Hi.
Sending you a sample run from my machine with the latest revision:
---
stamparm@Laptop:~/Dropbox/Work/sqlmap$ pwd
/home/stamparm/Dropbox/Work/sqlmap
stamparm@Laptop:~/Dropbox/Work/sqlmap$ ll /tmp/request.txt
-rw-r--r-- 1 stamparm stamparm 327 Jun 18 11:33 /tmp/request.txt
stamparm@Laptop:~/Dropbox/Work/sqlmap$ ll ../../../../../tmp/request.txt
-rw-r--r-- 1 stamparm stamparm 327 Jun 18 11:33
../../../../../tmp/request.txt
stamparm@Laptop:~/Dropbox/Work/sqlmap$ python sqlmap.py -r
../../../../../tmp/request.txt
_
___ ___| |_____ ___ ___ {1.0-dev-9e5ef09}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program
[*] starting at 11:35:13
[11:35:13] [INFO] parsing HTTP request from '../../../../../tmp/request.txt'
custom injection marking character ('*') found in option
'--headers/--user-agent/--referer/--cookie'. Do you want to process it?
[Y/n/q]
[11:35:18] [INFO] testing connection to the target URL
...
---
You might have a problem with your environment setup of sqlmap. Do you run
Kali? If you are running its command "sqlmap" it will predefine the current
directory to something else (not sure, as I don't have a installation here).
Kind regards,
Miroslav Stampar
On Thu, Jun 18, 2015 at 10:24 AM, Vojtěch Polášek <krec...@gmail.com> wrote:
> Hi,
> thank you very much, it works.
> I have another question. Sqlmap can't work with relative paths when using
> -r or -c switch for loading requests or config files. Maybe this is true
> for other switches, but I can confirm it here. It just says that file was
> not found. It works only with absolute paths.
> Is this intentional?
> Thanks,
> Vojta
>
> On 16.6.2015 12:01, Miroslav Stampar wrote:
>
> Hi Vojtěch.
>
> Can you please update and try it now?
>
> Bye
>
> On Mon, Jun 15, 2015 at 11:59 AM, Vojtěch Polášek <krec...@gmail.com>
> wrote:
>
>> Hi,
>> I am testing an application, which works in this way:
>> You send a request as a POST request and application returns 302 Found.
>> Web browser uses location field to send a GET request for updated site.
>> When I test this with Sqlmap, it asks me whether I want to follow 302
>> redirect (I answer yes) and whether I want to resubmit the request to eh
>> new page (I answer NO).
>> However, when I look at the generated thraffic file, I can see something
>> like this:
>> HTTP request [#1]:
>> POST /target_url HTTP/1.1
>> Accept-language: en-US,en;q=0.5
>> Accept-encoding: gzip, deflate
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0)
>> Gecko/20100101 Firefox/37.0
>> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>> Host: 192.168.56.102:8443
>> Cookie: JSESSIONID=538470CD02AD9190BCC92DC434C6C9BD
>> Pragma: no-cache
>> Cache-control: no-cache,no-store
>> Referer: https://192.168.56.102:8443/target_url
>> Content-type: application/x-www-form-urlencoded
>> Content-length: 17
>> Connection: close
>>
>> newState=DISABLED
>>
>> HTTP redirect [#1] (302 Found):
>> Content-length: 0
>> Content-language: en-US
>> Server: Apache-Coyote/1.1
>> Connection: close
>> Location: https://192.168.56.102:8443/target_url
>> Date: Fri, 12 Jun 2015 15:16:16 GMT
>>
>>
>> ############################################################################
>>
>> HTTP request [#1]:
>> POST \/target_url HTTP/1.1
>> Accept-language: en-US,en;q=0.5
>> Accept-encoding: gzip, deflate
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0)
>> Gecko/20100101 Firefox/37.0
>> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>> Host: 192.168.56.102:8443
>> Cookie: JSESSIONID=538470CD02AD9190BCC92DC434C6C9BD
>> Pragma: no-cache
>> Cache-control: no-cache,no-store
>> Referer: https://192.168.56.102:8443/target_url
>> Content-type: application/x-www-form-urlencoded
>> Content-length: 17
>> Connection: close
>>
>> newState=DISABLED
>>
>> HTTP response [#1] (200 OK):
>> Content-language: en-US
>> Transfer-encoding: chunked
>> Uri: https://192.168.56.102:8443/redirected_url
>> Server: Apache-Coyote/1.1
>> Connection: close
>> Date: Fri, 12 Jun 2015 15:16:29 GMT
>> Content-type: text/html;charset=UTF-8
>>
>> <!DOCTYPE html>
>> <html>
>> <head>
>> etc.
>>
>> I have redacted it a but the "target_url" is the same for all requests
>> and responses.
>> So I can see that Sqlmap still POSTs the query to the site pointed by
>> location header instead of just GETting it, although I explicitly denied
>> that.
>> Could you please look into this?
>> Thanks,
>> Vojta
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
