Re: [sqlmap-users] POST Data parameter marking
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] POST Data parameter marking
|
From: Miroslav S. <mir...@gm...> - 2012-04-17 14:20:15
|
Hi Steve. Could you please test this with the latest r5004? Kind regards, Miroslav Stampar On Mon, Apr 16, 2012 at 8:45 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi Steve. > > As there were requests for this same feature before we'll try to implement > it these days. Will keep you posted. > > Kind regards, > Miroslav Stampar > > On Mon, Apr 16, 2012 at 8:40 PM, Steve Pinkham <ste...@gm...>wrote: > >> I have an app that has post data like this: >> >> >> loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E >> >> Which looks like this decoded: >> loginxml=<com.customcode> >> <username>asdf</username> >> <password>qwerty</password> >> </com.customcode> >> >> Is there a way to mark injection locations after the asdf and qwerty? >> The * method that works on the URL does not seem to work on POST data, >> nor does this format fit easily with the --param-del option. >> -- >> | Steven Pinkham, Security Consultant | >> | http://www.mavensecurity.com | >> | GPG public key ID E9E996C1 | >> >> >> >> ------------------------------------------------------------------------------ >> For Developers, A Lot Can Happen In A Second. >> Boundary is the first to Know...and Tell You. >> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! >> http://p.sf.net/sfu/Boundary-d2dvs2 >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
