[sqlmap-users] SQLmap -l option bug
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] SQLmap -l option bug
|
From: Karel M. <rez...@se...> - 2012-10-07 11:37:30
|
Hello, I came across a bug while using sqlmap with -l parameter. I have burp log file with following content (only one request to https port): ====================================================== 12:40:22 https://www.xxx.cz:443 [81.91.80.92] ====================================================== GET /index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 HTTP/1.1 Host: www.xxx.cz User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: https://www.xxx.cz/ Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); theme_cookie=life; e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; __utmc=148540003 Cache-Control: max-age=0 ====================================================== Then I start sqlmap this way: ./sqlmap.py -l /root/burp.log --batch --threads=10 --scope=www.xxx.cz And sqlmap instead of sending request to https (443) port it will use http (80) port instead: --------------------------------------------------------- [13:21:55] [INFO] using regular expression 'www.xxx.cz' for filtering targets [13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets list [13:21:55] [INFO] url 1: GET http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); theme_cookie=life; e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; __utmc=148540003 do you want to test this url? [Y/n/q] > Y [snip] --------------------------------------------------------- Could you please fix this? Regards Karel Marhoul |
