Re: [sqlmap-users] Rewritten URLs

Thu, 05 May 2011 03:37:20 -0700 

Ahh, wasnt aware of that. I'll give it a go and report back. Cheers

On Thu, May 5, 2011 at 9:10 AM, Miroslav Stampar <miroslav.stam...@gmail.com
> wrote:

> hi Adrian.
>
> have you tried to scan like this:
>
> ./sqlmap.py -u "http://www.example.com/news/99*";
>
> that * mark will point sqlmap to scan for sql injection inside the URI
> itself.
>
> kr
>
> On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis <braint...@gmail.com> wrote:
> > Hi All,
> > Hoping you might have some insight here. I've been using SQLMap for a
> while
> > and it's fantastic, very promptly updated too, been watching the list for
> a
> > while :)
> > Ran into a case a while back where the client was using rewritten URLs
> i.e.
> > rather than http://www.example.com/index.php?id=99 the URL was
> > http://www.example.com/news/99
> > The ID field was vuln to SQLi but there was an automatic redirect
> > (unconditional) if I used the full URI (index.php... etc).
> > Tried to use SQLMap to have a go at it but it didnt seem up to it. Is
> this
> > by design or is there a way this could be altered in some way?
> >
> > Cheers!
> >
> ------------------------------------------------------------------------------
> > WhatsUp Gold - Download Free Network Management Software
> > The most intuitive, comprehensive, and cost-effective network
> > management toolset available today.  Delivers lowest initial
> > acquisition cost and overall TCO of any competing solution.
> > http://p.sf.net/sfu/whatsupgold-sd
> > _______________________________________________
> > sqlmap-users mailing list
> > sqlmap-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
>
> --
> Miroslav Stampar
>
> E-mail: miroslav.stampar (at) gmail.com
> PGP Key ID: 0xB5397B1B
>



-- 


Adrian Lewis

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to