Re: [sqlmap-users] Problem/confusion with wildcard in url
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Problem/confusion with wildcard in url
|
From: Gianluca B. <g...@br...> - 2012-01-06 00:25:51
|
Thanks guys! Il giorno 06/gen/2012 00:54, "Miroslav Stampar" <mir...@gm...> ha scritto: > Hi Gianluca. > > There was indeed a minor "glitch" regarding your case. Find it "patched" > with the latest commit (r4653). > > Kind regards, > Miroslav Stampar > > On Thu, Jan 5, 2012 at 2:53 PM, Gianluca Brindisi <g...@br...> wrote: > >> Hello, >> if I provide an URL with * like this: >> >> http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex= >> >> sqlmap don't recognize valid get param in the urls: >> >> [15:34:23] [WARNING] you've provided target url without any GET >> parameters (e.g. www.site.com/article.php?id=1) and without providing >> any POST parameters through --data option >> do you want to try URI injections in the target url itself? [Y/n/q] >> >> But looks like it inject correctly where I placed the wildcard. >> >> Instead without * everything is working fine as usual. >> So I am not sure if it's this some sort of bug or it's me misusing the * >> option (i.e. if the url is not rewrote I should just use -p id). >> >> Thanks, >> Gianluca Brindisi >> >> >> >> ------------------------------------------------------------------------------ >> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex >> infrastructure or vast IT resources to deliver seamless, secure access to >> virtual desktops. With this all-in-one solution, easily deploy virtual >> desktops for less than the cost of PCs and save 60% on VDI infrastructure >> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
