Hi everyone i google but nothing came up that was related to this, on  
OWASP scanner i had a sql injection alert and i try to test it with  
sqlmap but i got a error and nothing happens the program just escapes  
with this :

...



python sqlmap.py -u  
http://www.target.tk/inscritos.php?tipoInscricao=3&tipoDir=119%20AND%201=2
[1] 2816
[lol@whitehat sqlmap]$
     sqlmap/1.0-dev - automatic SQL injection and database takeover tool
     http://sqlmap.org

[*] starting at 20:38:36

[20:38:37] [INFO] testing connection to the target url
[20:38:37] [INFO] testing if the url is stable, wait a few seconds
[20:38:38] [INFO] url is stable
[20:38:38] [INFO] testing if GET parameter 'tipoInscricao' is dynamic
[20:38:39] [INFO] confirming that GET parameter 'tipoInscricao' is dynamic
[20:38:40] [INFO] GET parameter 'tipoInscricao' is dynamic
[20:38:40] [WARNING] reflective value(s) found and filtering out
[20:38:40] [WARNING] frames detected containing attacked parameter  
values. Please be sure to test those separately in case that attack on  
this page fails
[20:38:41] [ERROR] possible integer casting detected (e.g.  
tipoInscricao=(int)$_REQUEST('tipoInscricao')) at the back-end web  
application
do you want to skip those kind of cases (and save scanning time)? [y/N] y
bash: y: command not found

[1]+  Stopped                 python sqlmap.py -u  
http://www.target.tk/inscritos.php?tipoInscricao=3
[lol@whitehat sqlmap]$






------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to