Re: [sqlmap-users] A incorrectly identified "tainted" parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] A incorrectly identified "tainted" parameter
|
From: Miroslav S. <mir...@gm...> - 2011-12-11 08:37:44
|
Hi. Thing is that in general negative parameter values are a leftover from manual injection attempts causing problems in some cases. Hence the warning/error message. Have you tried just to change that -1 value to 1 for ShowMenu parameter? Kind regards On Dec 10, 2011 3:23 PM, "Bob Simonoff" <bo...@si...> wrote: > ** > > I received this message: > > [23:28:33] [CRITICAL] you have provided tainted parameter values > (ncmb%26ShowMenu=-1) with most probably leftover chars from manual sql > injection tests (;()') or non-valid numerical value. Please, always use > only valid parameter values so sqlmap could be able to do a valid run. > > Here is a portion of the POSTed data that surrounds this parameter. > > fhdn%260=&fhdn%26=&ncmb%26ShowMenu=-1&fhdn%26isYahooGobutton=N > > The parameters were captured directly using burpsuite while I was running > the UI. I was performing no injection testing when this was captured. I > looked for each of the listed parameters in the posted data and they do not > appear. (note there are more parameters but I would rather send those > privately if possible). > > I am running a recent svn extract of the dev stream (1.0) > > Thanks > Bob > > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
