Re: [sqlmap-users] how to send post request as safeurl
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] how to send post request as safeurl
|
From: Vojtěch P. <kr...@gm...> - 2015-04-20 20:43:54
|
Definitelly, thank you for your lightning response. Vojta On 20.4.2015 22:35, Miroslav Stampar wrote: > --safe-post > > is it ok? > > On Mon, Apr 20, 2015 at 10:33 PM, Vojtěch Polášek <kr...@gm... > <mailto:kr...@gm...>> wrote: > > Okay, thanks and what is exactly going to be added? > Thanks, > Vojta > > > On 20.4.2015 22:26, Miroslav Stampar wrote: >> Pushing the patch in couple of hours. >> >> Bye >> >> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry >> <bpe...@gm... <mailto:bpe...@gm...>> wrote: >> >> Ah, good point. Hadn't thought about that. Also, requiring a >> POST request does make it difficult. >> >> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe >> <hoo...@gm... <mailto:hoo...@gm...>> wrote: >> >> I dont think second order option will work as that is >> specifiing where to look for injection results, which >> might result in your underlying injection failing if the >> results are not to be found there. >> >> There is however options in latest version that appear to >> be for just this type of situation (although I personally >> haven't used them just yet): >> --safe-url=SAFURL URL address to visit frequently >> during testing >> --safe-freq=SAFREQ Test requests between two visits >> to a given safe URL >> >> I believe this will ensure your session remains active >> during scan. >> >> There is also the options for CSRF tokens to be snagged >> and parsed via: >> --csrf-token=CSR.. Parameter used to hold anti-CSRF >> token >> --csrf-url=CSRFURL URL address to visit to extract >> anti-CSRF token >> >> In case the csrf token needs to be refreshed for each >> injection (when injecting into forms and other typical >> POST injections and such). >> >> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry >> <bpe...@gm... >> <mailto:bpe...@gm...>> wrote: >> >> However, that being said, I have run into this before >> and had to write my own exploits to fully exploit the >> vulnerability. >> >> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry >> <bpe...@gm... >> <mailto:bpe...@gm...>> wrote: >> >> There is a second order parameter, it could be >> used to perform this. It would be requested after >> ever injected request were sent. >> >> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek >> <kr...@gm... <mailto:kr...@gm...>> wrote: >> >> Greetings, >> I am testing an application which I suspect >> to log me out if I don't >> send certain post request in certain time >> interval. >> Is this possible to do with Sqlmap? I know >> that there is a parameter >> which lets me to run any python code before >> every request. But it is not >> so nice, let's say. >> Is there any possibility to supply a post >> request to safeurl? Is there >> anything like this planed? >> Thank you very much, >> Vojta >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at >> 10am PDT/1PM EDT >> Develop your own process in accordance with >> the BPMN 2 standard >> Learn Process modeling best practices with >> Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am >> PDT/1PM EDT >> Develop your own process in accordance with the BPMN >> 2 standard >> Learn Process modeling best practices with Bonita BPM >> through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through >> live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live > exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
