FWIW here is what was happening when I tried to use eval:
bperry@ubuntu:~/tools/sqlmap$ ./sqlmap.py -r ~/req2.req --level=3 -o
--eval="import uuid;Name=str(uuid.uuid1())"
sqlmap/1.0-dev-2dc570d - automatic SQL injection and database takeover
tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program
[*] starting at 08:58:56
[08:58:56] [INFO] parsing HTTP request from '/home/bperry/req2.req'
custom injection marking character ('*') found in option '--data'. Do you
want to process it? [Y/n/q] y
[08:58:59] [WARNING] you've provided target URL without any GET parameters
(e.g. www.site.com/article.php?id=1) and without providing any POST
parameters through --data option
do you want to try URI injections in the target URL itself? [Y/n/q] n
[08:59:00] [INFO] testing connection to the target URL
[08:59:00] [CRITICAL] an error occurred while evaluating provided code
('can't assign to operator (<string>, line 1)').
[*] shutting down at 08:59:00
bperry@ubuntu:~/tools/sqlmap$
On Fri, Oct 11, 2013 at 10:23 AM, Brandon Perry
<bperry.volat...@gmail.com>wrote:
> Hi, I have a request that posts multi-part form data to the server, and
> one of the params is vulnerable to a sqli. However, another param must
> change each request (can be totally random) and I am not sure how to
> approach that. I am sure that a tamper script or something will be the
> correct solution, just not sure how to approach it.
>
> Any thoughts or questions in case I did not explain it well? Basically, I
> would like to replcae this param with a random uuid or something each
> request.
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
