Re: [sqlmap-users] Issue when using -p with JSON requests
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Issue when using -p with JSON requests
|
From: Miroslav S. <mir...@gm...> - 2013-03-27 13:53:38
|
Hi.
Just to have it officially here on ML. There were couple of problems
related. Now everything works as expected.
Kind regards,
Miroslav Stampar
On Tue, Mar 26, 2013 at 2:39 PM, Pieter de Boer <pi...@th...>wrote:
> Hi all,
>
> My colleague is having an issue with POST/GET behaviour with JSON
> requests in sqlmap/1.0-dev-64ba880. He asked me to forward this to the
> mailinglist:
>
>
> I have the following request which i load with the -l flag:
>
> --
> POST /blup?param=2 HTTP/1.1
> Host: http://test.tld
> User-Agent: Test
> Accept: application/json, text/javascript, */*; q=0.01
> Accept-Language: en-US,en;q=0.5
> Accept-Encoding: gzip, deflate
> Content-Type: application/json; charset=utf-8
> X-Requested-With: XMLHttpRequest
> Content-Length: 116
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
>
>
> {"jq":{"Search":false,"nd":1,"PageSize":50,"PageIndex":1,"SortIndex":"","SortOrder":"asc"}}
> --
>
> - If i do not specify a parameter with -p then sqlmap will happily test
> all parameters (including the ones in the URL) using HTTP POST requests
> with the JSON data.
>
> - If i enter 'N' at "JSON like data found in POST data. Do you want to
> process it? [Y/n/q] " then it will start to do HTTP GET requests for the
> parameters in the URL.
>
> - If i specify '-p param' then sqlmap will start to do HTTP GET requests
> and it will leave out the JSON data.
>
> If i do the same request from the command line:
>
> --
> sqlmap.py -u "http://test.tld/blup?param=2"
>
> --data="{"jqGridRequest":{"IsSearch":false,"nd":1364299479869,"PageSize":50,"PageIndex":1,"SortIndex":"","SortOrder":"asc"}}"
> -p param
> --
>
> Then sqlmap will not prompt me for "JSON like data found in POST data.
> Do you want to process it? [Y/n/q] " and it will test normally so it
> seems to be related to the JSON detection.
>
> Could you have a look at this behaviour and maybe fix sqlmap so that it
> will keep doing HTTP POST requests even when the JSON data is not
> processed?
>
>
> Thanks!
> Pieter
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel® Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
|
