Re: [sqlmap-users] how to send post request as safeurl
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] how to send post request as safeurl
|
From: Vojtěch P. <kr...@gm...> - 2015-04-22 13:08:23
|
Well, so if I understand it right. Currently, --safe-url receives the URL to which the post request is going to be sent. --safe-post receives *only* POST data, no HTTP headers etc. There is no possibility to send some specific cookies or other HTTP headers currently with this safe thing. Am I right? Thanks for clarification. I am sorry if my description of problem wasn't exact enough. Vojta On 22.4.2015 14:52, Miroslav Stampar wrote: > I'll just repeat a sentence from your original message: > > "Is there any possibility to supply a post request to safeurl?" > > Bye > > On Wed, Apr 22, 2015 at 2:29 PM, Vojtěch Polášek <kr...@gm... > <mailto:kr...@gm...>> wrote: > > Hi, > I tried your new --safe-post and it doesn't seem to fullfill my > needs. I need to submit in this url same cookies as in requests > for SQL injection etc. Would it be possible to provide something > like --safe-request and read request from a file? > Thanks, > Vojta > > > On 20.4.2015 23:56, Miroslav Stampar wrote: >> Done (usage e.g. --safe-url=... --safe-post="foo=bar&..."). >> >> Bye >> >> On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar >> <mir...@gm... <mailto:mir...@gm...>> >> wrote: >> >> Pushing the patch in couple of hours. >> >> Bye >> >> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry >> <bpe...@gm... >> <mailto:bpe...@gm...>> wrote: >> >> Ah, good point. Hadn't thought about that. Also, >> requiring a POST request does make it difficult. >> >> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe >> <hoo...@gm... <mailto:hoo...@gm...>> wrote: >> >> I dont think second order option will work as that is >> specifiing where to look for injection results, which >> might result in your underlying injection failing if >> the results are not to be found there. >> >> There is however options in latest version that >> appear to be for just this type of situation >> (although I personally haven't used them just yet): >> --safe-url=SAFURL URL address to visit >> frequently during testing >> --safe-freq=SAFREQ Test requests between two >> visits to a given safe URL >> >> I believe this will ensure your session remains >> active during scan. >> >> There is also the options for CSRF tokens to be >> snagged and parsed via: >> --csrf-token=CSR.. Parameter used to hold >> anti-CSRF token >> --csrf-url=CSRFURL URL address to visit to >> extract anti-CSRF token >> >> In case the csrf token needs to be refreshed for each >> injection (when injecting into forms and other >> typical POST injections and such). >> >> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry >> <bpe...@gm... >> <mailto:bpe...@gm...>> wrote: >> >> However, that being said, I have run into this >> before and had to write my own exploits to fully >> exploit the vulnerability. >> >> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry >> <bpe...@gm... >> <mailto:bpe...@gm...>> wrote: >> >> There is a second order parameter, it could >> be used to perform this. It would be >> requested after ever injected request were sent. >> >> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch >> Polášek <kr...@gm... >> <mailto:kr...@gm...>> wrote: >> >> Greetings, >> I am testing an application which I >> suspect to log me out if I don't >> send certain post request in certain time >> interval. >> Is this possible to do with Sqlmap? I >> know that there is a parameter >> which lets me to run any python code >> before every request. But it is not >> so nice, let's say. >> Is there any possibility to supply a post >> request to safeurl? Is there >> anything like this planed? >> Thank you very much, >> Vojta >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th >> at 10am PDT/1PM EDT >> Develop your own process in accordance >> with the BPMN 2 standard >> Learn Process modeling best practices >> with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am >> PDT/1PM EDT >> Develop your own process in accordance with the >> BPMN 2 standard >> Learn Process modeling best practices with Bonita >> BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 >> standard >> Learn Process modeling best practices with Bonita BPM >> through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >> event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live > exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
