[sqlmap-users] [WARNING] GET parameter 'ID' is not dynamic?? But it is...
Brought to you by:
inquisb
From: Newslettersucks <New...@gm...> - 2009-04-18 12:22:14
|
Hi, i tried the following command: C:\sqlmap-0.6.4_exe\sqlmap-0.6.4_exe>sqlmap.exe -u " http://www.xyz.com/index.php?page=bday.php&ID=11297" --string "jams Paolletoi" -p "ID" -v 2 this is my output: [*] starting at: 14:02:00 [14:02:00] [DEBUG] initializing the configuration [14:02:00] [DEBUG] initializing the knowledge base [14:02:00] [DEBUG] cleaning up configuration parameters [14:02:00] [DEBUG] setting the HTTP method to GET [14:02:00] [DEBUG] creating HTTP requests opener object [14:02:00] [DEBUG] parsing XML queries file [14:02:00] [INFO] testing connection to the target url [14:02:14] [WARNING] unable to connect to the target url or proxy, sqlmap is goi ng to retry the request [14:02:29] [INFO] testing if the provided string is within the target URL page c ontent [14:02:37] [WARNING] the testable parameter 'ID' you provided is not into the Co okie [14:02:37] [INFO] testing if GET parameter 'ID' is dynamic [14:02:47] [WARNING] GET parameter 'ID' is not dynamic [*] shutting down at: 14:02:47 Unfortunaly it's not working :( The parameter 'ID' is vulnerable, cause if i change it to ID=' i can see SQL-errors... So what can i do? Greetings ns |