Andres,
On 28 Apr 2011, at 13:53, "Andres Tarascó Acuña" <atara...@gmail.com> wrote:
Thanks David!
so, to test sveral URI segments, i probable need to use something
like: ./sqlmap.py -u http://host/path/chunk1*/chunk2* --data="postparameter=foo"
is that right?
Yes.
what should i type into the "-p" parameter to check sql injections only
against chunk2 (instead of attacking "postparameter" ?
-p does not support URI "parameters". Run sqlmap with no -p and ctrl+c when
the detection phase start again the post data - you will be prompted with a
few options, skip to the next parameter is what you need, till sqlmap hits
the URI snippet.
Bernardo Damele A. G.
This message was sent from a smartphone
Thanks
Andres
2011/4/28 Bernardo Damele A. G. <bernardo.dam...@gmail.com>
> Indeed, thanks David for replying.
> I will update the user's manual with this feature at some point like
> someone else pointed out.
>
> Cheers,
> Bernardo Damele A. G.
>
> This message was sent from a smartphone
>
> On 28 Apr 2011, at 13:33, David Guimaraes <skys...@gmail.com> wrote:
>
> Use * character at param value:
>
> <http://vulnsite.com/vulnscript/1*/2>http://vulnsite.com/vulnscript/1*/2
>
> 2011/4/28 Andres Tarascó Acuña < <atara...@gmail.com>atara...@gmail.com>
>
>> Hello,
>>
>> I'm new to the list so probably I'm going to ask for something that was
>> previously discussed. Anyway, I'm going to try :)
>>
>> I wish to know if there are plans to support "URI sql injection" in the
>> near future. By URI injection i mean testing for sql injections on the URI
>> instead of attacking GET/POST/cookie parameters.I see at least 3 scenarios
>> where this feature should be required.
>>
>>
>> 1- Its necessary to test URIsegments when a web application is developed
>> with frameworks like codeigniter, that disables GET parameters by default,
>> and forces some parameters to be retrieved from the URI , like <http://host/>
>> http://host/*class/method/value1/value2.*
>> *
>> The following snippet is an example of a vulnerable application that is
>> accessed as <http://host/>http://host/news/show/1
>>
>> class news extends CI_Controller {
>> function show(id,param2) {
>> //do stuff..
>> $sql="select * from table where column='".$id.'";
>> $this->db->query($sql);
>> //....
>> }
>> }
>> On this scenario the attack should be performed against 'param1' for
>> example: <http://host/news/show/param1'+OR+'a'='a/param2>
>> http://host/news/show/param1'+OR+'a'='a/param2
>> The id parameter is manipulable however as far as i know its not supported
>> by default by sqlmap as a testable parameter.
>>
>> *
>>
>> 2- Its also required when testing websites for sqlinjections and an URL
>> rewrite module is enabled, causing that parameter names are hidden to the
>> user
>>
>> 3- When the URI is not sanitized and is stored into a database for logging
>> purposes ( therefore the application becomes vulnerable at least to blind
>> timming sql attacks).
>>
>>
>>
>>
>> Thanks in advance,
>>
>>
>>
>> Andres Tarasco
>> <http://www.tarasco.org/security>http://www.tarasco.org/security
>>
>>
>> ------------------------------------------------------------------------------
>> WhatsUp Gold - Download Free Network Management Software
>> The most intuitive, comprehensive, and cost-effective network
>> management toolset available today. Delivers lowest initial
>> acquisition cost and overall TCO of any competing solution.
>> <http://p.sf.net/sfu/whatsupgold-sd>http://p.sf.net/sfu/whatsupgold-sd
>> _______________________________________________
>> sqlmap-users mailing list
>> <sqlmap-users@lists.sourceforge.net>sqlmap-users@lists.sourceforge.net
>> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
