Re: [sqlmap-users] Inject in one parameter and increment another

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Currently there is no way. Will implement it when I catch time (
https://github.com/sqlmapproject/sqlmap/issues/1679).

Bye

On Thu, Aug 18, 2016 at 11:35 PM, Ricardo Iramar dos Santos <
ri...@gm...> wrote:

> I checked and burp replace feature doesn't have any kind of parameter
> to include a incremental number. :(
> I'll check mitmproxy.
>
> On Thu, Aug 18, 2016 at 4:10 PM, Ricardo Iramar dos Santos
> <ri...@gm...> wrote:
> > Great idea!!! Thanks!!! :)
> > I'll try and let you know the results.
> >
> > On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry
> > <bpe...@gm...> wrote:
> >> You can write a burp rule that rewrites a specific value that you set
> in the SOAP body with an incrementing integer as sqlmap is exploiting the
> sqlinjection (it wouldn’t realize the parameter needed to be incremented).
> >>
> >> You can use —proxy to send sqlmap through burp.
> >>
> >>> On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <
> ri...@gm...> wrote:
> >>>
> >>> I have a SOAP POST request where two different should be unique. One
> >>> is an Email and another UserID.
> >>> Is there a way to inject on Email having the email domain (e.g.
> >>> @gmail.com) as a suffix and increment the UserID parameter (e.g.
> >>> starting from 100)?
> >>>
> >>> Thanks!
> >>> Ricardo Iramar
> >>>
> >>> ------------------------------------------------------------
> ------------------
> >>> _______________________________________________
> >>> sqlmap-users mailing list
> >>> sql...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
>
> ------------------------------------------------------------
> ------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>

-- 
Miroslav Stampar
http://about.me/stamparm