You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for clarifying, epinna, and the question should be elaborated: is there currently a way to do that in the URL, but outside GET parameters? That's the support I meant to ask for.
If my injection point is, for instance, http://www.example.com/HERE or http://www.example.com/dir/dir/dir/HERE, urlparse.parse_qs will return an empty dictionary and no injection will be tested. This may seem odd, but it's a real scenario considering mod_rewrite rules.
epinna
changed the title
Feature: Parse nonstandard injection points in the URL with wildcards.
Feature: Use wildcard to indicate injection points that aren't standard GET parameters.
Mar 7, 2017
Similarly to sqlmap, a wildcard could be used to indicate injection points that aren't standard GET parameters.
The text was updated successfully, but these errors were encountered: