hi there!
I would like to suggest a feature that I think many of you will find it
useful. The idea is to allow sqlmap or an sqlmap tamper script to create
random data on each request, against targeted parameters, to bypass unique
key restrictions. afaik there is no way to achieve this with latest
release.
For example, a registration form, can trigger an sql injection that can only
be exploited when some previous checks are bypassed, like some parameters
being inserted into the database. Under these scenario, each request must
contain unique data on some parameters to be able to attack the backend.
Several "random data" generator could be supported, like
integers,alphanumeric , and emails strings.
Example:
./sqlmap.py -u http://host/register.php
--data="login=a...@a.com&pass=f00&lang=en"
-p lang --random-email=login
Its just an idea :)
btw, without using the -p flag to target an specific parameter, is there any
way to tell sqlmap to avoid testing a parameter?
Thanks,
Andres
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
