Great idea!!! Thanks!!! :) I'll try and let you know the results. On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry <bperry.volat...@gmail.com> wrote: > You can write a burp rule that rewrites a specific value that you set in the > SOAP body with an incrementing integer as sqlmap is exploiting the > sqlinjection (it wouldn’t realize the parameter needed to be incremented). > > You can use —proxy to send sqlmap through burp. > >> On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <rira...@gmail.com> >> wrote: >> >> I have a SOAP POST request where two different should be unique. One >> is an Email and another UserID. >> Is there a way to inject on Email having the email domain (e.g. >> @gmail.com) as a suffix and increment the UserID parameter (e.g. >> starting from 100)? >> >> Thanks! >> Ricardo Iramar >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >
------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
