p.s. example for such request file could be something like this:
POST /vuln.php HTTP/1.1
Accept-Encoding: identity
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: www.site.com
Accept-language: en-us,en;q=0.5
Pragma: no-cache
Cache-control: no-cache,no-store
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: sqlmap/1.0-dev-a4f5c1d (http://sqlmap.org)
Connection: close
<xml><bla2 value="1*"/></xml>
On Fri, Jul 20, 2012 at 9:50 AM, Miroslav Stampar <
Post by Miroslav StamparHi.
For such cases where sqlmap doesn't recognize parameters inside (we have a
SOAP parameter parsing but we could probably review it) POST request you
can freely use custom injection mark *.
Also, please update to the latest commit as there was a related "patch"
for your case (https://github.com/sqlmapproject/sqlmap/issues/108).
Kind regards,
Miroslav Stampar
Post by * *Is there a way to get sqlmap to recognize xml parameters inside an
intercepted SOAP request? I have a POST request with parameters in xml
format inside a SOAP envelope I want to test. Thanks!
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
--
Miroslav Stampar
http://about.me/stamparm
--
Miroslav Stampar
http://about.me/stamparm