Re: [sqlmap-users] Sqlmap failing with [CRITICAL] Unenclosed ' in '(SELECT (CASE WHEN (4277=4277) THEN ' ELSE 1/(SELECT 0) END))'

Miroslav Stampar Fri, 17 Jun 2011 15:06:58 -0700

hi and welcome all new users.

"I´m sending this parameters: a=b&c='&d='"

thing is that if you expect "this tool" to be able to do something
more than a mere error message parsing, first of all you'll have to
provide it with valid parameters (untainted with sql injection chars).

with the latest commit you'll be warned like this:

$ python sqlmap.py -u "www.test.com?id1=1'&id2=2)"

    sqlmap/1.0-dev (r4089) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Authors assume no liability and are not responsib
le for any misuse or damage caused by this program

[*] starting at 23:59:08

[23:59:08] [CRITICAL] you have provided parameters with most probably leftovers
from manual sql injection tests (;()'). please, remove them so sqlmap could be a
ble to do a valid run.

[*] shutting down at 23:59:08

kr

On Fri, Jun 17, 2011 at 8:00 PM, Miroslav Stampar
<miroslav.stam...@gmail.com> wrote:
> Hi andre.
>
> It looks to me like you haven't specified valid value for the affected
> parameter.
>
> Could you please send the value itself?
>
> Kr
>
> Sent from smartphone
>
> Sent from smartphone
>
> On 17.6.2011. 19:54, "André Silva" <andre...@gmail.com> wrote:
>> Hello,
>>
>> I´m scanning a url and i have tested with other tools and the
>> vulnerability
>> exists.
>>
>> The scan ends premature with this error:
>>
>> [CRITICAL] Unenclosed ' in '(SELECT (CASE WHEN (4277=4277) THEN ' ELSE
>> 1/(SELECT 0) END))'
>>
>> It looks me like a bug.
>>
>> Best regards,
>

-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
PGP Key ID: 0xB5397B1B

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] Sqlmap failing with [CRITICAL] Unenclosed ' in '(SELECT (CASE WHEN (4277=4277) THEN ' ELSE 1/(SELECT 0) END))'

Reply via email to