I have a SOAP POST request where two different should be unique. One
is an Email and another UserID.
Is there a way to inject on Email having the email domain (e.g.
@gmail.com) as a suffix and increment the UserID parameter (e.g.
starting from 100)?
Thanks!
Ricardo Iramar
You can write a burp rule that rewrites a specific value that you set in the
SOAP body with an incrementing integer as sqlmap is exploiting the sqlinjection
(it wouldn’t realize the parameter needed to be incremented).
You can use —proxy to send sqlmap through burp.
> On Aug 18, 2016, at 2:02 P
Great idea!!! Thanks!!! :)
I'll try and let you know the results.
On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry
wrote:
> You can write a burp rule that rewrites a specific value that you set in the
> SOAP body with an incrementing integer as sqlmap is exploiting the
> sqlinjection (it wouldn’t
I checked and burp replace feature doesn't have any kind of parameter
to include a incremental number. :(
I'll check mitmproxy.
On Thu, Aug 18, 2016 at 4:10 PM, Ricardo Iramar dos Santos
wrote:
> Great idea!!! Thanks!!! :)
> I'll try and let you know the results.
>
> On Thu, Aug 18, 2016 at 4:07
