I would like to use sqlmap and set parameters, that are concatenated inside the URL parts.
I know that a following URL is possible to track with defining of parameter by putting an asterisk behind the parameter value:
sqlmap -u http://example.com/article/22565*/
But what about URLs, that have numbers and alias strings concatenated all together?
I would like to test, whether injections can me made on this URL:
http://example.com/alias-text-22565/description
A bold number is a dynamic parameter. This parameter is read on server side using regex.
How to define parameters inside URL, so sqlmap knows what are the real parameters in this manner?
Note: Currently I am not capable to test a website with SEF URLs rewriting switched off.