Hello, I came across a bug while using sqlmap with -l parameter. I have 
burp log file with following content (only one request to https port):

======================================================
12:40:22  https://www.xxx.cz:443  [81.91.80.92]
======================================================
GET 
/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
 
HTTP/1.1
Host: www.xxx.cz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 
Firefox/15.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://www.xxx.cz/
Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; 
__utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 
theme_cookie=life; 
e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; 
__utmc=148540003
Cache-Control: max-age=0

======================================================

Then I start sqlmap this way:

./sqlmap.py -l /root/burp.log --batch --threads=10 --scope=www.xxx.cz

And sqlmap instead of sending request to https (443) port it will use 
http (80) port instead:

---------------------------------------------------------
[13:21:55] [INFO] using regular expression 'www.xxx.cz' for filtering 
targets
[13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets list
[13:21:55] [INFO] url 1:
GET 
http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; 
__utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 
theme_cookie=life; 
e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; 
__utmc=148540003
do you want to test this url? [Y/n/q]
 > Y
[snip]
---------------------------------------------------------

Could you please fix this?

Regards

Karel Marhoul

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to