Hi,

I am encountering this message since my last update of Sqlmap. Version
0.9 does not encounter this problem with the same request.

[10:56:28] [INFO] parsing HTTP request from './dump/save.txt'
[10:56:28] [CRITICAL] you have provided tainted parameter values
('amp;icon=stuff.gif</thumbnail><someItem><item id="gate"
value="/something.cgi"/><item id="report" value="stID(') with most
probably leftover chars from manual sql injection tests (;()') or
non-valid numerical value. Please, always use only valid parameter
values so sqlmap could be able to properly run


Here is the fragment that it is complaining about:

&amp;deficon=stuff.gif</thumbnail><someItem><item id="gate"
value="/something.cgi"/><item id="report"
value="stID(&quot;iC15DBE0F9A7E4F3E86EE5DA47D5A31DC&quot;)"/>

Here is the version I am running:

sqlmap/1.0-dev (r4744)

The original request was captured with Burp. It was a clean test with
no injection or other manipulation happening at that time.

Thoughts?

Thanks in advance,
Garth

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to