Re: [sqlmap-users] sqlmap-users@lists.sourceforge.nуе
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap-users@lists.sourceforge.nуе
|
From: Miroslav S. <mir...@gm...> - 2012-06-18 16:14:48
|
Hi Anton. This is currently not supported. We'll inform you when it will. Kind regards, Miroslav Stampar On Mon, Jun 18, 2012 at 5:25 PM, Anton Sazonov <hy...@ef...> wrote: > Hello everyone, > > I have an application that is injectable using the 'x-forwarded-for' > custom HTTP header. While I can specify it with --headers, I can't > seem to find a way to use it as an injection point: > > C:\sqlmap>python sqlmap.py -u "http://www.example.com/index.php" > --headers "x-for warded-for: 1" --level 5 --risk 3 --dbms mysql > --threads 10 -p "x-forwarded-for" > > sqlmap/1.0-dev (r5112) - automatic SQL injection and database takeover > tool > http://www.sqlmap.org > > [10:50:04] [CRITICAL] all testable parameters you provided are not > present within the GET, POST and Cookie parameters > > Is that expected behavior or am I missing something? > > Thank you, > Anton > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
