Re: [sqlmap-users] Help with Testable Parameters
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Help with Testable Parameters
|
From: Miroslav S. <mir...@gm...> - 2010-08-15 21:11:27
|
hi. if you want to test that GET parameter provided with -p option, you should put it inside the dynamic part of the working URL you use for testing. for example: ./sqlmap.py -p "usersupplieddata" -u "http://test.com/index.php?usersupplieddata=1". in this case i can see that you've used usersupplieddata as part of the directory structure (../usersupplieddata), while it should be put as a parameter (...?usersupplieddata=434334). On Fri, Aug 13, 2010 at 10:51 PM, John Ouellette <jo...@gm...> wrote: > Hi all. > I am just starting using sqlmap 0.8 (on windows XP) to get SQL map to test > SQL injection against my web application (LAMP). > It seems like it's not finding my testable parameters because the get > request is as follows: > GET /data/usersupplieddata HTTP/1.1 > and not like the typical get_int.php?id=1 etc. > I've tried the -p option as follows: > -p "usersupplieddata" > I am getting the error message as follows: > > 16:30:29] [DEBUG] initializing the configuration > 16:30:29] [DEBUG] initializing the knowledge base > 16:30:29] [DEBUG] cleaning up configuration parameters > 16:30:29] [DEBUG] setting the HTTP timeout > 16:30:29] [DEBUG] setting the HTTP Cookie header > 16:30:29] [DEBUG] setting the HTTP method to GET > 16:30:29] [DEBUG] forcing back-end DBMS to user defined value > 16:30:29] [DEBUG] forcing back-end DBMS operating system to user defined > value > 16:30:29] [DEBUG] creating HTTP requests opener object > 16:30:29] [DEBUG] parsing XML queries file > 16:30:29] [WARNING] the testable parameter 'usersupplieddata' you provided > is not into the Cookie > 16:30:29] [ERROR] all testable parameters you provided are not present > within the GET, POST and Cookie parameters > I have confirmed that that string is in fact being sent to the Web server > as in the above request, so I'm confused at the error message. > Does anyone have any suggestions, or have they encountered this type of > situation? > Thanks in advance > John > > > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
