It has been recently documented in the user's manual under 'URI injection point' paragraph. You'll see that in the version from subversion.
Bernardo On 5 May 2011 11:36, Adrian Lewis <braint...@gmail.com> wrote: > > Ahh, wasnt aware of that. I'll give it a go and report back. Cheers > On Thu, May 5, 2011 at 9:10 AM, Miroslav Stampar <miroslav.stam...@gmail.com> > wrote: >> >> hi Adrian. >> >> have you tried to scan like this: >> >> ./sqlmap.py -u "http://www.example.com/news/99*" >> >> that * mark will point sqlmap to scan for sql injection inside the URI >> itself. >> >> kr >> >> On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis <braint...@gmail.com> wrote: >> > Hi All, >> > Hoping you might have some insight here. I've been using SQLMap for a while >> > and it's fantastic, very promptly updated too, been watching the list for a >> > while :) >> > Ran into a case a while back where the client was using rewritten URLs i.e. >> > rather than http://www.example.com/index.php?id=99 the URL was >> > http://www.example.com/news/99 >> > The ID field was vuln to SQLi but there was an automatic redirect >> > (unconditional) if I used the full URI (index.php... etc). >> > Tried to use SQLMap to have a go at it but it didnt seem up to it. Is this >> > by design or is there a way this could be altered in some way? >> > >> > Cheers! >> > ------------------------------------------------------------------------------ >> > WhatsUp Gold - Download Free Network Management Software >> > The most intuitive, comprehensive, and cost-effective network >> > management toolset available today. Delivers lowest initial >> > acquisition cost and overall TCO of any competing solution. >> > http://p.sf.net/sfu/whatsupgold-sd >> > _______________________________________________ >> > sqlmap-users mailing list >> > sqlmap-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B > > > > -- > > Adrian Lewis > > > > ------------------------------------------------------------------------------ > WhatsUp Gold - Download Free Network Management Software > The most intuitive, comprehensive, and cost-effective network > management toolset available today. Delivers lowest initial > acquisition cost and overall TCO of any competing solution. > http://p.sf.net/sfu/whatsupgold-sd > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users