Thread: [sqlmap-users] REST style parameters?
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Steve P. <ste...@gm...> - 2009-06-12 21:34:56
|
Does SQLmap have any way to support REST style URL parameters, such as: "http://www.example.com/parm1/parm2" ? I couldn't find any information on this in the documentation. Thanks -- | Steven E. Pinkham | | GPG public key ID CD31CAFB | |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-06-13 07:57:37
|
Hi Steve, On Fri, Jun 12, 2009 at 22:33, Steve Pinkham<ste...@gm...> wrote: > Does SQLmap have any way to support REST style URL parameters, such as: > "http://www.example.com/parm1/parm2" ? > I couldn't find any information on this in the documentation. As I said several times already on this mailing list, this will come in the long run. sqlmap does not support it yet. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
|
From: Christian E. E. <c_e...@ya...> - 2009-06-13 08:11:58
|
Hi steve, if you're thinking about REST for webservices assessment, then the answer is no. you should consider another tool like OpenSQLi-NG (not available for public yet, I'll do so very soon) http://opensqling.sourceforge.net/ , it support webservices assessment with both a messaging layer ( such as SOAP, or session tracking via HTTP cookies) and REST see the following for available features: http://opensqling.sourceforge.net/?page_id=8#features Best --- Christian Eric Edjenguele IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect mobile (IT): +39 3408580513 ----- Messaggio originale ----- > Da: Steve Pinkham <ste...@gm...> > A: sql...@li... > Inviato: Venerdì 12 giugno 2009, 23:33:39 > Oggetto: [sqlmap-users] REST style parameters? > > Does SQLmap have any way to support REST style URL parameters, such as: > "http://www.example.com/parm1/parm2" ? > I couldn't find any information on this in the documentation. > Thanks > -- > | Steven E. Pinkham | > | GPG public key ID CD31CAFB | > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
|
From: Daniele B. <dan...@gm...> - 2009-06-14 13:07:19
|
There could be some potential features but, can you introduce it a little more ? What are main differences with other sql inj tools? What is the 'OXCP' protocol and why do you need it.. Tnx On Sat, Jun 13, 2009 at 10:11 AM, Christian Eric EDJENGUELE<c_e...@ya...> wrote: > > Hi steve, > if you're thinking about REST for webservices assessment, then the answer is no. > you should consider another tool like OpenSQLi-NG (not available for public yet, I'll do so very soon) http://opensqling.sourceforge.net/ , it support webservices assessment with both a messaging layer ( such as SOAP, or session tracking via HTTP cookies) and REST see the following for available features: http://opensqling.sourceforge.net/?page_id=8#features > > > Best > --- > Christian Eric Edjenguele > IT Security Software Developer & Researcher / Business Developer / Enterprise Software Architect > mobile (IT): +39 3408580513 > > > > ----- Messaggio originale ----- >> Da: Steve Pinkham <ste...@gm...> >> A: sql...@li... >> Inviato: Venerdì 12 giugno 2009, 23:33:39 >> Oggetto: [sqlmap-users] REST style parameters? >> >> Does SQLmap have any way to support REST style URL parameters, such as: >> "http://www.example.com/parm1/parm2" ? >> I couldn't find any information on this in the documentation. >> Thanks >> -- >> | Steven E. Pinkham | >> | GPG public key ID CD31CAFB | >> >> >> ------------------------------------------------------------------------------ >> Crystal Reports - New Free Runtime and 30 Day Trial >> Check out the new simplified licensing option that enables unlimited >> royalty-free distribution of the report engine for externally facing >> server and web deployment. >> http://p.sf.net/sfu/businessobjects >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Steve P. <ste...@gm...> - 2009-06-13 14:07:47
|
Bernardo Damele A. G. wrote: > Hi Steve, > > On Fri, Jun 12, 2009 at 22:33, Steve Pinkham<ste...@gm...> wrote: >> Does SQLmap have any way to support REST style URL parameters, such as: >> "http://www.example.com/parm1/parm2" ? >> I couldn't find any information on this in the documentation. > > As I said several times already on this mailing list, this will come > in the long run. sqlmap does not support it yet. > > Cheers, Sorry, I did search the mailing list archive on sourceforge for REST, parameter(s), and other queries, and nothing related came up. It does now ;-) I also googled, searched the documentation and hunted for a bug tracker first. I apologize if there's some other FM I should have R'd, but I did attempt. -- | Steven E. Pinkham | | GPG public key ID CD31CAFB | |
|
From: <ja...@ev...> - 2009-06-13 18:29:26
|
Why would you suggest he use another tool which has no public releases? On Sat, 13 Jun 2009, Steve Pinkham wrote: > Bernardo Damele A. G. wrote: >> Hi Steve, >> >> On Fri, Jun 12, 2009 at 22:33, Steve Pinkham<ste...@gm...> wrote: >>> Does SQLmap have any way to support REST style URL parameters, such as: >>> "http://www.example.com/parm1/parm2" ? >>> I couldn't find any information on this in the documentation. >> >> As I said several times already on this mailing list, this will come >> in the long run. sqlmap does not support it yet. >> >> Cheers, > > Sorry, I did search the mailing list archive on sourceforge for REST, > parameter(s), and other queries, and nothing related came up. It does > now ;-) > I also googled, searched the documentation and hunted for a bug tracker > first. I apologize if there's some other FM I should have R'd, but I > did attempt. > > -- > | Steven E. Pinkham | > | GPG public key ID CD31CAFB | > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-06-13 20:16:01
|
Good question! Maybe the answer is SPAM? Maybe 'cause we *desperately* need the nth useless/limited/unmaintained/crappy SQL injection tool? I've counted over 30 open source tools so far, tested about 20, guess how many do what they claim.. Very few, and guess how many do exploit deeply the flaw and are highly customizable and flexible.. Even less. On Sat, Jun 13, 2009 at 19:29, <ja...@ev...> wrote: > Why would you suggest he use another tool which has no public releases? > [...] -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobiles: +447788962949 (UK), +393493821385 (IT) PGP Key ID: 0x05F5A30F |
|
From: Steve P. <ste...@gm...> - 2009-06-14 02:17:02
|
Bernardo Damele A. G. wrote: > Good question! Maybe the answer is SPAM? Maybe 'cause we *desperately* > need the nth useless/limited/unmaintained/crappy SQL injection tool? > I've counted over 30 open source tools so far, tested about 20, guess > how many do what they claim.. Very few, and guess how many do exploit > deeply the flaw and are highly customizable and flexible.. Even less. > > On Sat, Jun 13, 2009 at 19:29, <ja...@ev...> wrote: >> Why would you suggest he use another tool which has no public releases? >> [...] > Yeah, that's why I'm on the SQLmap list, because it Just Works for most things I want to use it for. Not to say I wouldn't welcome another good tool, but I've used more then my share of partially to non-functioning often malware infested SQL tools to want to continue to test more. Obviously writing a generic tool that covers the necessary functionality is much harder then most people realize then they get going. -- | Steven E. Pinkham | | GPG public key ID CD31CAFB | |
|
From: Daniele B. <dan...@gm...> - 2009-06-14 03:14:53
|
Hi, i'm the original author of sqlmap even if Bernardo replaced me years ago. I would like to know where and what is the problem..despite of which tools is more appropriate, how doc has been written, who say what and so on 2009/6/14, Steve Pinkham <ste...@gm...>: > Bernardo Damele A. G. wrote: >> Good question! Maybe the answer is SPAM? Maybe 'cause we *desperately* >> need the nth useless/limited/unmaintained/crappy SQL injection tool? >> I've counted over 30 open source tools so far, tested about 20, guess >> how many do what they claim.. Very few, and guess how many do exploit >> deeply the flaw and are highly customizable and flexible.. Even less. >> >> On Sat, Jun 13, 2009 at 19:29, <ja...@ev...> wrote: >>> Why would you suggest he use another tool which has no public releases? >>> [...] >> > > Yeah, that's why I'm on the SQLmap list, because it Just Works for most > things I want to use it for. Not to say I wouldn't welcome another good > tool, but I've used more then my share of partially to non-functioning > often malware infested SQL tools to want to continue to test more. > > Obviously writing a generic tool that covers the necessary functionality > is much harder then most people realize then they get going. > -- > | Steven E. Pinkham | > | GPG public key ID CD31CAFB | > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X