I have an app that has post data like this: loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E
Which looks like this decoded:
loginxml=<com.customcode>
<username>asdf</username>
<password>qwerty</password>
</com.customcode>
Is there a way to mark injection locations after the asdf and qwerty?
The * method that works on the URL does not seem to work on POST data,
nor does this format fit easily with the --param-del option.
--
| Steven Pinkham, Security Consultant |
| http://www.mavensecurity.com |
| GPG public key ID E9E996C1 |
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
