Dear Louis.
>From when are JSON string values enclosed with single quotes?
Please go to the: http://www.json.org/ and study the official JSON
forms/structures.
Kind regards,
Miroslav Stampar
On Mon, Feb 24, 2014 at 8:29 PM, <louis.nad...@bentley.com> wrote:
> Hi,
>
>
>
> I saw a couple messages saying sqlmap should support json post data now.
> However, I'm having trouble with a pretty simple payload. I'm using the
> following request that I extracted from Burp and censored a bit :
>
>
>
> POST /SomeUrl/ HTTP/1.1
>
> Host: www.SomeUrl.org.uk
>
> Proxy-Connection: keep-alive
>
> Content-Length: 28
>
> Accept: application/json, text/javascript, */*; q=0.01
>
> Origin: http://www. SomeUrl.org.uk
>
> X-Requested-With: XMLHttpRequest
>
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/33.0.1750.117 Safari/537.36
>
> Content-Type: application/json; charset=UTF-8
>
> Referer: http://www. SomeUrl.org.uk/
>
> Accept-Encoding: gzip,deflate,sdch
>
> Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4
>
> Cookie: SomeCookies
>
> Connection: close
>
>
>
> {'address':'peanut'}
>
>
>
> I tried using "sqlmap -r request" or "sqlmap -r request -p address" or
> with -p "peanut". I also tried adding $$ before and after peanut and trying
> with -sufix and -prefix to no avail.
>
>
>
> I also tried a full command line without using the raw request like this
> (and multiple variant) :
>
>
>
> python sqlmap.py -u "http://www.someurl.co.uk"; --data
> "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$"
>
>
>
> Whatever I'm doing, I'm ending up with a message like :
>
>
>
> [14:27:08] [INFO] target URL is stable
>
> [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided
> data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')
>
>
>
> Or
>
>
>
> [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp'
>
> [14:27:47] [CRITICAL] all testable parameters you provided are not present
> within the given request data
>
>
>
> I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies
> with GIT.
>
>
>
> Can you help me ?
>
>
>
> Thanks
>
>
>
> Louis
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Flow-based real-time traffic analytics software. Cisco certified tool.
> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
> Customize your own dashboards, set traffic alerts and generate reports.
> Network behavioral analysis & security monitoring. All-in-one tool.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Flow-based real-time traffic analytics software. Cisco certified tool.
Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer
Customize your own dashboards, set traffic alerts and generate reports.
Network behavioral analysis & security monitoring. All-in-one tool.
http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
