[sqlmap-users] Blind SQL with Login and Cookie?

Wed, 04 Jan 2012 01:31:30 -0800 

hi,
 
 i want to check a site of my friend for vnl. i found a leak, but to come 
there you have to login. that's my problem: how can i scan this site with 
the login datas and the cookie?

here is the post data:
        http://www.site.com/pages/logincheck.php
 
 POST /pages/logincheck.php HTTP/1.1
 Host: www.site.com
 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0.1) Gecko/20100101 
Firefox/8.0.1
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: de,en-us;q=0.7,en;q=0.3
 Accept-Encoding: gzip, deflate
 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
 Connection: keep-alive
 Referer: http://www.site.com/logoutok.php
 Cookie: PHPSESSID=d4bb374119579bcb8b0a5b181219789c
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 82
 
PHPSESSID=d4bb374119579bcb8b0a5b181219789c&username=moe&passwort=6876b24e5&x=0&y=0
 HTTP/1.1 302 Moved Temporarily
 Date: Mon, 02 Jan 2012 18:58:17 GMT
 Server: Apache
 X-Powered-By: PHP/5.2.17-0.dotdeb.0
 Expires: Thu, 19 Nov 1981 08:52:00 GMT
 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0
 Pragma: no-cache
 Location: ../login.php?err&n=moe
 Content-Length: 0
 Keep-Alive: timeout=15, max=83
 Connection: Keep-Alive
 Content-Type: text/html                                                        
                                
and here is my command: python ./sqlmap.py -u  
"http://www.site.com/community/profil/?id=1&PHPSESSID=c7cf953095d6fb6587fd8c625c1ef9b8&username=moe&passwort=68b76d24e5&x=0&y=0";
 
 --cookie "c7cf953095d6fb6587fd8c625c1ef9b8" -p "id" --dbs


thanks in advance!    
-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to