sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor layout adjustments

Browse Source
This commit is contained in:
Bernardo Damele 2009-01-18 22:36:48 +00:00
parent 161590e121
commit 8f973ce574
5 changed files with 38 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
doc/README.html
View File

@ -236,6 +236,11 @@ and <B>Microsoft SQL Server</B> back-end database management systems.
Besides these four database management systems software. sqlmap can also Besides these four database management systems software. sqlmap can also
identify Microsoft Access, DB2, Informix, Sybase and Interbase. identify Microsoft Access, DB2, Informix, Sybase and Interbase.
</LI> </LI>
<LI>Full support for three SQL injection techniques: <B> inferential
blind SQL injection</B>, <B>UNION query (inband) SQL injection</B> and
<B>stacked queries (multiple statements) support</B>. sqlmap can also
test for <B>time based blind SQL injection</B>.
</LI>
<LI><B>Extensive back-end database management system fingerprint</B> <LI><B>Extensive back-end database management system fingerprint</B>
based upon based upon
<A HREF="http://bernardodamele.blogspot.com/2007/06/database-management-system-fingerprint.html">inband error messages</A>, <A HREF="http://bernardodamele.blogspot.com/2007/06/database-management-system-fingerprint.html">inband error messages</A>,
@ -247,11 +252,6 @@ database management system name if you already know it. sqlmap is also able
to fingerprint the web server operating system, the web application to fingerprint the web server operating system, the web application
technology and, in some circumstances, the back-end DBMS operating system. technology and, in some circumstances, the back-end DBMS operating system.
</LI> </LI>
<LI>Full support for three SQL injection techniques: <B> inferential
blind SQL injection</B>, <B>UNION query (inband) SQL injection</B> and
<B>stacked queries (multiple statements) support</B>. sqlmap can also
test for <B>time based blind SQL injection</B>.
</LI>
<LI>Options to retrieve on all four back-end database management system <LI>Options to retrieve on all four back-end database management system
<B>banner</B>, <B>current user</B>, <B>current database</B>, <B>banner</B>, <B>current user</B>, <B>current database</B>,
enumerate <B>users</B>, <B>users password hashes</B>, <B>users enumerate <B>users</B>, <B>users password hashes</B>, <B>users
@ -313,6 +313,8 @@ randomly selected from a text file.
there exist <B>six levels</B>. The default level is <B>1</B> in which there exist <B>six levels</B>. The default level is <B>1</B> in which
information, warnings, errors and tracebacks, if they occur, will be shown. information, warnings, errors and tracebacks, if they occur, will be shown.
</LI> </LI>
<LI>Granularity in the user's options.
</LI>
<LI><B>Estimated time of arrival</B> support for each query, updated <LI><B>Estimated time of arrival</B> support for each query, updated
in real time while fetching the information to give to the user an in real time while fetching the information to give to the user an
overview on how long it will take to retrieve the output. overview on how long it will take to retrieve the output.
@ -329,6 +331,10 @@ save command line options on a configuration INI file.
<A HREF="http://metasploit.com/framework/">Metasploit</A> and <A HREF="http://metasploit.com/framework/">Metasploit</A> and
<A HREF="http://w3af.sourceforge.net/">w3af</A>. <A HREF="http://w3af.sourceforge.net/">w3af</A>.
</LI> </LI>
<LI><B>File system</B> read and write access and <B>operating
system</B> command execution by providing own queries, depending on the
session user privileges and back-end DBMS.
</LI>
<LI><B>PHP setting <CODE>magic_quotes_gpc</CODE> bypass</B> by encoding <LI><B>PHP setting <CODE>magic_quotes_gpc</CODE> bypass</B> by encoding
every query string, between single quotes, with <CODE>CHAR</CODE>, or similar, every query string, between single quotes, with <CODE>CHAR</CODE>, or similar,
database management system function.</LI> database management system function.</LI>
@ -400,7 +406,7 @@ and
$ python sqlmap.py -h $ python sqlmap.py -h
sqlmap/0.6.4 coded by Bernardo Damele A. G. &lt;bernardo.damele@gmail.com> sqlmap/0.6.4 coded by Bernardo Damele A. G. &lt;bernardo.damele@gmail.com>
and Daniele Bellucci &lt;daniele.bellucci@gmail.com> and Daniele Bellucci &lt;daniele.bellucci@gmail.com>
Usage: sqlmap.py [options] Usage: sqlmap.py [options]
@ -433,7 +439,7 @@ Options:
--proxy=PROXY Use a HTTP proxy to connect to the target url --proxy=PROXY Use a HTTP proxy to connect to the target url
--threads=THREADS Maximum number of concurrent HTTP requests (default 1) --threads=THREADS Maximum number of concurrent HTTP requests (default 1)
--delay=DELAY Delay in seconds between each HTTP request --delay=DELAY Delay in seconds between each HTTP request
--timeout=TIMEOUT Seconds to wait before timeout connection (default 10) --timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
Injection: Injection:
These options can be used to specify which parameters to test for, These options can be used to specify which parameters to test for,
@ -456,8 +462,9 @@ Options:
using the default blind SQL injection technique. using the default blind SQL injection technique.
--stacked-test Test for stacked queries (multiple statements) support --stacked-test Test for stacked queries (multiple statements) support
--time-test Test for Time based blind SQL injection --time-test Test for time based blind SQL injection
--union-test Test for UNION query (inband) SQL injection --union-test Test for UNION query (inband) SQL injection
--union-tech=UTECH Technique to test for UNION query SQL injection
--union-use Use the UNION query (inband) SQL injection to retrieve --union-use Use the UNION query (inband) SQL injection to retrieve
the queries output. No need to go blind the queries output. No need to go blind
@ -472,6 +479,7 @@ Options:
-b, --banner Retrieve DBMS banner -b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user --current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database --current-db Retrieve DBMS current database
--is-dba Detect if the DBMS current user is DBA
--users Enumerate DBMS users --users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes (opt: -U) --passwords Enumerate DBMS users password hashes (opt: -U)
--privileges Enumerate DBMS users privileges (opt: -U) --privileges Enumerate DBMS users privileges (opt: -U)
@ -1878,7 +1886,7 @@ stacked queries support: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'=
</P> </P>
<H3>Test for Time based blind SQL injection</H3> <H3>Test for time based blind SQL injection</H3>
<P>Option: <CODE>--time-test</CODE></P> <P>Option: <CODE>--time-test</CODE></P>
@ -1954,7 +1962,7 @@ time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';
<H3>Test for UNION query SQL injection</H3> <H3>Test for UNION query SQL injection</H3>
<P>Option: <CODE>--union-test</CODE></P> <P>Options: <CODE>--union-test</CODE> and <CODE>--union-tech</CODE></P>
<P>It is possible to test if the target URL is affected by an <B>inband <P>It is possible to test if the target URL is affected by an <B>inband
SQL injection</B> vulnerability. SQL injection</B> vulnerability.

BIN
doc/README.pdf
View File

Binary file not shown.

28
doc/README.sgml
View File

@ -193,6 +193,11 @@ and <bf>Microsoft SQL Server</bf> back-end database management systems.
Besides these four database management systems software. sqlmap can also Besides these four database management systems software. sqlmap can also
identify Microsoft Access, DB2, Informix, Sybase and Interbase. identify Microsoft Access, DB2, Informix, Sybase and Interbase.
<item>Full support for three SQL injection techniques: <bf> inferential
blind SQL injection</bf>, <bf>UNION query (inband) SQL injection</bf> and
<bf>stacked queries (multiple statements) support</bf>. sqlmap can also
test for <bf>time based blind SQL injection</bf>.
<item><bf>Extensive back-end database management system fingerprint</bf> <item><bf>Extensive back-end database management system fingerprint</bf>
based upon based upon
<htmlurl url="http://bernardodamele.blogspot.com/2007/06/database-management-system-fingerprint.html" name="inband error messages">, <htmlurl url="http://bernardodamele.blogspot.com/2007/06/database-management-system-fingerprint.html" name="inband error messages">,
@ -204,11 +209,6 @@ database management system name if you already know it. sqlmap is also able
to fingerprint the web server operating system, the web application to fingerprint the web server operating system, the web application
technology and, in some circumstances, the back-end DBMS operating system. technology and, in some circumstances, the back-end DBMS operating system.
<item>Full support for three SQL injection techniques: <bf> inferential
blind SQL injection</bf>, <bf>UNION query (inband) SQL injection</bf> and
<bf>stacked queries (multiple statements) support</bf>. sqlmap can also
test for <bf>time based blind SQL injection</bf>.
<item>Options to retrieve on all four back-end database management system <item>Options to retrieve on all four back-end database management system
<bf>banner</bf>, <bf>current user</bf>, <bf>current database</bf>, <bf>banner</bf>, <bf>current user</bf>, <bf>current database</bf>,
enumerate <bf>users</bf>, <bf>users password hashes</bf>, <bf>users enumerate <bf>users</bf>, <bf>users password hashes</bf>, <bf>users
@ -269,6 +269,8 @@ randomly selected from a text file.
there exist <bf>six levels</bf>. The default level is <bf>1</bf> in which there exist <bf>six levels</bf>. The default level is <bf>1</bf> in which
information, warnings, errors and tracebacks, if they occur, will be shown. information, warnings, errors and tracebacks, if they occur, will be shown.
<item>Granularity in the user's options.
<item><bf>Estimated time of arrival</bf> support for each query, updated <item><bf>Estimated time of arrival</bf> support for each query, updated
in real time while fetching the information to give to the user an in real time while fetching the information to give to the user an
overview on how long it will take to retrieve the output. overview on how long it will take to retrieve the output.
@ -285,6 +287,10 @@ save command line options on a configuration INI file.
<htmlurl url="http://metasploit.com/framework/" name="Metasploit"> and <htmlurl <htmlurl url="http://metasploit.com/framework/" name="Metasploit"> and <htmlurl
url="http://w3af.sourceforge.net/" name="w3af">. url="http://w3af.sourceforge.net/" name="w3af">.
<item><bf>File system</bf> read and write access and <bf>operating
system</bf> command execution by providing own queries, depending on the
session user privileges and back-end DBMS.
<item><bf>PHP setting <tt>magic_quotes_gpc</tt> bypass</bf> by encoding <item><bf>PHP setting <tt>magic_quotes_gpc</tt> bypass</bf> by encoding
every query string, between single quotes, with <tt>CHAR</tt>, or similar, every query string, between single quotes, with <tt>CHAR</tt>, or similar,
database management system function. database management system function.
@ -355,7 +361,7 @@ and <htmlurl url="mailto:daniele.bellucci@gmail.com" name="Daniele Bellucci">.
$ python sqlmap.py -h $ python sqlmap.py -h
sqlmap/0.6.4 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com> sqlmap/0.6.4 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
and Daniele Bellucci <daniele.bellucci@gmail.com> and Daniele Bellucci <daniele.bellucci@gmail.com>
Usage: sqlmap.py [options] Usage: sqlmap.py [options]
@ -388,7 +394,7 @@ Options:
--proxy=PROXY Use a HTTP proxy to connect to the target url --proxy=PROXY Use a HTTP proxy to connect to the target url
--threads=THREADS Maximum number of concurrent HTTP requests (default 1) --threads=THREADS Maximum number of concurrent HTTP requests (default 1)
--delay=DELAY Delay in seconds between each HTTP request --delay=DELAY Delay in seconds between each HTTP request
--timeout=TIMEOUT Seconds to wait before timeout connection (default 10) --timeout=TIMEOUT Seconds to wait before timeout connection (default 30)
Injection: Injection:
These options can be used to specify which parameters to test for, These options can be used to specify which parameters to test for,
@ -411,8 +417,9 @@ Options:
using the default blind SQL injection technique. using the default blind SQL injection technique.
--stacked-test Test for stacked queries (multiple statements) support --stacked-test Test for stacked queries (multiple statements) support
--time-test Test for Time based blind SQL injection --time-test Test for time based blind SQL injection
--union-test Test for UNION query (inband) SQL injection --union-test Test for UNION query (inband) SQL injection
--union-tech=UTECH Technique to test for UNION query SQL injection
--union-use Use the UNION query (inband) SQL injection to retrieve --union-use Use the UNION query (inband) SQL injection to retrieve
the queries output. No need to go blind the queries output. No need to go blind
@ -427,6 +434,7 @@ Options:
-b, --banner Retrieve DBMS banner -b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user --current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database --current-db Retrieve DBMS current database
--is-dba Detect if the DBMS current user is DBA
--users Enumerate DBMS users --users Enumerate DBMS users
--passwords Enumerate DBMS users password hashes (opt: -U) --passwords Enumerate DBMS users password hashes (opt: -U)
--privileges Enumerate DBMS users privileges (opt: -U) --privileges Enumerate DBMS users privileges (opt: -U)
@ -1813,7 +1821,7 @@ stacked queries support: 'name=luther'; WAITFOR DELAY '0:0:5';-- AND 'wRcBC'=
</verb></tscreen> </verb></tscreen>
<sect2>Test for Time based blind SQL injection <sect2>Test for time based blind SQL injection
<p> <p>
Option: <tt>--time-test</tt> Option: <tt>--time-test</tt>
@ -1886,7 +1894,7 @@ time based blind sql injection payload: 'name=luther'; WAITFOR DELAY '0:0:5';
<sect2>Test for UNION query SQL injection <sect2>Test for UNION query SQL injection
<p> <p>
Option: <tt>--union-test</tt> Options: <tt>--union-test</tt> and <tt>--union-tech</tt>
<p> <p>
It is possible to test if the target URL is affected by an <bf>inband It is possible to test if the target URL is affected by an <bf>inband

2
lib/parse/cmdline.py
View File

@ -163,7 +163,7 @@ def cmdLineParser():
techniques.add_option("--time-test", dest="timeTest", techniques.add_option("--time-test", dest="timeTest",
action="store_true", action="store_true",
help="Test for Time based blind SQL injection") help="Test for time based blind SQL injection")
techniques.add_option("--union-test", dest="unionTest", techniques.add_option("--union-test", dest="unionTest",
action="store_true", action="store_true",

2
sqlmap.conf
View File

@ -133,7 +133,7 @@ eRegexp =
# Valid: True or False # Valid: True or False
stackedTest = False stackedTest = False
# Test for Time based blind SQL injection. # Test for time based blind SQL injection.
# Valid: True or False # Valid: True or False
timeTest = False timeTest = False