Hi.
Those parenthesis inside are indeed looking like they are "tainting" the
parameter value. Nevertheless, they are a valid parameter value and hence
with the latest commit (r4745), you'll be presented with this kind of
message:
[10:10:46] [WARNING] it appears that you have provided tainted parameter
values ('id=1'') with most probably leftover chars from manual sql
injection tests (;()') or non-valid numerical value. Please, always use
only valid parameter values so sqlmap could be able to properly run
Are you sure you want to continue? [y/N]
where you'll be able to choose by yourself if you want to continue or not.
Kind regards,
Miroslav Stampar
On Mon, Feb 13, 2012 at 5:15 PM, garthoid <garth...@gmail.com> wrote:
> Hi,
>
> I am encountering this message since my last update of Sqlmap. Version
> 0.9 does not encounter this problem with the same request.
>
> [10:56:28] [INFO] parsing HTTP request from './dump/save.txt'
> [10:56:28] [CRITICAL] you have provided tainted parameter values
> ('amp;icon=stuff.gif</thumbnail><someItem><item id="gate"
> value="/something.cgi"/><item id="report" value="stID(') with most
> probably leftover chars from manual sql injection tests (;()') or
> non-valid numerical value. Please, always use only valid parameter
> values so sqlmap could be able to properly run
>
>
> Here is the fragment that it is complaining about:
>
> &deficon=stuff.gif</thumbnail><someItem><item id="gate"
> value="/something.cgi"/><item id="report"
> value="stID("iC15DBE0F9A7E4F3E86EE5DA47D5A31DC")"/>
>
> Here is the version I am running:
>
> sqlmap/1.0-dev (r4744)
>
> The original request was captured with Burp. It was a clean test with
> no injection or other manipulation happening at that time.
>
> Thoughts?
>
> Thanks in advance,
> Garth
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
