Thread: [sqlmap-users] error while running sqlmap with request file

Brought to you by: inquisb

sqlmap-users

[sqlmap-users] error while running sqlmap with request file

From: Sabin R. <thi...@gm...> - 2014-04-07 08:34:55

POST /adyen/payment HTTP/1.1
Host: qa.xx.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://qa.xx.xxx.com/site
Content-Length: 287
Cookie: YII_CSRF_TOKEN=40f85a2013fae241b220b696edaaadc1955bb519; PHPSESSID=36m2jph1mdnd49rg7btp7q7uc4; buyer_info=2006
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

YII_CSRF_TOKEN=§40f85a2013fae241b220b696edaaadc1955bb519§&cardNumber=§%22%3E%3Cscript%3Ealert(%22street+number%22)%3B%3C%2Fsctript%3E%3C%22§&exp_year=§2016§&exp_month=§06§&cvc=§737§&cardHolder=§%22%3E%3Cscript%3Ealert(%22name%22)%3B%3C%2Fsctript%3E%3C%22§&email=§dhan%40ogy.com§&amount=§80§

Re: [sqlmap-users] error while running sqlmap with request file

From: Brandon P. <bpe...@gm...> - 2014-04-07 13:48:20

Specify an absolute path to the request file.


On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit <thi...@gm...> wrote:

> hello all,
> im getting this error while running the sqlmap with following request
> file. the error displays "parsing HTTP request from
> 'payment_form_submit.txt'
> [04:22:54] [CRITICAL] the specified HTTP request file does not exist. "
>
> I have used following syntax to run it
> #sqlmap -r 'payment_form_submit.txt' --dbms="MySQL" --level=3 --risk=4 -p
> cardNumber
>
> i have attached the request file here with changed hostname. Thank you.
>
> regards,
> sabin
>
>
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees_APR
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] error while running sqlmap with request file

From: Miroslav S. <mir...@gm...> - 2014-04-07 17:43:27

Hi.

This seems to be a known issue in Kali's (and similar) pre-installed sqlmap
package.

If this work around from Brandon doesn't work out for you please copy the
request.txt to the /tmp directory and checkout/run the latest revision like
described here:

1) cd /tmp
2) git clone https://github.com/sqlmapproject/sqlmap.git
3) cd sqlmap
4) python sqlmap.py -r request.txt

Kind regards,
Miroslav Stampar


On Mon, Apr 7, 2014 at 3:48 PM, Brandon Perry <bpe...@gm...>wrote:

> Specify an absolute path to the request file.
>
>
> On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit <thi...@gm...>wrote:
>
>> hello all,
>> im getting this error while running the sqlmap with following request
>> file. the error displays "parsing HTTP request from
>> 'payment_form_submit.txt'
>> [04:22:54] [CRITICAL] the specified HTTP request file does not exist. "
>>
>> I have used following syntax to run it
>> #sqlmap -r 'payment_form_submit.txt' --dbms="MySQL" --level=3 --risk=4 -p
>> cardNumber
>>
>> i have attached the request file here with changed hostname. Thank you.
>>
>> regards,
>> sabin
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Put Bad Developers to Shame
>> Dominate Development with Jenkins Continuous Integration
>> Continuously Automate Build, Test & Deployment
>> Start a new project now. Try Jenkins in the cloud.
>> http://p.sf.net/sfu/13600_Cloudbees_APR
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees_APR
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] error while running sqlmap with request file

From: Sabin R. <thi...@gm...> - 2014-04-08 15:12:09

hi Miroslav,
the work around from Brandon did work. I faced this in the latest kali 1.06
and also in the case of window 8.

thanks for your reply. :)

regards,
sabin


On Mon, Apr 7, 2014 at 11:28 PM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi.
>
> This seems to be a known issue in Kali's (and similar) pre-installed
> sqlmap package.
>
> If this work around from Brandon doesn't work out for you please copy the
> request.txt to the /tmp directory and checkout/run the latest revision like
> described here:
>
> 1) cd /tmp
> 2) git clone https://github.com/sqlmapproject/sqlmap.git
> 3) cd sqlmap
> 4) python sqlmap.py -r request.txt
>
> Kind regards,
> Miroslav Stampar
>
>
> On Mon, Apr 7, 2014 at 3:48 PM, Brandon Perry <bpe...@gm...>wrote:
>
>> Specify an absolute path to the request file.
>>
>>
>> On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit <thi...@gm...>wrote:
>>
>>> hello all,
>>> im getting this error while running the sqlmap with following request
>>> file. the error displays "parsing HTTP request from
>>> 'payment_form_submit.txt'
>>> [04:22:54] [CRITICAL] the specified HTTP request file does not exist. "
>>>
>>> I have used following syntax to run it
>>> #sqlmap -r 'payment_form_submit.txt' --dbms="MySQL" --level=3 --risk=4
>>> -p cardNumber
>>>
>>> i have attached the request file here with changed hostname. Thank you.
>>>
>>> regards,
>>> sabin
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Put Bad Developers to Shame
>>> Dominate Development with Jenkins Continuous Integration
>>> Continuously Automate Build, Test & Deployment
>>> Start a new project now. Try Jenkins in the cloud.
>>> http://p.sf.net/sfu/13600_Cloudbees_APR
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> Put Bad Developers to Shame
>> Dominate Development with Jenkins Continuous Integration
>> Continuously Automate Build, Test & Deployment
>> Start a new project now. Try Jenkins in the cloud.
>> http://p.sf.net/sfu/13600_Cloudbees_APR
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>