Hi.
Will check it later today and fix it (as it seems like it needs to be
fixed).
Kind regards
On Jan 28, 2012 8:32 PM, "Abuse 007" <abuse...@gmail.com> wrote:
> Hello,
>
> When using sqlmap with the forms option, it does not send the cookies
> or headers specified on the command line. I'd like sqlmap to connect
> to the specified URL using the cookie(s) I specify and then process
> the forms on the response. Is there some way to do this, or does it
> require grabbing the response manually, or code changes to sqlmap?
>
> Here is my sqlmap version:
>
> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
> Repository Root: https://svn.sqlmap.org/sqlmap
> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
> Revision: 4687
> Node Kind: directory
> Schedule: normal
> Last Changed Author: stamparm
> Last Changed Rev: 4687
> Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012)
>
> Here is the request with --forms:
>
> # sqlmap.py -u "http://<removed>/<removed>.php"
> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms
>
> sqlmap/1.0-dev - automatic SQL injection and database takeover tool
> <snip>
> [09:30:50] [DEBUG] cleaning up configuration parameters
> [09:30:50] [DEBUG] setting the HTTP timeout
> [09:30:50] [DEBUG] setting the HTTP Cookie header
> [09:30:50] [DEBUG] setting the HTTP method to GET
> [09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
> [09:30:50] [DEBUG] creating HTTP requests opener object
> [09:30:50] [INFO] testing connection to the target url
> [09:30:50] [TRAFFIC OUT] HTTP request [#1]:
> GET /vote.php HTTP/1.1
> Accept-Encoding: identity
> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
> Host: s14513-20grcmuy.roma.coliseumlab.net
> Accept-language: en-us,en;q=0.5
> Pragma: no-cache
> Cache-control: no-cache,no-store
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Connection: close
>
>
> Here is the request without --forms:
>
> # sqlmap.py -u "http://<removed>/<removed>.php"
> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6
>
> sqlmap/1.0-dev - automatic SQL injection and database takeover tool
> <snip>
> [09:31:20] [DEBUG] cleaning up configuration parameters
> [09:31:20] [DEBUG] setting the HTTP timeout
> [09:31:20] [DEBUG] setting the HTTP Cookie header
> [09:31:20] [DEBUG] setting the HTTP method to GET
> [09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
> [09:31:20] [DEBUG] creating HTTP requests opener object
> [09:31:20] [ERROR] [*] EH: start()
> [09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms...
> [09:31:20] [INFO] using
> '/root/checkout/sqlmap-gitsvn/output/
> s14513-20grcmuy.roma.coliseumlab.net/session'
> as session file
> [09:31:20] [INFO] testing connection to the target url
> [09:31:20] [TRAFFIC OUT] HTTP request [#1]:
> GET /vote.php HTTP/1.1
> Accept-Encoding: identity
> Accept-language: en-us,en;q=0.5
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> User-agent: sqlmap/1.0-dev (http://www.sqlmap.org)
> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
> Host: s14513-20grcmuy.roma.coliseumlab.net
> Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx
> Pragma: no-cache
> Cache-control: no-cache,no-store
> Connection: close
>
> Thanks,
> Abu
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
