Hi. With the latest revision you have a special variable "lastPage" for --eval purposes.
For example: python sqlmap.py -u " http://testphp.vulnweb.com/artists.php?artist=1"; --eval="print lastPage" Bye p.s. for REST API quick reference go to the http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html as Brandon already suggested On Thu, Aug 13, 2015 at 12:11 PM, Vojtěch Polášek <krec...@gmail.com> wrote: > Thank you very much, this will certainly help in automating Sqlmap. > But I think it doesn't solve my problem. > I will try to explain it once more and suggest some possible solution, > which came to my mind: > I am trying to find SQL injection flaw in a HTTP request which deletes > an object. > Before every request I need to: > 1. send a POSt request to create an object - every object gets a new ID > 2. receive response and get new object ID > 3. send the deletion request which tests for SQL injection flaw. > As far as I thought about it, the REST API won't help me here. > The --eval argument seems like the best approach for me. From the usage > page I can see, that I can change parameter values in the request > through --eval. That's good. But is it also possible to access > information send in the last response? That's all I need I think. If I > could access information from last response within the --eval, I could > modify original request for deletion to delete the right object. > I guess that there is some name space which can be accessed by my custom > script in the context of --eval, right? > What do you think about it? Do you understand it or should I provide > more information? > And one more question - in which class should I look to get list of all > implemented methods for REST API? I took a brief look at > lib/utils/api.py, but I can't seem to find the right class. I have never > worked with Bottle framework before. > Thanks alot for your help, I really appreciate it. > Best regards, > Vojtěch Polášek > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
