Thread: [sqlmap-users] Cannot identify JSON parameters
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: guoyangjuan <guo...@hu...> - 2015-06-12 09:29:39
|
Hi,
I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON request that
I extracted from Burp and censored a bit:
----------------------------------------------------------------------
POST /SomeURL/getApns.action HTTP/1.1
Host: IP:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800
Content-Length: 39
Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser; lockScreen=false
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"apn":"requestApn","language":"zh_CN"}
----------------------------------------------------------------------
I tried the following command to do the SQL injection test, but it ended up with "no parameter(s) found" message.
-----------------------------------------------------------------------
Command:
sqlmap.py -u "https://SomeURL/getApns.action" --cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser;
lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}" --ignore-proxy --dbms "MySQL"
-----------------------------------------------------------------------
Log:
[*] starting at 09:36:31
[09:36:31] [INFO] testing connection to the target URL
[09:36:33] [INFO] testing if the target URL is stable. This can take a couple of seconds
[09:36:35] [INFO] target URL is stable
[09:36:35] [CRITICAL] no parameter(s) found for testing in the provided data (e.
g. GET parameter 'id' in 'www.site.com/index.php?id=1')
[*] shutting down at 09:36:35
-----------------------------------------------------------------------
Then I saved the post JSON request to file "testURL.txt" and tried "sqlmap.py -r d:\testURL.txt ",
It can perfectly identify JSON parameters:
-----------------------------------------------------------------------
Log:
[*] starting at 09:43:58
[09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
JSON data found in POST data. Do you want to process it? [Y/n/q] Y
[09:44:06] [INFO] testing connection to the target URL
[09:44:07] [WARNING] the web server responded with an HTTP error code (400) which could interfere with the results of the tests
[09:44:07] [INFO] testing if the target URL is stable. This can take a couple of seconds
[09:44:08] [INFO] target URL is stable
[09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
...
[09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is dynamic
...
-----------------------------------------------------------------------
Why it behaved differently?
For some reason, I can only use "sqlmap.py -u SomeURL --cookie=SomeCookie --data=JSON data" to do the test.
Can sqlmap identify JSON post data using the above command?
How do I achieve this?
Kind regards,
Guo
|
|
From: Brandon P. <bpe...@gm...> - 2015-06-12 13:37:09
|
--data="{"apn":"requestApn","language":"zh_CN"}"
That is not the correct way to specify JSON, should use outer single quotes.
--data='{"apn":"requestApn","language":"zh_CN"}'
On Fri, Jun 12, 2015 at 4:29 AM, guoyangjuan <guo...@hu...> wrote:
> Hi,
>
>
>
> I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON
> request that
>
> I extracted from Burp and censored a bit:
>
> ----------------------------------------------------------------------
>
> POST /SomeURL/getApns.action HTTP/1.1
>
> Host: IP:8443
>
> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101
> Firefox/34.0
>
> Accept: application/json, text/javascript, */*; q=0.01
>
> Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
>
> Accept-Encoding: gzip, deflate
>
> Content-Type: application/json; charset=UTF-8
>
> X-Requested-With: XMLHttpRequest
>
> Referer:
> https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800
>
> Content-Length: 39
>
> Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN;
> HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true;
> loginUserName=SomeUser; lockScreen=false
>
> Connection: keep-alive
>
> Pragma: no-cache
>
> Cache-Control: no-cache
>
>
>
> {"apn":"requestApn","language":"zh_CN"}
>
> ----------------------------------------------------------------------
>
>
>
>
>
> I tried the following command to do the SQL injection test, but it ended
> up with "no parameter(s) found" message.
>
> -----------------------------------------------------------------------
>
> Command:
>
> sqlmap.py -u "https://SomeURL/getApns.action"
> --cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
>
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN;
> HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true;
> loginUserName=SomeUser;
>
> lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}"
> --ignore-proxy --dbms "MySQL"
>
> -----------------------------------------------------------------------
>
> Log:
>
> [*] starting at 09:36:31
>
>
>
> [09:36:31] [INFO] testing connection to the target URL
>
> [09:36:33] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
>
> [09:36:35] [INFO] target URL is stable
>
> [09:36:35] [CRITICAL] no parameter(s) found for testing in the provided
> data (e.
>
> g. GET parameter 'id' in 'www.site.com/index.php?id=1')
>
>
>
> [*] shutting down at 09:36:35
>
> -----------------------------------------------------------------------
>
>
>
>
>
> Then I saved the post JSON request to file “testURL.txt” and tried
> “sqlmap.py –r d:\testURL.txt ”,
>
> It can perfectly identify JSON parameters:
>
> -----------------------------------------------------------------------
>
> Log:
>
> [*] starting at 09:43:58
>
>
>
> [09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
>
> JSON data found in POST data. Do you want to process it? [Y/n/q] Y
>
> [09:44:06] [INFO] testing connection to the target URL
>
> [09:44:07] [WARNING] the web server responded with an HTTP error code
> (400) which could interfere with the results of the tests
>
> [09:44:07] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
>
> [09:44:08] [INFO] target URL is stable
>
> [09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
>
> ...
>
> [09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is
> dynamic
>
> ...
>
> -----------------------------------------------------------------------
>
>
>
> Why it behaved differently?
>
>
>
> For some reason, I can only use “sqlmap.py –u SomeURL --cookie=SomeCookie
> --data=JSON data” to do the test.
>
> Can sqlmap identify JSON post data using the above command?
>
> How do I achieve this?
>
>
>
> Kind regards,
>
> Guo
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
|
|
From: guoyangjuan <guo...@hu...> - 2015-06-15 01:35:09
|
Hi,
Thanks for your prompt reply.
I’ve tried outer single quotes just as you suggested, but I still get the "no parameter(s) found" message.
Any ideas?
Kind regards,
Guo
发件人: Brandon Perry [mailto:bpe...@gm...]
发送时间: 2015年6月12日 21:37
收件人: guoyangjuan
抄送: sql...@li...; Longxiang
主题: Re: [sqlmap-users] Cannot identify JSON parameters
--data="{"apn":"requestApn","language":"zh_CN"}"
That is not the correct way to specify JSON, should use outer single quotes.
--data='{"apn":"requestApn","language":"zh_CN"}'
On Fri, Jun 12, 2015 at 4:29 AM, guoyangjuan <guo...@hu...<mailto:guo...@hu...>> wrote:
Hi,
I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON request that
I extracted from Burp and censored a bit:
----------------------------------------------------------------------
POST /SomeURL/getApns.action HTTP/1.1
Host: IP:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800
Content-Length: 39
Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser; lockScreen=false
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"apn":"requestApn","language":"zh_CN"}
----------------------------------------------------------------------
I tried the following command to do the SQL injection test, but it ended up with "no parameter(s) found" message.
-----------------------------------------------------------------------
Command:
sqlmap.py -u "https://SomeURL/getApns.action" --cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser;
lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}" --ignore-proxy --dbms "MySQL"
-----------------------------------------------------------------------
Log:
[*] starting at 09:36:31
[09:36:31] [INFO] testing connection to the target URL
[09:36:33] [INFO] testing if the target URL is stable. This can take a couple of seconds
[09:36:35] [INFO] target URL is stable
[09:36:35] [CRITICAL] no parameter(s) found for testing in the provided data (e.
g. GET parameter 'id' in 'www.site.com/index.php?id=1<http://www.site.com/index.php?id=1>')
[*] shutting down at 09:36:35
-----------------------------------------------------------------------
Then I saved the post JSON request to file “testURL.txt” and tried “sqlmap.py –r d:\testURL.txt ”,
It can perfectly identify JSON parameters:
-----------------------------------------------------------------------
Log:
[*] starting at 09:43:58
[09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
JSON data found in POST data. Do you want to process it? [Y/n/q] Y
[09:44:06] [INFO] testing connection to the target URL
[09:44:07] [WARNING] the web server responded with an HTTP error code (400) which could interfere with the results of the tests
[09:44:07] [INFO] testing if the target URL is stable. This can take a couple of seconds
[09:44:08] [INFO] target URL is stable
[09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
...
[09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is dynamic
...
-----------------------------------------------------------------------
Why it behaved differently?
For some reason, I can only use “sqlmap.py –u SomeURL --cookie=SomeCookie --data=JSON data” to do the test.
Can sqlmap identify JSON post data using the above command?
How do I achieve this?
Kind regards,
Guo
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sql...@li...<mailto:sql...@li...>
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
|
|
From: Brandon P. <bpe...@gm...> - 2015-06-15 01:50:49
Attachments:
signature.asc
|
Do you need to provide the JSESSIONID as well?
> On Jun 14, 2015, at 8:34 PM, guoyangjuan <guo...@hu...> wrote:
>
> Hi,
> Thanks for your prompt reply.
> I’ve tried outer single quotes just as you suggested, but I still get the "no parameter(s) found" message.
> Any ideas?
>
> Kind regards,
> Guo
>
>
> 发件人: Brandon Perry [mailto:bpe...@gm...]
> 发送时间: 2015年6月12日 21:37
> 收件人: guoyangjuan
> 抄送: sql...@li...; Longxiang
> 主题: Re: [sqlmap-users] Cannot identify JSON parameters
>
> --data="{"apn":"requestApn","language":"zh_CN"}"
>
> That is not the correct way to specify JSON, should use outer single quotes.
>
> --data='{"apn":"requestApn","language":"zh_CN"}'
>
> On Fri, Jun 12, 2015 at 4:29 AM, guoyangjuan <guo...@hu... <mailto:guo...@hu...>> wrote:
> Hi,
>
> I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON request that
> I extracted from Burp and censored a bit:
> ----------------------------------------------------------------------
> POST /SomeURL/getApns.action HTTP/1.1
> Host: IP:8443
> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
> Accept: application/json, text/javascript, */*; q=0.01
> Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
> Accept-Encoding: gzip, deflate
> Content-Type: application/json; charset=UTF-8
> X-Requested-With: XMLHttpRequest
> Referer: https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800 <https://ip:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800>
> Content-Length: 39
> Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser; lockScreen=false
> Connection: keep-alive
> Pragma: no-cache
> Cache-Control: no-cache
>
> {"apn":"requestApn","language":"zh_CN"}
> ----------------------------------------------------------------------
>
>
> I tried the following command to do the SQL injection test, but it ended up with "no parameter(s) found" message.
> -----------------------------------------------------------------------
> Command:
> sqlmap.py -u "https://SomeURL/getApns.action <https://someurl/getApns.action>" --cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser;
> lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}" --ignore-proxy --dbms "MySQL"
> -----------------------------------------------------------------------
> Log:
> [*] starting at 09:36:31
>
> [09:36:31] [INFO] testing connection to the target URL
> [09:36:33] [INFO] testing if the target URL is stable. This can take a couple of seconds
> [09:36:35] [INFO] target URL is stable
> [09:36:35] [CRITICAL] no parameter(s) found for testing in the provided data (e.
> g. GET parameter 'id' in 'www.site.com/index.php?id=1 <http://www.site.com/index.php?id=1>')
>
> [*] shutting down at 09:36:35
> -----------------------------------------------------------------------
>
>
> Then I saved the post JSON request to file “testURL.txt” and tried “sqlmap.py –r d:\testURL.txt ”,
> It can perfectly identify JSON parameters:
> -----------------------------------------------------------------------
> Log:
> [*] starting at 09:43:58
>
> [09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
> JSON data found in POST data. Do you want to process it? [Y/n/q] Y
> [09:44:06] [INFO] testing connection to the target URL
> [09:44:07] [WARNING] the web server responded with an HTTP error code (400) which could interfere with the results of the tests
> [09:44:07] [INFO] testing if the target URL is stable. This can take a couple of seconds
> [09:44:08] [INFO] target URL is stable
> [09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
> ...
> [09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is dynamic
> ...
> -----------------------------------------------------------------------
>
> Why it behaved differently?
>
> For some reason, I can only use “sqlmap.py –u SomeURL --cookie=SomeCookie --data=JSON data” to do the test.
> Can sqlmap identify JSON post data using the above command?
> How do I achieve this?
>
> Kind regards,
> Guo
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li... <mailto:sql...@li...>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>
>
>
> --
> http://volatile-minds.blogspot.com <http://volatile-minds.blogspot.com/> -- blog
> http://www.volatileminds.net <http://www.volatileminds.net/> -- website
|
|
From: guoyangjuan <guo...@hu...> - 2015-06-15 02:08:40
|
Yes, I need to provide the JSESSIONID.
If don’t, it will redirect to login page.
发件人: Brandon Perry [mailto:bpe...@gm...]
发送时间: 2015年6月15日 9:51
收件人: guoyangjuan
抄送: sql...@li...; Longxiang
主题: Re: [sqlmap-users] Cannot identify JSON parameters
Do you need to provide the JSESSIONID as well?
On Jun 14, 2015, at 8:34 PM, guoyangjuan <guo...@hu...<mailto:guo...@hu...>> wrote:
Hi,
Thanks for your prompt reply.
I’ve tried outer single quotes just as you suggested, but I still get the "no parameter(s) found" message.
Any ideas?
Kind regards,
Guo
发件人: Brandon Perry [mailto:bpe...@gm...]
发送时间: 2015年6月12日 21:37
收件人: guoyangjuan
抄送: sql...@li...<mailto:sql...@li...>; Longxiang
主题: Re: [sqlmap-users] Cannot identify JSON parameters
--data="{"apn":"requestApn","language":"zh_CN"}"
That is not the correct way to specify JSON, should use outer single quotes.
--data='{"apn":"requestApn","language":"zh_CN"}'
On Fri, Jun 12, 2015 at 4:29 AM, guoyangjuan <guo...@hu...<mailto:guo...@hu...>> wrote:
Hi,
I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON request that
I extracted from Burp and censored a bit:
----------------------------------------------------------------------
POST /SomeURL/getApns.action HTTP/1.1
Host: IP:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800<https://ip:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800>
Content-Length: 39
Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN; org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser; lockScreen=false
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"apn":"requestApn","language":"zh_CN"}
----------------------------------------------------------------------
I tried the following command to do the SQL injection test, but it ended up with "no parameter(s) found" message.
-----------------------------------------------------------------------
Command:
sqlmap.py -u "https://SomeURL/getApns.action<https://someurl/getApns.action>" --cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN; HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true; loginUserName=SomeUser;
lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}" --ignore-proxy --dbms "MySQL"
-----------------------------------------------------------------------
Log:
[*] starting at 09:36:31
[09:36:31] [INFO] testing connection to the target URL
[09:36:33] [INFO] testing if the target URL is stable. This can take a couple of seconds
[09:36:35] [INFO] target URL is stable
[09:36:35] [CRITICAL] no parameter(s) found for testing in the provided data (e.
g. GET parameter 'id' in 'www.site.com/index.php?id=1<http://www.site.com/index.php?id=1>')
[*] shutting down at 09:36:35
-----------------------------------------------------------------------
Then I saved the post JSON request to file “testURL.txt” and tried “sqlmap.py –r d:\testURL.txt ”,
It can perfectly identify JSON parameters:
-----------------------------------------------------------------------
Log:
[*] starting at 09:43:58
[09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
JSON data found in POST data. Do you want to process it? [Y/n/q] Y
[09:44:06] [INFO] testing connection to the target URL
[09:44:07] [WARNING] the web server responded with an HTTP error code (400) which could interfere with the results of the tests
[09:44:07] [INFO] testing if the target URL is stable. This can take a couple of seconds
[09:44:08] [INFO] target URL is stable
[09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
...
[09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is dynamic
...
-----------------------------------------------------------------------
Why it behaved differently?
For some reason, I can only use “sqlmap.py –u SomeURL --cookie=SomeCookie --data=JSON data” to do the test.
Can sqlmap identify JSON post data using the above command?
How do I achieve this?
Kind regards,
Guo
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sql...@li...<mailto:sql...@li...>
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
http://volatile-minds.blogspot.com<http://volatile-minds.blogspot.com/> -- blog
http://www.volatileminds.net<http://www.volatileminds.net/> -- website
|
|
From: Miroslav S. <mir...@gm...> - 2015-06-15 04:51:43
|
Why don't you put that whole request in a file and provide it to sqlmap
with option -r? That would be far easier.
Bye
On Jun 15, 2015 4:09 AM, "guoyangjuan" <guo...@hu...> wrote:
> Yes, I need to provide the JSESSIONID.
>
> If don’t, it will redirect to login page.
>
>
>
>
>
> *发件人:* Brandon Perry [mailto:bpe...@gm...]
> *发送时间:* 2015年6月15日 9:51
> *收件人:* guoyangjuan
> *抄送:* sql...@li...; Longxiang
> *主题:* Re: [sqlmap-users] Cannot identify JSON parameters
>
>
>
> Do you need to provide the JSESSIONID as well?
>
>
>
> On Jun 14, 2015, at 8:34 PM, guoyangjuan <guo...@hu...> wrote:
>
>
>
> Hi,
>
> Thanks for your prompt reply.
>
> I’ve tried outer single quotes just as you suggested, but I still get the
> "no parameter(s) found" message.
>
> Any ideas?
>
>
>
> Kind regards,
>
> Guo
>
>
>
>
>
> *发件人:* Brandon Perry [mailto:bpe...@gm...
> <bpe...@gm...>]
> *发送时间:* 2015年6月12日 21:37
> *收件人:* guoyangjuan
> *抄送:* sql...@li...; Longxiang
> *主题:* Re: [sqlmap-users] Cannot identify JSON parameters
>
>
>
> --data="{"apn":"requestApn","language":"zh_CN"}"
>
> That is not the correct way to specify JSON, should use outer single
> quotes.
>
>
>
> --data='{"apn":"requestApn","language":"zh_CN"}'
>
>
>
> On Fri, Jun 12, 2015 at 4:29 AM, guoyangjuan <guo...@hu...>
> wrote:
>
> Hi,
>
>
>
> I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON
> request that
>
> I extracted from Burp and censored a bit:
>
> ----------------------------------------------------------------------
>
> POST /SomeURL/getApns.action HTTP/1.1
>
> Host: IP:8443
>
> User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101
> Firefox/34.0
>
> Accept: application/json, text/javascript, */*; q=0.01
>
> Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
>
> Accept-Encoding: gzip, deflate
>
> Content-Type: application/json; charset=UTF-8
>
> X-Requested-With: XMLHttpRequest
>
> Referer:
> https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800
> <https://ip:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800>
>
> Content-Length: 39
>
> Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN;
> HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true;
> loginUserName=SomeUser; lockScreen=false
>
> Connection: keep-alive
>
> Pragma: no-cache
>
> Cache-Control: no-cache
>
>
>
> {"apn":"requestApn","language":"zh_CN"}
>
> ----------------------------------------------------------------------
>
>
>
>
>
> I tried the following command to do the SQL injection test, but it ended
> up with "no parameter(s) found" message.
>
> -----------------------------------------------------------------------
>
> Command:
>
> sqlmap.py -u "https://SomeURL/getApns.action
> <https://someurl/getApns.action>"
> --cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
>
> org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN;
> HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true;
> loginUserName=SomeUser;
>
> lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}"
> --ignore-proxy --dbms "MySQL"
>
> -----------------------------------------------------------------------
>
> Log:
>
> [*] starting at 09:36:31
>
>
>
> [09:36:31] [INFO] testing connection to the target URL
>
> [09:36:33] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
>
> [09:36:35] [INFO] target URL is stable
>
> [09:36:35] [CRITICAL] no parameter(s) found for testing in the provided
> data (e.
>
> g. GET parameter 'id' in 'www.site.com/index.php?id=1')
>
>
>
> [*] shutting down at 09:36:35
>
> -----------------------------------------------------------------------
>
>
>
>
>
> Then I saved the post JSON request to file “testURL.txt” and tried “sqlmap.py
> –r d:\testURL.txt ”,
>
> It can perfectly identify JSON parameters:
>
> -----------------------------------------------------------------------
>
> Log:
>
> [*] starting at 09:43:58
>
>
>
> [09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
>
> JSON data found in POST data. Do you want to process it? [Y/n/q] Y
>
> [09:44:06] [INFO] testing connection to the target URL
>
> [09:44:07] [WARNING] the web server responded with an HTTP error code
> (400) which could interfere with the results of the tests
>
> [09:44:07] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
>
> [09:44:08] [INFO] target URL is stable
>
> [09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
>
> ...
>
> [09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is
> dynamic
>
> ...
>
> -----------------------------------------------------------------------
>
>
>
> Why it behaved differently?
>
>
>
> For some reason, I can only use “sqlmap.py –u SomeURL --cookie=SomeCookie
> --data=JSON data” to do the test.
>
> Can sqlmap identify JSON post data using the above command?
>
> How do I achieve this?
>
>
>
> Kind regards,
>
> Guo
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
>
> --
>
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X