Indeed, thanks David for replying.
I will update the user's manual with this feature at some point like someone
else pointed out.
Cheers,
Bernardo Damele A. G.
This message was sent from a smartphone
On 28 Apr 2011, at 13:33, David Guimaraes <skys...@gmail.com> wrote:
Use * character at param value:
http://vulnsite.com/vulnscript/1*/2
2011/4/28 Andres Tarascó Acuña <atara...@gmail.com>
> Hello,
>
> I'm new to the list so probably I'm going to ask for something that was
> previously discussed. Anyway, I'm going to try :)
>
> I wish to know if there are plans to support "URI sql injection" in the
> near future. By URI injection i mean testing for sql injections on the URI
> instead of attacking GET/POST/cookie parameters.I see at least 3 scenarios
> where this feature should be required.
>
>
> 1- Its necessary to test URIsegments when a web application is developed
> with frameworks like codeigniter, that disables GET parameters by default,
> and forces some parameters to be retrieved from the URI , like
> http://host/*class/method/value1/value2.*
> *
> The following snippet is an example of a vulnerable application that is
> accessed as http://host/news/show/1
>
> class news extends CI_Controller {
> function show(id,param2) {
> //do stuff..
> $sql="select * from table where column='".$id.'";
> $this->db->query($sql);
> //....
> }
> }
> On this scenario the attack should be performed against 'param1' for
> example: http://host/news/show/param1'+OR+'a'='a/param2
> The id parameter is manipulable however as far as i know its not supported
> by default by sqlmap as a testable parameter.
>
> *
>
> 2- Its also required when testing websites for sqlinjections and an URL
> rewrite module is enabled, causing that parameter names are hidden to the
> user
>
> 3- When the URI is not sanitized and is stored into a database for logging
> purposes ( therefore the application becomes vulnerable at least to blind
> timming sql attacks).
>
>
>
>
> Thanks in advance,
>
>
>
> Andres Tarasco
> http://www.tarasco.org/security
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
