Closed patosar closed 8 years ago
Have you tried with:
--second-order=S.. Resulting page URL searched for second-order response
It should look for results of SQLi inside provided URL
@stamparm hey! Thanks for the quick reply, love the sqlmap project.
It was exactly what I was looking for, thanks! It worked like a charm.
Still, would it be a nice feature if sqlmap followed frames by default, automatically?
But which frames? In some pages there are tens of frames, in most cases with junk ads.
@stamparm agreed.
@stamparm could a little reference to frames be added to the --second-order entry in the wiki, so it's easier for everybody in the future to find a solution to this via google?
Added (e.g. frame)
into the https://github.com/sqlmapproject/sqlmap/wiki/Usage#second-order-attack. There is really no need to put any more details
Can there be a flag added so that frames are processed? Second-order is only a work-around and not feasible when there are many frames.
@slw07g but why don't you just provide the frame URL as value for --second-url
?
Of course, sqlmap is working as designed because it doesn't have an HTML parser AFAIK.
But, what happens is that I'm pentesting and I found a potential blind SQL injection in a webapp, via some POST parameter (I'm running sqlmap the following way
python sqlmap.py -u http://redacted/redacted.asp --load-cookies="/cookiejar.txt" --data="redacted=12345678&ano=2015&Radio=redacted&Consultar=redacted" -p ano
)The thing is, the webapp responds to the request with:
>>HTTP Headers and stuff<<
<frameset rows="120,*" frameborder="NO" border="0" framespacing="0" cols="*">
<frame name="Titulo" scrolling="NO" noresize src="encabezado.asp" >
<frame name="mainFrame" src="rendimiento.asp">
</frameset>
And it happens to be that the sql error is printed in the encabezado.asp file, but sqlmap does not know that it also has to issue a GET to that file after the first response. (I've confirmed that by using the -t switch).
What can I do? Is it possible to get sqlmap to follow frames?