subject:"\[sqlmap\-users\] sqlmap parsing XML parameters in web services"

Re: [sqlmap-users] sqlmap parsing XML parameters in web services

2012-07-20 Thread Miroslav Stampar

p.s. example for such request file could be something like this: POST /vuln.php HTTP/1.1 Accept-Encoding: identity Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: www.site.com Accept-language: en-us,en;q=0.5 Pragma: no-cache Cache-control: no-cache,no-store Accept: text/html,application/xhtm

Re: [sqlmap-users] sqlmap parsing XML parameters in web services

2012-07-20 Thread Miroslav Stampar

Hi. For such cases where sqlmap doesn't recognize parameters inside (we have a SOAP parameter parsing but we could probably review it) POST request you can freely use custom injection mark *. Also, please update to the latest commit as there was a related "patch" for your case (https://github.com

[sqlmap-users] sqlmap parsing XML parameters in web services

2012-07-19 Thread * *

Is there a way to get sqlmap to recognize xml parameters inside an intercepted SOAP request? I have a POST request with parameters in xml format inside a SOAP envelope I want to test. Thanks! -- Live Security Virtual Conf