[sqlmap-users] A incorrectly identified "tainted" parameter
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] A incorrectly identified "tainted" parameter
|
From: Bob S. <bo...@si...> - 2011-12-10 14:23:04
|
I received this message: [23:28:33] [CRITICAL] you have provided tainted parameter values (ncmb%26ShowMenu=-1) with most probably leftover chars from manual sql injection tests (;()') or non-valid numerical value. Please, always use only valid parameter values so sqlmap could be able to do a valid run. Here is a portion of the POSTed data that surrounds this parameter. fhdn%260=&fhdn%26=&ncmb%26ShowMenu=-1&fhdn%26isYahooGobutton=N The parameters were captured directly using burpsuite while I was running the UI. I was performing no injection testing when this was captured. I looked for each of the listed parameters in the posted data and they do not appear. (note there are more parameters but I would rather send those privately if possible). I am running a recent svn extract of the dev stream (1.0) Thanks Bob |
