Hello guys, recently came accross the following

$ ./sqlmap.py -u
"http://site/cgi-bin/abc.cgi?action=view_a;id=18;aid=1"; -p aid
--dbms=mysql --is-dba

    sqlmap/1.0-dev (r4395) - automatic SQL injection and database takeover tool
    http://www.sqlmap.org

[!] legal disclaimer: usage of sqlmap for attacking targets without
prior mutual consent is illegal. It is the end user's responsibility
to obey all applicable local, state and federal laws. Authors assume
no liability and are not responsible for any misuse or damage caused
by this program

[*] starting at 04:12:54

[04:12:54] [WARNING] the testable parameter 'aid' you provided is not
inside the GET
[04:12:54] [CRITICAL] all testable parameters you provided are not
present within the GET, POST and Cookie parameters

[*] shutting down at 04:12:54


sqlmap executed successfully when substituted ";" with "&":

$ ./sqlmap.py -u
"http://site/cgi-bin/abc.cgi?action=view_a&id=18&aid=1"; -p aid
--dbms=mysql --is-dba


Trust you will fix this :)
thanks


-- 
AM (secuid0)
Key ID: 0x5EB17EE7

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to