Hi Abuse.
Thank you for your report and find it fixed with the latest commit (r4691).
Kind regards,
Miroslav Stampar
On Sun, Jan 29, 2012 at 11:16 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi.
>
> Will check it later today and fix it (as it seems like it needs to be
> fixed).
>
> Kind regards
> On Jan 28, 2012 8:32 PM, "Abuse 007" <abuse...@gmail.com> wrote:
>
>> Hello,
>>
>> When using sqlmap with the forms option, it does not send the cookies
>> or headers specified on the command line. I'd like sqlmap to connect
>> to the specified URL using the cookie(s) I specify and then process
>> the forms on the response. Is there some way to do this, or does it
>> require grabbing the response manually, or code changes to sqlmap?
>>
>> Here is my sqlmap version:
>>
>> URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
>> Repository Root: https://svn.sqlmap.org/sqlmap
>> Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
>> Revision: 4687
>> Node Kind: directory
>> Schedule: normal
>> Last Changed Author: stamparm
>> Last Changed Rev: 4687
>> Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012)
>>
>> Here is the request with --forms:
>>
>> # sqlmap.py -u "http://<removed>/<removed>.php"
>> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms
>>
>> sqlmap/1.0-dev - automatic SQL injection and database takeover tool
>> <snip>
>> [09:30:50] [DEBUG] cleaning up configuration parameters
>> [09:30:50] [DEBUG] setting the HTTP timeout
>> [09:30:50] [DEBUG] setting the HTTP Cookie header
>> [09:30:50] [DEBUG] setting the HTTP method to GET
>> [09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
>> [09:30:50] [DEBUG] creating HTTP requests opener object
>> [09:30:50] [INFO] testing connection to the target url
>> [09:30:50] [TRAFFIC OUT] HTTP request [#1]:
>> GET /vote.php HTTP/1.1
>> Accept-Encoding: identity
>> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>> Host: s14513-20grcmuy.roma.coliseumlab.net
>> Accept-language: en-us,en;q=0.5
>> Pragma: no-cache
>> Cache-control: no-cache,no-store
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Connection: close
>>
>>
>> Here is the request without --forms:
>>
>> # sqlmap.py -u "http://<removed>/<removed>.php"
>> --cookie="PHPSESSID=<removed>; username=<removed>" -v 6
>>
>> sqlmap/1.0-dev - automatic SQL injection and database takeover tool
>> <snip>
>> [09:31:20] [DEBUG] cleaning up configuration parameters
>> [09:31:20] [DEBUG] setting the HTTP timeout
>> [09:31:20] [DEBUG] setting the HTTP Cookie header
>> [09:31:20] [DEBUG] setting the HTTP method to GET
>> [09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
>> [09:31:20] [DEBUG] creating HTTP requests opener object
>> [09:31:20] [ERROR] [*] EH: start()
>> [09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms...
>> [09:31:20] [INFO] using
>> '/root/checkout/sqlmap-gitsvn/output/
>> s14513-20grcmuy.roma.coliseumlab.net/session'
>> as session file
>> [09:31:20] [INFO] testing connection to the target url
>> [09:31:20] [TRAFFIC OUT] HTTP request [#1]:
>> GET /vote.php HTTP/1.1
>> Accept-Encoding: identity
>> Accept-language: en-us,en;q=0.5
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> User-agent: sqlmap/1.0-dev (http://www.sqlmap.org)
>> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>> Host: s14513-20grcmuy.roma.coliseumlab.net
>> Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx
>> Pragma: no-cache
>> Cache-control: no-cache,no-store
>> Connection: close
>>
>> Thanks,
>> Abu
>>
>>
>> ------------------------------------------------------------------------------
>> Try before you buy = See our experts in action!
>> The most comprehensive online learning library for Microsoft developers
>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>> Metro Style Apps, more. Free future releases when you subscribe now!
>> http://p.sf.net/sfu/learndevnow-dev2
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
