[sqlmap-users] [WARNING] GET parameter 'id' is not dynamic
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] [WARNING] GET parameter 'id' is not dynamic
|
From: Ryan D. <rya...@gm...> - 2010-02-23 00:09:57
|
Hi,
Trying to get sqlmap to run against DVWA's SQL injection page. DVWA
has a normal PHP login form which when logged in sets the following
cookies:
Cookies: security=low; PHPSESSID=25e295bd67654538970df074f7083d2d
Here is the command and error I am receiving, any help appreciated.
------------------------------------------------------------------------------------------------------
#./sqlmap.py -u "http://127.0.0.1/dvwa_svn/vulnerabilities/sqli/?id=1"
--cookie=security=low; PHPSESSID=25e295bd67654538970df074f7083d2d
sqlmap/0.8-rc4
by Bernardo Damele A. G. <ber...@gm...>
[*] starting at: 00:03:28
[00:03:28] [INFO] using
'/pentest/database/sqlmap/output/127.0.0.1/session' as session file
[00:03:28] [INFO] resuming match ratio '0.998' from session file
[00:03:28] [INFO] testing connection to the target url
you provided an HTTP Cookie header value. The target url provided its
own Cookie within the HTTP Set-Cookie header. Do you want to continue
using the HTTP Cookie values that you provided? [Y/n] y
[00:03:41] [INFO] testing if the url is stable, wait a few seconds
[00:03:42] [INFO] url is stable
[00:03:42] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[00:03:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[00:03:42] [INFO] testing if Cookie parameter 'security' is dynamic
[00:03:42] [WARNING] Cookie parameter 'security' is not dynamic
[00:03:42] [INFO] testing if GET parameter 'id' is dynamic
[00:03:43] [WARNING] GET parameter 'id' is not dynamic
[*] shutting down at: 00:03:43
---------------------------------------------------------------------------------------------------------------------
Thank you,
Ryan
--
Ryan Dewhurst
http://www.ethicalhack3r.co.uk
http://www.dvwa.co.uk
http://www.twitter.com/ethicalhack3r
|
