Try to provide the argument of -u between double quotes.
Bernardo
On Mon, Mar 15, 2010 at 11:35, Kasper Føns <th...@ma...> wrote:
> Hello sqlmap users.
>
> It seems that sqlmap is not parsing the url correctly, see following output:
>
> C:\Users\foens\Desktop\sqlmap>sqlmap.py -u
> http://<host>/conferences/viewpaper.php?id=2387&cf=16
>
> sqlmap/0.9-dev - automatic SQL injection and database takeover tool
> http://sqlmap.sourceforge.net
>
> [*] starting at: 12:32:56
>
> [12:32:56] [INFO] using
> 'C:\Users\foens\Desktop\sqlmap\output\<host>\session' as session file
> [12:32:56] [INFO] testing connection to the target url
> [12:32:56] [INFO] testing if the url is stable, wait a few seconds
> [12:32:58] [INFO] url is stable
> [12:32:58] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
> [12:32:58] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
> [12:32:58] [INFO] testing if GET parameter 'id' is dynamic
> [12:32:58] [WARNING] GET parameter 'id' is not dynamic
>
> [*] shutting down at: 12:32:58
>
> 'cf' is not recognized as an internal or external command,
> operable program or batch file.
>
> C:\Users\foens\Desktop\sqlmap>
>
> I have anonyminized the host. It seems that the "cf" parameter is being
> used as a program in some script. I am running on Windows.
>
> /Kasper
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
