It has been recently documented in the user's manual under 'URI
injection point' paragraph. You'll see that in the version from
subversion.
Bernardo
On 5 May 2011 11:36, Adrian Lewis wrote:
>
> Ahh, wasnt aware of that. I'll give it a go and report back. Cheers
> On Thu, May 5, 2011 at 9:10 AM,
Ahh, wasnt aware of that. I'll give it a go and report back. Cheers
On Thu, May 5, 2011 at 9:10 AM, Miroslav Stampar wrote:
> hi Adrian.
>
> have you tried to scan like this:
>
> ./sqlmap.py -u "http://www.example.com/news/99*";
>
> that * mark will point sqlmap to scan for sql injection inside
hi Adrian.
have you tried to scan like this:
./sqlmap.py -u "http://www.example.com/news/99*";
that * mark will point sqlmap to scan for sql injection inside the URI itself.
kr
On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis wrote:
> Hi All,
> Hoping you might have some insight here. I've been u
Hi All,
Hoping you might have some insight here. I've been using SQLMap for a while
and it's fantastic, very promptly updated too, been watching the list for a
while :)
Ran into a case a while back where the client was using rewritten URLs i.e.
rather than http://www.example.com/index.php?id=99 t
