Re: [sqlmap-users] Help with Testable Parameters
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Help with Testable Parameters
|
From: John O. <jo...@gm...> - 2010-08-21 21:43:42
|
Miroslav, Thanks, FYI Christov pointed me to this link: http://sourceforge.net/mailarchive/message.php?msg_name=4C3F94D3.5030408%40gmail.com Best John On Sun, Aug 15, 2010 at 5:11 PM, Miroslav Stampar < mir...@gm...> wrote: > hi. > > if you want to test that GET parameter provided with -p option, you > should put it inside the dynamic part of the working URL you use for > testing. > > for example: ./sqlmap.py -p "usersupplieddata" -u > "http://test.com/index.php?usersupplieddata=1". > > in this case i can see that you've used usersupplieddata as part of > the directory structure (../usersupplieddata), while it should be put > as a parameter (...?usersupplieddata=434334). > > On Fri, Aug 13, 2010 at 10:51 PM, John Ouellette <jo...@gm...> wrote: > > Hi all. > > I am just starting using sqlmap 0.8 (on windows XP) to get SQL map to > test > > SQL injection against my web application (LAMP). > > It seems like it's not finding my testable parameters because the get > > request is as follows: > > GET /data/usersupplieddata HTTP/1.1 > > and not like the typical get_int.php?id=1 etc. > > I've tried the -p option as follows: > > -p "usersupplieddata" > > I am getting the error message as follows: > > > > 16:30:29] [DEBUG] initializing the configuration > > 16:30:29] [DEBUG] initializing the knowledge base > > 16:30:29] [DEBUG] cleaning up configuration parameters > > 16:30:29] [DEBUG] setting the HTTP timeout > > 16:30:29] [DEBUG] setting the HTTP Cookie header > > 16:30:29] [DEBUG] setting the HTTP method to GET > > 16:30:29] [DEBUG] forcing back-end DBMS to user defined value > > 16:30:29] [DEBUG] forcing back-end DBMS operating system to user defined > > value > > 16:30:29] [DEBUG] creating HTTP requests opener object > > 16:30:29] [DEBUG] parsing XML queries file > > 16:30:29] [WARNING] the testable parameter 'usersupplieddata' you > provided > > is not into the Cookie > > 16:30:29] [ERROR] all testable parameters you provided are not present > > within the GET, POST and Cookie parameters > > I have confirmed that that string is in fact being sent to the Web > server > > as in the above request, so I'm confused at the error message. > > Does anyone have any suggestions, or have they encountered this type of > > situation? > > Thanks in advance > > John > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > This SF.net email is sponsored by > > > > Make an app they can't live without > > Enter the BlackBerry Developer Challenge > > http://p.sf.net/sfu/RIM-dev2dev > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > |
