Hi, I am encountering this message since my last update of Sqlmap. Version 0.9 does not encounter this problem with the same request.
[10:56:28] [INFO] parsing HTTP request from './dump/save.txt' [10:56:28] [CRITICAL] you have provided tainted parameter values ('amp;icon=stuff.gif</thumbnail><someItem><item id="gate" value="/something.cgi"/><item id="report" value="stID(') with most probably leftover chars from manual sql injection tests (;()') or non-valid numerical value. Please, always use only valid parameter values so sqlmap could be able to properly run Here is the fragment that it is complaining about: &deficon=stuff.gif</thumbnail><someItem><item id="gate" value="/something.cgi"/><item id="report" value="stID("iC15DBE0F9A7E4F3E86EE5DA47D5A31DC")"/> Here is the version I am running: sqlmap/1.0-dev (r4744) The original request was captured with Burp. It was a clean test with no injection or other manipulation happening at that time. Thoughts? Thanks in advance, Garth ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users