[sqlmap-users] sqlmap-users@lists.sourceforge.nуе
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] sqlmap-users@lists.sourceforge.nуе
|
From: Anton S. <hy...@ef...> - 2012-06-18 15:26:14
|
Hello everyone, I have an application that is injectable using the 'x-forwarded-for' custom HTTP header. While I can specify it with --headers, I can't seem to find a way to use it as an injection point: C:\sqlmap>python sqlmap.py -u "http://www.example.com/index.php" --headers "x-for warded-for: 1" --level 5 --risk 3 --dbms mysql --threads 10 -p "x-forwarded-for" sqlmap/1.0-dev (r5112) - automatic SQL injection and database takeover tool http://www.sqlmap.org [10:50:04] [CRITICAL] all testable parameters you provided are not present within the GET, POST and Cookie parameters Is that expected behavior or am I missing something? Thank you, Anton |
