Okay, thanks and what is exactly going to be added?
Thanks,
Vojta
On 20.4.2015 22:26, Miroslav Stampar wrote:
> Pushing the patch in couple of hours.
>
> Bye
>
> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry
> <bperry.volat...@gmail.com <mailto:bperry.volat...@gmail.com>> wrote:
>
> Ah, good point. Hadn't thought about that. Also, requiring a POST
> request does make it difficult.
>
> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe
> <hood3dro...@gmail.com <mailto:hood3dro...@gmail.com>> wrote:
>
> I dont think second order option will work as that is
> specifiing where to look for injection results, which might
> result in your underlying injection failing if the results are
> not to be found there.
>
> There is however options in latest version that appear to be
> for just this type of situation (although I personally haven't
> used them just yet):
> --safe-url=SAFURL URL address to visit frequently during
> testing
> --safe-freq=SAFREQ Test requests between two visits to a
> given safe URL
>
> I believe this will ensure your session remains active during
> scan.
>
> There is also the options for CSRF tokens to be snagged and
> parsed via:
> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
> --csrf-url=CSRFURL URL address to visit to extract
> anti-CSRF token
>
> In case the csrf token needs to be refreshed for each
> injection (when injecting into forms and other typical POST
> injections and such).
>
> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry
> <bperry.volat...@gmail.com <mailto:bperry.volat...@gmail.com>>
> wrote:
>
> However, that being said, I have run into this before and
> had to write my own exploits to fully exploit the
> vulnerability.
>
> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry
> <bperry.volat...@gmail.com
> <mailto:bperry.volat...@gmail.com>> wrote:
>
> There is a second order parameter, it could be used to
> perform this. It would be requested after ever
> injected request were sent.
>
> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek
> <krec...@gmail.com <mailto:krec...@gmail.com>> wrote:
>
> Greetings,
> I am testing an application which I suspect to log
> me out if I don't
> send certain post request in certain time interval.
> Is this possible to do with Sqlmap? I know that
> there is a parameter
> which lets me to run any python code before every
> request. But it is not
> so nice, let's say.
> Is there any possibility to supply a post request
> to safeurl? Is there
> anything like this planed?
> Thank you very much,
> Vojta
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am
> PDT/1PM EDT
> Develop your own process in accordance with the
> BPMN 2 standard
> Learn Process modeling best practices with Bonita
> BPM through live exercises
>
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
>
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2
> standard
> Learn Process modeling best practices with Bonita BPM
> through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
>
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
