Hi,
I'm using sqlmap/1.0-dev-nongit-20150608 to test the following JSON request that
I extracted from Burp and censored a bit:
----------------------------------------------------------------------
POST /SomeURL/getApns.action HTTP/1.1
Host: IP:8443
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer:
https://IP:8443/SomeURL/show_apn_page.jsp?now=Fri%20Jun%2012%202015%2009:34:42%20GMT+0800
Content-Length: 39
Cookie: JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN;
HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true;
loginUserName=SomeUser; lockScreen=false
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
{"apn":"requestApn","language":"zh_CN"}
----------------------------------------------------------------------
I tried the following command to do the SQL injection test, but it ended up
with "no parameter(s) found" message.
-----------------------------------------------------------------------
Command:
sqlmap.py -u "https://SomeURL/getApns.action";
--cookie="JSESSIONID=40E3B9CDA12CF88200D301CCC1163F2B; locale=zh_CN;
org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE=zh_CN;
HttpOnly=true; locked=false; timeNum=1434072883045; timeState=true;
loginUserName=SomeUser;
lockScreen=false" --data="{"apn":"requestApn","language":"zh_CN"}"
--ignore-proxy --dbms "MySQL"
-----------------------------------------------------------------------
Log:
[*] starting at 09:36:31
[09:36:31] [INFO] testing connection to the target URL
[09:36:33] [INFO] testing if the target URL is stable. This can take a couple
of seconds
[09:36:35] [INFO] target URL is stable
[09:36:35] [CRITICAL] no parameter(s) found for testing in the provided data (e.
g. GET parameter 'id' in 'www.site.com/index.php?id=1')
[*] shutting down at 09:36:35
-----------------------------------------------------------------------
Then I saved the post JSON request to file "testURL.txt" and tried "sqlmap.py
-r d:\testURL.txt ",
It can perfectly identify JSON parameters:
-----------------------------------------------------------------------
Log:
[*] starting at 09:43:58
[09:43:58] [INFO] parsing HTTP request from 'd:\testURL.txt'
JSON data found in POST data. Do you want to process it? [Y/n/q] Y
[09:44:06] [INFO] testing connection to the target URL
[09:44:07] [WARNING] the web server responded with an HTTP error code (400)
which could interfere with the results of the tests
[09:44:07] [INFO] testing if the target URL is stable. This can take a couple
of seconds
[09:44:08] [INFO] target URL is stable
[09:44:08] [INFO] testing if (custom) POST parameter 'JSON apn' is dynamic
...
[09:45:01] [INFO] testing if (custom) POST parameter 'JSON language' is dynamic
...
-----------------------------------------------------------------------
Why it behaved differently?
For some reason, I can only use "sqlmap.py -u SomeURL --cookie=SomeCookie
--data=JSON data" to do the test.
Can sqlmap identify JSON post data using the above command?
How do I achieve this?
Kind regards,
Guo
------------------------------------------------------------------------------
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
