search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.42k stars 5.71k forks source link

Sitemap file not being read properly #2697

Closed Ekultek closed 7 years ago

Ekultek commented 7 years ago

Is there a certain format the sitemap.xml file has to be in?

stamparm commented 7 years ago

Just tried and everything looks good. Nothing special with format. Only thing is that locations have to be inside <loc>....</loc> tags (You can find a reference at: https://www.sitemaps.org/protocol.html).

Please in future give more details. You already know that these kind of "this doesn't work" issues tend to be closed instantly.

Ekultek commented 7 years ago

Oh, yeah I was just curious about the format, I'll show you the error here in a few minutes got some stuff to do atm, I can tell you right now that the urls are enclosed inside of loc but the loc is closed inside of a site_url variation tag, (automatically generated). Do you think this could have anything to do with it?

So for example:

<site_urls>
  <loc>...</loc>
</site_urls>
stamparm commented 7 years ago

This should be ok. URL is extracted from inner-text of a <loc> tag

Ekultek commented 7 years ago

Well I'm not getting an error anymore (must have directed to the wrong area). However it is telling me that there is no usable links:

baal@baal-Aspire-5733Z:~/bin/python/sqlmap$ python sqlmap.py -x http://<READACTED>.net/sitemap.xml
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.1.9.10#dev}
|_ -| . [,]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 18:24:18

[18:24:18] [INFO] parsing sitemap 'http://<REDACTED>.net/sitemap.xml'
[18:24:18] [WARNING] no usable links found (with GET parameters)

[*] shutting down at 18:24:18

baal@baal-Aspire-5733Z:~/bin/python/sqlmap$

However in the sitemap:

<!--Created using XmlSitemapGenerator.org - Free HTML, RSS and XML sitemap generator
-->
<urlset>
  <url>
    <loc>http://<REDACTED>.net/</loc>
  </url>
  <url>
    <loc>http://<REDACTED>.net/newpoints.php</loc>
  </url>
  <url>
    <loc>http://<REDACTED>.net/search.php</loc>
  </url>
  <url>
    <loc>http://<REDACTED>.net/awards.php</loc>
  </url>
  <url>
    <loc>http://<REDACTED>.net/misc.php?action=help</loc>
  </url>
  ...
</urlset>
stamparm commented 7 years ago

Pushed that same sitemap content to sqlmap and there were no problems at all

Ekultek commented 7 years ago

Okay, thanks for the help