mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
237 lines
6.4 KiB
Plaintext
237 lines
6.4 KiB
Plaintext
|
[Request]
|
||
|
|
||
|
# Target URL.
|
||
|
# Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2
|
||
|
url = http://127.0.0.1/sqlmap/mysql/get_int.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_brackets.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_str_like.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par2.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_str_like_par3.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_dstr_like_par2.php?id=1
|
||
|
#url = http://127.0.0.1/sqlmap/mysql/get_int_str.php?id=1&name=luther
|
||
|
|
||
|
# Rather than providing a target url, let Google return target
|
||
|
# hosts as result of your Google dork expression. For a list of Google
|
||
|
# dorks see Johnny Long Google Hacking Database at
|
||
|
# http://johnny.ihackstuff.com/ghdb.php.
|
||
|
# Example: +ext:php +inurl:"&id=" +intext:"powered by "
|
||
|
googleDork =
|
||
|
|
||
|
# Testable parameter(s) comma separated. By default all GET/POST/Cookie
|
||
|
# parameters and HTTP User-Agent are tested by sqlmap.
|
||
|
testParameter =
|
||
|
|
||
|
# HTTP method to perform HTTP requests.
|
||
|
# Valid: GET or POST
|
||
|
# Default: GET
|
||
|
method = GET
|
||
|
|
||
|
# Data string to be sent through POST. It is mandatory only when
|
||
|
# HTTP method is set to POST.
|
||
|
data =
|
||
|
|
||
|
# HTTP Cookie header.
|
||
|
cookie =
|
||
|
|
||
|
# HTTP Referer header. Useful to fake the HTTP Referer header value at
|
||
|
# each HTTP request.
|
||
|
referer =
|
||
|
|
||
|
# HTTP User-Agent header. Useful to fake the HTTP User-Agent header value
|
||
|
# at each HTTP request
|
||
|
# sqlmap will also test for SQL injection on the HTTP User-Agent value.
|
||
|
agent = sqlmap/0.6.1 (http://sqlmap.sourceforge.net)
|
||
|
|
||
|
# Load a random HTTP User-Agent header from file
|
||
|
# Example: txt/user-agents.txt
|
||
|
userAgentsFile =
|
||
|
|
||
|
# HTTP Authentication type. Useful only if the target url requires
|
||
|
# HTTP Basic or Digest authentication and you have such data.
|
||
|
# Valid: Basic or Digest
|
||
|
aType =
|
||
|
|
||
|
# HTTP Authentication credentials. Useful only if the target url requires
|
||
|
# HTTP Basic or Digest authentication and you have such data.
|
||
|
# Syntax: username:password
|
||
|
aCred =
|
||
|
|
||
|
# Use a HTTP proxy to connect to the target url.
|
||
|
# Syntax: http://url:port
|
||
|
proxy =
|
||
|
|
||
|
# Maximum number of concurrent HTTP requests (handled with Python threads)
|
||
|
# to be used in the inference SQL injection attack.
|
||
|
# Default: 1
|
||
|
threads = 1
|
||
|
|
||
|
|
||
|
[Injection]
|
||
|
|
||
|
# String to match in page when the query is valid, only needed if the
|
||
|
# page content dynamically changes at each refresh, consequently changing
|
||
|
# the MD5 of the page which is the method used by default to determine
|
||
|
# if a query was valid or not. Read the documentation for further
|
||
|
# details.
|
||
|
string =
|
||
|
|
||
|
# Force back-end DBMS to this value. If this option is set, the back-end
|
||
|
# DBMS identification process will be minimized as needed.
|
||
|
# If not set, sqlmap will detect back-end DBMS automatically by default.
|
||
|
# Valid: mssql, mysql, oracle, pgsql
|
||
|
dbms =
|
||
|
|
||
|
|
||
|
[Fingerprint]
|
||
|
|
||
|
# Perform an extensive back-end database management system fingerprint
|
||
|
# based on various techniques.
|
||
|
# Valid: True or False
|
||
|
extensiveFp = False
|
||
|
|
||
|
|
||
|
[Enumeration]
|
||
|
|
||
|
# Retrieve back-end database management system banner.
|
||
|
# Valid: True or False
|
||
|
getBanner = False
|
||
|
|
||
|
# Retrieve back-end database management system current user.
|
||
|
# Valid: True or False
|
||
|
getCurrentUser = False
|
||
|
|
||
|
# Retrieve back-end database management system current database.
|
||
|
# Valid: True or False
|
||
|
getCurrentDb = False
|
||
|
|
||
|
# Enumerate back-end database management system users.
|
||
|
# Valid: True or False
|
||
|
getUsers = False
|
||
|
|
||
|
# Enumerate back-end database management system users password hashes.
|
||
|
# Valid: True or False
|
||
|
getPasswordHashes = False
|
||
|
|
||
|
# Enumerate back-end database management system users privileges.
|
||
|
# Valid: True or False
|
||
|
getPrivileges = False
|
||
|
|
||
|
# Enumerate back-end database management system databases.
|
||
|
# Valid: True or False
|
||
|
getDbs = False
|
||
|
|
||
|
# Enumerate back-end database management system database tables.
|
||
|
# Optional: db
|
||
|
# Valid: True or False
|
||
|
getTables = False
|
||
|
|
||
|
# Enumerate back-end database management system database table columns.
|
||
|
# Requires: db and tbl
|
||
|
# Valid: True or False
|
||
|
getColumns = False
|
||
|
|
||
|
# Dump back-end database management system database table entries.
|
||
|
# Requires: db and tbl
|
||
|
# Optional: col
|
||
|
# Valid: True or False
|
||
|
dumpTable = False
|
||
|
|
||
|
# Dump all back-end database management system databases tables entries.
|
||
|
# Valid: True or False
|
||
|
dumpAll = False
|
||
|
|
||
|
# Back-end database management system database to enumerate.
|
||
|
db =
|
||
|
|
||
|
# Back-end database management system database table to enumerate.
|
||
|
tbl =
|
||
|
|
||
|
# Back-end database management system database table column to enumerate.
|
||
|
col =
|
||
|
|
||
|
# Back-end database management system database user to enumerate.
|
||
|
user =
|
||
|
|
||
|
# Exclude DBMS system databases when enumerating tables.
|
||
|
# Valid: True or False
|
||
|
excludeSysDbs = False
|
||
|
|
||
|
# First table entry to dump (cursor start)
|
||
|
# Valid: number
|
||
|
# Default: 1 (sqlmap will start to dump the table entries from the first)
|
||
|
limitStart = 1
|
||
|
|
||
|
# Last table entry to dump (cursor stop)
|
||
|
# Valid: number
|
||
|
# Default: 1 (sqlmap will detect the number of table entries and dump
|
||
|
# until the last)
|
||
|
limitStop = 1
|
||
|
|
||
|
# SQL SELECT query to be executed.
|
||
|
# Example: SELECT 'foo', 'bar'
|
||
|
query =
|
||
|
|
||
|
# Prompt for an interactive SQL shell.
|
||
|
# Valid: True or False
|
||
|
sqlShell = False
|
||
|
|
||
|
|
||
|
[File system]
|
||
|
|
||
|
# Read a specific OS file content (only on MySQL).
|
||
|
# Examples: '/etc/passwd' or 'C:\boot.ini'
|
||
|
rFile =
|
||
|
|
||
|
# Write to a specific OS file (not yet available).
|
||
|
# Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt
|
||
|
wFile =
|
||
|
|
||
|
|
||
|
[Takeover]
|
||
|
|
||
|
# Prompt for an interactive OS shell (only on PHP/MySQL environment with a
|
||
|
# writable directory within the web server document root for the moment).
|
||
|
# Valid: True or False
|
||
|
osShell = False
|
||
|
|
||
|
|
||
|
[Miscellaneous]
|
||
|
|
||
|
# Test for UNION SELECT (inband) SQL injection.
|
||
|
# Valid: True or False
|
||
|
unionTest = False
|
||
|
|
||
|
# Use the UNION SELECT (inband) SQL injection to retrieve the queries
|
||
|
# output. No need to go blind.
|
||
|
# Valid: True or False
|
||
|
unionUse = False
|
||
|
|
||
|
# Retrieve each query output length and calculate the estimated time of
|
||
|
# arrival in real time.
|
||
|
# Valid: True or False
|
||
|
eta = False
|
||
|
|
||
|
# Verbosity level.
|
||
|
# Valid values:
|
||
|
# 0: Silent
|
||
|
# 1: Show info messages
|
||
|
# 2: Show also debug messages
|
||
|
# 3: Show also HTTP requests
|
||
|
# 4: Show also HTTP responses headers
|
||
|
# 5: Show also HTTP responses page content
|
||
|
# Default: 0
|
||
|
verbose = 0
|
||
|
|
||
|
# Update sqlmap to the latest stable version.
|
||
|
# Valid: True or False
|
||
|
updateAll = False
|
||
|
|
||
|
# Save and resume all data retrieved on a session file.
|
||
|
sessionFile =
|
||
|
|
||
|
# Never ask for user input, use the default behaviour.
|
||
|
# Valid: True or False
|
||
|
batch = False
|