Re: [sqlmap-users] Inject in one parameter and increment another
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Inject in one parameter and increment another
|
From: Brandon P. <bpe...@gm...> - 2016-08-18 19:07:55
|
You can write a burp rule that rewrites a specific value that you set in the SOAP body with an incrementing integer as sqlmap is exploiting the sqlinjection (it wouldn’t realize the parameter needed to be incremented). You can use —proxy to send sqlmap through burp. > On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <ri...@gm...> wrote: > > I have a SOAP POST request where two different should be unique. One > is an Email and another UserID. > Is there a way to inject on Email having the email domain (e.g. > @gmail.com) as a suffix and increment the UserID parameter (e.g. > starting from 100)? > > Thanks! > Ricardo Iramar > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
