hi again. with the last commit r4369 new switch "--skip" is added.
e.g. --skip=ua or e.g. --skip=random-agent or e.g. --skip="ua,random-agent,id,id2" will make sqlmap explicit skip the testing of parameters provided this way kind regards 2011/8/20 Andres Tarascó Acuña <atara...@gmail.com>: > hi there! > > I would like to suggest a feature that I think many of you will find it > useful. The idea is to allow sqlmap or an sqlmap tamper script to create > random data on each request, against targeted parameters, to bypass unique > key restrictions. afaik there is no way to achieve this with latest > release. > > For example, a registration form, can trigger an sql injection that can only > be exploited when some previous checks are bypassed, like some parameters > being inserted into the database. Under these scenario, each request must > contain unique data on some parameters to be able to attack the backend. > > Several "random data" generator could be supported, like > integers,alphanumeric , and emails strings. > Example: > ./sqlmap.py -u http://host/register.php > --data="login=a...@a.com&pass=f00&lang=en" -p lang --random-email=login > Its just an idea :) > btw, without using the -p flag to target an specific parameter, is there any > way to tell sqlmap to avoid testing a parameter? > > Thanks, > > Andres > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
