[sqlmap-users] POST Data parameter marking
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] POST Data parameter marking
|
From: Steve P. <ste...@gm...> - 2012-04-16 18:40:34
|
I have an app that has post data like this: loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E Which looks like this decoded: loginxml=<com.customcode> <username>asdf</username> <password>qwerty</password> </com.customcode> Is there a way to mark injection locations after the asdf and qwerty? The * method that works on the URL does not seem to work on POST data, nor does this format fit easily with the --param-del option. -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID E9E996C1 | |
