Definitelly, thank you for your lightning response.
Vojta
On 20.4.2015 22:35, Miroslav Stampar wrote:
> --safe-post
>
> is it ok?
>
> On Mon, Apr 20, 2015 at 10:33 PM, Vojtěch Polášek <krec...@gmail.com
> <mailto:krec...@gmail.com>> wrote:
>
> Okay, thanks and what is exactly going to be added?
> Thanks,
> Vojta
>
>
> On 20.4.2015 22:26, Miroslav Stampar wrote:
>> Pushing the patch in couple of hours.
>>
>> Bye
>>
>> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry
>> <bperry.volat...@gmail.com <mailto:bperry.volat...@gmail.com>> wrote:
>>
>> Ah, good point. Hadn't thought about that. Also, requiring a
>> POST request does make it difficult.
>>
>> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe
>> <hood3dro...@gmail.com <mailto:hood3dro...@gmail.com>> wrote:
>>
>> I dont think second order option will work as that is
>> specifiing where to look for injection results, which
>> might result in your underlying injection failing if the
>> results are not to be found there.
>>
>> There is however options in latest version that appear to
>> be for just this type of situation (although I personally
>> haven't used them just yet):
>> --safe-url=SAFURL URL address to visit frequently
>> during testing
>> --safe-freq=SAFREQ Test requests between two visits
>> to a given safe URL
>>
>> I believe this will ensure your session remains active
>> during scan.
>>
>> There is also the options for CSRF tokens to be snagged
>> and parsed via:
>> --csrf-token=CSR.. Parameter used to hold anti-CSRF
>> token
>> --csrf-url=CSRFURL URL address to visit to extract
>> anti-CSRF token
>>
>> In case the csrf token needs to be refreshed for each
>> injection (when injecting into forms and other typical
>> POST injections and such).
>>
>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry
>> <bperry.volat...@gmail.com
>> <mailto:bperry.volat...@gmail.com>> wrote:
>>
>> However, that being said, I have run into this before
>> and had to write my own exploits to fully exploit the
>> vulnerability.
>>
>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry
>> <bperry.volat...@gmail.com
>> <mailto:bperry.volat...@gmail.com>> wrote:
>>
>> There is a second order parameter, it could be
>> used to perform this. It would be requested after
>> ever injected request were sent.
>>
>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek
>> <krec...@gmail.com <mailto:krec...@gmail.com>> wrote:
>>
>> Greetings,
>> I am testing an application which I suspect
>> to log me out if I don't
>> send certain post request in certain time
>> interval.
>> Is this possible to do with Sqlmap? I know
>> that there is a parameter
>> which lets me to run any python code before
>> every request. But it is not
>> so nice, let's say.
>> Is there any possibility to supply a post
>> request to safeurl? Is there
>> anything like this planed?
>> Thank you very much,
>> Vojta
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at
>> 10am PDT/1PM EDT
>> Develop your own process in accordance with
>> the BPMN 2 standard
>> Learn Process modeling best practices with
>> Bonita BPM through live exercises
>>
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>>
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am
>> PDT/1PM EDT
>> Develop your own process in accordance with the BPMN
>> 2 standard
>> Learn Process modeling best practices with Bonita BPM
>> through live exercises
>>
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>>
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through
>> live exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>>
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
