Specify parameters with SQLMAP

http://stackoverflow.com/questions/15654418/specify-parameters-with-sqlmap

sqlmap two parameters

http://localhost/vuln/test.php?feature=music&song=1

i want sqlmap to scan the parameter song so i tried these solutions

-u http://localhost/vuln/test.php?feature=music&song=1 --skip feature
-u http://localhost/vuln/test.php? --data="feature=music&song=1" -p song

Tried different variations by adding and removing quotes and equal signs , non worked. I even tried setting the --risk to --level to its maximum but it still fails to pick up the last parameter.

I will be very thankful if an expert can help me out with this. Thank you.

-----------------------

I have this problem too. I think sqlmap inject the first parameter. If you type :

-u http://localhost/vuln/test.php?feature=music&song=1

sqlmap will inject 'feature' parameter. To make it inject 'song' parameter you need to reorder the parameter as follows :

-u http://localhost/vuln/test.php?song=1&feature=music

Dont forget to add '&' between each parameter. It worked for me.

------------------------------

the p option can be used in the following way

--u "http://localhost/vuln/test.php?feature=music&song=1" -p song

-------------------------------

I have already triggered this type of problem. You can simply skip the 'feature' parameter. E.g -u http:// localhost/vuln/test.php?feature=music&song=1 --skip=feature and then certainly it will start testing the 'song' parameter.