I am trying to get SQLMAP tool to test the possibilities of SQL injection on my asp.net web application which has forms authentication. But I am not getting any clear directions on this. I have tried my hands on numerous forums and found nothing concrete for ASP.NET web application. Most of the demos are provided for PHP sites, which does not work like ASP.NET.
When I try to run
sqlmap.py -u "https://test.XXXX_SIT/login.aspx" --dbs
command, I end up getting the below response from the SQLMAP console
I am new to this aspect of security testing and I am even open for any better and simple free tool that does the job for me.
Please let me know the possible solution or other better possibilities to achieve this.
Regards,
Krishna Samaga B.
You need parameters to test.
sqlmap.py -u "https://test.XXXX_SIT/login.aspx?login=1&pass=2" --dbs
for example login and pass are GET parameters.
or
sqlmap.py -u "https://test.XXXX_SIT/login.aspx" --data='login=1&pass=2' --dbs
if you're sending POST request with login and pass
Related
We need to check the technical feasibility to call a Asp.NET web api from korn shell script.
The purpose is to log the start and successful or error end of the Koran shell script via Web API in a log table.
What can be done to achieve this requirement?
I have not yet tried anything as I am completely new in this territory and is not aware from where to start. Please guide me through this.
I hope this doesn't fall into the non question category.
I would like to host a powershell environment inside my ASP.NET application, running in the same process as the Application Pool, and be able to remotely connect to the hosted environment. I already have a dll with my custom Cmdlets that I would also like to use inside my hosted session.
Note that I'm not just looking to run arbitrary commands inside ASP.NET. Instead, I want to have a full shell like interface where I can work in.
I've looked at fan-in and creating/pooling Runspaces, but this is too vague and I can't seem to find good information on this specific scenario. So any pointers would be really helpful.
Take a look at PowerShellASP - part of the product suite listed at http://www.powershellinside.com. That should allow you to host PowerShell with ASP.NET. Another option (if you want to mix ASP.NET and PowerShell in the same page) would be the PowerShell Panel:
http://www.powershellinside.com/powershell/panel/
I am trying to use cURL to automate some deployment tasks to an ASP.NET Application. But I am having some problems with it. The login part works perfectly but i guess the application for some reason has some sort of control for this kind of tools. These application was developed or an external company(real crappy app). Basically what i need to do is upload every month like 10 xml files by hand which is stupid!. I want to be able to automate this by using my own script(like ruby) and call cURL on the background to process the http requests.
Does any one know about any problems using cURL and an ASP.NET app?. May be should I write my own C# tool for this?.
Any ideas?
There's no problem with curl and ASP.NET. curl speaks HTTP and offers many different features and ways to send data, including multiport formpost uploads etc. You most likely just haven't figured out exactly how to mimic a browser when doing your command lines.
I use Anthill Pro for build and deployment management. I'm attempting to configure Anthill to make a HTTP POST or GET to a web server after a deployment has completed. I'm passing basic information regarding the deployment to a web application.
It looks like writing a Beanshell script is the way to do this in Anthill (I'm open to suggestions), but the documentation does not seem to offer an obvious way to do this.
Can a Beanshell script from Anthill make a HTTP connection to accomplish this, or is there a better way?
Example of the connection I'm trying to make:
http://myServer/myScript/?param1=deployValue1¶m2=deployValue2
Any help is appreciated.
Are you just trying to hit a URL and validate that some text on it is there? If so we have a plugin baking that does this sort of thing. Shoot me a mail at eric#urbancode.com (or file a support ticket) and we can get that over to you.
I'm looking for a quick way to log some data - I seem to remember a way to write to the access log, similar to System.Out.Println() but I can't seem to remember how to do it.
I can't attach a debugger, nor can I add additional information to the web app via Response.Write().
Is there a simple way - a single statement with no configuration changes would be ideal - to write to either the error or access logs?
This is a quick way...
Debug.Write("my data to read....");
and read it in real time using sysinterlans DebugView.