More user's manual updates

2024-11-22 01:26:42 +03:00 · 2011-04-08 10:20:42 +00:00 · 2011-04-08 10:20:42 +00:00 · 159789ba81
commit 159789ba81
parent d305183447
3 changed files with 39 additions and 17 deletions
--- a/doc/README.html
+++ b/doc/README.html
@ -2022,6 +2022,10 @@ want to enumerate the privileges.</P>
 <P>If you provide <CODE>CU</CODE> as username it will consider it as an alias for
 current user and will enumerate the privileges for this user.</P>

+<P>On Microsoft SQL Server, this feature will display you whether or not each
+user is a database administrator rather than the list of privileges for
+all users.</P>
+

 <H3>List database management system users roles</H3>

@ -2048,13 +2052,11 @@ current user and will enumerate the privileges for this user.</P>
 information about available databases, it is possible to enumerate the
 list of databases.</P>

-<P>Note that this feature is not available if the database management system
-is Oracle.</P>
-

 <H3>Enumerate database's tables</H3>

-<P>Switches: <CODE>-</CODE><CODE>-tables</CODE> and <CODE>-D</CODE></P>
+<P>Switches: <CODE>-</CODE><CODE>-tables</CODE>, <CODE>-D</CODE> and
+<CODE>-</CODE><CODE>-exclude-sysdbs</CODE></P>

 <P>When the session user has read access to the system table containing
 information about databases' tables, it is possible to enumerate
@ -2063,6 +2065,9 @@ the list of tables for a specific database management system's databases.</P>
 <P>If you do not provide a specific database with switch <CODE>-D</CODE>, sqlmap
 will enumerate the tables for all DBMS databases.</P>

+<P>You can also provide the <CODE>-</CODE><CODE>-exclude-sysdbs</CODE> switch to
+exclude all system databases.</P>
+
 <P>Note that on Oracle you have to provide the <CODE>TABLESPACE_NAME</CODE>
 instead of the database name.</P>

@ -2086,8 +2091,8 @@ name like the one you provided to be enumerated.</P>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
-$ python sqlmap.py -u "http://192.168.136.131/sqlmap/sqlite/get_int.php?id=1" --columns -D testdb \
-  -T users -C name
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/sqlite/get_int.php?id=1" --columns \
+  -D testdb -T users -C name
 [...]
 Database: SQLite_masterdb
 Table: users
@ -2145,6 +2150,11 @@ Table: USERS
 </CODE></BLOCKQUOTE>
 </P>

+<P>This switch can also be used to dump all tables' entries of a provided
+database. You simply have to provide sqlmap with the <CODE>-</CODE><CODE>-dump</CODE>
+switch along with only the <CODE>-D</CODE> switch, no <CODE>-T</CODE> and no
+<CODE>-C</CODE>.</P>
+
 <P>You can also provide a comma-separated list of the specific columns to
 dump with the <CODE>-C</CODE> switch.</P>

@ -2171,8 +2181,8 @@ error-based and UNION query SQL injection techniques the number of requests
 is exactly the same, regardless of the length of the column's entry output
 to dump.</P>

-<P>As you know by down, sqlmap is <B>flexible</B>. You can leave it to
-automatically enumerate the whole database table or you can be very
+<P>As you may have noticed by now, sqlmap is <B>flexible</B>: you can leave
+it to automatically dump the whole database table or you can be very
 precise in which characters to dump, from which columns and which range of
 entries.</P>

--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
@ -2043,6 +2043,11 @@ want to enumerate the privileges.
 If you provide <tt>CU</tt> as username it will consider it as an alias for
 current user and will enumerate the privileges for this user.

+<p>
+On Microsoft SQL Server, this feature will display you whether or not each
+user is a database administrator rather than the list of privileges for
+all users.
+

 <sect2>List database management system users roles

@ -2076,15 +2081,12 @@ When the session user has read access to the system table containing
 information about available databases, it is possible to enumerate the
 list of databases.

-<p>
-Note that this feature is not available if the database management system
-is Oracle.
-

 <sect2>Enumerate database's tables

 <p>
-Switches: <tt>-</tt><tt>-tables</tt> and <tt>-D</tt>
+Switches: <tt>-</tt><tt>-tables</tt>, <tt>-D</tt> and
+<tt>-</tt><tt>-exclude-sysdbs</tt>

 <p>
 When the session user has read access to the system table containing
@ -2095,6 +2097,10 @@ the list of tables for a specific database management system's databases.
 If you do not provide a specific database with switch <tt>-D</tt>, sqlmap
 will enumerate the tables for all DBMS databases.

+<p>
+You can also provide the <tt>-</tt><tt>-exclude-sysdbs</tt> switch to
+exclude all system databases.
+
 <p>
 Note that on Oracle you have to provide the <tt>TABLESPACE_NAME</tt>
 instead of the database name.
@ -2122,8 +2128,8 @@ name like the one you provided to be enumerated.
 Example against a SQLite target:

 <tscreen><verb>
-$ python sqlmap.py -u "http://192.168.136.131/sqlmap/sqlite/get_int.php?id=1" --columns -D testdb \
-  -T users -C name
+$ python sqlmap.py -u "http://192.168.136.131/sqlmap/sqlite/get_int.php?id=1" --columns \
+  -D testdb -T users -C name
 [...]
 Database: SQLite_masterdb
 Table: users
@ -2181,6 +2187,12 @@ Table: USERS
 +----+--------+------------+
 </verb></tscreen>

+<p>
+This switch can also be used to dump all tables' entries of a provided
+database. You simply have to provide sqlmap with the <tt>-</tt><tt>-dump</tt>
+switch along with only the <tt>-D</tt> switch, no <tt>-T</tt> and no
+<tt>-C</tt>.
+
 <p>
 You can also provide a comma-separated list of the specific columns to
 dump with the <tt>-C</tt> switch.
@ -2212,8 +2224,8 @@ is exactly the same, regardless of the length of the column's entry output
 to dump.

 <p>
-As you know by down, sqlmap is <bf>flexible</bf>. You can leave it to
-automatically enumerate the whole database table or you can be very
+As you may have noticed by now, sqlmap is <bf>flexible</bf>: you can leave
+it to automatically dump the whole database table or you can be very
 precise in which characters to dump, from which columns and which range of
 entries.