mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Updated user's manual, added details about URI injection
This commit is contained in:
parent
dac59a55bc
commit
2976ed7e90
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
<H2>by
|
<H2>by
|
||||||
<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>,
|
<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A>,
|
||||||
<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 0.9, April 10, 2011
|
<A HREF="mailto:miroslav.stampar@gmail.com">Miroslav Stampar</A></H2>version 1.0-dev, XXX XX, 2011
|
||||||
<HR>
|
<HR>
|
||||||
<EM>This document is the user's manual to use
|
<EM>This document is the user's manual to use
|
||||||
<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
|
<A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.</EM>
|
||||||
|
@ -858,7 +858,7 @@ $ svn update
|
||||||
<PRE>
|
<PRE>
|
||||||
$ python sqlmap.py -h
|
$ python sqlmap.py -h
|
||||||
|
|
||||||
sqlmap/0.9 - automatic SQL injection and database takeover tool
|
sqlmap/1.0 - automatic SQL injection and database takeover tool
|
||||||
http://sqlmap.sourceforge.net
|
http://sqlmap.sourceforge.net
|
||||||
|
|
||||||
Usage: python sqlmap.py [options]
|
Usage: python sqlmap.py [options]
|
||||||
|
@ -961,6 +961,8 @@ Options:
|
||||||
--dbs Enumerate DBMS databases
|
--dbs Enumerate DBMS databases
|
||||||
--tables Enumerate DBMS database tables
|
--tables Enumerate DBMS database tables
|
||||||
--columns Enumerate DBMS database table columns
|
--columns Enumerate DBMS database table columns
|
||||||
|
--schema Enumerate DBMS schema
|
||||||
|
--count Retrieve number of entries for table(s)
|
||||||
--dump Dump DBMS database table entries
|
--dump Dump DBMS database table entries
|
||||||
--dump-all Dump all DBMS databases tables entries
|
--dump-all Dump all DBMS databases tables entries
|
||||||
--search Search column(s), table(s) and/or database name(s)
|
--search Search column(s), table(s) and/or database name(s)
|
||||||
|
@ -1039,6 +1041,7 @@ Options:
|
||||||
--cleanup Clean up the DBMS by sqlmap specific UDF and tables
|
--cleanup Clean up the DBMS by sqlmap specific UDF and tables
|
||||||
--forms Parse and test forms on target url
|
--forms Parse and test forms on target url
|
||||||
--gpage=GOOGLEPAGE Use Google dork results from specified page number
|
--gpage=GOOGLEPAGE Use Google dork results from specified page number
|
||||||
|
--mobile Imitate smartphone through HTTP User-Agent header
|
||||||
--page-rank Display page rank (PR) for Google dork results
|
--page-rank Display page rank (PR) for Google dork results
|
||||||
--parse-errors Parse DBMS error messages from response pages
|
--parse-errors Parse DBMS error messages from response pages
|
||||||
--replicate Replicate dumped data into a sqlite3 database
|
--replicate Replicate dumped data into a sqlite3 database
|
||||||
|
@ -1537,6 +1540,28 @@ on the value of <CODE>-</CODE><CODE>-level</CODE> too.</P>
|
||||||
<CODE>User-Agent</CODE> only, provide <CODE>-p id,user-agent</CODE>.</P>
|
<CODE>User-Agent</CODE> only, provide <CODE>-p id,user-agent</CODE>.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H3>URI injection point</H3>
|
||||||
|
|
||||||
|
<P>There are special cases when injection point is within the URI itself.
|
||||||
|
sqlmap does not perform any automatic test against URI paths, unless
|
||||||
|
manually pointed to.
|
||||||
|
You have to specify these injection points in the command line by
|
||||||
|
appending an asterisk (<CODE>*</CODE>) after each URI point that you want
|
||||||
|
sqlmap to test for and exploit a SQL injection.</P>
|
||||||
|
|
||||||
|
<P>This is particularly useful when, for instance, Apache web server's
|
||||||
|
<A HREF="http://httpd.apache.org/docs/current/mod/mod_rewrite.html">mod_rewrite</A> module is in use or other similar technologies.</P>
|
||||||
|
|
||||||
|
<P>An example of valid command line would be:</P>
|
||||||
|
<P>
|
||||||
|
<BLOCKQUOTE><CODE>
|
||||||
|
<PRE>
|
||||||
|
$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
|
||||||
|
</PRE>
|
||||||
|
</CODE></BLOCKQUOTE>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
<H3>Force the database management system name</H3>
|
<H3>Force the database management system name</H3>
|
||||||
|
|
||||||
<P>Switch: <CODE>-</CODE><CODE>-dbms</CODE></P>
|
<P>Switch: <CODE>-</CODE><CODE>-dbms</CODE></P>
|
||||||
|
@ -2147,6 +2172,20 @@ application's user is connected to, which is always aliased by
|
||||||
<CODE>public</CODE>.</P>
|
<CODE>public</CODE>.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H3>Enumerate database management system schema</H3>
|
||||||
|
|
||||||
|
<P>Switches: <CODE>-</CODE><CODE>-schema</CODE></P>
|
||||||
|
|
||||||
|
<P>TODO</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H3>Retrieve number of entries for table(s)</H3>
|
||||||
|
|
||||||
|
<P>Switches: <CODE>-</CODE><CODE>-count</CODE></P>
|
||||||
|
|
||||||
|
<P>TODO</P>
|
||||||
|
|
||||||
|
|
||||||
<H3>Dump database table entries</H3>
|
<H3>Dump database table entries</H3>
|
||||||
|
|
||||||
<P>Switches: <CODE>-</CODE><CODE>-dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
|
<P>Switches: <CODE>-</CODE><CODE>-dump</CODE>, <CODE>-C</CODE>, <CODE>-T</CODE>, <CODE>-D</CODE>,
|
||||||
|
@ -3081,6 +3120,13 @@ this switch, <CODE>-</CODE><CODE>-gpage</CODE>, some page other than the first o
|
||||||
to retrieve target URLs from.</P>
|
to retrieve target URLs from.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H3>Imitate smartphone</H3>
|
||||||
|
|
||||||
|
<P>Switch: <CODE>-</CODE><CODE>-mobile</CODE></P>
|
||||||
|
|
||||||
|
<P>TODO</P>
|
||||||
|
|
||||||
|
|
||||||
<H3>Display page rank (PR) for Google dork results</H3>
|
<H3>Display page rank (PR) for Google dork results</H3>
|
||||||
|
|
||||||
<P>Switch: <CODE>-</CODE><CODE>-page-rank</CODE></P>
|
<P>Switch: <CODE>-</CODE><CODE>-page-rank</CODE></P>
|
||||||
|
|
BIN
doc/README.pdf
BIN
doc/README.pdf
Binary file not shown.
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
<title>sqlmap user's manual
|
<title>sqlmap user's manual
|
||||||
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
|
<author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">, <htmlurl url="mailto:miroslav.stampar@gmail.com" name="Miroslav Stampar">
|
||||||
<date>version 0.9, April 10, 2011
|
<date>version 1.0-dev, XXX XX, 2011
|
||||||
<abstract>
|
<abstract>
|
||||||
This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
|
This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
|
||||||
</abstract>
|
</abstract>
|
||||||
|
@ -772,7 +772,7 @@ This is strongly recommended <bf>before</bf> reporting any bug to the
|
||||||
<tscreen><verb>
|
<tscreen><verb>
|
||||||
$ python sqlmap.py -h
|
$ python sqlmap.py -h
|
||||||
|
|
||||||
sqlmap/0.9 - automatic SQL injection and database takeover tool
|
sqlmap/1.0 - automatic SQL injection and database takeover tool
|
||||||
http://sqlmap.sourceforge.net
|
http://sqlmap.sourceforge.net
|
||||||
|
|
||||||
Usage: python sqlmap.py [options]
|
Usage: python sqlmap.py [options]
|
||||||
|
@ -875,6 +875,8 @@ Options:
|
||||||
--dbs Enumerate DBMS databases
|
--dbs Enumerate DBMS databases
|
||||||
--tables Enumerate DBMS database tables
|
--tables Enumerate DBMS database tables
|
||||||
--columns Enumerate DBMS database table columns
|
--columns Enumerate DBMS database table columns
|
||||||
|
--schema Enumerate DBMS schema
|
||||||
|
--count Retrieve number of entries for table(s)
|
||||||
--dump Dump DBMS database table entries
|
--dump Dump DBMS database table entries
|
||||||
--dump-all Dump all DBMS databases tables entries
|
--dump-all Dump all DBMS databases tables entries
|
||||||
--search Search column(s), table(s) and/or database name(s)
|
--search Search column(s), table(s) and/or database name(s)
|
||||||
|
@ -953,6 +955,7 @@ Options:
|
||||||
--cleanup Clean up the DBMS by sqlmap specific UDF and tables
|
--cleanup Clean up the DBMS by sqlmap specific UDF and tables
|
||||||
--forms Parse and test forms on target url
|
--forms Parse and test forms on target url
|
||||||
--gpage=GOOGLEPAGE Use Google dork results from specified page number
|
--gpage=GOOGLEPAGE Use Google dork results from specified page number
|
||||||
|
--mobile Imitate smartphone through HTTP User-Agent header
|
||||||
--page-rank Display page rank (PR) for Google dork results
|
--page-rank Display page rank (PR) for Google dork results
|
||||||
--parse-errors Parse DBMS error messages from response pages
|
--parse-errors Parse DBMS error messages from response pages
|
||||||
--replicate Replicate dumped data into a sqlite3 database
|
--replicate Replicate dumped data into a sqlite3 database
|
||||||
|
@ -1512,6 +1515,29 @@ For instance, to test for GET parameter <tt>id</tt> and for HTTP
|
||||||
<tt>User-Agent</tt> only, provide <tt>-p id,user-agent</tt>.
|
<tt>User-Agent</tt> only, provide <tt>-p id,user-agent</tt>.
|
||||||
|
|
||||||
|
|
||||||
|
<sect2>URI injection point
|
||||||
|
|
||||||
|
<p>
|
||||||
|
There are special cases when injection point is within the URI itself.
|
||||||
|
sqlmap does not perform any automatic test against URI paths, unless
|
||||||
|
manually pointed to.
|
||||||
|
You have to specify these injection points in the command line by
|
||||||
|
appending an asterisk (<tt>*</tt>) after each URI point that you want
|
||||||
|
sqlmap to test for and exploit a SQL injection.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This is particularly useful when, for instance, Apache web server's
|
||||||
|
<htmlurl url="http://httpd.apache.org/docs/current/mod/mod_rewrite.html"
|
||||||
|
name="mod_rewrite"> module is in use or other similar technologies.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
An example of valid command line would be:
|
||||||
|
|
||||||
|
<tscreen><verb>
|
||||||
|
$ python sqlmap.py -u "http://targeturl/param1/value1*/param2/value2/"
|
||||||
|
</verb></tscreen>
|
||||||
|
|
||||||
|
|
||||||
<sect2>Force the database management system name
|
<sect2>Force the database management system name
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -2189,6 +2215,24 @@ application's user is connected to, which is always aliased by
|
||||||
<tt>public</tt>.
|
<tt>public</tt>.
|
||||||
|
|
||||||
|
|
||||||
|
<sect2>Enumerate database management system schema
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Switches: <tt>-</tt><tt>-schema</tt>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
TODO
|
||||||
|
|
||||||
|
|
||||||
|
<sect2>Retrieve number of entries for table(s)
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Switches: <tt>-</tt><tt>-count</tt>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
TODO
|
||||||
|
|
||||||
|
|
||||||
<sect2>Dump database table entries
|
<sect2>Dump database table entries
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
@ -3201,6 +3245,15 @@ this switch, <tt>-</tt><tt>-gpage</tt>, some page other than the first one
|
||||||
to retrieve target URLs from.
|
to retrieve target URLs from.
|
||||||
|
|
||||||
|
|
||||||
|
<sect2>Imitate smartphone
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Switch: <tt>-</tt><tt>-mobile</tt>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
TODO
|
||||||
|
|
||||||
|
|
||||||
<sect2>Display page rank (PR) for Google dork results
|
<sect2>Display page rank (PR) for Google dork results
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user