Updated user's manual, added details about URI injection

2024-11-22 01:26:42 +03:00 · 2011-05-03 14:47:01 +00:00 · 2011-05-03 14:47:01 +00:00 · 2976ed7e90
commit 2976ed7e90
parent dac59a55bc
3 changed files with 103 additions and 4 deletions
--- a/doc/README.html
+++ b/doc/README.html
@ -9,7 +9,7 @@

 <H2>by 
 <A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>, 
-<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 0.9, April 10, 2011
+<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 1.0-dev, XXX XX, 2011
 <HR>
 <EM>This document is the user's manual to use 
 <A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
@ -858,7 +858,7 @@ $ svn update
 <PRE>
 $ python sqlmap.py -h

-    sqlmap/0.9 - automatic SQL injection and database takeover tool
+    sqlmap/1.0 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

 Usage: python sqlmap.py [options]
@ -961,6 +961,8 @@ Options:
    --dbs               Enumerate DBMS databases
    --tables            Enumerate DBMS database tables
    --columns           Enumerate DBMS database table columns
+    --schema            Enumerate DBMS schema
+    --count             Retrieve number of entries for table(s)
    --dump              Dump DBMS database table entries
    --dump-all          Dump all DBMS databases tables entries
    --search            Search column(s), table(s) and/or database name(s)
@ -1039,6 +1041,7 @@ Options:
    --cleanup           Clean up the DBMS by sqlmap specific UDF and tables
    --forms             Parse and test forms on target url
    --gpage=GOOGLEPAGE  Use Google dork results from specified page number
+    --mobile            Imitate smartphone through HTTP User-Agent header
    --page-rank         Display page rank (PR) for Google dork results
    --parse-errors      Parse DBMS error messages from response pages
    --replicate         Replicate dumped data into a sqlite3 database
@ -1537,6 +1540,28 @@ on the value of <CODE>-</CODE><CODE>-level</CODE> too.</P>
 <CODE>User-Agent</CODE> only, provide <CODE>-p id,user-agent</CODE>.</P>


+<H3>URI injection point</H3>
+
+<P>There are special cases when injection point is within the URI itself.
+sqlmap does not perform any automatic test against URI paths, unless
+manually pointed to.
+You have to specify these injection points in the command line by
+appending an asterisk (<CODE>*</CODE>) after each URI point that you want
+sqlmap to test for and exploit a SQL injection.</P>
+
+<P>This is particularly useful when, for instance, Apache web server's
+<A HREF="http://httpd.apache.org/docs/current/mod/mod_rewrite.html">mod_rewrite</A> module is in use or other similar technologies.</P>
+
+<P>An example of valid command line would be:</P>
+<P>
+<BLOCKQUOTE><CODE>
+<PRE>
+$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
+</PRE>
+</CODE></BLOCKQUOTE>
+</P>
+
+
 <H3>Force the database management system name</H3>

 <P>Switch: <CODE>-</CODE><CODE>-dbms</CODE></P>
@ -2147,6 +2172,20 @@ application's user is connected to, which is always aliased by
 <CODE>public</CODE>.</P>


+<H3>Enumerate database management system schema</H3>
+
+<P>Switches: <CODE>-</CODE><CODE>-schema</CODE></P>
+
+<P>TODO</P>
+
+
+<H3>Retrieve number of entries for table(s)</H3>
+
+<P>Switches: <CODE>-</CODE><CODE>-count</CODE></P>
+
+<P>TODO</P>
+
+
 <H3>Dump database table entries</H3>

 <P>Switches: <CODE>-</CODE><CODE>-dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
@ -3081,6 +3120,13 @@ this switch, <CODE>-</CODE><CODE>-gpage</CODE>, some page other than the first o
 to retrieve target URLs from.</P>


+<H3>Imitate smartphone</H3>
+
+<P>Switch: <CODE>-</CODE><CODE>-mobile</CODE></P>
+
+<P>TODO</P>
+
+
 <H3>Display page rank (PR) for Google dork results</H3>

 <P>Switch: <CODE>-</CODE><CODE>-page-rank</CODE></P>
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
@ -4,7 +4,7 @@

 <title>sqlmap user's manual
 <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
-<date>version 0.9, April 10, 2011
+<date>version 1.0-dev, XXX XX, 2011
 <abstract>
 This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
 </abstract>
@ -772,7 +772,7 @@ This is strongly recommended <bf>before</bf> reporting any bug to the
 <tscreen><verb>
 $ python sqlmap.py -h

-    sqlmap/0.9 - automatic SQL injection and database takeover tool
+    sqlmap/1.0 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

 Usage: python sqlmap.py [options]
@ -875,6 +875,8 @@ Options:
    --dbs               Enumerate DBMS databases
    --tables            Enumerate DBMS database tables
    --columns           Enumerate DBMS database table columns
+    --schema            Enumerate DBMS schema
+    --count             Retrieve number of entries for table(s)
    --dump              Dump DBMS database table entries
    --dump-all          Dump all DBMS databases tables entries
    --search            Search column(s), table(s) and/or database name(s)
@ -953,6 +955,7 @@ Options:
    --cleanup           Clean up the DBMS by sqlmap specific UDF and tables
    --forms             Parse and test forms on target url
    --gpage=GOOGLEPAGE  Use Google dork results from specified page number
+    --mobile            Imitate smartphone through HTTP User-Agent header
    --page-rank         Display page rank (PR) for Google dork results
    --parse-errors      Parse DBMS error messages from response pages
    --replicate         Replicate dumped data into a sqlite3 database
@ -1512,6 +1515,29 @@ For instance, to test for GET parameter <tt>id</tt> and for HTTP
 <tt>User-Agent</tt> only, provide <tt>-p id,user-agent</tt>.


+<sect2>URI injection point
+
+<p>
+There are special cases when injection point is within the URI itself.
+sqlmap does not perform any automatic test against URI paths, unless
+manually pointed to.
+You have to specify these injection points in the command line by
+appending an asterisk (<tt>*</tt>) after each URI point that you want
+sqlmap to test for and exploit a SQL injection.
+
+<p>
+This is particularly useful when, for instance, Apache web server's
+<htmlurl url="http://httpd.apache.org/docs/current/mod/mod_rewrite.html"
+name="mod_rewrite"> module is in use or other similar technologies.
+
+<p>
+An example of valid command line would be:
+
+<tscreen><verb>
+$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
+</verb></tscreen>
+
+
 <sect2>Force the database management system name

 <p>
@ -2189,6 +2215,24 @@ application's user is connected to, which is always aliased by
 <tt>public</tt>.


+<sect2>Enumerate database management system schema
+
+<p>
+Switches: <tt>-</tt><tt>-schema</tt>
+
+<p>
+TODO
+
+
+<sect2>Retrieve number of entries for table(s)
+
+<p>
+Switches: <tt>-</tt><tt>-count</tt>
+
+<p>
+TODO
+
+
 <sect2>Dump database table entries

 <p>
@ -3201,6 +3245,15 @@ this switch, <tt>-</tt><tt>-gpage</tt>, some page other than the first one
 to retrieve target URLs from.


+<sect2>Imitate smartphone
+
+<p>
+Switch: <tt>-</tt><tt>-mobile</tt>
+
+<p>
+TODO
+
+
 <sect2>Display page rank (PR) for Google dork results

 <p>