--sql-file Inquiry

[AmericanY]

Hello,

I'm trying to use the following argument --sql-file

    --sql-file=SQLFILE  Execute SQL statements from given file(s)

According to the documentation it's will run sql statement(s) from file.

1. i noticed that the file should be saved with EXT .sql in order to detect it.
2. the file should inserted with it's PATH --sql-file="PATH/sqlfile.sql" otherwise sqlmap will look for it into /sqlmap/data/procs/mysql/sqlfile.sql.
3. Now my issue is: i already specified the PATH to the file but sqlmap unable to run the statement !

[19:53:01] [INFO] executing SQL statements from given file(s)
[19:53:01] [ERROR] unresolved variables 'm, m' in SQL file '/path_to_file/sqlfile'

is the sql statement need to be formatted ? as i inserted it as single line such as SELECT A, B FROM DB.TABLE

Thanks in advance as well.

[AmericanY]

I walked through the code

sqlmap/lib/core/common.py

Line 2399 in a23faae

msg = "do you want to provide the substitution values? [y/N] "

but i didn't get how the scenario done here! can someone show me an example of that ?

cc @stamparm

[AmericanY]

also i do have another question, is there a way where i can save my dump to a file directly ?

Note: am not about --output=

Example, if i used sql-query= or sql-shell and used sql statement, i would like to save the output only. currently am viewing the output from sqlmap output log

[kevin659591]

#4833

[sharifulgeo]

@AmericanY #5238