[sqlmap-users] bug: -g with -p fails
Brought to you by:
inquisb
From: Kasper F. <th...@ma...> - 2010-03-15 10:16:04
|
Hello sqlmap users. It seems that sqlmap is not too happy with google-dorks results. This is self explainatory I think: C:\Users\foens\Desktop\sqlmap>sqlmap.py -g "inurl:php?id" -p id sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:10:00 [11:10:00] [INFO] first request to Google to get the session cookie [11:10:00] [INFO] using Google result page #1 [11:10:01] [INFO] sqlmap got 100 results for your Google dork expression, 95 of them are testable targets [11:10:01] [INFO] sqlmap got a total of 95 targets url 1: GET http://www.axiotron.com/index.php?id=modbook do you want to test this url? [Y/n/q] > y [11:10:04] [INFO] testing url http://www.axiotron.com/index.php?id=modbook [11:10:04] [ERROR] all testable parameters you provided are not present within the GET, POST and Cookie parameters [*] shutting down at: 11:10:04 It does not seem it is able to see that the id parameter is found in the GET request. This also seems to be the result of: C:\Users\foens\Desktop\sqlmap>sqlmap.py -g "inurl:php?id" sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 11:12:32 [11:12:32] [INFO] first request to Google to get the session cookie [11:12:32] [INFO] using Google result page #1 [11:12:33] [INFO] sqlmap got 100 results for your Google dork expression, 95 of them are testable targets [11:12:33] [INFO] sqlmap got a total of 95 targets url 1: GET http://www.axiotron.com/index.php?id=modbook do you want to test this url? [Y/n/q] > y [11:12:37] [INFO] testing url http://www.axiotron.com/index.php?id=modbook [11:12:37] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\www.axiotron.com\session' as session file [11:12:37] [INFO] testing connection to the target url [11:12:38] [INFO] testing if the url is stable, wait a few seconds [11:12:41] [INFO] url is stable [11:12:41] [INFO] testing if Cookie parameter 'fe_typo_user' is dynamic [11:12:42] [WARNING] Cookie parameter 'fe_typo_user' is not dynamic [11:12:42] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [11:12:44] [WARNING] User-Agent parameter 'User-Agent' is not dynamic url 2: GET http://www.llgc.org.uk/index.php?id=2 do you want to test this url? [Y/n/q] > q [*] shutting down at: 11:12:56 C:\Users\foens\Desktop\sqlmap> Why is the GET parameter id not checked here? I am using latest svn version. /Kasper |