[sqlmap-users] -l switch misses GET params?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] -l switch misses GET params?
|
From: m4l1c3 <mal...@gm...> - 2010-04-29 17:07:35
|
I've having difficulty getting sqlmap to pick up GET parameters from
Webscarab logs.
Version 8 rc7 everything works as expected with the -l switch.
With 8 final. I get the following:
./sqlmap.py -l <webscarab logs> -v 5 -p "did,dc,gid"
sqlmap/0.8 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[*] starting at: 10:35:53
[10:35:53] [DEBUG] initializing the configuration
[10:35:53] [DEBUG] initializing the knowledge base
[10:35:53] [DEBUG] cleaning up configuration parameters
[10:35:53] [DEBUG] setting the HTTP timeout
[10:35:53] [DEBUG] setting the HTTP method to GET
[10:35:53] [DEBUG] parsing targets list from '<webscarab logs>'
[10:35:53] [INFO] sqlmap parsed 3 testable requests from the targets list
[10:35:53] [DEBUG] creating HTTP requests opener object
[10:35:53] [DEBUG] parsing XML queries file
[10:35:53] [INFO] sqlmap got a total of 3 targets
url 1:
GET http://DOMAIN/PATH/?did=14&dc=1&gid=28
do you want to test this url? [Y/n/q]
> y
[10:35:54] [INFO] testing url http://DOMAIN:80/PATH/?did=14&dc=1&gid=28
[10:35:54] [ERROR] all testable parameters you provided are not present
within the GET, POST and Cookie parameters
[*] shutting down at: 10:35:54
But if I invoke -u with the url, it picks the GET parameters up ok, even if
I specify them.
|
