Re: [sqlmap-users] POST Data parameter marking

Tue, 17 Apr 2012 07:20:39 -0700 

Hi Steve.

Could you please test this with the latest r5004?

Kind regards,
Miroslav Stampar

On Mon, Apr 16, 2012 at 8:45 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:

> Hi Steve.
>
> As there were requests for this same feature before we'll try to implement
> it these days. Will keep you posted.
>
> Kind regards,
> Miroslav Stampar
>
> On Mon, Apr 16, 2012 at 8:40 PM, Steve Pinkham <steve.pink...@gmail.com>wrote:
>
>> I have an app that has post data like this:
>>
>>
>> loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E
>>
>> Which looks like this decoded:
>> loginxml=<com.customcode>
>>        <username>asdf</username>
>>        <password>qwerty</password>
>> </com.customcode>
>>
>> Is there a way to mark injection locations after the asdf and qwerty?
>> The * method that works on the URL does not seem to work on POST data,
>> nor does this format fit easily with the --param-del option.
>> --
>>  | Steven Pinkham, Security Consultant    |
>>  | http://www.mavensecurity.com           |
>>  | GPG public key ID E9E996C1             |
>>
>>
>>
>> ------------------------------------------------------------------------------
>> For Developers, A Lot Can Happen In A Second.
>> Boundary is the first to Know...and Tell You.
>> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
>> http://p.sf.net/sfu/Boundary-d2dvs2
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to