Re: [sqlmap-users] Rewritten URLs
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Rewritten URLs
|
From: Miroslav S. <mir...@gm...> - 2011-05-05 08:10:30
|
hi Adrian. have you tried to scan like this: ./sqlmap.py -u "http://www.example.com/news/99*" that * mark will point sqlmap to scan for sql injection inside the URI itself. kr On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis <bra...@gm...> wrote: > Hi All, > Hoping you might have some insight here. I've been using SQLMap for a while > and it's fantastic, very promptly updated too, been watching the list for a > while :) > Ran into a case a while back where the client was using rewritten URLs i.e. > rather than http://www.example.com/index.php?id=99 the URL was > http://www.example.com/news/99 > The ID field was vuln to SQLi but there was an automatic redirect > (unconditional) if I used the full URI (index.php... etc). > Tried to use SQLMap to have a go at it but it didnt seem up to it. Is this > by design or is there a way this could be altered in some way? > > Cheers! > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
