Re: [sqlmap-users] Inject in one parameter and increment another
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Inject in one parameter and increment another
|
From: Ricardo I. d. S. <ri...@gm...> - 2016-08-22 21:54:40
|
Thanks a lot! If there is a doc explaining a little about the sqlmap code structure maybe I can help with this feature. I know a little of python but in this case I think the biggest problem would be find the right part of sqlmap code to include/change. On Fri, Aug 19, 2016 at 6:19 AM, Miroslav Stampar <mir...@gm...> wrote: > Currently there is no way. Will implement it when I catch time > (https://github.com/sqlmapproject/sqlmap/issues/1679). > > Bye > > On Thu, Aug 18, 2016 at 11:35 PM, Ricardo Iramar dos Santos > <ri...@gm...> wrote: >> >> I checked and burp replace feature doesn't have any kind of parameter >> to include a incremental number. :( >> I'll check mitmproxy. >> >> On Thu, Aug 18, 2016 at 4:10 PM, Ricardo Iramar dos Santos >> <ri...@gm...> wrote: >> > Great idea!!! Thanks!!! :) >> > I'll try and let you know the results. >> > >> > On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry >> > <bpe...@gm...> wrote: >> >> You can write a burp rule that rewrites a specific value that you set >> >> in the SOAP body with an incrementing integer as sqlmap is exploiting the >> >> sqlinjection (it wouldn’t realize the parameter needed to be incremented). >> >> >> >> You can use —proxy to send sqlmap through burp. >> >> >> >>> On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos >> >>> <ri...@gm...> wrote: >> >>> >> >>> I have a SOAP POST request where two different should be unique. One >> >>> is an Email and another UserID. >> >>> Is there a way to inject on Email having the email domain (e.g. >> >>> @gmail.com) as a suffix and increment the UserID parameter (e.g. >> >>> starting from 100)? >> >>> >> >>> Thanks! >> >>> Ricardo Iramar >> >>> >> >>> >> >>> ------------------------------------------------------------------------------ >> >>> _______________________________________________ >> >>> sqlmap-users mailing list >> >>> sql...@li... >> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
