It is possible to fake the HTTP Referer header value with this -option. By default no HTTP Referer heder is sent in HTTP +option. By default no HTTP Referer header is sent in HTTP requests.
@@ -1204,7 +1204,7 @@ Option: --headers
It is possible to provide extra HTTP headers by providing --headers -options. Each header must be separated by a "\n" string and it's much easier +options. Each header must be separated by a newline and it's much easier to provide them from the configuration INI file. Have a look at the sample sqlmap.conf file. @@ -1483,8 +1483,8 @@ Option: --dbms
By default sqlmap automatically detects the web application's back-end
-database manangement system.
-At the moment the fully supported database management system are four:
+database management system.
+At the moment, fully supported database management systems are:
By default sqlmap automatically detects the web application's back-end
-database manangement system underlying operating system when requested by
+database management system underlying operating system when requested by
any other functionality.
At the moment the fully supported operating systems are two:
@@ -1797,8 +1797,8 @@ As you can see, when one of these options is specified, sqlmap skips the
URL stability test.
-
-Another way to get around the dynamicity issue above explained is to exclude
+Another way to get around the dynamicity issue explained above is to exclude
the dynamic part from the page content before processing it.
@@ -1979,8 +1979,8 @@ time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';
It is also possible to set the seconds to delay the response by providing
-the --time-sec option followed by an integer. By default it delays
-five seconds.
+the --time-sec option followed by an integer. By default delay
+is set to five seconds.
As you can see, sqlmap identified that the parameter is affected by a
-partial inband SQL injection, consequently counted the number of query
-output entries and retrieved once per time by forcing the parameter
+partial inband SQL injection. Consequently, it counted the number of query
+output entries and retrieved them once per time. It forces the parameter
(id) value 1 to its negative value -1 so that
-it does not returns, presumibly, any output leaving our own UNION ALL
-SELECT statement to produce one entry at a time and display it in the
-page content.
+it does not return, presumibly, any output. That leaves our own UNION ALL
+SELECT statement to produce one entry at a time and display only it in
+the page content.
-As you can see from this last example, sqlmap first tested for MySQL,
+As you can see from the last example, sqlmap first tested for MySQL,
then for Oracle, then for PostgreSQL since the user did not forced the
back-end database management system name with option --dbms.
@@ -2424,7 +2424,7 @@ back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
-As you can see, sqlmap was able to fingerprint also the back-end DBMS
+As you can see, sqlmap was also able to fingerprint the back-end DBMS
operating system by parsing the DBMS banner value.
@@ -2501,12 +2501,12 @@ name="SQLSecurity.com site"> and outputs it to the XML versions file.
Option: -b or --banner
-Most of the modern database management systems have a function or an
-environment variable which returns details on the database managemet
-system version. Sometimes also the operating system where the daemon has
-been compiled on, the operating system architecture, its service pack.
-Usually this function is version() or the @@version
-environment variable.
+Most of the modern database management systems have a function and/or
+an environment variable which returns details on the database management
+system version. Also, sometimes it returns the operating system version
+where the daemon has been compiled on, the operating system architecture,
+and its service pack. Usually the function is version() and the
+environment variable @@version.
Example on a
-It is possible to detect if the database management system session user is
+It is possible to detect if the current database management system session user is
a database administrator.
@@ -2849,8 +2849,8 @@ database management system users privileges:
As you can see, depending on the user privileges, sqlmap identifies if the
-user is a database management system administrator and show next to the
-username this information.
+user is a database management system administrator and shows this information
+next to the username.
If you provide CU as username it will consider it as an alias for
@@ -2941,7 +2941,7 @@ Options: --tables and -D
It is possible to enumerate the list of tables for all database
-manangement system's databases.
+management system's databases.
Example on a
Note that on Oracle you have to provide the TABLESPACE_NAME
-instead of the database name, in my example that is users to
-retrieve all tables owned by an Oracle database management system
-user.
+instead of the database name. In provided example users was
+used to retrieve all tables owned by an Oracle database management
+system user.
It is possible to enumerate the list of columns for a specific database
table.
-This functionality depends on the -T to specify the table name
+This functionality depends on the option -T to specify the table name
and optionally on -D to specify the database name.
@@ -3128,8 +3128,8 @@ Table: users
Note that on PostgreSQL you have to provide public or the
-name of a system database because it is not possible to enumerate other
-databases tables, only the tables under the schema that the web
+name of a system database. That's because it is not possible to enumerate
+other databases tables, only the tables under the schema that the web
application's user is connected to, which is always public.
@@ -3180,7 +3180,7 @@ Options: --dump, -C, -T, -D,
It is possible to dump the entries for a specific database table.
-This functionality depends on the -T to specify the table name
+This functionality depends on the option -T to specify the table name
and optionally on -D to specify the database name.
If the database name is not specified, the current database name is used.
@@ -3249,7 +3249,7 @@ Table: users
sqlmap also stores for each table the dumped entries in a CSV format file.
-You can see the absolute path where it stored the dumped tables entries
+You can see the absolute path where sqlmap stores the dumped tables entries
by providing a verbosity level greater than or equal to 1.
@@ -3315,7 +3315,7 @@ Table: users
-As you can see, sqlmap is very flexible: you can leave it automatically
+As you can see, sqlmap is very flexible. You can leave it to automatically
enumerate the whole database table up to a single column of a specific
table entry.
@@ -3395,7 +3395,7 @@ Table: CHARACTER_SETS
You can also provide the --exclude-sysdbs option to exclude all
-system databases so that sqlmap will only dump entries of users' databases
+system databases. In that case sqlmap will only dump entries of users' databases
tables.
@@ -3455,13 +3455,13 @@ Options: --sql-query and --sql-shell
The SQL query and the SQL shell features makes the user able to run
custom SQL statement on the web application's back-end database management.
-sqlmap automatically recognize the type of SQL statement provided and
-choose which SQL injection technique to use to execute it: if it is a
-SELECT statement it will retrieve its output through the blind SQL
-injection or UNION query SQL injection technique depending on the user's
-options, otherwise it will execute the query through the stacked query
-SQL injection technique if the web application supports multiple
-statements on the back-end database management system.
+sqlmap recognizes the type of SQL statement provided and automatically
+chooses which SQL injection technique to use for it to be able to execute it.
+If it is a SELECT statement it will retrieve its output through
+the blind SQL injection or UNION query SQL injection technique depending
+on the user's options. Otherwise it will execute the query through the
+stacked query SQL injection technique if the web application supports
+multiple statements on the back-end database management system.
Examples on a
-As you can see from this last example, sqlmap splits the query in two
-different SELECT statement to be able to retrieve the output even
-when using the blind SQL injection technique.
-Otherwise in UNION query SQL injection technique it only performs a single
+As you can see from the last example, sqlmap splits provided query into two
+different SELECT statements for it to be able to retrieve the
+output even in case when using the blind SQL injection technique.
+Otherwise, in UNION query SQL injection technique it only performs a single
HTTP request to get the user's query output:
If your SELECT statement contains a FROM clause, sqlmap
-asks the user if such statement can return multiple entries and in such
+asks the user if such statement can return multiple entries. In that
case the tool knows how to unpack the query correctly to retrieve its
-whole output entry per entry when going through blind SQL injection
-technique. Through UNION query SQL injection it retrieved the whole output
-in a single response.
+whole output, entry per entry, when going through blind SQL injection
+technique. In provided example, UNION query SQL injection it retrieved
+the whole output in a single response.
Example on a
-As you can see from the last example, sqlmap counted the number of entries
-for your query and asks how many entries you want to dump.
-Otherwise if you specify also the LIMIT, or similar, clause
-sqlmap will not ask anything, it just unpacks the query and return its
-output entry per entry when going through blind SQL injection technique.
-Through UNION query SQL injection it retrieved the whole output in a
-single response.
+As you can see from the last example, sqlmap counts the number of entries
+for a given query and asks for number of entries to dump.
+Otherwise, if the LIMIT is also specified, or similar clause,
+sqlmap will not ask for anything. It will just unpack the query and return its
+output, entry per entry, when going through blind SQL injection technique.
+In a given example, sqlmap used UNION query SQL injection to retrieve the
+whole output in a single response.
Example on a
-The SQL shell option gives you access to run your own SQL statement
-interactively, like a SQL console logged to the back-end database
+The SQL shell option gives you an access to run your own SQL statement
+interactively, like a SQL console connected to the back-end database
management system.
-This feature has TAB completion and history support.
+Note that this feature provides TAB completion and history support.
Example of history support on a
As you can see the TAB functionality shows the queries defined for the
back-end database management system in sqlmap XML queries file, but you
-can run whatever SELECT statement that you want.
+can run whatever SELECT statement you want.
Example of asterisk expansion on a
-As you can see in this last example, if the SELECT statement has
-an asterisk instead of the column(s) name, sqlmap first retrieves the
-column names of the table then asks if the query can return multiple
+As you can see from the example, if the SELECT statement has
+an asterisk instead of the column(s) name, sqlmap first retrieves all
+column names of the current table, asks if the query can return multiple
entries and goes on.
@@ -3818,10 +3818,10 @@ SELECT COUNT(name) FROM users: '5'
-As you can see from this last example, when the user provides a SQL
-statement other than SELECT, sqlmap recognizes it, tests if the
-web application supports stacked queries and in case it does, it executes
-the provided SQL statement in a multiple statement.
+As you can see from the example, when the user provides a SQL statement
+other than SELECT, sqlmap recognizes it, tests if the web
+application supports stacked queries and in case it does, it executes
+the provided SQL statement in a multiple statement mode.
Beware that some web application technologies do not support stacked
@@ -3840,14 +3840,14 @@ Option: --read-file
It is possible to retrieve the content of files from the underlying file
system when the back-end database management system is either MySQL,
-PostgreSQL or Microsoft SQL Server and the session user has the needed
+PostgreSQL or Microsoft SQL Server, and the session user has the needed
privileges to abuse database specific functionalities and architectural
weaknesses.
-The file specified can be either a text or a binary file, sqlmap will
+The file specified can be either a text or a binary file. sqlmap will
handle either cases automatically.
-These techniques are detailed on the white paper
+These techniques are detailed in white paper
@@ -3963,13 +3963,13 @@ Options: --write-file and --dest-file
It is possible to upload a local file to the underlying file system when
the back-end database management system is either MySQL, PostgreSQL or
-Microsoft SQL Server and the session user has the needed privileges to
+Microsoft SQL Server, and the session user has the needed privileges to
abuse database specific functionalities and architectural weaknesses.
-The file specified can be either a text or a binary file, sqlmap will
+The file specified can be either a text or a binary file. sqlmap will
handle either cases automatically.
-These techniques are detailed on the white paper
+These techniques are detailed in white paper
@@ -4017,7 +4017,7 @@ Options: --os-cmd and --os-shell
It is possible to execute arbitrary commands on the underlying operating
system when the back-end database management system is either MySQL,
-PostgreSQL or Microsoft SQL Server and the session user has the needed
+PostgreSQL or Microsoft SQL Server, and the session user has the needed
privileges to abuse database specific functionalities and architectural
weaknesses.
@@ -4035,11 +4035,11 @@ sqlmap creates it from scratch.
If the user wants to retrieve the command standard output, sqlmap will use
one of the enumeration SQL injection techniques (blind or inband) to
-retrieve it, viceversa sqlmap will use the stacked query SQL injection
-technique to execute the command without returning anything to the user.
+retrieve it, or in case of stacked query SQL injection technique
+sqlmap will execute the command without returning anything to the user.
-These techniques are detailed on the white paper
+These techniques are detailed in white paper
@@ -4120,7 +4120,7 @@ nt authority\network service
It is also possible to simulate a real shell where you can type as many
arbitrary commands as you wish. The option is --os-shell and has
-the same TAB completion and history functionalities implemented for
+the same TAB completion and history functionalities as provided by
--sql-shell.
@@ -4355,7 +4355,7 @@ exploited SQL injection as a stepping stone. This is implemented for MySQL,
PostgreSQL and Microsoft SQL Server.
sqlmap relies on the
@@ -4364,7 +4364,7 @@ because Metasploit's msfconsole and msfcli are not supported on the native
Windows Ruby interpreter.
-These techniques are detailed on the white paper
+These techniques are detailed in white paper
@@ -4488,10 +4488,10 @@ stand-alone exploit if the user wants so.
Note that this feature is not supported by sqlmap installed from the
DEB package because it relies on Churrasco, which is not explicitly free
-software so it has not been included in the package.
+software, so it has not been included in the package.
-This technique is detailed on the white paper
+This technique is detailed in white paper
@@ -4611,19 +4611,19 @@ stateful channel between the attacker host and the target database
server.
sqlmap relies on
-Note that this feature is not supported by sqlmap running on Windows
+Note that this feature is not supported by sqlmap running on Windows platform
because Metasploit's msfconsole and msfcli are not supported on the native
Windows Ruby interpreter.
-This technique is detailed on the white paper
+This technique is detailed in white paper
@@ -4768,15 +4768,15 @@ target database server.
sqlmap has its own exploit to trigger the vulnerability, but it relies on
-Note that this feature is not supported by sqlmap running on Windows
+Note that this feature is not supported by sqlmap running on Windows platform
because Metasploit's msfconsole and msfcli are not supported on the native
Windows Ruby interpreter.
-This technique is detailed on the white paper
+This technique is detailed in white paper
@@ -4940,7 +4940,7 @@ database management system users [3]:
As you can see, sqlmap first calculates the length of the query output,
-then estimated the time of arrival, shows the progress in percentage and
+then estimates the time of arrival, shows the progress in percentage and
counts the number of retrieved query output characters.
@@ -4952,7 +4952,7 @@ Option: --update
It is possible to update sqlmap to the latest stable version available on
-its
-As you can see, sqlmap first check if a new stable version is available,
-then in case it is, download it, unzip it and update the Microsoft SQL
+As you can see, sqlmap first checks if a new stable version is available,
+and then in case it is, downloads it, unzips it and updates the Microsoft SQL
Server XML versions file from Chip Andrews'
Note that the default configuration file sqlmap.conf is backupped
-to sqlmap.conf.bak in case a new stable version is available and
-your copy is updated.
+to sqlmap.conf.bak each time a new stable version is available and
+your copy is outdated.
-It is possible to log all queries and their output on a text file while
+It is possible to log all queries and their output into a text file while
performing whatever request, both in blind SQL injection and in inband SQL
injection.
This is useful if you stop the injection and resume it after some time.
@@ -5258,9 +5258,9 @@ banner: 'PostgreSQL 8.3.5 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real
Option: --batch
-If you want sqlmap to run as a batch tool, without interacting with you in
-case of a choice has to be done, you can force it by using --batch
-option than letting sqlmap go for a default behaviour.
+If you want sqlmap to run as a batch tool, without any users interaction
+when a choice has to be done, you can force it by using --batch
+option, and leave sqlmap to go for a default behaviour.
Example on a
-As you can see, sqlmap choosed automatically to injection on the first
-vulnerable parameter which is the default behaviour.
+As you can see, sqlmap by default automatically chooses to inject payload
+to the first vulnerable parameter.