[sqlmap-users] Feature request: sqlmap URI injection
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Feature request: sqlmap URI injection
|
From: Andres T. A. <ata...@gm...> - 2011-04-28 12:05:42
|
Hello,
I'm new to the list so probably I'm going to ask for something that was
previously discussed. Anyway, I'm going to try :)
I wish to know if there are plans to support "URI sql injection" in the near
future. By URI injection i mean testing for sql injections on the URI
instead of attacking GET/POST/cookie parameters.I see at least 3 scenarios
where this feature should be required.
1- Its necessary to test URIsegments when a web application is developed
with frameworks like codeigniter, that disables GET parameters by default,
and forces some parameters to be retrieved from the URI , like http://host/*
class/method/value1/value2.*
*
The following snippet is an example of a vulnerable application that is
accessed as http://host/news/show/1
class news extends CI_Controller {
function show(id,param2) {
//do stuff..
$sql="select * from table where column='".$id.'";
$this->db->query($sql);
//....
}
}
On this scenario the attack should be performed against 'param1' for
example: http://host/news/show/param1'+OR+'a'='a/param2
The id parameter is manipulable however as far as i know its not supported
by default by sqlmap as a testable parameter.
*
2- Its also required when testing websites for sqlinjections and an URL
rewrite module is enabled, causing that parameter names are hidden to the
user
3- When the URI is not sanitized and is stored into a database for logging
purposes ( therefore the application becomes vulnerable at least to blind
timming sql attacks).
Thanks in advance,
Andres Tarasco
http://www.tarasco.org/security
|
