At the moment, there is no way to inject into a JSON data
unfortunately. The asterisk character is not yet supported in POST
data.
We will soon implement this.

Bernardo


On 23 January 2012 10:39, Borja Berastegui <borjaberaste...@gmail.com> wrote:
> Hi !
>
> I've just found an injection via a JSON parameter which i've tested manually
> and im trying to succeed with sqlmap.
>
> But I cant find the way to tell sqlmap where to inject.
>
> Via the --data parameter there is no way of tell where to inject like in the
> URI injections with get and the * ?
>
> I've tried also by the --prefix and --suffix to complete the post data to
> send, but this parameters got messed up with all the JSON quotes. Sqlmap
> returns the error ''You havent especified the sufix''.
>
> Thanks for all ;)
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

Homepage: http://about.me/inquis
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to