Re: [sqlmap-users] SQLi in parameter's name
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLi in parameter's name
|
From: mitchell <mit...@tu...> - 2013-03-30 23:19:23
|
So you have an option to inject wherever you want, but you want another option to inject "inside parameter names"? Maybe, I am missing something here... ~~ # m. On Thu, Mar 28, 2013 at 8:06 PM, Karel Marhoul <rez...@se...> wrote: > Hello, > > yes '*' works, but I have to put it behind parameter's name manually. I > wish there was an option to tell sqlmap to automatically try SQLi not > only inside parameter values but also inside parameter names. Is is > possible to add such functionality? > > Kind Regards > > Karel Marhoul > > On 28.3.2013 15:41, Miroslav Stampar wrote: > > Hi. > > > > Just use custom injection mark character. > > > > For example: > > > > python sqlmap.py -u "http://www.target.com/vuln.php?id*=1" > > > > will try to inject into the parameter name id. > > > > Kind regards, > > Miroslav Stampar > > > > On Wed, Mar 27, 2013 at 11:02 AM, a a <rez...@se... > > <mailto:rez...@se...>> wrote: > > > > Hello, > > > > During one assessment I have found the web application that is > > vulnerable to > > the SQL injection not in parameter values but in parameter names > itself. > > > > This is something sqlmap is unable to find. Is it possible to add > such > > functionality (e.g. by optional parameter) to sqlmap? > > > > Regards > > > > Karel Marhoul > > > > > ------------------------------------------------------------------------------ > > Own the Future-Intel® Level Up Game Demo Contest 2013 > > Rise to greatness in Intel's independent game demo contest. > > Compete for recognition, cash, and the chance to get your game > > on Steam. $5K grand prize plus 10 genre and skill prizes. > > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > <mailto:sql...@li...> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > > ------------------------------------------------------------------------------ > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
