Done (usage e.g. --safe-url=... --safe-post="foo=bar&...").
Bye
On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Pushing the patch in couple of hours.
>
> Bye
>
> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry <bperry.volat...@gmail.com>
> wrote:
>
>> Ah, good point. Hadn't thought about that. Also, requiring a POST request
>> does make it difficult.
>>
>> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe <hood3dro...@gmail.com>
>> wrote:
>>
>>> I dont think second order option will work as that is specifiing where
>>> to look for injection results, which might result in your underlying
>>> injection failing if the results are not to be found there.
>>>
>>> There is however options in latest version that appear to be for just
>>> this type of situation (although I personally haven't used them just yet):
>>> --safe-url=SAFURL URL address to visit frequently during testing
>>> --safe-freq=SAFREQ Test requests between two visits to a given safe
>>> URL
>>>
>>> I believe this will ensure your session remains active during scan.
>>>
>>> There is also the options for CSRF tokens to be snagged and parsed via:
>>> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
>>> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
>>>
>>> In case the csrf token needs to be refreshed for each injection (when
>>> injecting into forms and other typical POST injections and such).
>>>
>>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry <
>>> bperry.volat...@gmail.com> wrote:
>>>
>>>> However, that being said, I have run into this before and had to write
>>>> my own exploits to fully exploit the vulnerability.
>>>>
>>>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry <
>>>> bperry.volat...@gmail.com> wrote:
>>>>
>>>>> There is a second order parameter, it could be used to perform this.
>>>>> It would be requested after ever injected request were sent.
>>>>>
>>>>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <krec...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Greetings,
>>>>>> I am testing an application which I suspect to log me out if I don't
>>>>>> send certain post request in certain time interval.
>>>>>> Is this possible to do with Sqlmap? I know that there is a parameter
>>>>>> which lets me to run any python code before every request. But it is
>>>>>> not
>>>>>> so nice, let's say.
>>>>>> Is there any possibility to supply a post request to safeurl? Is there
>>>>>> anything like this planed?
>>>>>> Thank you very much,
>>>>>> Vojta
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>>> Learn Process modeling best practices with Bonita BPM through live
>>>>>> exercises
>>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>>>> event?utm_
>>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>>> _______________________________________________
>>>>>> sqlmap-users mailing list
>>>>>> sqlmap-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> http://volatile-minds.blogspot.com -- blog
>>>>> http://www.volatileminds.net -- website
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> http://volatile-minds.blogspot.com -- blog
>>>> http://www.volatileminds.net -- website
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>> Develop your own process in accordance with the BPMN 2 standard
>>>> Learn Process modeling best practices with Bonita BPM through live
>>>> exercises
>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>> event?utm_
>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sqlmap-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
