Greetings, I tried to verify Sqlmap's functionality by running it against Webgoat version 6.0.1. You can try it your self by using following request file. Just log in and replace cookie by valid one. ###start request file POST /WebGoat/attack?Screen=4&menu=1100 HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 Accept: */* Accept-Language: cs,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://localhost:8080/WebGoat/start.mvc Content-Length: 29 Cookie: JSESSIONID=replace Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
account_number=101&SUBMIT=Go! #end request file I am running git master of Sqlmap. Sqlmap detects SQL injection (boolean based blind Mysql), but no information gathering commands work (--dbs, --current-user...). I tried running with --hex or --no-cast, but no luck. What might be the problem? Thanks, Vojta ------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
