It has been recently documented in the user's manual under 'URI
injection point' paragraph. You'll see that in the version from
subversion.

Bernardo

On 5 May 2011 11:36, Adrian Lewis <braint...@gmail.com> wrote:
>
> Ahh, wasnt aware of that. I'll give it a go and report back. Cheers
> On Thu, May 5, 2011 at 9:10 AM, Miroslav Stampar <miroslav.stam...@gmail.com> 
> wrote:
>>
>> hi Adrian.
>>
>> have you tried to scan like this:
>>
>> ./sqlmap.py -u "http://www.example.com/news/99*";
>>
>> that * mark will point sqlmap to scan for sql injection inside the URI 
>> itself.
>>
>> kr
>>
>> On Thu, May 5, 2011 at 9:33 AM, Adrian Lewis <braint...@gmail.com> wrote:
>> > Hi All,
>> > Hoping you might have some insight here. I've been using SQLMap for a while
>> > and it's fantastic, very promptly updated too, been watching the list for a
>> > while :)
>> > Ran into a case a while back where the client was using rewritten URLs i.e.
>> > rather than http://www.example.com/index.php?id=99 the URL was
>> > http://www.example.com/news/99
>> > The ID field was vuln to SQLi but there was an automatic redirect
>> > (unconditional) if I used the full URI (index.php... etc).
>> > Tried to use SQLMap to have a go at it but it didnt seem up to it. Is this
>> > by design or is there a way this could be altered in some way?
>> >
>> > Cheers!
>> > ------------------------------------------------------------------------------
>> > WhatsUp Gold - Download Free Network Management Software
>> > The most intuitive, comprehensive, and cost-effective network
>> > management toolset available today.  Delivers lowest initial
>> > acquisition cost and overall TCO of any competing solution.
>> > http://p.sf.net/sfu/whatsupgold-sd
>> > _______________________________________________
>> > sqlmap-users mailing list
>> > sqlmap-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >
>> >
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail: miroslav.stampar (at) gmail.com
>> PGP Key ID: 0xB5397B1B
>
>
>
> --
>
> Adrian Lewis
>
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today.  Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



--
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to