Re: [sqlmap-users] Problem/confusion with wildcard in url
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Problem/confusion with wildcard in url
|
From: Chris O. <chr...@gm...> - 2012-01-05 14:46:32
|
-p will definitely work, no need for * when it's not rewritten URLs. Not sure if that counts as a bug therefore... so in the meantime, just use -p Chris On 5 January 2012 13:53, Gianluca Brindisi <g...@br...> wrote: > Hello, > if I provide an URL with * like this: > > http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= > > sqlmap don't recognize valid get param in the urls: > > [15:34:23] [WARNING] you've provided target url without any GET parameters > (e.g. www.site.com/article.php?id=1) and without providing any POST > parameters through --data option > do you want to try URI injections in the target url itself? [Y/n/q] > > But looks like it inject correctly where I placed the wildcard. > > Instead without * everything is working fine as usual. > So I am not sure if it's this some sort of bug or it's me misusing the * > option (i.e. if the url is not rewrote I should just use -p id). > > Thanks, > Gianluca Brindisi > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
