Re: [sqlmap-users] [WARNING] GET parameter 'id' is not dynamic
Brought to you by:
inquisb
From: Patrick W. <pa...@au...> - 2010-02-23 01:13:41
|
try adding -p id to force it to test id -Patrick On Tue, Feb 23, 2010 at 11:09 AM, Ryan Dewhurst <rya...@gm...> wrote: > Hi, > Trying to get sqlmap to run against DVWA's SQL injection page. DVWA > has a normal PHP login form which when logged in sets the following > cookies: > > Cookies: security=low; PHPSESSID=25e295bd67654538970df074f7083d2d > > Here is the command and error I am receiving, any help appreciated. > > ------------------------------------------------------------------------------------------------------ > #./sqlmap.py -u "http://127.0.0.1/dvwa_svn/vulnerabilities/sqli/?id=1" > --cookie=security=low; PHPSESSID=25e295bd67654538970df074f7083d2d > > sqlmap/0.8-rc4 > by Bernardo Damele A. G. <ber...@gm...> > > [*] starting at: 00:03:28 > > [00:03:28] [INFO] using > '/pentest/database/sqlmap/output/127.0.0.1/session' as session file > [00:03:28] [INFO] resuming match ratio '0.998' from session file > [00:03:28] [INFO] testing connection to the target url > you provided an HTTP Cookie header value. The target url provided its > own Cookie within the HTTP Set-Cookie header. Do you want to continue > using the HTTP Cookie values that you provided? [Y/n] y > [00:03:41] [INFO] testing if the url is stable, wait a few seconds > [00:03:42] [INFO] url is stable > [00:03:42] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic > [00:03:42] [WARNING] User-Agent parameter 'User-Agent' is not dynamic > [00:03:42] [INFO] testing if Cookie parameter 'security' is dynamic > [00:03:42] [WARNING] Cookie parameter 'security' is not dynamic > [00:03:42] [INFO] testing if GET parameter 'id' is dynamic > [00:03:43] [WARNING] GET parameter 'id' is not dynamic > > [*] shutting down at: 00:03:43 > --------------------------------------------------------------------------------------------------------------------- > > Thank you, > Ryan > > -- > Ryan Dewhurst > > http://www.ethicalhack3r.co.uk > http://www.dvwa.co.uk > http://www.twitter.com/ethicalhack3r > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |