Re: [sqlmap-users] sql injection without URL Parameter

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

 Hi,

I just gave the new "URI Marker" a try with the following result:

./sqlmap.py -u "http://www.site.com/path/Id/978-3-7857-6020-8*"

sqlmap version: 0.9-dev
Python version: 2.5.2
Operating system: posix
Traceback (most recent call last):
  File "./sqlmap.py", line 96, in main
    start()
  File "/vol/tools/sqlmap-dev/lib/controller/controller.py", line 236,
in start
    heuristicCheckSqlInjection(place, parameter, value)
  File "/vol/tools/sqlmap-dev/lib/controller/checks.py", line 111, in
heuristicCheckSqlInjection
    Request.queryPage(payload, place)
  File "/vol/tools/sqlmap-dev/lib/request/connect.py", line 347, in
queryPage
    page, headers = Connect.getPage(url=uri, get=get, post=post,
cookie=cookie, ua=ua, silent=silent, method=method,
auxHeaders=auxHeaders, response=response, raise404=raise404)
  File "/vol/tools/sqlmap-dev/lib/request/connect.py", line 177, in
getPage
    conn = urllib2.urlopen(req)
  File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
    return _opener.open(url, data)
  File "/usr/lib/python2.5/urllib2.py", line 373, in open
    protocol = req.get_type()
  File "/usr/lib/python2.5/urllib2.py", line 244, in get_type
    raise ValueError, "unknown url type: %s" % self.__original
ValueError: unknown url type: '"'"''"))"

The Code ran as far as:
[15:48:50] [INFO] testing if URI parameter '#1' is dynamic
[15:48:57] [INFO] confirming that URI parameter '#1' is dynamic
[15:49:13] [INFO] URI parameter '#1' is dynamic
[15:49:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev

If I find some time I will also try to take look into it.
Until then any feedback is welcome ;-)

Cheers,

Philippe