Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

SQLMap fails to use http basic auth credentials correctly #4320

Copy link
Copy link
@mkauschi

Description

@mkauschi
Issue body actions

Describe the bug
When I am running SQLMap against a DVWA instance with basic auth enabled, SQLMap fails due to unauthorized requests. [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401)

I double checked the basic auth credentials and they are correct.

I tried to debug this issue by intercepting SQLMap`s requests and found that every request is sent twice, one with the basic auth credentials and one without. (see the screenshot)

To Reproduce

  1. Run 'sqlmap --auth-type="Basic" --auth-cred="htaccess:htaccess" --batch --time-sec=20 --output-dir=./output --level=2 --risk=3 --method=get --answer="keep=Y,skip=N,follow=N,select=q,detect=Y,extending=Y,sure=Y" --url="http://127.0.0.1:80/vulnerabilities/sqli/?id=1&Submit=Submit"'

Expected behavior
I would expect SQLMap to send requests with the basic auth credentials only. Furthermore, I would expect SQLMap not to close with a not authorized error.

Screenshots
Screenshot at 2020-08-31 13-44-26

Running environment:

  • sqlmap version 1.4.4#stable and 1.4.8#stable
  • Ubuntu package manager (apt) and Arch Linux package manager (pacman)
  • Ubuntu and Arch Linux
  • Python version 3.8.5

Target details:

  • DVWA with basic auth enabled
Reactions are currently unavailable

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      Morty Proxy This is a proxified and sanitized view of the page, visit original site.