Penetration Testing mailing list archives
Re: SQLMAP
From: "Bojan Zdrnja" <bojan.zdrnja () gmail com>
Date: Fri, 7 Nov 2008 10:50:01 +0100
Michael, On Thu, Nov 6, 2008 at 3:35 AM, Michael Condon <admin () singulartechnologysolutions com> wrote:
When I run a simple sqlmap command (which is shown similarly in their doc): python sqlmap.py -u http://www.domain.com/page.php -v 2 I receive the following error: all testable parameters are not present within the GET, POST and Cookie parameters. What am I misunderstanding/doing wrong?
You have to give it a parameter to try SQL injection on. So, if the parameter that the page.php script accepts is "id", the command would look like this: $ python sqlmap.py -u "http://www.domain.com/page.php?id=1" Sqlmap will automatically try to inject SQL statements into the "id" parameter. Cheers, Bojan ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- SQLMAP Michael Condon (Nov 06)
- Re: SQLMAP Anthony Cicalla (Nov 06)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- RE: SQLMAP Marvin Simkin (Nov 09)
- Re: SQLMAP Bojan Zdrnja (Nov 09)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Taras P. Ivashchenko (Nov 18)
- Re: SQLMAP Anthony Cicalla (Nov 19)
- Re: SQLMAP Michael Condon (Nov 09)
- Re: SQLMAP Anthony Cicalla (Nov 06)