Re: [sqlmap-users] sqlmap-users@lists.sourceforge.nуе
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap-users@lists.sourceforge.nуе
|
From: Anton S. <ant...@gm...> - 2012-06-18 17:12:39
|
Thanks, Miroslav, do appreciate this. Have a wonderful day. Anton. On Mon, Jun 18, 2012 at 8:14 PM, Miroslav Stampar <mir...@gm...> wrote: > Hi Anton. > > This is currently not supported. We'll inform you when it will. > > Kind regards, > Miroslav Stampar > > On Mon, Jun 18, 2012 at 5:25 PM, Anton Sazonov <hy...@ef...> wrote: >> >> Hello everyone, >> >> I have an application that is injectable using the 'x-forwarded-for' >> custom HTTP header. While I can specify it with --headers, I can't >> seem to find a way to use it as an injection point: >> >> C:\sqlmap>python sqlmap.py -u "http://www.example.com/index.php" >> --headers "x-for warded-for: 1" --level 5 --risk 3 --dbms mysql >> --threads 10 -p "x-forwarded-for" >> >> sqlmap/1.0-dev (r5112) - automatic SQL injection and database takeover >> tool >> http://www.sqlmap.org >> >> [10:50:04] [CRITICAL] all testable parameters you provided are not >> present within the GET, POST and Cookie parameters >> >> Is that expected behavior or am I missing something? >> >> Thank you, >> Anton >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
