[sqlmap-users] False positive "tainted" parameter?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] False positive "tainted" parameter?
|
From: garthoid <gar...@gm...> - 2012-02-13 16:15:42
|
Hi,
I am encountering this message since my last update of Sqlmap. Version
0.9 does not encounter this problem with the same request.
[10:56:28] [INFO] parsing HTTP request from './dump/save.txt'
[10:56:28] [CRITICAL] you have provided tainted parameter values
('amp;icon=stuff.gif</thumbnail><someItem><item id="gate"
value="/something.cgi"/><item id="report" value="stID(') with most
probably leftover chars from manual sql injection tests (;()') or
non-valid numerical value. Please, always use only valid parameter
values so sqlmap could be able to properly run
Here is the fragment that it is complaining about:
&deficon=stuff.gif</thumbnail><someItem><item id="gate"
value="/something.cgi"/><item id="report"
value="stID("iC15DBE0F9A7E4F3E86EE5DA47D5A31DC")"/>
Here is the version I am running:
sqlmap/1.0-dev (r4744)
The original request was captured with Burp. It was a clean test with
no injection or other manipulation happening at that time.
Thoughts?
Thanks in advance,
Garth
|
