mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
minor update of FAQ files
This commit is contained in:
parent
17d9cc0c7a
commit
32ca99da53
96
doc/FAQ.html
96
doc/FAQ.html
|
@ -21,22 +21,20 @@
|
||||||
<LI><A NAME="toc1.1">1.1</A> <A HREF="FAQ.html#ss1.1">What is sqlmap?</A>
|
<LI><A NAME="toc1.1">1.1</A> <A HREF="FAQ.html#ss1.1">What is sqlmap?</A>
|
||||||
<LI><A NAME="toc1.2">1.2</A> <A HREF="FAQ.html#ss1.2">How do I execute sqlmap?</A>
|
<LI><A NAME="toc1.2">1.2</A> <A HREF="FAQ.html#ss1.2">How do I execute sqlmap?</A>
|
||||||
<LI><A NAME="toc1.3">1.3</A> <A HREF="FAQ.html#ss1.3">Can I integrate sqlmap with a security tool I am developing?</A>
|
<LI><A NAME="toc1.3">1.3</A> <A HREF="FAQ.html#ss1.3">Can I integrate sqlmap with a security tool I am developing?</A>
|
||||||
<LI><A NAME="toc1.4">1.4</A> <A HREF="FAQ.html#ss1.4">How can I integrate sqlmap with my own tool?</A>
|
<LI><A NAME="toc1.4">1.4</A> <A HREF="FAQ.html#ss1.4">Will you support other database management systems?</A>
|
||||||
<LI><A NAME="toc1.5">1.5</A> <A HREF="FAQ.html#ss1.5">Will you support other database management systems?</A>
|
<LI><A NAME="toc1.5">1.5</A> <A HREF="FAQ.html#ss1.5">How can I occasionally contribute?</A>
|
||||||
<LI><A NAME="toc1.6">1.6</A> <A HREF="FAQ.html#ss1.6">How can I occasionally contribute?</A>
|
<LI><A NAME="toc1.6">1.6</A> <A HREF="FAQ.html#ss1.6">Can I actively contribute in the long-term development?</A>
|
||||||
<LI><A NAME="toc1.7">1.7</A> <A HREF="FAQ.html#ss1.7">Can I actively contribute in the long-term development?</A>
|
<LI><A NAME="toc1.7">1.7</A> <A HREF="FAQ.html#ss1.7">How can I support the development?</A>
|
||||||
<LI><A NAME="toc1.8">1.8</A> <A HREF="FAQ.html#ss1.8">How can I support the development?</A>
|
<LI><A NAME="toc1.8">1.8</A> <A HREF="FAQ.html#ss1.8">Can you hack a site for me?</A>
|
||||||
<LI><A NAME="toc1.9">1.9</A> <A HREF="FAQ.html#ss1.9">Can you hack a site for me?</A>
|
<LI><A NAME="toc1.9">1.9</A> <A HREF="FAQ.html#ss1.9">When sqlmap will switch to the Python 3?</A>
|
||||||
<LI><A NAME="toc1.10">1.10</A> <A HREF="FAQ.html#ss1.10">When sqlmap will switch to the Python 3?</A>
|
<LI><A NAME="toc1.10">1.10</A> <A HREF="FAQ.html#ss1.10">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
|
||||||
<LI><A NAME="toc1.11">1.11</A> <A HREF="FAQ.html#ss1.11">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
|
<LI><A NAME="toc1.11">1.11</A> <A HREF="FAQ.html#ss1.11">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
|
||||||
<LI><A NAME="toc1.12">1.12</A> <A HREF="FAQ.html#ss1.12">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
|
<LI><A NAME="toc1.12">1.12</A> <A HREF="FAQ.html#ss1.12">Why is sqlmap not able to get password hashes in some cases?</A>
|
||||||
<LI><A NAME="toc1.13">1.13</A> <A HREF="FAQ.html#ss1.13">Why is sqlmap not able to get password hashes in some cases?</A>
|
<LI><A NAME="toc1.13">1.13</A> <A HREF="FAQ.html#ss1.13">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
|
||||||
<LI><A NAME="toc1.14">1.14</A> <A HREF="FAQ.html#ss1.14">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
|
<LI><A NAME="toc1.14">1.14</A> <A HREF="FAQ.html#ss1.14">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
|
||||||
<LI><A NAME="toc1.15">1.15</A> <A HREF="FAQ.html#ss1.15">sqlmap is retrieving weird characters for even simplest data (e.g. <CODE>--banner</CODE>)?</A>
|
<LI><A NAME="toc1.15">1.15</A> <A HREF="FAQ.html#ss1.15">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
|
||||||
<LI><A NAME="toc1.16">1.16</A> <A HREF="FAQ.html#ss1.16">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
|
<LI><A NAME="toc1.16">1.16</A> <A HREF="FAQ.html#ss1.16">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
|
||||||
<LI><A NAME="toc1.17">1.17</A> <A HREF="FAQ.html#ss1.17">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
|
<LI><A NAME="toc1.17">1.17</A> <A HREF="FAQ.html#ss1.17">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
|
||||||
<LI><A NAME="toc1.18">1.18</A> <A HREF="FAQ.html#ss1.18">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
|
|
||||||
<LI><A NAME="toc1.19">1.19</A> <A HREF="FAQ.html#ss1.19">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
|
|
||||||
</UL>
|
</UL>
|
||||||
|
|
||||||
<HR>
|
<HR>
|
||||||
|
@ -82,21 +80,15 @@ C:\Python26\python.exe sqlmap.py -h
|
||||||
|
|
||||||
<P>Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
<P>Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
||||||
derivative work must be distributed without further restrictions on the
|
derivative work must be distributed without further restrictions on the
|
||||||
rights granted by the GPL itself. If this constitutes a problem, feel free
|
rights granted by the GPL itself.</P>
|
||||||
to contact us so we can find a solution.</P>
|
|
||||||
|
|
||||||
<H2><A NAME="ss1.4">1.4</A> <A HREF="#toc1.4">How can I integrate sqlmap with my own tool?</A>
|
<H2><A NAME="ss1.4">1.4</A> <A HREF="#toc1.4">Will you support other database management systems?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>TODO</P>
|
<P>Yes. There are plans to support also Informix and Ingres at some
|
||||||
|
point of time.</P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">Will you support other database management systems?</A>
|
<H2><A NAME="ss1.5">1.5</A> <A HREF="#toc1.5">How can I occasionally contribute?</A>
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>Yes. There are plans to support also IBM DB2, Informix and Ingres at some
|
|
||||||
point.</P>
|
|
||||||
|
|
||||||
<H2><A NAME="ss1.6">1.6</A> <A HREF="#toc1.6">How can I occasionally contribute?</A>
|
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>All help is greatly appreciated. First of all download the tool, make sure
|
<P>All help is greatly appreciated. First of all download the tool, make sure
|
||||||
|
@ -108,7 +100,7 @@ If you find bugs or have ideas for possible improvements, feel free to
|
||||||
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS">contributed</A> in different ways to the sqlmap development.
|
<A HREF="https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/THANKS">contributed</A> in different ways to the sqlmap development.
|
||||||
<B>You</B> can be the next!</P>
|
<B>You</B> can be the next!</P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.7">1.7</A> <A HREF="#toc1.7">Can I actively contribute in the long-term development?</A>
|
<H2><A NAME="ss1.6">1.6</A> <A HREF="#toc1.6">Can I actively contribute in the long-term development?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Yes, we are looking for people who can write some clean Python code, are
|
<P>Yes, we are looking for people who can write some clean Python code, are
|
||||||
|
@ -118,27 +110,27 @@ the development team.
|
||||||
If this sounds interesting to you,
|
If this sounds interesting to you,
|
||||||
<A HREF="http://www.sqlmap.org/#developers">get in touch</A>!</P>
|
<A HREF="http://www.sqlmap.org/#developers">get in touch</A>!</P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.8">1.8</A> <A HREF="#toc1.8">How can I support the development?</A>
|
<H2><A NAME="ss1.7">1.7</A> <A HREF="#toc1.7">How can I support the development?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>If you think that sqlmap is a great tool, it really played well during
|
<P>If you think that sqlmap is a great tool, it really played well during
|
||||||
your penetration tests, or you simply like it, you, or your boss, can
|
your penetration tests, or you simply like it, you, or your boss, can
|
||||||
<A HREF="http://www.sqlmap.org/#donate">donate some money</A> to the developers via PayPal.</P>
|
<A HREF="http://www.sqlmap.org/#donate">donate some money</A> to the developers via PayPal.</P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.9">1.9</A> <A HREF="#toc1.9">Can you hack a site for me?</A>
|
<H2><A NAME="ss1.8">1.8</A> <A HREF="#toc1.8">Can you hack a site for me?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P><B>No</B>.</P>
|
<P><B>No</B>.</P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.10">1.10</A> <A HREF="#toc1.10">When sqlmap will switch to the Python 3?</A>
|
<H2><A NAME="ss1.9">1.9</A> <A HREF="#toc1.9">When sqlmap will switch to the Python 3?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Currently there is no huge pressure on Python projects to switch to the new
|
<P>Currently there is no pressure on Python projects to switch to the new
|
||||||
version of Python interpreter, as the process of switching, especially on
|
version of Python interpreter, as the process of switching, especially on
|
||||||
larger projects can be cumbersome (due to the few backward incompatibilities).
|
larger projects can be cumbersome (due to the few backward incompatibilities).
|
||||||
The switch will take place eventually, but currently it's a very low priority task.</P>
|
The switch will take place eventually, but currently it's a very low priority task.</P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.11">1.11</A> <A HREF="#toc1.11">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
|
<H2><A NAME="ss1.10">1.10</A> <A HREF="#toc1.10">What does <CODE>"WARNING unknown charset '...'"</CODE> mean?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>sqlmap needs to properly decode page content to be able to properly
|
<P>sqlmap needs to properly decode page content to be able to properly
|
||||||
|
@ -156,7 +148,7 @@ so we could handle them manually inside the code.</P>
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1232">#2</A>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1232">#2</A>
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1239">#3</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1239">#3</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.12">1.12</A> <A HREF="#toc1.12">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
|
<H2><A NAME="ss1.11">1.11</A> <A HREF="#toc1.11">How to use sqlmap with <CODE>mod_rewrite</CODE> enabled?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Just put * to the place where sqlmap should check for injections in URI
|
<P>Just put * to the place where sqlmap should check for injections in URI
|
||||||
|
@ -168,7 +160,7 @@ will try to inject the payloads just at that place marked with * character.</P>
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/728">#2</A>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/728">#2</A>
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1258">#3</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1258">#3</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.13">1.13</A> <A HREF="#toc1.13">Why is sqlmap not able to get password hashes in some cases?</A>
|
<H2><A NAME="ss1.12">1.12</A> <A HREF="#toc1.12">Why is sqlmap not able to get password hashes in some cases?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>You most probably don't have enough permissions for querying on a system
|
<P>You most probably don't have enough permissions for querying on a system
|
||||||
|
@ -177,7 +169,7 @@ table containing password hashes.</P>
|
||||||
<P>Question(s):
|
<P>Question(s):
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/714">#1</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/714">#1</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.14">1.14</A> <A HREF="#toc1.14">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
|
<H2><A NAME="ss1.13">1.13</A> <A HREF="#toc1.13">What is <CODE>-</CODE><CODE>-text-only</CODE> switch?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Switch <CODE>-</CODE><CODE>-text-only</CODE> is used for removing non-textual data (tags,
|
<P>Switch <CODE>-</CODE><CODE>-text-only</CODE> is used for removing non-textual data (tags,
|
||||||
|
@ -187,19 +179,7 @@ improve detection capabilities.</P>
|
||||||
<P>Question(s):
|
<P>Question(s):
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/699">#1</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/699">#1</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.15">1.15</A> <A HREF="#toc1.15">sqlmap is retrieving weird characters for even simplest data (e.g. <CODE>--banner</CODE>)?</A>
|
<H2><A NAME="ss1.14">1.14</A> <A HREF="#toc1.14">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P>If everything you retrieve from the target is garbled, then you are
|
|
||||||
most probably dealing with false positive blind injection. Please
|
|
||||||
report the problem to the
|
|
||||||
<A HREF="mailto:dev@sqlmap.org">developers</A>.</P>
|
|
||||||
|
|
||||||
<P>Question(s):
|
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/686">#1</A>
|
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1181">#2</A></P>
|
|
||||||
|
|
||||||
<H2><A NAME="ss1.16">1.16</A> <A HREF="#toc1.16">I am getting <CODE>"CRITICAL connection timed"</CODE> while I am able to browse the site normally?</A>
|
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>There are few IDSes that filter out all sqlmap requests based on default
|
<P>There are few IDSes that filter out all sqlmap requests based on default
|
||||||
|
@ -212,16 +192,17 @@ and/or <CODE>-</CODE><CODE>-ignore-proxy</CODE>)</P>
|
||||||
<P>Question(s):
|
<P>Question(s):
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1241">#1</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1241">#1</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.17">1.17</A> <A HREF="#toc1.17">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
|
<H2><A NAME="ss1.15">1.15</A> <A HREF="#toc1.15">Is it possible to use <CODE>"INSERT/UPDATE"</CODE> SQL commands via <CODE>-</CODE><CODE>-sql-query</CODE></A>
|
||||||
and/or <CODE>-</CODE><CODE>-sql-shell</CODE>?</H2>
|
and/or <CODE>-</CODE><CODE>-sql-shell</CODE>?</H2>
|
||||||
|
|
||||||
<P>It is possible to use those commands, but only if the stacked injection is supported
|
<P>It is possible to use those commands, but only if the stacked injection is supported
|
||||||
by the vulnerable target.</P>
|
by the vulnerable target. In vast majority of cases affected DBMSes by these kind of
|
||||||
|
attacks are Microsoft SQL Server and PostgreSQL.</P>
|
||||||
|
|
||||||
<P>Question(s):
|
<P>Question(s):
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1237">#1</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1237">#1</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.18">1.18</A> <A HREF="#toc1.18">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
|
<H2><A NAME="ss1.16">1.16</A> <A HREF="#toc1.16">I am getting <CODE>"finally: SyntaxError: invalid syntax"</CODE> when trying to run sqlmap?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>You are most probably using outdated version of Python. sqlmap is generally
|
<P>You are most probably using outdated version of Python. sqlmap is generally
|
||||||
|
@ -231,13 +212,14 @@ advised to use versions 2.6 and 2.7.</P>
|
||||||
<P>Question(s):
|
<P>Question(s):
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1231">#1</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/1231">#1</A></P>
|
||||||
|
|
||||||
<H2><A NAME="ss1.19">1.19</A> <A HREF="#toc1.19">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
|
<H2><A NAME="ss1.17">1.17</A> <A HREF="#toc1.17">sqlmap is not able to detect/exploit injection while other commercial tools are?</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Currently there are only two of us working on a pure good will and donating our
|
<P>In most of those kind of cases blatant error message detection is used by commercial
|
||||||
free time to the community. If you are not willing to help us achive better tool
|
tools making some "false positive" claims. You have to be aware that
|
||||||
you are strongly advised to buy those commercial tool(s) and just
|
DBMS error message doesn't mean that the affected web application is vulnerable to
|
||||||
forget about the sqlmap.</P>
|
SQL injection attacks. sqlmap goes several steps further and never claims
|
||||||
|
an injection point without making through tests if it can be exploited at the first place. </P>
|
||||||
|
|
||||||
<P>Question(s):
|
<P>Question(s):
|
||||||
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/970">#1</A></P>
|
<A HREF="http://thread.gmane.org/gmane.comp.security.sqlmap/970">#1</A></P>
|
||||||
|
|
BIN
doc/FAQ.pdf
BIN
doc/FAQ.pdf
Binary file not shown.
38
doc/FAQ.sgml
38
doc/FAQ.sgml
|
@ -50,19 +50,13 @@ url="http://www.python.org" name="Python"> <bf>>= 2.6</bf>.
|
||||||
<p>
|
<p>
|
||||||
Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
Yes. sqlmap is released under the terms of the GPLv2, which means that any
|
||||||
derivative work must be distributed without further restrictions on the
|
derivative work must be distributed without further restrictions on the
|
||||||
rights granted by the GPL itself. If this constitutes a problem, feel free
|
rights granted by the GPL itself.
|
||||||
to contact us so we can find a solution.
|
|
||||||
|
|
||||||
<sect1>How can I integrate sqlmap with my own tool?
|
|
||||||
|
|
||||||
<p>
|
|
||||||
TODO
|
|
||||||
|
|
||||||
<sect1>Will you support other database management systems?
|
<sect1>Will you support other database management systems?
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Yes. There are plans to support also IBM DB2, Informix and Ingres at some
|
Yes. There are plans to support also Informix and Ingres at some
|
||||||
point.
|
point of time.
|
||||||
|
|
||||||
<sect1>How can I occasionally contribute?
|
<sect1>How can I occasionally contribute?
|
||||||
|
|
||||||
|
@ -104,7 +98,7 @@ some money"> to the developers via PayPal.
|
||||||
<sect1>When sqlmap will switch to the Python 3?
|
<sect1>When sqlmap will switch to the Python 3?
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Currently there is no huge pressure on Python projects to switch to the new
|
Currently there is no pressure on Python projects to switch to the new
|
||||||
version of Python interpreter, as the process of switching, especially on
|
version of Python interpreter, as the process of switching, especially on
|
||||||
larger projects can be cumbersome (due to the few backward incompatibilities).
|
larger projects can be cumbersome (due to the few backward incompatibilities).
|
||||||
The switch will take place eventually, but currently it's a very low priority task.
|
The switch will take place eventually, but currently it's a very low priority task.
|
||||||
|
@ -162,18 +156,6 @@ improve detection capabilities.
|
||||||
Question(s):
|
Question(s):
|
||||||
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/699" name="#1">
|
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/699" name="#1">
|
||||||
|
|
||||||
<sect1>sqlmap is retrieving weird characters for even simplest data (e.g. <tt>--banner</tt>)?
|
|
||||||
|
|
||||||
<p>
|
|
||||||
If everything you retrieve from the target is garbled, then you are
|
|
||||||
most probably dealing with false positive blind injection. Please
|
|
||||||
report the problem to the <htmlurl url="mailto:dev@sqlmap.org" name="developers">.
|
|
||||||
|
|
||||||
<p>
|
|
||||||
Question(s):
|
|
||||||
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/686" name="#1">
|
|
||||||
<htmlurl url="http://thread.gmane.org/gmane.comp.security.sqlmap/1181" name="#2">
|
|
||||||
|
|
||||||
<sect1>I am getting <tt>"CRITICAL connection timed"</tt> while I am able to browse
|
<sect1>I am getting <tt>"CRITICAL connection timed"</tt> while I am able to browse
|
||||||
the site normally?
|
the site normally?
|
||||||
|
|
||||||
|
@ -194,7 +176,8 @@ and/or <tt>-</tt><tt>-sql-shell</tt>?
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
It is possible to use those commands, but only if the stacked injection is supported
|
It is possible to use those commands, but only if the stacked injection is supported
|
||||||
by the vulnerable target.
|
by the vulnerable target. In vast majority of cases affected DBMSes by these kind of
|
||||||
|
attacks are Microsoft SQL Server and PostgreSQL.
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Question(s):
|
Question(s):
|
||||||
|
@ -214,10 +197,11 @@ Question(s):
|
||||||
<sect1>sqlmap is not able to detect/exploit injection while other commercial tools are?
|
<sect1>sqlmap is not able to detect/exploit injection while other commercial tools are?
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Currently there are only two of us working on a pure good will and donating our
|
In most of those kind of cases blatant error message detection is used by commercial
|
||||||
free time to the community. If you are not willing to help us achive better tool
|
tools making some "false positive" claims. You have to be aware that
|
||||||
you are strongly advised to buy those commercial tool(s) and just
|
DBMS error message doesn't mean that the affected web application is vulnerable to
|
||||||
forget about the sqlmap.
|
SQL injection attacks. sqlmap goes several steps further and never claims
|
||||||
|
an injection point without making through tests if it can be exploited at the first place.
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Question(s):
|
Question(s):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user