Re: [sqlmap-users] Injection in non paremetrized URL
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection in non paremetrized URL
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-05-12 08:24:57
|
It's not possible yet. I will implement it in the long run. Cheers, Bernardo On Tue, May 12, 2009 at 09:06, Konrads Smelkovs <ko...@sm...> wrote: > Hello, > > What would be the best way in SQLmap to attempt to inject into eleemnts of > URL path, not parametrs. > Often, to achieve SEO web apps create meaningful paths,such as > http://www.cms.dom/company/boss/foo / Internally, it is rewritten by web > server (e.g. Apache rewrite) or handled as is (e.g. servlets). Somewhere > down, the SQL looks like SELECT * from contents WHERE > title="company~boss~foo" or similarly. How to inject those with SQLmap? > -- > Konrads Smelkovs > Applied IT sorcery. > > ------------------------------------------------------------------------------ > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK > i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
