Re: [sqlmap-users] sqlmap --forms does not use --cookie or --headers
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap --forms does not use --cookie or --headers
|
From: Miroslav S. <mir...@gm...> - 2012-01-30 09:03:49
|
Hi Abuse. Thank you for your report and find it fixed with the latest commit (r4691). Kind regards, Miroslav Stampar On Sun, Jan 29, 2012 at 11:16 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > Will check it later today and fix it (as it seems like it needs to be > fixed). > > Kind regards > On Jan 28, 2012 8:32 PM, "Abuse 007" <abu...@gm...> wrote: > >> Hello, >> >> When using sqlmap with the forms option, it does not send the cookies >> or headers specified on the command line. I'd like sqlmap to connect >> to the specified URL using the cookie(s) I specify and then process >> the forms on the response. Is there some way to do this, or does it >> require grabbing the response manually, or code changes to sqlmap? >> >> Here is my sqlmap version: >> >> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap >> Repository Root: https://svn.sqlmap.org/sqlmap >> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb >> Revision: 4687 >> Node Kind: directory >> Schedule: normal >> Last Changed Author: stamparm >> Last Changed Rev: 4687 >> Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012) >> >> Here is the request with --forms: >> >> # sqlmap.py -u "http://<removed>/<removed>.php" >> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms >> >> sqlmap/1.0-dev - automatic SQL injection and database takeover tool >> <snip> >> [09:30:50] [DEBUG] cleaning up configuration parameters >> [09:30:50] [DEBUG] setting the HTTP timeout >> [09:30:50] [DEBUG] setting the HTTP Cookie header >> [09:30:50] [DEBUG] setting the HTTP method to GET >> [09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests >> [09:30:50] [DEBUG] creating HTTP requests opener object >> [09:30:50] [INFO] testing connection to the target url >> [09:30:50] [TRAFFIC OUT] HTTP request [#1]: >> GET /vote.php HTTP/1.1 >> Accept-Encoding: identity >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> Host: s14513-20grcmuy.roma.coliseumlab.net >> Accept-language: en-us,en;q=0.5 >> Pragma: no-cache >> Cache-control: no-cache,no-store >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> Connection: close >> >> >> Here is the request without --forms: >> >> # sqlmap.py -u "http://<removed>/<removed>.php" >> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 >> >> sqlmap/1.0-dev - automatic SQL injection and database takeover tool >> <snip> >> [09:31:20] [DEBUG] cleaning up configuration parameters >> [09:31:20] [DEBUG] setting the HTTP timeout >> [09:31:20] [DEBUG] setting the HTTP Cookie header >> [09:31:20] [DEBUG] setting the HTTP method to GET >> [09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests >> [09:31:20] [DEBUG] creating HTTP requests opener object >> [09:31:20] [ERROR] [*] EH: start() >> [09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms... >> [09:31:20] [INFO] using >> '/root/checkout/sqlmap-gitsvn/output/ >> s14513-20grcmuy.roma.coliseumlab.net/session' >> as session file >> [09:31:20] [INFO] testing connection to the target url >> [09:31:20] [TRAFFIC OUT] HTTP request [#1]: >> GET /vote.php HTTP/1.1 >> Accept-Encoding: identity >> Accept-language: en-us,en;q=0.5 >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> User-agent: sqlmap/1.0-dev (http://www.sqlmap.org) >> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 >> Host: s14513-20grcmuy.roma.coliseumlab.net >> Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx >> Pragma: no-cache >> Cache-control: no-cache,no-store >> Connection: close >> >> Thanks, >> Abu >> >> >> ------------------------------------------------------------------------------ >> Try before you buy = See our experts in action! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-dev2 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > -- Miroslav Stampar http://about.me/stamparm |
