[sqlmap-users] -l switch misses GET params?
Brought to you by:
inquisb
From: m4l1c3 <mal...@gm...> - 2010-04-29 17:07:35
|
I've having difficulty getting sqlmap to pick up GET parameters from Webscarab logs. Version 8 rc7 everything works as expected with the -l switch. With 8 final. I get the following: ./sqlmap.py -l <webscarab logs> -v 5 -p "did,dc,gid" sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 10:35:53 [10:35:53] [DEBUG] initializing the configuration [10:35:53] [DEBUG] initializing the knowledge base [10:35:53] [DEBUG] cleaning up configuration parameters [10:35:53] [DEBUG] setting the HTTP timeout [10:35:53] [DEBUG] setting the HTTP method to GET [10:35:53] [DEBUG] parsing targets list from '<webscarab logs>' [10:35:53] [INFO] sqlmap parsed 3 testable requests from the targets list [10:35:53] [DEBUG] creating HTTP requests opener object [10:35:53] [DEBUG] parsing XML queries file [10:35:53] [INFO] sqlmap got a total of 3 targets url 1: GET http://DOMAIN/PATH/?did=14&dc=1&gid=28 do you want to test this url? [Y/n/q] > y [10:35:54] [INFO] testing url http://DOMAIN:80/PATH/?did=14&dc=1&gid=28 [10:35:54] [ERROR] all testable parameters you provided are not present within the GET, POST and Cookie parameters [*] shutting down at: 10:35:54 But if I invoke -u with the url, it picks the GET parameters up ok, even if I specify them. |