I've never been very successful using sqlmap, perhaps someone can help
point out what I'm missing. For example, when using IBM's intentionally
vulnerable test web app http://demo.testfire.com/ I manually verified that
the uid parameter in login.aspx is vulnerable to SQLi (using the payload
admin' or 1=1;--). I saved the login request to a file via burp and ran
./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST
parameter 'uid' is not injectable". What am I doing wrong?
thanks,
-G
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
