Re: [sqlmap-users] How to augment --forms behaviour with default behaviour?

Wed, 28 Oct 2015 05:59:15 -0700 

This is not really the case.

---

$ python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1";
--forms --crawl=1
         _
 ___ ___| |_____ ___ ___  {1.0-dev-caafa37}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 13:54:32

do you want to check for the existence of site's sitemap(.xml) [y/N]
[13:54:34] [INFO] starting crawler
[13:54:34] [INFO] searching for links with depth 1
do you want to store crawling results to a temporary file for eventual
further processing with other tools [y/N]


[13:54:36] [INFO] sqlmap got a total of 4 targets
[#1] form:
POST http://testphp.vulnweb.com:80/search.php?test=query
POST data: searchFor=&goButton=go
do you want to test this form? [Y/n/q]
> n
[#2] form:
GET http://testphp.vulnweb.com:80/artists.php?artist=1
do you want to test this form? [Y/n/q]
> n
[#3] form:
GET http://testphp.vulnweb.com:80/artists.php?artist=2
do you want to test this form? [Y/n/q]
> n
[#4] form:
GET http://testphp.vulnweb.com:80/artists.php?artist=3
do you want to test this form? [Y/n/q]
> n

[*] shutting down at 13:54:47

---


The only clumsy thing here is that everything is called "form" afterwards.
Will make a dirty patch for this in couple of mins.

Bye

On Wed, Oct 28, 2015 at 10:55 AM, David Wray <da...@sec-tec.com> wrote:

> Hi,
>
> It seems when using —crawl to spider a site, using —forms overrides normal
> behaviour, and hence ignores URL based variables. Is there a simple way to
> —crawl a site and test for both URL and forms based variables? In other
> words, to augment normal behaviour and —forms behaviour together.
>
> Thanks
>
> D
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------

_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to