Increase your --risk to 3. OR payloads aren't run on the default risk level
IIRC.
Sent from a computer
> On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gmad...@gmail.com> wrote:
>
> I've never been very successful using sqlmap, perhaps someone can help point
> out what I'm missing. For example, when using IBM's intentionally vulnerable
> test web app http://demo.testfire.com/ I manually verified that the uid
> parameter in login.aspx is vulnerable to SQLi (using the payload admin' or
> 1=1;--). I saved the login request to a file via burp and ran ./sqlmap.py -r
> CapturedRequestFile. Yet sqlmap still reports "POST parameter 'uid' is not
> injectable". What am I doing wrong?
>
> thanks,
> -G
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
