Inject GET parameter in POST request about commix HOT 7 CLOSED

Hey @Tompazi, try to use the "*" wildcard in order to specify where to inject (in the URI) i.e. commix -u http://10.0.0.1/index.pl?*

from commix.

Same result, keep in mind there is also POST data.

also:

$ grep INJECT_TAG /usr/share/commix/src/utils/settings.py
INJECT_TAG = "INJECT_HERE"
$ grep VERSION_NUM /usr/share/commix/src/utils/settings.py -m 1
VERSION_NUM = "1.3.16"

Am I using the wrong version?

from commix.

Try to use commix -u http://10.0.0.1/index.pl?* and then enter your post data.

from commix.

I'm sorry but what do you mean? How shouId I enter my post data, I do it like this:

commix -u http://10.0.0.1/index.pl?* --data=$POST_DATA

It's still only injecting the post parameters.

from commix.

You should be entering it like this: commix -u http://10.0.0.1/index.pl/* --data="POST_DATA" (without the $ symbol). For example, if there are two POST A and B parameters and you want to test the URL itself, you should write: commix -u http://10.0.0.1/index.pl/* --data="A=whatever&B=whatever". (The "INJECT_HERE" is replaced by "*".) For more info, please check Commix Wiki Page at https://github.com/stasinopoulos/commix/wiki/Usage-Examples.

from commix.

I think we are not communicating correctly. Look at this, is this intended behavior? I do not want to test the post parameters.

from commix.

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related issues.

from commix.