter the URL and finally select "5) Run Exploit" and I get an error. The error for both the github and the pip version is almost identical and looks like this:

Traceback (most recent call last):
File "/usr/local/bin/bbqsql", line 16, in
bbqMenu()
File "/usr/local/lib/python2.6/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in init
bbq = bbqsql.BlindSQLi(**attack_config)
File "/usr/local/lib/python2.6/dist-packages/bbqsql/lib/api.py", line 128, in init
self.requester = requester_type(comparison_attr=comparison_attr, *_kwargs)
File "/usr/local/lib/python2.6/dist-packages/bbqsql/lib/requester.py", line 122, in init
self.session = requests.session(_args,**kwargs)
TypeError: session() takes no arguments (2 given)​
I'm using BackTrack 5 RC2 (32 bit) and the following packages are installed:

root@bt:~# pip install bbqsql
Requirement already satisfied: bbqsql in /usr/local/lib/python2.6/dist-packages
Requirement already satisfied: gevent in /usr/local/lib/python2.6/dist-packages/gevent-0.13.8-py2.6-linux-i686.egg (from bbqsql)
Requirement already satisfied: requests in /usr/local/lib/python2.6/dist-packages/requests-1.1.0-py2.6.egg (from bbqsql)
Requirement already satisfied: argparse in /usr/local/lib/python2.6/dist-packages/argparse-1.2.1-py2.6.egg (from bbqsql)
Requirement already satisfied: greenlet in /usr/local/lib/python2.6/dist-packages/greenlet-0.4.0-py2.6-linux-i686.egg (from gevent->bbqsql)
Installing collected packages: argparse, bbqsql, gevent, greenlet, requests
Successfully installed bbqsql
Thank you and kind regards,
Martin


Reply to this email directly or view it on GitHub.

@mcpacosy
Copy link
Author

mcpacosy commented Mar 4, 2013

Hi Scott,

I specified the request method to GET (sorry, I forgot to mention it in my first post). Here is the content of my config:

root@bt:~# cat attack.cfg 
[HTTP Config]
query = ' and ASCII(SUBSTR((SELECT data FROM data ORDER BY id LIMIT 1 OFFSET ${row_index:1}),${char_index:1},1))${comparator:>}${char_val:0} #
technique = binary_search
comparison_attr = size
concurrency = 30

[Request Config]
url = http://foo.bar.org/index.php?page=baz${injection}
method = get

Maybe I missed something else?

Thanks!

Martin

@btoews
Copy link
Contributor

btoews commented Mar 4, 2013

Can you check your version of the requests library? They had a major version release since we last worked on BBQSQL and I might need to update the setup file to specify the old version.

@mcpacosy
Copy link
Author

mcpacosy commented Mar 4, 2013

I downgraded requests to 0.14.2 and now it works. Thanks!

@sbehrens
Copy link
Contributor

sbehrens commented Apr 1, 2013

closed since downgrade works.

@sbehrens sbehrens closed this as completed Apr 1, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sbehrens @btoews @mcpacosy