Hi Steve. As there were requests for this same feature before we'll try to implement it these days. Will keep you posted.
Kind regards, Miroslav Stampar On Mon, Apr 16, 2012 at 8:40 PM, Steve Pinkham <steve.pink...@gmail.com>wrote: > I have an app that has post data like this: > > > loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E > > Which looks like this decoded: > loginxml=<com.customcode> > <username>asdf</username> > <password>qwerty</password> > </com.customcode> > > Is there a way to mark injection locations after the asdf and qwerty? > The * method that works on the URL does not seem to work on POST data, > nor does this format fit easily with the --param-del option. > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID E9E996C1 | > > > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
