Re: [sqlmap-users] sql injection without URL Parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sql injection without URL Parameter
|
From: Miroslav S. <mir...@gm...> - 2010-09-24 09:33:27
|
Hi. With the latest SVN commit you can exploit path injections by issuing a command to sqlmap as: ./sqlmap.py -u "http://www.site.com/somewhere/1*/" Notice that * mark inside of path. That's new in sqlmap. So, please update to latest version from our SVN repository and report if you notice any problems. Kind regards. On Fri, Jul 16, 2010 at 1:08 AM, Christoph A. <ca...@gm...> wrote: > Hi, > > is there a way to tell sqlmap that it should exploit an sql injection > flaw within the URL (no parameters)? > > E.g. > > example.com/folder/1 > example.com/folder/1+union+select... > > > As the page requires authentication I specify also the --cookie parameter. > sqlmap seams only to test cookie fields and as there is no URL parameter > (eg. ..?id=1) I can't use the -p option. > > kind regards, > christoph > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B |
