Thread: [sqlmap-users] sqlmap password field injection

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Ciao Bernardo ( ;) italiano anche io)
Following up with the response you gave to Dan about injection in login form
I have tried to put
test'+OR+'1'='1');--
in the data parameter (because this is the way to bypass the auth 
through sqli and get the string)
but I receive [ERROR] all testable parameters you provided are not 
present within t
he GET, POST and Cookie parameters

It seems that the problem is in the '=' character in the data parameter.
I tried it both using sqlmap.conf and inline parameters with no luck
Any suggestion on this will be very appreciated.

-- 
----
Zinho

Webmaster and Founder 

Hackers Center 
Internet Security Portal
www.hackerscenter.com