I'm trying to test a POST form against sql injection and I can't use -r argument for now, I need to provide request body with --data argument. I use \n for new lines and this is the command I want to execute:
sqlmap.py -u "http://example.com/registration.html" -p "profile[mail]" --risk="3" --method="POST" --data="--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[mail]
test
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[display_email]
1
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[mn_subscribe]
1
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[password]
3
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[password_repeat]
3
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[location]
3
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=security_code
http://www.example.com
--8fc66b7c8c934ec4affcd64e8555254e
Content-Disposition: form-data; name=profile[type]
3
" --user-agent="Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36" --cookie="PHPSESSID=examplecookie;rl_lang_front=gr" --headers="Host:example.com\nCache-Control:no-cache\nConnection:Keep-Alive\nReferer:http://example.com/registration.html\nAccept:text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\nAccept-Language:en-us,en;q=0.5\nX-Scanner:Netsparker\nAccept-Encoding:gzip, deflate\nContent-Length:1161\nContent-Type:multipart/form-data; boundary=8fc66b7c8c934ec4affcd64e8555254e" --dbms="MySQL"
I get this error when I run the command:
Multipart-like data found in POST data. Do you want to process it? [Y/n/q] y
[16:10:41] [CRITICAL] all testable parameters you provided are not present within the given request data
I guess there is something wrong with name=profile[email] part, I can't use double quotes, I have tried with single quotes and it's the same result. What am I doing wrong? I know I can use a request file but as I said it's not possible atm, I would like to do this directly via arguments if possible, thanks.
I'm trying to test a POST form against sql injection and I can't use -r argument for now, I need to provide request body with --data argument. I use \n for new lines and this is the command I want to execute:
I get this error when I run the command:
Multipart-like data found in POST data. Do you want to process it? [Y/n/q] y[16:10:41] [CRITICAL] all testable parameters you provided are not present within the given request data
I guess there is something wrong with name=profile[email] part, I can't use double quotes, I have tried with single quotes and it's the same result. What am I doing wrong? I know I can use a request file but as I said it's not possible atm, I would like to do this directly via arguments if possible, thanks.