hi Adrian. have you tried to scan like this:
./sqlmap.py -u "http://www.example.com/news/99*"; that * mark will point sqlmap to scan for sql injection inside the URI itself. kr On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis <braint...@gmail.com> wrote: > Hi All, > Hoping you might have some insight here. I've been using SQLMap for a while > and it's fantastic, very promptly updated too, been watching the list for a > while :) > Ran into a case a while back where the client was using rewritten URLs i.e. > rather than http://www.example.com/index.php?id=99 the URL was > http://www.example.com/news/99 > The ID field was vuln to SQLi but there was an automatic redirect > (unconditional) if I used the full URI (index.php... etc). > Tried to use SQLMap to have a go at it but it didnt seem up to it. Is this > by design or is there a way this could be altered in some way? > > Cheers! > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
