[sqlmap-users] feature request - random parameter data generation
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] feature request - random parameter data generation
|
From: Andres T. A. <ata...@gm...> - 2011-08-20 13:34:16
|
hi there! I would like to suggest a feature that I think many of you will find it useful. The idea is to allow sqlmap or an sqlmap tamper script to create random data on each request, against targeted parameters, to bypass unique key restrictions. afaik there is no way to achieve this with latest release. For example, a registration form, can trigger an sql injection that can only be exploited when some previous checks are bypassed, like some parameters being inserted into the database. Under these scenario, each request must contain unique data on some parameters to be able to attack the backend. Several "random data" generator could be supported, like integers,alphanumeric , and emails strings. Example: ./sqlmap.py -u http://host/register.php --data="login=a@a.com&pass=f00&lang=en" -p lang --random-email=login Its just an idea :) btw, without using the -p flag to target an specific parameter, is there any way to tell sqlmap to avoid testing a parameter? Thanks, Andres |
