Hi.
Just use custom injection mark character.
For example:
python sqlmap.py -u "http://www.target.com/vuln.php?id*=1";
will try to inject into the parameter name id.
Kind regards,
Miroslav Stampar
On Wed, Mar 27, 2013 at 11:02 AM, a a <rezorci...@seznam.cz> wrote:
> Hello,
>
> During one assessment I have found the web application that is vulnerable
> to
> the SQL injection not in parameter values but in parameter names itself.
>
> This is something sqlmap is unable to find. Is it possible to add such
> functionality (e.g. by optional parameter) to sqlmap?
>
> Regards
>
> Karel Marhoul
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel® Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
