I have a problem with CAS. I have a website which has several applications based on CAS and I want to do some SqlInjection tests in order to close holes in the system as much as possible. But because of the ticket system of CAS, I couldn't pass the login screen with sqlmap. How can I login to the site, by providing username and password via sqlmap?
Asked
Active
Viewed 1,255 times
1 Answers
0
Use HTTP Cookie header, switches: --cookie
python sqlmap.py -u 'http://www.your-website.org/?id=1' --dbms=mysql --cookie 'pass=123456789123456789123456789;uid=2'
that the HTTP Cookie header values are usually separated by a ; character, not by an &.
Sqlmap can recognize these as separate sets of parameter=value too, as well as GET and POST parameters.
Julien
- 1,946
- 3
- 33
- 51