What is the expected output? What do you see instead?
What operating system are you using?
Please provide any additional information below:
Version Information
Python version: 2.7.3 (default, Mar 13 2014, 11:03:55) [GCC 4.7.2]
GTK version: 2.24.10
PyGTK version: 2.24.0
w3af version:
w3af - Web Application Attack and Audit Framework
Version: 1.5
Revision: 83fc91cb73 - 19 Mar 2014 02:22
Branch: feature/module
Local changes: No
Author: Andres Riancho and the w3af team.
Traceback
Traceback (most recent call last):
File "/usr/share/w3af/w3af/core/ui/gui/tabs/exploit/exploit_all.py", line 167, in _launch_exploit_all
exploit.exploit()
File "/usr/share/w3af/w3af/core/controllers/plugins/attack_plugin.py", line 197, in exploit
s = self._generate_shell(vuln)
File "/usr/share/w3af/w3af/plugins/attack/sqlmap.py", line 76, in _generate_shell
if self._verify_vuln(vuln_obj):
File "/usr/share/w3af/w3af/plugins/attack/sqlmap.py", line 105, in _verify_vuln
if sqlmap.is_vulnerable():
File "/usr/share/w3af/w3af/plugins/attack/db/sqlmap_wrapper.py", line 99, in is_vulnerable
raise NotImplementedError(fmt % (full_command, stdout))
NotImplementedError: Unexpected answer found in sqlmap output for command "python sqlmap.py --batch --disable-coloring --proxy=http://127.0.0.1:42965/ --batch --url=http://domain/wp-login.php?redirect_to=http://domain/wp-admin/&reauth=1": "
sqlmap/1.0-dev-83fc91c - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:14:19
[?1049h[1;24r(B[m[4l[?7h[24;1H[?1049l
[?1l>
[10:14:19] [INFO] testing connection to the target URL
[10:14:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[10:14:19] [WARNING] if the problem persists please check that the provided target URL is valid. In case that it is, you can try to rerun with the switch '--random-agent' turned on and/or proxy switches ('--ignore-proxy', '--proxy',...)
[10:14:20] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[10:14:21] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[10:14:22] [CRITICAL] unable to connect to the target URL or proxy
[10:14:22] [CRITICAL] unable to connect to the target URL or proxy
[*] shutting down at 10:14:22
"
User description
What steps will reproduce the problem? 1. 2. 3.
What is the expected output? What do you see instead?
What operating system are you using?
Please provide any additional information below:
Version Information
Traceback
Enabled Plugins