Can you replace the (-) with %2d, it's hexadecimal representation? On Sat, Dec 10, 2011 at 8:22 AM, Bob Simonoff <b...@simonofffamily.com> wrote: > > I received this message: > > [23:28:33] [CRITICAL] you have provided tainted parameter values > (ncmb%26ShowMenu=-1) with most probably leftover chars from manual sql > injection tests (;()') or non-valid numerical value. Please, always use only > valid parameter values so sqlmap could be able to do a valid run. > > Here is a portion of the POSTed data that surrounds this parameter. > > fhdn%260=&fhdn%26=&ncmb%26ShowMenu=-1&fhdn%26isYahooGobutton=N > > The parameters were captured directly using burpsuite while I was running > the UI. I was performing no injection testing when this was captured. I > looked for each of the listed parameters in the posted data and they do not > appear. (note there are more parameters but I would rather send those > privately if possible). > > I am running a recent svn extract of the dev stream (1.0) > > Thanks > Bob > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >
-- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
