[sqlmap-users] What is this ??
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] What is this ??
|
From: <dr...@sa...> - 2012-12-12 20:54:59
|
Hi everyone i google but nothing came up that was related to this, on OWASP scanner i had a sql injection alert and i try to test it with sqlmap but i got a error and nothing happens the program just escapes with this : ... python sqlmap.py -u http://www.target.tk/inscritos.php?tipoInscricao=3&tipoDir=119%20AND%201=2 [1] 2816 [lol@whitehat sqlmap]$ sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [*] starting at 20:38:36 [20:38:37] [INFO] testing connection to the target url [20:38:37] [INFO] testing if the url is stable, wait a few seconds [20:38:38] [INFO] url is stable [20:38:38] [INFO] testing if GET parameter 'tipoInscricao' is dynamic [20:38:39] [INFO] confirming that GET parameter 'tipoInscricao' is dynamic [20:38:40] [INFO] GET parameter 'tipoInscricao' is dynamic [20:38:40] [WARNING] reflective value(s) found and filtering out [20:38:40] [WARNING] frames detected containing attacked parameter values. Please be sure to test those separately in case that attack on this page fails [20:38:41] [ERROR] possible integer casting detected (e.g. tipoInscricao=(int)$_REQUEST('tipoInscricao')) at the back-end web application do you want to skip those kind of cases (and save scanning time)? [y/N] y bash: y: command not found [1]+ Stopped python sqlmap.py -u http://www.target.tk/inscritos.php?tipoInscricao=3 [lol@whitehat sqlmap]$ |
