Re: [sqlmap-users] sql injection without URL Parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sql injection without URL Parameter
|
From: Miroslav S. <mir...@gm...> - 2010-07-16 08:24:51
|
Sorry, nay again :). It shouldn't be much of a work for that to implement, but right now all tests require a solid parameter (GET, POST, Cookie, UA). opened a feature request for this one (ticket #199). KR On Fri, Jul 16, 2010 at 1:08 AM, Christoph A. <ca...@gm...> wrote: > Hi, > > is there a way to tell sqlmap that it should exploit an sql injection > flaw within the URL (no parameters)? > > E.g. > > example.com/folder/1 > example.com/folder/1+union+select... > > > As the page requires authentication I specify also the --cookie parameter. > sqlmap seams only to test cookie fields and as there is no URL parameter > (eg. ..?id=1) I can't use the -p option. > > kind regards, > christoph > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |