Re: [sqlmap-users] How to augment --forms behaviour with default behaviour?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] How to augment --forms behaviour with default behaviour?
|
From: Miroslav S. <mir...@gm...> - 2015-10-28 13:04:59
|
With the latest commit you'll see something like this: --- [#1] form: POST http://testphp.vulnweb.com:80/search.php?test=query POST data: searchFor=&goButton=go do you want to test this form? [Y/n/q] > n URL 2: GET http://testphp.vulnweb.com:80/artists.php?artist=1 do you want to test this URL? [Y/n/q] > n --- Bye On Wed, Oct 28, 2015 at 1:56 PM, Miroslav Stampar < mir...@gm...> wrote: > This is not really the case. > > --- > > $ python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" > --forms --crawl=1 > _ > ___ ___| |_____ ___ ___ {1.0-dev-caafa37} > |_ -| . | | | .'| . | > |___|_ |_|_|_|_|__,| _| > |_| |_| http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 13:54:32 > > do you want to check for the existence of site's sitemap(.xml) [y/N] > [13:54:34] [INFO] starting crawler > [13:54:34] [INFO] searching for links with depth 1 > do you want to store crawling results to a temporary file for eventual > further processing with other tools [y/N] > > > [13:54:36] [INFO] sqlmap got a total of 4 targets > [#1] form: > POST http://testphp.vulnweb.com:80/search.php?test=query > POST data: searchFor=&goButton=go > do you want to test this form? [Y/n/q] > > n > [#2] form: > GET http://testphp.vulnweb.com:80/artists.php?artist=1 > do you want to test this form? [Y/n/q] > > n > [#3] form: > GET http://testphp.vulnweb.com:80/artists.php?artist=2 > do you want to test this form? [Y/n/q] > > n > [#4] form: > GET http://testphp.vulnweb.com:80/artists.php?artist=3 > do you want to test this form? [Y/n/q] > > n > > [*] shutting down at 13:54:47 > > --- > > > The only clumsy thing here is that everything is called "form" afterwards. > Will make a dirty patch for this in couple of mins. > > Bye > > On Wed, Oct 28, 2015 at 10:55 AM, David Wray <da...@se...> wrote: > >> Hi, >> >> It seems when using —crawl to spider a site, using —forms overrides >> normal behaviour, and hence ignores URL based variables. Is there a simple >> way to —crawl a site and test for both URL and forms based variables? In >> other words, to augment normal behaviour and —forms behaviour together. >> >> Thanks >> >> D >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
