Re: [sqlmap-users] --host parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --host parameter
|
From: Miroslav S. <mir...@gm...> - 2013-04-16 12:19:26
|
Hi. Thank you for your report and find it fixed with the latest commit [1]. Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/commit/6fed1921edf1baaf23a54fbe340ff3781fc05c86 On Mon, Apr 15, 2013 at 11:01 PM, <co...@5i...> wrote: > Hello, > the --host doesn't work as expected, or I am doing something wrong: > > > this works as expected: > > ./sqlmap.py --url='http://i.csland.ro/index.php?id=0' > > sqlmap/1.0-dev-840ee26 - automatic SQL injection and database > takeover tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without > prior mutual consent is illegal. It is the end user's responsibility to > obey all applicable local, state and federal laws. Developers assume no > liability and are not responsible for any misuse or damage caused by > this program > > [*] starting at 23:57:15 > > [23:57:15] [INFO] testing connection to the target URL > [23:57:15] [INFO] heuristics detected web page charset 'ascii' > [23:57:15] [INFO] testing if the target URL is stable. This can take a > couple of seconds > [23:57:16] [INFO] target URL is stable > [23:57:16] [INFO] testing if GET parameter 'id' is dynamic > [23:57:16] [INFO] confirming that GET parameter 'id' is dynamic > [23:57:16] [INFO] GET parameter 'id' is dynamic > [23:57:16] [INFO] heuristic (basic) test shows that GET parameter 'id' > might be injectable (possible DBMS: 'MySQL') > [23:57:16] [INFO] testing for SQL injection on GET parameter 'id' > > > .... > > > this doesn't work as expected: > > ./sqlmap.py --host='i.csland.ro' > --url='http://188.240.236.15/index.php?id=0' > > sqlmap/1.0-dev-840ee26 - automatic SQL injection and database > takeover tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without > prior mutual consent is illegal. It is the end user's responsibility to > obey all applicable local, state and federal laws. Developers assume no > liability and are not responsible for any misuse or damage caused by > this program > > [*] starting at 23:58:03 > > [23:58:03] [INFO] testing connection to the target URL > [23:58:03] [CRITICAL] page not found (404) > it is not recommended to continue in this kind of cases. Do you want to > quit and make sure that everything is set up properly? [Y/n] > [23:58:05] [WARNING] HTTP error codes detected during run: > > ............ > > > Of course i.csland.ro resolves to 188.240.236.15. Any idea? > > Thanks. > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
