Re: [sqlmap-users] how to send post request as safeurl
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] how to send post request as safeurl
|
From: Miroslav S. <mir...@gm...> - 2015-04-22 13:37:58
|
I'll just repeat a sentence from your original message: "Is there any possibility to supply a post request to safeurl?" Bye On Wed, Apr 22, 2015 at 2:29 PM, Vojtěch Polášek <kr...@gm...> wrote: > Hi, > I tried your new --safe-post and it doesn't seem to fullfill my needs. I > need to submit in this url same cookies as in requests for SQL injection > etc. Would it be possible to provide something like --safe-request and read > request from a file? > Thanks, > Vojta > > > On 20.4.2015 23:56, Miroslav Stampar wrote: > > Done (usage e.g. --safe-url=... --safe-post="foo=bar&..."). > > Bye > > On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> Pushing the patch in couple of hours. >> >> Bye >> >> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry <bpe...@gm... >> > wrote: >> >>> Ah, good point. Hadn't thought about that. Also, requiring a POST >>> request does make it difficult. >>> >>> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe <hoo...@gm...> >>> wrote: >>> >>>> I dont think second order option will work as that is specifiing >>>> where to look for injection results, which might result in your underlying >>>> injection failing if the results are not to be found there. >>>> >>>> There is however options in latest version that appear to be for just >>>> this type of situation (although I personally haven't used them just yet): >>>> --safe-url=SAFURL URL address to visit frequently during testing >>>> --safe-freq=SAFREQ Test requests between two visits to a given >>>> safe URL >>>> >>>> I believe this will ensure your session remains active during scan. >>>> >>>> There is also the options for CSRF tokens to be snagged and parsed via: >>>> --csrf-token=CSR.. Parameter used to hold anti-CSRF token >>>> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token >>>> >>>> In case the csrf token needs to be refreshed for each injection (when >>>> injecting into forms and other typical POST injections and such). >>>> >>>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry < >>>> bpe...@gm...> wrote: >>>> >>>>> However, that being said, I have run into this before and had to write >>>>> my own exploits to fully exploit the vulnerability. >>>>> >>>>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry < >>>>> bpe...@gm...> wrote: >>>>> >>>>>> There is a second order parameter, it could be used to perform this. >>>>>> It would be requested after ever injected request were sent. >>>>>> >>>>>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <kr...@gm...> >>>>>> wrote: >>>>>> >>>>>>> Greetings, >>>>>>> I am testing an application which I suspect to log me out if I don't >>>>>>> send certain post request in certain time interval. >>>>>>> Is this possible to do with Sqlmap? I know that there is a parameter >>>>>>> which lets me to run any python code before every request. But it is >>>>>>> not >>>>>>> so nice, let's say. >>>>>>> Is there any possibility to supply a post request to safeurl? Is >>>>>>> there >>>>>>> anything like this planed? >>>>>>> Thank you very much, >>>>>>> Vojta >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>>>>>> Develop your own process in accordance with the BPMN 2 standard >>>>>>> Learn Process modeling best practices with Bonita BPM through live >>>>>>> exercises >>>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >>>>>>> event?utm_ >>>>>>> >>>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>>>>>> _______________________________________________ >>>>>>> sqlmap-users mailing list >>>>>>> sql...@li... >>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> http://volatile-minds.blogspot.com -- blog >>>>>> http://www.volatileminds.net -- website >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> http://volatile-minds.blogspot.com -- blog >>>>> http://www.volatileminds.net -- website >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>>>> Develop your own process in accordance with the BPMN 2 standard >>>>> Learn Process modeling best practices with Bonita BPM through live >>>>> exercises >>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >>>>> event?utm_ >>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >>> >>> ------------------------------------------------------------------------------ >>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >>> Develop your own process in accordance with the BPMN 2 standard >>> Learn Process modeling best practices with Bonita BPM through live >>> exercises >>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- >>> event?utm_ >>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exerciseshttp://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > _______________________________________________ > sqlmap-users mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live > exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- > event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
