This is how you should do it:
1- login to CAS with valid credentials using your browser.
2- after successful login, get your session cookie "use any proxy, firebux,
or any other way"
3- after that, run sqlmap using the "--cookie=COOKIE", it will work :)
Sherif Eldeeb
On Sat, Oct 8, 2011 at 10:18 AM, Metin Emenullahi <me...@mtndesign.net>wrote:
> Hi there,
>
> I have a problem with CAS. I have a website which has several applications
> based on CAS and I want to do some SqlInjection tests in order to close
> holes in the system as much as possible. But because of the ticket system of
> CAS, I couldn't pass the login screen with SQLMap. How can I login to the
> site, by providing username and password via SQLMap?
>
> Thanks in advance.
>
>
> --
>
> -- o --
> Metin Emenullahi
> IEEE METU Student Branch
> System Administrator
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2dcopy2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
