Hi everyone i google but nothing came up that was related to this, on OWASP scanner i had a sql injection alert and i try to test it with sqlmap but i got a error and nothing happens the program just escapes with this :
... python sqlmap.py -u http://www.target.tk/inscritos.php?tipoInscricao=3&tipoDir=119%20AND%201=2 [1] 2816 [lol@whitehat sqlmap]$ sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [*] starting at 20:38:36 [20:38:37] [INFO] testing connection to the target url [20:38:37] [INFO] testing if the url is stable, wait a few seconds [20:38:38] [INFO] url is stable [20:38:38] [INFO] testing if GET parameter 'tipoInscricao' is dynamic [20:38:39] [INFO] confirming that GET parameter 'tipoInscricao' is dynamic [20:38:40] [INFO] GET parameter 'tipoInscricao' is dynamic [20:38:40] [WARNING] reflective value(s) found and filtering out [20:38:40] [WARNING] frames detected containing attacked parameter values. Please be sure to test those separately in case that attack on this page fails [20:38:41] [ERROR] possible integer casting detected (e.g. tipoInscricao=(int)$_REQUEST('tipoInscricao')) at the back-end web application do you want to skip those kind of cases (and save scanning time)? [y/N] y bash: y: command not found [1]+ Stopped python sqlmap.py -u http://www.target.tk/inscritos.php?tipoInscricao=3 [lol@whitehat sqlmap]$ ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
