Re: [sqlmap-users] feature request - random parameter data generation
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] feature request - random parameter data generation
|
From: Andres T. A. <ata...@gm...> - 2011-08-29 15:17:56
|
Thanks for those great improvements. Andres El 29 de agosto de 2011 15:41, Miroslav Stampar <mir...@gm...>escribió: > hi again. > > with the last commit r4369 new switch "--skip" is added. > > e.g. --skip=ua > or > e.g. --skip=random-agent > or > e.g. --skip="ua,random-agent,id,id2" > > will make sqlmap explicit skip the testing of parameters provided this way > > kind regards > > 2011/8/20 Andres Tarascó Acuña <ata...@gm...>: > > hi there! > > > > I would like to suggest a feature that I think many of you will find it > > useful. The idea is to allow sqlmap or an sqlmap tamper script to create > > random data on each request, against targeted parameters, to bypass > unique > > key restrictions. afaik there is no way to achieve this with latest > > release. > > > > For example, a registration form, can trigger an sql injection that can > only > > be exploited when some previous checks are bypassed, like some parameters > > being inserted into the database. Under these scenario, each request > must > > contain unique data on some parameters to be able to attack the backend. > > > > Several "random data" generator could be supported, like > > integers,alphanumeric , and emails strings. > > Example: > > ./sqlmap.py -u http://host/register.php > > --data="login=a@a.com&pass=f00&lang=en" -p lang --random-email=login > > Its just an idea :) > > btw, without using the -p flag to target an specific parameter, is there > any > > way to tell sqlmap to avoid testing a parameter? > > > > Thanks, > > > > Andres > > > > > ------------------------------------------------------------------------------ > > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > > user administration capabilities and model configuration. Take > > the hassle out of deploying and managing Subversion and the > > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar > http://about.me/stamparm > |
