Re: [sqlmap-users] bug: -g with -p fails
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] bug: -g with -p fails
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-03-15 11:00:01
|
Fixed and committed, thanks for reporting. Cheers, Bernardo On Mon, Mar 15, 2010 at 10:15, Kasper Føns <th...@ma...> wrote: > Hello sqlmap users. > > It seems that sqlmap is not too happy with google-dorks results. > > This is self explainatory I think: > C:\Users\foens\Desktop\sqlmap>sqlmap.py -g "inurl:php?id" -p id > > sqlmap/0.8 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 11:10:00 > > [11:10:00] [INFO] first request to Google to get the session cookie > [11:10:00] [INFO] using Google result page #1 > [11:10:01] [INFO] sqlmap got 100 results for your Google dork > expression, 95 of them are testable targets > [11:10:01] [INFO] sqlmap got a total of 95 targets > url 1: > GET http://www.axiotron.com/index.php?id=modbook > do you want to test this url? [Y/n/q] > > y > [11:10:04] [INFO] testing url http://www.axiotron.com/index.php?id=modbook > [11:10:04] [ERROR] all testable parameters you provided are not present > within the GET, POST and Cookie parameters > > [*] shutting down at: 11:10:04 > > It does not seem it is able to see that the id parameter is found in the > GET request. > > This also seems to be the result of: > C:\Users\foens\Desktop\sqlmap>sqlmap.py -g "inurl:php?id" > > sqlmap/0.8 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 11:12:32 > > [11:12:32] [INFO] first request to Google to get the session cookie > [11:12:32] [INFO] using Google result page #1 > [11:12:33] [INFO] sqlmap got 100 results for your Google dork > expression, 95 of them are testable targets > [11:12:33] [INFO] sqlmap got a total of 95 targets > url 1: > GET http://www.axiotron.com/index.php?id=modbook > do you want to test this url? [Y/n/q] > > y > [11:12:37] [INFO] testing url http://www.axiotron.com/index.php?id=modbook > [11:12:37] [INFO] using > 'C:\Users\foens\Desktop\sqlmap\output\www.axiotron.com\session' as > session file > [11:12:37] [INFO] testing connection to the target url > [11:12:38] [INFO] testing if the url is stable, wait a few seconds > [11:12:41] [INFO] url is stable > [11:12:41] [INFO] testing if Cookie parameter 'fe_typo_user' is dynamic > [11:12:42] [WARNING] Cookie parameter 'fe_typo_user' is not dynamic > [11:12:42] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic > [11:12:44] [WARNING] User-Agent parameter 'User-Agent' is not dynamic > url 2: > GET http://www.llgc.org.uk/index.php?id=2 > do you want to test this url? [Y/n/q] > > q > > [*] shutting down at: 11:12:56 > > > C:\Users\foens\Desktop\sqlmap> > > Why is the GET parameter id not checked here? > > I am using latest svn version. > > /Kasper > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
