Re: [sqlmap-users] Rewritten URLs
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Rewritten URLs
|
From: Adrian L. <bra...@gm...> - 2011-05-05 10:36:55
|
Ahh, wasnt aware of that. I'll give it a go and report back. Cheers On Thu, May 5, 2011 at 9:10 AM, Miroslav Stampar <mir...@gm... > wrote: > hi Adrian. > > have you tried to scan like this: > > ./sqlmap.py -u "http://www.example.com/news/99*" > > that * mark will point sqlmap to scan for sql injection inside the URI > itself. > > kr > > On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis <bra...@gm...> wrote: > > Hi All, > > Hoping you might have some insight here. I've been using SQLMap for a > while > > and it's fantastic, very promptly updated too, been watching the list for > a > > while :) > > Ran into a case a while back where the client was using rewritten URLs > i.e. > > rather than http://www.example.com/index.php?id=99 the URL was > > http://www.example.com/news/99 > > The ID field was vuln to SQLi but there was an automatic redirect > > (unconditional) if I used the full URI (index.php... etc). > > Tried to use SQLMap to have a go at it but it didnt seem up to it. Is > this > > by design or is there a way this could be altered in some way? > > > > Cheers! > > > ------------------------------------------------------------------------------ > > WhatsUp Gold - Download Free Network Management Software > > The most intuitive, comprehensive, and cost-effective network > > management toolset available today. Delivers lowest initial > > acquisition cost and overall TCO of any competing solution. > > http://p.sf.net/sfu/whatsupgold-sd > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Adrian Lewis |
