diff --git a/doc/README.html b/doc/README.html
index 0440a5959..182685701 100644
--- a/doc/README.html
+++ b/doc/README.html
@@ -236,6 +236,11 @@ and Microsoft SQL Server back-end database management systems.
Besides these four database management systems software. sqlmap can also
identify Microsoft Access, DB2, Informix, Sybase and Interbase.
+Full support for three SQL injection techniques: inferential
+blind SQL injection, UNION query (inband) SQL injection and
+stacked queries (multiple statements) support. sqlmap can also
+test for time based blind SQL injection.
+
Extensive back-end database management system fingerprint
based upon
inband error messages,
@@ -247,11 +252,6 @@ database management system name if you already know it. sqlmap is also able
to fingerprint the web server operating system, the web application
technology and, in some circumstances, the back-end DBMS operating system.
-Full support for three SQL injection techniques: inferential
-blind SQL injection, UNION query (inband) SQL injection and
-stacked queries (multiple statements) support. sqlmap can also
-test for time based blind SQL injection.
-
Options to retrieve on all four back-end database management system
banner, current user, current database,
enumerate users, users password hashes, users
@@ -313,6 +313,8 @@ randomly selected from a text file.
there exist six levels. The default level is 1 in which
information, warnings, errors and tracebacks, if they occur, will be shown.
+Granularity in the user's options.
+
Estimated time of arrival support for each query, updated
in real time while fetching the information to give to the user an
overview on how long it will take to retrieve the output.
@@ -329,6 +331,10 @@ save command line options on a configuration INI file.
Metasploit and
w3af.
+File system read and write access and operating
+system command execution by providing own queries, depending on the
+session user privileges and back-end DBMS.
+
PHP setting magic_quotes_gpc bypass by encoding
every query string, between single quotes, with CHAR, or similar,
database management system function.
@@ -400,7 +406,7 @@ and
$ python sqlmap.py -h
sqlmap/0.6.4 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
- and Daniele Bellucci <daniele.bellucci@gmail.com>
+ and Daniele Bellucci <daniele.bellucci@gmail.com>
Usage: sqlmap.py [options]
@@ -433,7 +439,7 @@ Options:
--proxy=PROXY Use a HTTP proxy to connect to the target url
--threads=THREADS Maximum number of concurrent HTTP requests (default 1)
--delay=DELAY Delay in seconds between each HTTP request
- --timeout=TIMEOUT Seconds to wait before timeout connection (default 10)
+ --timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
Injection:
These options can be used to specify which parameters to test for,
@@ -456,8 +462,9 @@ Options:
using the default blind SQL injection technique.
--stacked-test Test for stacked queries (multiple statements) support
- --time-test Test for Time based blind SQL injection
+ --time-test Test for time based blind SQL injection
--union-test Test for UNION query (inband) SQL injection
+ --union-tech=UTECH Technique to test for UNION query SQL injection
--union-use Use the UNION query (inband) SQL injection to retrieve
the queries output. No need to go blind
@@ -472,6 +479,7 @@ Options:
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
+ --is-dba Detect if the DBMS current user is DBA
--users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes (opt: -U)
--privileges Enumerate DBMS users privileges (opt: -U)
@@ -1878,7 +1886,7 @@ stacked queries support: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'=
-Test for Time based blind SQL injection
+Test for time based blind SQL injection
Option: --time-test
@@ -1954,7 +1962,7 @@ time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';
Test for UNION query SQL injection
-Option: --union-test
+Options: --union-test and --union-tech
It is possible to test if the target URL is affected by an inband
SQL injection vulnerability.
diff --git a/doc/README.pdf b/doc/README.pdf
index 341d69685..bb3d386df 100644
Binary files a/doc/README.pdf and b/doc/README.pdf differ
diff --git a/doc/README.sgml b/doc/README.sgml
index 331ecef4b..12caba483 100644
--- a/doc/README.sgml
+++ b/doc/README.sgml
@@ -193,6 +193,11 @@ and Microsoft SQL Server back-end database management systems.
Besides these four database management systems software. sqlmap can also
identify Microsoft Access, DB2, Informix, Sybase and Interbase.
+- Full support for three SQL injection techniques: inferential
+blind SQL injection, UNION query (inband) SQL injection and
+stacked queries (multiple statements) support. sqlmap can also
+test for time based blind SQL injection.
+
- Extensive back-end database management system fingerprint
based upon
,
@@ -204,11 +209,6 @@ database management system name if you already know it. sqlmap is also able
to fingerprint the web server operating system, the web application
technology and, in some circumstances, the back-end DBMS operating system.
-
- Full support for three SQL injection techniques: inferential
-blind SQL injection, UNION query (inband) SQL injection and
-stacked queries (multiple statements) support. sqlmap can also
-test for time based blind SQL injection.
-
- Options to retrieve on all four back-end database management system
banner, current user, current database,
enumerate users, users password hashes, users
@@ -269,6 +269,8 @@ randomly selected from a text file.
there exist six levels. The default level is 1 in which
information, warnings, errors and tracebacks, if they occur, will be shown.
+
- Granularity in the user's options.
+
- Estimated time of arrival support for each query, updated
in real time while fetching the information to give to the user an
overview on how long it will take to retrieve the output.
@@ -285,6 +287,10 @@ save command line options on a configuration INI file.
and .
+
- File system read and write access and operating
+system command execution by providing own queries, depending on the
+session user privileges and back-end DBMS.
+
- PHP setting magic_quotes_gpc bypass by encoding
every query string, between single quotes, with CHAR, or similar,
database management system function.
@@ -355,7 +361,7 @@ and .
$ python sqlmap.py -h
sqlmap/0.6.4 coded by Bernardo Damele A. G.
- and Daniele Bellucci
+ and Daniele Bellucci
Usage: sqlmap.py [options]
@@ -388,7 +394,7 @@ Options:
--proxy=PROXY Use a HTTP proxy to connect to the target url
--threads=THREADS Maximum number of concurrent HTTP requests (default 1)
--delay=DELAY Delay in seconds between each HTTP request
- --timeout=TIMEOUT Seconds to wait before timeout connection (default 10)
+ --timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
Injection:
These options can be used to specify which parameters to test for,
@@ -411,8 +417,9 @@ Options:
using the default blind SQL injection technique.
--stacked-test Test for stacked queries (multiple statements) support
- --time-test Test for Time based blind SQL injection
+ --time-test Test for time based blind SQL injection
--union-test Test for UNION query (inband) SQL injection
+ --union-tech=UTECH Technique to test for UNION query SQL injection
--union-use Use the UNION query (inband) SQL injection to retrieve
the queries output. No need to go blind
@@ -427,6 +434,7 @@ Options:
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
+ --is-dba Detect if the DBMS current user is DBA
--users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes (opt: -U)
--privileges Enumerate DBMS users privileges (opt: -U)
@@ -1813,7 +1821,7 @@ stacked queries support: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'=
-Test for Time based blind SQL injection
+Test for time based blind SQL injection
Option: --time-test
@@ -1886,7 +1894,7 @@ time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';
Test for UNION query SQL injection
-Option: --union-test
+Options: --union-test and --union-tech
It is possible to test if the target URL is affected by an inband
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 66baf4160..b80c5279f 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -163,7 +163,7 @@ def cmdLineParser():
techniques.add_option("--time-test", dest="timeTest",
action="store_true",
- help="Test for Time based blind SQL injection")
+ help="Test for time based blind SQL injection")
techniques.add_option("--union-test", dest="unionTest",
action="store_true",
diff --git a/sqlmap.conf b/sqlmap.conf
index b921c8946..c28253d71 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -133,7 +133,7 @@ eRegexp =
# Valid: True or False
stackedTest = False
-# Test for Time based blind SQL injection.
+# Test for time based blind SQL injection.
# Valid: True or False
timeTest = False