1

I have have used sqlmap for a long time now. I have come across a this url pattern. http://www.example.com/parameter-somethingid01-anotherthingid023

Where parameter is expendable meaning it doesn't matter if the it's available or not. http://www.example.com/somethingid01-anotherthingid023 is the same as the one above

if you change somethingid01 to somethingid012 or other id it will take you to a different resource that applies to anotherthingid too.

My question is how am I going to tell sqlmap to attack this kind of URL?

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
Duplicator
  • 11
  • 1
  • 1
    This is more of a tooling question rather than a security one. Also, people would probably need a bit more information than what you have provided. What type of application are you trying to test? That to me looks like an application that performs parameter based navigation, but beyond that I can't say much. Maybe it can't be tested with sqlmap. – sir_k Jun 03 '15 at 10:27

1 Answers1

1

As described in the sqlmap manual on the sqlmap GitHub page (https://github.com/sqlmapproject/sqlmap/wiki/Usage#uri-injection-point) you can insert an asterix at the spot where sqlmap should inject the payloads if that spot is in the URI.

That means:
If you want sqlmap to replace somethingid01 with the payload you would give your url like:

sqlmap -u "http://www.example.com/*-anotherthingid023"

If you want sqlmap to scan both parameters you have to replace the second one as well:

sqlmap -u "http://www.example.com/*-*"
Denis
  • 3,653
  • 2
  • 17
  • 16