sqlmap-users Mailing List for sqlmap (Page 58)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello everyone,

I have an application that is injectable using the 'x-forwarded-for'
custom HTTP header. While I can specify it with --headers, I can't
seem to find a way to use it as an injection point:

C:\sqlmap>python sqlmap.py -u "http://www.example.com/index.php"
--headers "x-for warded-for: 1" --level 5 --risk 3 --dbms mysql
--threads 10 -p "x-forwarded-for"

   sqlmap/1.0-dev (r5112) - automatic SQL injection and database takeover tool
   http://www.sqlmap.org

[10:50:04] [CRITICAL] all testable parameters you provided are not
present within the GET, POST and Cookie parameters

Is that expected behavior or am I missing something?

Thank you,
Anton

2008	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (4)	Oct (11)	Nov (24)	Dec (13)
2009	Jan (23)	Feb (17)	Mar (13)	Apr (48)	May (22)	Jun (18)	Jul (22)	Aug (13)	Sep (23)	Oct (6)	Nov (11)	Dec (25)
2010	Jan (21)	Feb (33)	Mar (61)	Apr (47)	May (48)	Jun (30)	Jul (24)	Aug (37)	Sep (52)	Oct (59)	Nov (32)	Dec (57)
2011	Jan (166)	Feb (93)	Mar (65)	Apr (117)	May (87)	Jun (124)	Jul (102)	Aug (78)	Sep (65)	Oct (22)	Nov (71)	Dec (79)
2012	Jan (93)	Feb (55)	Mar (45)	Apr (49)	May (56)	Jun (93)	Jul (95)	Aug (42)	Sep (26)	Oct (36)	Nov (32)	Dec (46)
2013	Jan (36)	Feb (78)	Mar (38)	Apr (57)	May (35)	Jun (39)	Jul (23)	Aug (33)	Sep (28)	Oct (38)	Nov (22)	Dec (16)
2014	Jan (33)	Feb (23)	Mar (41)	Apr (29)	May (12)	Jun (20)	Jul (21)	Aug (23)	Sep (18)	Oct (34)	Nov (12)	Dec (39)
2015	Jan (2)	Feb (51)	Mar (10)	Apr (28)	May (9)	Jun (22)	Jul (32)	Aug (35)	Sep (29)	Oct (50)	Nov (8)	Dec (2)
2016	Jan (8)	Feb (2)	Mar (3)	Apr (14)	May	Jun	Jul	Aug (12)	Sep	Oct	Nov (1)	Dec (19)
2017	Jan	Feb (18)	Mar	Apr (1)	May	Jun	Jul	Aug (4)	Sep	Oct	Nov (2)	Dec
2018	Jan	Feb	Mar (1)	Apr (1)	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2019	Jan	Feb	Mar	Apr (3)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

sqlmap-users Mailing List for sqlmap (Page 58)

sqlmap-users — sqlmap users mailing list