Re: [sqlmap-users] Injection in Host: header
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection in Host: header
|
From: Miroslav S. <mir...@gm...> - 2011-12-20 12:40:57
|
Hi Anindya. With the latest commit (r4598) you should be able to do this (-p host). Kind regards, Miroslav Stampar On Mon, Dec 19, 2011 at 12:29 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > Sorry, but you'll have to wait a bit. Thing is that there is no easy > "patch" solution for it. > > Kind regards > > > On Sun, Dec 18, 2011 at 5:49 PM, A C <ani...@ya...>wrote: > >> I might be able to take a stab at hacking something up - where would I >> attempt to add this functionality? >> >> --Anindya >> >> ------------------------------ >> *From:* Miroslav Stampar <mir...@gm...> >> *To:* A C <ani...@ya...> >> *Cc:* "sql...@li..." < >> sql...@li...> >> *Sent:* Wednesday, December 14, 2011 11:03 AM >> *Subject:* Re: [sqlmap-users] Injection in Host: header >> >> Hi. >> >> This moment there isn't support for Host header. I won't promise anything >> but maybe it will be implemented these days. >> >> Kind regards >> >> On Mon, Dec 12, 2011 at 11:26 PM, A C <ani...@ya...>wrote: >> >> Hi sqlmap users, >> >> I've successfully used sqlmap to do wonderful things though parameters of >> web applications but I've recently come across an app which seems to have a >> possible injection flaw in the Host: header field. in other words, if I put >> a single quote (or other SQL) in the Host: header with my normal HTTP >> request, I will get back a MySQL error similar to the following: >> >> Error: <br />1064: You have an error in your SQL syntax; check the manual >> that c >> orresponds to your MySQL server version for the right syntax to use near >> 'ORDER >> BY pag_gr desc, pag_cat desc, pag_ide desc, sit_typ desc' at line 1 >> >> I'm can't seem to find a way to use sqlmap to perform its normal magic - >> is there a way to do this? >> >> Thanks! >> --Anindya >> >> >> ------------------------------------------------------------------------------ >> Learn Windows Azure Live! Tuesday, Dec 13, 2011 >> Microsoft is holding a special Learn Windows Azure training event for >> developers. It will provide a great way to learn Windows Azure and what it >> provides. You can attend the event by watching it streamed LIVE online. >> Learn more at http://p.sf.net/sfu/ms-windowsazure >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
