[sqlmap-users] --method=GET vs. --data=
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] --method=GET vs. --data=
|
From: <bu...@gm...> - 2011-02-01 22:16:56
|
Hi, after testing some parameters via HTTP POST requests I wanted to execute the same test with GET request and changed only the --method= parameter from: ... -u http://foo --method=POST --data="a=b&c=d" ... to: ... -u http://foo --method=GET --data="a=b&c=d" ... I expected it to be equally to ... -u "http://foo?a=b&c=d" --method=GET ... or ... -u "http://foo?a=b&c=d" ... bit id does send POST requests. If --data= is used it seams always to result in POST requests regardless of the --method switch "--data=DATA Data string to be sent through POST" this rises the question: What do you need --method for if the absence of --data results in GET request and the presence of --data results in POST requests. I would propose the following behaviour: - remove the --method switch and make the method depending on the fact that --data switch was used or not OR - omit the --data switch and make the method solely depending on the --method switch (data would always be provided with the url even if it is POST) POST example: -u "http://foo?a=b&c=d" --method=POST GET example -u "http://foo?a=b&c=d" (no method switch => default method GET) let me know what you think about it. (no hurry for the actual implementation) |
