You can write a burp rule that rewrites a specific value that you set in the SOAP body with an incrementing integer as sqlmap is exploiting the sqlinjection (it wouldn’t realize the parameter needed to be incremented).
You can use —proxy to send sqlmap through burp. > On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <rira...@gmail.com> > wrote: > > I have a SOAP POST request where two different should be unique. One > is an Email and another UserID. > Is there a way to inject on Email having the email domain (e.g. > @gmail.com) as a suffix and increment the UserID parameter (e.g. > starting from 100)? > > Thanks! > Ricardo Iramar > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
