Nmap Development mailing list archives
[PATCH] sql-injection.nse arguments
From: Joao Correa <joao () livewire com br>
Date: Sat, 11 Jul 2009 14:33:29 -0300
Hello guys, I was making a few tests with sql-injection.nse and, due to some restrictions, I started getting annoyed about the big number of websites that the script was unable to scan. The way sql-injection.nse works makes it unable to scan virtually hosted websites for sql injections, due to the script being unable to retrieve the website hostname. This patch creates an argument (sql-injection.host) for the hostname, so if the user wants to scan a virtually hosted website, he can just specify which is the website's hostname. Also, I've introduced a second argument, called sql-injection.start, which specifies the starting point for the scan (sometimes, it is useful avoiding initial pages with only flash introductions, or only scanning part of a large website tree). The patch is very simple and also fixes some comments.
Attachment:
sql-injection_arguments.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] sql-injection.nse arguments Joao Correa (Jul 11)
- Re: [PATCH] sql-injection.nse arguments Joao Correa (Jul 16)
- Re: [PATCH] sql-injection.nse arguments David Fifield (Jul 18)
- Re: [PATCH] sql-injection.nse arguments Joao Correa (Jul 16)