Hi Anastasios. As ";" (semicolon) is not a standard character used for splitting parameter values inside GET string (there could be ambiguities in case of containment of both characters & and ;), introduction of explicit option was needed.
Good thing is that there was already a parameter named --cookie-del, and now with the latest commit it was upgraded to a more generic form (--param-del). Hence, in your case, you should be able to "deal" with your case by using --param-del=";". Kind regards, Miroslav Stampar On Thu, Oct 6, 2011 at 8:24 AM, Anastasios Monachos <anastasi...@gmail.com> wrote: > Hello guys, recently came accross the following > > $ ./sqlmap.py -u > "http://site/cgi-bin/abc.cgi?action=view_a;id=18;aid=1" -p aid > --dbms=mysql --is-dba > > sqlmap/1.0-dev (r4395) - automatic SQL injection and database takeover tool > http://www.sqlmap.org > > [!] legal disclaimer: usage of sqlmap for attacking targets without > prior mutual consent is illegal. It is the end user's responsibility > to obey all applicable local, state and federal laws. Authors assume > no liability and are not responsible for any misuse or damage caused > by this program > > [*] starting at 04:12:54 > > [04:12:54] [WARNING] the testable parameter 'aid' you provided is not > inside the GET > [04:12:54] [CRITICAL] all testable parameters you provided are not > present within the GET, POST and Cookie parameters > > [*] shutting down at 04:12:54 > > > sqlmap executed successfully when substituted ";" with "&": > > $ ./sqlmap.py -u > "http://site/cgi-bin/abc.cgi?action=view_a&id=18&aid=1" -p aid > --dbms=mysql --is-dba > > > Trust you will fix this :) > thanks > > > -- > AM (secuid0) > Key ID: 0x5EB17EE7 > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users