Re: [sqlmap-users] What is this ??
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] What is this ??
|
From: Miroslav S. <mir...@gm...> - 2012-12-13 09:03:15
|
Hi. You've put sqlmap into background process and you expect it to accept console output at your will :). I believe that's not something we could help you along. "do you want to skip those kind of cases (and save scanning time)? [y/N] y bash: y: command not found" Kind regards, Miroslav Stampar On Wed, Dec 12, 2012 at 9:54 PM, <dr...@sa...> wrote: > Hi everyone i google but nothing came up that was related to this, on > OWASP scanner i had a sql injection alert and i try to test it with > sqlmap but i got a error and nothing happens the program just escapes > with this : > > ... > > > > python sqlmap.py -u > http://www.target.tk/inscritos.php?tipoInscricao=3&tipoDir=119%20AND%201=2 > [1] 2816 > [lol@whitehat sqlmap]$ > sqlmap/1.0-dev - automatic SQL injection and database takeover tool > http://sqlmap.org > > [*] starting at 20:38:36 > > [20:38:37] [INFO] testing connection to the target url > [20:38:37] [INFO] testing if the url is stable, wait a few seconds > [20:38:38] [INFO] url is stable > [20:38:38] [INFO] testing if GET parameter 'tipoInscricao' is dynamic > [20:38:39] [INFO] confirming that GET parameter 'tipoInscricao' is dynamic > [20:38:40] [INFO] GET parameter 'tipoInscricao' is dynamic > [20:38:40] [WARNING] reflective value(s) found and filtering out > [20:38:40] [WARNING] frames detected containing attacked parameter > values. Please be sure to test those separately in case that attack on > this page fails > [20:38:41] [ERROR] possible integer casting detected (e.g. > tipoInscricao=(int)$_REQUEST('tipoInscricao')) at the back-end web > application > do you want to skip those kind of cases (and save scanning time)? [y/N] y > bash: y: command not found > > [1]+ Stopped python sqlmap.py -u > http://www.target.tk/inscritos.php?tipoInscricao=3 > [lol@whitehat sqlmap]$ > > > > > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
