Re: [sqlmap-users] feature request - random parameter data generation

Mon, 29 Aug 2011 08:18:25 -0700 

Thanks for those great improvements.


Andres

El 29 de agosto de 2011 15:41, Miroslav Stampar
<miroslav.stam...@gmail.com>escribió:

> hi again.
>
> with the last commit r4369 new switch "--skip" is added.
>
> e.g. --skip=ua
> or
> e.g. --skip=random-agent
> or
> e.g. --skip="ua,random-agent,id,id2"
>
> will make sqlmap explicit skip the testing of parameters provided this way
>
> kind regards
>
> 2011/8/20 Andres Tarascó Acuña <atara...@gmail.com>:
> > hi there!
> >
> > I would like to suggest a feature that I think many of you will find it
> > useful. The idea is to allow sqlmap or an sqlmap tamper script to create
> > random data on each request, against targeted parameters, to bypass
> unique
> > key restrictions.  afaik there is no way to achieve this with latest
> > release.
> >
> > For example, a registration form, can trigger an sql injection that can
> only
> > be exploited when some previous checks are bypassed, like some parameters
> > being inserted into the database.  Under these scenario, each request
> must
> > contain unique data on some parameters to be able to attack the backend.
> >
> > Several "random data" generator could be supported, like
> > integers,alphanumeric  , and emails strings.
> > Example:
> > ./sqlmap.py -u http://host/register.php
> > --data="login=a...@a.com&pass=f00&lang=en" -p lang --random-email=login
> > Its just an idea :)
> > btw, without using the -p flag to target an specific parameter, is there
> any
> > way to tell sqlmap to avoid testing a parameter?
> >
> > Thanks,
> >
> > Andres
> >
> >
> ------------------------------------------------------------------------------
> > Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
> > user administration capabilities and model configuration. Take
> > the hassle out of deploying and managing Subversion and the
> > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
> > _______________________________________________
> > sqlmap-users mailing list
> > sqlmap-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>

------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to