Penetration Testing mailing list archives
Re: SQLMAP
From: "Taras P. Ivashchenko" <naplanetu () gmail com>
Date: Wed, 19 Nov 2008 00:47:58 +0300
May be you are simply behind the proxy? On Sun, 2008-11-09 at 16:34 -0600, Michael Condon wrote:
I've tried it on both Windows and BackTrack. With sqlmap -u http://www.somepage.com/logon.php?email=1, I get the response: unable to connect to the target url or proxy ----- Original Message ----- From: "Bojan Zdrnja" <bojan.zdrnja () gmail com> To: "Michael Condon" <admin () singulartechnologysolutions com> Cc: <pen-test () securityfocus com> Sent: Friday, November 07, 2008 3:50 AM Subject: Re: SQLMAPMichael, On Thu, Nov 6, 2008 at 3:35 AM, Michael Condon <admin () singulartechnologysolutions com> wrote:When I run a simple sqlmap command (which is shown similarly in their doc): python sqlmap.py -u http://www.domain.com/page.php -v 2 I receive the following error: all testable parameters are not present within the GET, POST and Cookie parameters. What am I misunderstanding/doing wrong?You have to give it a parameter to try SQL injection on. So, if the parameter that the page.php script accepts is "id", the command would look like this: $ python sqlmap.py -u "http://www.domain.com/page.php?id=1" Sqlmap will automatically try to inject SQL statements into the "id" parameter. Cheers, Bojan ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
-- Тарас Иващенко (Taras Ivashchenko), OSCP ---- "Software is like sex: it's better when it's free." - Linus Torvalds
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SQLMAP Michael Condon (Nov 06)
- Re: SQLMAP Anthony Cicalla (Nov 06)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Bojan Zdrnja (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Taras P. Ivashchenko (Nov 18)
- Re: SQLMAP Anthony Cicalla (Nov 19)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Anthony Cicalla (Nov 06)