Re: [sqlmap-users] Param in multi-part post has to change each request

Sat, 12 Oct 2013 15:41:20 -0700 

Sure thing, thanks a bunch!


On Sat, Oct 12, 2013 at 2:48 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:

> Hi Brandon.
>
> There is no such feature (at least for multipart cases).
>
> Nevertheless, I would suggest you to patch (just for this case):
>
> lib/request/connect.py (line 225):
> +        post = post.replace("[RANDSTR]", randomStr()) if post else post
>
> Afterwards, you can put a [RANDSTR] mark into the request file itself at
> the place where you want a random value to be.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Fri, Oct 11, 2013 at 5:23 PM, Brandon Perry 
> <bperry.volat...@gmail.com>wrote:
>
>> Hi, I have a request that posts multi-part form data to the server, and
>> one of the params is vulnerable to a sqli. However, another param must
>> change each request (can be totally random) and I am not sure how to
>> approach that. I am sure that a tamper script or something will be the
>> correct solution, just not sure how to approach it.
>>
>> Any thoughts or questions in case I did not explain it well? Basically, I
>> would like to replcae this param with a random uuid or something each
>> request.
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to