Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Skipping URI Path params #5560

Closed
bararchy opened this issue Oct 30, 2023 · 3 comments
Closed

Skipping URI Path params #5560

bararchy opened this issue Oct 30, 2023 · 3 comments

Comments

@bararchy
Copy link

SQLMap version 1.7.10

sqlmap --timeout=3600 --disable-coloring --method=GET -u 'http://127.0.0.1:9999/age/30*' --batch --flush-session --fresh-queries --banner --risk=3 --level=3 '--ignore-code=*' --answers=follow=N,inside=Y,continue=Y,those=N,non-custom=Y --results-file=/dev/null --data=  -H 'Host: 127.0.0.1:9999' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0' -H 'Age: 30' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache'

SQLmap just returns:

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[14:14:38] [INFO] flushing session file
[14:14:38] [INFO] testing connection to the target URL
[14:14:38] [INFO] checking if the target is protected by some kind of WAF/IPS
[14:14:38] [INFO] testing if the target URL content is stable
[14:14:38] [INFO] target URL content is stable
other non-custom parameters found. Do you want to process them too? [Y/n/q] N
[14:14:38] [INFO] skipping URI parameter '#1*'
[14:14:38] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'

[*] ending @ 14:14:38 /2023-10-30/

Skipping the PATH params without checking it.

@amya-eng
Copy link

I have this problem to.

@amya-eng
Copy link

Don't know how to resolve it.

@stamparm
Copy link
Member

@amya-eng of course you do. this is the EXACT run as in the original issue:

image

Wendlg0 pushed a commit to Wendlg0/sqlmap that referenced this issue May 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants