Hi Steve.

As there were requests for this same feature before we'll try to implement
it these days. Will keep you posted.

Kind regards,
Miroslav Stampar

On Mon, Apr 16, 2012 at 8:40 PM, Steve Pinkham <steve.pink...@gmail.com>wrote:

> I have an app that has post data like this:
>
>
> loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E
>
> Which looks like this decoded:
> loginxml=<com.customcode>
>        <username>asdf</username>
>        <password>qwerty</password>
> </com.customcode>
>
> Is there a way to mark injection locations after the asdf and qwerty?
> The * method that works on the URL does not seem to work on POST data,
> nor does this format fit easily with the --param-del option.
> --
>  | Steven Pinkham, Security Consultant    |
>  | http://www.mavensecurity.com           |
>  | GPG public key ID E9E996C1             |
>
>
>
> ------------------------------------------------------------------------------
> For Developers, A Lot Can Happen In A Second.
> Boundary is the first to Know...and Tell You.
> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
> http://p.sf.net/sfu/Boundary-d2dvs2
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to