Re: [sqlmap-users] Inject in one parameter and increment another
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Inject in one parameter and increment another
|
From: Ricardo I. d. S. <ri...@gm...> - 2016-08-18 19:10:45
|
Great idea!!! Thanks!!! :) I'll try and let you know the results. On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry <bpe...@gm...> wrote: > You can write a burp rule that rewrites a specific value that you set in the SOAP body with an incrementing integer as sqlmap is exploiting the sqlinjection (it wouldn’t realize the parameter needed to be incremented). > > You can use —proxy to send sqlmap through burp. > >> On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <ri...@gm...> wrote: >> >> I have a SOAP POST request where two different should be unique. One >> is an Email and another UserID. >> Is there a way to inject on Email having the email domain (e.g. >> @gmail.com) as a suffix and increment the UserID parameter (e.g. >> starting from 100)? >> >> Thanks! >> Ricardo Iramar >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
