Updated user's manual, added details about URI injection

This commit is contained in:
Bernardo Damele 2011-05-03 14:47:01 +00:00
parent dac59a55bc
commit 2976ed7e90
3 changed files with 103 additions and 4 deletions

View File

@ -9,7 +9,7 @@
<H2>by <H2>by
<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>, <A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>,
<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 0.9, April 10, 2011 <A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 1.0-dev, XXX XX, 2011
<HR> <HR>
<EM>This document is the user's manual to use <EM>This document is the user's manual to use
<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM> <A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
@ -858,7 +858,7 @@ $ svn update
<PRE> <PRE>
$ python sqlmap.py -h $ python sqlmap.py -h
sqlmap/0.9 - automatic SQL injection and database takeover tool sqlmap/1.0 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net http://sqlmap.sourceforge.net
Usage: python sqlmap.py [options] Usage: python sqlmap.py [options]
@ -961,6 +961,8 @@ Options:
--dbs Enumerate DBMS databases --dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables --tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns --columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--count Retrieve number of entries for table(s)
--dump Dump DBMS database table entries --dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries --dump-all Dump all DBMS databases tables entries
--search Search column(s), table(s) and/or database name(s) --search Search column(s), table(s) and/or database name(s)
@ -1039,6 +1041,7 @@ Options:
--cleanup Clean up the DBMS by sqlmap specific UDF and tables --cleanup Clean up the DBMS by sqlmap specific UDF and tables
--forms Parse and test forms on target url --forms Parse and test forms on target url
--gpage=GOOGLEPAGE Use Google dork results from specified page number --gpage=GOOGLEPAGE Use Google dork results from specified page number
--mobile Imitate smartphone through HTTP User-Agent header
--page-rank Display page rank (PR) for Google dork results --page-rank Display page rank (PR) for Google dork results
--parse-errors Parse DBMS error messages from response pages --parse-errors Parse DBMS error messages from response pages
--replicate Replicate dumped data into a sqlite3 database --replicate Replicate dumped data into a sqlite3 database
@ -1537,6 +1540,28 @@ on the value of <CODE>-</CODE><CODE>-level</CODE> too.</P>
<CODE>User-Agent</CODE> only, provide <CODE>-p id,user-agent</CODE>.</P> <CODE>User-Agent</CODE> only, provide <CODE>-p id,user-agent</CODE>.</P>
<H3>URI injection point</H3>
<P>There are special cases when injection point is within the URI itself.
sqlmap does not perform any automatic test against URI paths, unless
manually pointed to.
You have to specify these injection points in the command line by
appending an asterisk (<CODE>*</CODE>) after each URI point that you want
sqlmap to test for and exploit a SQL injection.</P>
<P>This is particularly useful when, for instance, Apache web server's
<A HREF="http://httpd.apache.org/docs/current/mod/mod_rewrite.html">mod_rewrite</A> module is in use or other similar technologies.</P>
<P>An example of valid command line would be:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
</PRE>
</CODE></BLOCKQUOTE>
</P>
<H3>Force the database management system name</H3> <H3>Force the database management system name</H3>
<P>Switch: <CODE>-</CODE><CODE>-dbms</CODE></P> <P>Switch: <CODE>-</CODE><CODE>-dbms</CODE></P>
@ -2147,6 +2172,20 @@ application's user is connected to, which is always aliased by
<CODE>public</CODE>.</P> <CODE>public</CODE>.</P>
<H3>Enumerate database management system schema</H3>
<P>Switches: <CODE>-</CODE><CODE>-schema</CODE></P>
<P>TODO</P>
<H3>Retrieve number of entries for table(s)</H3>
<P>Switches: <CODE>-</CODE><CODE>-count</CODE></P>
<P>TODO</P>
<H3>Dump database table entries</H3> <H3>Dump database table entries</H3>
<P>Switches: <CODE>-</CODE><CODE>-dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>, <P>Switches: <CODE>-</CODE><CODE>-dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
@ -3081,6 +3120,13 @@ this switch, <CODE>-</CODE><CODE>-gpage</CODE>, some page other than the first o
to retrieve target URLs from.</P> to retrieve target URLs from.</P>
<H3>Imitate smartphone</H3>
<P>Switch: <CODE>-</CODE><CODE>-mobile</CODE></P>
<P>TODO</P>
<H3>Display page rank (PR) for Google dork results</H3> <H3>Display page rank (PR) for Google dork results</H3>
<P>Switch: <CODE>-</CODE><CODE>-page-rank</CODE></P> <P>Switch: <CODE>-</CODE><CODE>-page-rank</CODE></P>

Binary file not shown.

View File

@ -4,7 +4,7 @@
<title>sqlmap user's manual <title>sqlmap user's manual
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar"> <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
<date>version 0.9, April 10, 2011 <date>version 1.0-dev, XXX XX, 2011
<abstract> <abstract>
This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">. This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
</abstract> </abstract>
@ -772,7 +772,7 @@ This is strongly recommended <bf>before</bf> reporting any bug to the
<tscreen><verb> <tscreen><verb>
$ python sqlmap.py -h $ python sqlmap.py -h
sqlmap/0.9 - automatic SQL injection and database takeover tool sqlmap/1.0 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net http://sqlmap.sourceforge.net
Usage: python sqlmap.py [options] Usage: python sqlmap.py [options]
@ -875,6 +875,8 @@ Options:
--dbs Enumerate DBMS databases --dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables --tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns --columns Enumerate DBMS database table columns
--schema Enumerate DBMS schema
--count Retrieve number of entries for table(s)
--dump Dump DBMS database table entries --dump Dump DBMS database table entries
--dump-all Dump all DBMS databases tables entries --dump-all Dump all DBMS databases tables entries
--search Search column(s), table(s) and/or database name(s) --search Search column(s), table(s) and/or database name(s)
@ -953,6 +955,7 @@ Options:
--cleanup Clean up the DBMS by sqlmap specific UDF and tables --cleanup Clean up the DBMS by sqlmap specific UDF and tables
--forms Parse and test forms on target url --forms Parse and test forms on target url
--gpage=GOOGLEPAGE Use Google dork results from specified page number --gpage=GOOGLEPAGE Use Google dork results from specified page number
--mobile Imitate smartphone through HTTP User-Agent header
--page-rank Display page rank (PR) for Google dork results --page-rank Display page rank (PR) for Google dork results
--parse-errors Parse DBMS error messages from response pages --parse-errors Parse DBMS error messages from response pages
--replicate Replicate dumped data into a sqlite3 database --replicate Replicate dumped data into a sqlite3 database
@ -1512,6 +1515,29 @@ For instance, to test for GET parameter <tt>id</tt> and for HTTP
<tt>User-Agent</tt> only, provide <tt>-p id,user-agent</tt>. <tt>User-Agent</tt> only, provide <tt>-p id,user-agent</tt>.
<sect2>URI injection point
<p>
There are special cases when injection point is within the URI itself.
sqlmap does not perform any automatic test against URI paths, unless
manually pointed to.
You have to specify these injection points in the command line by
appending an asterisk (<tt>*</tt>) after each URI point that you want
sqlmap to test for and exploit a SQL injection.
<p>
This is particularly useful when, for instance, Apache web server's
<htmlurl url="http://httpd.apache.org/docs/current/mod/mod_rewrite.html"
name="mod_rewrite"> module is in use or other similar technologies.
<p>
An example of valid command line would be:
<tscreen><verb>
$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
</verb></tscreen>
<sect2>Force the database management system name <sect2>Force the database management system name
<p> <p>
@ -2189,6 +2215,24 @@ application's user is connected to, which is always aliased by
<tt>public</tt>. <tt>public</tt>.
<sect2>Enumerate database management system schema
<p>
Switches: <tt>-</tt><tt>-schema</tt>
<p>
TODO
<sect2>Retrieve number of entries for table(s)
<p>
Switches: <tt>-</tt><tt>-count</tt>
<p>
TODO
<sect2>Dump database table entries <sect2>Dump database table entries
<p> <p>
@ -3201,6 +3245,15 @@ this switch, <tt>-</tt><tt>-gpage</tt>, some page other than the first one
to retrieve target URLs from. to retrieve target URLs from.
<sect2>Imitate smartphone
<p>
Switch: <tt>-</tt><tt>-mobile</tt>
<p>
TODO
<sect2>Display page rank (PR) for Google dork results <sect2>Display page rank (PR) for Google dork results
<p> <p>