Re: [sqlmap-users] A incorrectly identified "tainted" parameter

Sun, 11 Dec 2011 00:38:05 -0800 

Hi.

Thing is that in general negative parameter values are a leftover from
manual injection attempts causing problems in some cases. Hence the
warning/error message. Have you tried just to change that -1 value to 1 for
ShowMenu parameter?

Kind regards
On Dec 10, 2011 3:23 PM, "Bob Simonoff" <b...@simonofffamily.com> wrote:

> **
>
> I received this message:
>
> [23:28:33] [CRITICAL] you have provided tainted parameter values
> (ncmb%26ShowMenu=-1) with most probably leftover chars from manual sql
> injection tests (;()') or non-valid numerical value. Please, always use
> only valid parameter values so sqlmap could be able to do a valid run.
>
> Here is a portion of the POSTed data that surrounds this parameter.
>
> fhdn%260=&fhdn%26=&ncmb%26ShowMenu=-1&fhdn%26isYahooGobutton=N
>
> The parameters were captured directly using burpsuite while I was running
> the UI. I was performing no injection testing when this was captured. I
> looked for each of the listed parameters in the posted data and they do not
> appear. (note there are more parameters but I would rather send those
> privately if possible).
>
> I am running a recent svn extract of the dev stream (1.0)
>
> Thanks
> Bob
>
>
> ------------------------------------------------------------------------------
> Learn Windows Azure Live!  Tuesday, Dec 13, 2011
> Microsoft is holding a special Learn Windows Azure training event for
> developers. It will provide a great way to learn Windows Azure and what it
> provides. You can attend the event by watching it streamed LIVE online.
> Learn more at http://p.sf.net/sfu/ms-windowsazure
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to