Re: [sqlmap-users] Trouble with "json" like data
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Trouble with "json" like data
|
From: Miroslav S. <mir...@gm...> - 2014-02-24 21:52:21
|
Dear Louis. >From when are JSON string values enclosed with single quotes? Please go to the: http://www.json.org/ and study the official JSON forms/structures. Kind regards, Miroslav Stampar On Mon, Feb 24, 2014 at 8:29 PM, <Lou...@be...> wrote: > Hi, > > > > I saw a couple messages saying sqlmap should support json post data now. > However, I'm having trouble with a pretty simple payload. I'm using the > following request that I extracted from Burp and censored a bit : > > > > POST /SomeUrl/ HTTP/1.1 > > Host: www.SomeUrl.org.uk > > Proxy-Connection: keep-alive > > Content-Length: 28 > > Accept: application/json, text/javascript, */*; q=0.01 > > Origin: http://www. SomeUrl.org.uk > > X-Requested-With: XMLHttpRequest > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/33.0.1750.117 Safari/537.36 > > Content-Type: application/json; charset=UTF-8 > > Referer: http://www. SomeUrl.org.uk/ > > Accept-Encoding: gzip,deflate,sdch > > Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 > > Cookie: SomeCookies > > Connection: close > > > > {'address':'peanut'} > > > > I tried using "sqlmap -r request" or "sqlmap -r request -p address" or > with -p "peanut". I also tried adding $$ before and after peanut and trying > with -sufix and -prefix to no avail. > > > > I also tried a full command line without using the raw request like this > (and multiple variant) : > > > > python sqlmap.py -u "http://www.someurl.co.uk" --data > "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" > > > > Whatever I'm doing, I'm ending up with a message like : > > > > [14:27:08] [INFO] target URL is stable > > [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided > data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') > > > > Or > > > > [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' > > [14:27:47] [CRITICAL] all testable parameters you provided are not present > within the given request data > > > > I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies > with GIT. > > > > Can you help me ? > > > > Thanks > > > > Louis > > > > > > > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
