Ah, good point. Hadn't thought about that. Also, requiring a POST request
does make it difficult.
On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe <hood3dro...@gmail.com>
wrote:
> I dont think second order option will work as that is specifiing where to
> look for injection results, which might result in your underlying injection
> failing if the results are not to be found there.
>
> There is however options in latest version that appear to be for just this
> type of situation (although I personally haven't used them just yet):
> --safe-url=SAFURL URL address to visit frequently during testing
> --safe-freq=SAFREQ Test requests between two visits to a given safe
> URL
>
> I believe this will ensure your session remains active during scan.
>
> There is also the options for CSRF tokens to be snagged and parsed via:
> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
>
> In case the csrf token needs to be refreshed for each injection (when
> injecting into forms and other typical POST injections and such).
>
> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry <bperry.volat...@gmail.com>
> wrote:
>
>> However, that being said, I have run into this before and had to write my
>> own exploits to fully exploit the vulnerability.
>>
>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry <bperry.volat...@gmail.com
>> > wrote:
>>
>>> There is a second order parameter, it could be used to perform this. It
>>> would be requested after ever injected request were sent.
>>>
>>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <krec...@gmail.com>
>>> wrote:
>>>
>>>> Greetings,
>>>> I am testing an application which I suspect to log me out if I don't
>>>> send certain post request in certain time interval.
>>>> Is this possible to do with Sqlmap? I know that there is a parameter
>>>> which lets me to run any python code before every request. But it is not
>>>> so nice, let's say.
>>>> Is there any possibility to supply a post request to safeurl? Is there
>>>> anything like this planed?
>>>> Thank you very much,
>>>> Vojta
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>> Develop your own process in accordance with the BPMN 2 standard
>>>> Learn Process modeling best practices with Bonita BPM through live
>>>> exercises
>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>> event?utm_
>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sqlmap-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>
>>>
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
