Seems to do what I wanted. Turns out my particular case was a false positive so extraction hasn't been tested, but I examined the traffic for the testing probes and they are all in the right place and everything in that stage works for one or more injection points.
Thanks! Miroslav Stampar wrote: > Hi Steve. > > Could you please test this with the latest r5004? > > Kind regards, > Miroslav Stampar > > On Mon, Apr 16, 2012 at 8:45 PM, Miroslav Stampar > <miroslav.stam...@gmail.com <mailto:miroslav.stam...@gmail.com>> wrote: > > Hi Steve. > > As there were requests for this same feature before we'll try to > implement it these days. Will keep you posted. > > Kind regards, > Miroslav Stampar > > On Mon, Apr 16, 2012 at 8:40 PM, Steve Pinkham > <steve.pink...@gmail.com <mailto:steve.pink...@gmail.com>> wrote: > > I have an app that has post data like this: > > > loginxml=%3Ccom.customcode%3E%0A%09%3Cusername%3Easdf%3C%2Fusername%3E%0A%09%3Cpassword%3Eqwerty%3C%2Fpassword%3E%0A%3C%2Fcom.customcode%3E > > Which looks like this decoded: > loginxml=<com.customcode> > <username>asdf</username> > <password>qwerty</password> > </com.customcode> > > Is there a way to mark injection locations after the asdf and > qwerty? > The * method that works on the URL does not seem to work on POST > data, > nor does this format fit easily with the --param-del option. > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID E9E996C1 | > > > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > <mailto:sqlmap-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm > --485b397dd11f960af804bde0a2d9--€ -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID E9E996C1 | ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
