Re: [sqlmap-users] testing testfire
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] testing testfire
|
From: Brandon P. <bpe...@gm...> - 2014-06-11 21:08:15
|
Increase your --risk to 3. OR payloads aren't run on the default risk level IIRC. Sent from a computer > On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gm...@gm...> wrote: > > I've never been very successful using sqlmap, perhaps someone can help point out what I'm missing. For example, when using IBM's intentionally vulnerable test web app http://demo.testfire.com/ I manually verified that the uid parameter in login.aspx is vulnerable to SQLi (using the payload admin' or 1=1;--). I saved the login request to a file via burp and ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST parameter 'uid' is not injectable". What am I doing wrong? > > thanks, > -G > ------------------------------------------------------------------------------ > HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions > Find What Matters Most in Your Big Data with HPCC Systems > Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. > Leverages Graph Analysis for Fast Processing & Easy Data Exploration > http://p.sf.net/sfu/hpccsystems > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
