[sqlmap-users] User friendly url
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] User friendly url
|
From: Carlos G. V. <car...@gm...> - 2010-09-15 15:30:24
|
Hi! (Please, excuse my english) I've got a question about GET parameters; i looked into the mail achive and didn't find anything about telling sqlmap wich "parameter" to use when the site uses friendly urls. In my test enviroment i have this url: http://127.0.0.1/lookin-for-dog/1455/ The injectable part is "1455", wich looks like a path name. In fact, the parameter is "looking-for-dog", and the value is "1455". Testing with: http://127.0.0.1/lookin-for-dog/1455%20or%201%3d1/ (meaning http://127.0.0.1/lookin-for-dog/1455 or 1=1/) ...seems to work. When injecting something like "1455%27", a MySQL error appears. So i think the url it's injectable. The problem is that i can't pass this kind of parameter to sqlmap, or better say, i don't know how to pass it. Is there a workaround for this? Thanks in advance, -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- |
