Pushing the patch in couple of hours.
Bye
On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry <bperry.volat...@gmail.com>
wrote:
> Ah, good point. Hadn't thought about that. Also, requiring a POST request
> does make it difficult.
>
> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe <hood3dro...@gmail.com>
> wrote:
>
>> I dont think second order option will work as that is specifiing where to
>> look for injection results, which might result in your underlying injection
>> failing if the results are not to be found there.
>>
>> There is however options in latest version that appear to be for just
>> this type of situation (although I personally haven't used them just yet):
>> --safe-url=SAFURL URL address to visit frequently during testing
>> --safe-freq=SAFREQ Test requests between two visits to a given safe
>> URL
>>
>> I believe this will ensure your session remains active during scan.
>>
>> There is also the options for CSRF tokens to be snagged and parsed via:
>> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
>> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
>>
>> In case the csrf token needs to be refreshed for each injection (when
>> injecting into forms and other typical POST injections and such).
>>
>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry <bperry.volat...@gmail.com
>> > wrote:
>>
>>> However, that being said, I have run into this before and had to write
>>> my own exploits to fully exploit the vulnerability.
>>>
>>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry <
>>> bperry.volat...@gmail.com> wrote:
>>>
>>>> There is a second order parameter, it could be used to perform this. It
>>>> would be requested after ever injected request were sent.
>>>>
>>>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <krec...@gmail.com>
>>>> wrote:
>>>>
>>>>> Greetings,
>>>>> I am testing an application which I suspect to log me out if I don't
>>>>> send certain post request in certain time interval.
>>>>> Is this possible to do with Sqlmap? I know that there is a parameter
>>>>> which lets me to run any python code before every request. But it is
>>>>> not
>>>>> so nice, let's say.
>>>>> Is there any possibility to supply a post request to safeurl? Is there
>>>>> anything like this planed?
>>>>> Thank you very much,
>>>>> Vojta
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>> Learn Process modeling best practices with Bonita BPM through live
>>>>> exercises
>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>>> event?utm_
>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sqlmap-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> http://volatile-minds.blogspot.com -- blog
>>>> http://www.volatileminds.net -- website
>>>>
>>>
>>>
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live
>>> exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>> event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
