Re: [sqlmap-users] sql injection without URL Parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sql injection without URL Parameter
|
From: Miroslav S. <mir...@gm...> - 2010-10-11 14:32:18
|
fixed ;) kind regards On Mon, Oct 11, 2010 at 3:53 PM, Philippe A. R. Schaeffer <sc...@co...> wrote: > Hi, > > I just gave the new "URI Marker" a try with the following result: > > ./sqlmap.py -u "http://www.site.com/path/Id/978-3-7857-6020-8*" > > sqlmap version: 0.9-dev > Python version: 2.5.2 > Operating system: posix > Traceback (most recent call last): > File "./sqlmap.py", line 96, in main > start() > File "/vol/tools/sqlmap-dev/lib/controller/controller.py", line 236, > in start > heuristicCheckSqlInjection(place, parameter, value) > File "/vol/tools/sqlmap-dev/lib/controller/checks.py", line 111, in > heuristicCheckSqlInjection > Request.queryPage(payload, place) > File "/vol/tools/sqlmap-dev/lib/request/connect.py", line 347, in > queryPage > page, headers = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, silent=silent, method=method, > auxHeaders=auxHeaders, response=response, raise404=raise404) > File "/vol/tools/sqlmap-dev/lib/request/connect.py", line 177, in > getPage > conn = urllib2.urlopen(req) > File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen > return _opener.open(url, data) > File "/usr/lib/python2.5/urllib2.py", line 373, in open > protocol = req.get_type() > File "/usr/lib/python2.5/urllib2.py", line 244, in get_type > raise ValueError, "unknown url type: %s" % self.__original > ValueError: unknown url type: '"'"''"))" > > > The Code ran as far as: > [15:48:50] [INFO] testing if URI parameter '#1' is dynamic > [15:48:57] [INFO] confirming that URI parameter '#1' is dynamic > [15:49:13] [INFO] URI parameter '#1' is dynamic > [15:49:13] [CRITICAL] unhandled exception in sqlmap/0.9-dev > > If I find some time I will also try to take look into it. > Until then any feedback is welcome ;-) > > Cheers, > > Philippe > > > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
