On Thu, Jun 12, 2014 at 12:08 AM, Brandon Perry <bperry.volat...@gmail.com>
wrote:
> Increase your --risk to 3. OR payloads aren't run on the default risk
> level IIRC.
>
>
Hi Brandon,
Thanks but still no joy. Any other ideas?
-G
> Sent from a computer
>
> On Jun 11, 2014, at 3:29 PM, Gordon Madarm <gmad...@gmail.com> wrote:
>
> I've never been very successful using sqlmap, perhaps someone can help
> point out what I'm missing. For example, when using IBM's intentionally
> vulnerable test web app http://demo.testfire.com/ I manually verified
> that the uid parameter in login.aspx is vulnerable to SQLi (using the
> payload admin' or 1=1;--). I saved the login request to a file via burp and
> ran ./sqlmap.py -r CapturedRequestFile. Yet sqlmap still reports "POST
> parameter 'uid' is not injectable". What am I doing wrong?
>
> thanks,
> -G
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
