Penetration Testing mailing list archives
Re: SQLMAP
From: "Michael Condon" <admin () singulartechnologysolutions com>
Date: Fri, 7 Nov 2008 10:59:12 -0600
I don't use that URL programming style for security (and personal coding style reasons).
I did test it with HP's scrawlr and it passed.----- Original Message ----- From: "Marvin Simkin" <Marvin.Simkin () asu edu> To: "Anthony Cicalla" <anthony.cicalla () gmail com>; "Michael Condon" <admin () singulartechnologysolutions com>
Cc: <pen-test () securityfocus com> Sent: Thursday, November 06, 2008 5:20 PM Subject: RE: SQLMAP I think it wants some parameters to test. For example: python sqlmap.py -u http://www.domain.com/page.php?id=3&option=foo Then it will try to inject SQL in place of the "3" or the "foo". ------------------------------------- Marvin Simkin Information Security University Technology Office Arizona State University http://simkin.asu.edu/ -----Original Message----- From: listbounce () securityfocus com on behalf of Anthony Cicalla Sent: Thu 2008-11-06 11:06 To: Michael Condon Cc: pen-test () securityfocus com Subject: Re: SQLMAP Can you post you conf file, with the domain you are testing xxxx'ed out? On Wed, Nov 5, 2008 at 6:35 PM, Michael Condon <admin () singulartechnologysolutions com> wrote:
When I run a simple sqlmap command (which is shown similarly in their doc):python sqlmap.py -u http://www.domain.com/page.php -v 2 I receive the following error: all testable parameters are not present within the GET, POST and Cookie parameters. What am I misunderstanding/doing wrong? Other than that, does anyone know of a good Win32 SQL Injection testing tool? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
-- Anthony, ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- SQLMAP Michael Condon (Nov 06)
- Re: SQLMAP Anthony Cicalla (Nov 06)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Bojan Zdrnja (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Taras P. Ivashchenko (Nov 18)
- Re: SQLMAP Anthony Cicalla (Nov 19)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Anthony Cicalla (Nov 06)