Re: [sqlmap-users] querystring?

Tue, 14 Jan 2014 03:59:24 -0800 

I'd suggest having a look at the manual, it's very well documented.  if
you're simply looking to inject into POST parameters then you just need to
look at the --data option.  Beyond that, you can do some extremely exotic
injections.  SQLMap has had GET and POST parameters covered since forever.

There are plenty of ways you can go about this, but since you asked, an
example of injecting into a POST request might be something like -u "
http://www.example.com"; --data "username=foo&password=bar" -p username -f
-b.  That example allows you to provide the full POST data, zone in on just
the username parameter and then fingerprint and banner grab as a basic
starting point.  You'll want to use a local proxy such as Burp Suite to get
full visibility of the traffic, it's all just about HTTP requests really.
For something as basic as a POST injection, you don't even need the custom
injection markers.


On 14 January 2014 11:45, Mattia V <sowd...@gmail.com> wrote:

> Sorry to interrupt, but this is something I've been looking for for quite
> a while.
> Could you please point out an example of usage on how to inject to a
> custom point that is not the url (e.g. a POST form)?
> Thank you very much
>
>
> On Tue, Jan 14, 2014 at 10:59 AM, Chris Oakley <
> christopher.oak...@gmail.com> wrote:
>
>> You can tell the program to inject anywhere.  If your injection point is
>> in a slightly weirder place (and, to be honest, even if it's not) then the
>> easiest thing to do is to save the HTTP request to a file, place a * where
>> you want the program to inject and use the -r command to point SQLMap at
>> the right request file. - Chris
>>
>>

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to