Hi, thank you very much, it works. I have another question. Sqlmap can't work with relative paths when using -r or -c switch for loading requests or config files. Maybe this is true for other switches, but I can confirm it here. It just says that file was not found. It works only with absolute paths. Is this intentional? Thanks, Vojta
On 16.6.2015 12:01, Miroslav Stampar wrote: > Hi Vojtěch. > > Can you please update and try it now? > > Bye > > On Mon, Jun 15, 2015 at 11:59 AM, Vojtěch Polášek <krec...@gmail.com > <mailto:krec...@gmail.com>> wrote: > > Hi, > I am testing an application, which works in this way: > You send a request as a POST request and application returns 302 > Found. > Web browser uses location field to send a GET request for updated > site. > When I test this with Sqlmap, it asks me whether I want to follow 302 > redirect (I answer yes) and whether I want to resubmit the request > to eh > new page (I answer NO). > However, when I look at the generated thraffic file, I can see > something > like this: > HTTP request [#1]: > POST /target_url HTTP/1.1 > Accept-language: en-US,en;q=0.5 > Accept-encoding: gzip, deflate > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) > Gecko/20100101 Firefox/37.0 > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > Host: 192.168.56.102:8443 <http://192.168.56.102:8443> > Cookie: JSESSIONID=538470CD02AD9190BCC92DC434C6C9BD > Pragma: no-cache > Cache-control: no-cache,no-store > Referer: https://192.168.56.102:8443/target_url > Content-type: application/x-www-form-urlencoded > Content-length: 17 > Connection: close > > newState=DISABLED > > HTTP redirect [#1] (302 Found): > Content-length: 0 > Content-language: en-US > Server: Apache-Coyote/1.1 > Connection: close > Location: https://192.168.56.102:8443/target_url > Date: Fri, 12 Jun 2015 15:16:16 GMT > > > ############################################################################ > > HTTP request [#1]: > POST \/target_url HTTP/1.1 > Accept-language: en-US,en;q=0.5 > Accept-encoding: gzip, deflate > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) > Gecko/20100101 Firefox/37.0 > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > Host: 192.168.56.102:8443 <http://192.168.56.102:8443> > Cookie: JSESSIONID=538470CD02AD9190BCC92DC434C6C9BD > Pragma: no-cache > Cache-control: no-cache,no-store > Referer: https://192.168.56.102:8443/target_url > Content-type: application/x-www-form-urlencoded > Content-length: 17 > Connection: close > > newState=DISABLED > > HTTP response [#1] (200 OK): > Content-language: en-US > Transfer-encoding: chunked > Uri: https://192.168.56.102:8443/redirected_url > Server: Apache-Coyote/1.1 > Connection: close > Date: Fri, 12 Jun 2015 15:16:29 GMT > Content-type: text/html;charset=UTF-8 > > <!DOCTYPE html> > <html> > <head> > etc. > > I have redacted it a but the "target_url" is the same for all requests > and responses. > So I can see that Sqlmap still POSTs the query to the site pointed by > location header instead of just GETting it, although I explicitly > denied > that. > Could you please look into this? > Thanks, > Vojta > > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > <mailto:sqlmap-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
