Re: [sqlmap-users] Feature request: sqlmap URI injection
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Feature request: sqlmap URI injection
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-04-28 18:23:50
|
Andres, On 28 Apr 2011, at 13:53, "Andres Tarascó Acuña" <ata...@gm...> wrote: Thanks David! so, to test sveral URI segments, i probable need to use something like: ./sqlmap.py -u http://host/path/chunk1*/chunk2* --data="postparameter=foo" is that right? Yes. what should i type into the "-p" parameter to check sql injections only against chunk2 (instead of attacking "postparameter" ? -p does not support URI "parameters". Run sqlmap with no -p and ctrl+c when the detection phase start again the post data - you will be prompted with a few options, skip to the next parameter is what you need, till sqlmap hits the URI snippet. Bernardo Damele A. G. This message was sent from a smartphone Thanks Andres 2011/4/28 Bernardo Damele A. G. <ber...@gm...> > Indeed, thanks David for replying. > I will update the user's manual with this feature at some point like > someone else pointed out. > > Cheers, > Bernardo Damele A. G. > > This message was sent from a smartphone > > On 28 Apr 2011, at 13:33, David Guimaraes <sk...@gm...> wrote: > > Use * character at param value: > > <http://vulnsite.com/vulnscript/1*/2>http://vulnsite.com/vulnscript/1*/2 > > 2011/4/28 Andres Tarascó Acuña < <ata...@gm...>ata...@gm...> > >> Hello, >> >> I'm new to the list so probably I'm going to ask for something that was >> previously discussed. Anyway, I'm going to try :) >> >> I wish to know if there are plans to support "URI sql injection" in the >> near future. By URI injection i mean testing for sql injections on the URI >> instead of attacking GET/POST/cookie parameters.I see at least 3 scenarios >> where this feature should be required. >> >> >> 1- Its necessary to test URIsegments when a web application is developed >> with frameworks like codeigniter, that disables GET parameters by default, >> and forces some parameters to be retrieved from the URI , like <http://host/> >> http://host/*class/method/value1/value2.* >> * >> The following snippet is an example of a vulnerable application that is >> accessed as <http://host/>http://host/news/show/1 >> >> class news extends CI_Controller { >> function show(id,param2) { >> //do stuff.. >> $sql="select * from table where column='".$id.'"; >> $this->db->query($sql); >> //.... >> } >> } >> On this scenario the attack should be performed against 'param1' for >> example: <http://host/news/show/param1'+OR+'a'='a/param2> >> http://host/news/show/param1'+OR+'a'='a/param2 >> The id parameter is manipulable however as far as i know its not supported >> by default by sqlmap as a testable parameter. >> >> * >> >> 2- Its also required when testing websites for sqlinjections and an URL >> rewrite module is enabled, causing that parameter names are hidden to the >> user >> >> 3- When the URI is not sanitized and is stored into a database for logging >> purposes ( therefore the application becomes vulnerable at least to blind >> timming sql attacks). >> >> >> >> >> Thanks in advance, >> >> >> >> Andres Tarasco >> <http://www.tarasco.org/security>http://www.tarasco.org/security >> >> >> ------------------------------------------------------------------------------ >> WhatsUp Gold - Download Free Network Management Software >> The most intuitive, comprehensive, and cost-effective network >> management toolset available today. Delivers lowest initial >> acquisition cost and overall TCO of any competing solution. >> <http://p.sf.net/sfu/whatsupgold-sd>http://p.sf.net/sfu/whatsupgold-sd >> _______________________________________________ >> sqlmap-users mailing list >> <sql...@li...>sql...@li... >> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
