sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard
verified publisher icon sqlmapproject

--sql-file Inquiry

Open AmericanY opened this issue 4 years ago • 4 comments

Hello,

I'm trying to use the following argument --sql-file

    --sql-file=SQLFILE  Execute SQL statements from given file(s)

According to the documentation it's will run sql statement(s) from file.

  1. i noticed that the file should be saved with EXT .sql in order to detect it.
  2. the file should inserted with it's PATH --sql-file="PATH/sqlfile.sql" otherwise sqlmap will look for it into /sqlmap/data/procs/mysql/sqlfile.sql.
  3. Now my issue is: i already specified the PATH to the file but sqlmap unable to run the statement !
[19:53:01] [INFO] executing SQL statements from given file(s)
[19:53:01] [ERROR] unresolved variables 'm, m' in SQL file '/path_to_file/sqlfile'

is the sql statement need to be formatted ? as i inserted it as single line such as SELECT A, B FROM DB.TABLE

Thanks in advance as well.

AmericanY avatar Jun 11 '21 17:06 AmericanY

I walked through the code https://github.com/sqlmapproject/sqlmap/blob/a23faaeb8c9d37502eee28db2e7fd7ced3bc45e6/lib/core/common.py#L2399 but i didn't get how the scenario done here! can someone show me an example of that ?

cc @stamparm

AmericanY avatar Jun 11 '21 18:06 AmericanY

also i do have another question, is there a way where i can save my dump to a file directly ?

Note: am not about --output=

Example, if i used sql-query= or sql-shell and used sql statement, i would like to save the output only. currently am viewing the output from sqlmap output log

AmericanY avatar Jun 11 '21 21:06 AmericanY

#4833

kevin659591 avatar Apr 20 '22 19:04 kevin659591

@AmericanY #5238

sharifulgeo avatar Dec 03 '22 11:12 sharifulgeo