Sure thing, thanks a bunch!
On Sat, Oct 12, 2013 at 2:48 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi Brandon.
>
> There is no such feature (at least for multipart cases).
>
> Nevertheless, I would suggest you to patch (just for this case):
>
> lib/request/connect.py (line 225)
Hi Brandon.
There is no such feature (at least for multipart cases).
Nevertheless, I would suggest you to patch (just for this case):
lib/request/connect.py (line 225):
+post = post.replace("[RANDSTR]", randomStr()) if post else post
Afterwards, you can put a [RANDSTR] mark into the req
FWIW here is what was happening when I tried to use eval:
bperry@ubuntu:~/tools/sqlmap$ ./sqlmap.py -r ~/req2.req --level=3 -o
--eval="import uuid;Name=str(uuid.uuid1())"
sqlmap/1.0-dev-2dc570d - automatic SQL injection and database takeover
tool
http://sqlmap.org
[!] legal disclaimer: U
Hi, I have a request that posts multi-part form data to the server, and one
of the params is vulnerable to a sqli. However, another param must change
each request (can be totally random) and I am not sure how to approach
that. I am sure that a tamper script or something will be the correct
solution
