Re: [sqlmap-users] testing testfire
Brought to you by:
inquisb
From: Gordon M. <gm...@gm...> - 2014-06-12 05:57:05
|
On Thu, Jun 12, 2014 at 12:08 AM, Brandon Perry <bpe...@gm...> wrote: > Increase your --risk to 3. OR payloads aren't run on the default risk > level IIRC. > > Hi Brandon, Thanks but still no joy. Any other ideas? -G > Sent from a computer > > On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gm...@gm...> wrote: > > I've never been very successful using sqlmap, perhaps someone can help > point out what I'm missing. For example, when using IBM's intentionally > vulnerable test web app http://demo.testfire.com/ I manually verified > that the uid parameter in login.aspx is vulnerable to SQLi (using the > payload admin' or 1=1;--). I saved the login request to a file via burp and > ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST > parameter 'uid' is not injectable". What am I doing wrong? > > thanks, > -G > > > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |