So you have an option to inject wherever you want, but you want another
option to inject "inside parameter names"? Maybe, I am missing something
here...
~~
# m.
On Thu, Mar 28, 2013 at 8:06 PM, Karel Marhoul <rezorci...@seznam.cz> wrote:
> Hello,
>
> yes '*' works, but I have to put it behind parameter's name manually. I
> wish there was an option to tell sqlmap to automatically try SQLi not
> only inside parameter values but also inside parameter names. Is is
> possible to add such functionality?
>
> Kind Regards
>
> Karel Marhoul
>
> On 28.3.2013 15:41, Miroslav Stampar wrote:
> > Hi.
> >
> > Just use custom injection mark character.
> >
> > For example:
> >
> > python sqlmap.py -u "http://www.target.com/vuln.php?id*=1";
> >
> > will try to inject into the parameter name id.
> >
> > Kind regards,
> > Miroslav Stampar
> >
> > On Wed, Mar 27, 2013 at 11:02 AM, a a <rezorci...@seznam.cz
> > <mailto:rezorci...@seznam.cz>> wrote:
> >
> > Hello,
> >
> > During one assessment I have found the web application that is
> > vulnerable to
> > the SQL injection not in parameter values but in parameter names
> itself.
> >
> > This is something sqlmap is unable to find. Is it possible to add
> such
> > functionality (e.g. by optional parameter) to sqlmap?
> >
> > Regards
> >
> > Karel Marhoul
> >
> >
> ------------------------------------------------------------------------------
> > Own the Future-Intel® Level Up Game Demo Contest 2013
> > Rise to greatness in Intel's independent game demo contest.
> > Compete for recognition, cash, and the chance to get your game
> > on Steam. $5K grand prize plus 10 genre and skill prizes.
> > Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> > _______________________________________________
> > sqlmap-users mailing list
> > sqlmap-users@lists.sourceforge.net
> > <mailto:sqlmap-users@lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete
for recognition, cash, and the chance to get your game on Steam.
$5K grand prize plus 10 genre and skill prizes. Submit your demo
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
