Re: [sqlmap-users] Sqlmap missing a get param?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Sqlmap missing a get param?
|
From: Miroslav S. <mir...@gm...> - 2011-02-04 19:45:36
|
well, i am 99% sure that one parameter value is just overwritten by the other. in that case it doesn't matter if sqlmap handles parameters as dictionary. prove me wrong Pieter with some example :) i like people that prove me wrong (Steve was one of those with that newly found mssql server query delay payload) kr On Fri, Feb 4, 2011 at 8:37 PM, Miroslav Stampar <mir...@gm...> wrote: > well, as said, it's a dictionary. that means that it doesn't play well > with such "abominations" :) > > are you certain that one parameter value is not "overwritten" by the > other at the servers side. in server side programming (PHP, ASP) i > don't know how to handle such requests out of box. > > could you please post some examples just to experiment? > > kr > > On Fri, Feb 4, 2011 at 8:34 PM, Pieter de Boer <pi...@th...> wrote: >> On 02/04/11 19:06, Miroslav Stampar wrote: >>> >>> > From now (r3225) we are storing dictionary keys in the order of >>> appearance (OrderedDict principle). >>> >>> That means that if you have URL like ?rss=1&back=2&out=3&index=0 their >>> testing order will be the same as their order of appearance (rss, >>> back, out and index at the end). >> >> Hm, how does it handle URLs with the same parameter more than once? While >> perhaps a bit odd, I have seen such URLs in practice. >> >> -- >> Pieter >> >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > Alternate: miroslav.stampar (at) mail.ru > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com Alternate: miroslav.stampar (at) mail.ru PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
