Re: [sqlmap-users] Feature request: sqlmap URI injection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Feature request: sqlmap URI injection
|
From: David G. <sk...@gm...> - 2011-04-28 12:32:39
|
Use * character at param value: http://vulnsite.com/vulnscript/1*/2 2011/4/28 Andres Tarascó Acuña <ata...@gm...> > Hello, > > I'm new to the list so probably I'm going to ask for something that was > previously discussed. Anyway, I'm going to try :) > > I wish to know if there are plans to support "URI sql injection" in the > near future. By URI injection i mean testing for sql injections on the URI > instead of attacking GET/POST/cookie parameters.I see at least 3 scenarios > where this feature should be required. > > > 1- Its necessary to test URIsegments when a web application is developed > with frameworks like codeigniter, that disables GET parameters by default, > and forces some parameters to be retrieved from the URI , like > http://host/*class/method/value1/value2.* > * > The following snippet is an example of a vulnerable application that is > accessed as http://host/news/show/1 > > class news extends CI_Controller { > function show(id,param2) { > //do stuff.. > $sql="select * from table where column='".$id.'"; > $this->db->query($sql); > //.... > } > } > On this scenario the attack should be performed against 'param1' for > example: http://host/news/show/param1'+OR+'a'='a/param2 > The id parameter is manipulable however as far as i know its not supported > by default by sqlmap as a testable parameter. > > * > > 2- Its also required when testing websites for sqlinjections and an URL > rewrite module is enabled, causing that parameter names are hidden to the > user > > 3- When the URI is not sanitized and is stored into a database for logging > purposes ( therefore the application becomes vulnerable at least to blind > timming sql attacks). > > > > > Thanks in advance, > > > > Andres Tarasco > http://www.tarasco.org/security > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
