url_rewrite 这个问题 国内外的坛子里都有人问。
D:\cygwin\pentest\database\sqlmap\doc \faq.pdf
下面是官方给的解答。
1.15 How to use sqlmap with mod_rewrite enabled?
Append an
asterisk, *, to the place where sqlmap should check for injections in
URI
itself. For example, ./sqlmap.py -u "http://target.tld/id1/1*/id2/2",
sqlmap
will inject its payloads at that place marked with * character. This
feature
also applies to POST data. Multiple injection points are supported and
will
be assessed sequentially.
哪里存在注入就加上 * 号
./sqlmap.py -u "http://www.cunlide.com/id1/1*/id2/2