Hi Anastasios.

As ";" (semicolon) is not a standard character used for splitting
parameter values inside GET string (there could be ambiguities in case
of containment of both characters & and ;), introduction of explicit
option was needed.

Good thing is that there was already a parameter named --cookie-del,
and now with the latest commit it was upgraded to a more generic form
(--param-del).

Hence, in your case, you should be able to "deal" with your case by
using --param-del=";".

Kind regards,
Miroslav Stampar

On Thu, Oct 6, 2011 at 8:24 AM, Anastasios Monachos
<anastasi...@gmail.com> wrote:
> Hello guys, recently came accross the following
>
> $ ./sqlmap.py -u
> "http://site/cgi-bin/abc.cgi?action=view_a;id=18;aid=1"; -p aid
> --dbms=mysql --is-dba
>
>    sqlmap/1.0-dev (r4395) - automatic SQL injection and database takeover tool
>    http://www.sqlmap.org
>
> [!] legal disclaimer: usage of sqlmap for attacking targets without
> prior mutual consent is illegal. It is the end user's responsibility
> to obey all applicable local, state and federal laws. Authors assume
> no liability and are not responsible for any misuse or damage caused
> by this program
>
> [*] starting at 04:12:54
>
> [04:12:54] [WARNING] the testable parameter 'aid' you provided is not
> inside the GET
> [04:12:54] [CRITICAL] all testable parameters you provided are not
> present within the GET, POST and Cookie parameters
>
> [*] shutting down at 04:12:54
>
>
> sqlmap executed successfully when substituted ";" with "&":
>
> $ ./sqlmap.py -u
> "http://site/cgi-bin/abc.cgi?action=view_a&id=18&aid=1"; -p aid
> --dbms=mysql --is-dba
>
>
> Trust you will fix this :)
> thanks
>
>
> --
> AM (secuid0)
> Key ID: 0x5EB17EE7
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to