Re: [sqlmap-users] Problem/confusion with wildcard in url
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Problem/confusion with wildcard in url
|
From: Miroslav S. <mir...@gm...> - 2012-01-05 23:54:13
|
Hi Gianluca. There was indeed a minor "glitch" regarding your case. Find it "patched" with the latest commit (r4653). Kind regards, Miroslav Stampar On Thu, Jan 5, 2012 at 2:53 PM, Gianluca Brindisi <g...@br...> wrote: > Hello, > if I provide an URL with * like this: > > http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= > > sqlmap don't recognize valid get param in the urls: > > [15:34:23] [WARNING] you've provided target url without any GET parameters > (e.g. www.site.com/article.php?id=1) and without providing any POST > parameters through --data option > do you want to try URI injections in the target url itself? [Y/n/q] > > But looks like it inject correctly where I placed the wildcard. > > Instead without * everything is working fine as usual. > So I am not sure if it's this some sort of bug or it's me misusing the * > option (i.e. if the url is not rewrote I should just use -p id). > > Thanks, > Gianluca Brindisi > > > > ------------------------------------------------------------------------------ > Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex > infrastructure or vast IT resources to deliver seamless, secure access to > virtual desktops. With this all-in-one solution, easily deploy virtual > desktops for less than the cost of PCs and save 60% on VDI infrastructure > costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
