Re: [sqlmap-users] Problem/confusion with wildcard in url

Thu, 05 Jan 2012 06:46:46 -0800 

-p will definitely work, no need for * when it's not rewritten URLs.  Not
sure if that counts as a bug therefore... so in the meantime, just use -p

Chris

On 5 January 2012 13:53, Gianluca Brindisi <g...@brindi.si> wrote:

> Hello,
> if I provide an URL with * like this:
>
> http://target.com/path/to/index.php?id=12*&action=add&path=/path/to/&imgIndex=
>
> sqlmap don't recognize valid get param in the urls:
>
> [15:34:23] [WARNING] you've provided target url without any GET parameters
> (e.g. www.site.com/article.php?id=1) and without providing any POST
> parameters through --data option
> do you want to try URI injections in the target url itself? [Y/n/q]
>
> But looks like it inject correctly where I placed the wildcard.
>
> Instead without * everything is working fine as usual.
> So I am not sure if it's this some sort of bug or it's me misusing the *
> option (i.e. if the url is not rewrote I should just use -p id).
>
> Thanks,
> Gianluca Brindisi
>
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to