[sqlmap-users] Injection in non paremetrized URL
Brought to you by:
inquisb
From: Konrads S. <ko...@sm...> - 2009-05-12 08:06:20
|
Hello, What would be the best way in SQLmap to attempt to inject into eleemnts of URL path, not parametrs. Often, to achieve SEO web apps create meaningful paths,such as http://www.cms.dom/company/boss/foo / Internally, it is rewritten by web server (e.g. Apache rewrite) or handled as is (e.g. servlets). Somewhere down, the SQL looks like SELECT * from contents WHERE title="company~boss~foo" or similarly. How to inject those with SQLmap? -- Konrads Smelkovs Applied IT sorcery. |