Penetration Testing mailing list archives
Re: SQLMAP
From: "Michael Condon" <admin () singulartechnologysolutions com>
Date: Sun, 9 Nov 2008 16:34:14 -0600
I've tried it on both Windows and BackTrack. With sqlmap -u http://www.somepage.com/logon.php?email=1, I get the response: unable to connect to the target url or proxy----- Original Message ----- From: "Bojan Zdrnja" <bojan.zdrnja () gmail com>
To: "Michael Condon" <admin () singulartechnologysolutions com> Cc: <pen-test () securityfocus com> Sent: Friday, November 07, 2008 3:50 AM Subject: Re: SQLMAP
Michael, On Thu, Nov 6, 2008 at 3:35 AM, Michael Condon <admin () singulartechnologysolutions com> wrote:When I run a simple sqlmap command (which is shown similarly in their doc):python sqlmap.py -u http://www.domain.com/page.php -v 2 I receive the following error: all testable parameters are not present within the GET, POST and Cookie parameters. What am I misunderstanding/doing wrong?You have to give it a parameter to try SQL injection on. So, if the parameter that the page.php script accepts is "id", the command would look like this: $ python sqlmap.py -u "http://www.domain.com/page.php?id=1"Sqlmap will automatically try to inject SQL statements into the "id" parameter.Cheers, Bojan ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- SQLMAP Michael Condon (Nov 06)
- Re: SQLMAP Anthony Cicalla (Nov 06)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Bojan Zdrnja (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Taras P. Ivashchenko (Nov 18)
- Re: SQLMAP Anthony Cicalla (Nov 19)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Anthony Cicalla (Nov 06)