Hello everyone, I have an application that is injectable using the 'x-forwarded-for' custom HTTP header. While I can specify it with --headers, I can't seem to find a way to use it as an injection point:
C:\sqlmap>python sqlmap.py -u "http://www.example.com/index.php"; --headers "x-for warded-for: 1" --level 5 --risk 3 --dbms mysql --threads 10 -p "x-forwarded-for" sqlmap/1.0-dev (r5112) - automatic SQL injection and database takeover tool http://www.sqlmap.org [10:50:04] [CRITICAL] all testable parameters you provided are not present within the GET, POST and Cookie parameters Is that expected behavior or am I missing something? Thank you, Anton ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
