Re: [sqlmap-users] Param in multi-part post has to change each request
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Param in multi-part post has to change each request
|
From: Brandon P. <bpe...@gm...> - 2013-10-12 22:39:43
|
Sure thing, thanks a bunch!
On Sat, Oct 12, 2013 at 2:48 PM, Miroslav Stampar <
mir...@gm...> wrote:
> Hi Brandon.
>
> There is no such feature (at least for multipart cases).
>
> Nevertheless, I would suggest you to patch (just for this case):
>
> lib/request/connect.py (line 225):
> + post = post.replace("[RANDSTR]", randomStr()) if post else post
>
> Afterwards, you can put a [RANDSTR] mark into the request file itself at
> the place where you want a random value to be.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Fri, Oct 11, 2013 at 5:23 PM, Brandon Perry <bpe...@gm...>wrote:
>
>> Hi, I have a request that posts multi-part form data to the server, and
>> one of the params is vulnerable to a sqli. However, another param must
>> change each request (can be totally random) and I am not sure how to
>> approach that. I am sure that a tamper script or something will be the
>> correct solution, just not sure how to approach it.
>>
>> Any thoughts or questions in case I did not explain it well? Basically, I
>> would like to replcae this param with a random uuid or something each
>> request.
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
|
