Hi,
I tried your new --safe-post and it doesn't seem to fullfill my needs. I
need to submit in this url same cookies as in requests for SQL injection
etc. Would it be possible to provide something like --safe-request and
read request from a file?
Thanks,
Vojta
On 20.4.2015 23:56, Miroslav Stampar wrote:
> Done (usage e.g. --safe-url=... --safe-post="foo=bar&...").
>
> Bye
>
> On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar
> <miroslav.stam...@gmail.com <mailto:miroslav.stam...@gmail.com>> wrote:
>
> Pushing the patch in couple of hours.
>
> Bye
>
> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry
> <bperry.volat...@gmail.com <mailto:bperry.volat...@gmail.com>> wrote:
>
> Ah, good point. Hadn't thought about that. Also, requiring a
> POST request does make it difficult.
>
> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe
> <hood3dro...@gmail.com <mailto:hood3dro...@gmail.com>> wrote:
>
> I dont think second order option will work as that is
> specifiing where to look for injection results, which
> might result in your underlying injection failing if the
> results are not to be found there.
>
> There is however options in latest version that appear to
> be for just this type of situation (although I personally
> haven't used them just yet):
> --safe-url=SAFURL URL address to visit frequently
> during testing
> --safe-freq=SAFREQ Test requests between two visits
> to a given safe URL
>
> I believe this will ensure your session remains active
> during scan.
>
> There is also the options for CSRF tokens to be snagged
> and parsed via:
> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
> --csrf-url=CSRFURL URL address to visit to extract
> anti-CSRF token
>
> In case the csrf token needs to be refreshed for each
> injection (when injecting into forms and other typical
> POST injections and such).
>
> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry
> <bperry.volat...@gmail.com
> <mailto:bperry.volat...@gmail.com>> wrote:
>
> However, that being said, I have run into this before
> and had to write my own exploits to fully exploit the
> vulnerability.
>
> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry
> <bperry.volat...@gmail.com
> <mailto:bperry.volat...@gmail.com>> wrote:
>
> There is a second order parameter, it could be
> used to perform this. It would be requested after
> ever injected request were sent.
>
> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek
> <krec...@gmail.com <mailto:krec...@gmail.com>> wrote:
>
> Greetings,
> I am testing an application which I suspect to
> log me out if I don't
> send certain post request in certain time
> interval.
> Is this possible to do with Sqlmap? I know
> that there is a parameter
> which lets me to run any python code before
> every request. But it is not
> so nice, let's say.
> Is there any possibility to supply a post
> request to safeurl? Is there
> anything like this planed?
> Thank you very much,
> Vojta
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at
> 10am PDT/1PM EDT
> Develop your own process in accordance with
> the BPMN 2 standard
> Learn Process modeling best practices with
> Bonita BPM through live exercises
>
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
>
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am
> PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2
> standard
> Learn Process modeling best practices with Bonita BPM
> through live exercises
>
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
>
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through
> live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
