Re: [sqlmap-users] sql injection without URL Parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sql injection without URL Parameter
|
From: Carlos G. V. <car...@gm...> - 2010-09-27 16:57:11
|
Testing. So far, no problems. This option will open a wide range of possibilities, cos i'm finding a lot of web applications that uses friendly urls; this is the product of a "human friendly" logic business layer. Thanks again Miroslav. If i can help with something, just ask. -- --------8<-------- Carlos Gabriel Vergara http://www.ThorSecurity.com.ar PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp -------->8-------- 2010/9/24 Miroslav Stampar <mir...@gm...>: > Hi. > > With the latest SVN commit you can exploit path injections by issuing > a command to sqlmap as: > > ./sqlmap.py -u "http://www.site.com/somewhere/1*/" > > Notice that * mark inside of path. That's new in sqlmap. So, please > update to latest version from our SVN repository and report if you > notice any problems. > > Kind regards. > > On Fri, Jul 16, 2010 at 1:08 AM, Christoph A. <ca...@gm...> wrote: >> Hi, >> >> is there a way to tell sqlmap that it should exploit an sql injection >> flaw within the URL (no parameters)? >> >> E.g. >> >> example.com/folder/1 >> example.com/folder/1+union+select... >> >> >> As the page requires authentication I specify also the --cookie parameter. >> sqlmap seams only to test cookie fields and as there is no URL parameter >> (eg. ..?id=1) I can't use the -p option. >> >> kind regards, >> christoph >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Sprint >> What will you do first with EVO, the first 4G phone? >> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > > ------------------------------------------------------------------------------ > Nokia and AT&T present the 2010 Calling All Innovators-North America contest > Create new apps & games for the Nokia N8 for consumers in U.S. and Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
