[sqlmap-users] Feature request: sqlmap URI injection

Thu, 28 Apr 2011 05:06:16 -0700 

Hello,

I'm new to the list so probably I'm going to ask for something that was
previously discussed. Anyway, I'm going to try :)

I wish to know if there are plans to support "URI sql injection" in the near
future. By URI  injection i mean testing for sql injections on the URI
instead of attacking GET/POST/cookie parameters.I see at least 3 scenarios
where this feature should be required.


1- Its necessary to test URIsegments  when a web application is developed
with frameworks like codeigniter, that disables GET parameters by default,
and forces some parameters to be retrieved from the URI , like http://host/*
class/method/value1/value2.*
*
The following snippet is an example of a vulnerable application that is
accessed as http://host/news/show/1

class news extends CI_Controller {
   function show(id,param2) {
      //do stuff..
      $sql="select * from table where column='".$id.'";
      $this->db->query($sql);
      //....
   }
}
On this scenario the attack should be performed against 'param1' for
example:  http://host/news/show/param1'+OR+'a'='a/param2
The id parameter is manipulable however as far as i know its not supported
by default by sqlmap as a testable parameter.

*

2- Its also required when testing websites for sqlinjections and an URL
rewrite module is enabled, causing that  parameter names are hidden to the
user

3- When the URI is not sanitized and is stored into a database for logging
purposes ( therefore the application becomes vulnerable at least to blind
 timming sql attacks).




Thanks in advance,



Andres Tarasco
http://www.tarasco.org/security

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to