Re: [sqlmap-users] custom injection marker and eval
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] custom injection marker and eval
|
From: Miroslav S. <mir...@gm...> - 2013-08-20 14:43:49
|
Hi.
Short answer is no.
Long answer goes like this. In custom injection marker cases we don't care
about the request format (specifically parameter/value pairs). That is the
beauty of it. Hence, we can't provide an eval interface for those.
Kind regards,
Miroslav Stampar
On Aug 20, 2013 3:39 PM, "Sebastian Nerz" <seb...@sy...> wrote:
> Hi,
>
> is there a way to access the value of elements in eval-code, if custom
> injection markers are used?
>
> Why am I asking?
>
> ==
> $ ~/Downloads/sqlmap/sqlmap.py -u
> "http://localhost/test.php?argl=1*&foo=2" --eval="print dir()"
>
> [..]
>
> [*] starting at 15:37:51
>
> custom injection marking character ('*') found in option '-u'. Do you
> want to process it? [Y/n/q]
> [15:37:52] [INFO] testing connection to the target URL
> ['__builtins__']
> [15:37:52] [INFO] heuristics detected web page charset 'ascii'
> [..]
> ==
>
> Is there a way to access the parameters?
>
> Thanks!
>
> Sebastian
>
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
