The shell script /usr/bin/sqlmap is not passing the command line parameters to the python script. The fix is simple. In /usr/bin/sqlmap, the line: ./sqlmap.py "" should instead be: ./sqlmap.py "$@" Extra information: $ rpm -qf /usr/bin/sqlmap sqlmap-0.9-9.mga4 $ cat /usr/bin/sqlmap #!/bin/sh cd /usr/share/sqlmap ./sqlmap.py ""
Assignee: bugsquad => guillomovitch
Indeed. I just submitted sqlmap-0.9-9.1.mga4 in updates_testing, that should fix the issue.
How to test: 'sqlmap' and 'sqlmap -h' result in the same output, because '-h' option is not passed. Suggested advisory: =================== A bug in the wrapper script provided in sqlmap package prevented it to work properly, sqlmap-0.9-9.1.mga4 release fixes the issue.
Assignee: guillomovitch => qa-bugs
Tested mga4_32, Testing complete for sqlmap-0.9-9.1.mga4, seems work here, I confirm the fix of bug : Before: [david@localhost ~]$ cat /usr/bin/sqlmap #!/bin/sh cd /usr/share/sqlmap ./sqlmap.py "" [david@localhost ~]$ sqlmap -h sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net Usage: python ./sqlmap.py [options] sqlmap.py: error: missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), -h for help -------------------------------------------------------------------------------- After: [david@localhost ~]$ cat /usr/bin/sqlmap #!/bin/sh cd /usr/share/sqlmap ./sqlmap.py "$@" [david@localhost ~]$ sqlmap -h sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net Usage: python ./sqlmap.py [options] Options: --version show program's version number and exit -h, --help show this help message and exit -v VERBOSE Verbosity level: 0-6 (default 1) Target: At least one of these options has to be specified to set the source to get target urls from. ....................... ....................... Miscellaneous: --beep Alert when sql injection found --check-payload IDS detection testing of injection payloads --cleanup Clean up the DBMS by sqlmap specific UDF and tables --forms Parse and test forms on target url --gpage=GOOGLEPAGE Use Google dork results from specified page number --page-rank Display page rank (PR) for Google dork results --parse-errors Parse DBMS error messages from response pages --replicate Replicate dumped data into a sqlite3 database --tor Use default Tor (Vidalia/Privoxy/Polipo) proxy address --wizard Simple wizard interface for beginner users
CC: (none) => geiger.david68210Whiteboard: (none) => mga4-32-ok
Tested mga4_64, Testing complete for sqlmap-0.9-9.1.mga4, seems work here, I confirm the fix of bug : Before: [david@localhost ~]$ cat /usr/bin/sqlmap #!/bin/sh cd /usr/share/sqlmap ./sqlmap.py "" [david@localhost ~]$ sqlmap -h sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net Usage: python ./sqlmap.py [options] sqlmap.py: error: missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c', '--wizard' or '--update'), -h for help -------------------------------------------------------------------------------- After: [david@localhost ~]$ cat /usr/bin/sqlmap #!/bin/sh cd /usr/share/sqlmap ./sqlmap.py "$@" [david@localhost ~]$ sqlmap -h sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net Usage: python ./sqlmap.py [options] Options: --version show program's version number and exit -h, --help show this help message and exit -v VERBOSE Verbosity level: 0-6 (default 1) Target: At least one of these options has to be specified to set the source to get target urls from. ......................... ......................... Miscellaneous: --beep Alert when sql injection found --check-payload IDS detection testing of injection payloads --cleanup Clean up the DBMS by sqlmap specific UDF and tables --forms Parse and test forms on target url --gpage=GOOGLEPAGE Use Google dork results from specified page number --page-rank Display page rank (PR) for Google dork results --parse-errors Parse DBMS error messages from response pages --replicate Replicate dumped data into a sqlite3 database --tor Use default Tor (Vidalia/Privoxy/Polipo) proxy address --wizard Simple wizard interface for beginner users
Whiteboard: mga4-32-ok => mga4-32-ok mga4-64-ok
Advisory committed to svn. Validating the update. Someone from the sysadmin team please push 12670.adv to updates.
Whiteboard: mga4-32-ok mga4-64-ok => mga4-32-ok mga4-64-ok advisoryKeywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGAA-2014-0089.html
CC: (none) => tmbStatus: NEW => RESOLVEDResolution: (none) => FIXED