Re: [sqlmap-users] sqlmap parsing XML parameters in web services

Fri, 20 Jul 2012 00:52:10 -0700 

p.s. example for such request file could be something like this:

POST /vuln.php HTTP/1.1
Accept-Encoding: identity
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: www.site.com
Accept-language: en-us,en;q=0.5
Pragma: no-cache
Cache-control: no-cache,no-store
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: sqlmap/1.0-dev-a4f5c1d (http://sqlmap.org)
Connection: close

<xml><bla2 value="1*"/></xml>

On Fri, Jul 20, 2012 at 9:50 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:

> Hi.
>
> For such cases where sqlmap doesn't recognize parameters inside (we have a
> SOAP parameter parsing but we could probably review it) POST request you
> can freely use custom injection mark *.
>
> Also, please update to the latest commit as there was a related "patch"
> for your case (https://github.com/sqlmapproject/sqlmap/issues/108).
>
> Kind regards,
> Miroslav Stampar
>
> On Thu, Jul 19, 2012 at 6:46 PM, * * <pipedreamreal...@gmail.com> wrote:
>
>> Is there a way to get sqlmap to recognize xml parameters inside an
>> intercepted SOAP request?  I have a POST request with parameters in xml
>> format inside a SOAP envelope I want to test.  Thanks!
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to