如何使用 sqlmap 验证中央身份验证服务(CAS)?
我的 CAS 有问题。我有一个网站,其中有几个基于 CAS 的应用程序,我想做一些 SqlInjection 测试,以便尽可能地弥补系统中的漏洞。但由于CAS的票证系统,我无法通过sqlmap的登录屏幕。如何通过 sqlmap 提供用户名和密码来登录该网站?
I have a problem with CAS. I have a website which has several applications based on CAS and I want to do some SqlInjection tests in order to close holes in the system as much as possible. But because of the ticket system of CAS, I couldn't pass the login screen with sqlmap. How can I login to the site, by providing username and password via sqlmap?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用 HTTP Cookie 标头,开关:
--cookieHTTP Cookie 标头值通常由 ; 分隔字符,而不是 &。
Sqlmap 也可以将它们识别为单独的参数=值集,以及 GET 和 POST 参数。
Use HTTP Cookie header, switches:
--cookiethat the HTTP Cookie header values are usually separated by a ; character, not by an &.
Sqlmap can recognize these as separate sets of parameter=value too, as well as GET and POST parameters.